From 110ae6da8d80b63a068f4537383e775d958cf9a9 Mon Sep 17 00:00:00 2001 From: "Suren A. Chilingaryan" Date: Sat, 14 Apr 2018 02:09:54 +0200 Subject: Provide support for global OpenShift resources (ClusterRoles, etc.) --- roles/ands_openshift/defaults/main.yml | 2 +- roles/ands_openshift/tasks/projects.yml | 4 ++++ roles/ands_openshift/tasks/projects_resources.yml | 20 ++++++++++++++++++++ roles/ands_openshift/tasks/resources.yml | 9 +++++++++ roles/ands_openshift/tasks/users_resources.yml | 21 --------------------- 5 files changed, 34 insertions(+), 22 deletions(-) create mode 100644 roles/ands_openshift/tasks/projects.yml create mode 100644 roles/ands_openshift/tasks/projects_resources.yml create mode 100644 roles/ands_openshift/tasks/resources.yml (limited to 'roles/ands_openshift') diff --git a/roles/ands_openshift/defaults/main.yml b/roles/ands_openshift/defaults/main.yml index d279345..feec093 100644 --- a/roles/ands_openshift/defaults/main.yml +++ b/roles/ands_openshift/defaults/main.yml @@ -1,4 +1,4 @@ -openshift_common_subroles: "{{ [ 'users', 'security', 'storage' ] }}" +openshift_common_subroles: "{{ [ 'projects', 'resources', 'users', 'security', 'storage' ] }}" openshift_heketi_subroles: "{{ [ 'ssh', 'heketi' ] }}" openshift_all_subroles: "{{ ands_configure_heketi | default(False) | ternary(openshift_common_subroles + openshift_heketi_subroles, openshift_common_subroles) }}" diff --git a/roles/ands_openshift/tasks/projects.yml b/roles/ands_openshift/tasks/projects.yml new file mode 100644 index 0000000..4f13136 --- /dev/null +++ b/roles/ands_openshift/tasks/projects.yml @@ -0,0 +1,4 @@ +--- +- include_tasks: projects_resources.yml + run_once: true + delegate_to: "{{ groups.masters[0] }}" diff --git a/roles/ands_openshift/tasks/projects_resources.yml b/roles/ands_openshift/tasks/projects_resources.yml new file mode 100644 index 0000000..2afe9e1 --- /dev/null +++ b/roles/ands_openshift/tasks/projects_resources.yml @@ -0,0 +1,20 @@ +- name: Get project list + command: "oc get projects -o json" + changed_when: false + register: results + +- name: Find missing projects + set_fact: new_projects="{{ ands_openshift_projects.keys() | difference (results.stdout | from_json | json_query('items[*].metadata.name')) }}" + when: (results | succeeded) + +- name: Create missing projects + command: "oc adm new-project --description '{{ ands_openshift_projects[item] }}' {{ item }}" + with_items: "{{ new_projects | default([]) }}" + +- name: Allow projects to pull images from KaaS imagestreams + command: "oc policy add-role-to-group system:image-puller system:serviceaccounts:{{ prj_item }} --namespace=kaas" + with_items: "{{ ands_openshift_projects.keys() }}" + when: + prj_item != "kaas" + loop_control: + loop_var: prj_item diff --git a/roles/ands_openshift/tasks/resources.yml b/roles/ands_openshift/tasks/resources.yml new file mode 100644 index 0000000..b691372 --- /dev/null +++ b/roles/ands_openshift/tasks/resources.yml @@ -0,0 +1,9 @@ +- name: Run configuration script and populate resources + include_role: name="ands_kaas" + vars: + kaas_openshift_volumes: "{{ ands_openshift_volumes }}" + kaas_projects: "{{ ands_openshift_projects.keys() }}" + kaas_single_project: "openshift" + kaas_namespace: "kaas" + kaas_subrole: "script" + delete: false diff --git a/roles/ands_openshift/tasks/users_resources.yml b/roles/ands_openshift/tasks/users_resources.yml index 722e1eb..2a73cd0 100644 --- a/roles/ands_openshift/tasks/users_resources.yml +++ b/roles/ands_openshift/tasks/users_resources.yml @@ -6,27 +6,6 @@ vars: key_len: "{{ item.key.split('/') | length }}" -- name: Get project list - command: "oc get projects -o json" - changed_when: false - register: results - -- name: Find missing projects - set_fact: new_projects="{{ ands_openshift_projects.keys() | difference (results.stdout | from_json | json_query('items[*].metadata.name')) }}" - when: (results | succeeded) - -- name: Create missing projects - command: "oc adm new-project --description '{{ ands_openshift_projects[item] }}' {{ item }}" - with_items: "{{ new_projects | default([]) }}" - -- name: Allow projects to pull images from KaaS imagestreams - command: "oc policy add-role-to-group system:image-puller system:serviceaccounts:{{ prj_item }} --namespace=kaas" - with_items: "{{ ands_openshift_projects.keys() }}" - when: - prj_item != "kaas" - loop_control: - loop_var: prj_item - - name: Configure per project roles command: "oc adm policy add-role-to-user -n {{ item.key.split('/')[0] }} {{ item.key.split('/')[1] }} {{ item.value.replace(' ','').split(',') | join(' ') }}" with_dict: "{{ ands_openshift_roles }}" -- cgit v1.2.3