shixiong
/
okd


			
				
					
						
						
							12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091
							---

- name: ensure the node-bootstrap service account exists
  oc_serviceaccount:
    name: node-bootstrapper
    namespace: openshift-infra
    state: present
  run_once: true

- name: grant node-bootstrapper the correct permissions to bootstrap
  oc_adm_policy_user:
    namespace: openshift-infra
    user: system:serviceaccount:openshift-infra:node-bootstrapper
    resource_kind: cluster-role
    resource_name: system:node-bootstrapper
    state: present
  run_once: true

# TODO: create a module for this command.
# oc_serviceaccounts_kubeconfig
- name: create service account kubeconfig with csr rights
  command: "oc serviceaccounts create-kubeconfig node-bootstrapper -n openshift-infra"
  register: kubeconfig_out

- name: put service account kubeconfig into a file on disk for bootstrap
  copy:
    content: "{{ kubeconfig_out.stdout }}"
    dest: "{{ openshift_master_config_dir }}/bootstrap.kubeconfig"

- name: create a temp dir for this work
  command: mktemp -d /tmp/openshift_node_config-XXXXXX
  register: mktempout
  run_once: true

# This generate is so that we do not have to maintain
# our own copy of the template.  This is generated by
# the product and the following settings will be
# generated by the master
- name: generate a node-config dynamically
  command: >
    {{ openshift_master_client_binary }} adm create-node-config
    --node-dir={{ mktempout.stdout }}/
    --node=CONFIGMAP
    --hostnames=test
    --certificate-authority={{ openshift_master_config_dir }}/ca.crt
    --signer-cert={{ openshift_master_config_dir }}/ca.crt
    --signer-key={{ openshift_master_config_dir }}/ca.key
    --signer-serial={{ openshift_master_config_dir }}/ca.serial.txt
    --node-client-certificate-authority={{ openshift_master_config_dir }}/ca.crt
  register: configgen
  run_once: true

- name: remove the default settings
  yedit:
    state: "{{ item.state | default('present') }}"
    src: "{{ mktempout.stdout }}/node-config.yaml"
    key: "{{ item.key }}"
    value: "{{ item.value | default(omit) }}"
  with_items: "{{ openshift_master_node_config_default_edits }}"
  run_once: true

- name: copy the generated config into each group
  copy:
    src: "{{ mktempout.stdout }}/node-config.yaml"
    remote_src: true
    dest: "{{ mktempout.stdout }}/node-config-{{ item.type }}.yaml"
  with_items: "{{ openshift_master_node_configs }}"
  run_once: true

- name: "specialize the generated configs for node-config-{{ item.type }}"
  yedit:
    src: "{{ mktempout.stdout }}/node-config-{{ item.type }}.yaml"
    edits: "{{ item.edits }}"
  with_items: "{{ openshift_master_node_configs }}"
  run_once: true

- name: create node-config.yaml configmap
  oc_configmap:
    name: "node-config-{{ item.type }}"
    namespace: "{{ openshift_master_bootstrap_namespace }}"
    from_file:
      node-config.yaml: "{{ mktempout.stdout }}/node-config-{{ item.type }}.yaml"
  with_items: "{{ openshift_master_node_configs }}"
  run_once: true

- name: remove templated files
  file:
    dest: "{{ mktempout.stdout }}/"
    state: absent
  with_items: "{{ openshift_master_node_configs }}"
  run_once: true