summaryrefslogtreecommitdiffstats
path: root/roles
diff options
context:
space:
mode:
authorBrenton Leanhardt <bleanhar@redhat.com>2015-12-04 11:06:57 -0500
committerBrenton Leanhardt <bleanhar@redhat.com>2015-12-04 11:06:57 -0500
commitffb663f5f688ecaff0bfd2d928c8fba83c1d24f9 (patch)
tree306cea4856c7c986e3ddffe60f87d6332c94755e /roles
parent1c01ea16e7acc002fd0c0c78301190155adcea3c (diff)
parent04ce758d35666c9f887a9bb1b44ccae1d20ee908 (diff)
downloadopenshift-ffb663f5f688ecaff0bfd2d928c8fba83c1d24f9.tar.gz
openshift-ffb663f5f688ecaff0bfd2d928c8fba83c1d24f9.tar.bz2
openshift-ffb663f5f688ecaff0bfd2d928c8fba83c1d24f9.tar.xz
openshift-ffb663f5f688ecaff0bfd2d928c8fba83c1d24f9.zip
Merge pull request #983 from enoodle/manageiq_service
Adding ManageIQ service account
Diffstat (limited to 'roles')
-rw-r--r--roles/openshift_common/tasks/main.yml1
-rwxr-xr-xroles/openshift_facts/library/openshift_facts.py2
-rw-r--r--roles/openshift_manageiq/tasks/main.yaml50
-rw-r--r--roles/openshift_manageiq/vars/main.yml24
4 files changed, 76 insertions, 1 deletions
diff --git a/roles/openshift_common/tasks/main.yml b/roles/openshift_common/tasks/main.yml
index 55065b3de..c0982290d 100644
--- a/roles/openshift_common/tasks/main.yml
+++ b/roles/openshift_common/tasks/main.yml
@@ -22,6 +22,7 @@
deployment_type: "{{ openshift_deployment_type }}"
use_fluentd: "{{ openshift_use_fluentd | default(None) }}"
use_flannel: "{{ openshift_use_flannel | default(None) }}"
+ use_manageiq: "{{ openshift_use_manageiq | default(None) }}"
# For enterprise versions < 3.1 and origin versions < 1.1 we want to set the
# hostname by default.
diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py
index e937b742e..085d59b71 100755
--- a/roles/openshift_facts/library/openshift_facts.py
+++ b/roles/openshift_facts/library/openshift_facts.py
@@ -1053,7 +1053,7 @@ class OpenShiftFacts(object):
common = dict(use_openshift_sdn=True, ip=ip_addr, public_ip=ip_addr,
deployment_type='origin', hostname=hostname,
- public_hostname=hostname)
+ public_hostname=hostname, use_manageiq=False)
common['client_binary'] = 'oc' if os.path.isfile('/usr/bin/oc') else 'osc'
common['admin_binary'] = 'oadm' if os.path.isfile('/usr/bin/oadm') else 'osadm'
common['dns_domain'] = 'cluster.local'
diff --git a/roles/openshift_manageiq/tasks/main.yaml b/roles/openshift_manageiq/tasks/main.yaml
new file mode 100644
index 000000000..2d3187e21
--- /dev/null
+++ b/roles/openshift_manageiq/tasks/main.yaml
@@ -0,0 +1,50 @@
+---
+- name: Copy Configuration to temporary conf
+ command: >
+ cp {{ openshift.common.config_base }}/master/admin.kubeconfig {{manage_iq_tmp_conf}}
+ changed_when: false
+
+- name: Add Managment Infrastructure project
+ command: >
+ {{ openshift.common.admin_binary }} new-project
+ management-infra
+ --description="Management Infrastructure"
+ --config={{manage_iq_tmp_conf}}
+ register: osmiq_create_mi_project
+ failed_when: "'already exists' not in osmiq_create_mi_project.stderr and osmiq_create_mi_project.rc != 0"
+ changed_when: osmiq_create_mi_project.rc == 0
+
+- name: Create Service Account
+ shell: >
+ echo {{ manageiq_service_account | to_json | quote }} |
+ {{ openshift.common.client_binary }} create
+ -n management-infra
+ --config={{manage_iq_tmp_conf}}
+ -f -
+ register: osmiq_create_service_account
+ failed_when: "'already exists' not in osmiq_create_service_account.stderr and osmiq_create_service_account.rc != 0"
+ changed_when: osmiq_create_service_account.rc == 0
+
+- name: Create Cluster Role
+ shell: >
+ echo {{ manageiq_cluster_role | to_json | quote }} |
+ {{ openshift.common.client_binary }} create
+ --config={{manage_iq_tmp_conf}}
+ -f -
+ register: osmiq_create_cluster_role
+ failed_when: "'already exists' not in osmiq_create_cluster_role.stderr and osmiq_create_cluster_role.rc != 0"
+ changed_when: osmiq_create_cluster_role.rc == 0
+
+- name: Configure role/user permissions
+ command: >
+ {{ openshift.common.admin_binary }} {{item}}
+ --config={{manage_iq_tmp_conf}}
+ with_items: "{{manage_iq_tasks}}"
+ register: osmiq_perm_task
+ failed_when: "'already exists' not in osmiq_perm_task.stderr and osmiq_perm_task.rc != 0"
+ changed_when: osmiq_perm_task.rc == 0
+
+- name: Clean temporary configuration file
+ command: >
+ rm -f {{manage_iq_tmp_conf}}
+ changed_when: false
diff --git a/roles/openshift_manageiq/vars/main.yml b/roles/openshift_manageiq/vars/main.yml
new file mode 100644
index 000000000..77e1c304b
--- /dev/null
+++ b/roles/openshift_manageiq/vars/main.yml
@@ -0,0 +1,24 @@
+manageiq_cluster_role:
+ apiVersion: v1
+ kind: ClusterRole
+ metadata:
+ name: management-infra-admin
+ rules:
+ - resources:
+ - pods/proxy
+ verbs:
+ - '*'
+
+manageiq_service_account:
+ apiVersion: v1
+ kind: ServiceAccount
+ metadata:
+ name: management-admin
+
+manage_iq_tmp_conf: /tmp/manageiq_admin.kubeconfig
+
+manage_iq_tasks:
+ - policy add-role-to-user -n management-infra admin -z management-admin
+ - policy add-role-to-user -n management-infra management-infra-admin -z management-admin
+ - policy add-cluster-role-to-user cluster-reader system:serviceaccount:management-infra:management-admin
+ - policy add-scc-to-user privileged system:serviceaccount:management-infra:management-admin