5 files changed, 30 insertions, 6 deletions

diff --git a/playbooks/openshift-node/private/certificates-backup.yml b/playbooks/openshift-node/private/certificates-backup.yml
new file mode 100644
index 000000000..2ad84b3b9
--- /dev/null
+++ b/playbooks/openshift-node/private/certificates-backup.yml
@@ -0,0 +1,24 @@
+---
+- name: Ensure node directory is absent from generated configs
+  hosts: oo_first_master
+  tasks:
+  # The generated configs directory (/etc/origin/generated-configs) is
+  # backed up during redeployment of the control plane certificates.
+  # We need to ensure that the generated config directory for
+  # individual nodes has been deleted before continuing, so verify
+  # that it is missing here.
+  - name: Ensure node directories and tarballs are absent from generated configs
+    shell: >
+      rm -rf {{ openshift.common.config_base }}/generated-configs/node-*
+    args:
+      warn: no
+
+- name: Redeploy node certificates
+  hosts: oo_nodes_to_config
+  pre_tasks:
+  - name: Remove CA certificate
+    file:
+      path: "{{ item }}"
+      state: absent
+    with_items:
+    - "{{ openshift.common.config_base }}/node/ca.crt"
diff --git a/playbooks/openshift-node/private/configure_nodes.yml b/playbooks/openshift-node/private/configure_nodes.yml
index 06f3df9fa..dc5d7a57e 100644
--- a/playbooks/openshift-node/private/configure_nodes.yml
+++ b/playbooks/openshift-node/private/configure_nodes.yml
@@ -4,7 +4,6 @@
   vars:
     openshift_node_master_api_url: "{{ hostvars[groups.oo_first_master.0].openshift.master.api_url }}"
     openshift_node_first_master_ip: "{{ hostvars[groups.oo_first_master.0].openshift.common.ip }}"
-    openshift_docker_hosted_registry_network: "{{ hostvars[groups.oo_first_master.0].openshift.common.portal_net }}"
     openshift_no_proxy_internal_hostnames: "{{ hostvars | oo_select_keys(groups['oo_nodes_to_config']
                                                     | union(groups['oo_masters_to_config'])
                                                     | union(groups['oo_etcd_to_config'] | default([])))
diff --git a/playbooks/openshift-node/private/containerized_nodes.yml b/playbooks/openshift-node/private/containerized_nodes.yml
index 3c3ac3646..5afa83be7 100644
--- a/playbooks/openshift-node/private/containerized_nodes.yml
+++ b/playbooks/openshift-node/private/containerized_nodes.yml
@@ -5,7 +5,6 @@
   vars:
     openshift_node_master_api_url: "{{ hostvars[groups.oo_first_master.0].openshift.master.api_url }}"
     openshift_node_first_master_ip: "{{ hostvars[groups.oo_first_master.0].openshift.common.ip }}"
-    openshift_docker_hosted_registry_network: "{{ hostvars[groups.oo_first_master.0].openshift.common.portal_net }}"
     openshift_no_proxy_internal_hostnames: "{{ hostvars | oo_select_keys(groups['oo_nodes_to_config']
                                                     | union(groups['oo_masters_to_config'])
                                                     | union(groups['oo_etcd_to_config'] | default([])))
diff --git a/playbooks/openshift-node/private/redeploy-certificates.yml b/playbooks/openshift-node/private/redeploy-certificates.yml
new file mode 100644
index 000000000..3bd38a61d
--- /dev/null
+++ b/playbooks/openshift-node/private/redeploy-certificates.yml
@@ -0,0 +1,6 @@
+---
+- include: certificates-backup.yml
+
+- include: certificates.yml
+  vars:
+    openshift_certificates_redeploy: true
diff --git a/playbooks/openshift-node/private/restart.yml b/playbooks/openshift-node/private/restart.yml
index c3beb59b7..41eb00f99 100644
--- a/playbooks/openshift-node/private/restart.yml
+++ b/playbooks/openshift-node/private/restart.yml
@@ -16,10 +16,6 @@
     retries: 3
     delay: 30
 
-  - name: Update docker facts
-    openshift_facts:
-      role: docker
-
   - name: Restart containerized services
     service:
       name: "{{ item }}"