diff options
| author | OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com> | 2017-12-04 09:51:44 -0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2017-12-04 09:51:44 -0800 |
| commit | 411235245c903be9e12790444f2f4cfae5ca7ef0 (patch) | |
| tree | c04a172511053513a2c15ced0b703336b0afaa28 /playbooks/common/openshift-cluster/redeploy-certificates/etcd-ca.yml | |
| parent | 2eecb801febfefcc54ce01189e82e2c89027f519 (diff) | |
| parent | 0b80aca421a89b10a8254f03e1339d1ddfbd54f1 (diff) | |
| download | openshift-411235245c903be9e12790444f2f4cfae5ca7ef0.tar.gz openshift-411235245c903be9e12790444f2f4cfae5ca7ef0.tar.bz2 openshift-411235245c903be9e12790444f2f4cfae5ca7ef0.tar.xz openshift-411235245c903be9e12790444f2f4cfae5ca7ef0.zip | |
Merge pull request #6324 from mtnbikenc/consolidate-redeploy-certificates
Automatic merge from submit-queue.
Playbook Consolidation - Redeploy Certificates
This PR moves the certificate redeploy playbooks out of {byo,common}/openshift-cluster and into their respective component areas.
- playbooks/openshift-etcd (redeploy-certificates.yml, redeploy-ca.yml)
- playbooks/openshift-master (redeploy-certificates.yml, redeploy-openshift-ca.yml)
- playbooks/openshift-node (redeploy-certificates.yml)
- playbooks/openshift-hosted (redeploy-registry-certificates.yml, redeploy-router-certificates.yml)
playbooks/byo/openshift-cluster/redeploy-certificates.yml was moved to
playbooks/redeploy-certificates.yml
Trello: https://trello.com/c/zCz6RIHM/578-2-playbook-consolidation-openshift-cluster-redeploy-certificates
Diffstat (limited to 'playbooks/common/openshift-cluster/redeploy-certificates/etcd-ca.yml')
| -rw-r--r-- | playbooks/common/openshift-cluster/redeploy-certificates/etcd-ca.yml | 101 |
1 files changed, 0 insertions, 101 deletions
diff --git a/playbooks/common/openshift-cluster/redeploy-certificates/etcd-ca.yml b/playbooks/common/openshift-cluster/redeploy-certificates/etcd-ca.yml deleted file mode 100644 index 438f704bc..000000000 --- a/playbooks/common/openshift-cluster/redeploy-certificates/etcd-ca.yml +++ /dev/null @@ -1,101 +0,0 @@ ---- -- name: Check cert expirys - hosts: oo_etcd_to_config:oo_masters_to_config - vars: - openshift_certificate_expiry_show_all: yes - roles: - # Sets 'check_results' per host which contains health status for - # etcd, master and node certificates. We will use 'check_results' - # to determine if any certificates were expired prior to running - # this playbook. Service restarts will be skipped if any - # certificates were previously expired. - - role: openshift_certificate_expiry - -- name: Backup existing etcd CA certificate directories - hosts: oo_etcd_to_config - tasks: - - include_role: - name: etcd - tasks_from: backup_ca_certificates - - include_role: - name: etcd - tasks_from: remove_ca_certificates - -- include: ../../../openshift-etcd/private/ca.yml - -- name: Create temp directory for syncing certs - hosts: localhost - connection: local - become: no - gather_facts: no - tasks: - - name: Create local temp directory for syncing certs - local_action: command mktemp -d /tmp/openshift-ansible-XXXXXXX - register: g_etcd_mktemp - changed_when: false - -- name: Distribute etcd CA to etcd hosts - hosts: oo_etcd_to_config - tasks: - - include_role: - name: etcd - tasks_from: distribute_ca.yml - vars: - etcd_sync_cert_dir: "{{ hostvars['localhost'].g_etcd_mktemp.stdout }}" - etcd_ca_host: "{{ groups.oo_etcd_to_config.0 }}" - -- include: ../../../openshift-etcd/private/restart.yml - # Do not restart etcd when etcd certificates were previously expired. - when: ('expired' not in (hostvars - | oo_select_keys(groups['etcd']) - | oo_collect('check_results.check_results.etcd') - | oo_collect('health'))) - -- name: Retrieve etcd CA certificate - hosts: oo_first_etcd - tasks: - - include_role: - name: etcd - tasks_from: retrieve_ca_certificates - vars: - etcd_sync_cert_dir: "{{ hostvars['localhost'].g_etcd_mktemp.stdout }}" - -- name: Distribute etcd CA to masters - hosts: oo_masters_to_config - vars: - openshift_ca_host: "{{ groups.oo_first_master.0 }}" - tasks: - - name: Deploy etcd CA - copy: - src: "{{ hostvars['localhost'].g_etcd_mktemp.stdout }}/ca.crt" - dest: "{{ openshift.common.config_base }}/master/master.etcd-ca.crt" - when: groups.oo_etcd_to_config | default([]) | length > 0 - -- name: Delete temporary directory on localhost - hosts: localhost - connection: local - become: no - gather_facts: no - tasks: - - file: - name: "{{ g_etcd_mktemp.stdout }}" - state: absent - changed_when: false - -- include: ../../../openshift-master/private/restart.yml - # Do not restart masters when master or etcd certificates were previously expired. - when: - # masters - - ('expired' not in hostvars - | oo_select_keys(groups['oo_masters_to_config']) - | oo_collect('check_results.check_results.ocp_certs') - | oo_collect('health', {'path':hostvars[groups.oo_first_master.0].openshift.common.config_base ~ "/master/master.server.crt"})) - - ('expired' not in hostvars - | oo_select_keys(groups['oo_masters_to_config']) - | oo_collect('check_results.check_results.ocp_certs') - | oo_collect('health', {'path':hostvars[groups.oo_first_master.0].openshift.common.config_base ~ "/master/ca-bundle.crt"})) - # etcd - - ('expired' not in (hostvars - | oo_select_keys(groups['etcd']) - | oo_collect('check_results.check_results.etcd') - | oo_collect('health'))) |