diff options
author | Andrew Butcher <abutcher@redhat.com> | 2015-10-22 13:12:22 -0400 |
---|---|---|
committer | Andrew Butcher <abutcher@redhat.com> | 2015-10-22 16:52:35 -0400 |
commit | 5aff702d10b79822098ca68f9ee3184be45775d7 (patch) | |
tree | b73fee43fd694ecb78eddb887eee9d817da9d68f | |
parent | 7f5c403e144e6ef4d39bf7b11adb4c4a8976521c (diff) | |
download | openshift-5aff702d10b79822098ca68f9ee3184be45775d7.tar.gz openshift-5aff702d10b79822098ca68f9ee3184be45775d7.tar.bz2 openshift-5aff702d10b79822098ca68f9ee3184be45775d7.tar.xz openshift-5aff702d10b79822098ca68f9ee3184be45775d7.zip |
Don't include proxy client cert when <3.1 or <1.1
-rw-r--r-- | playbooks/common/openshift-master/config.yml | 10 | ||||
-rw-r--r-- | roles/openshift_master_certificates/tasks/main.yml | 5 |
2 files changed, 10 insertions, 5 deletions
diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml index ecea608b2..47e568f06 100644 --- a/playbooks/common/openshift-master/config.yml +++ b/playbooks/common/openshift-master/config.yml @@ -134,10 +134,13 @@ hosts: oo_masters_to_config tasks: - set_fact: + include_proxy_client_cert: "{{ (openshift.common.version | version_compare('1.0.6', '>')) if openshift.common.deployment_type == 'origin' else (openshift.common.version | version_compare('3.0.2', '>')) }}" + + - set_fact: openshift_master_certs_no_etcd: - admin.crt - master.kubelet-client.crt - - master.proxy-client.crt + - "{{ 'master.proxy-client.crt' if include_proxy_client_cert else omit }}" - master.server.crt - openshift-master.crt - openshift-registry.crt @@ -155,9 +158,9 @@ with_items: openshift_master_certs register: g_master_cert_stat_result - set_fact: - master_certs_missing: "{{ g_master_cert_stat_result.results + master_certs_missing: "{{ False in (g_master_cert_stat_result.results | map(attribute='stat.exists') - | list | intersect([false])}}" + | list ) }}" master_cert_subdir: master-{{ openshift.common.hostname }} master_cert_config_dir: "{{ openshift.common.config_base }}/master" @@ -189,6 +192,7 @@ args: creates: "{{ master_generated_certs_dir }}/{{ item.master_cert_subdir }}.tgz" with_items: masters_needing_certs + - name: Retrieve the master cert tarball from the master fetch: src: "{{ master_generated_certs_dir }}/{{ item.master_cert_subdir }}.tgz" diff --git a/roles/openshift_master_certificates/tasks/main.yml b/roles/openshift_master_certificates/tasks/main.yml index 0d75a9eb3..87e8181c1 100644 --- a/roles/openshift_master_certificates/tasks/main.yml +++ b/roles/openshift_master_certificates/tasks/main.yml @@ -20,6 +20,8 @@ - admin.kubeconfig - master.kubelet-client.crt - master.kubelet-client.key + - "{{ 'master.proxy-client.crt' if openshift.master.include_proxy_client_cert else omit }}" + - "{{ 'master.proxy-client.key' if openshift.master.include_proxy_client_cert else omit }}" - openshift-master.crt - openshift-master.key - openshift-master.kubeconfig @@ -41,6 +43,5 @@ --public-master={{ item.openshift.master.public_api_url }} --cert-dir={{ openshift_generated_configs_dir }}/{{ item.master_cert_subdir }} --overwrite=false - args: - creates: "{{ openshift_generated_configs_dir }}/{{ item.master_cert_subdir }}/master.server.crt" + when: master_certs_missing with_items: masters_needing_certs |