summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--playbooks/common/openshift-cluster/redeploy-certificates/registry.yml20
-rw-r--r--playbooks/common/openshift-cluster/redeploy-certificates/router.yml12
-rw-r--r--roles/openshift_hosted/meta/main.yml1
-rw-r--r--roles/openshift_hosted/tasks/registry/secure.yml19
4 files changed, 33 insertions, 19 deletions
diff --git a/playbooks/common/openshift-cluster/redeploy-certificates/registry.yml b/playbooks/common/openshift-cluster/redeploy-certificates/registry.yml
index 18b93e1d6..999e4af65 100644
--- a/playbooks/common/openshift-cluster/redeploy-certificates/registry.yml
+++ b/playbooks/common/openshift-cluster/redeploy-certificates/registry.yml
@@ -2,6 +2,8 @@
- name: Update registry certificates
hosts: oo_first_master
vars:
+ roles:
+ - lib_openshift
tasks:
- name: Create temp directory for kubeconfig
command: mktemp -d /tmp/openshift-ansible-XXXXXX
@@ -70,13 +72,17 @@
--key={{ openshift.common.config_base }}/master/registry.key
- name: Update registry certificates secret
- shell: >
- {{ openshift.common.client_binary }} secret new registry-certificates
- {{ openshift.common.config_base }}/master/registry.crt
- {{ openshift.common.config_base }}/master/registry.key
- --config={{ mktemp.stdout }}/admin.kubeconfig
- -n default
- -o json | oc replace -f -
+ oc_secret:
+ kubeconfig: "{{ mktemp.stdout }}/admin.kubeconfig"
+ name: registry-certificates
+ namespace: default
+ state: present
+ files:
+ - name: registry.crt
+ path: "{{ openshift.common.config_base }}/master/registry.crt"
+ - name: registry.key
+ path: "{{ openshift.common.config_base }}/master/registry.key"
+ run_once: true
when: l_docker_registry_dc.rc == 0 and 'registry-certificates' in docker_registry_secrets and 'REGISTRY_HTTP_TLS_CERTIFICATE' in docker_registry_env_vars and 'REGISTRY_HTTP_TLS_KEY' in docker_registry_env_vars
- name: Redeploy docker registry
diff --git a/playbooks/common/openshift-cluster/redeploy-certificates/router.yml b/playbooks/common/openshift-cluster/redeploy-certificates/router.yml
index a9e9f0915..707fb6424 100644
--- a/playbooks/common/openshift-cluster/redeploy-certificates/router.yml
+++ b/playbooks/common/openshift-cluster/redeploy-certificates/router.yml
@@ -7,6 +7,8 @@
command: mktemp -d /tmp/openshift-ansible-XXXXXX
register: mktemp
changed_when: false
+ roles:
+ - lib_openshift
- name: Copy admin client config(s)
command: >
@@ -45,10 +47,12 @@
- block:
- name: Delete existing router certificate secret
- command: >
- {{ openshift.common.client_binary }} delete secret/router-certs
- --config={{ mktemp.stdout }}/admin.kubeconfig
- -n default
+ oc_secret:
+ kubeconfig: "{{ mktemp.stdout }}/admin.kubeconfig"
+ name: router-certs
+ namespace: default
+ state: absent
+ run_once: true
- name: Remove router service annotations
command: >
diff --git a/roles/openshift_hosted/meta/main.yml b/roles/openshift_hosted/meta/main.yml
index ca5e88b15..ced71bb41 100644
--- a/roles/openshift_hosted/meta/main.yml
+++ b/roles/openshift_hosted/meta/main.yml
@@ -14,6 +14,7 @@ galaxy_info:
dependencies:
- role: openshift_cli
- role: openshift_hosted_facts
+- role: lib_openshift
- role: openshift_projects
openshift_projects: "{{ openshift_additional_projects | default({}) | oo_merge_dicts({'default':{'default_node_selector':''},'openshift-infra':{'default_node_selector':''},'logging':{'default_node_selector':''}}) }}"
- role: openshift_serviceaccounts
diff --git a/roles/openshift_hosted/tasks/registry/secure.yml b/roles/openshift_hosted/tasks/registry/secure.yml
index d87a3847c..8aabb9f17 100644
--- a/roles/openshift_hosted/tasks/registry/secure.yml
+++ b/roles/openshift_hosted/tasks/registry/secure.yml
@@ -43,15 +43,18 @@
when: False in (docker_registry_certificates_stat_result.results | default([]) | oo_collect(attribute='stat.exists') | list)
- name: Create the secret for the registry certificates
- command: >
- {{ openshift.common.client_binary }} secrets new registry-certificates
- {{ openshift_master_config_dir }}/registry.crt
- {{ openshift_master_config_dir }}/registry.key
- --config={{ openshift_hosted_kubeconfig }}
- -n default
+ oc_secret:
+ kubeconfig: "{{ openshift_hosted_kubeconfig }}"
+ name: registry-certificates
+ namespace: default
+ state: present
+ files:
+ - name: registry.crt
+ path: "{{ openshift_master_config_dir }}/registry.crt"
+ - name: registry.key
+ path: "{{ openshift_master_config_dir }}/registry.key"
register: create_registry_certificates_secret
- changed_when: "'already exists' not in create_registry_certificates_secret.stderr"
- failed_when: "'already exists' not in create_registry_certificates_secret.stderr and create_registry_certificates_secret.rc != 0"
+ run_once: true
- name: "Add the secret to the registry's pod service accounts"
command: >