summaryrefslogtreecommitdiffstats
path: root/roles
diff options
context:
space:
mode:
authorOpenShift Bot <eparis+openshiftbot@redhat.com>2017-04-04 10:36:39 -0500
committerGitHub <noreply@github.com>2017-04-04 10:36:39 -0500
commit8503cd10fd1002f40667d5303b159ed321b5fb7a (patch)
treea519246791c9e8571d7784a6ec8f1b4a4e01ce1c /roles
parent7496b1235f72bd4241e4917f50df722174bf90fa (diff)
parent2f3158bbc8f1264f6fe8d3be5d111d4c8576d79f (diff)
downloadopenshift-8503cd10fd1002f40667d5303b159ed321b5fb7a.tar.gz
openshift-8503cd10fd1002f40667d5303b159ed321b5fb7a.tar.bz2
openshift-8503cd10fd1002f40667d5303b159ed321b5fb7a.tar.xz
openshift-8503cd10fd1002f40667d5303b159ed321b5fb7a.zip
Merge pull request #3818 from etsauer/openshift_logging_ansible_2.3
Merged by openshift-bot
Diffstat (limited to 'roles')
-rw-r--r--roles/openshift_logging/tasks/generate_pems.yaml3
-rw-r--r--roles/openshift_logging/tasks/procure_server_certs.yaml36
2 files changed, 23 insertions, 16 deletions
diff --git a/roles/openshift_logging/tasks/generate_pems.yaml b/roles/openshift_logging/tasks/generate_pems.yaml
index 289b72ea6..e8cececfb 100644
--- a/roles/openshift_logging/tasks/generate_pems.yaml
+++ b/roles/openshift_logging/tasks/generate_pems.yaml
@@ -15,6 +15,7 @@
-subj "/CN={{component}}/OU=OpenShift/O=Logging/subjectAltName=DNS.1=localhost{{cert_ext.stdout}}" -days 712 -nodes
when:
- not key_file.stat.exists
+ - cert_ext is defined
- cert_ext.stdout is defined
check_mode: no
@@ -24,7 +25,7 @@
-subj "/CN={{component}}/OU=OpenShift/O=Logging" -days 712 -nodes
when:
- not key_file.stat.exists
- - cert_ext.stdout is undefined
+ - cert_ext is undefined or cert_ext is defined and cert_ext.stdout is undefined
check_mode: no
- name: Sign cert request with CA for {{component}}
diff --git a/roles/openshift_logging/tasks/procure_server_certs.yaml b/roles/openshift_logging/tasks/procure_server_certs.yaml
index 44dd5e894..7ab140357 100644
--- a/roles/openshift_logging/tasks/procure_server_certs.yaml
+++ b/roles/openshift_logging/tasks/procure_server_certs.yaml
@@ -11,12 +11,18 @@
- name: Trying to discover server cert variable name for {{ cert_info.procure_component }}
set_fact: procure_component_crt={{ lookup('env', '{{cert_info.procure_component}}' + '_crt') }}
- when: cert_info.hostnames is undefined and {{ cert_info.procure_component }}_crt is defined and {{ cert_info.procure_component }}_key is defined
+ when:
+ - cert_info.hostnames is undefined
+ - cert_info[ cert_info.procure_component + '_crt' ] is defined
+ - cert_info[ cert_info.procure_component + '_key' ] is defined
check_mode: no
- name: Trying to discover the server key variable name for {{ cert_info.procure_component }}
set_fact: procure_component_key={{ lookup('env', '{{cert_info.procure_component}}' + '_key') }}
- when: cert_info.hostnames is undefined and {{ cert_info.procure_component }}_crt is defined and {{ cert_info.procure_component }}_key is defined
+ when:
+ - cert_info.hostnames is undefined
+ - cert_info[ cert_info.procure_component + '_crt' ] is defined
+ - cert_info[ cert_info.procure_component + '_key' ] is defined
check_mode: no
- name: Creating signed server cert and key for {{ cert_info.procure_component }}
@@ -27,26 +33,26 @@
--signer-serial={{generated_certs_dir}}/ca.serial.txt
check_mode: no
when:
- - cert_info.hostnames is defined
- - not component_key_file.stat.exists
- - not component_cert_file.stat.exists
+ - cert_info.hostnames is defined
+ - not component_key_file.stat.exists
+ - not component_cert_file.stat.exists
- name: Copying server key for {{ cert_info.procure_component }} to generated certs directory
copy: content="{{procure_component_key}}" dest={{generated_certs_dir}}/{{cert_info.procure_component}}.key
check_mode: no
when:
- - cert_info.hostnames is undefined
- - "{{ cert_info.procure_component }}_crt is defined"
- - "{{ cert_info.procure_component }}_key is defined"
- - not component_key_file.stat.exists
- - not component_cert_file.stat.exists
+ - cert_info.hostnames is undefined
+ - cert_info[ cert_info.procure_component + '_crt' ] is defined
+ - cert_info[ cert_info.procure_component + '_key' ] is defined
+ - not component_key_file.stat.exists
+ - not component_cert_file.stat.exists
- name: Copying Server cert for {{ cert_info.procure_component }} to generated certs directory
copy: content="{{procure_component_crt}}" dest={{generated_certs_dir}}/{{cert_info.procure_component}}.crt
check_mode: no
when:
- - cert_info.hostnames is undefined
- - "{{ cert_info.procure_component }}_crt is defined"
- - "{{ cert_info.procure_component }}_key is defined"
- - not component_key_file.stat.exists
- - not component_cert_file.stat.exists
+ - cert_info.hostnames is undefined
+ - cert_info[ cert_info.procure_component + '_crt' ] is defined
+ - cert_info[ cert_info.procure_component + '_key' ] is defined
+ - not component_key_file.stat.exists
+ - not component_cert_file.stat.exists