diff options
| author | Andrew Butcher <abutcher@afrolegs.com> | 2017-02-09 13:00:41 -0500 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2017-02-09 13:00:41 -0500 |
| commit | 8b6f88ea657662fb6724c2d4863b6c954f9580d8 (patch) | |
| tree | 108ecf6944c74ade314bcdcd75f7cb6f814cf479 | |
| parent | 863f345972b1cf9ed28d682acdf2b74559f79211 (diff) | |
| parent | b0ca3ea0a2ffd7917650ca648c940746b8a7825a (diff) | |
| download | openshift-8b6f88ea657662fb6724c2d4863b6c954f9580d8.tar.gz openshift-8b6f88ea657662fb6724c2d4863b6c954f9580d8.tar.bz2 openshift-8b6f88ea657662fb6724c2d4863b6c954f9580d8.tar.xz openshift-8b6f88ea657662fb6724c2d4863b6c954f9580d8.zip | |
Merge pull request #3312 from abutcher/embedded-etcd-bundle
Ensure embedded etcd config points to CA bundle.
| -rw-r--r-- | playbooks/common/openshift-cluster/redeploy-certificates/ca.yml | 21 | ||||
| -rw-r--r-- | roles/openshift_master/templates/master.yaml.v1.j2 | 12 |
2 files changed, 33 insertions, 0 deletions
diff --git a/playbooks/common/openshift-cluster/redeploy-certificates/ca.yml b/playbooks/common/openshift-cluster/redeploy-certificates/ca.yml index 0b1c39ba4..9d4d3ea26 100644 --- a/playbooks/common/openshift-cluster/redeploy-certificates/ca.yml +++ b/playbooks/common/openshift-cluster/redeploy-certificates/ca.yml @@ -160,6 +160,27 @@ yaml_key: servingInfo.clientCA yaml_value: ca-bundle.crt when: (g_master_config_output.content|b64decode|from_yaml).servingInfo.clientCA != 'ca-bundle.crt' + - modify_yaml: + dest: "{{ openshift.common.config_base }}/master/master-config.yaml" + yaml_key: etcdClientInfo.ca + yaml_value: ca-bundle.crt + when: + - groups.oo_etcd_to_config | default([]) | length == 0 + - (g_master_config_output.content|b64decode|from_yaml).etcdClientInfo.ca != 'ca-bundle.crt' + - modify_yaml: + dest: "{{ openshift.common.config_base }}/master/master-config.yaml" + yaml_key: etcdConfig.peerServingInfo.clientCA + yaml_value: ca-bundle.crt + when: + - groups.oo_etcd_to_config | default([]) | length == 0 + - (g_master_config_output.content|b64decode|from_yaml).etcdConfig.peerServingInfo.clientCA != 'ca-bundle.crt' + - modify_yaml: + dest: "{{ openshift.common.config_base }}/master/master-config.yaml" + yaml_key: etcdConfig.servingInfo.clientCA + yaml_value: ca-bundle.crt + when: + - groups.oo_etcd_to_config | default([]) | length == 0 + - (g_master_config_output.content|b64decode|from_yaml).etcdConfig.servingInfo.clientCA != 'ca-bundle.crt' - name: Copy current OpenShift CA to legacy directory hosts: oo_masters_to_config diff --git a/roles/openshift_master/templates/master.yaml.v1.j2 b/roles/openshift_master/templates/master.yaml.v1.j2 index 9ae54dac1..cf2d2e103 100644 --- a/roles/openshift_master/templates/master.yaml.v1.j2 +++ b/roles/openshift_master/templates/master.yaml.v1.j2 @@ -65,7 +65,11 @@ dnsConfig: bindNetwork: tcp4 {% endif %} etcdClientInfo: +{% if openshift.common.version_gte_3_2_or_1_2 | bool %} + ca: {{ "ca-bundle.crt" if (openshift.master.embedded_etcd | bool) else "master.etcd-ca.crt" }} +{% else %} ca: {{ "ca.crt" if (openshift.master.embedded_etcd | bool) else "master.etcd-ca.crt" }} +{% endif %} certFile: master.etcd-client.crt keyFile: master.etcd-client.key urls: @@ -79,12 +83,20 @@ etcdConfig: peerServingInfo: bindAddress: {{ openshift.master.bind_addr }}:7001 certFile: etcd.server.crt +{% if openshift.common.version_gte_3_2_or_1_2 | bool %} + clientCA: ca-bundle.crt +{% else %} clientCA: ca.crt +{% endif %} keyFile: etcd.server.key servingInfo: bindAddress: {{ openshift.master.bind_addr }}:{{ openshift.master.etcd_port }} certFile: etcd.server.crt +{% if openshift.common.version_gte_3_2_or_1_2 | bool %} + clientCA: ca-bundle.crt +{% else %} clientCA: ca.crt +{% endif %} keyFile: etcd.server.key storageDirectory: {{ openshift.common.data_dir }}/openshift.local.etcd {% endif %} |