diff options
| author | Scott Dodson <sdodson@redhat.com> | 2017-02-03 17:09:50 -0500 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2017-02-03 17:09:50 -0500 |
| commit | c8ddd41e0f1819cd9a23a0b5679b8d0360aec92a (patch) | |
| tree | 182c37f192c8bec3f190fe57ff7d974c9d96ef8d /roles/openshift_node_certificates | |
| parent | 87b0f005ee280540ec7afbd39f1a6b99a4c60ea3 (diff) | |
| parent | 917e871843192b107776ce8459b87f3960e455ed (diff) | |
| download | openshift-c8ddd41e0f1819cd9a23a0b5679b8d0360aec92a.tar.gz openshift-c8ddd41e0f1819cd9a23a0b5679b8d0360aec92a.tar.bz2 openshift-c8ddd41e0f1819cd9a23a0b5679b8d0360aec92a.tar.xz openshift-c8ddd41e0f1819cd9a23a0b5679b8d0360aec92a.zip | |
Merge pull request #2671 from abutcher/cert-redeploy-restructure
Restructure certificate redeploy playbooks
Diffstat (limited to 'roles/openshift_node_certificates')
| -rw-r--r-- | roles/openshift_node_certificates/handlers/main.yml | 1 | ||||
| -rw-r--r-- | roles/openshift_node_certificates/tasks/main.yml | 32 |
2 files changed, 22 insertions, 11 deletions
diff --git a/roles/openshift_node_certificates/handlers/main.yml b/roles/openshift_node_certificates/handlers/main.yml index a74668b13..1aa826c09 100644 --- a/roles/openshift_node_certificates/handlers/main.yml +++ b/roles/openshift_node_certificates/handlers/main.yml @@ -8,3 +8,4 @@ systemd: name: docker state: restarted + when: not openshift_certificates_redeploy | default(false) | bool diff --git a/roles/openshift_node_certificates/tasks/main.yml b/roles/openshift_node_certificates/tasks/main.yml index a263f4f3a..4cb89aba2 100644 --- a/roles/openshift_node_certificates/tasks/main.yml +++ b/roles/openshift_node_certificates/tasks/main.yml @@ -42,20 +42,30 @@ when: node_certs_missing | bool delegate_to: "{{ openshift_ca_host }}" +- find: + paths: "{{ openshift.common.config_base }}/master/legacy-ca/" + patterns: ".*-ca.crt" + use_regex: true + register: g_master_legacy_ca_result + delegate_to: "{{ openshift_ca_host }}" + - name: Generate the node client config command: > {{ hostvars[openshift_ca_host].openshift.common.client_binary }} adm create-api-client-config - {% for named_ca_certificate in hostvars[openshift_ca_host].openshift.master.named_certificates | default([]) | oo_collect('cafile') %} - --certificate-authority {{ named_ca_certificate }} - {% endfor %} - --certificate-authority={{ openshift_ca_cert }} - --client-dir={{ openshift_generated_configs_dir }}/node-{{ hostvars[item].openshift.common.hostname }} - --groups=system:nodes - --master={{ hostvars[openshift_ca_host].openshift.master.api_url }} - --signer-cert={{ openshift_ca_cert }} - --signer-key={{ openshift_ca_key }} - --signer-serial={{ openshift_ca_serial }} - --user=system:node:{{ hostvars[item].openshift.common.hostname }} + {% for named_ca_certificate in hostvars[openshift_ca_host].openshift.master.named_certificates | default([]) | oo_collect('cafile') %} + --certificate-authority {{ named_ca_certificate }} + {% endfor %} + {% for legacy_ca_certificate in g_master_legacy_ca_result.files | default([]) | oo_collect('path') %} + --certificate-authority {{ legacy_ca_certificate }} + {% endfor %} + --certificate-authority={{ openshift_ca_cert }} + --client-dir={{ openshift_generated_configs_dir }}/node-{{ hostvars[item].openshift.common.hostname }} + --groups=system:nodes + --master={{ hostvars[openshift_ca_host].openshift.master.api_url }} + --signer-cert={{ openshift_ca_cert }} + --signer-key={{ openshift_ca_key }} + --signer-serial={{ openshift_ca_serial }} + --user=system:node:{{ hostvars[item].openshift.common.hostname }} args: creates: "{{ openshift_generated_configs_dir }}/node-{{ hostvars[item].openshift.common.hostname }}" with_items: "{{ hostvars |