diff options
| author | Jan Chaloupka <jchaloup@redhat.com> | 2017-02-11 10:30:20 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2017-02-11 10:30:20 +0100 |
| commit | 5444c0f474f3701f22ae8392d1ac192403c8b5b7 (patch) | |
| tree | bb5d05ed9ecb1e9c20d1a9c4bc046fa8f47c818d | |
| parent | 9d25cb0280664f8bdef6247c8dc13520c90756da (diff) | |
| parent | a064a673ae40a4c5a62b6bf2d619d72bbc5fd967 (diff) | |
| download | openshift-5444c0f474f3701f22ae8392d1ac192403c8b5b7.tar.gz openshift-5444c0f474f3701f22ae8392d1ac192403c8b5b7.tar.bz2 openshift-5444c0f474f3701f22ae8392d1ac192403c8b5b7.tar.xz openshift-5444c0f474f3701f22ae8392d1ac192403c8b5b7.zip | |
Merge pull request #3300 from ashcrow/oc-secret-module
WIP: oc secrets now done via oc_secret module
3 files changed, 32 insertions, 19 deletions
diff --git a/playbooks/common/openshift-cluster/redeploy-certificates/registry.yml b/playbooks/common/openshift-cluster/redeploy-certificates/registry.yml index 18b93e1d6..999e4af65 100644 --- a/playbooks/common/openshift-cluster/redeploy-certificates/registry.yml +++ b/playbooks/common/openshift-cluster/redeploy-certificates/registry.yml @@ -2,6 +2,8 @@ - name: Update registry certificates hosts: oo_first_master vars: + roles: + - lib_openshift tasks: - name: Create temp directory for kubeconfig command: mktemp -d /tmp/openshift-ansible-XXXXXX @@ -70,13 +72,17 @@ --key={{ openshift.common.config_base }}/master/registry.key - name: Update registry certificates secret - shell: > - {{ openshift.common.client_binary }} secret new registry-certificates - {{ openshift.common.config_base }}/master/registry.crt - {{ openshift.common.config_base }}/master/registry.key - --config={{ mktemp.stdout }}/admin.kubeconfig - -n default - -o json | oc replace -f - + oc_secret: + kubeconfig: "{{ mktemp.stdout }}/admin.kubeconfig" + name: registry-certificates + namespace: default + state: present + files: + - name: registry.crt + path: "{{ openshift.common.config_base }}/master/registry.crt" + - name: registry.key + path: "{{ openshift.common.config_base }}/master/registry.key" + run_once: true when: l_docker_registry_dc.rc == 0 and 'registry-certificates' in docker_registry_secrets and 'REGISTRY_HTTP_TLS_CERTIFICATE' in docker_registry_env_vars and 'REGISTRY_HTTP_TLS_KEY' in docker_registry_env_vars - name: Redeploy docker registry diff --git a/playbooks/common/openshift-cluster/redeploy-certificates/router.yml b/playbooks/common/openshift-cluster/redeploy-certificates/router.yml index a9e9f0915..707fb6424 100644 --- a/playbooks/common/openshift-cluster/redeploy-certificates/router.yml +++ b/playbooks/common/openshift-cluster/redeploy-certificates/router.yml @@ -7,6 +7,8 @@ command: mktemp -d /tmp/openshift-ansible-XXXXXX register: mktemp changed_when: false + roles: + - lib_openshift - name: Copy admin client config(s) command: > @@ -45,10 +47,12 @@ - block: - name: Delete existing router certificate secret - command: > - {{ openshift.common.client_binary }} delete secret/router-certs - --config={{ mktemp.stdout }}/admin.kubeconfig - -n default + oc_secret: + kubeconfig: "{{ mktemp.stdout }}/admin.kubeconfig" + name: router-certs + namespace: default + state: absent + run_once: true - name: Remove router service annotations command: > diff --git a/roles/openshift_hosted/tasks/registry/secure.yml b/roles/openshift_hosted/tasks/registry/secure.yml index 84b69d94c..216a40874 100644 --- a/roles/openshift_hosted/tasks/registry/secure.yml +++ b/roles/openshift_hosted/tasks/registry/secure.yml @@ -43,15 +43,18 @@ when: False in (docker_registry_certificates_stat_result.results | default([]) | oo_collect(attribute='stat.exists') | list) - name: Create the secret for the registry certificates - command: > - {{ openshift.common.client_binary }} secrets new registry-certificates - {{ openshift_master_config_dir }}/registry.crt - {{ openshift_master_config_dir }}/registry.key - --config={{ openshift_hosted_kubeconfig }} - -n default + oc_secret: + kubeconfig: "{{ openshift_hosted_kubeconfig }}" + name: registry-certificates + namespace: default + state: present + files: + - name: registry.crt + path: "{{ openshift_master_config_dir }}/registry.crt" + - name: registry.key + path: "{{ openshift_master_config_dir }}/registry.key" register: create_registry_certificates_secret - changed_when: "'already exists' not in create_registry_certificates_secret.stderr" - failed_when: "'already exists' not in create_registry_certificates_secret.stderr and create_registry_certificates_secret.rc != 0" + run_once: true - name: "Add the secret to the registry's pod service accounts" oc_serviceaccount_secret: |