summaryrefslogtreecommitdiffstats
path: root/roles/openshift_service_catalog/tasks/install.yml
diff options
context:
space:
mode:
Diffstat (limited to 'roles/openshift_service_catalog/tasks/install.yml')
-rw-r--r--roles/openshift_service_catalog/tasks/install.yml85
1 files changed, 15 insertions, 70 deletions
diff --git a/roles/openshift_service_catalog/tasks/install.yml b/roles/openshift_service_catalog/tasks/install.yml
index 41a6691c9..4d06c1872 100644
--- a/roles/openshift_service_catalog/tasks/install.yml
+++ b/roles/openshift_service_catalog/tasks/install.yml
@@ -6,10 +6,10 @@
register: mktemp
changed_when: False
-- name: Set default image variables based on deployment_type
+- name: Set default image variables based on openshift_deployment_type
include_vars: "{{ item }}"
with_first_found:
- - "{{ openshift_deployment_type | default(deployment_type) }}.yml"
+ - "{{ openshift_deployment_type }}.yml"
- "default_images.yml"
- name: Set service_catalog image facts
@@ -38,7 +38,7 @@
- name: Make kube-service-catalog project network global
command: >
- {{ openshift.common.client_binary }} --config=/etc/origin/master/admin.kubeconfig adm pod-network make-projects-global kube-service-catalog
+ {{ openshift_client_binary }} --config=/etc/origin/master/admin.kubeconfig adm pod-network make-projects-global kube-service-catalog
- include_tasks: generate_certs.yml
@@ -74,74 +74,17 @@
template_name: kube-system-service-catalog-role-bindings
namespace: kube-system
-- oc_obj:
- name: edit
- kind: clusterrole
- state: list
- register: edit_yaml
-
-# only do this if we don't already have the updated role info
-- name: Generate apply template for clusterrole/edit
- template:
- src: sc_admin_edit_role_patching.j2
- dest: "{{ mktemp.stdout }}/edit_sc_patch.yml"
- vars:
- original_content: "{{ edit_yaml.results.results[0] | to_yaml }}"
- when:
- - not edit_yaml.results.results[0] | oo_contains_rule(['servicecatalog.k8s.io'], ['serviceinstances', 'servicebindings'], ['create', 'update', 'delete', 'get', 'list', 'watch', 'patch']) or not edit_yaml.results.results[0] | oo_contains_rule(['settings.k8s.io'], ['podpresets'], ['create', 'update', 'delete', 'get', 'list', 'watch'])
-
-# only do this if we don't already have the updated role info
-- name: update edit role for service catalog and pod preset access
- command: >
- {{ openshift.common.client_binary }} --config=/etc/origin/master/admin.kubeconfig replace -f {{ mktemp.stdout }}/edit_sc_patch.yml
- when:
- - not edit_yaml.results.results[0] | oo_contains_rule(['servicecatalog.k8s.io'], ['serviceinstances', 'servicebindings'], ['create', 'update', 'delete', 'get', 'list', 'watch', 'patch']) or not edit_yaml.results.results[0] | oo_contains_rule(['settings.k8s.io'], ['podpresets'], ['create', 'update', 'delete', 'get', 'list', 'watch'])
-
-- oc_obj:
- name: admin
- kind: clusterrole
- state: list
- register: admin_yaml
-
-# only do this if we don't already have the updated role info
-- name: Generate apply template for clusterrole/admin
- template:
- src: sc_admin_edit_role_patching.j2
- dest: "{{ mktemp.stdout }}/admin_sc_patch.yml"
- vars:
- original_content: "{{ admin_yaml.results.results[0] | to_yaml }}"
- when:
- - not admin_yaml.results.results[0] | oo_contains_rule(['servicecatalog.k8s.io'], ['serviceinstances', 'servicebindings'], ['create', 'update', 'delete', 'get', 'list', 'watch', 'patch']) or not admin_yaml.results.results[0] | oo_contains_rule(['settings.k8s.io'], ['podpresets'], ['create', 'update', 'delete', 'get', 'list', 'watch'])
-
-# only do this if we don't already have the updated role info
-- name: update admin role for service catalog and pod preset access
- command: >
- {{ openshift.common.client_binary }} --config=/etc/origin/master/admin.kubeconfig replace -f {{ mktemp.stdout }}/admin_sc_patch.yml
- when:
- - not admin_yaml.results.results[0] | oo_contains_rule(['servicecatalog.k8s.io'], ['serviceinstances', 'servicebindings'], ['create', 'update', 'delete', 'get', 'list', 'watch', 'patch']) or not admin_yaml.results.results[0] | oo_contains_rule(['settings.k8s.io'], ['podpresets'], ['create', 'update', 'delete', 'get', 'list', 'watch'])
-
-- oc_obj:
- name: view
- kind: clusterrole
- state: list
- register: view_yaml
-
-# only do this if we don't already have the updated role info
-- name: Generate apply template for clusterrole/view
- template:
- src: sc_view_role_patching.j2
- dest: "{{ mktemp.stdout }}/view_sc_patch.yml"
- vars:
- original_content: "{{ view_yaml.results.results[0] | to_yaml }}"
- when:
- - not view_yaml.results.results[0] | oo_contains_rule(['servicecatalog.k8s.io'], ['serviceinstances', 'servicebindings'], ['get', 'list', 'watch'])
+- copy:
+ src: openshift_catalog_clusterroles.yml
+ dest: "{{ mktemp.stdout }}/openshift_catalog_clusterroles.yml"
-# only do this if we don't already have the updated role info
-- name: update view role for service catalog access
- command: >
- {{ openshift.common.client_binary }} --config=/etc/origin/master/admin.kubeconfig replace -f {{ mktemp.stdout }}/view_sc_patch.yml
- when:
- - not view_yaml.results.results[0] | oo_contains_rule(['servicecatalog.k8s.io'], ['serviceinstances', 'servicebindings'], ['get', 'list', 'watch'])
+- name: Apply Service Catalog cluster roles
+ retries: 5
+ delay: 2
+ register: task_result
+ until: task_result.rc == 0
+ shell: >
+ {{ openshift_client_binary }} auth reconcile --config={{ openshift.common.config_base }}/master/admin.kubeconfig -f {{ mktemp.stdout}}/openshift_catalog_clusterroles.yml
- oc_adm_policy_user:
namespace: kube-service-catalog
@@ -179,6 +122,8 @@
etcd_servers: "{{ openshift.master.etcd_urls | join(',') }}"
etcd_cafile: "{{ '/etc/origin/master/master.etcd-ca.crt' if etcd_ca_crt.stat.exists else '/etc/origin/master/ca-bundle.crt' }}"
node_selector: "{{ openshift_service_catalog_nodeselector | default ({'openshift-infra': 'apiserver'}) }}"
+ # apiserver_ca is defined in generate_certs.yml
+ ca_hash: "{{ apiserver_ca.content|hash('sha1') }}"
- name: Set Service Catalog API Server daemonset
oc_obj:
generated by cgit v1.2.1 (git 2.18.0) at 2024-05-20 14:23:37 +0000