summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJan Chaloupka <jchaloup@redhat.com>2017-02-11 10:30:20 +0100
committerGitHub <noreply@github.com>2017-02-11 10:30:20 +0100
commit5444c0f474f3701f22ae8392d1ac192403c8b5b7 (patch)
treebb5d05ed9ecb1e9c20d1a9c4bc046fa8f47c818d
parent9d25cb0280664f8bdef6247c8dc13520c90756da (diff)
parenta064a673ae40a4c5a62b6bf2d619d72bbc5fd967 (diff)
downloadopenshift-5444c0f474f3701f22ae8392d1ac192403c8b5b7.tar.gz
openshift-5444c0f474f3701f22ae8392d1ac192403c8b5b7.tar.bz2
openshift-5444c0f474f3701f22ae8392d1ac192403c8b5b7.tar.xz
openshift-5444c0f474f3701f22ae8392d1ac192403c8b5b7.zip
Merge pull request #3300 from ashcrow/oc-secret-module
WIP: oc secrets now done via oc_secret module
-rw-r--r--playbooks/common/openshift-cluster/redeploy-certificates/registry.yml20
-rw-r--r--playbooks/common/openshift-cluster/redeploy-certificates/router.yml12
-rw-r--r--roles/openshift_hosted/tasks/registry/secure.yml19
3 files changed, 32 insertions, 19 deletions
diff --git a/playbooks/common/openshift-cluster/redeploy-certificates/registry.yml b/playbooks/common/openshift-cluster/redeploy-certificates/registry.yml
index 18b93e1d6..999e4af65 100644
--- a/playbooks/common/openshift-cluster/redeploy-certificates/registry.yml
+++ b/playbooks/common/openshift-cluster/redeploy-certificates/registry.yml
@@ -2,6 +2,8 @@
- name: Update registry certificates
hosts: oo_first_master
vars:
+ roles:
+ - lib_openshift
tasks:
- name: Create temp directory for kubeconfig
command: mktemp -d /tmp/openshift-ansible-XXXXXX
@@ -70,13 +72,17 @@
--key={{ openshift.common.config_base }}/master/registry.key
- name: Update registry certificates secret
- shell: >
- {{ openshift.common.client_binary }} secret new registry-certificates
- {{ openshift.common.config_base }}/master/registry.crt
- {{ openshift.common.config_base }}/master/registry.key
- --config={{ mktemp.stdout }}/admin.kubeconfig
- -n default
- -o json | oc replace -f -
+ oc_secret:
+ kubeconfig: "{{ mktemp.stdout }}/admin.kubeconfig"
+ name: registry-certificates
+ namespace: default
+ state: present
+ files:
+ - name: registry.crt
+ path: "{{ openshift.common.config_base }}/master/registry.crt"
+ - name: registry.key
+ path: "{{ openshift.common.config_base }}/master/registry.key"
+ run_once: true
when: l_docker_registry_dc.rc == 0 and 'registry-certificates' in docker_registry_secrets and 'REGISTRY_HTTP_TLS_CERTIFICATE' in docker_registry_env_vars and 'REGISTRY_HTTP_TLS_KEY' in docker_registry_env_vars
- name: Redeploy docker registry
diff --git a/playbooks/common/openshift-cluster/redeploy-certificates/router.yml b/playbooks/common/openshift-cluster/redeploy-certificates/router.yml
index a9e9f0915..707fb6424 100644
--- a/playbooks/common/openshift-cluster/redeploy-certificates/router.yml
+++ b/playbooks/common/openshift-cluster/redeploy-certificates/router.yml
@@ -7,6 +7,8 @@
command: mktemp -d /tmp/openshift-ansible-XXXXXX
register: mktemp
changed_when: false
+ roles:
+ - lib_openshift
- name: Copy admin client config(s)
command: >
@@ -45,10 +47,12 @@
- block:
- name: Delete existing router certificate secret
- command: >
- {{ openshift.common.client_binary }} delete secret/router-certs
- --config={{ mktemp.stdout }}/admin.kubeconfig
- -n default
+ oc_secret:
+ kubeconfig: "{{ mktemp.stdout }}/admin.kubeconfig"
+ name: router-certs
+ namespace: default
+ state: absent
+ run_once: true
- name: Remove router service annotations
command: >
diff --git a/roles/openshift_hosted/tasks/registry/secure.yml b/roles/openshift_hosted/tasks/registry/secure.yml
index 84b69d94c..216a40874 100644
--- a/roles/openshift_hosted/tasks/registry/secure.yml
+++ b/roles/openshift_hosted/tasks/registry/secure.yml
@@ -43,15 +43,18 @@
when: False in (docker_registry_certificates_stat_result.results | default([]) | oo_collect(attribute='stat.exists') | list)
- name: Create the secret for the registry certificates
- command: >
- {{ openshift.common.client_binary }} secrets new registry-certificates
- {{ openshift_master_config_dir }}/registry.crt
- {{ openshift_master_config_dir }}/registry.key
- --config={{ openshift_hosted_kubeconfig }}
- -n default
+ oc_secret:
+ kubeconfig: "{{ openshift_hosted_kubeconfig }}"
+ name: registry-certificates
+ namespace: default
+ state: present
+ files:
+ - name: registry.crt
+ path: "{{ openshift_master_config_dir }}/registry.crt"
+ - name: registry.key
+ path: "{{ openshift_master_config_dir }}/registry.key"
register: create_registry_certificates_secret
- changed_when: "'already exists' not in create_registry_certificates_secret.stderr"
- failed_when: "'already exists' not in create_registry_certificates_secret.stderr and create_registry_certificates_secret.rc != 0"
+ run_once: true
- name: "Add the secret to the registry's pod service accounts"
oc_serviceaccount_secret: