summaryrefslogtreecommitdiffstats
path: root/roles/openshift_hosted
diff options
context:
space:
mode:
Diffstat (limited to 'roles/openshift_hosted')
-rw-r--r--roles/openshift_hosted/defaults/main.yml6
-rw-r--r--roles/openshift_hosted/filter_plugins/filters.py13
-rw-r--r--roles/openshift_hosted/meta/main.yml18
-rw-r--r--roles/openshift_hosted/tasks/main.yml7
-rw-r--r--roles/openshift_hosted/tasks/registry/registry.yml16
-rw-r--r--roles/openshift_hosted/tasks/router/router.yml24
-rw-r--r--roles/openshift_hosted/templates/registry_config.j22
-rw-r--r--roles/openshift_hosted/vars/main.yml10
8 files changed, 69 insertions, 27 deletions
diff --git a/roles/openshift_hosted/defaults/main.yml b/roles/openshift_hosted/defaults/main.yml
index 0a6299c9b..32bcd8d08 100644
--- a/roles/openshift_hosted/defaults/main.yml
+++ b/roles/openshift_hosted/defaults/main.yml
@@ -14,11 +14,11 @@ openshift_hosted_router_edits:
openshift_hosted_routers:
- name: router
- replicas: "{{ replicas }}"
+ replicas: "{{ replicas | default(1) }}"
namespace: default
serviceaccount: router
- selector: "{{ openshift_hosted_router_selector }}"
- images: "{{ openshift_hosted_router_image }}"
+ selector: "{{ openshift_hosted_router_selector | default(None) }}"
+ images: "{{ openshift_hosted_router_image | default(None) }}"
edits: "{{ openshift_hosted_router_edits }}"
stats_port: 1936
ports:
diff --git a/roles/openshift_hosted/filter_plugins/filters.py b/roles/openshift_hosted/filter_plugins/filters.py
index cbfadfe9d..7f41529ac 100644
--- a/roles/openshift_hosted/filter_plugins/filters.py
+++ b/roles/openshift_hosted/filter_plugins/filters.py
@@ -21,14 +21,21 @@ class FilterModule(object):
if replicas is not None:
return replicas
+ replicas = 1
+
+ # Ignore boolean expression limit of 5.
+ # pylint: disable=too-many-boolean-expressions
if (isinstance(router_nodes, dict) and
'results' in router_nodes and
'results' in router_nodes['results'] and
- 'items' in router_nodes['results']['results']):
+ isinstance(router_nodes['results']['results'], list) and
+ len(router_nodes['results']['results']) > 0 and
+ 'items' in router_nodes['results']['results'][0]):
- return len(router_nodes['results']['results'][0]['items'])
+ if len(router_nodes['results']['results'][0]['items']) > 0:
+ replicas = len(router_nodes['results']['results'][0]['items'])
- return 1
+ return replicas
def filters(self):
''' returns a mapping of filters to methods '''
diff --git a/roles/openshift_hosted/meta/main.yml b/roles/openshift_hosted/meta/main.yml
index e9b590550..9626c23c1 100644
--- a/roles/openshift_hosted/meta/main.yml
+++ b/roles/openshift_hosted/meta/main.yml
@@ -15,21 +15,3 @@ dependencies:
- role: openshift_cli
- role: openshift_hosted_facts
- role: lib_openshift
-- role: openshift_projects
- openshift_projects: "{{ openshift_additional_projects | default({}) | oo_merge_dicts({'default':{'default_node_selector':''},'openshift-infra':{'default_node_selector':''},'logging':{'default_node_selector':''}}) }}"
-- role: openshift_serviceaccounts
- openshift_serviceaccounts_names:
- - router
- - registry
- openshift_serviceaccounts_namespace: default
- openshift_serviceaccounts_sccs:
- - hostnetwork
- when: openshift.common.version_gte_3_2_or_1_2
-- role: openshift_serviceaccounts
- openshift_serviceaccounts_names:
- - router
- - registry
- openshift_serviceaccounts_namespace: default
- openshift_serviceaccounts_sccs:
- - privileged
- when: not openshift.common.version_gte_3_2_or_1_2
diff --git a/roles/openshift_hosted/tasks/main.yml b/roles/openshift_hosted/tasks/main.yml
index fe254f72d..6efe2f63c 100644
--- a/roles/openshift_hosted/tasks/main.yml
+++ b/roles/openshift_hosted/tasks/main.yml
@@ -1,4 +1,11 @@
---
+- name: Create projects
+ oc_project:
+ name: "{{ item.key }}"
+ node_selector:
+ - "{{ item.value.default_node_selector }}"
+ with_dict: "{{ openshift_projects }}"
+
- include: router/router.yml
when: openshift_hosted_manage_router | default(true) | bool
diff --git a/roles/openshift_hosted/tasks/registry/registry.yml b/roles/openshift_hosted/tasks/registry/registry.yml
index d89ce855a..0b8042473 100644
--- a/roles/openshift_hosted/tasks/registry/registry.yml
+++ b/roles/openshift_hosted/tasks/registry/registry.yml
@@ -56,12 +56,24 @@
openshift_hosted_registry_force:
- False
+- name: Create the registry service account
+ oc_serviceaccount:
+ name: "{{ openshift_hosted_registry_serviceaccount }}"
+ namespace: "{{ openshift_hosted_registry_namespace }}"
+
+- name: Grant the registry serivce account access to the appropriate scc
+ oc_adm_policy_user:
+ user: "system:serviceaccount:{{ openshift_hosted_registry_namespace }}:{{ openshift_hosted_registry_serviceaccount }}"
+ namespace: "{{ openshift_hosted_registry_namespace }}"
+ resource_kind: scc
+ resource_name: hostnetwork
+
- name: oc adm policy add-cluster-role-to-user system:registry system:serviceaccount:default:registry
oc_adm_policy_user:
- user: system:serviceaccount:default:registry
+ user: "system:serviceaccount:{{ openshift_hosted_registry_namespace }}:{{ openshift_hosted_registry_serviceaccount }}"
+ namespace: "{{ openshift_hosted_registry_namespace }}"
resource_kind: cluster-role
resource_name: system:registry
- state: present
- name: create the default registry service
oc_service:
diff --git a/roles/openshift_hosted/tasks/router/router.yml b/roles/openshift_hosted/tasks/router/router.yml
index 3b7021eae..0861b9ec2 100644
--- a/roles/openshift_hosted/tasks/router/router.yml
+++ b/roles/openshift_hosted/tasks/router/router.yml
@@ -22,6 +22,30 @@
with_items: "{{ openshift_hosted_routers | oo_collect(attribute='certificates') |
oo_select_keys_from_list(['keyfile', 'certfile', 'cafile']) }}"
+- name: Create the router service account(s)
+ oc_serviceaccount:
+ name: "{{ item.serviceaccount }}"
+ namespace: "{{ item.namespace }}"
+ state: present
+ with_items: "{{ openshift_hosted_routers }}"
+
+- name: Grant the router serivce account(s) access to the appropriate scc
+ oc_adm_policy_user:
+ user: "system:serviceaccount:{{ item.namespace }}:{{ item.serviceaccount }}"
+ namespace: "{{ item.namespace }}"
+ resource_kind: scc
+ resource_name: hostnetwork
+ with_items: "{{ openshift_hosted_routers }}"
+
+- name: Set additional permissions for router service account
+ oc_adm_policy_user:
+ user: "system:serviceaccount:{{ item.namespace }}:{{ item.serviceaccount }}"
+ namespace: "{{ item.namespace }}"
+ resource_kind: cluster-role
+ resource_name: cluster-reader
+ when: item.namespace == 'default'
+ with_items: "{{ openshift_hosted_routers }}"
+
- name: Create OpenShift router
oc_adm_router:
name: "{{ item.name }}"
diff --git a/roles/openshift_hosted/templates/registry_config.j2 b/roles/openshift_hosted/templates/registry_config.j2
index f3336334a..ca6a23f21 100644
--- a/roles/openshift_hosted/templates/registry_config.j2
+++ b/roles/openshift_hosted/templates/registry_config.j2
@@ -71,7 +71,7 @@ middleware:
- name: openshift
options:
pullthrough: {{ openshift_hosted_registry_pullthrough | default(true) }}
- acceptschema2: {{ openshift_hosted_registry_acceptschema2 | default(false) }}
+ acceptschema2: {{ openshift_hosted_registry_acceptschema2 | default(true) }}
enforcequota: {{ openshift_hosted_registry_enforcequota | default(false) }}
{% if openshift_hosted_registry_storage_provider | default('') == 's3' and openshift_hosted_registry_storage_s3_cloudfront_baseurl is defined %}
storage:
diff --git a/roles/openshift_hosted/vars/main.yml b/roles/openshift_hosted/vars/main.yml
index 521578cd0..0821d0e7e 100644
--- a/roles/openshift_hosted/vars/main.yml
+++ b/roles/openshift_hosted/vars/main.yml
@@ -1,3 +1,13 @@
---
openshift_master_config_dir: "{{ openshift.common.config_base }}/master"
registry_config_secret_name: registry-config
+
+openshift_default_projects:
+ default:
+ default_node_selector: ''
+ logging:
+ default_node_selector: ''
+ openshift-infra:
+ default_node_selector: ''
+
+openshift_projects: "{{ openshift_additional_projects | default({}) | oo_merge_dicts(openshift_default_projects) }}"
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-12 14:49:32 +0000