diff options
| -rw-r--r-- | filter_plugins/openshift_master.py | 16 | ||||
| -rw-r--r-- | playbooks/common/openshift-cluster/redeploy-certificates/ca.yml | 21 | ||||
| -rw-r--r-- | roles/openshift_master/templates/master.yaml.v1.j2 | 12 |
3 files changed, 41 insertions, 8 deletions
diff --git a/filter_plugins/openshift_master.py b/filter_plugins/openshift_master.py index 4ccee91f9..6d009077a 100644 --- a/filter_plugins/openshift_master.py +++ b/filter_plugins/openshift_master.py @@ -162,7 +162,7 @@ class LDAPPasswordIdentityProvider(IdentityProviderBase): AnsibleFilterError: """ def __init__(self, api_version, idp): - super(self.__class__, self).__init__(api_version, idp) + super(LDAPPasswordIdentityProvider, self).__init__(api_version, idp) self._allow_additional = False self._required += [['attributes'], ['url'], ['insecure']] self._optional += [['ca'], @@ -206,7 +206,7 @@ class KeystonePasswordIdentityProvider(IdentityProviderBase): AnsibleFilterError: """ def __init__(self, api_version, idp): - super(self.__class__, self).__init__(api_version, idp) + super(KeystonePasswordIdentityProvider, self).__init__(api_version, idp) self._allow_additional = False self._required += [['url'], ['domainName', 'domain_name']] self._optional += [['ca'], ['certFile', 'cert_file'], ['keyFile', 'key_file']] @@ -225,7 +225,7 @@ class RequestHeaderIdentityProvider(IdentityProviderBase): AnsibleFilterError: """ def __init__(self, api_version, idp): - super(self.__class__, self).__init__(api_version, idp) + super(RequestHeaderIdentityProvider, self).__init__(api_version, idp) self._allow_additional = False self._required += [['headers']] self._optional += [['challengeURL', 'challenge_url'], @@ -256,7 +256,7 @@ class AllowAllPasswordIdentityProvider(IdentityProviderBase): AnsibleFilterError: """ def __init__(self, api_version, idp): - super(self.__class__, self).__init__(api_version, idp) + super(AllowAllPasswordIdentityProvider, self).__init__(api_version, idp) self._allow_additional = False @@ -273,7 +273,7 @@ class DenyAllPasswordIdentityProvider(IdentityProviderBase): AnsibleFilterError: """ def __init__(self, api_version, idp): - super(self.__class__, self).__init__(api_version, idp) + super(DenyAllPasswordIdentityProvider, self).__init__(api_version, idp) self._allow_additional = False @@ -290,7 +290,7 @@ class HTPasswdPasswordIdentityProvider(IdentityProviderBase): AnsibleFilterError: """ def __init__(self, api_version, idp): - super(self.__class__, self).__init__(api_version, idp) + super(HTPasswdPasswordIdentityProvider, self).__init__(api_version, idp) self._allow_additional = False self._required += [['file', 'filename', 'fileName', 'file_name']] @@ -315,7 +315,7 @@ class BasicAuthPasswordIdentityProvider(IdentityProviderBase): AnsibleFilterError: """ def __init__(self, api_version, idp): - super(self.__class__, self).__init__(api_version, idp) + super(BasicAuthPasswordIdentityProvider, self).__init__(api_version, idp) self._allow_additional = False self._required += [['url']] self._optional += [['ca'], ['certFile', 'cert_file'], ['keyFile', 'key_file']] @@ -334,7 +334,7 @@ class IdentityProviderOauthBase(IdentityProviderBase): AnsibleFilterError: """ def __init__(self, api_version, idp): - super(self.__class__, self).__init__(api_version, idp) + super(IdentityProviderOauthBase, self).__init__(api_version, idp) self._allow_additional = False self._required += [['clientID', 'client_id'], ['clientSecret', 'client_secret']] diff --git a/playbooks/common/openshift-cluster/redeploy-certificates/ca.yml b/playbooks/common/openshift-cluster/redeploy-certificates/ca.yml index 0b1c39ba4..9d4d3ea26 100644 --- a/playbooks/common/openshift-cluster/redeploy-certificates/ca.yml +++ b/playbooks/common/openshift-cluster/redeploy-certificates/ca.yml @@ -160,6 +160,27 @@ yaml_key: servingInfo.clientCA yaml_value: ca-bundle.crt when: (g_master_config_output.content|b64decode|from_yaml).servingInfo.clientCA != 'ca-bundle.crt' + - modify_yaml: + dest: "{{ openshift.common.config_base }}/master/master-config.yaml" + yaml_key: etcdClientInfo.ca + yaml_value: ca-bundle.crt + when: + - groups.oo_etcd_to_config | default([]) | length == 0 + - (g_master_config_output.content|b64decode|from_yaml).etcdClientInfo.ca != 'ca-bundle.crt' + - modify_yaml: + dest: "{{ openshift.common.config_base }}/master/master-config.yaml" + yaml_key: etcdConfig.peerServingInfo.clientCA + yaml_value: ca-bundle.crt + when: + - groups.oo_etcd_to_config | default([]) | length == 0 + - (g_master_config_output.content|b64decode|from_yaml).etcdConfig.peerServingInfo.clientCA != 'ca-bundle.crt' + - modify_yaml: + dest: "{{ openshift.common.config_base }}/master/master-config.yaml" + yaml_key: etcdConfig.servingInfo.clientCA + yaml_value: ca-bundle.crt + when: + - groups.oo_etcd_to_config | default([]) | length == 0 + - (g_master_config_output.content|b64decode|from_yaml).etcdConfig.servingInfo.clientCA != 'ca-bundle.crt' - name: Copy current OpenShift CA to legacy directory hosts: oo_masters_to_config diff --git a/roles/openshift_master/templates/master.yaml.v1.j2 b/roles/openshift_master/templates/master.yaml.v1.j2 index 9ae54dac1..cf2d2e103 100644 --- a/roles/openshift_master/templates/master.yaml.v1.j2 +++ b/roles/openshift_master/templates/master.yaml.v1.j2 @@ -65,7 +65,11 @@ dnsConfig: bindNetwork: tcp4 {% endif %} etcdClientInfo: +{% if openshift.common.version_gte_3_2_or_1_2 | bool %} + ca: {{ "ca-bundle.crt" if (openshift.master.embedded_etcd | bool) else "master.etcd-ca.crt" }} +{% else %} ca: {{ "ca.crt" if (openshift.master.embedded_etcd | bool) else "master.etcd-ca.crt" }} +{% endif %} certFile: master.etcd-client.crt keyFile: master.etcd-client.key urls: @@ -79,12 +83,20 @@ etcdConfig: peerServingInfo: bindAddress: {{ openshift.master.bind_addr }}:7001 certFile: etcd.server.crt +{% if openshift.common.version_gte_3_2_or_1_2 | bool %} + clientCA: ca-bundle.crt +{% else %} clientCA: ca.crt +{% endif %} keyFile: etcd.server.key servingInfo: bindAddress: {{ openshift.master.bind_addr }}:{{ openshift.master.etcd_port }} certFile: etcd.server.crt +{% if openshift.common.version_gte_3_2_or_1_2 | bool %} + clientCA: ca-bundle.crt +{% else %} clientCA: ca.crt +{% endif %} keyFile: etcd.server.key storageDirectory: {{ openshift.common.data_dir }}/openshift.local.etcd {% endif %} |