installer/roles/kubernetes/tasks/openshift_auth.yml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57

---
- include_vars: openshift.yml

- name: Set kubernetes_namespace
  set_fact:
    kubernetes_namespace: "{{ openshift_project }}"

- name: Ensure workspace directories exist
  file:
    path: "{{ item  }}"
    state: directory
  with_items:
    - "{{ kubernetes_base_path }}"
    - "{{ openshift_oc_config_file | dirname }}"

- name: Authenticate with OpenShift via user and password
  shell: |
    {{ openshift_oc_bin }} login {{ openshift_host }} \
      -u {{ openshift_user }} \
      -p {{ openshift_password | quote }} \
      --insecure-skip-tls-verify={{ openshift_skip_tls_verify | default(false) | bool }}
  when:
    - openshift_user is defined
    - openshift_password is defined
    - openshift_token is not defined
  register: openshift_auth_result
  ignore_errors: true
  no_log: true

- name: OpenShift authentication failed on TLS verification
  fail:
    msg: "Failed to verify TLS, consider settings openshift_skip_tls_verify=True {{ openshift_auth_result.stderr  | default('certificate does not match hostname') }}"
  when:
    - openshift_skip_tls_verify is not defined or not openshift_skip_tls_verify
    - openshift_auth_result.rc is defined and openshift_auth_result.rc != 0
    - openshift_auth_result.stderr is defined and (openshift_auth_result.stderr | search("certificate that does not match its hostname"))

- name: OpenShift authentication failed
  fail:
    msg: "{{ openshift_auth_result.stderr | default('Invalid credentials') }}"
  when: openshift_auth_result.rc is defined and openshift_auth_result.rc != 0

- name: Authenticate with OpenShift via token
  shell: |
    {{ openshift_oc_bin }} login {{ openshift_host }} \
      --token {{ openshift_token }} \
      --insecure-skip-tls-verify={{ openshift_skip_tls_verify | default(false) | bool }}
  when: openshift_token is defined
  register: openshift_auth_result
  ignore_errors: true
  no_log: true

- name: OpenShift authentication failed
  fail:
    msg: "{{ openshift_auth_result.stderr | default('Invalid token') }}"
  when: openshift_auth_result.rc is defined and openshift_auth_result.rc != 0