From e0090381732d43de74715b9d41480b3c43391783 Mon Sep 17 00:00:00 2001
From: Kenny Woodson <kwoodson@redhat.com>
Date: Fri, 24 Feb 2017 16:46:06 -0500
Subject: Adding support for a route with certs and reencrypt.

---
 roles/openshift_hosted/tasks/registry/registry.yml |  4 +++
 roles/openshift_hosted/tasks/registry/secure.yml   | 32 +++++++++++++++++++++-
 2 files changed, 35 insertions(+), 1 deletion(-)

(limited to 'roles/openshift_hosted')

diff --git a/roles/openshift_hosted/tasks/registry/registry.yml b/roles/openshift_hosted/tasks/registry/registry.yml
index 2369c4e2e..f9441dd57 100644
--- a/roles/openshift_hosted/tasks/registry/registry.yml
+++ b/roles/openshift_hosted/tasks/registry/registry.yml
@@ -40,6 +40,9 @@
     openshift_hosted_registry_images: "{{ openshift.hosted.registry.registryurl | default('openshift3/ose-${component}:${version}')}}"
     openshift_hosted_registry_volumes: []
     openshift_hosted_registry_env_vars: {}
+    openshift_hosted_registry_route_certificates: "{{ openshift.hosted.registry.route.certificates | default(false) }}"
+    openshift_hosted_registry_route_host: "{{ openshift.hosted.registry.route.host | default(false) }}"
+    openshift_hosted_registry_route_termination: "{{ openshift.hosted.registry.route.termination | default('passthrough') }}"
     openshift_hosted_registry_edits:
     # These edits are being specified only to prevent 'changed' on rerun
     - key: spec.strategy.rollingParams
@@ -89,6 +92,7 @@
 
 - name: Create OpenShift registry
   oc_adm_registry:
+#debug: True
     name: "{{ openshift_hosted_registry_name }}"
     namespace: "{{ openshift_hosted_registry_namespace }}"
     selector: "{{ openshift_hosted_registry_selector }}"
diff --git a/roles/openshift_hosted/tasks/registry/secure.yml b/roles/openshift_hosted/tasks/registry/secure.yml
index e70d377c6..244979f2e 100644
--- a/roles/openshift_hosted/tasks/registry/secure.yml
+++ b/roles/openshift_hosted/tasks/registry/secure.yml
@@ -2,14 +2,43 @@
 - name: Set fact docker_registry_route_hostname
   set_fact:
     docker_registry_route_hostname: "{{ 'docker-registry-default.' ~ (openshift_master_default_subdomain | default('router.default.svc.cluster.local', true)) }}"
+  run_once: true
+
+#- name: Create passthrough route for docker-registry
+#  oc_route:
+#    name: docker-registry
+#    namespace: "{{ openshift_hosted_registry_namespace }}"
+#    service_name: docker-registry
+#    tls_termination: passthrough
+#    host: "{{ docker_registry_route_hostname }}"
+#  run_once: true
+- name: Get the certificate contents for registry
+  local_action:
+    module: slurp
+    src: "{{ item }}"
+  register: openshift_hosted_registry_certificate_content
+  with_items:
+  - "{{ (openshift_hosted_registry_route_certificates | default({'certfile':none})).certfile }}"
+  - "{{ (openshift_hosted_registry_route_certificates | default({'keyfile':none})).keyfile }}"
+  - "{{ (openshift_hosted_registry_route_certificates | default({'cafile':none})).cafile }}"
+  when: openshift_hosted_registry_route_certificates
+
+- debug: var=openshift_hosted_registry_certificate_content
+  when: openshift_hosted_registry_route_certificates
 
 - name: Create passthrough route for docker-registry
   oc_route:
     name: docker-registry
     namespace: "{{ openshift_hosted_registry_namespace }}"
     service_name: docker-registry
-    tls_termination: passthrough
     host: "{{ docker_registry_route_hostname }}"
+    tls_termination: "{{ openshift_hosted_registry_route_termination }}"
+    host: "{{ openshift_hosted_registry_route_host | default(docker_registry_route_hostname) }}"
+    cert_content: "{{ openshift_hosted_registry_certificate_content is defined | ternary(openshift_hosted_registry_certificate_content.results[0].content,omit) }}"
+    key_content: "{{ openshift_hosted_registry_certificate_content is defined | ternary(openshift_hosted_registry_certificate_content.results[0].content, omit) }}"
+    cacert_content: "{{ openshift_hosted_registry_certificate_content is defined | ternary(openshift_hosted_registry_certificate_content.results[0].content, omit) }}"
+    dest_cacert_path: "{{ openshift_hosted_registry_certificate_content is defined | ternary('/etc/origin/master/ca.crt', omit) }}"
+  run_once: true
 
 - name: Retrieve registry service IP
   oc_service:
@@ -17,6 +46,7 @@
     name: docker-registry
     state: list
   register: docker_registry_service_ip
+  run_once: true
 
 - name: Create registry certificates
   oc_adm_ca_server_cert:
-- 
cgit v1.2.1


From 74e890482f2be933634286f8b4cf488287cf6d39 Mon Sep 17 00:00:00 2001
From: Kenny Woodson <kwoodson@redhat.com>
Date: Mon, 27 Feb 2017 19:01:32 -0500
Subject: Modified base debug statements.  Fixed oc_secret debug/verbose flag. 
 Added reencrypt for route.

---
 roles/openshift_hosted/tasks/registry/registry.yml |  1 -
 roles/openshift_hosted/tasks/registry/secure.yml   | 24 ++++++++--------------
 roles/openshift_hosted/tasks/router/router.yml     |  3 ---
 3 files changed, 8 insertions(+), 20 deletions(-)

(limited to 'roles/openshift_hosted')

diff --git a/roles/openshift_hosted/tasks/registry/registry.yml b/roles/openshift_hosted/tasks/registry/registry.yml
index f9441dd57..5e9d5d06a 100644
--- a/roles/openshift_hosted/tasks/registry/registry.yml
+++ b/roles/openshift_hosted/tasks/registry/registry.yml
@@ -92,7 +92,6 @@
 
 - name: Create OpenShift registry
   oc_adm_registry:
-#debug: True
     name: "{{ openshift_hosted_registry_name }}"
     namespace: "{{ openshift_hosted_registry_namespace }}"
     selector: "{{ openshift_hosted_registry_selector }}"
diff --git a/roles/openshift_hosted/tasks/registry/secure.yml b/roles/openshift_hosted/tasks/registry/secure.yml
index 244979f2e..4692892f8 100644
--- a/roles/openshift_hosted/tasks/registry/secure.yml
+++ b/roles/openshift_hosted/tasks/registry/secure.yml
@@ -4,17 +4,10 @@
     docker_registry_route_hostname: "{{ 'docker-registry-default.' ~ (openshift_master_default_subdomain | default('router.default.svc.cluster.local', true)) }}"
   run_once: true
 
-#- name: Create passthrough route for docker-registry
-#  oc_route:
-#    name: docker-registry
-#    namespace: "{{ openshift_hosted_registry_namespace }}"
-#    service_name: docker-registry
-#    tls_termination: passthrough
-#    host: "{{ docker_registry_route_hostname }}"
-#  run_once: true
 - name: Get the certificate contents for registry
-  local_action:
-    module: slurp
+  copy:
+    backup: True
+    dest: "/etc/origin/master/named_certificates/{{ item | basename }}"
     src: "{{ item }}"
   register: openshift_hosted_registry_certificate_content
   with_items:
@@ -23,8 +16,7 @@
   - "{{ (openshift_hosted_registry_route_certificates | default({'cafile':none})).cafile }}"
   when: openshift_hosted_registry_route_certificates
 
-- debug: var=openshift_hosted_registry_certificate_content
-  when: openshift_hosted_registry_route_certificates
+- debug: var=openshift_hosted_registry_route_termination
 
 - name: Create passthrough route for docker-registry
   oc_route:
@@ -34,10 +26,10 @@
     host: "{{ docker_registry_route_hostname }}"
     tls_termination: "{{ openshift_hosted_registry_route_termination }}"
     host: "{{ openshift_hosted_registry_route_host | default(docker_registry_route_hostname) }}"
-    cert_content: "{{ openshift_hosted_registry_certificate_content is defined | ternary(openshift_hosted_registry_certificate_content.results[0].content,omit) }}"
-    key_content: "{{ openshift_hosted_registry_certificate_content is defined | ternary(openshift_hosted_registry_certificate_content.results[0].content, omit) }}"
-    cacert_content: "{{ openshift_hosted_registry_certificate_content is defined | ternary(openshift_hosted_registry_certificate_content.results[0].content, omit) }}"
-    dest_cacert_path: "{{ openshift_hosted_registry_certificate_content is defined | ternary('/etc/origin/master/ca.crt', omit) }}"
+    cert_path: "{{ ('certfile' in openshift_hosted_registry_route_certificates) | ternary('/etc/origin/master/named_certificates/' ~ (openshift_hosted_registry_route_certificates.certfile | basename), omit) }}"
+    key_path: "{{ ('keyfile' in openshift_hosted_registry_route_certificates) | ternary('/etc/origin/master/named_certificates/' ~ (openshift_hosted_registry_route_certificates.keyfile | basename), omit) }}"
+    cacert_path: "{{ ('cafile' in openshift_hosted_registry_route_certificates) | ternary('/etc/origin/master/named_certificates/' ~ (openshift_hosted_registry_route_certificates.cafile | basename), omit) }}"
+    dest_cacert_path: "{{ (openshift_hosted_registry_route_termination == 'reencrypt') | ternary('/etc/origin/master/ca.crt', omit) }}"
   run_once: true
 
 - name: Retrieve registry service IP
diff --git a/roles/openshift_hosted/tasks/router/router.yml b/roles/openshift_hosted/tasks/router/router.yml
index 607ace7f9..71ceff93a 100644
--- a/roles/openshift_hosted/tasks/router/router.yml
+++ b/roles/openshift_hosted/tasks/router/router.yml
@@ -71,9 +71,6 @@
     - key: spec.strategy.rollingParams.updatePeriodSeconds
       value: 1
       action: put
-    - key: spec.strategy.activeDeadlineSeconds
-      value: 21600
-      action: put
   register: routerout
 
 # This should probably move to module
-- 
cgit v1.2.1


From 5ae098b9da053c972a4d12b1a634fab07a6276d0 Mon Sep 17 00:00:00 2001
From: Kenny Woodson <kwoodson@redhat.com>
Date: Tue, 28 Feb 2017 17:54:16 -0500
Subject: Removed duplicate host param.

---
 roles/openshift_hosted/tasks/registry/secure.yml | 1 -
 1 file changed, 1 deletion(-)

(limited to 'roles/openshift_hosted')

diff --git a/roles/openshift_hosted/tasks/registry/secure.yml b/roles/openshift_hosted/tasks/registry/secure.yml
index 4692892f8..7b85c1076 100644
--- a/roles/openshift_hosted/tasks/registry/secure.yml
+++ b/roles/openshift_hosted/tasks/registry/secure.yml
@@ -23,7 +23,6 @@
     name: docker-registry
     namespace: "{{ openshift_hosted_registry_namespace }}"
     service_name: docker-registry
-    host: "{{ docker_registry_route_hostname }}"
     tls_termination: "{{ openshift_hosted_registry_route_termination }}"
     host: "{{ openshift_hosted_registry_route_host | default(docker_registry_route_hostname) }}"
     cert_path: "{{ ('certfile' in openshift_hosted_registry_route_certificates) | ternary('/etc/origin/master/named_certificates/' ~ (openshift_hosted_registry_route_certificates.certfile | basename), omit) }}"
-- 
cgit v1.2.1


From df2024ea268e93bf00ccc44b00f95ca0cb128219 Mon Sep 17 00:00:00 2001
From: Kenny Woodson <kwoodson@redhat.com>
Date: Wed, 1 Mar 2017 13:39:27 -0500
Subject: Defaulting variables properly to avoid undefined route in dict error.

---
 roles/openshift_hosted/tasks/registry/registry.yml |  6 ++---
 roles/openshift_hosted/tasks/registry/secure.yml   | 27 +++++++++++-----------
 2 files changed, 16 insertions(+), 17 deletions(-)

(limited to 'roles/openshift_hosted')

diff --git a/roles/openshift_hosted/tasks/registry/registry.yml b/roles/openshift_hosted/tasks/registry/registry.yml
index 5e9d5d06a..d49967837 100644
--- a/roles/openshift_hosted/tasks/registry/registry.yml
+++ b/roles/openshift_hosted/tasks/registry/registry.yml
@@ -40,9 +40,9 @@
     openshift_hosted_registry_images: "{{ openshift.hosted.registry.registryurl | default('openshift3/ose-${component}:${version}')}}"
     openshift_hosted_registry_volumes: []
     openshift_hosted_registry_env_vars: {}
-    openshift_hosted_registry_route_certificates: "{{ openshift.hosted.registry.route.certificates | default(false) }}"
-    openshift_hosted_registry_route_host: "{{ openshift.hosted.registry.route.host | default(false) }}"
-    openshift_hosted_registry_route_termination: "{{ openshift.hosted.registry.route.termination | default('passthrough') }}"
+    openshift_hosted_registry_routecertificates: "{{ ('routecertificates' in openshift.hosted.registry.keys()) | ternary(openshift.hosted.registry.routecertificates, {}) }}"
+    openshift_hosted_registry_routehost: "{{ ('routehost' in openshift.hosted.registry.keys()) | ternary(openshift.hosted.registry.routehost, False) }}"
+    openshift_hosted_registry_routetermination: "{{ ('routetermination' in openshift.hosted.registry.keys()) | ternary(openshift.hosted.registry.routetermination, 'passthrough') }}"
     openshift_hosted_registry_edits:
     # These edits are being specified only to prevent 'changed' on rerun
     - key: spec.strategy.rollingParams
diff --git a/roles/openshift_hosted/tasks/registry/secure.yml b/roles/openshift_hosted/tasks/registry/secure.yml
index 7b85c1076..9a0108a93 100644
--- a/roles/openshift_hosted/tasks/registry/secure.yml
+++ b/roles/openshift_hosted/tasks/registry/secure.yml
@@ -4,17 +4,16 @@
     docker_registry_route_hostname: "{{ 'docker-registry-default.' ~ (openshift_master_default_subdomain | default('router.default.svc.cluster.local', true)) }}"
   run_once: true
 
+- debug: var=openshift_hosted_registry_routecertificates
+
 - name: Get the certificate contents for registry
   copy:
     backup: True
-    dest: "/etc/origin/master/named_certificates/{{ item | basename }}"
-    src: "{{ item }}"
-  register: openshift_hosted_registry_certificate_content
-  with_items:
-  - "{{ (openshift_hosted_registry_route_certificates | default({'certfile':none})).certfile }}"
-  - "{{ (openshift_hosted_registry_route_certificates | default({'keyfile':none})).keyfile }}"
-  - "{{ (openshift_hosted_registry_route_certificates | default({'cafile':none})).cafile }}"
-  when: openshift_hosted_registry_route_certificates
+    dest: "/etc/origin/master/named_certificates/{{ item.value | basename }}"
+    src: "{{ item.value }}"
+  when: item.key in ['certfile', 'keyfile', 'cafile'] and item.value is not None
+  with_dict: "{{ openshift_hosted_registry_routecertificates }}"
+  when: openshift_hosted_registry_routecertificates
 
 - debug: var=openshift_hosted_registry_route_termination
 
@@ -23,12 +22,12 @@
     name: docker-registry
     namespace: "{{ openshift_hosted_registry_namespace }}"
     service_name: docker-registry
-    tls_termination: "{{ openshift_hosted_registry_route_termination }}"
-    host: "{{ openshift_hosted_registry_route_host | default(docker_registry_route_hostname) }}"
-    cert_path: "{{ ('certfile' in openshift_hosted_registry_route_certificates) | ternary('/etc/origin/master/named_certificates/' ~ (openshift_hosted_registry_route_certificates.certfile | basename), omit) }}"
-    key_path: "{{ ('keyfile' in openshift_hosted_registry_route_certificates) | ternary('/etc/origin/master/named_certificates/' ~ (openshift_hosted_registry_route_certificates.keyfile | basename), omit) }}"
-    cacert_path: "{{ ('cafile' in openshift_hosted_registry_route_certificates) | ternary('/etc/origin/master/named_certificates/' ~ (openshift_hosted_registry_route_certificates.cafile | basename), omit) }}"
-    dest_cacert_path: "{{ (openshift_hosted_registry_route_termination == 'reencrypt') | ternary('/etc/origin/master/ca.crt', omit) }}"
+    tls_termination: "{{ openshift_hosted_registry_routetermination }}"
+    host: "{{ openshift_hosted_registry_routehost | default(docker_registry_route_hostname) }}"
+    cert_path: "{{ ('certfile' in openshift_hosted_registry_routecertificates) | ternary('/etc/origin/master/named_certificates/' ~ (openshift_hosted_registry_routecertificates.certfile | basename), omit) }}"
+    key_path: "{{ ('keyfile' in openshift_hosted_registry_routecertificates) | ternary('/etc/origin/master/named_certificates/' ~ (openshift_hosted_registry_routecertificates.keyfile | basename), omit) }}"
+    cacert_path: "{{ ('cafile' in openshift_hosted_registry_routecertificates) | ternary('/etc/origin/master/named_certificates/' ~ (openshift_hosted_registry_routecertificates.cafile | basename), omit) }}"
+    dest_cacert_path: "{{ (openshift_hosted_registry_routetermination == 'reencrypt') | ternary('/etc/origin/master/ca.crt', omit) }}"
   run_once: true
 
 - name: Retrieve registry service IP
-- 
cgit v1.2.1


From 5ada5e9bcad7a8d361b47bb471c681964490be5f Mon Sep 17 00:00:00 2001
From: Kenny Woodson <kwoodson@redhat.com>
Date: Wed, 1 Mar 2017 14:44:54 -0500
Subject: Separating routes so logic is simpler.

---
 roles/openshift_hosted/tasks/registry/secure.yml | 36 ++++++++++++++++++++----
 1 file changed, 30 insertions(+), 6 deletions(-)

(limited to 'roles/openshift_hosted')

diff --git a/roles/openshift_hosted/tasks/registry/secure.yml b/roles/openshift_hosted/tasks/registry/secure.yml
index 9a0108a93..a082a075a 100644
--- a/roles/openshift_hosted/tasks/registry/secure.yml
+++ b/roles/openshift_hosted/tasks/registry/secure.yml
@@ -6,6 +6,12 @@
 
 - debug: var=openshift_hosted_registry_routecertificates
 
+- debug:
+    msg: "{{ ('cafile' in openshift_hosted_registry_routecertificates) }}"
+
+- debug:
+    msg: "{{ ('cafile' in openshift_hosted_registry_routecertificates) | ternary('THIS IS TRUE', 'THIS IS FALSE') }}"
+
 - name: Get the certificate contents for registry
   copy:
     backup: True
@@ -15,20 +21,38 @@
   with_dict: "{{ openshift_hosted_registry_routecertificates }}"
   when: openshift_hosted_registry_routecertificates
 
-- debug: var=openshift_hosted_registry_route_termination
+# When certificates are defined we will create the reencrypt
+# docker-registry route
+- name: Create a reencrypt route for docker-registry
+  run_once: true
+  oc_route:
+    name: docker-registry
+    namespace: "{{ openshift_hosted_registry_namespace }}"
+    service_name: docker-registry
+    tls_termination: "{{ openshift_hosted_registry_routetermination }}"
+    host: "{{ openshift_hosted_registry_routehost | default(docker_registry_route_hostname) }}"
+    cert_path: "/etc/origin/master/named_certificates/{{ openshift_hosted_registry_routecertificates['certfile'] | basename }}"
+    key_path: "/etc/origin/master/named_certificates/{{ openshift_hosted_registry_routecertificates['keyfile'] | basename }}"
+    cacert_path: "/etc/origin/master/named_certificates/{{ openshift_hosted_registry_routecertificates['cafile'] | basename }}"
+    dest_cacert_path: /etc/origin/master/ca.crt
+  when:
+  - "'cafile' in openshift_hosted_registry_routecertificates"
+  - "'certfile' in openshift_hosted_registry_routecertificates"
+  - "'keyfile' in openshift_hosted_registry_routecertificates"
 
+- debug:
+    msg: "{{ openshift_hosted_registry_routehost | default(docker_registry_route_hostname) }}"
+
+# When routetermination is passthrough we will create the route
 - name: Create passthrough route for docker-registry
   oc_route:
     name: docker-registry
     namespace: "{{ openshift_hosted_registry_namespace }}"
     service_name: docker-registry
     tls_termination: "{{ openshift_hosted_registry_routetermination }}"
-    host: "{{ openshift_hosted_registry_routehost | default(docker_registry_route_hostname) }}"
-    cert_path: "{{ ('certfile' in openshift_hosted_registry_routecertificates) | ternary('/etc/origin/master/named_certificates/' ~ (openshift_hosted_registry_routecertificates.certfile | basename), omit) }}"
-    key_path: "{{ ('keyfile' in openshift_hosted_registry_routecertificates) | ternary('/etc/origin/master/named_certificates/' ~ (openshift_hosted_registry_routecertificates.keyfile | basename), omit) }}"
-    cacert_path: "{{ ('cafile' in openshift_hosted_registry_routecertificates) | ternary('/etc/origin/master/named_certificates/' ~ (openshift_hosted_registry_routecertificates.cafile | basename), omit) }}"
-    dest_cacert_path: "{{ (openshift_hosted_registry_routetermination == 'reencrypt') | ternary('/etc/origin/master/ca.crt', omit) }}"
+    host: "{{ openshift_hosted_registry_routehost | ternary(openshift_hosted_registry_routehost, docker_registry_route_hostname) }}"
   run_once: true
+  when: openshift_hosted_registry_routetermination == 'passthrough'
 
 - name: Retrieve registry service IP
   oc_service:
-- 
cgit v1.2.1


From efd4350d9147dc1ed3331edbd338661eac271032 Mon Sep 17 00:00:00 2001
From: Kenny Woodson <kwoodson@redhat.com>
Date: Wed, 1 Mar 2017 14:55:31 -0500
Subject: Adding the activeDeadlineSeconds.  Removed debug.

---
 roles/openshift_hosted/tasks/registry/secure.yml | 11 -----------
 roles/openshift_hosted/tasks/router/router.yml   |  3 +++
 2 files changed, 3 insertions(+), 11 deletions(-)

(limited to 'roles/openshift_hosted')

diff --git a/roles/openshift_hosted/tasks/registry/secure.yml b/roles/openshift_hosted/tasks/registry/secure.yml
index a082a075a..927c9aa03 100644
--- a/roles/openshift_hosted/tasks/registry/secure.yml
+++ b/roles/openshift_hosted/tasks/registry/secure.yml
@@ -4,14 +4,6 @@
     docker_registry_route_hostname: "{{ 'docker-registry-default.' ~ (openshift_master_default_subdomain | default('router.default.svc.cluster.local', true)) }}"
   run_once: true
 
-- debug: var=openshift_hosted_registry_routecertificates
-
-- debug:
-    msg: "{{ ('cafile' in openshift_hosted_registry_routecertificates) }}"
-
-- debug:
-    msg: "{{ ('cafile' in openshift_hosted_registry_routecertificates) | ternary('THIS IS TRUE', 'THIS IS FALSE') }}"
-
 - name: Get the certificate contents for registry
   copy:
     backup: True
@@ -40,9 +32,6 @@
   - "'certfile' in openshift_hosted_registry_routecertificates"
   - "'keyfile' in openshift_hosted_registry_routecertificates"
 
-- debug:
-    msg: "{{ openshift_hosted_registry_routehost | default(docker_registry_route_hostname) }}"
-
 # When routetermination is passthrough we will create the route
 - name: Create passthrough route for docker-registry
   oc_route:
diff --git a/roles/openshift_hosted/tasks/router/router.yml b/roles/openshift_hosted/tasks/router/router.yml
index 71ceff93a..607ace7f9 100644
--- a/roles/openshift_hosted/tasks/router/router.yml
+++ b/roles/openshift_hosted/tasks/router/router.yml
@@ -71,6 +71,9 @@
     - key: spec.strategy.rollingParams.updatePeriodSeconds
       value: 1
       action: put
+    - key: spec.strategy.activeDeadlineSeconds
+      value: 21600
+      action: put
   register: routerout
 
 # This should probably move to module
-- 
cgit v1.2.1


From 2a0f716a79829292d61096a0f93c5add1445be68 Mon Sep 17 00:00:00 2001
From: Kenny Woodson <kwoodson@redhat.com>
Date: Wed, 1 Mar 2017 15:04:34 -0500
Subject: Removing run_once.

---
 roles/openshift_hosted/tasks/registry/secure.yml | 4 ----
 1 file changed, 4 deletions(-)

(limited to 'roles/openshift_hosted')

diff --git a/roles/openshift_hosted/tasks/registry/secure.yml b/roles/openshift_hosted/tasks/registry/secure.yml
index 927c9aa03..90b11f438 100644
--- a/roles/openshift_hosted/tasks/registry/secure.yml
+++ b/roles/openshift_hosted/tasks/registry/secure.yml
@@ -2,7 +2,6 @@
 - name: Set fact docker_registry_route_hostname
   set_fact:
     docker_registry_route_hostname: "{{ 'docker-registry-default.' ~ (openshift_master_default_subdomain | default('router.default.svc.cluster.local', true)) }}"
-  run_once: true
 
 - name: Get the certificate contents for registry
   copy:
@@ -16,7 +15,6 @@
 # When certificates are defined we will create the reencrypt
 # docker-registry route
 - name: Create a reencrypt route for docker-registry
-  run_once: true
   oc_route:
     name: docker-registry
     namespace: "{{ openshift_hosted_registry_namespace }}"
@@ -40,7 +38,6 @@
     service_name: docker-registry
     tls_termination: "{{ openshift_hosted_registry_routetermination }}"
     host: "{{ openshift_hosted_registry_routehost | ternary(openshift_hosted_registry_routehost, docker_registry_route_hostname) }}"
-  run_once: true
   when: openshift_hosted_registry_routetermination == 'passthrough'
 
 - name: Retrieve registry service IP
@@ -49,7 +46,6 @@
     name: docker-registry
     state: list
   register: docker_registry_service_ip
-  run_once: true
 
 - name: Create registry certificates
   oc_adm_ca_server_cert:
-- 
cgit v1.2.1


From e62a4bf341637bc26503a9ba5246afb9b016ea36 Mon Sep 17 00:00:00 2001
From: Kenny Woodson <kwoodson@redhat.com>
Date: Wed, 1 Mar 2017 15:52:53 -0500
Subject: removing extra when condition

---
 roles/openshift_hosted/tasks/registry/secure.yml | 1 -
 1 file changed, 1 deletion(-)

(limited to 'roles/openshift_hosted')

diff --git a/roles/openshift_hosted/tasks/registry/secure.yml b/roles/openshift_hosted/tasks/registry/secure.yml
index 90b11f438..bd513b943 100644
--- a/roles/openshift_hosted/tasks/registry/secure.yml
+++ b/roles/openshift_hosted/tasks/registry/secure.yml
@@ -10,7 +10,6 @@
     src: "{{ item.value }}"
   when: item.key in ['certfile', 'keyfile', 'cafile'] and item.value is not None
   with_dict: "{{ openshift_hosted_registry_routecertificates }}"
-  when: openshift_hosted_registry_routecertificates
 
 # When certificates are defined we will create the reencrypt
 # docker-registry route
-- 
cgit v1.2.1