From 854a77ce23135f0ef27c79338b48aa53e49d8202 Mon Sep 17 00:00:00 2001
From: Dan Osborne <djosborne10@gmail.com>
Date: Fri, 19 May 2017 14:49:52 -0700
Subject: Support byo etcd for calico

---
 roles/calico/tasks/gen_certs.yml | 17 +++++++++++++++++
 roles/calico/tasks/main.yml      | 39 ++++++++++++++++++++++++++++-----------
 2 files changed, 45 insertions(+), 11 deletions(-)
 create mode 100644 roles/calico/tasks/gen_certs.yml

(limited to 'roles/calico/tasks')

diff --git a/roles/calico/tasks/gen_certs.yml b/roles/calico/tasks/gen_certs.yml
new file mode 100644
index 000000000..2e6aa114e
--- /dev/null
+++ b/roles/calico/tasks/gen_certs.yml
@@ -0,0 +1,17 @@
+---
+- name: Calico Node | Generate OpenShift-etcd certs
+  include: ../../../roles/etcd_client_certificates/tasks/main.yml
+  vars:
+    etcd_cert_prefix: calico.etcd-
+    etcd_cert_config_dir: "{{ openshift.common.config_base }}/calico"
+    embedded_etcd: "{{ hostvars[groups.oo_first_master.0].openshift.master.embedded_etcd }}"
+    etcd_ca_host: "{{ groups.oo_etcd_to_config.0 }}"
+    etcd_cert_subdir: "openshift-calico-{{ openshift.common.hostname }}"
+
+- name: Calico Node | Set etcd cert location facts
+  set_fact:
+    calico_etcd_ca_cert_file: "/etc/origin/calico/calico.etcd-ca.crt"
+    calico_etcd_cert_file: "/etc/origin/calico/calico.etcd-client.crt"
+    calico_etcd_key_file: "/etc/origin/calico/calico.etcd-client.key"
+    calico_etcd_endpoints: "{{ hostvars[groups.oo_first_master.0].openshift.master.etcd_urls | join(',') }}"
+    calico_etcd_cert_dir: "/etc/origin/calico/"
diff --git a/roles/calico/tasks/main.yml b/roles/calico/tasks/main.yml
index fa5e338b3..8a7a61dc9 100644
--- a/roles/calico/tasks/main.yml
+++ b/roles/calico/tasks/main.yml
@@ -1,19 +1,36 @@
 ---
-- include: ../../../roles/etcd_client_certificates/tasks/main.yml
-  vars:
-    etcd_cert_prefix: calico.etcd-
-    etcd_cert_config_dir: "{{ openshift.common.config_base }}/calico"
-    embedded_etcd: "{{ hostvars[groups.oo_first_master.0].openshift.master.embedded_etcd }}"
-    etcd_ca_host: "{{ groups.oo_etcd_to_config.0 }}"
-    etcd_cert_subdir: "openshift-calico-{{ openshift.common.hostname }}"
+- name: Calico Node | Error if invalid cert arguments
+  fail:
+    msg: "Must provide all or none for the following etcd params: calico_etcd_cert_dir, calico_etcd_ca_cert_file, calico_etcd_cert_file, calico_etcd_key_file, calico_etcd_endpoints"
+  when: (calico_etcd_cert_dir is defined or calico_etcd_ca_cert_file is defined or calico_etcd_cert_file is defined or calico_etcd_key_file is defined or calico_etcd_endpoints is defined) and not (calico_etcd_cert_dir is defined and calico_etcd_ca_cert_file is defined and calico_etcd_cert_file is defined and calico_etcd_key_file is defined and calico_etcd_endpoints is defined)
 
-- name: Calico Node | Assure the calico certs have been generated
+- name: Calico Node | Generate certs if not provided
+  include: gen_certs.yml
+  when: item is not defined
+  with_items:
+    - calico_etcd_ca_cert_file
+    - calico_etcd_cert_file
+    - calico_etcd_key_file
+    - calico_etcd_endpoints
+    - calico_etcd_cert_dir
+
+- name: Calico Node | Error if no certs set.
+  fail:
+    msg: "Invalid etcd configuration for calico."
+  when: item is not defined or item == ''
+  with_items:
+    - calico_etcd_ca_cert_file
+    - calico_etcd_cert_file
+    - calico_etcd_key_file
+    - calico_etcd_endpoints
+
+- name: Calico Node | Assure the calico certs are present
   stat:
     path: "{{ item }}"
   with_items:
-  - "{{ calico_etcd_ca_cert_file }}"
-  - "{{ calico_etcd_cert_file}}"
-  - "{{ calico_etcd_key_file }}"
+    - "{{ calico_etcd_ca_cert_file }}"
+    - "{{ calico_etcd_cert_file}}"
+    - "{{ calico_etcd_key_file }}"
 
 - name: Calico Node | Configure Calico service unit file
   template:
-- 
cgit v1.2.3