summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorScott Dodson <sdodson@redhat.com>2017-04-07 18:20:23 -0400
committerScott Dodson <sdodson@redhat.com>2017-05-01 14:50:48 -0400
commit28bcb25d55fab7f4fe0c8b3cd1a260057f163b62 (patch)
treec5f277321aed647f04fca9ccf7f59c98469ba5f2
parentf029779f50fe1fa9b56060ede2fcaeea29f5b198 (diff)
downloadopenshift-28bcb25d55fab7f4fe0c8b3cd1a260057f163b62.tar.gz
openshift-28bcb25d55fab7f4fe0c8b3cd1a260057f163b62.tar.bz2
openshift-28bcb25d55fab7f4fe0c8b3cd1a260057f163b62.tar.xz
openshift-28bcb25d55fab7f4fe0c8b3cd1a260057f163b62.zip
Use openshift_ca_host's hostnames to sign the CA
If for some reason oo_first_master and openshift_ca_host are different we could've signed the CA with the wrong hostnames.
-rw-r--r--roles/openshift_ca/tasks/main.yml2
1 files changed, 1 insertions, 1 deletions
diff --git a/roles/openshift_ca/tasks/main.yml b/roles/openshift_ca/tasks/main.yml
index 3b17d9ed6..c7b906949 100644
--- a/roles/openshift_ca/tasks/main.yml
+++ b/roles/openshift_ca/tasks/main.yml
@@ -95,7 +95,7 @@
{% for legacy_ca_certificate in g_master_legacy_ca_result.files | default([]) | oo_collect('path') %}
--certificate-authority {{ legacy_ca_certificate }}
{% endfor %}
- --hostnames={{ openshift.common.all_hostnames | join(',') }}
+ --hostnames={{ hostvars[openshift_ca_host].openshift.common.all_hostnames | join(',') }}
--master={{ openshift.master.api_url }}
--public-master={{ openshift.master.public_api_url }}
--cert-dir={{ openshift_ca_config_dir }}