summaryrefslogtreecommitdiffstats
path: root/playbooks/common/openshift-cluster/redeploy-certificates
Commit message (Collapse)AuthorAgeFilesLines
* Ensure servingInfo.clientCA is set as ca.crt rather than ca-bundle.crt.Andrew Butcher2017-10-091-2/+2
|
* Move master cert playbooks into master config pathRussell Teague2017-10-031-1/+7
|
* Separate certificate playbooks.Andrew Butcher2017-10-027-147/+65
|
* Include openshift_hosted when redeploying router certificates to handle ↵Andrew Butcher2017-09-291-71/+43
| | | | auto-generated wildcard certificate or custom openshift_hosted_router_certificate.
* Check for router service annotations when redeploying router certificates.Andrew Butcher2017-09-291-3/+29
|
* consolidate etcd_common roleJan Chaloupka2017-09-252-129/+54
|
* Merge pull request #5495 from abutcher/ca-redeploy-expired-etcdOpenShift Merge Robot2017-09-243-31/+70
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Automatic merge from submit-queue Improve CA redeploy restart logic Expired etcd certificates require special casing around restarts in the certificate redeploy playbooks. When etcd certificates are expired we can't restart masters or nodes. We also can't simply restart etcd because peers also had expired certificates so we must start/stop etcd when we detect expired etcd certificates. `openshift-ca.yml`: * No longer restart master services when etcd certificates were previously expired. * No longer restart node services when master or etcd certificates were previously expired. `etcd-ca.yml`: * No longer restart master services when etcd certificates were previously expired. Tested using [gen_expired_tls.sh](https://gist.github.com/abutcher/bdd20b9d582675d89fb22658689c49e4) on one of my master/etcd hosts to ensure that restart logic changes caused us to skip the right restarts and do a full start/stop of etcd in the `redeploy-certificates.yml` and `redeploy-etcd-certificates.yml` playbooks. Note: When this happens with a cluster and you want to replace all certificates, you can run: `redeploy-etcd-ca.yml`, `redeploy-openshift-ca.yml` (which will both skip restarts) and then run `redeploy-certificates.yml` which will now be able to full/stop start etcd.
| * Do a full stop/start when etcd certificates had expired.Andrew Butcher2017-09-211-0/+12
| |
| * Improve CA playbook restart logic and skip restarts when related services ↵Andrew Butcher2017-09-212-31/+58
| | | | | | | | had previously expired certificates.
* | Consolidate etcd certs rolesJan Chaloupka2017-09-182-12/+23
|/ | | | | | | This is a part of the etcd_ like role consolidationi into an action-based role. As part of the consilidation some roles have been removed and some replaced by include_role module. Resulting in reorder and shift of role dependencies from a role into a play.
* Config was missed before replace.jkaurredhat2017-07-141-1/+1
| | | | Signed-off-by: jkaurredhat <jkaur@redhat.com>
* Redeploy-certificates will fail for registry and router if user is not ↵jkaurredhat2017-07-132-0/+2
| | | | | | system:admin Signed-off-by: jkaurredhat <jkaur@redhat.com>
* Update master configuration for named certificates during master cert redeploy.Andrew Butcher2017-06-271-0/+10
|
* Separate etcd and OpenShift CA redeploy playbooks.Andrew Butcher2017-06-092-135/+159
|
* Skip service restarts within ca redeployment playbook when expired ↵Andrew Butcher2017-06-011-0/+37
| | | | certificates are detected.
* move etcd upgrade related code into etcd_upgrade roleJan Chaloupka2017-05-182-5/+12
|
* Differentiate between service serving router certificate and custom ↵Andrew Butcher2017-04-241-1/+60
| | | | openshift_hosted_router_certificate when replacing the router certificate.
* Fix paths for file includesRussell Teague2017-04-171-3/+3
|
* Remove unnecessary folder refsRussell Teague2017-04-101-3/+3
|
* Add 'docker-registry.default.svc' to cert-redeploy tooScott Dodson2017-04-031-1/+1
|
* redeploy-certificates/registry.yml: add ↵Slava Semushin2017-03-291-0/+3
| | | | openshift_hosted_registry_cert_expire_days parameter.
* Use meta/main.yml for role dependenciesRussell Teague2017-03-271-4/+0
|
* New roleTim Bielawa2017-03-081-1/+1
|
* Fix indentation of run_onceScott Dodson2017-03-061-1/+1
| | | | Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1423430
* BZ1414276 - Quote ansible_ssh_user when determining group idScott Dodson2017-02-221-1/+1
| | | | | So that domain users of the format 'dom\user' may be used for ansible_ssh_user
* Fix indenting/ordering in router cert redeployScott Dodson2017-02-171-3/+2
| | | | Fixes Bug 1423430
* Merge pull request #3306 from ingvagabund/oc_serviceJan Chaloupka2017-02-131-6/+9
|\ | | | | replace 'oc service' command with its lib_openshift equivalent
| * replace 'oc service' command with its lib_openshift equivalentJan Chaloupka2017-02-111-6/+9
| |
* | Merge pull request #3300 from ashcrow/oc-secret-moduleJan Chaloupka2017-02-112-11/+21
|\ \ | | | | | | WIP: oc secrets now done via oc_secret module
| * | oc secrets now done via oc_secret moduleSteve Milner2017-02-102-11/+21
| | |
* | | Ensure etcd client certs are regenerated with embedded etcd.Andrew Butcher2017-02-101-0/+8
|/ /
* / Ensure embedded etcd config uses CA bundle.Andrew Butcher2017-02-091-0/+21
|/
* Use service annotations to redeploy router service serving cert signer cert.Andrew Butcher2017-02-061-15/+16
|
* Restructure certificate redeploy playbooksAndrew Butcher2017-02-0210-0/+669
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-03 19:19:51 +0000