summaryrefslogtreecommitdiffstats
path: root/roles
diff options
context:
space:
mode:
authorAndrew Butcher <abutcher@redhat.com>2016-02-05 12:47:29 -0500
committerAndrew Butcher <abutcher@redhat.com>2016-02-16 14:21:04 -0500
commit02cf4ef8e279602190ae991f028dc36793747e9e (patch)
tree62403c6c357dfc8500d89c7d6fb32e70d4470a53 /roles
parent6d3e1764658582150f6c776c2662075531ccf70f (diff)
downloadopenshift-02cf4ef8e279602190ae991f028dc36793747e9e.tar.gz
openshift-02cf4ef8e279602190ae991f028dc36793747e9e.tar.bz2
openshift-02cf4ef8e279602190ae991f028dc36793747e9e.tar.xz
openshift-02cf4ef8e279602190ae991f028dc36793747e9e.zip
Generate each master's certificates separately.
Diffstat (limited to 'roles')
-rw-r--r--roles/openshift_master_ca/tasks/main.yml2
-rw-r--r--roles/openshift_master_certificates/tasks/main.yml34
2 files changed, 6 insertions, 30 deletions
diff --git a/roles/openshift_master_ca/tasks/main.yml b/roles/openshift_master_ca/tasks/main.yml
index 6d9be81c0..66960e73e 100644
--- a/roles/openshift_master_ca/tasks/main.yml
+++ b/roles/openshift_master_ca/tasks/main.yml
@@ -25,4 +25,4 @@
--master={{ openshift.master.api_url }}
--public-master={{ openshift.master.public_api_url }}
--cert-dir={{ openshift_master_config_dir }} --overwrite=false
- when: master_certs_missing
+ when: master_certs_missing | bool
diff --git a/roles/openshift_master_certificates/tasks/main.yml b/roles/openshift_master_certificates/tasks/main.yml
index 7c58e943a..72869a592 100644
--- a/roles/openshift_master_certificates/tasks/main.yml
+++ b/roles/openshift_master_certificates/tasks/main.yml
@@ -6,40 +6,16 @@
mode: 0700
with_items: masters_needing_certs
-- set_fact:
- master_certificates:
- - ca.crt
- - ca.key
- - ca.serial.txt
- - admin.crt
- - admin.key
- - admin.kubeconfig
- - master.kubelet-client.crt
- - master.kubelet-client.key
- - master.server.crt
- - master.server.key
- - openshift-master.crt
- - openshift-master.key
- - openshift-master.kubeconfig
- - openshift-registry.crt
- - openshift-registry.key
- - openshift-registry.kubeconfig
- - openshift-router.crt
- - openshift-router.key
- - openshift-router.kubeconfig
- - serviceaccounts.private.key
- - serviceaccounts.public.key
- master_31_certificates:
- - master.proxy-client.crt
- - master.proxy-client.key
-
- file:
src: "{{ openshift_master_config_dir }}/{{ item.1 }}"
dest: "{{ openshift_generated_configs_dir }}/{{ item.0.master_cert_subdir }}/{{ item.1 }}"
state: hard
with_nested:
- masters_needing_certs
- - "{{ master_certificates | union(master_31_certificates) if openshift.common.version_gte_3_1_or_1_1 | bool else master_certificates }}"
+ -
+ - ca.crt
+ - ca.key
+ - ca.serial.txt
- name: Create the master certificates if they do not already exist
command: >
@@ -49,5 +25,5 @@
--public-master={{ item.openshift.master.public_api_url }}
--cert-dir={{ openshift_generated_configs_dir }}/{{ item.master_cert_subdir }}
--overwrite=false
- when: master_certs_missing
+ when: item.master_certs_missing | bool
with_items: masters_needing_certs