diff options
Diffstat (limited to 'roles/calico_master/tasks')
-rw-r--r-- | roles/calico_master/tasks/main.yml | 41 |
1 files changed, 41 insertions, 0 deletions
diff --git a/roles/calico_master/tasks/main.yml b/roles/calico_master/tasks/main.yml new file mode 100644 index 000000000..3358abe23 --- /dev/null +++ b/roles/calico_master/tasks/main.yml @@ -0,0 +1,41 @@ +--- +- name: Assure the calico certs have been generated + stat: + path: "{{ item }}" + with_items: + - "{{ calico_etcd_ca_cert_file }}" + - "{{ calico_etcd_cert_file}}" + - "{{ calico_etcd_key_file }}" + +- name: Create temp directory for policy controller definition + command: mktemp -d /tmp/openshift-ansible-XXXXXXX + register: mktemp + changed_when: False + +- name: Write Calico Policy Controller definition + template: + dest: "{{ mktemp.stdout }}/calico-policy-controller.yml" + src: calico-policy-controller.yml.j2 + +- name: Launch Calico Policy Controller + command: > + {{ openshift.common.client_binary }} create + -f {{ mktemp.stdout }}/calico-policy-controller.yml + --config={{ openshift.common.config_base }}/master/admin.kubeconfig + register: calico_create_output + failed_when: ('already exists' not in calico_create_output.stderr) and ('created' not in calico_create_output.stdout) + changed_when: ('created' in calico_create_output.stdout) + +- name: Delete temp directory + file: + name: "{{ mktemp.stdout }}" + state: absent + changed_when: False + + +- name: oc adm policy add-scc-to-user privileged system:serviceaccount:kube-system:calico + oc_adm_policy_user: + user: system:serviceaccount:kube-system:calico + resource_kind: scc + resource_name: privileged + state: present |