summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--.gitignore1
-rw-r--r--playbooks/common/openshift-cluster/config.yml2
-rw-r--r--playbooks/common/openshift-cluster/initialize_facts.yml7
-rw-r--r--playbooks/common/openshift-node/config.yml23
-rw-r--r--roles/etcd_certificates/tasks/client.yml8
-rw-r--r--roles/etcd_certificates/tasks/server.yml12
6 files changed, 30 insertions, 23 deletions
diff --git a/.gitignore b/.gitignore
index 626065fe1..dcea26d60 100644
--- a/.gitignore
+++ b/.gitignore
@@ -19,3 +19,4 @@ multi_inventory.yaml
.vagrant
.tags*
ansible.cfg
+*.retry
diff --git a/playbooks/common/openshift-cluster/config.yml b/playbooks/common/openshift-cluster/config.yml
index 99b36098a..903babc45 100644
--- a/playbooks/common/openshift-cluster/config.yml
+++ b/playbooks/common/openshift-cluster/config.yml
@@ -1,6 +1,8 @@
---
- include: evaluate_groups.yml
+- include: initialize_facts.yml
+
- include: validate_hostnames.yml
- name: Set oo_options
diff --git a/playbooks/common/openshift-cluster/initialize_facts.yml b/playbooks/common/openshift-cluster/initialize_facts.yml
new file mode 100644
index 000000000..9a844e216
--- /dev/null
+++ b/playbooks/common/openshift-cluster/initialize_facts.yml
@@ -0,0 +1,7 @@
+---
+- name: Initialize host facts
+ hosts: OSEv3
+ roles:
+ - openshift_facts
+ tasks:
+ - openshift_facts:
diff --git a/playbooks/common/openshift-node/config.yml b/playbooks/common/openshift-node/config.yml
index f0bb91568..b0407ef74 100644
--- a/playbooks/common/openshift-node/config.yml
+++ b/playbooks/common/openshift-node/config.yml
@@ -148,15 +148,15 @@
register: g_external_etcd_flannel_cert_stat_result
when: groups.oo_etcd_to_config is defined and groups.oo_etcd_to_config and (openshift.common.use_flannel | bool)
- set_fact:
- etcd_client_flannel_certs_missing: "{{ g_external_etcd_flannel_cert_stat_result.results
+ etcd_client_flannel_certs_missing: "{{ False in g_external_etcd_flannel_cert_stat_result.results
| oo_collect(attribute='stat.exists')
- | list | intersect([false])}}"
+ | list }}"
etcd_cert_subdir: openshift-node-{{ openshift.common.hostname }}
etcd_cert_config_dir: "{{ openshift.common.config_base }}/node"
etcd_cert_prefix: node.etcd-
etcd_hostname: "{{ openshift.common.hostname }}"
etcd_ip: "{{ openshift.common.ip }}"
- when: groups.oo_etcd_to_config is defined and groups.oo_etcd_to_config and (openshift.common.use_flannel | bool)
+ when: groups.oo_etcd_to_config is defined and groups.oo_etcd_to_config | length > 0 and (openshift.common.use_flannel | bool)
- name: Configure flannel etcd certificates
hosts: oo_first_etcd
@@ -166,9 +166,8 @@
pre_tasks:
- set_fact:
etcd_needing_client_certs: "{{ hostvars
- | oo_select_keys(groups['oo_nodes_to_config'])
- | oo_filter_list(filter_attr='etcd_client_flannel_certs_missing') | default([]) }}"
- when: etcd_client_flannel_certs_missing is defined and etcd_client_flannel_certs_missing
+ | oo_select_keys(groups['oo_nodes_to_config'])
+ | oo_filter_list('etcd_client_flannel_certs_missing') | default([]) }}"
roles:
- role: openshift_etcd_certificates
when: openshift_use_flannel | default(false) | bool
@@ -179,8 +178,7 @@
-C {{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }} .
args:
creates: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}.tgz"
- with_items: "{{ etcd_needing_client_certs | default([]) }}"
- when: etcd_client_flannel_certs_missing is defined and etcd_client_flannel_certs_missing
+ with_items: etcd_needing_client_certs | default([])
- name: Retrieve the etcd cert tarballs
fetch:
src: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}.tgz"
@@ -188,8 +186,7 @@
flat: yes
fail_on_missing: yes
validate_checksum: yes
- with_items: "{{ etcd_needing_client_certs | default([]) }}"
- when: etcd_client_flannel_certs_missing is defined and etcd_client_flannel_certs_missing
+ with_items: etcd_needing_client_certs | default([])
- name: Copy the external etcd flannel certs to the nodes
hosts: oo_nodes_to_config
@@ -200,12 +197,12 @@
file:
path: "{{ openshift.common.config_base }}/node"
state: directory
- when: etcd_client_flannel_certs_missing is defined and etcd_client_flannel_certs_missing
+ when: etcd_client_flannel_certs_missing | default(false) | bool
- name: Unarchive the tarball on the master
unarchive:
src: "{{ sync_tmpdir }}/{{ etcd_cert_subdir }}.tgz"
dest: "{{ etcd_cert_config_dir }}"
- when: etcd_client_flannel_certs_missing is defined and etcd_client_flannel_certs_missing
+ when: etcd_client_flannel_certs_missing | default(false) | bool
- file:
path: "{{ etcd_cert_config_dir }}/{{ item }}"
owner: root
@@ -215,7 +212,7 @@
- node.etcd-client.crt
- node.etcd-client.key
- node.etcd-ca.crt
- when: etcd_client_flannel_certs_missing is defined and etcd_client_flannel_certs_missing
+ when: etcd_client_flannel_certs_missing | default(false) | bool
- name: Additional node config
diff --git a/roles/etcd_certificates/tasks/client.yml b/roles/etcd_certificates/tasks/client.yml
index b497a46c0..a9f130bb9 100644
--- a/roles/etcd_certificates/tasks/client.yml
+++ b/roles/etcd_certificates/tasks/client.yml
@@ -4,7 +4,7 @@
path: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}"
state: directory
mode: 0700
- with_items: "{{ etcd_needing_client_certs | default([]) }}"
+ with_items: etcd_needing_client_certs | default([])
- name: Create the client csr
command: >
@@ -19,7 +19,7 @@
~ item.etcd_cert_prefix ~ 'client.csr' }}"
environment:
SAN: "IP:{{ item.etcd_ip }}"
- with_items: "{{ etcd_needing_client_certs | default([]) }}"
+ with_items: etcd_needing_client_certs | default([])
- name: Sign and create the client crt
command: >
@@ -33,10 +33,10 @@
~ item.etcd_cert_prefix ~ 'client.crt' }}"
environment:
SAN: "IP:{{ item.etcd_ip }}"
- with_items: "{{ etcd_needing_client_certs | default([]) }}"
+ with_items: etcd_needing_client_certs | default([])
- file:
src: "{{ etcd_ca_cert }}"
dest: "{{ etcd_generated_certs_dir}}/{{ item.etcd_cert_subdir }}/{{ item.etcd_cert_prefix }}ca.crt"
state: hard
- with_items: "{{ etcd_needing_client_certs | default([]) }}"
+ with_items: etcd_needing_client_certs | default([])
diff --git a/roles/etcd_certificates/tasks/server.yml b/roles/etcd_certificates/tasks/server.yml
index 934b8b805..223917ccd 100644
--- a/roles/etcd_certificates/tasks/server.yml
+++ b/roles/etcd_certificates/tasks/server.yml
@@ -4,7 +4,7 @@
path: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}"
state: directory
mode: 0700
- with_items: "{{ etcd_needing_server_certs | default([]) }}"
+ with_items: etcd_needing_server_certs | default([])
- name: Create the server csr
command: >
@@ -19,7 +19,7 @@
~ item.etcd_cert_prefix ~ 'server.csr' }}"
environment:
SAN: "IP:{{ item.etcd_ip }}"
- with_items: "{{ etcd_needing_server_certs | default([]) }}"
+ with_items: etcd_needing_server_certs | default([])
- name: Sign and create the server crt
command: >
@@ -33,7 +33,7 @@
~ item.etcd_cert_prefix ~ 'server.crt' }}"
environment:
SAN: "IP:{{ item.etcd_ip }}"
- with_items: "{{ etcd_needing_server_certs | default([]) }}"
+ with_items: etcd_needing_server_certs | default([])
- name: Create the peer csr
command: >
@@ -48,7 +48,7 @@
~ item.etcd_cert_prefix ~ 'peer.csr' }}"
environment:
SAN: "IP:{{ item.etcd_ip }}"
- with_items: "{{ etcd_needing_server_certs | default([]) }}"
+ with_items: etcd_needing_server_certs | default([])
- name: Sign and create the peer crt
command: >
@@ -62,10 +62,10 @@
~ item.etcd_cert_prefix ~ 'peer.crt' }}"
environment:
SAN: "IP:{{ item.etcd_ip }}"
- with_items: "{{ etcd_needing_server_certs | default([]) }}"
+ with_items: etcd_needing_server_certs | default([])
- file:
src: "{{ etcd_ca_cert }}"
dest: "{{ etcd_generated_certs_dir}}/{{ item.etcd_cert_subdir }}/{{ item.etcd_cert_prefix }}ca.crt"
state: hard
- with_items: "{{ etcd_needing_server_certs | default([]) }}"
+ with_items: etcd_needing_server_certs | default([])