From 0ec048fb998076aa97b316e14ccb0e8519d2ed16 Mon Sep 17 00:00:00 2001
From: Jeff Cantrill <jcantril@redhat.com>
Date: Tue, 24 Jan 2017 21:32:11 -0500
Subject: openshift_logging link pull secret to serviceaccounts fix unlabel
 when undeploying

---
 roles/openshift_logging/README.md                  |  1 +
 roles/openshift_logging/tasks/install_logging.yaml | 22 ++++++++++++++++++++++
 roles/openshift_logging/tasks/oc_secret.yaml       |  7 +++++++
 3 files changed, 30 insertions(+)
 create mode 100644 roles/openshift_logging/tasks/oc_secret.yaml

diff --git a/roles/openshift_logging/README.md b/roles/openshift_logging/README.md
index 856cfa2b9..8651e06e7 100644
--- a/roles/openshift_logging/README.md
+++ b/roles/openshift_logging/README.md
@@ -36,6 +36,7 @@ When both `openshift_logging_install_logging` and `openshift_logging_upgrade_log
 - `openshift_logging_curator_cpu_limit`: The amount of CPU to allocate to Curator. Default is '100m'.
 - `openshift_logging_curator_memory_limit`: The amount of memory to allocate to Curator. Unset if not specified.
 - `openshift_logging_curator_nodeselector`: A map of labels (e.g. {"node":"infra","region":"west"} to select the nodes where the curator pod will land.
+- `openshift_logging_image_pull_secret`: The name of an existing pull secret to link to the logging service accounts
 
 - `openshift_logging_kibana_hostname`: The Kibana hostname. Defaults to 'kibana.example.com'.
 - `openshift_logging_kibana_cpu_limit`: The amount of CPU to allocate to Kibana or unset if not specified.
diff --git a/roles/openshift_logging/tasks/install_logging.yaml b/roles/openshift_logging/tasks/install_logging.yaml
index 00c79ee5e..d52429f03 100644
--- a/roles/openshift_logging/tasks/install_logging.yaml
+++ b/roles/openshift_logging/tasks/install_logging.yaml
@@ -57,6 +57,28 @@
     loop_var: file
   when: ansible_check_mode
 
+  # TODO replace task with oc_secret module that supports
+  # linking when available
+- name: Link Pull Secrets With Service Accounts
+  include: oc_secret.yaml
+  vars:
+    kubeconfig: "{{ mktemp.stdout }}/admin.kubeconfig"
+    subcommand: link
+    service_account: "{{sa_account}}"
+    secret_name: "{{openshift_logging_image_pull_secret}}"
+    add_args: "--for=pull"
+  with_items:
+    - default
+    - aggregated-logging-elasticsearch
+    - aggregated-logging-kibana
+    - aggregated-logging-fluentd
+    - aggregated-logging-curator
+  register: link_pull_secret
+  loop_control:
+    loop_var: sa_account
+  when: openshift_logging_image_pull_secret is defined
+  failed_when: link_pull_secret.rc != 0
+
 - name: Scaling up cluster
   include: start_cluster.yaml
   when: start_cluster | default(true) | bool
diff --git a/roles/openshift_logging/tasks/oc_secret.yaml b/roles/openshift_logging/tasks/oc_secret.yaml
new file mode 100644
index 000000000..de37e4f6d
--- /dev/null
+++ b/roles/openshift_logging/tasks/oc_secret.yaml
@@ -0,0 +1,7 @@
+---
+- command: >
+    {{ openshift.common.client_binary }}
+    --config={{ kubeconfig }}
+    secret {{subcommand}} {{service_account}} {{secret_name}}
+    {{add_args}}
+    -n {{openshift_logging_namespace}}
-- 
cgit v1.2.3