Home Explore Help
Register Sign In
shixiong
/
okd
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Refactoring the add-scc-to-user logic

Brenton Leanhardt 9 years ago
parent
ea215cdd99
commit
4e6297c8d9
2 changed files with 35 additions and 38 deletions
Split View Show Diff Stats
  1. 34 0
      roles/openshift_serviceaccounts/tasks/legacy_add_scc_to_user.yml
  2. 1 38
      roles/openshift_serviceaccounts/tasks/main.yml

+ 34 - 0
roles/openshift_serviceaccounts/tasks/legacy_add_scc_to_user.yml
View File 

@@ -0,0 +1,34 @@
 
+####
 
+#
 
+# OSE 3.0.z did not have 'oadm policy add-scc-to-user'.
 
+#
 
+####
 
+
 
+- name: tmp dir for openshift
 
+  file:
 
+    path: /tmp/openshift
 
+    state: directory
 
+    owner: root
 
+    mode: 700
 
+
 
+- name: Create service account configs
 
+  template:
 
+    src: serviceaccount.j2
 
+    dest: "/tmp/openshift/{{ item }}-serviceaccount.yaml"
 
+  with_items: openshift_serviceaccounts_names
 
+
 
+- name: Get current security context constraints
 
+  shell: >
 
+    {{ openshift.common.client_binary }} get scc privileged -o yaml
 
+    --output-version=v1 > /tmp/openshift/scc.yaml
 
+  changed_when: false
 
+
 
+- name: Add security context constraint for {{ item }}
 
+  lineinfile:
 
+    dest: /tmp/openshift/scc.yaml
 
+    line: "- system:serviceaccount:{{ openshift_serviceaccounts_namespace }}:{{ item }}"
 
+    insertafter: "^users:$"
 
+  with_items: openshift_serviceaccounts_names
 
+
 
+- name: Apply new scc rules for service accounts
 
+  command: "{{ openshift.common.client_binary }} update -f /tmp/openshift/scc.yaml --api-version=v1"

+ 1 - 38
roles/openshift_serviceaccounts/tasks/main.yml
View File 

@@ -32,42 +32,5 @@
 
   - openshift_serviceaccounts_names
 
   - scc_test.results
 
 
-####
 
-#
 
-# Support for 3.0.z
 
-#
 
-####
 
-
 
-- name: tmp dir for openshift
 
-  file:
 
-    path: /tmp/openshift
 
-    state: directory
 
-    owner: root
 
-    mode: 700
 
-  when: not openshift.common.version_gte_3_1_or_1_1
 
-
 
-- name: Create service account configs
 
-  template:
 
-    src: serviceaccount.j2
 
-    dest: "/tmp/openshift/{{ item }}-serviceaccount.yaml"
 
-  with_items: openshift_serviceaccounts_names
 
-  when: not openshift.common.version_gte_3_1_or_1_1
 
-
 
-- name: Get current security context constraints
 
-  shell: >
 
-    {{ openshift.common.client_binary }} get scc privileged -o yaml
 
-    --output-version=v1 > /tmp/openshift/scc.yaml
 
-  changed_when: false
 
-  when: not openshift.common.version_gte_3_1_or_1_1
 
-
 
-- name: Add security context constraint for {{ item }}
 
-  lineinfile:
 
-    dest: /tmp/openshift/scc.yaml
 
-    line: "- system:serviceaccount:{{ openshift_serviceaccounts_namespace }}:{{ item }}"
 
-    insertafter: "^users:$"
 
-  with_items: openshift_serviceaccounts_names
 
-  when: not openshift.common.version_gte_3_1_or_1_1
 
-
 
-- name: Apply new scc rules for service accounts
 
-  command: "{{ openshift.common.client_binary }} update -f /tmp/openshift/scc.yaml --api-version=v1"
 
+- include: legacy_add_scc_to_user.yml
 
   when: not openshift.common.version_gte_3_1_or_1_1