From badaa6dc09abfcbfb2770a2d2070c803a2aaaf03 Mon Sep 17 00:00:00 2001
From: Steve Milner <smilner@redhat.com>
Date: Thu, 9 Feb 2017 11:57:57 -0500
Subject: oc serviceaccount now done via oc_serviceaccount module

---
 roles/nuage_master/meta/main.yml                  |  1 +
 roles/nuage_master/tasks/serviceaccount.yml       | 16 +++++-------
 roles/nuage_master/vars/main.yaml                 |  6 -----
 roles/openshift_logging/tasks/delete_logging.yaml | 10 ++++----
 roles/openshift_manageiq/meta/main.yml            | 15 ++++++++++++
 roles/openshift_manageiq/tasks/main.yaml          | 30 +++++++----------------
 roles/openshift_manageiq/vars/main.yml            | 13 +---------
 roles/openshift_serviceaccounts/meta/main.yml     |  1 +
 roles/openshift_serviceaccounts/tasks/main.yml    | 20 ++++-----------
 9 files changed, 43 insertions(+), 69 deletions(-)
 create mode 100644 roles/openshift_manageiq/meta/main.yml

(limited to 'roles')

diff --git a/roles/nuage_master/meta/main.yml b/roles/nuage_master/meta/main.yml
index a8a9bd3b4..e3ed9ac71 100644
--- a/roles/nuage_master/meta/main.yml
+++ b/roles/nuage_master/meta/main.yml
@@ -17,6 +17,7 @@ dependencies:
 - role: nuage_common
 - role: openshift_etcd_client_certificates
 - role: os_firewall
+- role: lib_openshift
   os_firewall_allow:
   - service: openshift-monitor
     port: "{{ nuage_mon_rest_server_port }}/tcp"
diff --git a/roles/nuage_master/tasks/serviceaccount.yml b/roles/nuage_master/tasks/serviceaccount.yml
index 41143772e..16ea08244 100644
--- a/roles/nuage_master/tasks/serviceaccount.yml
+++ b/roles/nuage_master/tasks/serviceaccount.yml
@@ -13,20 +13,16 @@
   changed_when: false
 
 - name: Create Admin Service Account
-  shell: >
-    echo {{ nuage_service_account_config | to_json | quote }} |
-    {{ openshift.common.client_binary }} create
-    -n default
-    --config={{nuage_tmp_conf}}
-    -f -
-  register: osnuage_create_service_account
-  failed_when: "'already exists' not in osnuage_create_service_account.stderr and osnuage_create_service_account.rc != 0"
-  changed_when: osnuage_create_service_account.rc == 0
+  oc_serviceaccount:
+    kubeconfig: "{{ openshift_master_config_dir }}/admin.kubeconfig"
+    name: nuage
+    namespace: default
+    state: present
 
 - name: Configure role/user permissions
   command: >
     {{ openshift.common.client_binary }} adm {{item}}
-    --config={{nuage_tmp_conf}}
+    --config={{ nuage_tmp_conf }}
   with_items: "{{nuage_tasks}}"
   register: osnuage_perm_task
   failed_when: "'the object has been modified' not in osnuage_perm_task.stderr and osnuage_perm_task.rc != 0"
diff --git a/roles/nuage_master/vars/main.yaml b/roles/nuage_master/vars/main.yaml
index dba399a03..651d5775c 100644
--- a/roles/nuage_master/vars/main.yaml
+++ b/roles/nuage_master/vars/main.yaml
@@ -22,11 +22,5 @@ nuage_mon_rest_server_host: "{{ openshift.master.cluster_hostname | default(open
 nuage_master_crt_dir: /usr/share/nuage-openshift-monitor
 nuage_service_account: system:serviceaccount:default:nuage
 
-nuage_service_account_config:
-  apiVersion: v1
-  kind: ServiceAccount
-  metadata:
-    name: nuage
-
 nuage_tasks:
   - policy add-cluster-role-to-user cluster-reader {{ nuage_service_account }}
diff --git a/roles/openshift_logging/tasks/delete_logging.yaml b/roles/openshift_logging/tasks/delete_logging.yaml
index 908f3ee88..9621d0d1a 100644
--- a/roles/openshift_logging/tasks/delete_logging.yaml
+++ b/roles/openshift_logging/tasks/delete_logging.yaml
@@ -80,16 +80,16 @@
 
 # delete our service accounts
 - name: delete service accounts
-  command: >
-    {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig
-    delete serviceaccount {{ item }} -n {{ openshift_logging_namespace }} --ignore-not-found=true
+  oc_serviceaccount:
+    kubeconfig: "{{ mktemp.stdout }}/admin.kubeconfig"
+    name: "{{ item }}"
+    namespace: "{{ openshift_logging_namespace }}"
+    state: absent
   with_items:
     - aggregated-logging-elasticsearch
     - aggregated-logging-kibana
     - aggregated-logging-curator
     - aggregated-logging-fluentd
-  register: delete_result
-  changed_when: delete_result.stdout.find("deleted") != -1 and delete_result.rc == 0
 
 # delete our roles
 - name: delete roles
diff --git a/roles/openshift_manageiq/meta/main.yml b/roles/openshift_manageiq/meta/main.yml
new file mode 100644
index 000000000..6c96a91bf
--- /dev/null
+++ b/roles/openshift_manageiq/meta/main.yml
@@ -0,0 +1,15 @@
+---
+galaxy_info:
+  author: Erez Freiberger
+  description: ManageIQ
+  company: Red Hat, Inc.
+  license: Apache License, Version 2.0
+  min_ansible_version: 2.1
+  platforms:
+  - name: EL
+    versions:
+    - 7
+  categories:
+  - cloud
+dependencies:
+- role: lib_openshift
diff --git a/roles/openshift_manageiq/tasks/main.yaml b/roles/openshift_manageiq/tasks/main.yaml
index a7214482f..e58947fd2 100644
--- a/roles/openshift_manageiq/tasks/main.yaml
+++ b/roles/openshift_manageiq/tasks/main.yaml
@@ -18,27 +18,15 @@
   failed_when: "'already exists' not in osmiq_create_mi_project.stderr and osmiq_create_mi_project.rc != 0"
   changed_when: osmiq_create_mi_project.rc == 0
 
-- name: Create Admin Service Account
-  shell: >
-    echo {{ manageiq_service_account | to_json | quote }} |
-    {{ openshift.common.client_binary }} create
-    -n management-infra
-    --config={{manage_iq_tmp_conf}}
-    -f -
-  register: osmiq_create_service_account
-  failed_when: "'already exists' not in osmiq_create_service_account.stderr and osmiq_create_service_account.rc != 0"
-  changed_when: osmiq_create_service_account.rc == 0
-
-- name: Create Image Inspector Service Account
-  shell: >
-    echo {{ manageiq_image_inspector_service_account | to_json | quote }} |
-    {{ openshift.common.client_binary }} create
-    -n management-infra
-    --config={{manage_iq_tmp_conf}}
-    -f -
-  register: osmiq_create_service_account
-  failed_when: "'already exists' not in osmiq_create_service_account.stderr and osmiq_create_service_account.rc != 0"
-  changed_when: osmiq_create_service_account.rc == 0
+- name: Create Admin and Image Inspector Service Account
+  oc_serviceaccount:
+    kubeconfig: "{{ openshift_master_config_dir }}/admin.kubeconfig"
+    name: "{{ item }}"
+    namespace: management-infra
+    state: present
+  with_items:
+  - management-admin
+  - inspector-admin
 
 - name: Create Cluster Role
   shell: >
diff --git a/roles/openshift_manageiq/vars/main.yml b/roles/openshift_manageiq/vars/main.yml
index 3f24fd6be..9936bb126 100644
--- a/roles/openshift_manageiq/vars/main.yml
+++ b/roles/openshift_manageiq/vars/main.yml
@@ -1,4 +1,5 @@
 ---
+openshift_master_config_dir: "{{ openshift.common.config_base }}/master"
 manageiq_cluster_role:
   apiVersion: v1
   kind: ClusterRole
@@ -24,18 +25,6 @@ manageiq_metrics_admin_clusterrole:
     verbs:
     - '*'
 
-manageiq_service_account:
-  apiVersion: v1
-  kind: ServiceAccount
-  metadata:
-    name: management-admin
-
-manageiq_image_inspector_service_account:
-  apiVersion: v1
-  kind: ServiceAccount
-  metadata:
-    name: inspector-admin
-
 manage_iq_tmp_conf: /tmp/manageiq_admin.kubeconfig
 
 manage_iq_tasks:
diff --git a/roles/openshift_serviceaccounts/meta/main.yml b/roles/openshift_serviceaccounts/meta/main.yml
index a2c9fee70..7a30c220f 100644
--- a/roles/openshift_serviceaccounts/meta/main.yml
+++ b/roles/openshift_serviceaccounts/meta/main.yml
@@ -13,3 +13,4 @@ galaxy_info:
   - cloud
 dependencies:
 - { role: openshift_facts }
+- { role: lib_openshift }
diff --git a/roles/openshift_serviceaccounts/tasks/main.yml b/roles/openshift_serviceaccounts/tasks/main.yml
index d83ccf7de..1d570fa5b 100644
--- a/roles/openshift_serviceaccounts/tasks/main.yml
+++ b/roles/openshift_serviceaccounts/tasks/main.yml
@@ -1,21 +1,11 @@
 ---
-- name: test if service accounts exists
-  command: >
-      {{ openshift.common.client_binary }} get sa {{ item }} -n {{ openshift_serviceaccounts_namespace }}
-  with_items: "{{ openshift_serviceaccounts_names }}"
-  failed_when: false
-  changed_when: false
-  register: account_test
-
 - name: create the service account
-  shell: >
-       echo {{ lookup('template', '../templates/serviceaccount.j2')
-       | from_yaml | to_json | quote }} | {{ openshift.common.client_binary }}
-       -n {{ openshift_serviceaccounts_namespace }} create -f -
-  when: item.1.rc != 0
-  with_together:
+  oc_serviceaccount:
+    name: "{{ item }}"
+    namespace: "{{ openshift_serviceaccounts_namespace }}"
+    state: present
+  with_items:
   - "{{ openshift_serviceaccounts_names }}"
-  - "{{ account_test.results }}"
 
 - name: test if scc needs to be updated
   command: >
-- 
cgit v1.2.1