diff options
| -rw-r--r-- | filter_plugins/openshift_master.py | 31 | ||||
| -rw-r--r-- | roles/openshift_master_certificates/tasks/main.yml | 9 |
2 files changed, 39 insertions, 1 deletions
diff --git a/filter_plugins/openshift_master.py b/filter_plugins/openshift_master.py index c41367f05..3a1d77f53 100644 --- a/filter_plugins/openshift_master.py +++ b/filter_plugins/openshift_master.py @@ -501,7 +501,36 @@ class FilterModule(object): valid = False return valid + @staticmethod + def certificates_to_synchronize(hostvars): + ''' Return certificates to synchronize based on facts. ''' + if not issubclass(type(hostvars), dict): + raise errors.AnsibleFilterError("|failed expects hostvars is a dict") + certs = ['admin.crt', + 'admin.key', + 'admin.kubeconfig', + 'master.kubelet-client.crt', + 'master.kubelet-client.key', + 'openshift-registry.crt', + 'openshift-registry.key', + 'openshift-registry.kubeconfig', + 'openshift-router.crt', + 'openshift-router.key', + 'openshift-router.kubeconfig', + 'serviceaccounts.private.key', + 'serviceaccounts.public.key'] + if bool(hostvars['openshift']['common']['version_gte_3_1_or_1_1']): + certs += ['master.proxy-client.crt', + 'master.proxy-client.key'] + if not bool(hostvars['openshift']['common']['version_gte_3_2_or_1_2']): + certs += ['openshift-master.crt', + 'openshift-master.key', + 'openshift-master.kubeconfig'] + return certs + + def filters(self): ''' returns a mapping of filters to methods ''' return {"translate_idps": self.translate_idps, - "validate_pcs_cluster": self.validate_pcs_cluster} + "validate_pcs_cluster": self.validate_pcs_cluster, + "certificates_to_synchronize": self.certificates_to_synchronize} diff --git a/roles/openshift_master_certificates/tasks/main.yml b/roles/openshift_master_certificates/tasks/main.yml index 72869a592..38b48e98c 100644 --- a/roles/openshift_master_certificates/tasks/main.yml +++ b/roles/openshift_master_certificates/tasks/main.yml @@ -27,3 +27,12 @@ --overwrite=false when: item.master_certs_missing | bool with_items: masters_needing_certs + +- file: + src: "{{ openshift_master_config_dir }}/{{ item.1 }}" + dest: "{{ openshift_generated_configs_dir }}/{{ item.0.master_cert_subdir }}/{{ item.1 }}" + state: hard + force: true + with_nested: + - masters_needing_certs + - "{{ hostvars[openshift.common.hostname] | certificates_to_synchronize }}" |