From 837fe7dc76a186e8dbae656170c64d719d842984 Mon Sep 17 00:00:00 2001
From: Andrew Butcher <abutcher@redhat.com>
Date: Tue, 15 Mar 2016 15:32:43 -0400
Subject: Provide cacert when performing health checks

---
 playbooks/common/openshift-master/scaleup.yml | 3 ++-
 playbooks/common/openshift-node/config.yml    | 3 ++-
 roles/openshift_master/handlers/main.yml      | 3 ++-
 roles/openshift_master/tasks/main.yml         | 3 ++-
 roles/openshift_node/tasks/main.yml           | 3 ++-
 5 files changed, 10 insertions(+), 5 deletions(-)

diff --git a/playbooks/common/openshift-master/scaleup.yml b/playbooks/common/openshift-master/scaleup.yml
index ccb1d23f1..6e6cb3e01 100644
--- a/playbooks/common/openshift-master/scaleup.yml
+++ b/playbooks/common/openshift-master/scaleup.yml
@@ -33,7 +33,8 @@
     service: name={{ openshift.common.service_type }}-master-controllers state=restarted
   - name: verify api server
     command: >
-      curl -k --silent {{ openshift.master.api_url }}/healthz/ready
+      curl --silent --cacert {{ openshift.common.config_base }}/master/ca.crt
+      {{ openshift.master.api_url }}/healthz/ready
     register: api_available_output
     until: api_available_output.stdout == 'ok'
     retries: 120
diff --git a/playbooks/common/openshift-node/config.yml b/playbooks/common/openshift-node/config.yml
index 1f32f2786..aa71ab703 100644
--- a/playbooks/common/openshift-node/config.yml
+++ b/playbooks/common/openshift-node/config.yml
@@ -256,7 +256,8 @@
     # Using curl here since the uri module requires python-httplib2 and
     # wait_for port doesn't provide health information.
     command: >
-      curl -k --silent {{ openshift.master.api_url }}/healthz/ready
+      curl --silent --cacert {{ openshift.master.config_dir }}/master/ca.crt
+      {{ openshift.master.api_url }}/healthz/ready
     register: api_available_output
     until: api_available_output.stdout == 'ok'
     retries: 120
diff --git a/roles/openshift_master/handlers/main.yml b/roles/openshift_master/handlers/main.yml
index 4d1216aae..e5b9e4977 100644
--- a/roles/openshift_master/handlers/main.yml
+++ b/roles/openshift_master/handlers/main.yml
@@ -17,7 +17,8 @@
   # Using curl here since the uri module requires python-httplib2 and
   # wait_for port doesn't provide health information.
   command: >
-    curl -k --silent {{ openshift.master.api_url }}/healthz/ready
+    curl --silent --cacert {{ openshift.common.config_base }}/master/ca.crt
+    {{ openshift.master.api_url }}/healthz/ready
   register: api_available_output
   until: api_available_output.stdout == 'ok'
   retries: 120
diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml
index 1f499dc93..9c3d09d09 100644
--- a/roles/openshift_master/tasks/main.yml
+++ b/roles/openshift_master/tasks/main.yml
@@ -282,7 +282,8 @@
   # Using curl here since the uri module requires python-httplib2 and
   # wait_for port doesn't provide health information.
   command: >
-    curl -k --silent {{ openshift.master.api_url }}/healthz/ready
+    curl --silent --cacert {{ openshift.common.config_base }}/master/ca.crt
+    {{ openshift.master.api_url }}/healthz/ready
   register: api_available_output
   until: api_available_output.stdout == 'ok'
   retries: 120
diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml
index 8768d426b..f854d3f38 100644
--- a/roles/openshift_node/tasks/main.yml
+++ b/roles/openshift_node/tasks/main.yml
@@ -126,7 +126,8 @@
   # Using curl here since the uri module requires python-httplib2 and
   # wait_for port doesn't provide health information.
   command: >
-    curl -k --silent {{ openshift_node_master_api_url }}/healthz/ready
+    curl --silent --cacert {{ openshift.common.config_base }}/node/ca.crt
+    {{ openshift_node_master_api_url }}/healthz/ready
   register: api_available_output
   until: api_available_output.stdout == 'ok'
   retries: 120
-- 
cgit v1.2.3