From b637c993a2ace002c88004dbab663d7cfcf36327 Mon Sep 17 00:00:00 2001
From: sareti <siva_teja.areti@nokia.com>
Date: Tue, 3 Oct 2017 22:30:50 -0400
Subject: copy etcd client certificates for nuage openshift monitor

* Fix SCC permissions for Nuage daemon sets

* Changes to support Node Port for Nuage with OSE

* Fix for creating Nuage infra pod ds file

* Add new variable to handle Nuage infra image version

* Update Service CIDR for openshift in daemon set file

* Add rolling update strategy for CNI daemon sets

* Fix for atomic installation for Nuage

* changing include to include_tasks as per upstream openshift-ansible
---
 roles/nuage_master/tasks/etcd_certificates.yml | 21 +++++++++++++++++++++
 roles/nuage_master/tasks/main.yaml             | 17 ++++++++++++++++-
 2 files changed, 37 insertions(+), 1 deletion(-)
 create mode 100644 roles/nuage_master/tasks/etcd_certificates.yml

(limited to 'roles/nuage_master/tasks')

diff --git a/roles/nuage_master/tasks/etcd_certificates.yml b/roles/nuage_master/tasks/etcd_certificates.yml
new file mode 100644
index 000000000..99ec27f91
--- /dev/null
+++ b/roles/nuage_master/tasks/etcd_certificates.yml
@@ -0,0 +1,21 @@
+---
+- name: Generate openshift etcd certs
+  become: yes
+  include_role:
+    name: etcd
+    tasks_from: client_certificates
+  vars:
+    etcd_cert_prefix: nuageEtcd-
+    etcd_cert_config_dir: "{{ cert_output_dir }}"
+    embedded_etcd: "{{ hostvars[groups.oo_first_master.0].openshift.master.embedded_etcd }}"
+    etcd_ca_host: "{{ groups.oo_etcd_to_config.0 }}"
+    etcd_cert_subdir: "openshift-nuage-{{ openshift.common.hostname }}"
+
+
+- name: Error if etcd certs are not copied
+  stat:
+    path: "{{ item }}"
+  with_items:
+  - "{{ cert_output_dir }}/nuageEtcd-ca.crt"
+  - "{{ cert_output_dir }}/nuageEtcd-client.crt"
+  - "{{ cert_output_dir }}/nuageEtcd-client.key"
diff --git a/roles/nuage_master/tasks/main.yaml b/roles/nuage_master/tasks/main.yaml
index 29e16b6f8..a1781dc56 100644
--- a/roles/nuage_master/tasks/main.yaml
+++ b/roles/nuage_master/tasks/main.yaml
@@ -81,6 +81,7 @@
     - nuage.key
     - nuage.kubeconfig
 
+- include_tasks: etcd_certificates.yml
 - include_tasks: certificates.yml
 
 - name: Install Nuage VSD user certificate
@@ -99,7 +100,16 @@
   become: yes
   template: src=nuage-node-config-daemonset.j2 dest=/etc/nuage-node-config-daemonset.yaml owner=root mode=0644
 
-- name: Add the service account to the privileged scc to have root permissions
+- name: Create Nuage Infra Pod daemon set yaml file
+  become: yes
+  template: src=nuage-infra-pod-config-daemonset.j2 dest=/etc/nuage-infra-pod-config-daemonset.yaml owner=root mode=0644
+
+- name: Add the service account to the privileged scc to have root permissions for kube-system
+  shell: oc adm policy add-scc-to-user privileged system:serviceaccount:kube-system:daemon-set-controller
+  ignore_errors: true
+  when: inventory_hostname == groups.oo_first_master.0
+
+- name: Add the service account to the privileged scc to have root permissions for openshift-infra
   shell: oc adm policy add-scc-to-user privileged system:serviceaccount:openshift-infra:daemonset-controller
   ignore_errors: true
   when: inventory_hostname == groups.oo_first_master.0
@@ -114,6 +124,11 @@
   ignore_errors: true
   when: inventory_hostname == groups.oo_first_master.0
 
+- name: Spawn Nuage Infra daemon sets pod
+  shell: oc create -f /etc/nuage-infra-pod-config-daemonset.yaml
+  ignore_errors: true
+  when: inventory_hostname == groups.oo_first_master.0
+
 - name: Restart daemons
   command: /bin/true
   notify:
-- 
cgit v1.2.3