8 lat temu · 098581f354
--- a/roles/nuage_master/tasks/serviceaccount.yml
+++ b/roles/nuage_master/tasks/serviceaccount.yml
@@ -1,26 +1,6 @@
 
				 ---
			
 
				-- name: Create temporary directory for admin kubeconfig
			
 
				-  command: mktemp -u /tmp/openshift-ansible-XXXXXXX.kubeconfig
			
 
				-  register: nuage_tmp_conf_mktemp
			
 
				-  changed_when: False
			
 
				-  run_once: True
			
 
				-  delegate_to: "{{ nuage_ca_master }}"
			
 
				-
			
 
				-- set_fact:
			
 
				-    nuage_tmp_conf: "{{ nuage_tmp_conf_mktemp.stdout }}"
			
 
				-  run_once: True
			
 
				-  delegate_to: "{{ nuage_ca_master }}"
			
 
				-
			
 
				-- name: Copy Configuration to temporary conf
			
 
				-  command: >
			
 
				-    cp {{ openshift.common.config_base }}/master/admin.kubeconfig {{nuage_tmp_conf}}
			
 
				-  changed_when: false
			
 
				-  run_once: True
			
 
				-  delegate_to: "{{ nuage_ca_master }}"
			
 
				-
			
 
				 - name: Create Admin Service Account
			
 
				   oc_serviceaccount:
			
 
				-    kubeconfig: "{{ openshift_master_config_dir }}/admin.kubeconfig"
			
 
				     name: nuage
			
 
				     namespace: default
			
 
				     state: present
			
@@ -28,15 +8,14 @@
 
				   delegate_to: "{{ nuage_ca_master }}"
			
 
				 
			
 
				 - name: Configure role/user permissions
			
 
				-  command: >
			
 
				-    {{ openshift.common.client_binary }} adm {{item}}
			
 
				-    --config={{ nuage_tmp_conf }}
			
 
				+  delegate_to: "{{ nuage_ca_master }}"
			
 
				+  oc_adm_policy_user:
			
 
				+    namespace: default
			
 
				+    resource_name: "{{ item.resource_name }}"
			
 
				+    resource_kind: "{{ item.resource_kind }}"
			
 
				+    user: "{{ item.user }}"
			
 
				   with_items: "{{nuage_tasks}}"
			
 
				-  register: osnuage_perm_task
			
 
				-  failed_when: "'the object has been modified' not in osnuage_perm_task.stderr and osnuage_perm_task.rc != 0"
			
 
				-  changed_when: osnuage_perm_task.rc == 0
			
 
				   run_once: True
			
 
				-  delegate_to: "{{ nuage_ca_master }}"
			
 
				 
			
 
				 - name: Generate the node client config
			
 
				   command: >
			
@@ -52,10 +31,3 @@
 
				       --user={{ nuage_service_account }}
			
 
				   delegate_to: "{{ nuage_ca_master }}"
			
 
				   run_once: True
			
 
				-
			
 
				-- name: Clean temporary configuration file
			
 
				-  command: >
			
 
				-    rm -f {{nuage_tmp_conf}}
			
 
				-  changed_when: false
			
 
				-  delegate_to: "{{ nuage_ca_master }}"
			
 
				-  run_once: True
			
--- a/roles/nuage_master/vars/main.yaml
+++ b/roles/nuage_master/vars/main.yaml
@@ -23,4 +23,6 @@ nuage_master_crt_dir: /usr/share/nuage-openshift-monitor
 
				 nuage_service_account: system:serviceaccount:default:nuage
			
 
				 
			
 
				 nuage_tasks:
			
 
				-  - policy add-cluster-role-to-user cluster-reader {{ nuage_service_account }}
			
 
				+- resource_kind: cluster-role
			
 
				+  resource_name: cluster-reader
			
 
				+  user: "{{ nuage_service_account }}"