From 52d8ec69e0675d03ab367ba38d6a1caafcf9cf4b Mon Sep 17 00:00:00 2001
From: Andrew Butcher <abutcher@redhat.com>
Date: Tue, 28 Feb 2017 16:42:52 -0500
Subject: Do not force custom ca cert deployment.

---
 roles/openshift_ca/tasks/main.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/roles/openshift_ca/tasks/main.yml b/roles/openshift_ca/tasks/main.yml
index ae3ad31c3..70c2a9121 100644
--- a/roles/openshift_ca/tasks/main.yml
+++ b/roles/openshift_ca/tasks/main.yml
@@ -60,6 +60,7 @@
   copy:
     src: "{{ item.src }}"
     dest: "{{ openshift_ca_config_dir }}/{{ item.dest }}"
+    force: no
   with_items:
   - src: "{{ (openshift_master_ca_certificate | default({'certfile':none})).certfile }}"
     dest: ca.crt
-- 
cgit v1.2.3


From 00a0b457da181a6922bfa9896a9e49f638bfc0d7 Mon Sep 17 00:00:00 2001
From: Andrew Butcher <abutcher@redhat.com>
Date: Tue, 28 Feb 2017 16:43:04 -0500
Subject: Add ca-bundle.crt to list of certs to synchronize.

---
 roles/openshift_master_facts/filter_plugins/openshift_master.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/openshift_master_facts/filter_plugins/openshift_master.py b/roles/openshift_master_facts/filter_plugins/openshift_master.py
index 6d009077a..db24028cd 100644
--- a/roles/openshift_master_facts/filter_plugins/openshift_master.py
+++ b/roles/openshift_master_facts/filter_plugins/openshift_master.py
@@ -527,7 +527,7 @@ class FilterModule(object):
                  'master.kubelet-client.crt',
                  'master.kubelet-client.key']
         if bool(include_ca):
-            certs += ['ca.crt', 'ca.key']
+            certs += ['ca.crt', 'ca.key', 'ca-bundle.crt']
         if bool(include_keys):
             certs += ['serviceaccounts.private.key',
                       'serviceaccounts.public.key']
-- 
cgit v1.2.3