首页 发现 帮助
注册 登录
shixiong
/
okd
1
0
派生 0
文件 工单管理 0 合并请求 0 Wiki
目录树: cbf98f53b0
分支列表 标签列表
okd
/
roles
/
openshift_serviceaccounts
/
tasks
/
main.yml

main.yml 1.0 KB
文件历史 原始文件

1234567891011121314151617181920212223242526 
  1. - name: Create service account configs
    2. 

  2.   template:
    3. 

  3.     src: serviceaccount.j2
    4. 

  4.     dest: "/tmp/{{ item }}-serviceaccount.yaml"
    5. 

  5.   with_items: accounts
    6. 

  6. 

  7. - name: Create {{ item }} service account
    8. 

  8.   command: >
    9. 

  9.     {{ openshift.common.client_binary }} create -f "/tmp/{{ item }}-serviceaccount.yaml"
    10. 

  10.   with_items: accounts
    11. 

  11.   register: _sa_result
    12. 

  12.   failed_when: "'serviceaccounts \"{{ item }}\" already exists' not in _sa_result.stderr and _sa_result.rc != 0"
    13. 

  13.   changed_when: "'serviceaccounts \"{{ item }}\" already exists' not in _sa_result.stderr and _sa_result.rc == 0"
    14. 

  14. 

  15. - name: Get current security context constraints
    16. 

  16.   shell: "{{ openshift.common.client_binary }} get scc privileged -o yaml > /tmp/scc.yaml"
    17. 

  17. 

  18. - name: Add security context constraint for {{ item }}
    19. 

  19.   lineinfile:
    20. 

  20.     dest: /tmp/scc.yaml
    21. 

  21.     line: "- system:serviceaccount:default:{{ item }}"
    22. 

  22.     insertafter: "^users:$"
    23. 

  23.   with_items: accounts
    24. 

  24. 

  25. - name: Apply new scc rules for service accounts
    26. 

  26.   command: "{{ openshift.common.client_binary }} update -f /tmp/scc.yaml"
    27.