bootstrap.yml 3.0 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091
  1. ---
  2. - name: ensure the node-bootstrap service account exists
  3. oc_serviceaccount:
  4. name: node-bootstrapper
  5. namespace: openshift-infra
  6. state: present
  7. run_once: true
  8. - name: grant node-bootstrapper the correct permissions to bootstrap
  9. oc_adm_policy_user:
  10. namespace: openshift-infra
  11. user: system:serviceaccount:openshift-infra:node-bootstrapper
  12. resource_kind: cluster-role
  13. resource_name: system:node-bootstrapper
  14. state: present
  15. run_once: true
  16. # TODO: create a module for this command.
  17. # oc_serviceaccounts_kubeconfig
  18. - name: create service account kubeconfig with csr rights
  19. command: "oc serviceaccounts create-kubeconfig node-bootstrapper -n openshift-infra"
  20. register: kubeconfig_out
  21. - name: put service account kubeconfig into a file on disk for bootstrap
  22. copy:
  23. content: "{{ kubeconfig_out.stdout }}"
  24. dest: "{{ openshift_master_config_dir }}/bootstrap.kubeconfig"
  25. - name: create a temp dir for this work
  26. command: mktemp -d /tmp/openshift_node_config-XXXXXX
  27. register: mktempout
  28. run_once: true
  29. # This generate is so that we do not have to maintain
  30. # our own copy of the template. This is generated by
  31. # the product and the following settings will be
  32. # generated by the master
  33. - name: generate a node-config dynamically
  34. command: >
  35. {{ openshift_master_client_binary }} adm create-node-config
  36. --node-dir={{ mktempout.stdout }}/
  37. --node=CONFIGMAP
  38. --hostnames=test
  39. --certificate-authority={{ openshift_master_config_dir }}/ca.crt
  40. --signer-cert={{ openshift_master_config_dir }}/ca.crt
  41. --signer-key={{ openshift_master_config_dir }}/ca.key
  42. --signer-serial={{ openshift_master_config_dir }}/ca.serial.txt
  43. --node-client-certificate-authority={{ openshift_master_config_dir }}/ca.crt
  44. register: configgen
  45. run_once: true
  46. - name: remove the default settings
  47. yedit:
  48. state: "{{ item.state | default('present') }}"
  49. src: "{{ mktempout.stdout }}/node-config.yaml"
  50. key: "{{ item.key }}"
  51. value: "{{ item.value | default(omit) }}"
  52. with_items: "{{ openshift_master_node_config_default_edits }}"
  53. run_once: true
  54. - name: copy the generated config into each group
  55. copy:
  56. src: "{{ mktempout.stdout }}/node-config.yaml"
  57. remote_src: true
  58. dest: "{{ mktempout.stdout }}/node-config-{{ item.type }}.yaml"
  59. with_items: "{{ openshift_master_node_configs }}"
  60. run_once: true
  61. - name: "specialize the generated configs for node-config-{{ item.type }}"
  62. yedit:
  63. src: "{{ mktempout.stdout }}/node-config-{{ item.type }}.yaml"
  64. edits: "{{ item.edits }}"
  65. with_items: "{{ openshift_master_node_configs }}"
  66. run_once: true
  67. - name: create node-config.yaml configmap
  68. oc_configmap:
  69. name: "node-config-{{ item.type }}"
  70. namespace: "{{ openshift_master_bootstrap_namespace }}"
  71. from_file:
  72. node-config.yaml: "{{ mktempout.stdout }}/node-config-{{ item.type }}.yaml"
  73. with_items: "{{ openshift_master_node_configs }}"
  74. run_once: true
  75. - name: remove templated files
  76. file:
  77. dest: "{{ mktempout.stdout }}/"
  78. state: absent
  79. with_items: "{{ openshift_master_node_configs }}"
  80. run_once: true