diff options
| author | Andrew Butcher <abutcher@redhat.com> | 2016-06-15 13:19:59 -0400 |
|---|---|---|
| committer | Andrew Butcher <abutcher@redhat.com> | 2016-08-01 11:33:14 -0400 |
| commit | 4c66a9b62488b5e344f2e65cda6bc2ba3e0f2933 (patch) | |
| tree | 57f0d2ee98a622e012d339c044e84d5855718949 /roles/openshift_master | |
| parent | 1bdbe5ed4b609d06651d4d3ded4dc70a7f7ed865 (diff) | |
| download | openshift-4c66a9b62488b5e344f2e65cda6bc2ba3e0f2933.tar.gz openshift-4c66a9b62488b5e344f2e65cda6bc2ba3e0f2933.tar.bz2 openshift-4c66a9b62488b5e344f2e65cda6bc2ba3e0f2933.tar.xz openshift-4c66a9b62488b5e344f2e65cda6bc2ba3e0f2933.zip | |
Add options for specifying named ca certificates to be added to the openshift ca bundle.
Diffstat (limited to 'roles/openshift_master')
| -rw-r--r-- | roles/openshift_master/handlers/main.yml | 7 | ||||
| -rw-r--r-- | roles/openshift_master/meta/main.yml | 1 | ||||
| -rw-r--r-- | roles/openshift_master/tasks/main.yml | 7 | ||||
| -rw-r--r-- | roles/openshift_master/templates/master.yaml.v1.j2 | 14 |
4 files changed, 23 insertions, 6 deletions
diff --git a/roles/openshift_master/handlers/main.yml b/roles/openshift_master/handlers/main.yml index f7dfb11f7..edb7369de 100644 --- a/roles/openshift_master/handlers/main.yml +++ b/roles/openshift_master/handlers/main.yml @@ -17,7 +17,12 @@ # Using curl here since the uri module requires python-httplib2 and # wait_for port doesn't provide health information. command: > - curl --silent --cacert {{ openshift.common.config_base }}/master/ca.crt + curl --silent + {% if openshift.common.version_gte_3_2_or_1_2 | bool %} + --cacert {{ openshift.common.config_base }}/master/ca-bundle.crt + {% else %} + --cacert {{ openshift.common.config_base }}/master/ca.crt + {% endif %} {{ openshift.master.api_url }}/healthz/ready register: api_available_output until: api_available_output.stdout == 'ok' diff --git a/roles/openshift_master/meta/main.yml b/roles/openshift_master/meta/main.yml index e391acfaa..a2f665702 100644 --- a/roles/openshift_master/meta/main.yml +++ b/roles/openshift_master/meta/main.yml @@ -12,4 +12,3 @@ galaxy_info: categories: - cloud dependencies: [] - diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml index 115a64aeb..e1efb4c2b 100644 --- a/roles/openshift_master/tasks/main.yml +++ b/roles/openshift_master/tasks/main.yml @@ -224,7 +224,12 @@ # Using curl here since the uri module requires python-httplib2 and # wait_for port doesn't provide health information. command: > - curl --silent --cacert {{ openshift.common.config_base }}/master/ca.crt + curl --silent + {% if openshift.common.version_gte_3_2_or_1_2 | bool %} + --cacert {{ openshift.common.config_base }}/master/ca-bundle.crt + {% else %} + --cacert {{ openshift.common.config_base }}/master/ca.crt + {% endif %} {{ openshift.master.api_url }}/healthz/ready register: api_available_output until: api_available_output.stdout == 'ok' diff --git a/roles/openshift_master/templates/master.yaml.v1.j2 b/roles/openshift_master/templates/master.yaml.v1.j2 index b18a42e32..662f23aa3 100644 --- a/roles/openshift_master/templates/master.yaml.v1.j2 +++ b/roles/openshift_master/templates/master.yaml.v1.j2 @@ -156,7 +156,11 @@ oauthConfig: {% for line in translated_identity_providers.splitlines() %} {{ line }} {% endfor %} - masterCA: ca.crt +{% if openshift.common.version_gte_3_2_or_1_2 | bool %} + masterCA: ca-bundle.crt +{% else %} + masterCA: ca.rt +{% endif %} masterPublicURL: {{ openshift.master.public_api_url }} masterURL: {{ openshift.master.api_url }} sessionConfig: @@ -189,7 +193,11 @@ serviceAccountConfig: - default - builder - deployer - masterCA: ca.crt +{% if openshift.common.version_gte_3_2_or_1_2 | bool %} + masterCA: ca-bundle.crt +{% else %} + masterCA: ca.rt +{% endif %} privateKeyFile: serviceaccounts.private.key publicKeyFiles: - serviceaccounts.public.key @@ -201,7 +209,7 @@ servingInfo: keyFile: master.server.key maxRequestsInFlight: {{ openshift.master.max_requests_inflight }} requestTimeoutSeconds: 3600 -{% if openshift.master.named_certificates %} +{% if openshift.master.named_certificates | default([]) | length > 0 %} namedCertificates: {% for named_certificate in openshift.master.named_certificates %} - certFile: {{ named_certificate['certfile'] }} |