Add calico.

1 files changed, 41 insertions, 0 deletions

diff --git a/roles/calico_master/tasks/main.yml b/roles/calico_master/tasks/main.yml
new file mode 100644
index 000000000..3358abe23
--- /dev/null
+++ b/roles/calico_master/tasks/main.yml
@@ -0,0 +1,41 @@
+---
+- name: Assure the calico certs have been generated
+  stat:
+    path: "{{ item }}"
+  with_items:
+  - "{{ calico_etcd_ca_cert_file }}"
+  - "{{ calico_etcd_cert_file}}"
+  - "{{ calico_etcd_key_file }}"
+
+- name: Create temp directory for policy controller definition
+  command: mktemp -d /tmp/openshift-ansible-XXXXXXX
+  register: mktemp
+  changed_when: False
+
+- name: Write Calico Policy Controller definition
+  template:
+    dest: "{{ mktemp.stdout }}/calico-policy-controller.yml"
+    src: calico-policy-controller.yml.j2
+
+- name: Launch Calico Policy Controller
+  command: >
+    {{ openshift.common.client_binary }} create
+    -f {{ mktemp.stdout }}/calico-policy-controller.yml
+    --config={{ openshift.common.config_base }}/master/admin.kubeconfig
+  register: calico_create_output
+  failed_when: ('already exists' not in calico_create_output.stderr) and ('created' not in calico_create_output.stdout)
+  changed_when: ('created' in calico_create_output.stdout)
+
+- name: Delete temp directory
+  file:
+    name: "{{ mktemp.stdout }}"
+    state: absent
+  changed_when: False
+
+
+- name: oc adm policy add-scc-to-user privileged system:serviceaccount:kube-system:calico
+  oc_adm_policy_user:
+    user: system:serviceaccount:kube-system:calico
+    resource_kind: scc
+    resource_name: privileged
+    state: present