From d8d0e6d7de600d6896014fef928da5bf133dc85e Mon Sep 17 00:00:00 2001
From: Andrew Butcher <abutcher@redhat.com>
Date: Wed, 6 Sep 2017 10:21:50 -0400
Subject: Separate certificate playbooks.
---
playbooks/common/openshift-cluster/config.yml | 10 ++++
.../redeploy-certificates/etcd-backup.yml | 19 +++++++
.../redeploy-certificates/etcd-ca.yml | 17 +-----
.../redeploy-certificates/etcd.yml | 54 -------------------
.../redeploy-certificates/masters-backup.yml | 38 +++++++++++++
.../redeploy-certificates/masters.yml | 63 ----------------------
.../redeploy-certificates/nodes-backup.yml | 24 +++++++++
.../redeploy-certificates/nodes.yml | 29 ----------
.../redeploy-certificates/openshift-ca.yml | 16 +++---
playbooks/common/openshift-etcd/ca.yml | 15 ++++++
playbooks/common/openshift-etcd/certificates.yml | 29 ++++++++++
playbooks/common/openshift-etcd/scaleup.yml | 7 +++
playbooks/common/openshift-master/ca.yml | 8 +++
playbooks/common/openshift-master/certificates.yml | 14 +++++
playbooks/common/openshift-master/config.yml | 9 ----
playbooks/common/openshift-master/scaleup.yml | 6 +++
playbooks/common/openshift-node/certificates.yml | 8 +++
.../common/openshift-node/configure_nodes.yml | 1 -
18 files changed, 186 insertions(+), 181 deletions(-)
create mode 100644 playbooks/common/openshift-cluster/redeploy-certificates/etcd-backup.yml
delete mode 100644 playbooks/common/openshift-cluster/redeploy-certificates/etcd.yml
create mode 100644 playbooks/common/openshift-cluster/redeploy-certificates/masters-backup.yml
delete mode 100644 playbooks/common/openshift-cluster/redeploy-certificates/masters.yml
create mode 100644 playbooks/common/openshift-cluster/redeploy-certificates/nodes-backup.yml
delete mode 100644 playbooks/common/openshift-cluster/redeploy-certificates/nodes.yml
create mode 100644 playbooks/common/openshift-etcd/ca.yml
create mode 100644 playbooks/common/openshift-etcd/certificates.yml
create mode 100644 playbooks/common/openshift-master/ca.yml
create mode 100644 playbooks/common/openshift-master/certificates.yml
create mode 100644 playbooks/common/openshift-node/certificates.yml
(limited to 'playbooks/common')
diff --git a/playbooks/common/openshift-cluster/config.yml b/playbooks/common/openshift-cluster/config.yml
index 96a43230d..4ca0d48e4 100644
--- a/playbooks/common/openshift-cluster/config.yml
+++ b/playbooks/common/openshift-cluster/config.yml
@@ -18,6 +18,10 @@
- docker_image_availability
- docker_storage
+- include: ../openshift-etcd/ca.yml
+
+- include: ../openshift-etcd/certificates.yml
+
- include: ../openshift-etcd/config.yml
- include: ../openshift-nfs/config.yml
@@ -26,10 +30,16 @@
- include: ../openshift-loadbalancer/config.yml
when: groups.oo_lb_to_config | default([]) | count > 0
+- include: ../openshift-master/ca.yml
+
+- include: ../openshift-master/certificates.yml
+
- include: ../openshift-master/config.yml
- include: ../openshift-master/additional_config.yml
+- include: ../openshift-node/certificates.yml
+
- include: ../openshift-node/config.yml
- include: ../openshift-glusterfs/config.yml
diff --git a/playbooks/common/openshift-cluster/redeploy-certificates/etcd-backup.yml b/playbooks/common/openshift-cluster/redeploy-certificates/etcd-backup.yml
new file mode 100644
index 000000000..d738c8207
--- /dev/null
+++ b/playbooks/common/openshift-cluster/redeploy-certificates/etcd-backup.yml
@@ -0,0 +1,19 @@
+---
+- name: Backup and remove generated etcd certificates
+ hosts: oo_first_etcd
+ any_errors_fatal: true
+ tasks:
+ - include_role:
+ name: etcd
+ tasks_from: backup_generated_certificates
+ - include_role:
+ name: etcd
+ tasks_from: remove_generated_certificates
+
+- name: Backup deployed etcd certificates
+ hosts: oo_etcd_to_config
+ any_errors_fatal: true
+ tasks:
+ - include_role:
+ name: etcd
+ tasks_from: backup_server_certificates
diff --git a/playbooks/common/openshift-cluster/redeploy-certificates/etcd-ca.yml b/playbooks/common/openshift-cluster/redeploy-certificates/etcd-ca.yml
index 3da22bce6..044875d1c 100644
--- a/playbooks/common/openshift-cluster/redeploy-certificates/etcd-ca.yml
+++ b/playbooks/common/openshift-cluster/redeploy-certificates/etcd-ca.yml
@@ -21,20 +21,7 @@
name: etcd
tasks_from: remove_ca_certificates
-- name: Generate new etcd CA
- hosts: oo_first_etcd
- roles:
- - role: openshift_etcd_facts
- tasks:
- - include_role:
- name: etcd
- tasks_from: ca
- vars:
- etcd_peers: "{{ groups.oo_etcd_to_config | default([], true) }}"
- etcd_ca_host: "{{ groups.oo_etcd_to_config.0 }}"
- etcd_certificates_etcd_hosts: "{{ groups.oo_etcd_to_config | default([], true) }}"
- when:
- - etcd_ca_setup | default(True) | bool
+- include: ../../openshift-etcd/ca.yml
- name: Create temp directory for syncing certs
hosts: localhost
@@ -72,7 +59,7 @@
name: etcd
tasks_from: retrieve_ca_certificates
vars:
- etcd_sync_cert_dir: hostvars['localhost'].g_etcd_mktemp.stdout
+ etcd_sync_cert_dir: "{{ hostvars['localhost'].g_etcd_mktemp.stdout }}"
r_etcd_common_etcd_runtime: "{{ openshift.common.etcd_runtime }}"
- name: Distribute etcd CA to masters
diff --git a/playbooks/common/openshift-cluster/redeploy-certificates/etcd.yml b/playbooks/common/openshift-cluster/redeploy-certificates/etcd.yml
deleted file mode 100644
index 48a5a13ac..000000000
--- a/playbooks/common/openshift-cluster/redeploy-certificates/etcd.yml
+++ /dev/null
@@ -1,54 +0,0 @@
----
-- name: Backup and remove generated etcd certificates
- hosts: oo_first_etcd
- any_errors_fatal: true
- tasks:
- - include_role:
- name: etcd
- tasks_from: backup_generated_certificates
- - include_role:
- name: etcd
- tasks_from: remove_generated_certificates
-
-- name: Backup and removed deployed etcd certificates
- hosts: oo_etcd_to_config
- any_errors_fatal: true
- tasks:
- - include_role:
- name: etcd
- tasks_from: backup_server_certificates
- vars:
- r_etcd_common_etcd_runtime: "{{ openshift.common.etcd_runtime }}"
-
-- name: Redeploy etcd certificates
- hosts: oo_etcd_to_config
- any_errors_fatal: true
- roles:
- - role: openshift_etcd_facts
- tasks:
- - include_role:
- name: etcd
- tasks_from: server_certificates
- vars:
- etcd_certificates_redeploy: true
- etcd_ca_host: "{{ groups.oo_etcd_to_config.0 }}"
- etcd_peers: "{{ groups.oo_etcd_to_config | default([], true) }}"
- etcd_certificates_etcd_hosts: "{{ groups.oo_etcd_to_config | default([], true) }}"
- openshift_ca_host: "{{ groups.oo_first_master.0 }}"
- r_etcd_common_etcd_runtime: "{{ openshift.common.etcd_runtime }}"
-
-- name: Redeploy etcd client certificates for masters
- hosts: oo_masters_to_config
- any_errors_fatal: true
- roles:
- - role: openshift_etcd_facts
- - role: openshift_etcd_client_certificates
- etcd_certificates_redeploy: true
- etcd_ca_host: "{{ groups.oo_etcd_to_config.0 }}"
- etcd_cert_subdir: "openshift-master-{{ openshift.common.hostname }}"
- etcd_cert_config_dir: "{{ openshift.common.config_base }}/master"
- etcd_cert_prefix: "master.etcd-"
- openshift_ca_host: "{{ groups.oo_first_master.0 }}"
- openshift_master_count: "{{ openshift.master.master_count | default(groups.oo_masters | length) }}"
- r_etcd_common_etcd_runtime: "{{ openshift.common.etcd_runtime }}"
- when: groups.oo_etcd_to_config is defined and groups.oo_etcd_to_config
diff --git a/playbooks/common/openshift-cluster/redeploy-certificates/masters-backup.yml b/playbooks/common/openshift-cluster/redeploy-certificates/masters-backup.yml
new file mode 100644
index 000000000..4dbc041b0
--- /dev/null
+++ b/playbooks/common/openshift-cluster/redeploy-certificates/masters-backup.yml
@@ -0,0 +1,38 @@
+---
+- name: Backup and remove master cerftificates
+ hosts: oo_masters_to_config
+ any_errors_fatal: true
+ vars:
+ openshift_ca_host: "{{ groups.oo_first_master.0 }}"
+ openshift_master_count: "{{ openshift.master.master_count | default(groups.oo_masters | length) }}"
+ pre_tasks:
+ - stat:
+ path: "{{ openshift.common.config_base }}/generated-configs"
+ register: openshift_generated_configs_dir_stat
+ - name: Backup generated certificate and config directories
+ command: >
+ tar -czvf /etc/origin/master-node-cert-config-backup-{{ ansible_date_time.epoch }}.tgz
+ {{ openshift.common.config_base }}/generated-configs
+ {{ openshift.common.config_base }}/master
+ when: openshift_generated_configs_dir_stat.stat.exists
+ delegate_to: "{{ openshift_ca_host }}"
+ run_once: true
+ - name: Remove generated certificate directories
+ file:
+ path: "{{ item }}"
+ state: absent
+ with_items:
+ - "{{ openshift.common.config_base }}/generated-configs"
+ - name: Remove generated certificates
+ file:
+ path: "{{ openshift.common.config_base }}/master/{{ item }}"
+ state: absent
+ with_items:
+ - "{{ hostvars[inventory_hostname] | certificates_to_synchronize(include_keys=false, include_ca=false) }}"
+ - "etcd.server.crt"
+ - "etcd.server.key"
+ - "master.server.crt"
+ - "master.server.key"
+ - "openshift-master.crt"
+ - "openshift-master.key"
+ - "openshift-master.kubeconfig"
diff --git a/playbooks/common/openshift-cluster/redeploy-certificates/masters.yml b/playbooks/common/openshift-cluster/redeploy-certificates/masters.yml
deleted file mode 100644
index 51b196299..000000000
--- a/playbooks/common/openshift-cluster/redeploy-certificates/masters.yml
+++ /dev/null
@@ -1,63 +0,0 @@
----
-- name: Redeploy master certificates
- hosts: oo_masters_to_config
- any_errors_fatal: true
- vars:
- openshift_ca_host: "{{ groups.oo_first_master.0 }}"
- openshift_master_count: "{{ openshift.master.master_count | default(groups.oo_masters | length) }}"
- pre_tasks:
- - stat:
- path: "{{ openshift_generated_configs_dir }}"
- register: openshift_generated_configs_dir_stat
- - name: Backup generated certificate and config directories
- command: >
- tar -czvf /etc/origin/master-node-cert-config-backup-{{ ansible_date_time.epoch }}.tgz
- {{ openshift_generated_configs_dir }}
- {{ openshift.common.config_base }}/master
- when: openshift_generated_configs_dir_stat.stat.exists
- delegate_to: "{{ openshift_ca_host }}"
- run_once: true
- - name: Remove generated certificate directories
- file:
- path: "{{ item }}"
- state: absent
- with_items:
- - "{{ openshift_generated_configs_dir }}"
- - name: Remove generated certificates
- file:
- path: "{{ openshift.common.config_base }}/master/{{ item }}"
- state: absent
- with_items:
- - "{{ hostvars[inventory_hostname] | certificates_to_synchronize(include_keys=false, include_ca=false) }}"
- - "etcd.server.crt"
- - "etcd.server.key"
- - "master.server.crt"
- - "master.server.key"
- - "openshift-master.crt"
- - "openshift-master.key"
- - "openshift-master.kubeconfig"
- - name: Remove generated etcd client certificates
- file:
- path: "{{ openshift.common.config_base }}/master/{{ item }}"
- state: absent
- with_items:
- - "master.etcd-client.crt"
- - "master.etcd-client.key"
- when: groups.oo_etcd_to_config | default([]) | length == 0
- roles:
- - role: openshift_master_certificates
- openshift_master_etcd_hosts: "{{ hostvars
- | oo_select_keys(groups['oo_etcd_to_config'] | default([]))
- | oo_collect('openshift.common.hostname')
- | default(none, true) }}"
- openshift_certificates_redeploy: true
- - role: lib_utils
- post_tasks:
- - yedit:
- src: "{{ openshift.common.config_base }}/master/master-config.yaml"
- key: servingInfo.namedCertificates
- value: "{{ openshift.master.named_certificates | default([]) | oo_named_certificates_list }}"
- when:
- - ('named_certificates' in openshift.master)
- - openshift.master.named_certificates | default([]) | length > 0
- - openshift_master_overwrite_named_certificates | default(false) | bool
diff --git a/playbooks/common/openshift-cluster/redeploy-certificates/nodes-backup.yml b/playbooks/common/openshift-cluster/redeploy-certificates/nodes-backup.yml
new file mode 100644
index 000000000..2ad84b3b9
--- /dev/null
+++ b/playbooks/common/openshift-cluster/redeploy-certificates/nodes-backup.yml
@@ -0,0 +1,24 @@
+---
+- name: Ensure node directory is absent from generated configs
+ hosts: oo_first_master
+ tasks:
+ # The generated configs directory (/etc/origin/generated-configs) is
+ # backed up during redeployment of the control plane certificates.
+ # We need to ensure that the generated config directory for
+ # individual nodes has been deleted before continuing, so verify
+ # that it is missing here.
+ - name: Ensure node directories and tarballs are absent from generated configs
+ shell: >
+ rm -rf {{ openshift.common.config_base }}/generated-configs/node-*
+ args:
+ warn: no
+
+- name: Redeploy node certificates
+ hosts: oo_nodes_to_config
+ pre_tasks:
+ - name: Remove CA certificate
+ file:
+ path: "{{ item }}"
+ state: absent
+ with_items:
+ - "{{ openshift.common.config_base }}/node/ca.crt"
diff --git a/playbooks/common/openshift-cluster/redeploy-certificates/nodes.yml b/playbooks/common/openshift-cluster/redeploy-certificates/nodes.yml
deleted file mode 100644
index 4990a03f2..000000000
--- a/playbooks/common/openshift-cluster/redeploy-certificates/nodes.yml
+++ /dev/null
@@ -1,29 +0,0 @@
----
-- name: Ensure node directory is absent from generated configs
- hosts: oo_first_master
- tasks:
- # The generated configs directory (/etc/origin/generated-configs) is
- # backed up during redeployment of the control plane certificates.
- # We need to ensure that the generated config directory for
- # individual nodes has been deleted before continuing, so verify
- # that it is missing here.
- - name: Ensure node directories and tarballs are absent from generated configs
- shell: >
- rm -rf {{ openshift.common.config_base }}/generated-configs/node-*
- args:
- warn: no
-
-- name: Redeploy node certificates
- hosts: oo_nodes_to_config
- pre_tasks:
- - name: Remove CA certificate
- file:
- path: "{{ item }}"
- state: absent
- with_items:
- - "{{ openshift.common.config_base }}/node/ca.crt"
- roles:
- - role: openshift_node_certificates
- openshift_node_master_api_url: "{{ hostvars[groups.oo_first_master.0].openshift.master.api_url }}"
- openshift_ca_host: "{{ groups.oo_first_master.0 }}"
- openshift_certificates_redeploy: true
diff --git a/playbooks/common/openshift-cluster/redeploy-certificates/openshift-ca.yml b/playbooks/common/openshift-cluster/redeploy-certificates/openshift-ca.yml
index b54acae6c..12cd209d2 100644
--- a/playbooks/common/openshift-cluster/redeploy-certificates/openshift-ca.yml
+++ b/playbooks/common/openshift-cluster/redeploy-certificates/openshift-ca.yml
@@ -105,25 +105,21 @@
- "ca.serial.txt"
- "ca-bundle.crt"
-- name: Generate new OpenShift CA certificate
+- name: Create temporary directory for creating new CA certificate
hosts: oo_first_master
- pre_tasks:
+ tasks:
- name: Create temporary directory for creating new CA certificate
command: >
mktemp -d /tmp/openshift-ansible-XXXXXXX
register: g_new_openshift_ca_mktemp
changed_when: false
- roles:
- - role: openshift_ca
+
+- include: ../../openshift-master/ca.yml
+ vars:
# Set openshift_ca_config_dir to a temporary directory where CA
# will be created. We'll replace the existing CA with the CA
# created in the temporary directory.
- openshift_ca_config_dir: "{{ g_new_openshift_ca_mktemp.stdout }}"
- openshift_ca_host: "{{ groups.oo_first_master.0 }}"
- openshift_master_hostnames: "{{ hostvars
- | oo_select_keys(groups['oo_masters_to_config'] | default([]))
- | oo_collect('openshift.common.all_hostnames')
- | oo_flatten | unique }}"
+ openshift_ca_config_dir: "{{ hostvars[groups.oo_first_master.0].g_new_openshift_ca_mktemp.stdout }}"
- name: Create temp directory for syncing certs
hosts: localhost
diff --git a/playbooks/common/openshift-etcd/ca.yml b/playbooks/common/openshift-etcd/ca.yml
new file mode 100644
index 000000000..ac5543be9
--- /dev/null
+++ b/playbooks/common/openshift-etcd/ca.yml
@@ -0,0 +1,15 @@
+---
+- name: Generate new etcd CA
+ hosts: oo_first_etcd
+ roles:
+ - role: openshift_etcd_facts
+ tasks:
+ - include_role:
+ name: etcd
+ tasks_from: ca
+ vars:
+ etcd_peers: "{{ groups.oo_etcd_to_config | default([], true) }}"
+ etcd_ca_host: "{{ groups.oo_etcd_to_config.0 }}"
+ etcd_certificates_etcd_hosts: "{{ groups.oo_etcd_to_config | default([], true) }}"
+ when:
+ - etcd_ca_setup | default(True) | bool
diff --git a/playbooks/common/openshift-etcd/certificates.yml b/playbooks/common/openshift-etcd/certificates.yml
new file mode 100644
index 000000000..31a0f50d8
--- /dev/null
+++ b/playbooks/common/openshift-etcd/certificates.yml
@@ -0,0 +1,29 @@
+---
+- name: Create etcd server certificates for etcd hosts
+ hosts: oo_etcd_to_config
+ any_errors_fatal: true
+ roles:
+ - role: openshift_etcd_facts
+ post_tasks:
+ - include_role:
+ name: etcd
+ tasks_from: server_certificates
+ vars:
+ etcd_ca_host: "{{ groups.oo_etcd_to_config.0 }}"
+ etcd_peers: "{{ groups.oo_etcd_to_config | default([], true) }}"
+ etcd_certificates_etcd_hosts: "{{ groups.oo_etcd_to_config | default([], true) }}"
+ r_etcd_common_etcd_runtime: "{{ openshift.common.etcd_runtime }}"
+
+- name: Create etcd client certificates for master hosts
+ hosts: oo_masters_to_config
+ any_errors_fatal: true
+ roles:
+ - role: openshift_etcd_facts
+ - role: openshift_etcd_client_certificates
+ etcd_ca_host: "{{ groups.oo_etcd_to_config.0 }}"
+ etcd_cert_subdir: "openshift-master-{{ openshift.common.hostname }}"
+ etcd_cert_config_dir: "{{ openshift.common.config_base }}/master"
+ etcd_cert_prefix: "master.etcd-"
+ openshift_ca_host: "{{ groups.oo_first_master.0 }}"
+ r_etcd_common_etcd_runtime: "{{ openshift.common.etcd_runtime }}"
+ when: groups.oo_etcd_to_config is defined and groups.oo_etcd_to_config
diff --git a/playbooks/common/openshift-etcd/scaleup.yml b/playbooks/common/openshift-etcd/scaleup.yml
index 4f83264d0..8aa508119 100644
--- a/playbooks/common/openshift-etcd/scaleup.yml
+++ b/playbooks/common/openshift-etcd/scaleup.yml
@@ -30,6 +30,13 @@
retries: 3
delay: 10
until: etcd_add_check.rc == 0
+ - include_role:
+ name: etcd
+ tasks_from: server_certificates
+ vars:
+ etcd_peers: "{{ groups.oo_new_etcd_to_config | default([], true) }}"
+ etcd_certificates_etcd_hosts: "{{ groups.oo_new_etcd_to_config | default([], true) }}"
+ r_etcd_common_etcd_runtime: "{{ openshift.common.etcd_runtime }}"
roles:
- role: os_firewall
when: etcd_add_check.rc == 0
diff --git a/playbooks/common/openshift-master/ca.yml b/playbooks/common/openshift-master/ca.yml
new file mode 100644
index 000000000..5bb796fa3
--- /dev/null
+++ b/playbooks/common/openshift-master/ca.yml
@@ -0,0 +1,8 @@
+---
+- name: Create OpenShift CA
+ hosts: oo_masters_to_config
+ roles:
+ - role: openshift_master_facts
+ - role: openshift_named_certificates
+ - role: openshift_ca
+ openshift_ca_host: "{{ groups.oo_first_master.0 }}"
diff --git a/playbooks/common/openshift-master/certificates.yml b/playbooks/common/openshift-master/certificates.yml
new file mode 100644
index 000000000..f6afbc36f
--- /dev/null
+++ b/playbooks/common/openshift-master/certificates.yml
@@ -0,0 +1,14 @@
+---
+- name: Create OpenShift certificates for master hosts
+ hosts: oo_masters_to_config
+ vars:
+ openshift_ca_host: "{{ groups.oo_first_master.0 }}"
+ roles:
+ - role: openshift_master_facts
+ - role: openshift_named_certificates
+ - role: openshift_ca
+ - role: openshift_master_certificates
+ openshift_master_etcd_hosts: "{{ hostvars
+ | oo_select_keys(groups['oo_etcd_to_config'] | default([]))
+ | oo_collect('openshift.common.hostname')
+ | default(none, true) }}"
diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml
index 3904d85cb..766e0e501 100644
--- a/playbooks/common/openshift-master/config.yml
+++ b/playbooks/common/openshift-master/config.yml
@@ -180,15 +180,6 @@
- role: os_firewall
- role: openshift_master_facts
- role: openshift_hosted_facts
- - role: openshift_master_certificates
- - role: openshift_etcd_facts
- - role: openshift_etcd_client_certificates
- etcd_cert_subdir: "openshift-master-{{ openshift.common.hostname }}"
- etcd_cert_config_dir: "{{ openshift.common.config_base }}/master"
- etcd_cert_prefix: "master.etcd-"
- r_etcd_common_etcd_runtime: "{{ openshift.common.etcd_runtime }}"
- etcd_ca_host: "{{ groups.oo_etcd_to_config.0 }}"
- when: groups.oo_etcd_to_config | default([]) | length != 0
- role: openshift_clock
- role: openshift_cloud_provider
- role: openshift_builddefaults
diff --git a/playbooks/common/openshift-master/scaleup.yml b/playbooks/common/openshift-master/scaleup.yml
index 8c366e038..d007fac85 100644
--- a/playbooks/common/openshift-master/scaleup.yml
+++ b/playbooks/common/openshift-master/scaleup.yml
@@ -45,8 +45,14 @@
- include: ../openshift-master/set_network_facts.yml
+- include: ../openshift-etcd/certificates.yml
+
+- include: ../openshift-master/certificates.yml
+
- include: ../openshift-master/config.yml
- include: ../openshift-loadbalancer/config.yml
+- include: ../openshift-node/certificates.yml
+
- include: ../openshift-node/config.yml
diff --git a/playbooks/common/openshift-node/certificates.yml b/playbooks/common/openshift-node/certificates.yml
new file mode 100644
index 000000000..908885ee6
--- /dev/null
+++ b/playbooks/common/openshift-node/certificates.yml
@@ -0,0 +1,8 @@
+---
+- name: Create OpenShift certificates for node hosts
+ hosts: oo_nodes_to_config
+ gather_facts: no
+ roles:
+ - role: openshift_node_certificates
+ openshift_ca_host: "{{ groups.oo_first_master.0 }}"
+ when: not openshift_node_bootstrap | default(false) | bool
diff --git a/playbooks/common/openshift-node/configure_nodes.yml b/playbooks/common/openshift-node/configure_nodes.yml
index 072986d09..c96e4921c 100644
--- a/playbooks/common/openshift-node/configure_nodes.yml
+++ b/playbooks/common/openshift-node/configure_nodes.yml
@@ -13,5 +13,4 @@
roles:
- role: os_firewall
- role: openshift_node
- openshift_ca_host: "{{ groups.oo_first_master.0 }}"
- role: nickhammond.logrotate
--
cgit v1.2.3