--- - name: Redeploy master certificates hosts: oo_masters_to_config any_errors_fatal: true vars: openshift_ca_host: "{{ groups.oo_first_master.0 }}" openshift_master_count: "{{ openshift.master.master_count | default(groups.oo_masters | length) }}" pre_tasks: - stat: path: "{{ openshift_generated_configs_dir }}" register: openshift_generated_configs_dir_stat - name: Backup generated certificate and config directories command: > tar -czvf /etc/origin/master-node-cert-config-backup-{{ ansible_date_time.epoch }}.tgz {{ openshift_generated_configs_dir }} {{ openshift.common.config_base }}/master when: openshift_generated_configs_dir_stat.stat.exists delegate_to: "{{ openshift_ca_host }}" run_once: true - name: Remove generated certificate directories file: path: "{{ item }}" state: absent with_items: - "{{ openshift_generated_configs_dir }}" - name: Remove generated certificates file: path: "{{ openshift.common.config_base }}/master/{{ item }}" state: absent with_items: - "{{ hostvars[inventory_hostname] | certificates_to_synchronize(include_keys=false, include_ca=false) }}" - "etcd.server.crt" - "etcd.server.key" - "master.server.crt" - "master.server.key" - "openshift-master.crt" - "openshift-master.key" - "openshift-master.kubeconfig" - name: Remove generated etcd client certificates file: path: "{{ openshift.common.config_base }}/master/{{ item }}" state: absent with_items: - "master.etcd-client.crt" - "master.etcd-client.key" when: groups.oo_etcd_to_config | default([]) | length == 0 roles: - role: openshift_master_certificates openshift_master_etcd_hosts: "{{ hostvars | oo_select_keys(groups['oo_etcd_to_config'] | default([])) | oo_collect('openshift.common.hostname') | default(none, true) }}" openshift_certificates_redeploy: true