only run the policy setting on the master host of the cluster

Signed-off-by: Adam Miller <admiller@redhat.com>
2016-10-28 02:37:12 +00:00 · 2016-10-28 02:37:12 +00:00 · c0051a96c8
commit c0051a96c8
parent a9f1acfcbb
1 changed files with 17 additions and 17 deletions
--- a/playbooks/groups/osbs-cluster.yml
+++ b/playbooks/groups/osbs-cluster.yml
@ -187,6 +187,23 @@
        src: "{{private}}/files/httpd/osbs-{{env}}.htpasswd"
        dest: /etc/origin/htpasswd

+    - name: set policy for koji builder in openshift for osbs
+      shell: "oadm policy add-role-to-user -n default edit htpasswd_provider: {{ osbs_koji_stg_username }} && touch /etc/origin/koji-builder-policy-added"
+      args:
+        creates: "/etc/origin/koji-builder-policy-added"
+      when: env == "staging"
+
+    - name: set policy for koji builder in openshift for osbs
+      shell: "oadm policy add-role-to-user -n default edit htpasswd_provider: {{ osbs_koji_prod_username }} && touch /etc/origin/koji-builder-policy-added"
+      args:
+        creates: "/etc/origin/koji-builder-policy-added"
+      when: env == "production"
+
+    - name: set policy for koji builder in openshift for atomic-reactor
+      shell: "oadm policy add-role-to-user -n default edit system:serviceaccount:default:builder && touch /etc/origin/atomic-reactor-policy-added"
+      args:
+        creates: "/etc/origin/atomic-reactor-policy-added"
+
 - name: Deploy OSBS on top of OpenShift
  hosts: osbs-masters-stg[0]:osbs-masters[0]
  tags:
@ -414,23 +431,6 @@
        dest: "{{ koji_ca_cert_path }}"
      notify: oc secrets new

-    - name: set policy for koji builder in openshift for osbs
-      shell: "oadm policy add-role-to-user -n default edit htpasswd_provider: {{ osbs_koji_stg_username }} && touch /etc/origin/koji-builder-policy-added"
-      args:
-        creates: "/etc/origin/koji-builder-policy-added"
-      when: env == "staging"
-
-    - name: set policy for koji builder in openshift for osbs
-      shell: "oadm policy add-role-to-user -n default edit htpasswd_provider: {{ osbs_koji_prod_username }} && touch /etc/origin/koji-builder-policy-added"
-      args:
-        creates: "/etc/origin/koji-builder-policy-added"
-      when: env == "production"
-
-    - name: set policy for koji builder in openshift for atomic-reactor
-      shell: "oadm policy add-role-to-user -n default edit system:serviceaccount:default:builder && touch /etc/origin/atomic-reactor-policy-added"
-      args:
-        creates: "/etc/origin/atomic-reactor-policy-added"
-
    - name: Create buildroot container conf directory
      file:
        path: "/etc/osbs/buildroot/"