summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--roles/lib_openshift/library/oadm_manage_node.py4
-rw-r--r--roles/lib_openshift/library/oc_adm_ca_server_cert.py4
-rw-r--r--roles/lib_openshift/library/oc_adm_registry.py14
-rw-r--r--roles/lib_openshift/library/oc_adm_router.py9
-rw-r--r--roles/lib_openshift/library/oc_edit.py4
-rw-r--r--roles/lib_openshift/library/oc_env.py4
-rw-r--r--roles/lib_openshift/library/oc_label.py4
-rw-r--r--roles/lib_openshift/library/oc_obj.py4
-rw-r--r--roles/lib_openshift/library/oc_process.py4
-rw-r--r--roles/lib_openshift/library/oc_route.py6
-rw-r--r--roles/lib_openshift/library/oc_scale.py4
-rw-r--r--roles/lib_openshift/library/oc_secret.py4
-rw-r--r--roles/lib_openshift/library/oc_service.py15
-rw-r--r--roles/lib_openshift/library/oc_serviceaccount.py4
-rw-r--r--roles/lib_openshift/library/oc_serviceaccount_secret.py4
-rw-r--r--roles/lib_openshift/library/oc_version.py4
-rw-r--r--roles/lib_openshift/src/class/oc_adm_registry.py5
-rw-r--r--roles/lib_openshift/src/class/oc_route.py2
-rw-r--r--roles/lib_openshift/src/class/oc_service.py6
-rw-r--r--roles/lib_openshift/src/lib/base.py4
-rw-r--r--roles/lib_openshift/src/lib/service.py5
-rw-r--r--roles/openshift_hosted/tasks/registry/registry.yml1
-rw-r--r--roles/openshift_hosted/tasks/registry/secure.yml24
-rw-r--r--roles/openshift_hosted/tasks/router/router.yml3
24 files changed, 80 insertions, 62 deletions
diff --git a/roles/lib_openshift/library/oadm_manage_node.py b/roles/lib_openshift/library/oadm_manage_node.py
index 6a3543742..0c29c1b91 100644
--- a/roles/lib_openshift/library/oadm_manage_node.py
+++ b/roles/lib_openshift/library/oadm_manage_node.py
@@ -1283,8 +1283,8 @@ class Utils(object):
elif value != user_def[key]:
if debug:
print('value should be identical')
- print(value)
print(user_def[key])
+ print(value)
return False
# recurse on a dictionary
@@ -1304,8 +1304,8 @@ class Utils(object):
if api_values != user_values:
if debug:
print("keys are not equal in dict")
- print(api_values)
print(user_values)
+ print(api_values)
return False
result = Utils.check_def_equal(user_def[key], value, skip_keys=skip_keys, debug=debug)
diff --git a/roles/lib_openshift/library/oc_adm_ca_server_cert.py b/roles/lib_openshift/library/oc_adm_ca_server_cert.py
index 5b1f417b8..9390ea7c1 100644
--- a/roles/lib_openshift/library/oc_adm_ca_server_cert.py
+++ b/roles/lib_openshift/library/oc_adm_ca_server_cert.py
@@ -1291,8 +1291,8 @@ class Utils(object):
elif value != user_def[key]:
if debug:
print('value should be identical')
- print(value)
print(user_def[key])
+ print(value)
return False
# recurse on a dictionary
@@ -1312,8 +1312,8 @@ class Utils(object):
if api_values != user_values:
if debug:
print("keys are not equal in dict")
- print(api_values)
print(user_values)
+ print(api_values)
return False
result = Utils.check_def_equal(user_def[key], value, skip_keys=skip_keys, debug=debug)
diff --git a/roles/lib_openshift/library/oc_adm_registry.py b/roles/lib_openshift/library/oc_adm_registry.py
index e404f0e0e..a2c4515aa 100644
--- a/roles/lib_openshift/library/oc_adm_registry.py
+++ b/roles/lib_openshift/library/oc_adm_registry.py
@@ -1387,8 +1387,8 @@ class Utils(object):
elif value != user_def[key]:
if debug:
print('value should be identical')
- print(value)
print(user_def[key])
+ print(value)
return False
# recurse on a dictionary
@@ -1408,8 +1408,8 @@ class Utils(object):
if api_values != user_values:
if debug:
print("keys are not equal in dict")
- print(api_values)
print(user_values)
+ print(api_values)
return False
result = Utils.check_def_equal(user_def[key], value, skip_keys=skip_keys, debug=debug)
@@ -1985,6 +1985,7 @@ class Service(Yedit):
port_path = "spec.ports"
portal_ip = "spec.portalIP"
cluster_ip = "spec.clusterIP"
+ selector_path = 'spec.selector'
kind = 'Service'
def __init__(self, content):
@@ -1995,6 +1996,10 @@ class Service(Yedit):
''' get a list of ports '''
return self.get(Service.port_path) or []
+ def get_selector(self):
+ ''' get the service selector'''
+ return self.get(Service.selector_path) or {}
+
def add_ports(self, inc_ports):
''' add a port object to the ports list '''
if not isinstance(inc_ports, list):
@@ -2243,7 +2248,7 @@ class Registry(OpenShiftCLI):
if result['returncode'] == 0 and part['kind'] == 'dc':
self.deploymentconfig = DeploymentConfig(result['results'][0])
elif result['returncode'] == 0 and part['kind'] == 'svc':
- self.service = Yedit(content=result['results'][0])
+ self.service = Service(result['results'][0])
if result['returncode'] != 0:
rval = result['returncode']
@@ -2313,6 +2318,9 @@ class Registry(OpenShiftCLI):
if self.portal_ip:
service.put('spec.portalIP', self.portal_ip)
+ # the dry-run doesn't apply the selector correctly
+ service.put('spec.selector', self.service.get_selector())
+
# need to create the service and the deploymentconfig
service_file = Utils.create_tmp_file_from_contents('service', service.yaml_dict)
deployment_file = Utils.create_tmp_file_from_contents('deploymentconfig', deploymentconfig.yaml_dict)
diff --git a/roles/lib_openshift/library/oc_adm_router.py b/roles/lib_openshift/library/oc_adm_router.py
index 8bbe50ea3..344a339e4 100644
--- a/roles/lib_openshift/library/oc_adm_router.py
+++ b/roles/lib_openshift/library/oc_adm_router.py
@@ -1412,8 +1412,8 @@ class Utils(object):
elif value != user_def[key]:
if debug:
print('value should be identical')
- print(value)
print(user_def[key])
+ print(value)
return False
# recurse on a dictionary
@@ -1433,8 +1433,8 @@ class Utils(object):
if api_values != user_values:
if debug:
print("keys are not equal in dict")
- print(api_values)
print(user_values)
+ print(api_values)
return False
result = Utils.check_def_equal(user_def[key], value, skip_keys=skip_keys, debug=debug)
@@ -1558,6 +1558,7 @@ class Service(Yedit):
port_path = "spec.ports"
portal_ip = "spec.portalIP"
cluster_ip = "spec.clusterIP"
+ selector_path = 'spec.selector'
kind = 'Service'
def __init__(self, content):
@@ -1568,6 +1569,10 @@ class Service(Yedit):
''' get a list of ports '''
return self.get(Service.port_path) or []
+ def get_selector(self):
+ ''' get the service selector'''
+ return self.get(Service.selector_path) or {}
+
def add_ports(self, inc_ports):
''' add a port object to the ports list '''
if not isinstance(inc_ports, list):
diff --git a/roles/lib_openshift/library/oc_edit.py b/roles/lib_openshift/library/oc_edit.py
index 36d9394e1..aec64202f 100644
--- a/roles/lib_openshift/library/oc_edit.py
+++ b/roles/lib_openshift/library/oc_edit.py
@@ -1311,8 +1311,8 @@ class Utils(object):
elif value != user_def[key]:
if debug:
print('value should be identical')
- print(value)
print(user_def[key])
+ print(value)
return False
# recurse on a dictionary
@@ -1332,8 +1332,8 @@ class Utils(object):
if api_values != user_values:
if debug:
print("keys are not equal in dict")
- print(api_values)
print(user_values)
+ print(api_values)
return False
result = Utils.check_def_equal(user_def[key], value, skip_keys=skip_keys, debug=debug)
diff --git a/roles/lib_openshift/library/oc_env.py b/roles/lib_openshift/library/oc_env.py
index 65b2bf860..e164ecf95 100644
--- a/roles/lib_openshift/library/oc_env.py
+++ b/roles/lib_openshift/library/oc_env.py
@@ -1278,8 +1278,8 @@ class Utils(object):
elif value != user_def[key]:
if debug:
print('value should be identical')
- print(value)
print(user_def[key])
+ print(value)
return False
# recurse on a dictionary
@@ -1299,8 +1299,8 @@ class Utils(object):
if api_values != user_values:
if debug:
print("keys are not equal in dict")
- print(api_values)
print(user_values)
+ print(api_values)
return False
result = Utils.check_def_equal(user_def[key], value, skip_keys=skip_keys, debug=debug)
diff --git a/roles/lib_openshift/library/oc_label.py b/roles/lib_openshift/library/oc_label.py
index ad2b5b5ed..fd6674d41 100644
--- a/roles/lib_openshift/library/oc_label.py
+++ b/roles/lib_openshift/library/oc_label.py
@@ -1287,8 +1287,8 @@ class Utils(object):
elif value != user_def[key]:
if debug:
print('value should be identical')
- print(value)
print(user_def[key])
+ print(value)
return False
# recurse on a dictionary
@@ -1308,8 +1308,8 @@ class Utils(object):
if api_values != user_values:
if debug:
print("keys are not equal in dict")
- print(api_values)
print(user_values)
+ print(api_values)
return False
result = Utils.check_def_equal(user_def[key], value, skip_keys=skip_keys, debug=debug)
diff --git a/roles/lib_openshift/library/oc_obj.py b/roles/lib_openshift/library/oc_obj.py
index 68e882167..24397d725 100644
--- a/roles/lib_openshift/library/oc_obj.py
+++ b/roles/lib_openshift/library/oc_obj.py
@@ -1290,8 +1290,8 @@ class Utils(object):
elif value != user_def[key]:
if debug:
print('value should be identical')
- print(value)
print(user_def[key])
+ print(value)
return False
# recurse on a dictionary
@@ -1311,8 +1311,8 @@ class Utils(object):
if api_values != user_values:
if debug:
print("keys are not equal in dict")
- print(api_values)
print(user_values)
+ print(api_values)
return False
result = Utils.check_def_equal(user_def[key], value, skip_keys=skip_keys, debug=debug)
diff --git a/roles/lib_openshift/library/oc_process.py b/roles/lib_openshift/library/oc_process.py
index bf4a08c52..0a4f2058a 100644
--- a/roles/lib_openshift/library/oc_process.py
+++ b/roles/lib_openshift/library/oc_process.py
@@ -1279,8 +1279,8 @@ class Utils(object):
elif value != user_def[key]:
if debug:
print('value should be identical')
- print(value)
print(user_def[key])
+ print(value)
return False
# recurse on a dictionary
@@ -1300,8 +1300,8 @@ class Utils(object):
if api_values != user_values:
if debug:
print("keys are not equal in dict")
- print(api_values)
print(user_values)
+ print(api_values)
return False
result = Utils.check_def_equal(user_def[key], value, skip_keys=skip_keys, debug=debug)
diff --git a/roles/lib_openshift/library/oc_route.py b/roles/lib_openshift/library/oc_route.py
index e40e21e8f..741f608a2 100644
--- a/roles/lib_openshift/library/oc_route.py
+++ b/roles/lib_openshift/library/oc_route.py
@@ -1321,8 +1321,8 @@ class Utils(object):
elif value != user_def[key]:
if debug:
print('value should be identical')
- print(value)
print(user_def[key])
+ print(value)
return False
# recurse on a dictionary
@@ -1342,8 +1342,8 @@ class Utils(object):
if api_values != user_values:
if debug:
print("keys are not equal in dict")
- print(api_values)
print(user_values)
+ print(api_values)
return False
result = Utils.check_def_equal(user_def[key], value, skip_keys=skip_keys, debug=debug)
@@ -1595,7 +1595,7 @@ class OCRoute(OpenShiftCLI):
def update(self):
'''update the object'''
# when the host attribute is being updated, we need to delete and recreate
- if self.config.host != self.route.host:
+ if self.config.host != self.route.get_host():
import time
self.delete()
time.sleep(3)
diff --git a/roles/lib_openshift/library/oc_scale.py b/roles/lib_openshift/library/oc_scale.py
index 17e2d87c3..0c2d86a18 100644
--- a/roles/lib_openshift/library/oc_scale.py
+++ b/roles/lib_openshift/library/oc_scale.py
@@ -1265,8 +1265,8 @@ class Utils(object):
elif value != user_def[key]:
if debug:
print('value should be identical')
- print(value)
print(user_def[key])
+ print(value)
return False
# recurse on a dictionary
@@ -1286,8 +1286,8 @@ class Utils(object):
if api_values != user_values:
if debug:
print("keys are not equal in dict")
- print(api_values)
print(user_values)
+ print(api_values)
return False
result = Utils.check_def_equal(user_def[key], value, skip_keys=skip_keys, debug=debug)
diff --git a/roles/lib_openshift/library/oc_secret.py b/roles/lib_openshift/library/oc_secret.py
index bf1f788eb..b6dcd9fff 100644
--- a/roles/lib_openshift/library/oc_secret.py
+++ b/roles/lib_openshift/library/oc_secret.py
@@ -1311,8 +1311,8 @@ class Utils(object):
elif value != user_def[key]:
if debug:
print('value should be identical')
- print(value)
print(user_def[key])
+ print(value)
return False
# recurse on a dictionary
@@ -1332,8 +1332,8 @@ class Utils(object):
if api_values != user_values:
if debug:
print("keys are not equal in dict")
- print(api_values)
print(user_values)
+ print(api_values)
return False
result = Utils.check_def_equal(user_def[key], value, skip_keys=skip_keys, debug=debug)
diff --git a/roles/lib_openshift/library/oc_service.py b/roles/lib_openshift/library/oc_service.py
index c789bbdac..83d0579a5 100644
--- a/roles/lib_openshift/library/oc_service.py
+++ b/roles/lib_openshift/library/oc_service.py
@@ -1317,8 +1317,8 @@ class Utils(object):
elif value != user_def[key]:
if debug:
print('value should be identical')
- print(value)
print(user_def[key])
+ print(value)
return False
# recurse on a dictionary
@@ -1338,8 +1338,8 @@ class Utils(object):
if api_values != user_values:
if debug:
print("keys are not equal in dict")
- print(api_values)
print(user_values)
+ print(api_values)
return False
result = Utils.check_def_equal(user_def[key], value, skip_keys=skip_keys, debug=debug)
@@ -1463,6 +1463,7 @@ class Service(Yedit):
port_path = "spec.ports"
portal_ip = "spec.portalIP"
cluster_ip = "spec.clusterIP"
+ selector_path = 'spec.selector'
kind = 'Service'
def __init__(self, content):
@@ -1473,6 +1474,10 @@ class Service(Yedit):
''' get a list of ports '''
return self.get(Service.port_path) or []
+ def get_selector(self):
+ ''' get the service selector'''
+ return self.get(Service.selector_path) or {}
+
def add_ports(self, inc_ports):
''' add a port object to the ports list '''
if not isinstance(inc_ports, list):
@@ -1546,7 +1551,7 @@ class OCService(OpenShiftCLI):
kubeconfig='/etc/origin/master/admin.kubeconfig',
verbose=False):
''' Constructor for OCVolume '''
- super(OCService, self).__init__(namespace, kubeconfig)
+ super(OCService, self).__init__(namespace, kubeconfig, verbose)
self.namespace = namespace
self.config = ServiceConfig(sname, namespace, ports, selector, labels,
cluster_ip, portal_ip, session_affinity, service_type)
@@ -1617,7 +1622,9 @@ class OCService(OpenShiftCLI):
params['portalip'],
params['ports'],
params['session_affinity'],
- params['service_type'])
+ params['service_type'],
+ params['kubeconfig'],
+ params['debug'])
state = params['state']
diff --git a/roles/lib_openshift/library/oc_serviceaccount.py b/roles/lib_openshift/library/oc_serviceaccount.py
index 2d485aec2..9b0a6e060 100644
--- a/roles/lib_openshift/library/oc_serviceaccount.py
+++ b/roles/lib_openshift/library/oc_serviceaccount.py
@@ -1263,8 +1263,8 @@ class Utils(object):
elif value != user_def[key]:
if debug:
print('value should be identical')
- print(value)
print(user_def[key])
+ print(value)
return False
# recurse on a dictionary
@@ -1284,8 +1284,8 @@ class Utils(object):
if api_values != user_values:
if debug:
print("keys are not equal in dict")
- print(api_values)
print(user_values)
+ print(api_values)
return False
result = Utils.check_def_equal(user_def[key], value, skip_keys=skip_keys, debug=debug)
diff --git a/roles/lib_openshift/library/oc_serviceaccount_secret.py b/roles/lib_openshift/library/oc_serviceaccount_secret.py
index 0aa4d9017..413b8e358 100644
--- a/roles/lib_openshift/library/oc_serviceaccount_secret.py
+++ b/roles/lib_openshift/library/oc_serviceaccount_secret.py
@@ -1263,8 +1263,8 @@ class Utils(object):
elif value != user_def[key]:
if debug:
print('value should be identical')
- print(value)
print(user_def[key])
+ print(value)
return False
# recurse on a dictionary
@@ -1284,8 +1284,8 @@ class Utils(object):
if api_values != user_values:
if debug:
print("keys are not equal in dict")
- print(api_values)
print(user_values)
+ print(api_values)
return False
result = Utils.check_def_equal(user_def[key], value, skip_keys=skip_keys, debug=debug)
diff --git a/roles/lib_openshift/library/oc_version.py b/roles/lib_openshift/library/oc_version.py
index 13b4504c7..1aae7a8ea 100644
--- a/roles/lib_openshift/library/oc_version.py
+++ b/roles/lib_openshift/library/oc_version.py
@@ -1235,8 +1235,8 @@ class Utils(object):
elif value != user_def[key]:
if debug:
print('value should be identical')
- print(value)
print(user_def[key])
+ print(value)
return False
# recurse on a dictionary
@@ -1256,8 +1256,8 @@ class Utils(object):
if api_values != user_values:
if debug:
print("keys are not equal in dict")
- print(api_values)
print(user_values)
+ print(api_values)
return False
result = Utils.check_def_equal(user_def[key], value, skip_keys=skip_keys, debug=debug)
diff --git a/roles/lib_openshift/src/class/oc_adm_registry.py b/roles/lib_openshift/src/class/oc_adm_registry.py
index 35b417059..06de2ba12 100644
--- a/roles/lib_openshift/src/class/oc_adm_registry.py
+++ b/roles/lib_openshift/src/class/oc_adm_registry.py
@@ -109,7 +109,7 @@ class Registry(OpenShiftCLI):
if result['returncode'] == 0 and part['kind'] == 'dc':
self.deploymentconfig = DeploymentConfig(result['results'][0])
elif result['returncode'] == 0 and part['kind'] == 'svc':
- self.service = Yedit(content=result['results'][0])
+ self.service = Service(result['results'][0])
if result['returncode'] != 0:
rval = result['returncode']
@@ -179,6 +179,9 @@ class Registry(OpenShiftCLI):
if self.portal_ip:
service.put('spec.portalIP', self.portal_ip)
+ # the dry-run doesn't apply the selector correctly
+ service.put('spec.selector', self.service.get_selector())
+
# need to create the service and the deploymentconfig
service_file = Utils.create_tmp_file_from_contents('service', service.yaml_dict)
deployment_file = Utils.create_tmp_file_from_contents('deploymentconfig', deploymentconfig.yaml_dict)
diff --git a/roles/lib_openshift/src/class/oc_route.py b/roles/lib_openshift/src/class/oc_route.py
index 122cc5fe9..33ffdcb66 100644
--- a/roles/lib_openshift/src/class/oc_route.py
+++ b/roles/lib_openshift/src/class/oc_route.py
@@ -56,7 +56,7 @@ class OCRoute(OpenShiftCLI):
def update(self):
'''update the object'''
# when the host attribute is being updated, we need to delete and recreate
- if self.config.host != self.route.host:
+ if self.config.host != self.route.get_host():
import time
self.delete()
time.sleep(3)
diff --git a/roles/lib_openshift/src/class/oc_service.py b/roles/lib_openshift/src/class/oc_service.py
index d4cc83a59..20cf23df5 100644
--- a/roles/lib_openshift/src/class/oc_service.py
+++ b/roles/lib_openshift/src/class/oc_service.py
@@ -22,7 +22,7 @@ class OCService(OpenShiftCLI):
kubeconfig='/etc/origin/master/admin.kubeconfig',
verbose=False):
''' Constructor for OCVolume '''
- super(OCService, self).__init__(namespace, kubeconfig)
+ super(OCService, self).__init__(namespace, kubeconfig, verbose)
self.namespace = namespace
self.config = ServiceConfig(sname, namespace, ports, selector, labels,
cluster_ip, portal_ip, session_affinity, service_type)
@@ -93,7 +93,9 @@ class OCService(OpenShiftCLI):
params['portalip'],
params['ports'],
params['session_affinity'],
- params['service_type'])
+ params['service_type'],
+ params['kubeconfig'],
+ params['debug'])
state = params['state']
diff --git a/roles/lib_openshift/src/lib/base.py b/roles/lib_openshift/src/lib/base.py
index 53b9f9947..d037074a5 100644
--- a/roles/lib_openshift/src/lib/base.py
+++ b/roles/lib_openshift/src/lib/base.py
@@ -523,8 +523,8 @@ class Utils(object):
elif value != user_def[key]:
if debug:
print('value should be identical')
- print(value)
print(user_def[key])
+ print(value)
return False
# recurse on a dictionary
@@ -544,8 +544,8 @@ class Utils(object):
if api_values != user_values:
if debug:
print("keys are not equal in dict")
- print(api_values)
print(user_values)
+ print(api_values)
return False
result = Utils.check_def_equal(user_def[key], value, skip_keys=skip_keys, debug=debug)
diff --git a/roles/lib_openshift/src/lib/service.py b/roles/lib_openshift/src/lib/service.py
index ffe27da47..eef568779 100644
--- a/roles/lib_openshift/src/lib/service.py
+++ b/roles/lib_openshift/src/lib/service.py
@@ -67,6 +67,7 @@ class Service(Yedit):
port_path = "spec.ports"
portal_ip = "spec.portalIP"
cluster_ip = "spec.clusterIP"
+ selector_path = 'spec.selector'
kind = 'Service'
def __init__(self, content):
@@ -77,6 +78,10 @@ class Service(Yedit):
''' get a list of ports '''
return self.get(Service.port_path) or []
+ def get_selector(self):
+ ''' get the service selector'''
+ return self.get(Service.selector_path) or {}
+
def add_ports(self, inc_ports):
''' add a port object to the ports list '''
if not isinstance(inc_ports, list):
diff --git a/roles/openshift_hosted/tasks/registry/registry.yml b/roles/openshift_hosted/tasks/registry/registry.yml
index f9441dd57..5e9d5d06a 100644
--- a/roles/openshift_hosted/tasks/registry/registry.yml
+++ b/roles/openshift_hosted/tasks/registry/registry.yml
@@ -92,7 +92,6 @@
- name: Create OpenShift registry
oc_adm_registry:
-#debug: True
name: "{{ openshift_hosted_registry_name }}"
namespace: "{{ openshift_hosted_registry_namespace }}"
selector: "{{ openshift_hosted_registry_selector }}"
diff --git a/roles/openshift_hosted/tasks/registry/secure.yml b/roles/openshift_hosted/tasks/registry/secure.yml
index 244979f2e..4692892f8 100644
--- a/roles/openshift_hosted/tasks/registry/secure.yml
+++ b/roles/openshift_hosted/tasks/registry/secure.yml
@@ -4,17 +4,10 @@
docker_registry_route_hostname: "{{ 'docker-registry-default.' ~ (openshift_master_default_subdomain | default('router.default.svc.cluster.local', true)) }}"
run_once: true
-#- name: Create passthrough route for docker-registry
-# oc_route:
-# name: docker-registry
-# namespace: "{{ openshift_hosted_registry_namespace }}"
-# service_name: docker-registry
-# tls_termination: passthrough
-# host: "{{ docker_registry_route_hostname }}"
-# run_once: true
- name: Get the certificate contents for registry
- local_action:
- module: slurp
+ copy:
+ backup: True
+ dest: "/etc/origin/master/named_certificates/{{ item | basename }}"
src: "{{ item }}"
register: openshift_hosted_registry_certificate_content
with_items:
@@ -23,8 +16,7 @@
- "{{ (openshift_hosted_registry_route_certificates | default({'cafile':none})).cafile }}"
when: openshift_hosted_registry_route_certificates
-- debug: var=openshift_hosted_registry_certificate_content
- when: openshift_hosted_registry_route_certificates
+- debug: var=openshift_hosted_registry_route_termination
- name: Create passthrough route for docker-registry
oc_route:
@@ -34,10 +26,10 @@
host: "{{ docker_registry_route_hostname }}"
tls_termination: "{{ openshift_hosted_registry_route_termination }}"
host: "{{ openshift_hosted_registry_route_host | default(docker_registry_route_hostname) }}"
- cert_content: "{{ openshift_hosted_registry_certificate_content is defined | ternary(openshift_hosted_registry_certificate_content.results[0].content,omit) }}"
- key_content: "{{ openshift_hosted_registry_certificate_content is defined | ternary(openshift_hosted_registry_certificate_content.results[0].content, omit) }}"
- cacert_content: "{{ openshift_hosted_registry_certificate_content is defined | ternary(openshift_hosted_registry_certificate_content.results[0].content, omit) }}"
- dest_cacert_path: "{{ openshift_hosted_registry_certificate_content is defined | ternary('/etc/origin/master/ca.crt', omit) }}"
+ cert_path: "{{ ('certfile' in openshift_hosted_registry_route_certificates) | ternary('/etc/origin/master/named_certificates/' ~ (openshift_hosted_registry_route_certificates.certfile | basename), omit) }}"
+ key_path: "{{ ('keyfile' in openshift_hosted_registry_route_certificates) | ternary('/etc/origin/master/named_certificates/' ~ (openshift_hosted_registry_route_certificates.keyfile | basename), omit) }}"
+ cacert_path: "{{ ('cafile' in openshift_hosted_registry_route_certificates) | ternary('/etc/origin/master/named_certificates/' ~ (openshift_hosted_registry_route_certificates.cafile | basename), omit) }}"
+ dest_cacert_path: "{{ (openshift_hosted_registry_route_termination == 'reencrypt') | ternary('/etc/origin/master/ca.crt', omit) }}"
run_once: true
- name: Retrieve registry service IP
diff --git a/roles/openshift_hosted/tasks/router/router.yml b/roles/openshift_hosted/tasks/router/router.yml
index 607ace7f9..71ceff93a 100644
--- a/roles/openshift_hosted/tasks/router/router.yml
+++ b/roles/openshift_hosted/tasks/router/router.yml
@@ -71,9 +71,6 @@
- key: spec.strategy.rollingParams.updatePeriodSeconds
value: 1
action: put
- - key: spec.strategy.activeDeadlineSeconds
- value: 21600
- action: put
register: routerout
# This should probably move to module