diff options
-rw-r--r-- | .tito/packages/openshift-ansible | 2 | ||||
-rw-r--r-- | openshift-ansible.spec | 12 | ||||
-rw-r--r-- | roles/openshift_manageiq/tasks/main.yaml | 13 | ||||
-rw-r--r-- | roles/openshift_manageiq/vars/main.yml | 8 |
4 files changed, 32 insertions, 3 deletions
diff --git a/.tito/packages/openshift-ansible b/.tito/packages/openshift-ansible index fad006e05..f336d0770 100644 --- a/.tito/packages/openshift-ansible +++ b/.tito/packages/openshift-ansible @@ -1 +1 @@ -3.0.63-1 ./ +3.0.64-1 ./ diff --git a/openshift-ansible.spec b/openshift-ansible.spec index 9f2d035a1..f624b6f96 100644 --- a/openshift-ansible.spec +++ b/openshift-ansible.spec @@ -5,7 +5,7 @@ } Name: openshift-ansible -Version: 3.0.63 +Version: 3.0.64 Release: 1%{?dist} Summary: Openshift and Atomic Enterprise Ansible License: ASL 2.0 @@ -279,6 +279,16 @@ Atomic OpenShift Utilities includes %changelog +* Wed Mar 23 2016 Troy Dawson <tdawson@redhat.com> 3.0.64-1 +- Latest cli updates from generated files (kwoodson@redhat.com) +- Add /dev to node containers (sdodson@redhat.com) +- Fix indention (whearn@redhat.com) +- Support setting local storage perFSGroup quota in node config. + (dgoodwin@redhat.com) +- Fix line break (whearn@redhat.com) +- Lock down permissions on named certificates (elyscape@gmail.com) +- Add namespace flag to oc create (whearn@redhat.com) + * Mon Mar 21 2016 Kenny Woodson <kwoodson@redhat.com> 3.0.63-1 - Modified group selectors for muliple clusters per account (kwoodson@redhat.com) diff --git a/roles/openshift_manageiq/tasks/main.yaml b/roles/openshift_manageiq/tasks/main.yaml index d2ff1b4b7..2a651df65 100644 --- a/roles/openshift_manageiq/tasks/main.yaml +++ b/roles/openshift_manageiq/tasks/main.yaml @@ -18,7 +18,7 @@ failed_when: "'already exists' not in osmiq_create_mi_project.stderr and osmiq_create_mi_project.rc != 0" changed_when: osmiq_create_mi_project.rc == 0 -- name: Create Service Account +- name: Create Admin Service Account shell: > echo {{ manageiq_service_account | to_json | quote }} | {{ openshift.common.client_binary }} create @@ -29,6 +29,17 @@ failed_when: "'already exists' not in osmiq_create_service_account.stderr and osmiq_create_service_account.rc != 0" changed_when: osmiq_create_service_account.rc == 0 +- name: Create Image Inspector Service Account + shell: > + echo {{ manageiq_image_inspector_service_account | to_json | quote }} | + {{ openshift.common.client_binary }} create + -n management-infra + --config={{manage_iq_tmp_conf}} + -f - + register: osmiq_create_service_account + failed_when: "'already exists' not in osmiq_create_service_account.stderr and osmiq_create_service_account.rc != 0" + changed_when: osmiq_create_service_account.rc == 0 + - name: Create Cluster Role shell: > echo {{ manageiq_cluster_role | to_json | quote }} | diff --git a/roles/openshift_manageiq/vars/main.yml b/roles/openshift_manageiq/vars/main.yml index 77e1c304b..69ee2cb4c 100644 --- a/roles/openshift_manageiq/vars/main.yml +++ b/roles/openshift_manageiq/vars/main.yml @@ -15,6 +15,12 @@ manageiq_service_account: metadata: name: management-admin +manageiq_image_inspector_service_account: + apiVersion: v1 + kind: ServiceAccount + metadata: + name: inspector-admin + manage_iq_tmp_conf: /tmp/manageiq_admin.kubeconfig manage_iq_tasks: @@ -22,3 +28,5 @@ manage_iq_tasks: - policy add-role-to-user -n management-infra management-infra-admin -z management-admin - policy add-cluster-role-to-user cluster-reader system:serviceaccount:management-infra:management-admin - policy add-scc-to-user privileged system:serviceaccount:management-infra:management-admin + - policy add-cluster-role-to-user system:image-puller system:serviceaccount:management-infra:inspector-admin + - policy add-scc-to-user privileged system:serviceaccount:management-infra:inspector-admin |