Merge pull request #2049 from abutcher/named-certificates

Named CA Certificates

2 files changed, 10 insertions, 5 deletions

diff --git a/roles/openshift_ca/meta/main.yml b/roles/openshift_ca/meta/main.yml
index a08aa1686..444c5b77e 100644
--- a/roles/openshift_ca/meta/main.yml
+++ b/roles/openshift_ca/meta/main.yml
@@ -15,3 +15,4 @@ galaxy_info:
 dependencies:
 - role: openshift_repos
 - role: openshift_cli
+- role: openshift_named_certificates
diff --git a/roles/openshift_ca/tasks/main.yml b/roles/openshift_ca/tasks/main.yml
index 4d9768ce7..2e147840d 100644
--- a/roles/openshift_ca/tasks/main.yml
+++ b/roles/openshift_ca/tasks/main.yml
@@ -28,6 +28,7 @@
     path: "{{ openshift_ca_config_dir }}/{{ item }}"
   register: g_master_ca_stat_result
   with_items:
+  - ca-bundle.crt
   - ca.crt
   - ca.key
   delegate_to: "{{ openshift_ca_host }}"
@@ -43,11 +44,14 @@
 - name: Create the master certificates if they do not already exist
   command: >
     {{ openshift.common.admin_binary }} create-master-certs
-      --hostnames={{ openshift_master_hostnames | join(',') }}
-      --master={{ openshift.master.api_url }}
-      --public-master={{ openshift.master.public_api_url }}
-      --cert-dir={{ openshift_ca_config_dir }}
-      --overwrite=false
+    {% for named_ca_certificate in openshift.master.named_certificates | default([]) | oo_collect('cafile') %}
+    --certificate-authority {{ named_ca_certificate }}
+    {% endfor %}
+    --hostnames={{ openshift_master_hostnames | join(',') }}
+    --master={{ openshift.master.api_url }}
+    --public-master={{ openshift.master.public_api_url }}
+    --cert-dir={{ openshift_ca_config_dir }}
+    --overwrite=false
   when: hostvars[openshift_ca_host].master_ca_missing | bool
   delegate_to: "{{ openshift_ca_host }}"
   run_once: true