Support saving configs per user
This commit is contained in:
parent
3806fe53b5
commit
1f12d21059
@ -1,13 +1,17 @@
|
|||||||
---
|
---
|
||||||
# --------------------------------------
|
# ---------------------------------------------------------------------
|
||||||
# -- yq version
|
# If set to true, the role won't install yq and kubeectl
|
||||||
# --------------------------------------
|
# ---------------------------------------------------------------------
|
||||||
|
use_system_bins: false
|
||||||
|
# ---------------------------------------------------------------------
|
||||||
|
# yq version
|
||||||
|
# ---------------------------------------------------------------------
|
||||||
yq:
|
yq:
|
||||||
version: v4.35.2
|
version: v4.35.2
|
||||||
binary: yq_linux_amd64
|
binary: yq_linux_amd64
|
||||||
# --------------------------------------
|
# ---------------------------------------------------------------------
|
||||||
# -- kubectl version
|
# kubectl version
|
||||||
# --------------------------------------
|
# ---------------------------------------------------------------------
|
||||||
kubectl:
|
kubectl:
|
||||||
version: v1.26.6
|
version: v1.26.6
|
||||||
arch: amd64
|
arch: amd64
|
||||||
@ -53,6 +57,7 @@ role: cluster-admin
|
|||||||
# --------------------------------------
|
# --------------------------------------
|
||||||
# users:
|
# users:
|
||||||
# - username: "admin"
|
# - username: "admin"
|
||||||
|
# host_user: "admin"
|
||||||
# cluster: "microk8s-cluster"
|
# cluster: "microk8s-cluster"
|
||||||
# certificate_expires_in: 500
|
# certificate_expires_in: 500
|
||||||
# binding_type: ClusterRoleBinding
|
# binding_type: ClusterRoleBinding
|
||||||
|
@ -1,15 +1,38 @@
|
|||||||
---
|
---
|
||||||
- name: Prepare cert directory
|
- name: Prepare cert directory
|
||||||
block:
|
block:
|
||||||
- name: Set workdir as fact
|
- name: Using host_user to bootstrap config
|
||||||
|
when: host_user | length > 0
|
||||||
|
block:
|
||||||
|
- name: Set workdir with a custom host user as a fact
|
||||||
set_fact:
|
set_fact:
|
||||||
cert_dir: "{{ working_dir }}/.certs/{{ username }}"
|
cert_dir: "/home/{{ host_user }}/.k8s/certs/{{ username }}"
|
||||||
|
conf_dir: "/home/{{ host_user }}/.kube/{{ username }}"
|
||||||
|
is_host_user: true
|
||||||
|
|
||||||
- name: Create a directory if it does not exist
|
- name: Using user to bootstrap config
|
||||||
|
when: host_user | length == 0
|
||||||
|
block:
|
||||||
|
- name: Set workdir with a custom host user as a fact
|
||||||
|
set_fact:
|
||||||
|
cert_dir: "/home/{{ username }}/.k8s/certs/"
|
||||||
|
conf_dir: "/home/{{ username }}/.kube"
|
||||||
|
is_host_user: false
|
||||||
|
|
||||||
|
- name: create a directory if it does not exist
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
path: "{{ cert_dir }}"
|
path: "{{ cert_dir }}"
|
||||||
state: directory
|
state: directory
|
||||||
mode: "0775"
|
mode: "0775"
|
||||||
|
owner: "{{ lookup('vars','host_user') if (is_host_user) else lookup('vars','username')}}"
|
||||||
|
|
||||||
|
- name: create a directory if it does not exist
|
||||||
|
ansible.builtin.file:
|
||||||
|
path: "{{ conf_dir }}"
|
||||||
|
state: directory
|
||||||
|
mode: "0775"
|
||||||
|
owner: "{{ lookup('vars','host_user') if (is_host_user) else lookup('vars','username')}}"
|
||||||
|
|
||||||
- block:
|
- block:
|
||||||
- name: Generate openssl certificate
|
- name: Generate openssl certificate
|
||||||
tags: openssl
|
tags: openssl
|
||||||
@ -81,8 +104,9 @@
|
|||||||
- name: Create config file from template
|
- name: Create config file from template
|
||||||
template:
|
template:
|
||||||
src: config.j2
|
src: config.j2
|
||||||
dest: "{{ working_dir }}/{{ username }}.config"
|
dest: "{{ conf_dir }}/config"
|
||||||
force: false
|
force: false
|
||||||
|
owner: "{{ lookup('vars','host_user') if (is_host_user) else lookup('vars','username')}}"
|
||||||
tags: config
|
tags: config
|
||||||
|
|
||||||
- name: Bind user to role
|
- name: Bind user to role
|
||||||
|
@ -8,13 +8,15 @@
|
|||||||
# --------------------------------------
|
# --------------------------------------
|
||||||
---
|
---
|
||||||
- name: Ensure required packages are installed
|
- name: Ensure required packages are installed
|
||||||
|
when: not use_system_bins
|
||||||
tags: packages
|
tags: packages
|
||||||
block:
|
block:
|
||||||
- name: Create a directory if it does not exist
|
- name: Create a working directory if it doesn't exist
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
path: "{{ working_dir }}"
|
path: "{{ working_dir }}"
|
||||||
state: directory
|
state: directory
|
||||||
mode: "0775"
|
mode: "0775"
|
||||||
|
|
||||||
- name: Prepare bin directory
|
- name: Prepare bin directory
|
||||||
block:
|
block:
|
||||||
- name: Set workdir as fact
|
- name: Set workdir as fact
|
||||||
@ -27,9 +29,6 @@
|
|||||||
state: directory
|
state: directory
|
||||||
mode: "0775"
|
mode: "0775"
|
||||||
|
|
||||||
# --------------------------------------
|
|
||||||
# -- Install yq
|
|
||||||
# --------------------------------------
|
|
||||||
- name: Install yq
|
- name: Install yq
|
||||||
block:
|
block:
|
||||||
- name: Ensure yq is installed
|
- name: Ensure yq is installed
|
||||||
@ -78,6 +77,7 @@
|
|||||||
vars:
|
vars:
|
||||||
certificate_expires_in: "{{ item.certificate_expires_in | default('500') }}"
|
certificate_expires_in: "{{ item.certificate_expires_in | default('500') }}"
|
||||||
username: "{{ item.username }}"
|
username: "{{ item.username }}"
|
||||||
|
host_user: "{{ item.host_user | default('') }}"
|
||||||
cluster: "{{ item.cluster }}"
|
cluster: "{{ item.cluster }}"
|
||||||
binding_type: "{{ item.binding_type | default('ClusterRoleBinding') }}"
|
binding_type: "{{ item.binding_type | default('ClusterRoleBinding') }}"
|
||||||
role_type: "{{ item.role_type | default('ClusterRole') }}"
|
role_type: "{{ item.role_type | default('ClusterRole') }}"
|
||||||
|
Loading…
Reference in New Issue
Block a user