summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorBrenton Leanhardt <bleanhar@redhat.com>2016-02-15 16:36:25 -0500
committerBrenton Leanhardt <bleanhar@redhat.com>2016-02-15 16:47:12 -0500
commite9dd4ea3ca269bbfcb9fa52d04cc86f690b22b47 (patch)
treef4d4cb95ee2df93c7576e4bc30350841028e6b50
parent0825b8327a1c509337e5c91c3b8cf6a63816782c (diff)
downloadopenshift-e9dd4ea3ca269bbfcb9fa52d04cc86f690b22b47.tar.gz
openshift-e9dd4ea3ca269bbfcb9fa52d04cc86f690b22b47.tar.bz2
openshift-e9dd4ea3ca269bbfcb9fa52d04cc86f690b22b47.tar.xz
openshift-e9dd4ea3ca269bbfcb9fa52d04cc86f690b22b47.zip
Bug 1308411 - Fail to install OSE 3.0 for no add-scc-to-user command
-rw-r--r--roles/openshift_serviceaccounts/tasks/main.yml42
1 files changed, 41 insertions, 1 deletions
diff --git a/roles/openshift_serviceaccounts/tasks/main.yml b/roles/openshift_serviceaccounts/tasks/main.yml
index 5fe7d28f3..89d9e3aa7 100644
--- a/roles/openshift_serviceaccounts/tasks/main.yml
+++ b/roles/openshift_serviceaccounts/tasks/main.yml
@@ -27,7 +27,47 @@
command: >
{{ openshift.common.admin_binary }} policy add-scc-to-user
privileged system:serviceaccount:{{ openshift_serviceaccounts_namespace }}:{{ item.0 }}
- when: "item.1.rc == 0 and 'system:serviceaccount:{{ openshift_serviceaccounts_namespace }}:{{ item.0 }}' not in {{ (item.1.stdout | from_yaml).users }}"
+ when: "openshift.common.version_gte_3_1_or_1_1 and item.1.rc == 0 and 'system:serviceaccount:{{ openshift_serviceaccounts_namespace }}:{{ item.0 }}' not in {{ (item.1.stdout | from_yaml).users }}"
with_nested:
- openshift_serviceaccounts_names
- scc_test.results
+
+####
+#
+# Support for 3.0.z
+#
+####
+
+- name: tmp dir for openshift
+ file:
+ path: /tmp/openshift
+ state: directory
+ owner: root
+ mode: 700
+ when: not openshift.common.version_gte_3_1_or_1_1
+
+- name: Create service account configs
+ template:
+ src: serviceaccount.j2
+ dest: "/tmp/openshift/{{ item }}-serviceaccount.yaml"
+ with_items: openshift_serviceaccounts_names
+ when: not openshift.common.version_gte_3_1_or_1_1
+
+- name: Get current security context constraints
+ shell: >
+ {{ openshift.common.client_binary }} get scc privileged -o yaml
+ --output-version=v1 > /tmp/openshift/scc.yaml
+ changed_when: false
+ when: not openshift.common.version_gte_3_1_or_1_1
+
+- name: Add security context constraint for {{ item }}
+ lineinfile:
+ dest: /tmp/openshift/scc.yaml
+ line: "- system:serviceaccount:{{ openshift_serviceaccounts_namespace }}:{{ item }}"
+ insertafter: "^users:$"
+ with_items: openshift_serviceaccounts_names
+ when: not openshift.common.version_gte_3_1_or_1_1
+
+- name: Apply new scc rules for service accounts
+ command: "{{ openshift.common.client_binary }} update -f /tmp/openshift/scc.yaml --api-version=v1"
+ when: not openshift.common.version_gte_3_1_or_1_1