summaryrefslogtreecommitdiffstats
path: root/playbooks
diff options
context:
space:
mode:
authorScott Dodson <sdodson@redhat.com>2016-08-03 13:03:46 -0400
committerGitHub <noreply@github.com>2016-08-03 13:03:46 -0400
commit71bc6b9a67d83c0618ac9a786a6cb0d1abd907da (patch)
treed6d4151be2a2e5621559f8584c3c7aa957e386aa /playbooks
parent723c1fb1d73582cd0209cdc7201231b258161555 (diff)
parent4c66a9b62488b5e344f2e65cda6bc2ba3e0f2933 (diff)
downloadopenshift-71bc6b9a67d83c0618ac9a786a6cb0d1abd907da.tar.gz
openshift-71bc6b9a67d83c0618ac9a786a6cb0d1abd907da.tar.bz2
openshift-71bc6b9a67d83c0618ac9a786a6cb0d1abd907da.tar.xz
openshift-71bc6b9a67d83c0618ac9a786a6cb0d1abd907da.zip
Merge pull request #2049 from abutcher/named-certificates
Named CA Certificates
Diffstat (limited to 'playbooks')
-rw-r--r--playbooks/common/openshift-master/config.yml48
-rw-r--r--playbooks/common/openshift-master/scaleup.yml7
-rw-r--r--playbooks/common/openshift-node/config.yml7
3 files changed, 12 insertions, 50 deletions
diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml
index 7d2b44637..1d818eea0 100644
--- a/playbooks/common/openshift-master/config.yml
+++ b/playbooks/common/openshift-master/config.yml
@@ -112,54 +112,6 @@
session_encryption_secrets: "{{ g_session_encryption_secrets }}"
when: not g_session_secrets_present | bool
-- name: Parse named certificates
- hosts: localhost
- connection: local
- become: no
- vars:
- internal_hostnames: "{{ hostvars[groups.oo_first_master.0].openshift.common.internal_hostnames }}"
- named_certificates: "{{ hostvars[groups.oo_first_master.0].openshift_master_named_certificates | default([]) }}"
- named_certificates_dir: "{{ hostvars[groups.oo_first_master.0].openshift.common.config_base }}/master/named_certificates/"
- tasks:
- - set_fact:
- parsed_named_certificates: "{{ named_certificates | oo_parse_named_certificates(named_certificates_dir, internal_hostnames) }}"
- when: named_certificates | length > 0
-
-- name: Deploy named certificates
- hosts: oo_masters_to_config
- vars:
- named_certs_dir: "{{ openshift.common.config_base }}/master/named_certificates/"
- named_certs_specified: "{{ openshift_master_named_certificates is defined }}"
- overwrite_named_certs: "{{ openshift_master_overwrite_named_certificates | default(false) }}"
- roles:
- - role: openshift_facts
- post_tasks:
- - openshift_facts:
- role: master
- local_facts:
- named_certificates: "{{ hostvars.localhost.parsed_named_certificates | default([]) }}"
- additive_facts_to_overwrite:
- - "{{ 'master.named_certificates' if overwrite_named_certs | bool else omit }}"
- - name: Clear named certificates
- file:
- path: "{{ named_certs_dir }}"
- state: absent
- when: overwrite_named_certs | bool
- - name: Ensure named certificate directory exists
- file:
- path: "{{ named_certs_dir }}"
- state: directory
- mode: 0700
- when: named_certs_specified | bool
- - name: Land named certificates
- copy: src="{{ item.certfile }}" dest="{{ named_certs_dir }}"
- with_items: "{{ openshift_master_named_certificates }}"
- when: named_certs_specified | bool
- - name: Land named certificate keys
- copy: src="{{ item.keyfile }}" dest="{{ named_certs_dir }}" mode=0600
- with_items: "{{ openshift_master_named_certificates }}"
- when: named_certs_specified | bool
-
- name: Configure masters
hosts: oo_masters_to_config
any_errors_fatal: true
diff --git a/playbooks/common/openshift-master/scaleup.yml b/playbooks/common/openshift-master/scaleup.yml
index 6e6cb3e01..b40b01709 100644
--- a/playbooks/common/openshift-master/scaleup.yml
+++ b/playbooks/common/openshift-master/scaleup.yml
@@ -33,7 +33,12 @@
service: name={{ openshift.common.service_type }}-master-controllers state=restarted
- name: verify api server
command: >
- curl --silent --cacert {{ openshift.common.config_base }}/master/ca.crt
+ curl --silent
+ {% if openshift.common.version_gte_3_2_or_1_2 | bool %}
+ --cacert {{ openshift.common.config_base }}/master/ca-bundle.crt
+ {% else %}
+ --cacert {{ openshift.common.config_base }}/master/ca.crt
+ {% endif %}
{{ openshift.master.api_url }}/healthz/ready
register: api_available_output
until: api_available_output.stdout == 'ok'
diff --git a/playbooks/common/openshift-node/config.yml b/playbooks/common/openshift-node/config.yml
index 2e0ec2ca7..c56353430 100644
--- a/playbooks/common/openshift-node/config.yml
+++ b/playbooks/common/openshift-node/config.yml
@@ -168,7 +168,12 @@
# Using curl here since the uri module requires python-httplib2 and
# wait_for port doesn't provide health information.
command: >
- curl --silent --cacert {{ openshift.common.config_base }}/master/ca.crt
+ curl --silent
+ {% if openshift.common.version_gte_3_2_or_1_2 | bool %}
+ --cacert {{ openshift.common.config_base }}/master/ca-bundle.crt
+ {% else %}
+ --cacert {{ openshift.common.config_base }}/master/ca.crt
+ {% endif %}
{{ openshift.master.api_url }}/healthz/ready
register: api_available_output
until: api_available_output.stdout == 'ok'