From 470524c9154a3a69a7fe3fb385578bf80ee93558 Mon Sep 17 00:00:00 2001 From: Julien Brochet Date: Tue, 22 Aug 2017 17:23:07 +0200 Subject: ensured to always use a certificate for the router --- roles/openshift_hosted/tasks/router/router.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'roles/openshift_hosted') diff --git a/roles/openshift_hosted/tasks/router/router.yml b/roles/openshift_hosted/tasks/router/router.yml index 72a1ead80..eb91bac12 100644 --- a/roles/openshift_hosted/tasks/router/router.yml +++ b/roles/openshift_hosted/tasks/router/router.yml @@ -50,7 +50,7 @@ src: "{{ item }}" with_items: "{{ openshift_hosted_routers | oo_collect(attribute='certificate') | oo_select_keys_from_list(['keyfile', 'certfile', 'cafile']) }}" - when: not openshift_hosted_router_create_certificate | bool + when: ( not openshift_hosted_router_create_certificate | bool ) or openshift_hosted_router_certificate != {} - name: Create the router service account(s) oc_serviceaccount: -- cgit v1.2.3 From acbdf93530ed368c0f879b3eaaa8079754fb7272 Mon Sep 17 00:00:00 2001 From: Julien Brochet Date: Wed, 23 Aug 2017 15:42:33 +0200 Subject: reverse order between router cert generation --- roles/openshift_hosted/tasks/router/router.yml | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) (limited to 'roles/openshift_hosted') diff --git a/roles/openshift_hosted/tasks/router/router.yml b/roles/openshift_hosted/tasks/router/router.yml index eb91bac12..f2661bcef 100644 --- a/roles/openshift_hosted/tasks/router/router.yml +++ b/roles/openshift_hosted/tasks/router/router.yml @@ -18,6 +18,15 @@ openshift_hosted_router_selector: "{{ openshift.hosted.router.selector | default(None) }}" openshift_hosted_router_image: "{{ openshift.hosted.router.registryurl }}" +- name: Get the certificate contents for router + copy: + backup: True + dest: "/etc/origin/master/{{ item | basename }}" + src: "{{ item }}" + with_items: "{{ openshift_hosted_routers | oo_collect(attribute='certificate') | + oo_select_keys_from_list(['keyfile', 'certfile', 'cafile']) }}" + when: ( not openshift_hosted_router_create_certificate | bool ) or openshift_hosted_router_certificate != {} + # This is for when we desire a cluster signed cert # The certificate is generated and placed in master_config_dir/ - block: @@ -43,15 +52,6 @@ # End Block when: ( openshift_hosted_router_create_certificate | bool ) and openshift_hosted_router_certificate == {} -- name: Get the certificate contents for router - copy: - backup: True - dest: "/etc/origin/master/{{ item | basename }}" - src: "{{ item }}" - with_items: "{{ openshift_hosted_routers | oo_collect(attribute='certificate') | - oo_select_keys_from_list(['keyfile', 'certfile', 'cafile']) }}" - when: ( not openshift_hosted_router_create_certificate | bool ) or openshift_hosted_router_certificate != {} - - name: Create the router service account(s) oc_serviceaccount: name: "{{ item.serviceaccount }}" -- cgit v1.2.3