From 7aa584b59baba5a7018d38aadd19aa7646702391 Mon Sep 17 00:00:00 2001 From: Dan Osborne Date: Fri, 10 Mar 2017 16:07:45 -0800 Subject: Add calico. --- roles/calico_master/tasks/main.yml | 41 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) create mode 100644 roles/calico_master/tasks/main.yml (limited to 'roles/calico_master/tasks') diff --git a/roles/calico_master/tasks/main.yml b/roles/calico_master/tasks/main.yml new file mode 100644 index 000000000..3358abe23 --- /dev/null +++ b/roles/calico_master/tasks/main.yml @@ -0,0 +1,41 @@ +--- +- name: Assure the calico certs have been generated + stat: + path: "{{ item }}" + with_items: + - "{{ calico_etcd_ca_cert_file }}" + - "{{ calico_etcd_cert_file}}" + - "{{ calico_etcd_key_file }}" + +- name: Create temp directory for policy controller definition + command: mktemp -d /tmp/openshift-ansible-XXXXXXX + register: mktemp + changed_when: False + +- name: Write Calico Policy Controller definition + template: + dest: "{{ mktemp.stdout }}/calico-policy-controller.yml" + src: calico-policy-controller.yml.j2 + +- name: Launch Calico Policy Controller + command: > + {{ openshift.common.client_binary }} create + -f {{ mktemp.stdout }}/calico-policy-controller.yml + --config={{ openshift.common.config_base }}/master/admin.kubeconfig + register: calico_create_output + failed_when: ('already exists' not in calico_create_output.stderr) and ('created' not in calico_create_output.stdout) + changed_when: ('created' in calico_create_output.stdout) + +- name: Delete temp directory + file: + name: "{{ mktemp.stdout }}" + state: absent + changed_when: False + + +- name: oc adm policy add-scc-to-user privileged system:serviceaccount:kube-system:calico + oc_adm_policy_user: + user: system:serviceaccount:kube-system:calico + resource_kind: scc + resource_name: privileged + state: present -- cgit v1.2.3