summaryrefslogtreecommitdiffstats
path: root/roles/openshift_manageiq
diff options
context:
space:
mode:
authorFederico Simoncelli <fsimonce@redhat.com>2016-11-03 15:48:33 +0100
committerFederico Simoncelli <fsimonce@redhat.com>2016-11-03 15:49:04 +0100
commita5ee83f0dcd7d71c6e2c9387b6ce0b7b1ffec68b (patch)
tree4565033628c01abd7c4b458f6f040ad15a4e31d0 /roles/openshift_manageiq
parentc97858a6bc61251c02d2ca27172ebe87727b776a (diff)
downloadopenshift-a5ee83f0dcd7d71c6e2c9387b6ce0b7b1ffec68b.tar.gz
openshift-a5ee83f0dcd7d71c6e2c9387b6ce0b7b1ffec68b.tar.bz2
openshift-a5ee83f0dcd7d71c6e2c9387b6ce0b7b1ffec68b.tar.xz
openshift-a5ee83f0dcd7d71c6e2c9387b6ce0b7b1ffec68b.zip
Add hawkular admin cluster role to management admin
Signed-off-by: Federico Simoncelli <fsimonce@redhat.com>
Diffstat (limited to 'roles/openshift_manageiq')
-rw-r--r--roles/openshift_manageiq/tasks/main.yaml10
-rw-r--r--roles/openshift_manageiq/vars/main.yml15
2 files changed, 25 insertions, 0 deletions
diff --git a/roles/openshift_manageiq/tasks/main.yaml b/roles/openshift_manageiq/tasks/main.yaml
index bdaf64b3f..a7214482f 100644
--- a/roles/openshift_manageiq/tasks/main.yaml
+++ b/roles/openshift_manageiq/tasks/main.yaml
@@ -50,6 +50,16 @@
failed_when: "'already exists' not in osmiq_create_cluster_role.stderr and osmiq_create_cluster_role.rc != 0"
changed_when: osmiq_create_cluster_role.rc == 0
+- name: Create Hawkular Metrics Admin Cluster Role
+ shell: >
+ echo {{ manageiq_metrics_admin_clusterrole | to_json | quote }} |
+ {{ openshift.common.client_binary }}
+ --config={{manage_iq_tmp_conf}}
+ create -f -
+ register: oshawkular_create_cluster_role
+ failed_when: "'already exists' not in oshawkular_create_cluster_role.stderr and oshawkular_create_cluster_role.rc != 0"
+ changed_when: oshawkular_create_cluster_role.rc == 0
+
- name: Configure role/user permissions
command: >
{{ openshift.common.client_binary }} adm {{item}}
diff --git a/roles/openshift_manageiq/vars/main.yml b/roles/openshift_manageiq/vars/main.yml
index 6a0c5b41b..37d4679ef 100644
--- a/roles/openshift_manageiq/vars/main.yml
+++ b/roles/openshift_manageiq/vars/main.yml
@@ -9,6 +9,20 @@ manageiq_cluster_role:
verbs:
- '*'
+manageiq_metrics_admin_clusterrole:
+ apiVersion: v1
+ kind: ClusterRole
+ metadata:
+ name: hawkular-metrics-admin
+ rules:
+ - apiGroups:
+ - ""
+ resources:
+ - hawkular-metrics
+ - hawkular-alerts
+ verbs:
+ - '*'
+
manageiq_service_account:
apiVersion: v1
kind: ServiceAccount
@@ -31,6 +45,7 @@ manage_iq_tasks:
- policy add-cluster-role-to-user system:image-puller system:serviceaccount:management-infra:inspector-admin
- policy add-scc-to-user privileged system:serviceaccount:management-infra:inspector-admin
- policy add-cluster-role-to-user self-provisioner system:serviceaccount:management-infra:management-admin
+ - policy add-cluster-role-to-user hawkular-metrics-admin system:serviceaccount:management-infra:management-admin
manage_iq_openshift_3_2_tasks:
- policy add-cluster-role-to-user system:image-auditor system:serviceaccount:management-infra:management-admin