diff options
author | OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com> | 2017-10-02 12:44:55 -0700 |
---|---|---|
committer | GitHub <noreply@github.com> | 2017-10-02 12:44:55 -0700 |
commit | 55617251e6abe5b205122b990c7ddb38bec87330 (patch) | |
tree | 062fdcb808a3954d5156832d84b2ff24b5b173b2 /playbooks/common/openshift-etcd | |
parent | 125c266f8f9149d773683a6e4b2fbacf2b557005 (diff) | |
parent | d8d0e6d7de600d6896014fef928da5bf133dc85e (diff) | |
download | openshift-55617251e6abe5b205122b990c7ddb38bec87330.tar.gz openshift-55617251e6abe5b205122b990c7ddb38bec87330.tar.bz2 openshift-55617251e6abe5b205122b990c7ddb38bec87330.tar.xz openshift-55617251e6abe5b205122b990c7ddb38bec87330.zip |
Merge pull request #5510 from abutcher/separate-certs
Automatic merge from submit-queue.
Break out certificate playbooks
Break out certificate role dependencies and move them into their own playbooks.
Diffstat (limited to 'playbooks/common/openshift-etcd')
-rw-r--r-- | playbooks/common/openshift-etcd/ca.yml | 15 | ||||
-rw-r--r-- | playbooks/common/openshift-etcd/certificates.yml | 29 | ||||
-rw-r--r-- | playbooks/common/openshift-etcd/scaleup.yml | 7 |
3 files changed, 51 insertions, 0 deletions
diff --git a/playbooks/common/openshift-etcd/ca.yml b/playbooks/common/openshift-etcd/ca.yml new file mode 100644 index 000000000..ac5543be9 --- /dev/null +++ b/playbooks/common/openshift-etcd/ca.yml @@ -0,0 +1,15 @@ +--- +- name: Generate new etcd CA + hosts: oo_first_etcd + roles: + - role: openshift_etcd_facts + tasks: + - include_role: + name: etcd + tasks_from: ca + vars: + etcd_peers: "{{ groups.oo_etcd_to_config | default([], true) }}" + etcd_ca_host: "{{ groups.oo_etcd_to_config.0 }}" + etcd_certificates_etcd_hosts: "{{ groups.oo_etcd_to_config | default([], true) }}" + when: + - etcd_ca_setup | default(True) | bool diff --git a/playbooks/common/openshift-etcd/certificates.yml b/playbooks/common/openshift-etcd/certificates.yml new file mode 100644 index 000000000..31a0f50d8 --- /dev/null +++ b/playbooks/common/openshift-etcd/certificates.yml @@ -0,0 +1,29 @@ +--- +- name: Create etcd server certificates for etcd hosts + hosts: oo_etcd_to_config + any_errors_fatal: true + roles: + - role: openshift_etcd_facts + post_tasks: + - include_role: + name: etcd + tasks_from: server_certificates + vars: + etcd_ca_host: "{{ groups.oo_etcd_to_config.0 }}" + etcd_peers: "{{ groups.oo_etcd_to_config | default([], true) }}" + etcd_certificates_etcd_hosts: "{{ groups.oo_etcd_to_config | default([], true) }}" + r_etcd_common_etcd_runtime: "{{ openshift.common.etcd_runtime }}" + +- name: Create etcd client certificates for master hosts + hosts: oo_masters_to_config + any_errors_fatal: true + roles: + - role: openshift_etcd_facts + - role: openshift_etcd_client_certificates + etcd_ca_host: "{{ groups.oo_etcd_to_config.0 }}" + etcd_cert_subdir: "openshift-master-{{ openshift.common.hostname }}" + etcd_cert_config_dir: "{{ openshift.common.config_base }}/master" + etcd_cert_prefix: "master.etcd-" + openshift_ca_host: "{{ groups.oo_first_master.0 }}" + r_etcd_common_etcd_runtime: "{{ openshift.common.etcd_runtime }}" + when: groups.oo_etcd_to_config is defined and groups.oo_etcd_to_config diff --git a/playbooks/common/openshift-etcd/scaleup.yml b/playbooks/common/openshift-etcd/scaleup.yml index 4f83264d0..8aa508119 100644 --- a/playbooks/common/openshift-etcd/scaleup.yml +++ b/playbooks/common/openshift-etcd/scaleup.yml @@ -30,6 +30,13 @@ retries: 3 delay: 10 until: etcd_add_check.rc == 0 + - include_role: + name: etcd + tasks_from: server_certificates + vars: + etcd_peers: "{{ groups.oo_new_etcd_to_config | default([], true) }}" + etcd_certificates_etcd_hosts: "{{ groups.oo_new_etcd_to_config | default([], true) }}" + r_etcd_common_etcd_runtime: "{{ openshift.common.etcd_runtime }}" roles: - role: os_firewall when: etcd_add_check.rc == 0 |