From 4ab3e20e333d107163abe2a3c88f2aecae3fd77e Mon Sep 17 00:00:00 2001
From: "Jose A. Rivera" <jarrpa@redhat.com>
Date: Fri, 29 Sep 2017 22:45:10 -0500
Subject: GlusterFS: make ServiceAccounts privileged when either glusterfs or
 heketi is native

Signed-off-by: Jose A. Rivera <jarrpa@redhat.com>
---
 roles/openshift_storage_glusterfs/tasks/glusterfs_common.yml | 11 +++++++++++
 1 file changed, 11 insertions(+)

(limited to 'roles/openshift_storage_glusterfs/tasks/glusterfs_common.yml')

diff --git a/roles/openshift_storage_glusterfs/tasks/glusterfs_common.yml b/roles/openshift_storage_glusterfs/tasks/glusterfs_common.yml
index 3f6dab78b..51724f979 100644
--- a/roles/openshift_storage_glusterfs/tasks/glusterfs_common.yml
+++ b/roles/openshift_storage_glusterfs/tasks/glusterfs_common.yml
@@ -18,6 +18,17 @@
     node_selector: "{% if glusterfs_use_default_selector %}{{ omit }}{% endif %}"
   when: glusterfs_is_native or glusterfs_heketi_is_native or glusterfs_storageclass
 
+- name: Add namespace service accounts to privileged SCC
+  oc_adm_policy_user:
+    user: "system:serviceaccount:{{ glusterfs_namespace }}:{{ item }}"
+    resource_kind: scc
+    resource_name: privileged
+    state: present
+  with_items:
+  - 'default'
+  - 'router'
+  when: glusterfs_is_native or glusterfs_heketi_is_native
+
 - name: Delete pre-existing heketi resources
   oc_obj:
     namespace: "{{ glusterfs_namespace }}"
-- 
cgit v1.2.1