From 0b80aca421a89b10a8254f03e1339d1ddfbd54f1 Mon Sep 17 00:00:00 2001
From: Russell Teague <rteague@redhat.com>
Date: Fri, 1 Dec 2017 09:24:45 -0500
Subject: Playbook Consolidation - Redeploy Certificates

---
 .../openshift-node/private/certificates-backup.yml | 24 ++++++++++++++++++++++
 .../private/redeploy-certificates.yml              |  6 ++++++
 playbooks/openshift-node/redeploy-certificates.yml |  6 ++++++
 3 files changed, 36 insertions(+)
 create mode 100644 playbooks/openshift-node/private/certificates-backup.yml
 create mode 100644 playbooks/openshift-node/private/redeploy-certificates.yml
 create mode 100644 playbooks/openshift-node/redeploy-certificates.yml

(limited to 'playbooks/openshift-node')

diff --git a/playbooks/openshift-node/private/certificates-backup.yml b/playbooks/openshift-node/private/certificates-backup.yml
new file mode 100644
index 000000000..2ad84b3b9
--- /dev/null
+++ b/playbooks/openshift-node/private/certificates-backup.yml
@@ -0,0 +1,24 @@
+---
+- name: Ensure node directory is absent from generated configs
+  hosts: oo_first_master
+  tasks:
+  # The generated configs directory (/etc/origin/generated-configs) is
+  # backed up during redeployment of the control plane certificates.
+  # We need to ensure that the generated config directory for
+  # individual nodes has been deleted before continuing, so verify
+  # that it is missing here.
+  - name: Ensure node directories and tarballs are absent from generated configs
+    shell: >
+      rm -rf {{ openshift.common.config_base }}/generated-configs/node-*
+    args:
+      warn: no
+
+- name: Redeploy node certificates
+  hosts: oo_nodes_to_config
+  pre_tasks:
+  - name: Remove CA certificate
+    file:
+      path: "{{ item }}"
+      state: absent
+    with_items:
+    - "{{ openshift.common.config_base }}/node/ca.crt"
diff --git a/playbooks/openshift-node/private/redeploy-certificates.yml b/playbooks/openshift-node/private/redeploy-certificates.yml
new file mode 100644
index 000000000..3bd38a61d
--- /dev/null
+++ b/playbooks/openshift-node/private/redeploy-certificates.yml
@@ -0,0 +1,6 @@
+---
+- include: certificates-backup.yml
+
+- include: certificates.yml
+  vars:
+    openshift_certificates_redeploy: true
diff --git a/playbooks/openshift-node/redeploy-certificates.yml b/playbooks/openshift-node/redeploy-certificates.yml
new file mode 100644
index 000000000..df727247b
--- /dev/null
+++ b/playbooks/openshift-node/redeploy-certificates.yml
@@ -0,0 +1,6 @@
+---
+- include: ../init/main.yml
+
+- include: private/redeploy-certificates.yml
+
+- include: private/restart.yml
-- 
cgit v1.2.3