Where we use curl force it to use tlsv1.2

curl, prior to RHEL 7.2, did not properly negotiate up the TLS protocol, so force it to use tlsv1.2 Fixes bug 1390869
author: Scott Dodson <sdodson@redhat.com> 2016-11-02 15:26:55 -0400
committer: Scott Dodson <sdodson@redhat.com> 2016-11-02 15:33:17 -0400
commit: 022530f6c3918816f1461e756f1e9a9001364abb (patch)
tree: d2aaedc764283fbfae776bdfee2eb88e5e6d9bc7
parent: 76fca28ea37a791447974a823dc00508fbcd243a (diff)
download: openshift-022530f6c3918816f1461e756f1e9a9001364abb.tar.gz
openshift-022530f6c3918816f1461e756f1e9a9001364abb.tar.bz2
openshift-022530f6c3918816f1461e756f1e9a9001364abb.tar.xz
openshift-022530f6c3918816f1461e756f1e9a9001364abb.zip
4 files changed, 4 insertions, 4 deletions
diff --git a/playbooks/common/openshift-master/scaleup.yml b/playbooks/common/openshift-master/scaleup.yml
index 56ed09e1b..18e5c665f 100644
--- a/playbooks/common/openshift-master/scaleup.yml
+++ b/playbooks/common/openshift-master/scaleup.yml
@@ -33,7 +33,7 @@
     service: name={{ openshift.common.service_type }}-master-controllers state=restarted
   - name: verify api server
     command: >
-      curl --silent
+      curl --silent --tlsv1.2
       {% if openshift.common.version_gte_3_2_or_1_2 | bool %}
       --cacert {{ openshift.common.config_base }}/master/ca-bundle.crt
       {% else %}
diff --git a/playbooks/common/openshift-node/config.yml b/playbooks/common/openshift-node/config.yml
index 5191662f7..4824eeef3 100644
--- a/playbooks/common/openshift-node/config.yml
+++ b/playbooks/common/openshift-node/config.yml
@@ -165,7 +165,7 @@
     # Using curl here since the uri module requires python-httplib2 and
     # wait_for port doesn't provide health information.
     command: >
-      curl --silent
+      curl --silent --tlsv1.2
       {% if openshift.common.version_gte_3_2_or_1_2 | bool %}
       --cacert {{ openshift.common.config_base }}/master/ca-bundle.crt
       {% else %}
diff --git a/roles/openshift_master/handlers/main.yml b/roles/openshift_master/handlers/main.yml
index 913f3b0ae..e119db1a2 100644
--- a/roles/openshift_master/handlers/main.yml
+++ b/roles/openshift_master/handlers/main.yml
@@ -17,7 +17,7 @@
   # Using curl here since the uri module requires python-httplib2 and
   # wait_for port doesn't provide health information.
   command: >
-    curl --silent
+    curl --silent --tlsv1.2
     {% if openshift.common.version_gte_3_2_or_1_2 | bool %}
     --cacert {{ openshift.common.config_base }}/master/ca-bundle.crt
     {% else %}
diff --git a/roles/openshift_metrics/handlers/main.yml b/roles/openshift_metrics/handlers/main.yml
index 913f3b0ae..e119db1a2 100644
--- a/roles/openshift_metrics/handlers/main.yml
+++ b/roles/openshift_metrics/handlers/main.yml
@@ -17,7 +17,7 @@
   # Using curl here since the uri module requires python-httplib2 and
   # wait_for port doesn't provide health information.
   command: >
-    curl --silent
+    curl --silent --tlsv1.2
     {% if openshift.common.version_gte_3_2_or_1_2 | bool %}
     --cacert {{ openshift.common.config_base }}/master/ca-bundle.crt
     {% else %}
author	Scott Dodson <sdodson@redhat.com>	2016-11-02 15:26:55 -0400
committer	Scott Dodson <sdodson@redhat.com>	2016-11-02 15:33:17 -0400
commit	022530f6c3918816f1461e756f1e9a9001364abb (patch)
tree	d2aaedc764283fbfae776bdfee2eb88e5e6d9bc7
parent	76fca28ea37a791447974a823dc00508fbcd243a (diff)
download	openshift-022530f6c3918816f1461e756f1e9a9001364abb.tar.gz openshift-022530f6c3918816f1461e756f1e9a9001364abb.tar.bz2 openshift-022530f6c3918816f1461e756f1e9a9001364abb.tar.xz openshift-022530f6c3918816f1461e756f1e9a9001364abb.zip