Set up Openshift roles

Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
2017-08-22 21:12:36 +00:00 · 2017-08-22 21:12:36 +00:00 · a87be8843a
commit a87be8843a
parent 664237a7f2
1 changed files with 11 additions and 0 deletions
--- a/playbooks/groups/os-cluster.yml
+++ b/playbooks/groups/os-cluster.yml
@ -159,3 +159,14 @@
  tasks:
    - name: enable nrpe for monitoring (noc01)
      iptables: action=insert chain=INPUT destination_port=5666 protocol=tcp source=10.5.126.41 state=present jump=ACCEPT
+    - name: Disallow users from provisioning
+      command: oadm policy remove-cluster-role-from-group self-provisioner system:authenticated system:authenticated:oauth
+      changed_when: false
+    - name: Allow some users cluster admin
+      command: oadm policy add-cluster-role-to-user cluster-admin {{item}}
+      with_items:
+      - puiterwijk
+      - kevin
+      - codeblock
+      - smooge
+      changed_when: false