diff options
Diffstat (limited to 'playbooks/common/openshift-master')
-rw-r--r-- | playbooks/common/openshift-master/config.yml | 49 |
1 files changed, 43 insertions, 6 deletions
diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml index e5357f6e3..e223e3d57 100644 --- a/playbooks/common/openshift-master/config.yml +++ b/playbooks/common/openshift-master/config.yml @@ -209,7 +209,24 @@ parsed_named_certificates: "{{ openshift_master_named_certificates | oo_parse_certificate_names(master_cert_config_dir, openshift.common.internal_hostnames) }}" when: openshift_master_named_certificates is defined -- name: Compute haproxy_backend_servers +- name: Fetch master server certificate for load balancer + hosts: oo_first_master + vars: + sync_tmpdir: "{{ hostvars.localhost.g_master_mktemp.stdout }}" + tasks: + - file: + path: "{{ sync_tmpdir }}/haproxy_cert" + state: directory + - fetch: + src: /etc/origin/master/master.server.crt + dest: "{{ sync_tmpdir }}/haproxy_cert/server.crt" + flat: yes + - fetch: + src: /etc/origin/master/master.server.key + dest: "{{ sync_tmpdir }}/haproxy_cert/server.key" + flat: yes + +- name: Compute haproxy_backend_servers and combine certificate hosts: localhost connection: local sudo: false @@ -217,24 +234,44 @@ tasks: - set_fact: haproxy_backend_servers: "{{ hostvars | oo_select_keys(groups['oo_masters_to_config']) | oo_haproxy_backend_masters }}" + - shell: cat server.crt server.key > server.pem + args: + chdir: "{{ g_master_mktemp.stdout }}/haproxy_cert" + creates: "{{ g_master_mktemp.stdout }}/haproxy_cert/server.pem" + - name: Configure load balancers - hosts: oo_first_master + hosts: oo_lb_to_config vars: + sync_tmpdir: "{{ hostvars.localhost.g_master_mktemp.stdout }}" haproxy_frontends: - - name: atomic-openshift - bind: "*:80" - default_backend: atomic-openshift + - name: atomic-openshift-api + options: + - tcplog + binds: + - "*:{{ hostvars[groups.oo_first_master.0].openshift.master.api_port }} ssl crt /etc/haproxy/server.pem" + default_backend: atomic-openshift-api haproxy_backends: - - name: atomic-openshift + - name: atomic-openshift-api balance: roundrobin servers: "{{ hostvars.localhost.haproxy_backend_servers }}" + pre_tasks: + - file: + path: /etc/haproxy + state: directory + - copy: + src: "{{ sync_tmpdir }}/haproxy_cert/server.pem" + dest: /etc/haproxy/server.pem + mode: 0600 + owner: root + group: root roles: - role: haproxy when: groups.oo_masters_to_config | length > 1 - name: Configure master instances hosts: oo_masters_to_config + serial: 1 vars: named_certificates: "{{ hostvars[groups['oo_first_master'][0]]['parsed_named_certificates'] | default([])}}" sync_tmpdir: "{{ hostvars.localhost.g_master_mktemp.stdout }}" |