oc serviceaccount now done via oc_serviceaccount module

roles/nuage_master/meta/main.yml

@@ -17,6 +17,7 @@ dependencies:
 - role: nuage_common
 - role: openshift_etcd_client_certificates
 - role: os_firewall
+- role: lib_openshift
   os_firewall_allow:
   - service: openshift-monitor
     port: "{{ nuage_mon_rest_server_port }}/tcp"

roles/nuage_master/tasks/serviceaccount.yml

@@ -13,20 +13,16 @@
   changed_when: false
 
 - name: Create Admin Service Account
-  shell: >
-    echo {{ nuage_service_account_config | to_json | quote }} |
-    {{ openshift.common.client_binary }} create
-    -n default
-    --config={{nuage_tmp_conf}}
-    -f -
-  register: osnuage_create_service_account
-  failed_when: "'already exists' not in osnuage_create_service_account.stderr and osnuage_create_service_account.rc != 0"
-  changed_when: osnuage_create_service_account.rc == 0
+  oc_serviceaccount:
+    kubeconfig: "{{ openshift_master_config_dir }}/admin.kubeconfig"
+    name: nuage
+    namespace: default
+    state: present
 
 - name: Configure role/user permissions
   command: >
     {{ openshift.common.client_binary }} adm {{item}}
-    --config={{nuage_tmp_conf}}
+    --config={{ nuage_tmp_conf }}
   with_items: "{{nuage_tasks}}"
   register: osnuage_perm_task
   failed_when: "'the object has been modified' not in osnuage_perm_task.stderr and osnuage_perm_task.rc != 0"

roles/nuage_master/vars/main.yaml

@@ -22,11 +22,5 @@ nuage_mon_rest_server_host: "{{ openshift.master.cluster_hostname | default(open
 nuage_master_crt_dir: /usr/share/nuage-openshift-monitor
 nuage_service_account: system:serviceaccount:default:nuage
 
-nuage_service_account_config:
-  apiVersion: v1
-  kind: ServiceAccount
-  metadata:
-    name: nuage
-
 nuage_tasks:
   - policy add-cluster-role-to-user cluster-reader {{ nuage_service_account }}

roles/openshift_logging/tasks/delete_logging.yaml

@@ -80,16 +80,16 @@
 
 # delete our service accounts
 - name: delete service accounts
-  command: >
-    {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig
-    delete serviceaccount {{ item }} -n {{ openshift_logging_namespace }} --ignore-not-found=true
+  oc_serviceaccount:
+    kubeconfig: "{{ mktemp.stdout }}/admin.kubeconfig"
+    name: "{{ item }}"
+    namespace: "{{ openshift_logging_namespace }}"
+    state: absent
   with_items:
     - aggregated-logging-elasticsearch
     - aggregated-logging-kibana
     - aggregated-logging-curator
     - aggregated-logging-fluentd
-  register: delete_result
-  changed_when: delete_result.stdout.find("deleted") != -1 and delete_result.rc == 0
 
 # delete our roles
 - name: delete roles

roles/openshift_manageiq/meta/main.yml

@@ -0,0 +1,15 @@
+---
+galaxy_info:
+  author: Erez Freiberger
+  description: ManageIQ
+  company: Red Hat, Inc.
+  license: Apache License, Version 2.0
+  min_ansible_version: 2.1
+  platforms:
+  - name: EL
+    versions:
+    - 7
+  categories:
+  - cloud
+dependencies:
+- role: lib_openshift

roles/openshift_manageiq/tasks/main.yaml

@@ -18,27 +18,15 @@
   failed_when: "'already exists' not in osmiq_create_mi_project.stderr and osmiq_create_mi_project.rc != 0"
   changed_when: osmiq_create_mi_project.rc == 0
 
-- name: Create Admin Service Account
-  shell: >
-    echo {{ manageiq_service_account | to_json | quote }} |
-    {{ openshift.common.client_binary }} create
-    -n management-infra
-    --config={{manage_iq_tmp_conf}}
-    -f -
-  register: osmiq_create_service_account
-  failed_when: "'already exists' not in osmiq_create_service_account.stderr and osmiq_create_service_account.rc != 0"
-  changed_when: osmiq_create_service_account.rc == 0
-
-- name: Create Image Inspector Service Account
-  shell: >
-    echo {{ manageiq_image_inspector_service_account | to_json | quote }} |
-    {{ openshift.common.client_binary }} create
-    -n management-infra
-    --config={{manage_iq_tmp_conf}}
-    -f -
-  register: osmiq_create_service_account
-  failed_when: "'already exists' not in osmiq_create_service_account.stderr and osmiq_create_service_account.rc != 0"
-  changed_when: osmiq_create_service_account.rc == 0
+- name: Create Admin and Image Inspector Service Account
+  oc_serviceaccount:
+    kubeconfig: "{{ openshift_master_config_dir }}/admin.kubeconfig"
+    name: "{{ item }}"
+    namespace: management-infra
+    state: present
+  with_items:
+  - management-admin
+  - inspector-admin
 
 - name: Create Cluster Role
   shell: >

roles/openshift_manageiq/vars/main.yml

@@ -1,4 +1,5 @@
 ---
+openshift_master_config_dir: "{{ openshift.common.config_base }}/master"
 manageiq_cluster_role:
   apiVersion: v1
   kind: ClusterRole
@@ -24,18 +25,6 @@ manageiq_metrics_admin_clusterrole:
     verbs:
     - '*'
 
-manageiq_service_account:
-  apiVersion: v1
-  kind: ServiceAccount
-  metadata:
-    name: management-admin
-
-manageiq_image_inspector_service_account:
-  apiVersion: v1
-  kind: ServiceAccount
-  metadata:
-    name: inspector-admin
-
 manage_iq_tmp_conf: /tmp/manageiq_admin.kubeconfig
 
 manage_iq_tasks:

roles/openshift_serviceaccounts/meta/main.yml

@@ -13,3 +13,4 @@ galaxy_info:
   - cloud
 dependencies:
 - { role: openshift_facts }
+- { role: lib_openshift }

roles/openshift_serviceaccounts/tasks/main.yml

@@ -1,21 +1,11 @@
 ---
-- name: test if service accounts exists
-  command: >
-      {{ openshift.common.client_binary }} get sa {{ item }} -n {{ openshift_serviceaccounts_namespace }}
-  with_items: "{{ openshift_serviceaccounts_names }}"
-  failed_when: false
-  changed_when: false
-  register: account_test
-
 - name: create the service account
-  shell: >
-       echo {{ lookup('template', '../templates/serviceaccount.j2')
-       | from_yaml | to_json | quote }} | {{ openshift.common.client_binary }}
-       -n {{ openshift_serviceaccounts_namespace }} create -f -
-  when: item.1.rc != 0
-  with_together:
+  oc_serviceaccount:
+    name: "{{ item }}"
+    namespace: "{{ openshift_serviceaccounts_namespace }}"
+    state: present
+  with_items:
   - "{{ openshift_serviceaccounts_names }}"
-  - "{{ account_test.results }}"
 
 - name: test if scc needs to be updated
   command: >