summaryrefslogtreecommitdiffstats
path: root/roles/calico_master/tasks
diff options
context:
space:
mode:
Diffstat (limited to 'roles/calico_master/tasks')
-rw-r--r--roles/calico_master/tasks/main.yml41
1 files changed, 41 insertions, 0 deletions
diff --git a/roles/calico_master/tasks/main.yml b/roles/calico_master/tasks/main.yml
new file mode 100644
index 000000000..3358abe23
--- /dev/null
+++ b/roles/calico_master/tasks/main.yml
@@ -0,0 +1,41 @@
+---
+- name: Assure the calico certs have been generated
+ stat:
+ path: "{{ item }}"
+ with_items:
+ - "{{ calico_etcd_ca_cert_file }}"
+ - "{{ calico_etcd_cert_file}}"
+ - "{{ calico_etcd_key_file }}"
+
+- name: Create temp directory for policy controller definition
+ command: mktemp -d /tmp/openshift-ansible-XXXXXXX
+ register: mktemp
+ changed_when: False
+
+- name: Write Calico Policy Controller definition
+ template:
+ dest: "{{ mktemp.stdout }}/calico-policy-controller.yml"
+ src: calico-policy-controller.yml.j2
+
+- name: Launch Calico Policy Controller
+ command: >
+ {{ openshift.common.client_binary }} create
+ -f {{ mktemp.stdout }}/calico-policy-controller.yml
+ --config={{ openshift.common.config_base }}/master/admin.kubeconfig
+ register: calico_create_output
+ failed_when: ('already exists' not in calico_create_output.stderr) and ('created' not in calico_create_output.stdout)
+ changed_when: ('created' in calico_create_output.stdout)
+
+- name: Delete temp directory
+ file:
+ name: "{{ mktemp.stdout }}"
+ state: absent
+ changed_when: False
+
+
+- name: oc adm policy add-scc-to-user privileged system:serviceaccount:kube-system:calico
+ oc_adm_policy_user:
+ user: system:serviceaccount:kube-system:calico
+ resource_kind: scc
+ resource_name: privileged
+ state: present