summaryrefslogtreecommitdiffstats
path: root/playbooks/common/openshift-master
diff options
context:
space:
mode:
Diffstat (limited to 'playbooks/common/openshift-master')
-rw-r--r--playbooks/common/openshift-master/config.yml49
1 files changed, 43 insertions, 6 deletions
diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml
index e5357f6e3..e223e3d57 100644
--- a/playbooks/common/openshift-master/config.yml
+++ b/playbooks/common/openshift-master/config.yml
@@ -209,7 +209,24 @@
parsed_named_certificates: "{{ openshift_master_named_certificates | oo_parse_certificate_names(master_cert_config_dir, openshift.common.internal_hostnames) }}"
when: openshift_master_named_certificates is defined
-- name: Compute haproxy_backend_servers
+- name: Fetch master server certificate for load balancer
+ hosts: oo_first_master
+ vars:
+ sync_tmpdir: "{{ hostvars.localhost.g_master_mktemp.stdout }}"
+ tasks:
+ - file:
+ path: "{{ sync_tmpdir }}/haproxy_cert"
+ state: directory
+ - fetch:
+ src: /etc/origin/master/master.server.crt
+ dest: "{{ sync_tmpdir }}/haproxy_cert/server.crt"
+ flat: yes
+ - fetch:
+ src: /etc/origin/master/master.server.key
+ dest: "{{ sync_tmpdir }}/haproxy_cert/server.key"
+ flat: yes
+
+- name: Compute haproxy_backend_servers and combine certificate
hosts: localhost
connection: local
sudo: false
@@ -217,24 +234,44 @@
tasks:
- set_fact:
haproxy_backend_servers: "{{ hostvars | oo_select_keys(groups['oo_masters_to_config']) | oo_haproxy_backend_masters }}"
+ - shell: cat server.crt server.key > server.pem
+ args:
+ chdir: "{{ g_master_mktemp.stdout }}/haproxy_cert"
+ creates: "{{ g_master_mktemp.stdout }}/haproxy_cert/server.pem"
+
- name: Configure load balancers
- hosts: oo_first_master
+ hosts: oo_lb_to_config
vars:
+ sync_tmpdir: "{{ hostvars.localhost.g_master_mktemp.stdout }}"
haproxy_frontends:
- - name: atomic-openshift
- bind: "*:80"
- default_backend: atomic-openshift
+ - name: atomic-openshift-api
+ options:
+ - tcplog
+ binds:
+ - "*:{{ hostvars[groups.oo_first_master.0].openshift.master.api_port }} ssl crt /etc/haproxy/server.pem"
+ default_backend: atomic-openshift-api
haproxy_backends:
- - name: atomic-openshift
+ - name: atomic-openshift-api
balance: roundrobin
servers: "{{ hostvars.localhost.haproxy_backend_servers }}"
+ pre_tasks:
+ - file:
+ path: /etc/haproxy
+ state: directory
+ - copy:
+ src: "{{ sync_tmpdir }}/haproxy_cert/server.pem"
+ dest: /etc/haproxy/server.pem
+ mode: 0600
+ owner: root
+ group: root
roles:
- role: haproxy
when: groups.oo_masters_to_config | length > 1
- name: Configure master instances
hosts: oo_masters_to_config
+ serial: 1
vars:
named_certificates: "{{ hostvars[groups['oo_first_master'][0]]['parsed_named_certificates'] | default([])}}"
sync_tmpdir: "{{ hostvars.localhost.g_master_mktemp.stdout }}"