summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAndrew Butcher <abutcher@redhat.com>2017-09-25 16:16:54 -0400
committerAndrew Butcher <abutcher@redhat.com>2017-09-25 16:39:29 -0400
commit8fd1083f57ab582cf47e9a9f78eaaf489f0b7cd6 (patch)
treee8dff20c0a003297a316bf29415a87433e20cbc8
parent1a181eb827c2037c95f794c835f1777f2dff76ec (diff)
downloadopenshift-8fd1083f57ab582cf47e9a9f78eaaf489f0b7cd6.tar.gz
openshift-8fd1083f57ab582cf47e9a9f78eaaf489f0b7cd6.tar.bz2
openshift-8fd1083f57ab582cf47e9a9f78eaaf489f0b7cd6.tar.xz
openshift-8fd1083f57ab582cf47e9a9f78eaaf489f0b7cd6.zip
Generate aggregator api client config in temporary directory.
-rw-r--r--roles/openshift_service_catalog/tasks/wire_aggregator.yml40
1 files changed, 29 insertions, 11 deletions
diff --git a/roles/openshift_service_catalog/tasks/wire_aggregator.yml b/roles/openshift_service_catalog/tasks/wire_aggregator.yml
index 6431c6d3f..300a7db62 100644
--- a/roles/openshift_service_catalog/tasks/wire_aggregator.yml
+++ b/roles/openshift_service_catalog/tasks/wire_aggregator.yml
@@ -75,17 +75,35 @@
path: /etc/origin/master/aggregator-front-proxy.kubeconfig
register: first_front_proxy_kubeconfig
delegate_to: "{{ first_master }}"
-
-- name: Create first master api-client config for Aggregator
- command: >
- {{ hostvars[first_master].openshift.common.client_binary }} adm create-api-client-config
- --certificate-authority=/etc/origin/master/front-proxy-ca.crt
- --signer-cert=/etc/origin/master/front-proxy-ca.crt
- --signer-key=/etc/origin/master/front-proxy-ca.key
- --user aggregator-front-proxy
- --client-dir=/etc/origin/master
- --signer-serial=/etc/origin/master/ca.serial.txt
- delegate_to: "{{ first_master }}"
+ run_once: true
+
+# create-api-client-config generates a ca.crt file which will
+# overwrite the OpenShift CA certificate. Generate the aggregator
+# kubeconfig in a temporary directory and then copy files into the
+# master config dir to avoid overwriting ca.crt.
+- block:
+ - name: Create first master api-client config for Aggregator
+ command: >
+ {{ hostvars[first_master].openshift.common.client_binary }} adm create-api-client-config
+ --certificate-authority=/etc/origin/master/front-proxy-ca.crt
+ --signer-cert=/etc/origin/master/front-proxy-ca.crt
+ --signer-key=/etc/origin/master/front-proxy-ca.key
+ --user aggregator-front-proxy
+ --client-dir={{ certtemp.stdout }}
+ --signer-serial=/etc/origin/master/ca.serial.txt
+ delegate_to: "{{ first_master }}"
+ run_once: true
+ - name: Copy first master api-client config for Aggregator
+ copy:
+ src: "{{ certtemp.stdout }}/{{ item }}"
+ dest: "/etc/origin/master/"
+ remote_src: true
+ with_items:
+ - aggregator-front-proxy.crt
+ - aggregator-front-proxy.key
+ - aggregator-front-proxy.kubeconfig
+ delegate_to: "{{ first_master }}"
+ run_once: true
when:
- not first_front_proxy_kubeconfig.stat.exists