Support for redeploying certificates.

author: Andrew Butcher <abutcher@redhat.com> 2016-07-25 12:04:25 -0400
committer: Andrew Butcher <abutcher@redhat.com> 2016-08-11 16:02:45 -0400
commit: 3bd5ae21adbc1d5b3e5063408e30bb5adb14ba53 (patch)
tree: 8f8458d7e98c1c0e2bb40a3d7b5e665fe45756c2 /roles/etcd_client_certificates
parent: 522cccbc7fd119a182a44af8fb2c0959d919a093 (diff)
download: openshift-3bd5ae21adbc1d5b3e5063408e30bb5adb14ba53.tar.gz
openshift-3bd5ae21adbc1d5b3e5063408e30bb5adb14ba53.tar.bz2
openshift-3bd5ae21adbc1d5b3e5063408e30bb5adb14ba53.tar.xz
openshift-3bd5ae21adbc1d5b3e5063408e30bb5adb14ba53.zip
2 files changed, 22 insertions, 4 deletions
diff --git a/roles/etcd_client_certificates/meta/main.yml b/roles/etcd_client_certificates/meta/main.yml
index 713c78c70..efebdb599 100644
--- a/roles/etcd_client_certificates/meta/main.yml
+++ b/roles/etcd_client_certificates/meta/main.yml
@@ -13,4 +13,4 @@ galaxy_info:
   - cloud
   - system
 dependencies:
-- role: etcd_ca
+- role: etcd_common
diff --git a/roles/etcd_client_certificates/tasks/main.yml b/roles/etcd_client_certificates/tasks/main.yml
index b86afb81c..275aa0a63 100644
--- a/roles/etcd_client_certificates/tasks/main.yml
+++ b/roles/etcd_client_certificates/tasks/main.yml
@@ -1,4 +1,19 @@
 ---
+- name: Ensure CA certificate exists on etcd_ca_host
+  stat:
+    path: "{{ etcd_ca_cert }}"
+  register: g_ca_cert_stat_result
+  delegate_to: "{{ etcd_ca_host }}"
+  run_once: true
+
+- fail:
+    msg: >
+      CA certificate {{ etcd_ca_cert }} doesn't exist on CA host
+      {{ etcd_ca_host }}. Apply 'etcd_ca' role to
+      {{ etcd_ca_host }}.
+  when: not g_ca_cert_stat_result.stat.exists | bool
+  run_once: true
+
 - name: Check status of external etcd certificatees
   stat:
     path: "{{ etcd_cert_config_dir }}/{{ item }}"
@@ -7,11 +22,14 @@
   - "{{ etcd_cert_prefix }}client.key"
   - "{{ etcd_cert_prefix }}ca.crt"
   register: g_external_etcd_cert_stat_result
+  when: not etcd_certificates_redeploy | default(false) | bool
 
 - set_fact:
-    etcd_client_certs_missing: "{{ False in (g_external_etcd_cert_stat_result.results
-                                   | oo_collect(attribute='stat.exists')
-                                   | list) }}"
+    etcd_client_certs_missing: "{{ true if etcd_certificates_redeploy | default(false) | bool
+                                   else (False in (g_external_etcd_cert_stat_result.results
+                                                   | default({})
+                                                   | oo_collect(attribute='stat.exists')
+                                                   | list)) }}"
 
 - name: Ensure generated_certs directory present
   file:
author	Andrew Butcher <abutcher@redhat.com>	2016-07-25 12:04:25 -0400
committer	Andrew Butcher <abutcher@redhat.com>	2016-08-11 16:02:45 -0400
commit	3bd5ae21adbc1d5b3e5063408e30bb5adb14ba53 (patch)
tree	8f8458d7e98c1c0e2bb40a3d7b5e665fe45756c2 /roles/etcd_client_certificates
parent	522cccbc7fd119a182a44af8fb2c0959d919a093 (diff)
download	openshift-3bd5ae21adbc1d5b3e5063408e30bb5adb14ba53.tar.gz openshift-3bd5ae21adbc1d5b3e5063408e30bb5adb14ba53.tar.bz2 openshift-3bd5ae21adbc1d5b3e5063408e30bb5adb14ba53.tar.xz openshift-3bd5ae21adbc1d5b3e5063408e30bb5adb14ba53.zip