From 4ab3e20e333d107163abe2a3c88f2aecae3fd77e Mon Sep 17 00:00:00 2001
From: "Jose A. Rivera" <jarrpa@redhat.com>
Date: Fri, 29 Sep 2017 22:45:10 -0500
Subject: GlusterFS: make ServiceAccounts privileged when either glusterfs or
 heketi is native

Signed-off-by: Jose A. Rivera <jarrpa@redhat.com>
---
 roles/openshift_storage_glusterfs/tasks/glusterfs_common.yml | 11 +++++++++++
 roles/openshift_storage_glusterfs/tasks/glusterfs_deploy.yml | 10 ----------
 2 files changed, 11 insertions(+), 10 deletions(-)

diff --git a/roles/openshift_storage_glusterfs/tasks/glusterfs_common.yml b/roles/openshift_storage_glusterfs/tasks/glusterfs_common.yml
index 3f6dab78b..51724f979 100644
--- a/roles/openshift_storage_glusterfs/tasks/glusterfs_common.yml
+++ b/roles/openshift_storage_glusterfs/tasks/glusterfs_common.yml
@@ -18,6 +18,17 @@
     node_selector: "{% if glusterfs_use_default_selector %}{{ omit }}{% endif %}"
   when: glusterfs_is_native or glusterfs_heketi_is_native or glusterfs_storageclass
 
+- name: Add namespace service accounts to privileged SCC
+  oc_adm_policy_user:
+    user: "system:serviceaccount:{{ glusterfs_namespace }}:{{ item }}"
+    resource_kind: scc
+    resource_name: privileged
+    state: present
+  with_items:
+  - 'default'
+  - 'router'
+  when: glusterfs_is_native or glusterfs_heketi_is_native
+
 - name: Delete pre-existing heketi resources
   oc_obj:
     namespace: "{{ glusterfs_namespace }}"
diff --git a/roles/openshift_storage_glusterfs/tasks/glusterfs_deploy.yml b/roles/openshift_storage_glusterfs/tasks/glusterfs_deploy.yml
index 8c3e31fc9..932d06038 100644
--- a/roles/openshift_storage_glusterfs/tasks/glusterfs_deploy.yml
+++ b/roles/openshift_storage_glusterfs/tasks/glusterfs_deploy.yml
@@ -55,16 +55,6 @@
   - glusterfs_wipe
   - item.stdout_lines | count > 0
 
-- name: Add service accounts to privileged SCC
-  oc_adm_policy_user:
-    user: "system:serviceaccount:{{ glusterfs_namespace }}:{{ item }}"
-    resource_kind: scc
-    resource_name: privileged
-    state: present
-  with_items:
-  - 'default'
-  - 'router'
-
 - name: Label GlusterFS nodes
   oc_label:
     name: "{{ hostvars[item].openshift.node.nodename }}"
-- 
cgit v1.2.3