summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDan Osborne <djosborne10@gmail.com>2017-07-10 15:56:25 -0700
committerDan Osborne <djosborne10@gmail.com>2017-07-10 16:11:27 -0700
commitd3fd19973950dccfe65c80de09a3c778cdb3f631 (patch)
tree8b3c13db0f77c3e9b32c18f3cab09f3ff00d0b94
parent99ff4fdca9a24a1d5e3953fc7836aee898e62101 (diff)
downloadopenshift-d3fd19973950dccfe65c80de09a3c778cdb3f631.tar.gz
openshift-d3fd19973950dccfe65c80de09a3c778cdb3f631.tar.bz2
openshift-d3fd19973950dccfe65c80de09a3c778cdb3f631.tar.xz
openshift-d3fd19973950dccfe65c80de09a3c778cdb3f631.zip
Fix calico when certs are auto-generated
-rw-r--r--roles/calico/tasks/gen_certs.yml17
-rw-r--r--roles/calico/tasks/main.yml27
2 files changed, 18 insertions, 26 deletions
diff --git a/roles/calico/tasks/gen_certs.yml b/roles/calico/tasks/gen_certs.yml
deleted file mode 100644
index 2e6aa114e..000000000
--- a/roles/calico/tasks/gen_certs.yml
+++ /dev/null
@@ -1,17 +0,0 @@
----
-- name: Calico Node | Generate OpenShift-etcd certs
- include: ../../../roles/etcd_client_certificates/tasks/main.yml
- vars:
- etcd_cert_prefix: calico.etcd-
- etcd_cert_config_dir: "{{ openshift.common.config_base }}/calico"
- embedded_etcd: "{{ hostvars[groups.oo_first_master.0].openshift.master.embedded_etcd }}"
- etcd_ca_host: "{{ groups.oo_etcd_to_config.0 }}"
- etcd_cert_subdir: "openshift-calico-{{ openshift.common.hostname }}"
-
-- name: Calico Node | Set etcd cert location facts
- set_fact:
- calico_etcd_ca_cert_file: "/etc/origin/calico/calico.etcd-ca.crt"
- calico_etcd_cert_file: "/etc/origin/calico/calico.etcd-client.crt"
- calico_etcd_key_file: "/etc/origin/calico/calico.etcd-client.key"
- calico_etcd_endpoints: "{{ hostvars[groups.oo_first_master.0].openshift.master.etcd_urls | join(',') }}"
- calico_etcd_cert_dir: "/etc/origin/calico/"
diff --git a/roles/calico/tasks/main.yml b/roles/calico/tasks/main.yml
index 8a7a61dc9..e62378532 100644
--- a/roles/calico/tasks/main.yml
+++ b/roles/calico/tasks/main.yml
@@ -4,15 +4,24 @@
msg: "Must provide all or none for the following etcd params: calico_etcd_cert_dir, calico_etcd_ca_cert_file, calico_etcd_cert_file, calico_etcd_key_file, calico_etcd_endpoints"
when: (calico_etcd_cert_dir is defined or calico_etcd_ca_cert_file is defined or calico_etcd_cert_file is defined or calico_etcd_key_file is defined or calico_etcd_endpoints is defined) and not (calico_etcd_cert_dir is defined and calico_etcd_ca_cert_file is defined and calico_etcd_cert_file is defined and calico_etcd_key_file is defined and calico_etcd_endpoints is defined)
-- name: Calico Node | Generate certs if not provided
- include: gen_certs.yml
- when: item is not defined
- with_items:
- - calico_etcd_ca_cert_file
- - calico_etcd_cert_file
- - calico_etcd_key_file
- - calico_etcd_endpoints
- - calico_etcd_cert_dir
+- name: Calico Node | Generate OpenShift-etcd certs
+ include: ../../../roles/etcd_client_certificates/tasks/main.yml
+ when: calico_etcd_ca_cert_file is not defined or calico_etcd_cert_file is not defined or calico_etcd_key_file is not defined or calico_etcd_endpoints is not defined or calico_etcd_cert_dir is not defined
+ vars:
+ etcd_cert_prefix: calico.etcd-
+ etcd_cert_config_dir: "{{ openshift.common.config_base }}/calico"
+ embedded_etcd: "{{ hostvars[groups.oo_first_master.0].openshift.master.embedded_etcd }}"
+ etcd_ca_host: "{{ groups.oo_etcd_to_config.0 }}"
+ etcd_cert_subdir: "openshift-calico-{{ openshift.common.hostname }}"
+
+- name: Calico Node | Set etcd cert location facts
+ when: calico_etcd_ca_cert_file is not defined or calico_etcd_cert_file is not defined or calico_etcd_key_file is not defined or calico_etcd_endpoints is not defined or calico_etcd_cert_dir is not defined
+ set_fact:
+ calico_etcd_ca_cert_file: "/etc/origin/calico/calico.etcd-ca.crt"
+ calico_etcd_cert_file: "/etc/origin/calico/calico.etcd-client.crt"
+ calico_etcd_key_file: "/etc/origin/calico/calico.etcd-client.key"
+ calico_etcd_endpoints: "{{ hostvars[groups.oo_first_master.0].openshift.master.etcd_urls | join(',') }}"
+ calico_etcd_cert_dir: "/etc/origin/calico/"
- name: Calico Node | Error if no certs set.
fail: