From c0051a96c8dcae20984f0df9e834a7790136f08a Mon Sep 17 00:00:00 2001
From: Adam Miller <admiller@redhat.com>
Date: Fri, 28 Oct 2016 02:37:12 +0000
Subject: [PATCH] only run the policy setting on the master host of the cluster

Signed-off-by: Adam Miller <admiller@redhat.com>
---
 playbooks/groups/osbs-cluster.yml | 34 +++++++++++++++----------------
 1 file changed, 17 insertions(+), 17 deletions(-)

diff --git a/playbooks/groups/osbs-cluster.yml b/playbooks/groups/osbs-cluster.yml
index 7aca278e00..299a555304 100644
--- a/playbooks/groups/osbs-cluster.yml
+++ b/playbooks/groups/osbs-cluster.yml
@@ -187,6 +187,23 @@
         src: "{{private}}/files/httpd/osbs-{{env}}.htpasswd"
         dest: /etc/origin/htpasswd
 
+    - name: set policy for koji builder in openshift for osbs
+      shell: "oadm policy add-role-to-user -n default edit htpasswd_provider: {{ osbs_koji_stg_username }} && touch /etc/origin/koji-builder-policy-added"
+      args:
+        creates: "/etc/origin/koji-builder-policy-added"
+      when: env == "staging"
+
+    - name: set policy for koji builder in openshift for osbs
+      shell: "oadm policy add-role-to-user -n default edit htpasswd_provider: {{ osbs_koji_prod_username }} && touch /etc/origin/koji-builder-policy-added"
+      args:
+        creates: "/etc/origin/koji-builder-policy-added"
+      when: env == "production"
+
+    - name: set policy for koji builder in openshift for atomic-reactor
+      shell: "oadm policy add-role-to-user -n default edit system:serviceaccount:default:builder && touch /etc/origin/atomic-reactor-policy-added"
+      args:
+        creates: "/etc/origin/atomic-reactor-policy-added"
+
 - name: Deploy OSBS on top of OpenShift
   hosts: osbs-masters-stg[0]:osbs-masters[0]
   tags:
@@ -414,23 +431,6 @@
         dest: "{{ koji_ca_cert_path }}"
       notify: oc secrets new
 
-    - name: set policy for koji builder in openshift for osbs
-      shell: "oadm policy add-role-to-user -n default edit htpasswd_provider: {{ osbs_koji_stg_username }} && touch /etc/origin/koji-builder-policy-added"
-      args:
-        creates: "/etc/origin/koji-builder-policy-added"
-      when: env == "staging"
-
-    - name: set policy for koji builder in openshift for osbs
-      shell: "oadm policy add-role-to-user -n default edit htpasswd_provider: {{ osbs_koji_prod_username }} && touch /etc/origin/koji-builder-policy-added"
-      args:
-        creates: "/etc/origin/koji-builder-policy-added"
-      when: env == "production"
-
-    - name: set policy for koji builder in openshift for atomic-reactor
-      shell: "oadm policy add-role-to-user -n default edit system:serviceaccount:default:builder && touch /etc/origin/atomic-reactor-policy-added"
-      args:
-        creates: "/etc/origin/atomic-reactor-policy-added"
-
     - name: Create buildroot container conf directory
       file:
         path: "/etc/osbs/buildroot/"