summaryrefslogtreecommitdiffstats
path: root/playbooks/common/openshift-master
diff options
context:
space:
mode:
Diffstat (limited to 'playbooks/common/openshift-master')
-rw-r--r--playbooks/common/openshift-master/config.yml14
1 files changed, 12 insertions, 2 deletions
diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml
index 07ee4aca6..b7e9362cd 100644
--- a/playbooks/common/openshift-master/config.yml
+++ b/playbooks/common/openshift-master/config.yml
@@ -240,11 +240,21 @@
hosts: oo_first_master
pre_tasks:
- fail:
- msg: "Both openshift_master_session_auth_secrets and openshift_master_session_encryption_secrets must be provided if either variable is set"
+ msg: >
+ Both openshift_master_session_auth_secrets and openshift_master_session_encryption_secrets must be provided if either variable is set
when: (openshift_master_session_auth_secrets is defined and openshift_master_session_encryption_secrets is not defined) or (openshift_master_session_encryption_secrets is defined and openshift_master_session_auth_secrets is not defined)
- fail:
- msg: "openshift_master_session_auth_secrets and openshift_master_encryption_secrets must be equal length"
+ msg: >
+ openshift_master_session_auth_secrets and openshift_master_encryption_secrets must be equal length
when: (openshift_master_session_auth_secrets is defined and openshift_master_session_encryption_secrets is defined) and (openshift_master_session_auth_secrets | length != openshift_master_session_encryption_secrets | length)
+ - fail:
+ msg: >
+ Invalid secret length in openshift_master_session_auth_secrets: secrets must be at least 32 characters
+ when: openshift_master_session_auth_secrets is defined and not openshift_master_session_auth_secrets | validate_auth_secrets | bool
+ - fail:
+ msg: >
+ Invalid secret length in openshift_master_session_encryption_secrets: secrets must be 16, 24, or 32 characters
+ when: openshift_master_session_encryption_secrets is defined and not openshift_master_session_encryption_secrets | validate_encryption_secrets | bool
roles:
- role: openshift_facts
post_tasks: