From 4c66a9b62488b5e344f2e65cda6bc2ba3e0f2933 Mon Sep 17 00:00:00 2001
From: Andrew Butcher <abutcher@redhat.com>
Date: Wed, 15 Jun 2016 13:19:59 -0400
Subject: Add options for specifying named ca certificates to be added to the
 openshift ca bundle.

---
 playbooks/common/openshift-master/config.yml  | 48 ---------------------------
 playbooks/common/openshift-master/scaleup.yml |  7 +++-
 2 files changed, 6 insertions(+), 49 deletions(-)

(limited to 'playbooks/common/openshift-master')

diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml
index 73b4bc594..351a1a853 100644
--- a/playbooks/common/openshift-master/config.yml
+++ b/playbooks/common/openshift-master/config.yml
@@ -183,54 +183,6 @@
         session_encryption_secrets: "{{ g_session_encryption_secrets }}"
     when: not g_session_secrets_present | bool
 
-- name: Parse named certificates
-  hosts: localhost
-  connection: local
-  become: no
-  vars:
-    internal_hostnames: "{{ hostvars[groups.oo_first_master.0].openshift.common.internal_hostnames }}"
-    named_certificates: "{{ hostvars[groups.oo_first_master.0].openshift_master_named_certificates | default([]) }}"
-    named_certificates_dir: "{{ hostvars[groups.oo_first_master.0].openshift.common.config_base }}/master/named_certificates/"
-  tasks:
-  - set_fact:
-      parsed_named_certificates: "{{ named_certificates | oo_parse_named_certificates(named_certificates_dir, internal_hostnames) }}"
-    when: named_certificates | length > 0
-
-- name: Deploy named certificates
-  hosts: oo_masters_to_config
-  vars:
-    named_certs_dir: "{{ openshift.common.config_base }}/master/named_certificates/"
-    named_certs_specified: "{{ openshift_master_named_certificates is defined }}"
-    overwrite_named_certs: "{{ openshift_master_overwrite_named_certificates | default(false) }}"
-  roles:
-  - role: openshift_facts
-  post_tasks:
-  - openshift_facts:
-      role: master
-      local_facts:
-        named_certificates: "{{ hostvars.localhost.parsed_named_certificates | default([]) }}"
-      additive_facts_to_overwrite:
-      - "{{ 'master.named_certificates' if overwrite_named_certs | bool else omit }}"
-  - name: Clear named certificates
-    file:
-      path: "{{ named_certs_dir }}"
-      state: absent
-    when: overwrite_named_certs | bool
-  - name: Ensure named certificate directory exists
-    file:
-      path: "{{ named_certs_dir }}"
-      state: directory
-      mode: 0700
-    when: named_certs_specified | bool
-  - name: Land named certificates
-    copy: src="{{ item.certfile }}" dest="{{ named_certs_dir }}"
-    with_items: "{{ openshift_master_named_certificates }}"
-    when: named_certs_specified | bool
-  - name: Land named certificate keys
-    copy: src="{{ item.keyfile }}" dest="{{ named_certs_dir }}" mode=0600
-    with_items: "{{ openshift_master_named_certificates }}"
-    when: named_certs_specified | bool
-
 - name: Configure masters
   hosts: oo_masters_to_config
   any_errors_fatal: true
diff --git a/playbooks/common/openshift-master/scaleup.yml b/playbooks/common/openshift-master/scaleup.yml
index 6e6cb3e01..b40b01709 100644
--- a/playbooks/common/openshift-master/scaleup.yml
+++ b/playbooks/common/openshift-master/scaleup.yml
@@ -33,7 +33,12 @@
     service: name={{ openshift.common.service_type }}-master-controllers state=restarted
   - name: verify api server
     command: >
-      curl --silent --cacert {{ openshift.common.config_base }}/master/ca.crt
+      curl --silent
+      {% if openshift.common.version_gte_3_2_or_1_2 | bool %}
+      --cacert {{ openshift.common.config_base }}/master/ca-bundle.crt
+      {% else %}
+      --cacert {{ openshift.common.config_base }}/master/ca.crt
+      {% endif %}
       {{ openshift.master.api_url }}/healthz/ready
     register: api_available_output
     until: api_available_output.stdout == 'ok'
-- 
cgit v1.2.3