summaryrefslogtreecommitdiffstats
path: root/playbooks/common/openshift-master
diff options
context:
space:
mode:
authorBrenton Leanhardt <bleanhar@redhat.com>2015-11-19 08:03:24 -0500
committerBrenton Leanhardt <bleanhar@redhat.com>2015-11-19 08:03:24 -0500
commit631132c2f0e043b2d86bfd999eef5be001090eeb (patch)
treef0ebeca3b679dcbd34ea644e7449adedd03e8a15 /playbooks/common/openshift-master
parentd42b92020d60550fc1ba6de97505d4c98f02f872 (diff)
parentdd5508bdb13af0c67aae49131b314d2c9443282c (diff)
downloadopenshift-631132c2f0e043b2d86bfd999eef5be001090eeb.tar.gz
openshift-631132c2f0e043b2d86bfd999eef5be001090eeb.tar.bz2
openshift-631132c2f0e043b2d86bfd999eef5be001090eeb.tar.xz
openshift-631132c2f0e043b2d86bfd999eef5be001090eeb.zip
Merge pull request #881 from abutcher/namedCertRefactor
Refactor named certficates
Diffstat (limited to 'playbooks/common/openshift-master')
-rw-r--r--playbooks/common/openshift-master/config.yml54
1 files changed, 45 insertions, 9 deletions
diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml
index b1da85d5d..ff1579218 100644
--- a/playbooks/common/openshift-master/config.yml
+++ b/playbooks/common/openshift-master/config.yml
@@ -204,14 +204,6 @@
validate_checksum: yes
with_items: masters_needing_certs
-- name: Inspect named certificates
- hosts: oo_first_master
- tasks:
- - name: Collect certificate names
- set_fact:
- parsed_named_certificates: "{{ openshift_master_named_certificates | oo_parse_certificate_names(master_cert_config_dir, openshift.common.internal_hostnames) }}"
- when: openshift_master_named_certificates is defined
-
- name: Compute haproxy_backend_servers
hosts: localhost
connection: local
@@ -272,11 +264,55 @@
| map(attribute='stdout')
| list) }}"
+- name: Parse named certificates
+ hosts: localhost
+ vars:
+ internal_hostnames: "{{ hostvars[groups.oo_first_master.0].openshift.common.internal_hostnames }}"
+ named_certificates: "{{ hostvars[groups.oo_first_master.0].openshift_master_named_certificates | default([]) }}"
+ named_certificates_dir: "{{ hostvars[groups.oo_first_master.0].master_cert_config_dir }}/named_certificates/"
+ tasks:
+ - set_fact:
+ parsed_named_certificates: "{{ named_certificates | oo_parse_named_certificates(named_certificates_dir, internal_hostnames) }}"
+ when: named_certificates | length > 0
+
+- name: Deploy named certificates
+ hosts: oo_masters_to_config
+ vars:
+ named_certs_dir: "{{ master_cert_config_dir }}/named_certificates/"
+ named_certs_specified: "{{ openshift_master_named_certificates is defined }}"
+ overwrite_named_certs: "{{ openshift_master_overwrite_named_certificates | default(false) }}"
+ roles:
+ - role: openshift_facts
+ post_tasks:
+ - openshift_facts:
+ role: master
+ local_facts:
+ named_certificates: "{{ hostvars.localhost.parsed_named_certificates | default([]) }}"
+ additive_facts_to_overwrite:
+ - "{{ 'master.named_certificates' if overwrite_named_certs | bool else omit }}"
+ - name: Clear named certificates
+ file:
+ path: "{{ named_certs_dir }}"
+ state: absent
+ when: overwrite_named_certs | bool
+ - name: Ensure named certificate directory exists
+ file:
+ path: "{{ named_certs_dir }}"
+ state: directory
+ when: named_certs_specified | bool
+ - name: Land named certificates
+ copy: src="{{ item.certfile }}" dest="{{ named_certs_dir }}"
+ with_items: openshift_master_named_certificates
+ when: named_certs_specified | bool
+ - name: Land named certificate keys
+ copy: src="{{ item.keyfile }}" dest="{{ named_certs_dir }}"
+ with_items: openshift_master_named_certificates
+ when: named_certs_specified | bool
+
- name: Configure master instances
hosts: oo_masters_to_config
serial: 1
vars:
- named_certificates: "{{ hostvars[groups['oo_first_master'][0]]['parsed_named_certificates'] | default([])}}"
sync_tmpdir: "{{ hostvars.localhost.g_master_mktemp.stdout }}"
openshift_master_ha: "{{ groups.oo_masters_to_config | length > 1 }}"
openshift_master_count: "{{ groups.oo_masters_to_config | length }}"