From 82d61ae9e23c2ae1f722ed3b458a6e39721e71fd Mon Sep 17 00:00:00 2001 From: Michael Gugino Date: Thu, 31 Aug 2017 18:01:56 -0400 Subject: Refactor openshift_hosted plays and role Currently, openshift_hosted role duplicates some logic across separate task chains. This commit cleans up the openshift_hosted role and converts it to be primarily used with include_role to give better logic to the playbooks that utilize this role. This commit also refactors the playbook that calls various openshift_hosted roles into individual playbooks. This allows more granularity for advanced users. --- .../tasks/registry/secure/reencrypt.yml | 38 ---------------------- 1 file changed, 38 deletions(-) delete mode 100644 roles/openshift_hosted/tasks/registry/secure/reencrypt.yml (limited to 'roles/openshift_hosted/tasks/registry/secure/reencrypt.yml') diff --git a/roles/openshift_hosted/tasks/registry/secure/reencrypt.yml b/roles/openshift_hosted/tasks/registry/secure/reencrypt.yml deleted file mode 100644 index 48e5b0fba..000000000 --- a/roles/openshift_hosted/tasks/registry/secure/reencrypt.yml +++ /dev/null @@ -1,38 +0,0 @@ ---- -- name: Validate route termination configuration - fail: - msg: > - When 'openshift_hosted_registry_routetermination' is 'reencrypt', you must - provide certificate files with 'openshift_hosted_registry_routecertificates' - when: ('certfile' not in openshift_hosted_registry_routecertificates) or - ('keyfile' not in openshift_hosted_registry_routecertificates) or - ('cafile' not in openshift_hosted_registry_routecertificates) - -- name: Configure self-signed certificate file paths - set_fact: - docker_registry_cert_path: "{{ openshift_master_config_dir }}/registry.crt" - docker_registry_key_path: "{{ openshift_master_config_dir }}/registry.key" - docker_registry_cacert_path: "{{ openshift_master_config_dir }}/ca.crt" - docker_registry_self_signed: true - -- name: Retrieve provided certificate files - copy: - backup: True - dest: "{{ openshift_master_config_dir }}/named_certificates/{{ item.value | basename }}" - src: "{{ item.value }}" - when: item.key in ['certfile', 'keyfile', 'cafile'] and item.value - with_dict: "{{ openshift_hosted_registry_routecertificates }}" - -# Encrypt with the provided certificate and provide the dest_cacert for the -# self-signed certificate at the endpoint -- name: Configure a reencrypt route for docker-registry - oc_route: - name: docker-registry - namespace: "{{ openshift_hosted_registry_namespace }}" - service_name: docker-registry - tls_termination: "{{ openshift_hosted_registry_routetermination }}" - host: "{{ openshift_hosted_registry_routehost | default(omit, true) }}" - cert_path: "{{ openshift_master_config_dir }}/named_certificates/{{ openshift_hosted_registry_routecertificates['certfile'] | basename }}" - key_path: "{{ openshift_master_config_dir }}/named_certificates/{{ openshift_hosted_registry_routecertificates['keyfile'] | basename }}" - cacert_path: "{{ openshift_master_config_dir }}/named_certificates/{{ openshift_hosted_registry_routecertificates['cafile'] | basename }}" - dest_cacert_path: "{{ openshift_master_config_dir }}/ca.crt" -- cgit v1.2.3