| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114 |
- ---
- # To run contiv-etcd in a container as non-root, we need to match the uid/gid
- # with the filesystem permissions on the host.
- - name: Contiv etcd | Create local unix group
- group:
- name: "{{ contiv_etcd_system_group }}"
- gid: "{{ contiv_etcd_system_gid }}"
- system: yes
- - name: Contiv etcd | Create local unix user
- user:
- name: "{{ contiv_etcd_system_user }}"
- createhome: no
- uid: "{{ contiv_etcd_system_uid }}"
- group: "{{ contiv_etcd_system_group }}"
- home: "{{ contiv_etcd_data_dir }}"
- shell: /bin/false
- system: yes
- - name: Contiv etcd | Create directories
- file:
- path: "{{ item }}"
- state: directory
- mode: g-rwx,o-rwx
- owner: "{{ contiv_etcd_system_user }}"
- group: "{{ contiv_etcd_system_group }}"
- setype: svirt_sandbox_file_t
- seuser: system_u
- serole: object_r
- selevel: s0
- recurse: yes
- with_items:
- - "{{ contiv_etcd_data_dir }}"
- - "{{ contiv_etcd_conf_dir }}"
- - name: Contiv etcd | Create contiv-etcd openshift user
- oc_serviceaccount:
- state: present
- name: contiv-etcd
- namespace: kube-system
- run_once: true
- - name: Contiv etcd | Create temp directory for doing work
- command: mktemp -d /tmp/openshift-contiv-XXXXXX
- register: mktemp
- changed_when: False
- # For things that pass temp files between steps, we want to make sure they
- # run on the same node.
- delegate_to: "{{ groups.oo_masters_to_config.0 }}"
- run_once: true
- - name: Contiv etcd | Create etcd-scc.yml from template
- template:
- src: etcd-scc.yml.j2
- dest: "{{ mktemp.stdout }}/etcd-scc.yml"
- delegate_to: "{{ groups.oo_masters_to_config.0 }}"
- run_once: true
- - name: Contiv etcd | Create etcd.yml from template
- template:
- src: etcd-daemonset.yml.j2
- dest: "{{ mktemp.stdout }}/etcd-daemonset.yml"
- delegate_to: "{{ groups.oo_masters_to_config.0 }}"
- run_once: true
- - name: Contiv etcd | Create etcd-proxy.yml from template
- template:
- src: etcd-proxy-daemonset.yml.j2
- dest: "{{ mktemp.stdout }}/etcd-proxy-daemonset.yml"
- delegate_to: "{{ groups.oo_masters_to_config.0 }}"
- run_once: true
- - name: Contiv etcd | Add etcd scc
- oc_obj:
- state: present
- namespace: "kube-system"
- kind: SecurityContextConstraints
- name: contiv-etcd
- files:
- - "{{ mktemp.stdout }}/etcd-scc.yml"
- delegate_to: "{{ groups.oo_masters_to_config.0 }}"
- run_once: true
- # Always "import" this file, k8s won't do anything if it matches exactly what
- # is already in the cluster.
- - name: Contiv etcd | Add etcd daemonset
- oc_obj:
- state: present
- namespace: "kube-system"
- kind: daemonset
- name: contiv-etcd
- files:
- - "{{ mktemp.stdout }}/etcd-daemonset.yml"
- delegate_to: "{{ groups.oo_masters_to_config.0 }}"
- run_once: true
- - name: Contiv etcd | Add etcd-proxy daemonset
- oc_obj:
- state: present
- namespace: "kube-system"
- kind: daemonset
- name: contiv-etcd-proxy
- files:
- - "{{ mktemp.stdout }}/etcd-proxy-daemonset.yml"
- delegate_to: "{{ groups.oo_masters_to_config.0 }}"
- run_once: true
- - name: Contiv etcd | Delete temp directory
- file:
- name: "{{ mktemp.stdout }}"
- state: absent
- changed_when: False
- delegate_to: "{{ groups.oo_masters_to_config.0 }}"
- run_once: true
|
