blob: 628df4540eddd7519c4e1f8bb93f6f950522b3c3 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
|
####
#
# OSE 3.0.z did not have 'oadm policy add-scc-to-user'.
#
####
- name: tmp dir for openshift
file:
path: /tmp/openshift
state: directory
owner: root
mode: 700
- name: Create service account configs
template:
src: serviceaccount.j2
dest: "/tmp/openshift/{{ item }}-serviceaccount.yaml"
with_items: openshift_serviceaccounts_names
- name: Get current security context constraints
shell: >
{{ openshift.common.client_binary }} get scc privileged -o yaml
--output-version=v1 > /tmp/openshift/scc.yaml
changed_when: false
- name: Add security context constraint for {{ item }}
lineinfile:
dest: /tmp/openshift/scc.yaml
line: "- system:serviceaccount:{{ openshift_serviceaccounts_namespace }}:{{ item }}"
insertafter: "^users:$"
with_items: openshift_serviceaccounts_names
- name: Apply new scc rules for service accounts
command: "{{ openshift.common.client_binary }} update -f /tmp/openshift/scc.yaml --api-version=v1"
|