summaryrefslogtreecommitdiffstats
path: root/roles
diff options
context:
space:
mode:
authorOpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com>2017-10-02 09:39:55 -0700
committerGitHub <noreply@github.com>2017-10-02 09:39:55 -0700
commita45fee50295bcad1f9b7ba95565e5a91ef801538 (patch)
treefbc7f17a001ef3a2b273963b59eaa9a36acce799 /roles
parente54cb2611e86c43650512ee3afee2c6ce846b064 (diff)
parent4ab3e20e333d107163abe2a3c88f2aecae3fd77e (diff)
downloadopenshift-a45fee50295bcad1f9b7ba95565e5a91ef801538.tar.gz
openshift-a45fee50295bcad1f9b7ba95565e5a91ef801538.tar.bz2
openshift-a45fee50295bcad1f9b7ba95565e5a91ef801538.tar.xz
openshift-a45fee50295bcad1f9b7ba95565e5a91ef801538.zip
Merge pull request #5609 from jarrpa/heketi-account-perms
Automatic merge from submit-queue. GlusterFS: make ServiceAccounts privileged when either glusterfs or heketi is native Resolves https://bugzilla.redhat.com/show_bug.cgi?id=1486187 Signed-off-by: Jose A. Rivera <jarrpa@redhat.com>
Diffstat (limited to 'roles')
-rw-r--r--roles/openshift_storage_glusterfs/tasks/glusterfs_common.yml11
-rw-r--r--roles/openshift_storage_glusterfs/tasks/glusterfs_deploy.yml10
2 files changed, 11 insertions, 10 deletions
diff --git a/roles/openshift_storage_glusterfs/tasks/glusterfs_common.yml b/roles/openshift_storage_glusterfs/tasks/glusterfs_common.yml
index 3f6dab78b..51724f979 100644
--- a/roles/openshift_storage_glusterfs/tasks/glusterfs_common.yml
+++ b/roles/openshift_storage_glusterfs/tasks/glusterfs_common.yml
@@ -18,6 +18,17 @@
node_selector: "{% if glusterfs_use_default_selector %}{{ omit }}{% endif %}"
when: glusterfs_is_native or glusterfs_heketi_is_native or glusterfs_storageclass
+- name: Add namespace service accounts to privileged SCC
+ oc_adm_policy_user:
+ user: "system:serviceaccount:{{ glusterfs_namespace }}:{{ item }}"
+ resource_kind: scc
+ resource_name: privileged
+ state: present
+ with_items:
+ - 'default'
+ - 'router'
+ when: glusterfs_is_native or glusterfs_heketi_is_native
+
- name: Delete pre-existing heketi resources
oc_obj:
namespace: "{{ glusterfs_namespace }}"
diff --git a/roles/openshift_storage_glusterfs/tasks/glusterfs_deploy.yml b/roles/openshift_storage_glusterfs/tasks/glusterfs_deploy.yml
index 8c3e31fc9..932d06038 100644
--- a/roles/openshift_storage_glusterfs/tasks/glusterfs_deploy.yml
+++ b/roles/openshift_storage_glusterfs/tasks/glusterfs_deploy.yml
@@ -55,16 +55,6 @@
- glusterfs_wipe
- item.stdout_lines | count > 0
-- name: Add service accounts to privileged SCC
- oc_adm_policy_user:
- user: "system:serviceaccount:{{ glusterfs_namespace }}:{{ item }}"
- resource_kind: scc
- resource_name: privileged
- state: present
- with_items:
- - 'default'
- - 'router'
-
- name: Label GlusterFS nodes
oc_label:
name: "{{ hostvars[item].openshift.node.nodename }}"