summaryrefslogtreecommitdiffstats
path: root/roles/nuage_master/files
diff options
context:
space:
mode:
authorVishal Patil <vishal.patil@nuagenetworks.net>2016-04-20 18:47:39 -0400
committerVishal Patil <vishal.patil@nuagenetworks.net>2016-04-24 11:10:52 -0400
commitbe399ff8c108f234604a1334eed3de5a6f0e3239 (patch)
treedaa067b1e383aa61cc0f1e7c4e47a9c1711ea3f4 /roles/nuage_master/files
parent04b52454275572f9d09e76c6ce46bdd60aa46c72 (diff)
downloadopenshift-be399ff8c108f234604a1334eed3de5a6f0e3239.tar.gz
openshift-be399ff8c108f234604a1334eed3de5a6f0e3239.tar.bz2
openshift-be399ff8c108f234604a1334eed3de5a6f0e3239.tar.xz
openshift-be399ff8c108f234604a1334eed3de5a6f0e3239.zip
Changed service account creation to ansible
Diffstat (limited to 'roles/nuage_master/files')
-rw-r--r--roles/nuage_master/files/serviceaccount.sh63
1 files changed, 0 insertions, 63 deletions
diff --git a/roles/nuage_master/files/serviceaccount.sh b/roles/nuage_master/files/serviceaccount.sh
deleted file mode 100644
index f6fdb8a8d..000000000
--- a/roles/nuage_master/files/serviceaccount.sh
+++ /dev/null
@@ -1,63 +0,0 @@
-#!/bin/bash
-# Parse CLI options
-for i in "$@"; do
- case $i in
- --master-cert-dir=*)
- MASTER_DIR="${i#*=}"
- CA_CERT=${MASTER_DIR}/ca.crt
- CA_KEY=${MASTER_DIR}/ca.key
- CA_SERIAL=${MASTER_DIR}/ca.serial.txt
- ADMIN_FILE=${MASTER_DIR}/admin.kubeconfig
- ;;
- --server=*)
- SERVER="${i#*=}"
- ;;
- --output-cert-dir=*)
- OUTDIR="${i#*=}"
- CONFIG_FILE=${OUTDIR}/nuage.kubeconfig
- ;;
- esac
-done
-
-# If any are missing, print the usage and exit
-if [ -z $SERVER ] || [ -z $OUTDIR ] || [ -z $MASTER_DIR ]; then
- echo "Invalid syntax: $@"
- echo "Usage:"
- echo " $0 --server=<address>:<port> --output-cert-dir=/path/to/output/dir/ --master-cert-dir=/path/to/master/"
- echo "--master-cert-dir: Directory where the master's configuration is held"
- echo "--server: Address of Kubernetes API server (default port is 8443)"
- echo "--output-cert-dir: Directory to put artifacts in"
- echo ""
- echo "All options are required"
- exit 1
-fi
-
-# Login as admin so that we can create the service account
-oc login -u system:admin --config=$ADMIN_FILE || exit 1
-oc project default --config=$ADMIN_FILE
-
-ACCOUNT_CONFIG='
-{
- "apiVersion": "v1",
- "kind": "ServiceAccount",
- "metadata": {
- "name": "nuage"
- }
-}
-'
-
-# Create the account with the included info
-echo $ACCOUNT_CONFIG|oc create --config=$ADMIN_FILE -f -
-
-# Add the cluser-reader role, which allows this service account read access to
-# everything in the cluster except secrets
-oadm policy add-cluster-role-to-user cluster-reader system:serviceaccounts:default:nuage --config=$ADMIN_FILE
-
-# Generate certificates and a kubeconfig for the service account
-oadm create-api-client-config --certificate-authority=${CA_CERT} --client-dir=${OUTDIR} --signer-cert=${CA_CERT} --signer-key=${CA_KEY} --signer-serial=${CA_SERIAL} --user=system:serviceaccounts:default:nuage --master=${SERVER} --public-master=${SERVER} --basename='nuage'
-
-# Verify the finalized kubeconfig
-if ! [ $(oc whoami --config=$CONFIG_FILE) == 'system:serviceaccounts:default:nuage' ]; then
- echo "Service account creation failed!"
- exit 1
-fi