diff options
| author | Michael Gugino <mgugino@redhat.com> | 2018-01-03 15:10:26 -0500 |
|---|---|---|
| committer | Michael Gugino <mgugino@redhat.com> | 2018-01-05 14:53:44 -0500 |
| commit | 7923eb92c86a128504436ba0708c96b655de5269 (patch) | |
| tree | d0f405d10e670fb14e64122b3c6036e6ba32cc1d /roles/openshift_node_certificates | |
| parent | edde1f2bf0fa180fc69d905ce2aa27e68f7295dd (diff) | |
| download | openshift-7923eb92c86a128504436ba0708c96b655de5269.tar.gz openshift-7923eb92c86a128504436ba0708c96b655de5269.tar.bz2 openshift-7923eb92c86a128504436ba0708c96b655de5269.tar.xz openshift-7923eb92c86a128504436ba0708c96b655de5269.zip | |
Remove become=no from various roles and tasks
etcd runs some actions locally to copy certs from the
CA cert host. This commit ensures that we respect
the end user's intended behavior with become
when using 'anisble_become' in the inventory.
Other roles with similar tasks have been modified
in the same manner.
We shouldn't hard-code become behavior as it can be
unexpected for the end user.
This only currently works in the CI because the CI
passes the '-b' argument on the command line, which
will override the task behavior.
Diffstat (limited to 'roles/openshift_node_certificates')
| -rw-r--r-- | roles/openshift_node_certificates/tasks/main.yml | 15 |
1 files changed, 3 insertions, 12 deletions
diff --git a/roles/openshift_node_certificates/tasks/main.yml b/roles/openshift_node_certificates/tasks/main.yml index e95e38fdf..5f73f3bdc 100644 --- a/roles/openshift_node_certificates/tasks/main.yml +++ b/roles/openshift_node_certificates/tasks/main.yml @@ -94,13 +94,6 @@ delegate_to: "{{ openshift_ca_host }}" run_once: true -- name: Create local temp directory for syncing certs - local_action: command mktemp -d /tmp/openshift-ansible-XXXXXXX - register: node_cert_mktemp - changed_when: False - when: node_certs_missing | bool - become: no - - name: Create a tarball of the node config directories command: > tar -czvf {{ openshift_node_generated_config_dir }}.tgz @@ -117,8 +110,7 @@ - name: Retrieve the node config tarballs from the master fetch: src: "{{ openshift_node_generated_config_dir }}.tgz" - dest: "{{ node_cert_mktemp.stdout }}/" - flat: yes + dest: "/tmp" fail_on_missing: yes validate_checksum: yes when: node_certs_missing | bool @@ -132,15 +124,14 @@ - name: Unarchive the tarball on the node unarchive: - src: "{{ node_cert_mktemp.stdout }}/{{ openshift_node_cert_subdir }}.tgz" + src: "/tmp/{{ inventory_hostname }}/{{ openshift_node_generated_config_dir }}.tgz" dest: "{{ openshift_node_cert_dir }}" when: node_certs_missing | bool - name: Delete local temp directory - local_action: file path="{{ node_cert_mktemp.stdout }}" state=absent + local_action: file path="/tmp/{{ inventory_hostname }}" state=absent changed_when: False when: node_certs_missing | bool - become: no - name: Copy OpenShift CA to system CA trust copy: |