From 4c66a9b62488b5e344f2e65cda6bc2ba3e0f2933 Mon Sep 17 00:00:00 2001
From: Andrew Butcher <abutcher@redhat.com>
Date: Wed, 15 Jun 2016 13:19:59 -0400
Subject: Add options for specifying named ca certificates to be added to the
openshift ca bundle.
---
playbooks/common/openshift-master/config.yml | 48 ---------------------------
playbooks/common/openshift-master/scaleup.yml | 7 +++-
2 files changed, 6 insertions(+), 49 deletions(-)
(limited to 'playbooks/common/openshift-master')
diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml
index 73b4bc594..351a1a853 100644
--- a/playbooks/common/openshift-master/config.yml
+++ b/playbooks/common/openshift-master/config.yml
@@ -183,54 +183,6 @@
session_encryption_secrets: "{{ g_session_encryption_secrets }}"
when: not g_session_secrets_present | bool
-- name: Parse named certificates
- hosts: localhost
- connection: local
- become: no
- vars:
- internal_hostnames: "{{ hostvars[groups.oo_first_master.0].openshift.common.internal_hostnames }}"
- named_certificates: "{{ hostvars[groups.oo_first_master.0].openshift_master_named_certificates | default([]) }}"
- named_certificates_dir: "{{ hostvars[groups.oo_first_master.0].openshift.common.config_base }}/master/named_certificates/"
- tasks:
- - set_fact:
- parsed_named_certificates: "{{ named_certificates | oo_parse_named_certificates(named_certificates_dir, internal_hostnames) }}"
- when: named_certificates | length > 0
-
-- name: Deploy named certificates
- hosts: oo_masters_to_config
- vars:
- named_certs_dir: "{{ openshift.common.config_base }}/master/named_certificates/"
- named_certs_specified: "{{ openshift_master_named_certificates is defined }}"
- overwrite_named_certs: "{{ openshift_master_overwrite_named_certificates | default(false) }}"
- roles:
- - role: openshift_facts
- post_tasks:
- - openshift_facts:
- role: master
- local_facts:
- named_certificates: "{{ hostvars.localhost.parsed_named_certificates | default([]) }}"
- additive_facts_to_overwrite:
- - "{{ 'master.named_certificates' if overwrite_named_certs | bool else omit }}"
- - name: Clear named certificates
- file:
- path: "{{ named_certs_dir }}"
- state: absent
- when: overwrite_named_certs | bool
- - name: Ensure named certificate directory exists
- file:
- path: "{{ named_certs_dir }}"
- state: directory
- mode: 0700
- when: named_certs_specified | bool
- - name: Land named certificates
- copy: src="{{ item.certfile }}" dest="{{ named_certs_dir }}"
- with_items: "{{ openshift_master_named_certificates }}"
- when: named_certs_specified | bool
- - name: Land named certificate keys
- copy: src="{{ item.keyfile }}" dest="{{ named_certs_dir }}" mode=0600
- with_items: "{{ openshift_master_named_certificates }}"
- when: named_certs_specified | bool
-
- name: Configure masters
hosts: oo_masters_to_config
any_errors_fatal: true
diff --git a/playbooks/common/openshift-master/scaleup.yml b/playbooks/common/openshift-master/scaleup.yml
index 6e6cb3e01..b40b01709 100644
--- a/playbooks/common/openshift-master/scaleup.yml
+++ b/playbooks/common/openshift-master/scaleup.yml
@@ -33,7 +33,12 @@
service: name={{ openshift.common.service_type }}-master-controllers state=restarted
- name: verify api server
command: >
- curl --silent --cacert {{ openshift.common.config_base }}/master/ca.crt
+ curl --silent
+ {% if openshift.common.version_gte_3_2_or_1_2 | bool %}
+ --cacert {{ openshift.common.config_base }}/master/ca-bundle.crt
+ {% else %}
+ --cacert {{ openshift.common.config_base }}/master/ca.crt
+ {% endif %}
{{ openshift.master.api_url }}/healthz/ready
register: api_available_output
until: api_available_output.stdout == 'ok'
--
cgit v1.2.3