diff options
Diffstat (limited to 'roles/openshift_ca/tasks/main.yml')
-rw-r--r-- | roles/openshift_ca/tasks/main.yml | 38 |
1 files changed, 31 insertions, 7 deletions
diff --git a/roles/openshift_ca/tasks/main.yml b/roles/openshift_ca/tasks/main.yml index 419679bc2..31f0f8e7a 100644 --- a/roles/openshift_ca/tasks/main.yml +++ b/roles/openshift_ca/tasks/main.yml @@ -18,9 +18,7 @@ - name: Reload generated facts openshift_facts: - when: install_result | changed - delegate_to: "{{ openshift_ca_host }}" - run_once: true + when: hostvars[openshift_ca_host].install_result | changed - name: Create openshift_ca_config_dir if it does not exist file: @@ -99,15 +97,43 @@ --master={{ openshift.master.api_url }} --public-master={{ openshift.master.public_api_url }} --cert-dir={{ openshift_ca_config_dir }} - {% if openshift_version | oo_version_gte_3_5_or_1_5(openshift.common.deployment_type) | bool %} --expire-days={{ openshift_master_cert_expire_days }} --signer-expire-days={{ openshift_ca_cert_expire_days }} - {% endif %} --overwrite=false when: master_ca_missing | bool or openshift_certificates_redeploy | default(false) | bool delegate_to: "{{ openshift_ca_host }}" run_once: true +# Create client-ca-bundle.crt containing old and new OpenShift CA +# certificates. This bundle will be used when rolling the OpenShift CA +# certificate. +- name: Create client-ca-bundle.crt + block: + - command: mktemp -d /tmp/openshift-ansible-XXXXXX + register: openshift_ca_clientconfig_tmpdir + delegate_to: "{{ openshift_ca_host }}" + - copy: + src: "{{ item }}" + dest: "{{ openshift_ca_clientconfig_tmpdir.stdout }}/" + remote_src: true + with_items: "{{ g_master_legacy_ca_result.files | default([]) | oo_collect('path') }}" + delegate_to: "{{ openshift_ca_host }}" + run_once: true + - copy: + src: "{{ openshift_ca_config_dir }}/ca.crt" + dest: "{{ openshift_ca_clientconfig_tmpdir.stdout }}/" + remote_src: true + delegate_to: "{{ openshift_ca_host }}" + run_once: true + - assemble: + src: "{{ openshift_ca_clientconfig_tmpdir.stdout }}" + dest: "{{ openshift_ca_config_dir }}/client-ca-bundle.crt" + mode: 0644 + owner: root + group: root + delegate_to: "{{ openshift_ca_host }}" + run_once: true + - name: Test local loopback context command: > {{ hostvars[openshift_ca_host].openshift.common.client_binary }} config view @@ -141,9 +167,7 @@ --signer-serial={{ openshift_ca_serial }} --user=system:openshift-master --basename=openshift-master - {% if openshift_version | oo_version_gte_3_5_or_1_5(openshift.common.deployment_type) | bool %} --expire-days={{ openshift_master_cert_expire_days }} - {% endif %} - name: Copy generated loopback master client config to master config dir copy: src: "{{ openshift_ca_loopback_tmpdir.stdout }}/{{ item }}" |