1 files changed, 12 insertions, 20 deletions

diff --git a/roles/openshift_master_certificates/tasks/main.yml b/roles/openshift_master_certificates/tasks/main.yml
index 0d75a9eb3..9017b7d2b 100644
--- a/roles/openshift_master_certificates/tasks/main.yml
+++ b/roles/openshift_master_certificates/tasks/main.yml
@@ -12,26 +12,10 @@
     state: hard
   with_nested:
   - masters_needing_certs
-  - - ca.crt
+  -
+    - ca.crt
     - ca.key
     - ca.serial.txt
-    - admin.crt
-    - admin.key
-    - admin.kubeconfig
-    - master.kubelet-client.crt
-    - master.kubelet-client.key
-    - openshift-master.crt
-    - openshift-master.key
-    - openshift-master.kubeconfig
-    - openshift-registry.crt
-    - openshift-registry.key
-    - openshift-registry.kubeconfig
-    - openshift-router.crt
-    - openshift-router.key
-    - openshift-router.kubeconfig
-    - serviceaccounts.private.key
-    - serviceaccounts.public.key
-
 
 - name: Create the master certificates if they do not already exist
   command: >
@@ -41,6 +25,14 @@
       --public-master={{ item.openshift.master.public_api_url }}
       --cert-dir={{ openshift_generated_configs_dir }}/{{ item.master_cert_subdir }}
       --overwrite=false
-  args:
-    creates: "{{ openshift_generated_configs_dir }}/{{ item.master_cert_subdir }}/master.server.crt"
+  when: item.master_certs_missing | bool
   with_items: masters_needing_certs
+
+- file:
+    src: "{{ openshift_master_config_dir }}/{{ item.1 }}"
+    dest: "{{ openshift_generated_configs_dir }}/{{ item.0.master_cert_subdir }}/{{ item.1 }}"
+    state: hard
+    force: true
+  with_nested:
+  - masters_needing_certs
+  - "{{ hostvars[inventory_hostname] | certificates_to_synchronize }}"