1 files changed, 48 insertions, 0 deletions

diff --git a/roles/calico_master/tasks/main.yml b/roles/calico_master/tasks/main.yml
new file mode 100644
index 000000000..16d960d8b
--- /dev/null
+++ b/roles/calico_master/tasks/main.yml
@@ -0,0 +1,48 @@
+---
+- name: Calico Master | Assure the calico certs have been generated
+  stat:
+    path: "{{ item }}"
+  with_items:
+  - "{{ calico_etcd_ca_cert_file }}"
+  - "{{ calico_etcd_cert_file }}"
+  - "{{ calico_etcd_key_file }}"
+
+- name: Calico Master | Create temp directory for policy controller definition
+  command: mktemp -d /tmp/openshift-ansible-XXXXXXX
+  register: mktemp
+  changed_when: False
+
+- name: Calico Master | Write Calico Policy Controller definition
+  template:
+    dest: "{{ mktemp.stdout }}/calico-policy-controller.yml"
+    src: calico-policy-controller.yml.j2
+
+- name: Calico Master | Launch Calico Policy Controller
+  command: >
+    {{ openshift.common.client_binary }} create
+    -f {{ mktemp.stdout }}/calico-policy-controller.yml
+    --config={{ openshift.common.config_base }}/master/admin.kubeconfig
+  register: calico_create_output
+  failed_when: ('already exists' not in calico_create_output.stderr) and ('created' not in calico_create_output.stdout)
+  changed_when: ('created' in calico_create_output.stdout)
+
+- name: Calico Master | Delete temp directory
+  file:
+    name: "{{ mktemp.stdout }}"
+    state: absent
+  changed_when: False
+
+
+- name: Calico Master | oc adm policy add-scc-to-user privileged system:serviceaccount:kube-system:calico
+  oc_adm_policy_user:
+    user: system:serviceaccount:kube-system:calico
+    resource_kind: scc
+    resource_name: privileged
+    state: present
+
+- name: Download Calicoctl
+  become: yes
+  get_url:
+    url: "{{ calico_url_calicoctl }}"
+    dest: "{{ calicoctl_bin_dir }}"
+    mode: a+x