From a0b6fc7db1be2cf6190d982f90e96f4c39a4c699 Mon Sep 17 00:00:00 2001 From: Tobias Florek Date: Wed, 23 Sep 2015 13:51:41 +0200 Subject: Initial containerization work from @ibotty copied from https://github.com/eparis/kubernetes-ansible/blob/17f98edd7ff53e649b43e26822b8fbc0be42b233/roles/common/tasks/main.yml --- roles/openshift_serviceaccounts/tasks/main.yml | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) (limited to 'roles/openshift_serviceaccounts/tasks') diff --git a/roles/openshift_serviceaccounts/tasks/main.yml b/roles/openshift_serviceaccounts/tasks/main.yml index e558a83a2..eb9c9b2c9 100644 --- a/roles/openshift_serviceaccounts/tasks/main.yml +++ b/roles/openshift_serviceaccounts/tasks/main.yml @@ -1,12 +1,19 @@ +- name: tmp dir for openshift + file: + path: /tmp/openshift + state: directory + owner: root + mode: 700 + - name: Create service account configs template: src: serviceaccount.j2 - dest: "/tmp/{{ item }}-serviceaccount.yaml" + dest: "/tmp/openshift/{{ item }}-serviceaccount.yaml" with_items: accounts - name: Create {{ item }} service account command: > - {{ openshift.common.client_binary }} create -f "/tmp/{{ item }}-serviceaccount.yaml" + {{ openshift.common.client_binary }} create -f "/tmp/openshift/{{ item }}-serviceaccount.yaml" with_items: accounts register: _sa_result failed_when: "'serviceaccounts \"{{ item }}\" already exists' not in _sa_result.stderr and _sa_result.rc != 0" @@ -15,14 +22,14 @@ - name: Get current security context constraints shell: > {{ openshift.common.client_binary }} get scc privileged -o yaml - --output-version=v1 > /tmp/scc.yaml + --output-version=v1 > /tmp/openshift/scc.yaml - name: Add security context constraint for {{ item }} lineinfile: - dest: /tmp/scc.yaml + dest: /tmp/openshift/scc.yaml line: "- system:serviceaccount:default:{{ item }}" insertafter: "^users:$" with_items: accounts - name: Apply new scc rules for service accounts - command: "{{ openshift.common.client_binary }} update -f /tmp/scc.yaml --api-version=v1" + command: "{{ openshift.common.client_binary }} update -f /tmp/openshift/scc.yaml --api-version=v1" -- cgit v1.2.3 From 043d6b3a7e3c6b799ddf4157ccdf2b2b67451d81 Mon Sep 17 00:00:00 2001 From: Jason DeTiberus Date: Fri, 20 Nov 2015 15:45:39 -0500 Subject: fixes --- roles/openshift_serviceaccounts/tasks/main.yml | 1 + 1 file changed, 1 insertion(+) (limited to 'roles/openshift_serviceaccounts/tasks') diff --git a/roles/openshift_serviceaccounts/tasks/main.yml b/roles/openshift_serviceaccounts/tasks/main.yml index eb9c9b2c9..4c7faa6fe 100644 --- a/roles/openshift_serviceaccounts/tasks/main.yml +++ b/roles/openshift_serviceaccounts/tasks/main.yml @@ -23,6 +23,7 @@ shell: > {{ openshift.common.client_binary }} get scc privileged -o yaml --output-version=v1 > /tmp/openshift/scc.yaml + changed_when: false - name: Add security context constraint for {{ item }} lineinfile: -- cgit v1.2.3