diff options
author | OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com> | 2017-09-26 12:43:17 -0700 |
---|---|---|
committer | GitHub <noreply@github.com> | 2017-09-26 12:43:17 -0700 |
commit | a7f2d65bba267bbbd7aa13c65cee348c015be5f5 (patch) | |
tree | 71a662375126e06536639b3e0cb421599c24f080 /roles | |
parent | 06c8afc884d40be2fcd0c3fbd6cd54db85e8f00a (diff) | |
parent | 8fd1083f57ab582cf47e9a9f78eaaf489f0b7cd6 (diff) | |
download | openshift-a7f2d65bba267bbbd7aa13c65cee348c015be5f5.tar.gz openshift-a7f2d65bba267bbbd7aa13c65cee348c015be5f5.tar.bz2 openshift-a7f2d65bba267bbbd7aa13c65cee348c015be5f5.tar.xz openshift-a7f2d65bba267bbbd7aa13c65cee348c015be5f5.zip |
Merge pull request #5529 from abutcher/aggregator-api-client-config
Automatic merge from submit-queue
Generate aggregator api client config in temporary directory.
The `run_once`'s probably aren't necessary since the role is ran serially.
Diffstat (limited to 'roles')
-rw-r--r-- | roles/openshift_service_catalog/tasks/wire_aggregator.yml | 40 |
1 files changed, 29 insertions, 11 deletions
diff --git a/roles/openshift_service_catalog/tasks/wire_aggregator.yml b/roles/openshift_service_catalog/tasks/wire_aggregator.yml index 6431c6d3f..300a7db62 100644 --- a/roles/openshift_service_catalog/tasks/wire_aggregator.yml +++ b/roles/openshift_service_catalog/tasks/wire_aggregator.yml @@ -75,17 +75,35 @@ path: /etc/origin/master/aggregator-front-proxy.kubeconfig register: first_front_proxy_kubeconfig delegate_to: "{{ first_master }}" - -- name: Create first master api-client config for Aggregator - command: > - {{ hostvars[first_master].openshift.common.client_binary }} adm create-api-client-config - --certificate-authority=/etc/origin/master/front-proxy-ca.crt - --signer-cert=/etc/origin/master/front-proxy-ca.crt - --signer-key=/etc/origin/master/front-proxy-ca.key - --user aggregator-front-proxy - --client-dir=/etc/origin/master - --signer-serial=/etc/origin/master/ca.serial.txt - delegate_to: "{{ first_master }}" + run_once: true + +# create-api-client-config generates a ca.crt file which will +# overwrite the OpenShift CA certificate. Generate the aggregator +# kubeconfig in a temporary directory and then copy files into the +# master config dir to avoid overwriting ca.crt. +- block: + - name: Create first master api-client config for Aggregator + command: > + {{ hostvars[first_master].openshift.common.client_binary }} adm create-api-client-config + --certificate-authority=/etc/origin/master/front-proxy-ca.crt + --signer-cert=/etc/origin/master/front-proxy-ca.crt + --signer-key=/etc/origin/master/front-proxy-ca.key + --user aggregator-front-proxy + --client-dir={{ certtemp.stdout }} + --signer-serial=/etc/origin/master/ca.serial.txt + delegate_to: "{{ first_master }}" + run_once: true + - name: Copy first master api-client config for Aggregator + copy: + src: "{{ certtemp.stdout }}/{{ item }}" + dest: "/etc/origin/master/" + remote_src: true + with_items: + - aggregator-front-proxy.crt + - aggregator-front-proxy.key + - aggregator-front-proxy.kubeconfig + delegate_to: "{{ first_master }}" + run_once: true when: - not first_front_proxy_kubeconfig.stat.exists |