From 5aff702d10b79822098ca68f9ee3184be45775d7 Mon Sep 17 00:00:00 2001
From: Andrew Butcher <abutcher@redhat.com>
Date: Thu, 22 Oct 2015 13:12:22 -0400
Subject: Don't include proxy client cert when <3.1 or <1.1

---
 playbooks/common/openshift-master/config.yml       | 10 +++++++---
 roles/openshift_master_certificates/tasks/main.yml |  5 +++--
 2 files changed, 10 insertions(+), 5 deletions(-)

diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml
index ecea608b2..47e568f06 100644
--- a/playbooks/common/openshift-master/config.yml
+++ b/playbooks/common/openshift-master/config.yml
@@ -133,11 +133,14 @@
 - name: Determine if master certificates need to be generated
   hosts: oo_masters_to_config
   tasks:
+  - set_fact:
+      include_proxy_client_cert: "{{ (openshift.common.version | version_compare('1.0.6', '>')) if openshift.common.deployment_type == 'origin' else (openshift.common.version | version_compare('3.0.2', '>')) }}"
+
   - set_fact:
       openshift_master_certs_no_etcd:
       - admin.crt
       - master.kubelet-client.crt
-      - master.proxy-client.crt
+      - "{{ 'master.proxy-client.crt' if include_proxy_client_cert else omit }}"
       - master.server.crt
       - openshift-master.crt
       - openshift-registry.crt
@@ -155,9 +158,9 @@
     with_items: openshift_master_certs
     register: g_master_cert_stat_result
   - set_fact:
-      master_certs_missing: "{{ g_master_cert_stat_result.results
+      master_certs_missing: "{{ False in (g_master_cert_stat_result.results
                                 | map(attribute='stat.exists')
-                                | list | intersect([false])}}"
+                                | list ) }}"
       master_cert_subdir: master-{{ openshift.common.hostname }}
       master_cert_config_dir: "{{ openshift.common.config_base }}/master"
 
@@ -189,6 +192,7 @@
     args:
       creates: "{{ master_generated_certs_dir }}/{{ item.master_cert_subdir }}.tgz"
     with_items: masters_needing_certs
+
   - name: Retrieve the master cert tarball from the master
     fetch:
       src: "{{ master_generated_certs_dir }}/{{ item.master_cert_subdir }}.tgz"
diff --git a/roles/openshift_master_certificates/tasks/main.yml b/roles/openshift_master_certificates/tasks/main.yml
index 0d75a9eb3..87e8181c1 100644
--- a/roles/openshift_master_certificates/tasks/main.yml
+++ b/roles/openshift_master_certificates/tasks/main.yml
@@ -20,6 +20,8 @@
     - admin.kubeconfig
     - master.kubelet-client.crt
     - master.kubelet-client.key
+    - "{{ 'master.proxy-client.crt' if openshift.master.include_proxy_client_cert else omit }}"
+    - "{{ 'master.proxy-client.key' if openshift.master.include_proxy_client_cert else omit }}"
     - openshift-master.crt
     - openshift-master.key
     - openshift-master.kubeconfig
@@ -41,6 +43,5 @@
       --public-master={{ item.openshift.master.public_api_url }}
       --cert-dir={{ openshift_generated_configs_dir }}/{{ item.master_cert_subdir }}
       --overwrite=false
-  args:
-    creates: "{{ openshift_generated_configs_dir }}/{{ item.master_cert_subdir }}/master.server.crt"
+  when: master_certs_missing
   with_items: masters_needing_certs
-- 
cgit v1.2.1