From 7f5c403e144e6ef4d39bf7b11adb4c4a8976521c Mon Sep 17 00:00:00 2001
From: Andrew Butcher <abutcher@redhat.com>
Date: Wed, 21 Oct 2015 16:17:39 -0400
Subject: Add proxy client certs to master config.

---
 playbooks/common/openshift-master/config.yml | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'playbooks/common/openshift-master')

diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml
index 0a3fe90e1..ecea608b2 100644
--- a/playbooks/common/openshift-master/config.yml
+++ b/playbooks/common/openshift-master/config.yml
@@ -137,6 +137,7 @@
       openshift_master_certs_no_etcd:
       - admin.crt
       - master.kubelet-client.crt
+      - master.proxy-client.crt
       - master.server.crt
       - openshift-master.crt
       - openshift-registry.crt
@@ -144,6 +145,7 @@
       - etcd.server.crt
       openshift_master_certs_etcd:
       - master.etcd-client.crt
+
   - set_fact:
       openshift_master_certs: "{{ (openshift_master_certs_no_etcd | union(openshift_master_certs_etcd)) if (groups.oo_etcd_to_config is defined and groups.oo_etcd_to_config) else openshift_master_certs_no_etcd }}"
 
-- 
cgit v1.2.3


From 5aff702d10b79822098ca68f9ee3184be45775d7 Mon Sep 17 00:00:00 2001
From: Andrew Butcher <abutcher@redhat.com>
Date: Thu, 22 Oct 2015 13:12:22 -0400
Subject: Don't include proxy client cert when <3.1 or <1.1

---
 playbooks/common/openshift-master/config.yml | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

(limited to 'playbooks/common/openshift-master')

diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml
index ecea608b2..47e568f06 100644
--- a/playbooks/common/openshift-master/config.yml
+++ b/playbooks/common/openshift-master/config.yml
@@ -133,11 +133,14 @@
 - name: Determine if master certificates need to be generated
   hosts: oo_masters_to_config
   tasks:
+  - set_fact:
+      include_proxy_client_cert: "{{ (openshift.common.version | version_compare('1.0.6', '>')) if openshift.common.deployment_type == 'origin' else (openshift.common.version | version_compare('3.0.2', '>')) }}"
+
   - set_fact:
       openshift_master_certs_no_etcd:
       - admin.crt
       - master.kubelet-client.crt
-      - master.proxy-client.crt
+      - "{{ 'master.proxy-client.crt' if include_proxy_client_cert else omit }}"
       - master.server.crt
       - openshift-master.crt
       - openshift-registry.crt
@@ -155,9 +158,9 @@
     with_items: openshift_master_certs
     register: g_master_cert_stat_result
   - set_fact:
-      master_certs_missing: "{{ g_master_cert_stat_result.results
+      master_certs_missing: "{{ False in (g_master_cert_stat_result.results
                                 | map(attribute='stat.exists')
-                                | list | intersect([false])}}"
+                                | list ) }}"
       master_cert_subdir: master-{{ openshift.common.hostname }}
       master_cert_config_dir: "{{ openshift.common.config_base }}/master"
 
@@ -189,6 +192,7 @@
     args:
       creates: "{{ master_generated_certs_dir }}/{{ item.master_cert_subdir }}.tgz"
     with_items: masters_needing_certs
+
   - name: Retrieve the master cert tarball from the master
     fetch:
       src: "{{ master_generated_certs_dir }}/{{ item.master_cert_subdir }}.tgz"
-- 
cgit v1.2.3


From 7eefcf8a04251da4d10deb936273847d47ccb609 Mon Sep 17 00:00:00 2001
From: Andrew Butcher <abutcher@redhat.com>
Date: Thu, 22 Oct 2015 16:48:24 -0400
Subject: Move version greater_than_fact into openshift_facts

---
 playbooks/common/openshift-master/config.yml | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

(limited to 'playbooks/common/openshift-master')

diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml
index 47e568f06..1dec923fc 100644
--- a/playbooks/common/openshift-master/config.yml
+++ b/playbooks/common/openshift-master/config.yml
@@ -133,14 +133,11 @@
 - name: Determine if master certificates need to be generated
   hosts: oo_masters_to_config
   tasks:
-  - set_fact:
-      include_proxy_client_cert: "{{ (openshift.common.version | version_compare('1.0.6', '>')) if openshift.common.deployment_type == 'origin' else (openshift.common.version | version_compare('3.0.2', '>')) }}"
-
   - set_fact:
       openshift_master_certs_no_etcd:
       - admin.crt
       - master.kubelet-client.crt
-      - "{{ 'master.proxy-client.crt' if include_proxy_client_cert else omit }}"
+      - "{{ 'master.proxy-client.crt' if openshift.common.version_greater_than_3_1_or_1_1 else omit }}"
       - master.server.crt
       - openshift-master.crt
       - openshift-registry.crt
-- 
cgit v1.2.3