From 917e871843192b107776ce8459b87f3960e455ed Mon Sep 17 00:00:00 2001
From: Andrew Butcher <abutcher@redhat.com>
Date: Wed, 26 Oct 2016 14:59:05 -0400
Subject: Restructure certificate redeploy playbooks

---
 filter_plugins/openshift_master.py | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'filter_plugins')

diff --git a/filter_plugins/openshift_master.py b/filter_plugins/openshift_master.py
index f209d6c3b..77b0a3dc9 100644
--- a/filter_plugins/openshift_master.py
+++ b/filter_plugins/openshift_master.py
@@ -517,13 +517,11 @@ class FilterModule(object):
         return valid
 
     @staticmethod
-    def certificates_to_synchronize(hostvars, include_keys=True):
+    def certificates_to_synchronize(hostvars, include_keys=True, include_ca=True):
         ''' Return certificates to synchronize based on facts. '''
         if not issubclass(type(hostvars), dict):
             raise errors.AnsibleFilterError("|failed expects hostvars is a dict")
-        certs = ['ca.crt',
-                 'ca.key',
-                 'admin.crt',
+        certs = ['admin.crt',
                  'admin.key',
                  'admin.kubeconfig',
                  'master.kubelet-client.crt',
@@ -534,6 +532,8 @@ class FilterModule(object):
                  'openshift-router.crt',
                  'openshift-router.key',
                  'openshift-router.kubeconfig']
+        if bool(include_ca):
+            certs += ['ca.crt', 'ca.key']
         if bool(include_keys):
             certs += ['serviceaccounts.private.key',
                       'serviceaccounts.public.key']
-- 
cgit v1.2.1