summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAndrew Butcher <abutcher@redhat.com>2015-10-22 13:12:22 -0400
committerAndrew Butcher <abutcher@redhat.com>2015-10-22 16:52:35 -0400
commit5aff702d10b79822098ca68f9ee3184be45775d7 (patch)
treeb73fee43fd694ecb78eddb887eee9d817da9d68f
parent7f5c403e144e6ef4d39bf7b11adb4c4a8976521c (diff)
downloadopenshift-5aff702d10b79822098ca68f9ee3184be45775d7.tar.gz
openshift-5aff702d10b79822098ca68f9ee3184be45775d7.tar.bz2
openshift-5aff702d10b79822098ca68f9ee3184be45775d7.tar.xz
openshift-5aff702d10b79822098ca68f9ee3184be45775d7.zip
Don't include proxy client cert when <3.1 or <1.1
-rw-r--r--playbooks/common/openshift-master/config.yml10
-rw-r--r--roles/openshift_master_certificates/tasks/main.yml5
2 files changed, 10 insertions, 5 deletions
diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml
index ecea608b2..47e568f06 100644
--- a/playbooks/common/openshift-master/config.yml
+++ b/playbooks/common/openshift-master/config.yml
@@ -134,10 +134,13 @@
hosts: oo_masters_to_config
tasks:
- set_fact:
+ include_proxy_client_cert: "{{ (openshift.common.version | version_compare('1.0.6', '>')) if openshift.common.deployment_type == 'origin' else (openshift.common.version | version_compare('3.0.2', '>')) }}"
+
+ - set_fact:
openshift_master_certs_no_etcd:
- admin.crt
- master.kubelet-client.crt
- - master.proxy-client.crt
+ - "{{ 'master.proxy-client.crt' if include_proxy_client_cert else omit }}"
- master.server.crt
- openshift-master.crt
- openshift-registry.crt
@@ -155,9 +158,9 @@
with_items: openshift_master_certs
register: g_master_cert_stat_result
- set_fact:
- master_certs_missing: "{{ g_master_cert_stat_result.results
+ master_certs_missing: "{{ False in (g_master_cert_stat_result.results
| map(attribute='stat.exists')
- | list | intersect([false])}}"
+ | list ) }}"
master_cert_subdir: master-{{ openshift.common.hostname }}
master_cert_config_dir: "{{ openshift.common.config_base }}/master"
@@ -189,6 +192,7 @@
args:
creates: "{{ master_generated_certs_dir }}/{{ item.master_cert_subdir }}.tgz"
with_items: masters_needing_certs
+
- name: Retrieve the master cert tarball from the master
fetch:
src: "{{ master_generated_certs_dir }}/{{ item.master_cert_subdir }}.tgz"
diff --git a/roles/openshift_master_certificates/tasks/main.yml b/roles/openshift_master_certificates/tasks/main.yml
index 0d75a9eb3..87e8181c1 100644
--- a/roles/openshift_master_certificates/tasks/main.yml
+++ b/roles/openshift_master_certificates/tasks/main.yml
@@ -20,6 +20,8 @@
- admin.kubeconfig
- master.kubelet-client.crt
- master.kubelet-client.key
+ - "{{ 'master.proxy-client.crt' if openshift.master.include_proxy_client_cert else omit }}"
+ - "{{ 'master.proxy-client.key' if openshift.master.include_proxy_client_cert else omit }}"
- openshift-master.crt
- openshift-master.key
- openshift-master.kubeconfig
@@ -41,6 +43,5 @@
--public-master={{ item.openshift.master.public_api_url }}
--cert-dir={{ openshift_generated_configs_dir }}/{{ item.master_cert_subdir }}
--overwrite=false
- args:
- creates: "{{ openshift_generated_configs_dir }}/{{ item.master_cert_subdir }}/master.server.crt"
+ when: master_certs_missing
with_items: masters_needing_certs