diff options
| author | Jason DeTiberus <jdetiber@redhat.com> | 2015-07-14 14:48:38 -0400 |
|---|---|---|
| committer | Jason DeTiberus <jdetiber@redhat.com> | 2015-07-17 14:54:03 -0400 |
| commit | 6b4282004a4331d9db0e0ab857c96d83a738d82c (patch) | |
| tree | acf3c0a07b9dfddd87effb805bc13bec3b4eb97b /roles/openshift_master_certificates | |
| parent | 167bee246f1a032a99e3003dc1b75c1307269973 (diff) | |
| download | openshift-6b4282004a4331d9db0e0ab857c96d83a738d82c.tar.gz openshift-6b4282004a4331d9db0e0ab857c96d83a738d82c.tar.bz2 openshift-6b4282004a4331d9db0e0ab857c96d83a738d82c.tar.xz openshift-6b4282004a4331d9db0e0ab857c96d83a738d82c.zip | |
Initial HA master
- Ability to specify multiple masters
- configures the CA only a single time on the first master
- creates and distributes additional certs for additional master hosts
- Depending on the status of openshift_master_cluster_defer_ha (defaults to
False) one of two actions are taken when multiple masters are defined
1. If openshift_master_cluster_defer_ha is true
a. Certs/configs for all masters are deployed
b. openshift-master service is only started and enabled on the master
c. HA configuration is expected to be handled by the user manually after
the completion of the playbook run.
2. If oepnshift_master_cluster_defer_ha is false or undefined
a. Certs/configs for all masters are deployed
b. a Pacemaker/RHEL HA cluster is configured
i. VIPs are configured based on the values of
openshift_master_cluster_vip and
openshift_master_cluster_plublic_vip
ii. The openshift-master service is configured as an active/passive
cluster service
Diffstat (limited to 'roles/openshift_master_certificates')
| -rw-r--r-- | roles/openshift_master_certificates/tasks/main.yml | 16 | ||||
| -rw-r--r-- | roles/openshift_master_certificates/vars/main.yml | 3 |
2 files changed, 12 insertions, 7 deletions
diff --git a/roles/openshift_master_certificates/tasks/main.yml b/roles/openshift_master_certificates/tasks/main.yml index b5a3f8e40..297d53bcd 100644 --- a/roles/openshift_master_certificates/tasks/main.yml +++ b/roles/openshift_master_certificates/tasks/main.yml @@ -7,14 +7,20 @@ with_items: masters_needing_certs - file: - src: "{{ openshift_master_ca_cert }}" - dest: "{{ openshift_generated_configs_dir }}/{{ item.master_cert_subdir }}/ca.crt" - with_items: masters_needing_certs + src: "{{ openshift_master_config_dir }}/{{ item.1 }}" + dest: "{{ openshift_generated_configs_dir }}/{{ item.0.master_cert_subdir }}/{{ item.1 }}" + state: hard + with_nested: + - masters_needing_certs + - - ca.crt + - ca.key + - ca.serial.txt + - name: Create the master certificates if they do not already exist command: > {{ openshift.common.admin_binary }} create-master-certs - --hostnames={{ item.openshift.common.hostname }},{{ item.openshift.common.public_hostname }} + --hostnames={{ item.openshift.common.all_hostnames | join(',') }} --master={{ item.openshift.master.api_url }} --public-master={{ item.openshift.master.public_api_url }} --cert-dir={{ openshift_generated_configs_dir }}/{{ item.master_cert_subdir }} @@ -22,3 +28,5 @@ args: creates: "{{ openshift_generated_configs_dir }}/{{ item.master_cert_subdir }}/master.server.crt" with_items: masters_needing_certs + + diff --git a/roles/openshift_master_certificates/vars/main.yml b/roles/openshift_master_certificates/vars/main.yml index 6e577b13b..6214f7918 100644 --- a/roles/openshift_master_certificates/vars/main.yml +++ b/roles/openshift_master_certificates/vars/main.yml @@ -1,6 +1,3 @@ --- openshift_generated_configs_dir: /etc/openshift/generated-configs openshift_master_config_dir: /etc/openshift/master -openshift_master_ca_cert: "{{ openshift_master_config_dir }}/ca.crt" -openshift_master_ca_key: "{{ openshift_master_config_dir }}/ca.key" -openshift_master_ca_serial: "{{ openshift_master_config_dir }}/ca.serial.txt" |