diff options
Diffstat (limited to 'playbooks/common')
| -rw-r--r-- | playbooks/common/openshift-etcd/config.yml | 2 | ||||
| -rw-r--r-- | playbooks/common/openshift-master/config.yml | 62 | ||||
| -rw-r--r-- | playbooks/common/openshift-node/config.yml | 4 |
3 files changed, 52 insertions, 16 deletions
diff --git a/playbooks/common/openshift-etcd/config.yml b/playbooks/common/openshift-etcd/config.yml index ed23ada88..7d94ced2e 100644 --- a/playbooks/common/openshift-etcd/config.yml +++ b/playbooks/common/openshift-etcd/config.yml @@ -24,7 +24,7 @@ - /etc/etcd/ca.crt register: g_etcd_server_cert_stat_result - set_fact: - etcd_server_certs_missing: "{{ g_etcd_server_cert_stat_result.results | map(attribute='stat.exists') + etcd_server_certs_missing: "{{ g_etcd_server_cert_stat_result.results | oo_collect(attribute='stat.exists') | list | intersect([false])}}" etcd_cert_subdir: etcd-{{ openshift.common.hostname }} etcd_cert_config_dir: /etc/etcd diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml index b1da85d5d..902fde956 100644 --- a/playbooks/common/openshift-master/config.yml +++ b/playbooks/common/openshift-master/config.yml @@ -60,7 +60,7 @@ register: g_external_etcd_cert_stat_result - set_fact: etcd_client_certs_missing: "{{ g_external_etcd_cert_stat_result.results - | map(attribute='stat.exists') + | oo_collect(attribute='stat.exists') | list | intersect([false])}}" etcd_cert_subdir: openshift-master-{{ openshift.common.hostname }} etcd_cert_config_dir: "{{ openshift.common.config_base }}/master" @@ -157,7 +157,7 @@ register: g_master_cert_stat_result - set_fact: master_certs_missing: "{{ False in (g_master_cert_stat_result.results - | map(attribute='stat.exists') + | oo_collect(attribute='stat.exists') | list ) }}" master_cert_subdir: master-{{ openshift.common.hostname }} master_cert_config_dir: "{{ openshift.common.config_base }}/master" @@ -204,14 +204,6 @@ validate_checksum: yes with_items: masters_needing_certs -- name: Inspect named certificates - hosts: oo_first_master - tasks: - - name: Collect certificate names - set_fact: - parsed_named_certificates: "{{ openshift_master_named_certificates | oo_parse_certificate_names(master_cert_config_dir, openshift.common.internal_hostnames) }}" - when: openshift_master_named_certificates is defined - - name: Compute haproxy_backend_servers hosts: localhost connection: local @@ -265,18 +257,62 @@ - set_fact: session_auth_secret: "{{ openshift_master_session_auth_secrets | default(session_auth_output.results - | map(attribute='stdout') + | oo_collect(attribute='stdout') | list) }}" session_encryption_secret: "{{ openshift_master_session_encryption_secrets | default(session_encryption_output.results - | map(attribute='stdout') + | oo_collect(attribute='stdout') | list) }}" +- name: Parse named certificates + hosts: localhost + vars: + internal_hostnames: "{{ hostvars[groups.oo_first_master.0].openshift.common.internal_hostnames }}" + named_certificates: "{{ hostvars[groups.oo_first_master.0].openshift_master_named_certificates | default([]) }}" + named_certificates_dir: "{{ hostvars[groups.oo_first_master.0].master_cert_config_dir }}/named_certificates/" + tasks: + - set_fact: + parsed_named_certificates: "{{ named_certificates | oo_parse_named_certificates(named_certificates_dir, internal_hostnames) }}" + when: named_certificates | length > 0 + +- name: Deploy named certificates + hosts: oo_masters_to_config + vars: + named_certs_dir: "{{ master_cert_config_dir }}/named_certificates/" + named_certs_specified: "{{ openshift_master_named_certificates is defined }}" + overwrite_named_certs: "{{ openshift_master_overwrite_named_certificates | default(false) }}" + roles: + - role: openshift_facts + post_tasks: + - openshift_facts: + role: master + local_facts: + named_certificates: "{{ hostvars.localhost.parsed_named_certificates | default([]) }}" + additive_facts_to_overwrite: + - "{{ 'master.named_certificates' if overwrite_named_certs | bool else omit }}" + - name: Clear named certificates + file: + path: "{{ named_certs_dir }}" + state: absent + when: overwrite_named_certs | bool + - name: Ensure named certificate directory exists + file: + path: "{{ named_certs_dir }}" + state: directory + when: named_certs_specified | bool + - name: Land named certificates + copy: src="{{ item.certfile }}" dest="{{ named_certs_dir }}" + with_items: openshift_master_named_certificates + when: named_certs_specified | bool + - name: Land named certificate keys + copy: src="{{ item.keyfile }}" dest="{{ named_certs_dir }}" + with_items: openshift_master_named_certificates + when: named_certs_specified | bool + - name: Configure master instances hosts: oo_masters_to_config serial: 1 vars: - named_certificates: "{{ hostvars[groups['oo_first_master'][0]]['parsed_named_certificates'] | default([])}}" sync_tmpdir: "{{ hostvars.localhost.g_master_mktemp.stdout }}" openshift_master_ha: "{{ groups.oo_masters_to_config | length > 1 }}" openshift_master_count: "{{ groups.oo_masters_to_config | length }}" diff --git a/playbooks/common/openshift-node/config.yml b/playbooks/common/openshift-node/config.yml index 8da9e231f..2b6171cb3 100644 --- a/playbooks/common/openshift-node/config.yml +++ b/playbooks/common/openshift-node/config.yml @@ -33,7 +33,7 @@ - server.crt register: stat_result - set_fact: - certs_missing: "{{ stat_result.results | map(attribute='stat.exists') + certs_missing: "{{ stat_result.results | oo_collect(attribute='stat.exists') | list | intersect([false])}}" node_subdir: node-{{ openshift.common.hostname }} config_dir: "{{ openshift.common.config_base }}/generated-configs/node-{{ openshift.common.hostname }}" @@ -48,7 +48,7 @@ when: groups.oo_etcd_to_config is defined and groups.oo_etcd_to_config and (openshift.common.use_flannel | bool) - set_fact: etcd_client_flannel_certs_missing: "{{ g_external_etcd_flannel_cert_stat_result.results - | map(attribute='stat.exists') + | oo_collect(attribute='stat.exists') | list | intersect([false])}}" etcd_cert_subdir: openshift-node-{{ openshift.common.hostname }} etcd_cert_config_dir: "{{ openshift.common.config_base }}/node" |