9 years ago · ffb663f5f6
--- a/playbooks/common/openshift-master/config.yml
+++ b/playbooks/common/openshift-master/config.yml
@@ -352,6 +352,8 @@
 
				   - openshift_examples
			
 
				   - role: openshift_cluster_metrics
			
 
				     when: openshift.common.use_cluster_metrics | bool
			
 
				+  - role: openshift_manageiq
			
 
				+    when: openshift.common.use_manageiq | bool
			
 
				 
			
 
				 - name: Enable cockpit
			
 
				   hosts: oo_first_master
			
--- a/roles/openshift_common/tasks/main.yml
+++ b/roles/openshift_common/tasks/main.yml
@@ -22,6 +22,7 @@
 
				       deployment_type: "{{ openshift_deployment_type }}"
			
 
				       use_fluentd: "{{ openshift_use_fluentd | default(None) }}"
			
 
				       use_flannel: "{{ openshift_use_flannel | default(None) }}"
			
 
				+      use_manageiq: "{{ openshift_use_manageiq | default(None) }}"
			
 
				 
			
 
				   # For enterprise versions < 3.1 and origin versions < 1.1 we want to set the
			
 
				   # hostname by default.
			
--- a/roles/openshift_facts/library/openshift_facts.py
+++ b/roles/openshift_facts/library/openshift_facts.py
@@ -1053,7 +1053,7 @@ class OpenShiftFacts(object):
 
				 
			
 
				         common = dict(use_openshift_sdn=True, ip=ip_addr, public_ip=ip_addr,
			
 
				                       deployment_type='origin', hostname=hostname,
			
 
				-                      public_hostname=hostname)
			
 
				+                      public_hostname=hostname, use_manageiq=False)
			
 
				         common['client_binary'] = 'oc' if os.path.isfile('/usr/bin/oc') else 'osc'
			
 
				         common['admin_binary'] = 'oadm' if os.path.isfile('/usr/bin/oadm') else 'osadm'
			
 
				         common['dns_domain'] = 'cluster.local'
			
--- a/roles/openshift_manageiq/tasks/main.yaml
+++ b/roles/openshift_manageiq/tasks/main.yaml
@@ -0,0 +1,50 @@
 
				+---
			
 
				+- name: Copy Configuration to temporary conf
			
 
				+  command: >
			
 
				+    cp {{ openshift.common.config_base }}/master/admin.kubeconfig {{manage_iq_tmp_conf}}
			
 
				+  changed_when: false
			
 
				+
			
 
				+- name: Add Managment Infrastructure project
			
 
				+  command: > 
			
 
				+    {{ openshift.common.admin_binary }} new-project
			
 
				+    management-infra
			
 
				+    --description="Management Infrastructure"
			
 
				+    --config={{manage_iq_tmp_conf}}
			
 
				+  register: osmiq_create_mi_project
			
 
				+  failed_when: "'already exists' not in osmiq_create_mi_project.stderr and osmiq_create_mi_project.rc != 0"
			
 
				+  changed_when: osmiq_create_mi_project.rc == 0
			
 
				+
			
 
				+- name: Create Service Account
			
 
				+  shell: >
			
 
				+    echo {{ manageiq_service_account | to_json | quote }} | 
			
 
				+    {{ openshift.common.client_binary }} create 
			
 
				+    -n management-infra 
			
 
				+    --config={{manage_iq_tmp_conf}}
			
 
				+    -f -
			
 
				+  register: osmiq_create_service_account
			
 
				+  failed_when: "'already exists' not in osmiq_create_service_account.stderr and osmiq_create_service_account.rc != 0"
			
 
				+  changed_when: osmiq_create_service_account.rc == 0
			
 
				+
			
 
				+- name: Create Cluster Role
			
 
				+  shell: >
			
 
				+    echo {{ manageiq_cluster_role | to_json | quote }} |
			
 
				+    {{ openshift.common.client_binary }} create 
			
 
				+    --config={{manage_iq_tmp_conf}}
			
 
				+    -f -
			
 
				+  register: osmiq_create_cluster_role
			
 
				+  failed_when: "'already exists' not in osmiq_create_cluster_role.stderr and osmiq_create_cluster_role.rc != 0"
			
 
				+  changed_when: osmiq_create_cluster_role.rc == 0
			
 
				+
			
 
				+- name: Configure role/user permissions
			
 
				+  command: >
			
 
				+    {{ openshift.common.admin_binary }} {{item}}
			
 
				+    --config={{manage_iq_tmp_conf}}
			
 
				+  with_items: "{{manage_iq_tasks}}"
			
 
				+  register: osmiq_perm_task
			
 
				+  failed_when: "'already exists' not in osmiq_perm_task.stderr and osmiq_perm_task.rc != 0"
			
 
				+  changed_when: osmiq_perm_task.rc == 0
			
 
				+
			
 
				+- name: Clean temporary configuration file
			
 
				+  command: >
			
 
				+    rm -f {{manage_iq_tmp_conf}}
			
 
				+  changed_when: false
			
--- a/roles/openshift_manageiq/vars/main.yml
+++ b/roles/openshift_manageiq/vars/main.yml
@@ -0,0 +1,24 @@
 
				+manageiq_cluster_role:
			
 
				+    apiVersion: v1
			
 
				+    kind: ClusterRole
			
 
				+    metadata:
			
 
				+      name: management-infra-admin
			
 
				+    rules:
			
 
				+    - resources:
			
 
				+      - pods/proxy
			
 
				+      verbs:
			
 
				+      - '*'
			
 
				+
			
 
				+manageiq_service_account:
			
 
				+    apiVersion: v1
			
 
				+    kind: ServiceAccount
			
 
				+    metadata:
			
 
				+      name: management-admin
			
 
				+
			
 
				+manage_iq_tmp_conf: /tmp/manageiq_admin.kubeconfig
			
 
				+
			
 
				+manage_iq_tasks:
			
 
				+    - policy add-role-to-user -n management-infra admin -z management-admin
			
 
				+    - policy add-role-to-user -n management-infra management-infra-admin -z management-admin
			
 
				+    - policy add-cluster-role-to-user cluster-reader system:serviceaccount:management-infra:management-admin
			
 
				+    - policy add-scc-to-user privileged system:serviceaccount:management-infra:management-admin