diff options
Diffstat (limited to 'filter_plugins/openshift_master.py')
-rw-r--r-- | filter_plugins/openshift_master.py | 23 |
1 files changed, 12 insertions, 11 deletions
diff --git a/filter_plugins/openshift_master.py b/filter_plugins/openshift_master.py index f209d6c3b..4ccee91f9 100644 --- a/filter_plugins/openshift_master.py +++ b/filter_plugins/openshift_master.py @@ -517,23 +517,17 @@ class FilterModule(object): return valid @staticmethod - def certificates_to_synchronize(hostvars, include_keys=True): + def certificates_to_synchronize(hostvars, include_keys=True, include_ca=True): ''' Return certificates to synchronize based on facts. ''' if not issubclass(type(hostvars), dict): raise errors.AnsibleFilterError("|failed expects hostvars is a dict") - certs = ['ca.crt', - 'ca.key', - 'admin.crt', + certs = ['admin.crt', 'admin.key', 'admin.kubeconfig', 'master.kubelet-client.crt', - 'master.kubelet-client.key', - 'openshift-registry.crt', - 'openshift-registry.key', - 'openshift-registry.kubeconfig', - 'openshift-router.crt', - 'openshift-router.key', - 'openshift-router.kubeconfig'] + 'master.kubelet-client.key'] + if bool(include_ca): + certs += ['ca.crt', 'ca.key'] if bool(include_keys): certs += ['serviceaccounts.private.key', 'serviceaccounts.public.key'] @@ -547,6 +541,13 @@ class FilterModule(object): if bool(hostvars['openshift']['common']['version_gte_3_3_or_1_3']): certs += ['service-signer.crt', 'service-signer.key'] + if not bool(hostvars['openshift']['common']['version_gte_3_5_or_1_5']): + certs += ['openshift-registry.crt', + 'openshift-registry.key', + 'openshift-registry.kubeconfig', + 'openshift-router.crt', + 'openshift-router.key', + 'openshift-router.kubeconfig'] return certs @staticmethod |