blob: eee89743c41281fb24fff547eb832710aac752b9 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
|
---
- name: ensure the node-bootstrap service account exists
oc_serviceaccount:
name: node-bootstrapper
namespace: openshift-infra
state: present
run_once: true
- name: grant node-bootstrapper the correct permissions to bootstrap
oc_adm_policy_user:
namespace: openshift-infra
user: system:serviceaccount:openshift-infra:node-bootstrapper
resource_kind: cluster-role
resource_name: system:node-bootstrapper
state: present
run_once: true
# TODO: create a module for this command.
# oc_serviceaccounts_kubeconfig
- name: create service account kubeconfig with csr rights
command: "oc serviceaccounts create-kubeconfig node-bootstrapper -n openshift-infra"
register: kubeconfig_out
- name: put service account kubeconfig into a file on disk for bootstrap
copy:
content: "{{ kubeconfig_out.stdout }}"
dest: "{{ openshift_master_config_dir }}/bootstrap.kubeconfig"
- name: create a temp dir for this work
command: mktemp -d /tmp/openshift_node_config-XXXXXX
register: mktempout
run_once: true
# This generate is so that we do not have to maintain
# our own copy of the template. This is generated by
# the product and the following settings will be
# generated by the master
- name: generate a node-config dynamically
command: >
{{ openshift_master_client_binary }} adm create-node-config
--node-dir={{ mktempout.stdout }}/
--node=CONFIGMAP
--hostnames=test
--certificate-authority={{ openshift_master_config_dir }}/ca.crt
--signer-cert={{ openshift_master_config_dir }}/ca.crt
--signer-key={{ openshift_master_config_dir }}/ca.key
--signer-serial={{ openshift_master_config_dir }}/ca.serial.txt
--node-client-certificate-authority={{ openshift_master_config_dir }}/ca.crt
register: configgen
run_once: true
- name: remove the default settings
yedit:
state: "{{ item.state | default('present') }}"
src: "{{ mktempout.stdout }}/node-config.yaml"
key: "{{ item.key }}"
value: "{{ item.value | default(omit) }}"
with_items: "{{ openshift_master_node_config_default_edits }}"
run_once: true
- name: copy the generated config into each group
copy:
src: "{{ mktempout.stdout }}/node-config.yaml"
remote_src: true
dest: "{{ mktempout.stdout }}/node-config-{{ item.type }}.yaml"
with_items: "{{ openshift_master_node_configs }}"
run_once: true
- name: "specialize the generated configs for node-config-{{ item.type }}"
yedit:
src: "{{ mktempout.stdout }}/node-config-{{ item.type }}.yaml"
edits: "{{ item.edits }}"
with_items: "{{ openshift_master_node_configs }}"
run_once: true
- name: create node-config.yaml configmap
oc_configmap:
name: "node-config-{{ item.type }}"
namespace: "{{ openshift_master_bootstrap_namespace }}"
from_file:
node-config.yaml: "{{ mktempout.stdout }}/node-config-{{ item.type }}.yaml"
with_items: "{{ openshift_master_node_configs }}"
run_once: true
- name: remove templated files
file:
dest: "{{ mktempout.stdout }}/"
state: absent
with_items: "{{ openshift_master_node_configs }}"
run_once: true
|
