diff options
| author | Andrew Butcher <abutcher@redhat.com> | 2017-11-06 12:35:13 -0500 |
|---|---|---|
| committer | Andrew Butcher <abutcher@redhat.com> | 2017-11-06 17:05:16 -0500 |
| commit | 89fcbb72447ab74b440c15d1e35a1dd10cef1c49 (patch) | |
| tree | 417baa390469950d6fa367057ccf47755c35f38d /roles | |
| parent | 5efcf4a2f7e9c2f21c6f9f86dc08f12fd5f56290 (diff) | |
| download | openshift-89fcbb72447ab74b440c15d1e35a1dd10cef1c49.tar.gz openshift-89fcbb72447ab74b440c15d1e35a1dd10cef1c49.tar.bz2 openshift-89fcbb72447ab74b440c15d1e35a1dd10cef1c49.tar.xz openshift-89fcbb72447ab74b440c15d1e35a1dd10cef1c49.zip | |
Temporarily set master servingInfo.clientCA as client-ca-bundle.crt during rolling CA redeployment.
Diffstat (limited to 'roles')
| -rw-r--r-- | roles/openshift_ca/tasks/main.yml | 30 | ||||
| -rw-r--r-- | roles/openshift_master_facts/filter_plugins/openshift_master.py | 2 |
2 files changed, 31 insertions, 1 deletions
diff --git a/roles/openshift_ca/tasks/main.yml b/roles/openshift_ca/tasks/main.yml index fad1ff5de..587526d07 100644 --- a/roles/openshift_ca/tasks/main.yml +++ b/roles/openshift_ca/tasks/main.yml @@ -106,6 +106,36 @@ delegate_to: "{{ openshift_ca_host }}" run_once: true +# Create client-ca-bundle.crt containing old and new OpenShift CA +# certificates. This bundle will be used when rolling the OpenShift CA +# certificate. +- name: Create client-ca-bundle.crt + block: + - command: mktemp -d /tmp/openshift-ansible-XXXXXX + register: openshift_ca_clientconfig_tmpdir + delegate_to: "{{ openshift_ca_host }}" + - copy: + src: "{{ item }}" + dest: "{{ openshift_ca_clientconfig_tmpdir.stdout }}/" + remote_src: true + with_items: "{{ g_master_legacy_ca_result.files | default([]) | oo_collect('path') }}" + delegate_to: "{{ openshift_ca_host }}" + run_once: true + - copy: + src: "{{ openshift_ca_config_dir }}/ca.crt" + dest: "{{ openshift_ca_clientconfig_tmpdir.stdout }}/" + remote_src: true + delegate_to: "{{ openshift_ca_host }}" + run_once: true + - assemble: + src: "{{ openshift_ca_clientconfig_tmpdir.stdout }}" + dest: "{{ openshift_ca_config_dir }}/client-ca-bundle.crt" + mode: 0644 + owner: root + group: root + delegate_to: "{{ openshift_ca_host }}" + run_once: true + - name: Test local loopback context command: > {{ hostvars[openshift_ca_host].openshift.common.client_binary }} config view diff --git a/roles/openshift_master_facts/filter_plugins/openshift_master.py b/roles/openshift_master_facts/filter_plugins/openshift_master.py index a4f410296..d5720b580 100644 --- a/roles/openshift_master_facts/filter_plugins/openshift_master.py +++ b/roles/openshift_master_facts/filter_plugins/openshift_master.py @@ -510,7 +510,7 @@ class FilterModule(object): 'master.kubelet-client.crt', 'master.kubelet-client.key'] if bool(include_ca): - certs += ['ca.crt', 'ca.key', 'ca-bundle.crt'] + certs += ['ca.crt', 'ca.key', 'ca-bundle.crt', 'client-ca-bundle.crt'] if bool(include_keys): certs += ['serviceaccounts.private.key', 'serviceaccounts.public.key'] |