diff options
author | Scott Dodson <sdodson@redhat.com> | 2016-08-03 13:03:46 -0400 |
---|---|---|
committer | GitHub <noreply@github.com> | 2016-08-03 13:03:46 -0400 |
commit | 71bc6b9a67d83c0618ac9a786a6cb0d1abd907da (patch) | |
tree | d6d4151be2a2e5621559f8584c3c7aa957e386aa /playbooks | |
parent | 723c1fb1d73582cd0209cdc7201231b258161555 (diff) | |
parent | 4c66a9b62488b5e344f2e65cda6bc2ba3e0f2933 (diff) | |
download | openshift-71bc6b9a67d83c0618ac9a786a6cb0d1abd907da.tar.gz openshift-71bc6b9a67d83c0618ac9a786a6cb0d1abd907da.tar.bz2 openshift-71bc6b9a67d83c0618ac9a786a6cb0d1abd907da.tar.xz openshift-71bc6b9a67d83c0618ac9a786a6cb0d1abd907da.zip |
Merge pull request #2049 from abutcher/named-certificates
Named CA Certificates
Diffstat (limited to 'playbooks')
-rw-r--r-- | playbooks/common/openshift-master/config.yml | 48 | ||||
-rw-r--r-- | playbooks/common/openshift-master/scaleup.yml | 7 | ||||
-rw-r--r-- | playbooks/common/openshift-node/config.yml | 7 |
3 files changed, 12 insertions, 50 deletions
diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml index 7d2b44637..1d818eea0 100644 --- a/playbooks/common/openshift-master/config.yml +++ b/playbooks/common/openshift-master/config.yml @@ -112,54 +112,6 @@ session_encryption_secrets: "{{ g_session_encryption_secrets }}" when: not g_session_secrets_present | bool -- name: Parse named certificates - hosts: localhost - connection: local - become: no - vars: - internal_hostnames: "{{ hostvars[groups.oo_first_master.0].openshift.common.internal_hostnames }}" - named_certificates: "{{ hostvars[groups.oo_first_master.0].openshift_master_named_certificates | default([]) }}" - named_certificates_dir: "{{ hostvars[groups.oo_first_master.0].openshift.common.config_base }}/master/named_certificates/" - tasks: - - set_fact: - parsed_named_certificates: "{{ named_certificates | oo_parse_named_certificates(named_certificates_dir, internal_hostnames) }}" - when: named_certificates | length > 0 - -- name: Deploy named certificates - hosts: oo_masters_to_config - vars: - named_certs_dir: "{{ openshift.common.config_base }}/master/named_certificates/" - named_certs_specified: "{{ openshift_master_named_certificates is defined }}" - overwrite_named_certs: "{{ openshift_master_overwrite_named_certificates | default(false) }}" - roles: - - role: openshift_facts - post_tasks: - - openshift_facts: - role: master - local_facts: - named_certificates: "{{ hostvars.localhost.parsed_named_certificates | default([]) }}" - additive_facts_to_overwrite: - - "{{ 'master.named_certificates' if overwrite_named_certs | bool else omit }}" - - name: Clear named certificates - file: - path: "{{ named_certs_dir }}" - state: absent - when: overwrite_named_certs | bool - - name: Ensure named certificate directory exists - file: - path: "{{ named_certs_dir }}" - state: directory - mode: 0700 - when: named_certs_specified | bool - - name: Land named certificates - copy: src="{{ item.certfile }}" dest="{{ named_certs_dir }}" - with_items: "{{ openshift_master_named_certificates }}" - when: named_certs_specified | bool - - name: Land named certificate keys - copy: src="{{ item.keyfile }}" dest="{{ named_certs_dir }}" mode=0600 - with_items: "{{ openshift_master_named_certificates }}" - when: named_certs_specified | bool - - name: Configure masters hosts: oo_masters_to_config any_errors_fatal: true diff --git a/playbooks/common/openshift-master/scaleup.yml b/playbooks/common/openshift-master/scaleup.yml index 6e6cb3e01..b40b01709 100644 --- a/playbooks/common/openshift-master/scaleup.yml +++ b/playbooks/common/openshift-master/scaleup.yml @@ -33,7 +33,12 @@ service: name={{ openshift.common.service_type }}-master-controllers state=restarted - name: verify api server command: > - curl --silent --cacert {{ openshift.common.config_base }}/master/ca.crt + curl --silent + {% if openshift.common.version_gte_3_2_or_1_2 | bool %} + --cacert {{ openshift.common.config_base }}/master/ca-bundle.crt + {% else %} + --cacert {{ openshift.common.config_base }}/master/ca.crt + {% endif %} {{ openshift.master.api_url }}/healthz/ready register: api_available_output until: api_available_output.stdout == 'ok' diff --git a/playbooks/common/openshift-node/config.yml b/playbooks/common/openshift-node/config.yml index 2e0ec2ca7..c56353430 100644 --- a/playbooks/common/openshift-node/config.yml +++ b/playbooks/common/openshift-node/config.yml @@ -168,7 +168,12 @@ # Using curl here since the uri module requires python-httplib2 and # wait_for port doesn't provide health information. command: > - curl --silent --cacert {{ openshift.common.config_base }}/master/ca.crt + curl --silent + {% if openshift.common.version_gte_3_2_or_1_2 | bool %} + --cacert {{ openshift.common.config_base }}/master/ca-bundle.crt + {% else %} + --cacert {{ openshift.common.config_base }}/master/ca.crt + {% endif %} {{ openshift.master.api_url }}/healthz/ready register: api_available_output until: api_available_output.stdout == 'ok' |