diff options
Diffstat (limited to 'roles/openshift_node_certificates')
| -rw-r--r-- | roles/openshift_node_certificates/README.md | 2 | ||||
| -rw-r--r-- | roles/openshift_node_certificates/handlers/main.yml | 4 | ||||
| -rw-r--r-- | roles/openshift_node_certificates/meta/main.yml | 2 | ||||
| -rw-r--r-- | roles/openshift_node_certificates/tasks/main.yml | 18 |
4 files changed, 14 insertions, 12 deletions
diff --git a/roles/openshift_node_certificates/README.md b/roles/openshift_node_certificates/README.md index f56066b29..f4215950f 100644 --- a/roles/openshift_node_certificates/README.md +++ b/roles/openshift_node_certificates/README.md @@ -6,6 +6,8 @@ This role determines if OpenShift node certificates must be created, delegates c Requirements ------------ +* Ansible 2.2 + Role Variables -------------- diff --git a/roles/openshift_node_certificates/handlers/main.yml b/roles/openshift_node_certificates/handlers/main.yml index f2299cecf..a74668b13 100644 --- a/roles/openshift_node_certificates/handlers/main.yml +++ b/roles/openshift_node_certificates/handlers/main.yml @@ -2,9 +2,9 @@ - name: update ca trust command: update-ca-trust notify: - - restart docker after updating ca trust + - restart docker after updating ca trust - name: restart docker after updating ca trust - service: + systemd: name: docker state: restarted diff --git a/roles/openshift_node_certificates/meta/main.yml b/roles/openshift_node_certificates/meta/main.yml index 50a862ee9..93216c1d2 100644 --- a/roles/openshift_node_certificates/meta/main.yml +++ b/roles/openshift_node_certificates/meta/main.yml @@ -4,7 +4,7 @@ galaxy_info: description: OpenShift Node Certificates company: Red Hat, Inc. license: Apache License, Version 2.0 - min_ansible_version: 2.1 + min_ansible_version: 2.2 platforms: - name: EL versions: diff --git a/roles/openshift_node_certificates/tasks/main.yml b/roles/openshift_node_certificates/tasks/main.yml index 69bcd3668..717bf3cea 100644 --- a/roles/openshift_node_certificates/tasks/main.yml +++ b/roles/openshift_node_certificates/tasks/main.yml @@ -44,7 +44,7 @@ - name: Generate the node client config command: > - {{ openshift.common.client_binary }} adm create-api-client-config + {{ hostvars[openshift_ca_host].openshift.common.client_binary }} adm create-api-client-config {% for named_ca_certificate in hostvars[openshift_ca_host].openshift.master.named_certificates | default([]) | oo_collect('cafile') %} --certificate-authority {{ named_ca_certificate }} {% endfor %} @@ -63,14 +63,14 @@ - name: Generate the node server certificate command: > - {{ openshift.common.client_binary }} adm ca create-server-cert - --cert={{ openshift_node_generated_config_dir }}/server.crt - --key={{ openshift_generated_configs_dir }}/node-{{ openshift.common.hostname }}/server.key - --overwrite=true - --hostnames={{ openshift.common.all_hostnames |join(",") }} - --signer-cert={{ openshift_ca_cert }} - --signer-key={{ openshift_ca_key }} - --signer-serial={{ openshift_ca_serial }} + {{ hostvars[openshift_ca_host].openshift.common.client_binary }} adm ca create-server-cert + --cert={{ openshift_node_generated_config_dir }}/server.crt + --key={{ openshift_generated_configs_dir }}/node-{{ openshift.common.hostname }}/server.key + --overwrite=true + --hostnames={{ openshift.common.hostname }},{{ openshift.common.public_hostname }},{{ openshift.common.ip }},{{ openshift.common.public_ip }} + --signer-cert={{ openshift_ca_cert }} + --signer-key={{ openshift_ca_key }} + --signer-serial={{ openshift_ca_serial }} args: creates: "{{ openshift_node_generated_config_dir }}/server.crt" when: node_certs_missing | bool |