-
Notifications
You must be signed in to change notification settings - Fork 1
/
010_add_default_admin_user.yaml
69 lines (54 loc) · 2.08 KB
/
010_add_default_admin_user.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
- name: Create admin with cluster admin privileges
hosts: bastion
gather_facts: no
remote_user: root
tasks:
- name: Ensuring httpd-tools is present
package:
name: httpd-tools
state: present
become: true
- name: Ensuring passlib is present
pip:
name:
- passlib
- bcrypt
become: true
- name: Creating yaml configuration for htpasswd identity provider
template:
src: ../templates/htpasswd_provider.j2
dest: "/root/install/htpasswd_provider.yaml"
- template:
src: ../templates/ocp_user_script.j2
dest: /tmp/ocp_user.sh
mode: +x
- name: Creating oauth login url var
set_fact:
auth_url: oauth-openshift.apps.{{ ocp.cluster_name }}.{{ networking.domain_name }}
#https://unix.stackexchange.com/questions/368123/how-to-extract-the-root-ca-and-subordinate-ca-from-a-certificate-chain-in-linux
- name: Getting router certificates chain
shell: >
openssl s_client -showcerts -servername {{ auth_url }}
-connect {{ auth_url }}:443 < /dev/null
2>/dev/null | awk '/BEGIN/,/END/{ if(/BEGIN/){a++}; out="/tmp/cert"a".pem"; print >out}'
- shell: cat /tmp/cert1.pem /tmp/cert2.pem > /tmp/login.pem
- name: Copying certificate to trusted certificate directory
copy:
src: /tmp/login.pem
dest: /etc/pki/ca-trust/source/anchors/login.pem
remote_src: yes
become: true
- name: Trusting router certificate
command: update-ca-trust
become: true
- name: Creating htpasswd identiry and user
command: /tmp/ocp_user.sh
- name: Sleeping 30 seconds...
command: sleep 30
- name: Try to login with admin
command: >
/usr/bin/oc login -u {{ ocp.user }} -p {{ ocp.pass }}
https://api.{{ ocp.cluster_name }}.{{ networking.domain_name }}:6443 --kubeconfig /root/install/auth/kubeconfig
retries: 30
register: command
until: command.rc == 0