From 74e890482f2be933634286f8b4cf488287cf6d39 Mon Sep 17 00:00:00 2001
From: Kenny Woodson <kwoodson@redhat.com>
Date: Mon, 27 Feb 2017 19:01:32 -0500
Subject: Modified base debug statements.  Fixed oc_secret debug/verbose flag. 
 Added reencrypt for route.

---
 roles/openshift_hosted/tasks/registry/registry.yml |  1 -
 roles/openshift_hosted/tasks/registry/secure.yml   | 24 ++++++++--------------
 roles/openshift_hosted/tasks/router/router.yml     |  3 ---
 3 files changed, 8 insertions(+), 20 deletions(-)

(limited to 'roles/openshift_hosted')

diff --git a/roles/openshift_hosted/tasks/registry/registry.yml b/roles/openshift_hosted/tasks/registry/registry.yml
index f9441dd57..5e9d5d06a 100644
--- a/roles/openshift_hosted/tasks/registry/registry.yml
+++ b/roles/openshift_hosted/tasks/registry/registry.yml
@@ -92,7 +92,6 @@
 
 - name: Create OpenShift registry
   oc_adm_registry:
-#debug: True
     name: "{{ openshift_hosted_registry_name }}"
     namespace: "{{ openshift_hosted_registry_namespace }}"
     selector: "{{ openshift_hosted_registry_selector }}"
diff --git a/roles/openshift_hosted/tasks/registry/secure.yml b/roles/openshift_hosted/tasks/registry/secure.yml
index 244979f2e..4692892f8 100644
--- a/roles/openshift_hosted/tasks/registry/secure.yml
+++ b/roles/openshift_hosted/tasks/registry/secure.yml
@@ -4,17 +4,10 @@
     docker_registry_route_hostname: "{{ 'docker-registry-default.' ~ (openshift_master_default_subdomain | default('router.default.svc.cluster.local', true)) }}"
   run_once: true
 
-#- name: Create passthrough route for docker-registry
-#  oc_route:
-#    name: docker-registry
-#    namespace: "{{ openshift_hosted_registry_namespace }}"
-#    service_name: docker-registry
-#    tls_termination: passthrough
-#    host: "{{ docker_registry_route_hostname }}"
-#  run_once: true
 - name: Get the certificate contents for registry
-  local_action:
-    module: slurp
+  copy:
+    backup: True
+    dest: "/etc/origin/master/named_certificates/{{ item | basename }}"
     src: "{{ item }}"
   register: openshift_hosted_registry_certificate_content
   with_items:
@@ -23,8 +16,7 @@
   - "{{ (openshift_hosted_registry_route_certificates | default({'cafile':none})).cafile }}"
   when: openshift_hosted_registry_route_certificates
 
-- debug: var=openshift_hosted_registry_certificate_content
-  when: openshift_hosted_registry_route_certificates
+- debug: var=openshift_hosted_registry_route_termination
 
 - name: Create passthrough route for docker-registry
   oc_route:
@@ -34,10 +26,10 @@
     host: "{{ docker_registry_route_hostname }}"
     tls_termination: "{{ openshift_hosted_registry_route_termination }}"
     host: "{{ openshift_hosted_registry_route_host | default(docker_registry_route_hostname) }}"
-    cert_content: "{{ openshift_hosted_registry_certificate_content is defined | ternary(openshift_hosted_registry_certificate_content.results[0].content,omit) }}"
-    key_content: "{{ openshift_hosted_registry_certificate_content is defined | ternary(openshift_hosted_registry_certificate_content.results[0].content, omit) }}"
-    cacert_content: "{{ openshift_hosted_registry_certificate_content is defined | ternary(openshift_hosted_registry_certificate_content.results[0].content, omit) }}"
-    dest_cacert_path: "{{ openshift_hosted_registry_certificate_content is defined | ternary('/etc/origin/master/ca.crt', omit) }}"
+    cert_path: "{{ ('certfile' in openshift_hosted_registry_route_certificates) | ternary('/etc/origin/master/named_certificates/' ~ (openshift_hosted_registry_route_certificates.certfile | basename), omit) }}"
+    key_path: "{{ ('keyfile' in openshift_hosted_registry_route_certificates) | ternary('/etc/origin/master/named_certificates/' ~ (openshift_hosted_registry_route_certificates.keyfile | basename), omit) }}"
+    cacert_path: "{{ ('cafile' in openshift_hosted_registry_route_certificates) | ternary('/etc/origin/master/named_certificates/' ~ (openshift_hosted_registry_route_certificates.cafile | basename), omit) }}"
+    dest_cacert_path: "{{ (openshift_hosted_registry_route_termination == 'reencrypt') | ternary('/etc/origin/master/ca.crt', omit) }}"
   run_once: true
 
 - name: Retrieve registry service IP
diff --git a/roles/openshift_hosted/tasks/router/router.yml b/roles/openshift_hosted/tasks/router/router.yml
index 607ace7f9..71ceff93a 100644
--- a/roles/openshift_hosted/tasks/router/router.yml
+++ b/roles/openshift_hosted/tasks/router/router.yml
@@ -71,9 +71,6 @@
     - key: spec.strategy.rollingParams.updatePeriodSeconds
       value: 1
       action: put
-    - key: spec.strategy.activeDeadlineSeconds
-      value: 21600
-      action: put
   register: routerout
 
 # This should probably move to module
-- 
cgit v1.2.1