summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAndrew Butcher <abutcher@redhat.com>2016-02-05 12:47:29 -0500
committerAndrew Butcher <abutcher@redhat.com>2016-02-16 14:21:04 -0500
commit02cf4ef8e279602190ae991f028dc36793747e9e (patch)
tree62403c6c357dfc8500d89c7d6fb32e70d4470a53
parent6d3e1764658582150f6c776c2662075531ccf70f (diff)
downloadopenshift-02cf4ef8e279602190ae991f028dc36793747e9e.tar.gz
openshift-02cf4ef8e279602190ae991f028dc36793747e9e.tar.bz2
openshift-02cf4ef8e279602190ae991f028dc36793747e9e.tar.xz
openshift-02cf4ef8e279602190ae991f028dc36793747e9e.zip
Generate each master's certificates separately.
-rw-r--r--playbooks/common/openshift-master/config.yml10
-rw-r--r--roles/openshift_master_ca/tasks/main.yml2
-rw-r--r--roles/openshift_master_certificates/tasks/main.yml34
3 files changed, 9 insertions, 37 deletions
diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml
index 44bb4313a..2931af253 100644
--- a/playbooks/common/openshift-master/config.yml
+++ b/playbooks/common/openshift-master/config.yml
@@ -1,6 +1,6 @@
---
- name: Set master facts and determine if external etcd certs need to be generated
- hosts: oo_first_master:oo_masters_to_config
+ hosts: oo_masters_to_config
pre_tasks:
- name: Check for RPM generated config marker file .config_managed
stat:
@@ -186,10 +186,6 @@
masters_needing_certs: "{{ hostvars
| oo_select_keys(groups['oo_masters_to_config'] | difference(groups['oo_first_master']))
| oo_filter_list(filter_attr='master_certs_missing') }}"
- master_hostnames: "{{ hostvars
- | oo_select_keys(groups['oo_masters_to_config'])
- | oo_collect('openshift.common.all_hostnames')
- | oo_flatten | unique }}"
sync_tmpdir: "{{ hostvars.localhost.g_master_mktemp.stdout }}"
roles:
- openshift_master_certificates
@@ -343,12 +339,12 @@
file:
path: "{{ openshift.common.config_base }}/master"
state: directory
- when: master_certs_missing and 'oo_first_master' not in group_names
+ when: master_certs_missing | bool and 'oo_first_master' not in group_names
- name: Unarchive the tarball on the master
unarchive:
src: "{{ sync_tmpdir }}/{{ master_cert_subdir }}.tgz"
dest: "{{ master_cert_config_dir }}"
- when: master_certs_missing and 'oo_first_master' not in group_names
+ when: master_certs_missing | bool and 'oo_first_master' not in group_names
roles:
- openshift_master
- role: nickhammond.logrotate
diff --git a/roles/openshift_master_ca/tasks/main.yml b/roles/openshift_master_ca/tasks/main.yml
index 6d9be81c0..66960e73e 100644
--- a/roles/openshift_master_ca/tasks/main.yml
+++ b/roles/openshift_master_ca/tasks/main.yml
@@ -25,4 +25,4 @@
--master={{ openshift.master.api_url }}
--public-master={{ openshift.master.public_api_url }}
--cert-dir={{ openshift_master_config_dir }} --overwrite=false
- when: master_certs_missing
+ when: master_certs_missing | bool
diff --git a/roles/openshift_master_certificates/tasks/main.yml b/roles/openshift_master_certificates/tasks/main.yml
index 7c58e943a..72869a592 100644
--- a/roles/openshift_master_certificates/tasks/main.yml
+++ b/roles/openshift_master_certificates/tasks/main.yml
@@ -6,40 +6,16 @@
mode: 0700
with_items: masters_needing_certs
-- set_fact:
- master_certificates:
- - ca.crt
- - ca.key
- - ca.serial.txt
- - admin.crt
- - admin.key
- - admin.kubeconfig
- - master.kubelet-client.crt
- - master.kubelet-client.key
- - master.server.crt
- - master.server.key
- - openshift-master.crt
- - openshift-master.key
- - openshift-master.kubeconfig
- - openshift-registry.crt
- - openshift-registry.key
- - openshift-registry.kubeconfig
- - openshift-router.crt
- - openshift-router.key
- - openshift-router.kubeconfig
- - serviceaccounts.private.key
- - serviceaccounts.public.key
- master_31_certificates:
- - master.proxy-client.crt
- - master.proxy-client.key
-
- file:
src: "{{ openshift_master_config_dir }}/{{ item.1 }}"
dest: "{{ openshift_generated_configs_dir }}/{{ item.0.master_cert_subdir }}/{{ item.1 }}"
state: hard
with_nested:
- masters_needing_certs
- - "{{ master_certificates | union(master_31_certificates) if openshift.common.version_gte_3_1_or_1_1 | bool else master_certificates }}"
+ -
+ - ca.crt
+ - ca.key
+ - ca.serial.txt
- name: Create the master certificates if they do not already exist
command: >
@@ -49,5 +25,5 @@
--public-master={{ item.openshift.master.public_api_url }}
--cert-dir={{ openshift_generated_configs_dir }}/{{ item.master_cert_subdir }}
--overwrite=false
- when: master_certs_missing
+ when: item.master_certs_missing | bool
with_items: masters_needing_certs