diff options
Diffstat (limited to 'roles/openshift_service_catalog/tasks/install.yml')
-rw-r--r-- | roles/openshift_service_catalog/tasks/install.yml | 85 |
1 files changed, 15 insertions, 70 deletions
diff --git a/roles/openshift_service_catalog/tasks/install.yml b/roles/openshift_service_catalog/tasks/install.yml index 41a6691c9..4d06c1872 100644 --- a/roles/openshift_service_catalog/tasks/install.yml +++ b/roles/openshift_service_catalog/tasks/install.yml @@ -6,10 +6,10 @@ register: mktemp changed_when: False -- name: Set default image variables based on deployment_type +- name: Set default image variables based on openshift_deployment_type include_vars: "{{ item }}" with_first_found: - - "{{ openshift_deployment_type | default(deployment_type) }}.yml" + - "{{ openshift_deployment_type }}.yml" - "default_images.yml" - name: Set service_catalog image facts @@ -38,7 +38,7 @@ - name: Make kube-service-catalog project network global command: > - {{ openshift.common.client_binary }} --config=/etc/origin/master/admin.kubeconfig adm pod-network make-projects-global kube-service-catalog + {{ openshift_client_binary }} --config=/etc/origin/master/admin.kubeconfig adm pod-network make-projects-global kube-service-catalog - include_tasks: generate_certs.yml @@ -74,74 +74,17 @@ template_name: kube-system-service-catalog-role-bindings namespace: kube-system -- oc_obj: - name: edit - kind: clusterrole - state: list - register: edit_yaml - -# only do this if we don't already have the updated role info -- name: Generate apply template for clusterrole/edit - template: - src: sc_admin_edit_role_patching.j2 - dest: "{{ mktemp.stdout }}/edit_sc_patch.yml" - vars: - original_content: "{{ edit_yaml.results.results[0] | to_yaml }}" - when: - - not edit_yaml.results.results[0] | oo_contains_rule(['servicecatalog.k8s.io'], ['serviceinstances', 'servicebindings'], ['create', 'update', 'delete', 'get', 'list', 'watch', 'patch']) or not edit_yaml.results.results[0] | oo_contains_rule(['settings.k8s.io'], ['podpresets'], ['create', 'update', 'delete', 'get', 'list', 'watch']) - -# only do this if we don't already have the updated role info -- name: update edit role for service catalog and pod preset access - command: > - {{ openshift.common.client_binary }} --config=/etc/origin/master/admin.kubeconfig replace -f {{ mktemp.stdout }}/edit_sc_patch.yml - when: - - not edit_yaml.results.results[0] | oo_contains_rule(['servicecatalog.k8s.io'], ['serviceinstances', 'servicebindings'], ['create', 'update', 'delete', 'get', 'list', 'watch', 'patch']) or not edit_yaml.results.results[0] | oo_contains_rule(['settings.k8s.io'], ['podpresets'], ['create', 'update', 'delete', 'get', 'list', 'watch']) - -- oc_obj: - name: admin - kind: clusterrole - state: list - register: admin_yaml - -# only do this if we don't already have the updated role info -- name: Generate apply template for clusterrole/admin - template: - src: sc_admin_edit_role_patching.j2 - dest: "{{ mktemp.stdout }}/admin_sc_patch.yml" - vars: - original_content: "{{ admin_yaml.results.results[0] | to_yaml }}" - when: - - not admin_yaml.results.results[0] | oo_contains_rule(['servicecatalog.k8s.io'], ['serviceinstances', 'servicebindings'], ['create', 'update', 'delete', 'get', 'list', 'watch', 'patch']) or not admin_yaml.results.results[0] | oo_contains_rule(['settings.k8s.io'], ['podpresets'], ['create', 'update', 'delete', 'get', 'list', 'watch']) - -# only do this if we don't already have the updated role info -- name: update admin role for service catalog and pod preset access - command: > - {{ openshift.common.client_binary }} --config=/etc/origin/master/admin.kubeconfig replace -f {{ mktemp.stdout }}/admin_sc_patch.yml - when: - - not admin_yaml.results.results[0] | oo_contains_rule(['servicecatalog.k8s.io'], ['serviceinstances', 'servicebindings'], ['create', 'update', 'delete', 'get', 'list', 'watch', 'patch']) or not admin_yaml.results.results[0] | oo_contains_rule(['settings.k8s.io'], ['podpresets'], ['create', 'update', 'delete', 'get', 'list', 'watch']) - -- oc_obj: - name: view - kind: clusterrole - state: list - register: view_yaml - -# only do this if we don't already have the updated role info -- name: Generate apply template for clusterrole/view - template: - src: sc_view_role_patching.j2 - dest: "{{ mktemp.stdout }}/view_sc_patch.yml" - vars: - original_content: "{{ view_yaml.results.results[0] | to_yaml }}" - when: - - not view_yaml.results.results[0] | oo_contains_rule(['servicecatalog.k8s.io'], ['serviceinstances', 'servicebindings'], ['get', 'list', 'watch']) +- copy: + src: openshift_catalog_clusterroles.yml + dest: "{{ mktemp.stdout }}/openshift_catalog_clusterroles.yml" -# only do this if we don't already have the updated role info -- name: update view role for service catalog access - command: > - {{ openshift.common.client_binary }} --config=/etc/origin/master/admin.kubeconfig replace -f {{ mktemp.stdout }}/view_sc_patch.yml - when: - - not view_yaml.results.results[0] | oo_contains_rule(['servicecatalog.k8s.io'], ['serviceinstances', 'servicebindings'], ['get', 'list', 'watch']) +- name: Apply Service Catalog cluster roles + retries: 5 + delay: 2 + register: task_result + until: task_result.rc == 0 + shell: > + {{ openshift_client_binary }} auth reconcile --config={{ openshift.common.config_base }}/master/admin.kubeconfig -f {{ mktemp.stdout}}/openshift_catalog_clusterroles.yml - oc_adm_policy_user: namespace: kube-service-catalog @@ -179,6 +122,8 @@ etcd_servers: "{{ openshift.master.etcd_urls | join(',') }}" etcd_cafile: "{{ '/etc/origin/master/master.etcd-ca.crt' if etcd_ca_crt.stat.exists else '/etc/origin/master/ca-bundle.crt' }}" node_selector: "{{ openshift_service_catalog_nodeselector | default ({'openshift-infra': 'apiserver'}) }}" + # apiserver_ca is defined in generate_certs.yml + ca_hash: "{{ apiserver_ca.content|hash('sha1') }}" - name: Set Service Catalog API Server daemonset oc_obj: |