From 158bc58ed9df2926b04c63dc0c72a7aa4f2192a2 Mon Sep 17 00:00:00 2001 From: Russell Teague Date: Tue, 3 Oct 2017 13:25:01 -0400 Subject: Move etcd cert playbooks into etcd config path --- playbooks/common/openshift-cluster/config.yml | 4 ---- playbooks/common/openshift-etcd/config.yml | 4 ++++ 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/playbooks/common/openshift-cluster/config.yml b/playbooks/common/openshift-cluster/config.yml index 4ca0d48e4..66ae941c3 100644 --- a/playbooks/common/openshift-cluster/config.yml +++ b/playbooks/common/openshift-cluster/config.yml @@ -18,10 +18,6 @@ - docker_image_availability - docker_storage -- include: ../openshift-etcd/ca.yml - -- include: ../openshift-etcd/certificates.yml - - include: ../openshift-etcd/config.yml - include: ../openshift-nfs/config.yml diff --git a/playbooks/common/openshift-etcd/config.yml b/playbooks/common/openshift-etcd/config.yml index 2cae231b4..82539dac8 100644 --- a/playbooks/common/openshift-etcd/config.yml +++ b/playbooks/common/openshift-etcd/config.yml @@ -10,6 +10,10 @@ installer_phase_etcd: "In Progress" aggregate: false +- include: ca.yml + +- include: certificates.yml + - name: Configure etcd hosts: oo_etcd_to_config any_errors_fatal: true -- cgit v1.2.3 From a34bb1142f01ff0768e386a3a025a5a9012fd8eb Mon Sep 17 00:00:00 2001 From: Russell Teague Date: Tue, 3 Oct 2017 11:38:19 -0400 Subject: Move master cert playbooks into master config path --- playbooks/byo/openshift-master/certificates.yml | 2 -- playbooks/common/openshift-cluster/config.yml | 4 ---- .../openshift-cluster/redeploy-certificates/openshift-ca.yml | 8 +++++++- playbooks/common/openshift-master/ca.yml | 8 -------- playbooks/common/openshift-master/config.yml | 2 ++ playbooks/common/openshift-master/scaleup.yml | 2 -- 6 files changed, 9 insertions(+), 17 deletions(-) delete mode 100644 playbooks/common/openshift-master/ca.yml diff --git a/playbooks/byo/openshift-master/certificates.yml b/playbooks/byo/openshift-master/certificates.yml index 26b964034..e147dcba1 100644 --- a/playbooks/byo/openshift-master/certificates.yml +++ b/playbooks/byo/openshift-master/certificates.yml @@ -3,6 +3,4 @@ - include: ../../common/openshift-cluster/std_include.yml -- include: ../../common/openshift-master/ca.yml - - include: ../../common/openshift-master/certificates.yml diff --git a/playbooks/common/openshift-cluster/config.yml b/playbooks/common/openshift-cluster/config.yml index 66ae941c3..8d548b1dd 100644 --- a/playbooks/common/openshift-cluster/config.yml +++ b/playbooks/common/openshift-cluster/config.yml @@ -26,10 +26,6 @@ - include: ../openshift-loadbalancer/config.yml when: groups.oo_lb_to_config | default([]) | count > 0 -- include: ../openshift-master/ca.yml - -- include: ../openshift-master/certificates.yml - - include: ../openshift-master/config.yml - include: ../openshift-master/additional_config.yml diff --git a/playbooks/common/openshift-cluster/redeploy-certificates/openshift-ca.yml b/playbooks/common/openshift-cluster/redeploy-certificates/openshift-ca.yml index 12cd209d2..e4193a00e 100644 --- a/playbooks/common/openshift-cluster/redeploy-certificates/openshift-ca.yml +++ b/playbooks/common/openshift-cluster/redeploy-certificates/openshift-ca.yml @@ -114,12 +114,18 @@ register: g_new_openshift_ca_mktemp changed_when: false -- include: ../../openshift-master/ca.yml +- name: Create OpenShift CA + hosts: oo_first_master vars: # Set openshift_ca_config_dir to a temporary directory where CA # will be created. We'll replace the existing CA with the CA # created in the temporary directory. openshift_ca_config_dir: "{{ hostvars[groups.oo_first_master.0].g_new_openshift_ca_mktemp.stdout }}" + roles: + - role: openshift_master_facts + - role: openshift_named_certificates + - role: openshift_ca + openshift_ca_host: "{{ groups.oo_first_master.0 }}" - name: Create temp directory for syncing certs hosts: localhost diff --git a/playbooks/common/openshift-master/ca.yml b/playbooks/common/openshift-master/ca.yml deleted file mode 100644 index 5bb796fa3..000000000 --- a/playbooks/common/openshift-master/ca.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -- name: Create OpenShift CA - hosts: oo_masters_to_config - roles: - - role: openshift_master_facts - - role: openshift_named_certificates - - role: openshift_ca - openshift_ca_host: "{{ groups.oo_first_master.0 }}" diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml index 766e0e501..bc1fee982 100644 --- a/playbooks/common/openshift-master/config.yml +++ b/playbooks/common/openshift-master/config.yml @@ -10,6 +10,8 @@ installer_phase_master: "In Progress" aggregate: false +- include: certificates.yml + - name: Disable excluders hosts: oo_masters_to_config gather_facts: no diff --git a/playbooks/common/openshift-master/scaleup.yml b/playbooks/common/openshift-master/scaleup.yml index d007fac85..f4dc9df8a 100644 --- a/playbooks/common/openshift-master/scaleup.yml +++ b/playbooks/common/openshift-master/scaleup.yml @@ -47,8 +47,6 @@ - include: ../openshift-etcd/certificates.yml -- include: ../openshift-master/certificates.yml - - include: ../openshift-master/config.yml - include: ../openshift-loadbalancer/config.yml -- cgit v1.2.3 From 0e2b7006aeace1885e5ebdcafd9c0308c7c3ce18 Mon Sep 17 00:00:00 2001 From: Russell Teague Date: Tue, 3 Oct 2017 13:18:49 -0400 Subject: Move node cert playbook into node config path --- playbooks/byo/openshift-node/scaleup.yml | 2 -- playbooks/common/openshift-cluster/config.yml | 2 -- playbooks/common/openshift-node/config.yml | 2 ++ 3 files changed, 2 insertions(+), 4 deletions(-) diff --git a/playbooks/byo/openshift-node/scaleup.yml b/playbooks/byo/openshift-node/scaleup.yml index 9f992cca6..e0c36fb69 100644 --- a/playbooks/byo/openshift-node/scaleup.yml +++ b/playbooks/byo/openshift-node/scaleup.yml @@ -16,6 +16,4 @@ - include: ../../common/openshift-cluster/std_include.yml -- include: ../../common/openshift-node/certificates.yml - - include: ../../common/openshift-node/config.yml diff --git a/playbooks/common/openshift-cluster/config.yml b/playbooks/common/openshift-cluster/config.yml index 8d548b1dd..96a43230d 100644 --- a/playbooks/common/openshift-cluster/config.yml +++ b/playbooks/common/openshift-cluster/config.yml @@ -30,8 +30,6 @@ - include: ../openshift-master/additional_config.yml -- include: ../openshift-node/certificates.yml - - include: ../openshift-node/config.yml - include: ../openshift-glusterfs/config.yml diff --git a/playbooks/common/openshift-node/config.yml b/playbooks/common/openshift-node/config.yml index 6fd8aa6f1..700aab48c 100644 --- a/playbooks/common/openshift-node/config.yml +++ b/playbooks/common/openshift-node/config.yml @@ -10,6 +10,8 @@ installer_phase_node: "In Progress" aggregate: false +- include: certificates.yml + - include: setup.yml - include: containerized_nodes.yml -- cgit v1.2.3 From 2c483c16492dda53c2ffff5b6b84172046d58c67 Mon Sep 17 00:00:00 2001 From: Russell Teague Date: Tue, 3 Oct 2017 13:14:02 -0400 Subject: Remove unused tasks file in openshift_named_certificates --- .../tasks/named_certificates.yml | 32 ---------------------- 1 file changed, 32 deletions(-) delete mode 100644 roles/openshift_named_certificates/tasks/named_certificates.yml diff --git a/roles/openshift_named_certificates/tasks/named_certificates.yml b/roles/openshift_named_certificates/tasks/named_certificates.yml deleted file mode 100644 index 7b097b443..000000000 --- a/roles/openshift_named_certificates/tasks/named_certificates.yml +++ /dev/null @@ -1,32 +0,0 @@ ---- -- name: Clear named certificates - file: - path: "{{ named_certs_dir }}" - state: absent - when: overwrite_named_certs | bool - -- name: Ensure named certificate directory exists - file: - path: "{{ named_certs_dir }}" - state: directory - mode: 0700 - -- name: Land named certificates - copy: - src: "{{ item.certfile }}" - dest: "{{ named_certs_dir }}" - with_items: "{{ openshift_master_named_certificates | default([]) }}" - -- name: Land named certificate keys - copy: - src: "{{ item.keyfile }}" - dest: "{{ named_certs_dir }}" - mode: 0600 - with_items: "{{ openshift_master_named_certificates | default([]) }}" - -- name: Land named CA certificates - copy: - src: "{{ item }}" - dest: "{{ named_certs_dir }}" - mode: 0600 - with_items: "{{ openshift_master_named_certificates | default([]) | oo_collect('cafile') }}" -- cgit v1.2.3