summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--filter_plugins/openshift_master.py31
-rw-r--r--roles/openshift_master_certificates/tasks/main.yml9
2 files changed, 39 insertions, 1 deletions
diff --git a/filter_plugins/openshift_master.py b/filter_plugins/openshift_master.py
index c41367f05..3a1d77f53 100644
--- a/filter_plugins/openshift_master.py
+++ b/filter_plugins/openshift_master.py
@@ -501,7 +501,36 @@ class FilterModule(object):
valid = False
return valid
+ @staticmethod
+ def certificates_to_synchronize(hostvars):
+ ''' Return certificates to synchronize based on facts. '''
+ if not issubclass(type(hostvars), dict):
+ raise errors.AnsibleFilterError("|failed expects hostvars is a dict")
+ certs = ['admin.crt',
+ 'admin.key',
+ 'admin.kubeconfig',
+ 'master.kubelet-client.crt',
+ 'master.kubelet-client.key',
+ 'openshift-registry.crt',
+ 'openshift-registry.key',
+ 'openshift-registry.kubeconfig',
+ 'openshift-router.crt',
+ 'openshift-router.key',
+ 'openshift-router.kubeconfig',
+ 'serviceaccounts.private.key',
+ 'serviceaccounts.public.key']
+ if bool(hostvars['openshift']['common']['version_gte_3_1_or_1_1']):
+ certs += ['master.proxy-client.crt',
+ 'master.proxy-client.key']
+ if not bool(hostvars['openshift']['common']['version_gte_3_2_or_1_2']):
+ certs += ['openshift-master.crt',
+ 'openshift-master.key',
+ 'openshift-master.kubeconfig']
+ return certs
+
+
def filters(self):
''' returns a mapping of filters to methods '''
return {"translate_idps": self.translate_idps,
- "validate_pcs_cluster": self.validate_pcs_cluster}
+ "validate_pcs_cluster": self.validate_pcs_cluster,
+ "certificates_to_synchronize": self.certificates_to_synchronize}
diff --git a/roles/openshift_master_certificates/tasks/main.yml b/roles/openshift_master_certificates/tasks/main.yml
index 72869a592..38b48e98c 100644
--- a/roles/openshift_master_certificates/tasks/main.yml
+++ b/roles/openshift_master_certificates/tasks/main.yml
@@ -27,3 +27,12 @@
--overwrite=false
when: item.master_certs_missing | bool
with_items: masters_needing_certs
+
+- file:
+ src: "{{ openshift_master_config_dir }}/{{ item.1 }}"
+ dest: "{{ openshift_generated_configs_dir }}/{{ item.0.master_cert_subdir }}/{{ item.1 }}"
+ state: hard
+ force: true
+ with_nested:
+ - masters_needing_certs
+ - "{{ hostvars[openshift.common.hostname] | certificates_to_synchronize }}"