diff options
| author | OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com> | 2018-01-30 23:16:14 -0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2018-01-30 23:16:14 -0800 |
| commit | 2bdb52532bbbc678e240739fc42b7ea2ee71c876 (patch) | |
| tree | 993907ccd72b22e0d19b2209f6ec8faef721c517 /roles/nuage_master/tasks | |
| parent | 04894a4c43346417154a6c1591043236ed574d16 (diff) | |
| parent | b637c993a2ace002c88004dbab663d7cfcf36327 (diff) | |
| download | openshift-2bdb52532bbbc678e240739fc42b7ea2ee71c876.tar.gz openshift-2bdb52532bbbc678e240739fc42b7ea2ee71c876.tar.bz2 openshift-2bdb52532bbbc678e240739fc42b7ea2ee71c876.tar.xz openshift-2bdb52532bbbc678e240739fc42b7ea2ee71c876.zip | |
Merge pull request #5651 from vareti/NuageEtcdCertsFix
Automatic merge from submit-queue.
copy etcd client certificates for nuage openshift monitor
Nuage OpenShift Monitor requires etcd client certificates to talk to etcd. This PR helps in copying the certificates to the node where monitor is running and configures the input parameters accordingly.
Diffstat (limited to 'roles/nuage_master/tasks')
| -rw-r--r-- | roles/nuage_master/tasks/etcd_certificates.yml | 21 | ||||
| -rw-r--r-- | roles/nuage_master/tasks/main.yaml | 17 |
2 files changed, 37 insertions, 1 deletions
diff --git a/roles/nuage_master/tasks/etcd_certificates.yml b/roles/nuage_master/tasks/etcd_certificates.yml new file mode 100644 index 000000000..99ec27f91 --- /dev/null +++ b/roles/nuage_master/tasks/etcd_certificates.yml @@ -0,0 +1,21 @@ +--- +- name: Generate openshift etcd certs + become: yes + include_role: + name: etcd + tasks_from: client_certificates + vars: + etcd_cert_prefix: nuageEtcd- + etcd_cert_config_dir: "{{ cert_output_dir }}" + embedded_etcd: "{{ hostvars[groups.oo_first_master.0].openshift.master.embedded_etcd }}" + etcd_ca_host: "{{ groups.oo_etcd_to_config.0 }}" + etcd_cert_subdir: "openshift-nuage-{{ openshift.common.hostname }}" + + +- name: Error if etcd certs are not copied + stat: + path: "{{ item }}" + with_items: + - "{{ cert_output_dir }}/nuageEtcd-ca.crt" + - "{{ cert_output_dir }}/nuageEtcd-client.crt" + - "{{ cert_output_dir }}/nuageEtcd-client.key" diff --git a/roles/nuage_master/tasks/main.yaml b/roles/nuage_master/tasks/main.yaml index 29e16b6f8..a1781dc56 100644 --- a/roles/nuage_master/tasks/main.yaml +++ b/roles/nuage_master/tasks/main.yaml @@ -81,6 +81,7 @@ - nuage.key - nuage.kubeconfig +- include_tasks: etcd_certificates.yml - include_tasks: certificates.yml - name: Install Nuage VSD user certificate @@ -99,7 +100,16 @@ become: yes template: src=nuage-node-config-daemonset.j2 dest=/etc/nuage-node-config-daemonset.yaml owner=root mode=0644 -- name: Add the service account to the privileged scc to have root permissions +- name: Create Nuage Infra Pod daemon set yaml file + become: yes + template: src=nuage-infra-pod-config-daemonset.j2 dest=/etc/nuage-infra-pod-config-daemonset.yaml owner=root mode=0644 + +- name: Add the service account to the privileged scc to have root permissions for kube-system + shell: oc adm policy add-scc-to-user privileged system:serviceaccount:kube-system:daemon-set-controller + ignore_errors: true + when: inventory_hostname == groups.oo_first_master.0 + +- name: Add the service account to the privileged scc to have root permissions for openshift-infra shell: oc adm policy add-scc-to-user privileged system:serviceaccount:openshift-infra:daemonset-controller ignore_errors: true when: inventory_hostname == groups.oo_first_master.0 @@ -114,6 +124,11 @@ ignore_errors: true when: inventory_hostname == groups.oo_first_master.0 +- name: Spawn Nuage Infra daemon sets pod + shell: oc create -f /etc/nuage-infra-pod-config-daemonset.yaml + ignore_errors: true + when: inventory_hostname == groups.oo_first_master.0 + - name: Restart daemons command: /bin/true notify: |