From 098d0c24bb2d08e2107b6c4a55d350ae751458f7 Mon Sep 17 00:00:00 2001
From: Andrew Butcher <abutcher@redhat.com>
Date: Mon, 30 May 2016 14:34:19 -0400
Subject: Revert openshift-certificates changes.
---
playbooks/common/openshift-node/config.yml | 70 ++++++++++++++++++++++++++++--
1 file changed, 66 insertions(+), 4 deletions(-)
(limited to 'playbooks/common/openshift-node')
diff --git a/playbooks/common/openshift-node/config.yml b/playbooks/common/openshift-node/config.yml
index 6fbf7d44a..b3491ef8d 100644
--- a/playbooks/common/openshift-node/config.yml
+++ b/playbooks/common/openshift-node/config.yml
@@ -19,6 +19,23 @@
labels: "{{ openshift_node_labels | default(None) }}"
annotations: "{{ openshift_node_annotations | default(None) }}"
schedulable: "{{ openshift_schedulable | default(openshift_scheduleable) | default(None) }}"
+ - name: Check status of node certificates
+ stat:
+ path: "{{ openshift.common.config_base }}/node/{{ item }}"
+ with_items:
+ - "system:node:{{ openshift.common.hostname }}.crt"
+ - "system:node:{{ openshift.common.hostname }}.key"
+ - "system:node:{{ openshift.common.hostname }}.kubeconfig"
+ - ca.crt
+ - server.key
+ - server.crt
+ register: stat_result
+ - set_fact:
+ certs_missing: "{{ stat_result.results | oo_collect(attribute='stat.exists')
+ | list | intersect([false])}}"
+ node_subdir: node-{{ openshift.common.hostname }}
+ config_dir: "{{ openshift.common.config_base }}/generated-configs/node-{{ openshift.common.hostname }}"
+ node_cert_dir: "{{ openshift.common.config_base }}/node"
- name: Create temp directory for syncing certs
hosts: localhost
@@ -31,6 +48,53 @@
register: mktemp
changed_when: False
+- name: Create node certificates
+ hosts: oo_first_master
+ vars:
+ nodes_needing_certs: "{{ hostvars
+ | oo_select_keys(groups['oo_nodes_to_config']
+ | default([]))
+ | oo_filter_list(filter_attr='certs_missing') }}"
+ sync_tmpdir: "{{ hostvars.localhost.mktemp.stdout }}"
+ roles:
+ - openshift_node_certificates
+ post_tasks:
+ - name: Create a tarball of the node config directories
+ command: >
+ tar -czvf {{ item.config_dir }}.tgz
+ --transform 's|system:{{ item.node_subdir }}|node|'
+ -C {{ item.config_dir }} .
+ args:
+ creates: "{{ item.config_dir }}.tgz"
+ with_items: "{{ nodes_needing_certs | default([]) }}"
+
+ - name: Retrieve the node config tarballs from the master
+ fetch:
+ src: "{{ item.config_dir }}.tgz"
+ dest: "{{ sync_tmpdir }}/"
+ flat: yes
+ fail_on_missing: yes
+ validate_checksum: yes
+ with_items: "{{ nodes_needing_certs | default([]) }}"
+
+- name: Deploy node certificates
+ hosts: oo_nodes_to_config
+ vars:
+ sync_tmpdir: "{{ hostvars.localhost.mktemp.stdout }}"
+ tasks:
+ - name: Ensure certificate directory exists
+ file:
+ path: "{{ node_cert_dir }}"
+ state: directory
+ # TODO: notify restart node
+ # possibly test service started time against certificate/config file
+ # timestamps in node to trigger notify
+ - name: Unarchive the tarball on the node
+ unarchive:
+ src: "{{ sync_tmpdir }}/{{ node_subdir }}.tgz"
+ dest: "{{ node_cert_dir }}"
+ when: certs_missing
+
- name: Evaluate node groups
hosts: localhost
become: no
@@ -60,8 +124,7 @@
when: "{{ (openshift_http_proxy is defined or openshift_https_proxy is defined) and
openshift_generate_no_proxy_hosts | default(True) | bool }}"
roles:
- - role: openshift_node
- openshift_ca_host: "{{ groups.oo_first_master.0 }}"
+ - openshift_node
- name: Configure node instances
hosts: oo_nodes_to_config:!oo_containerized_master_nodes
@@ -77,8 +140,7 @@
when: "{{ (openshift_http_proxy is defined or openshift_https_proxy is defined) and
openshift_generate_no_proxy_hosts | default(True) | bool }}"
roles:
- - role: openshift_node
- openshift_ca_host: "{{ groups.oo_first_master.0 }}"
+ - openshift_node
- name: Gather and set facts for flannel certificatess
hosts: oo_nodes_to_config
--
cgit v1.2.3