From f64635beea03cd520c5b26d544023ba51012a400 Mon Sep 17 00:00:00 2001 From: Andrew Butcher Date: Tue, 31 May 2016 13:31:55 -0400 Subject: Refactor openshift certificates roles. --- roles/openshift_master/meta/main.yml | 3 ++- roles/openshift_master/tasks/main.yml | 1 + 2 files changed, 3 insertions(+), 1 deletion(-) (limited to 'roles/openshift_master') diff --git a/roles/openshift_master/meta/main.yml b/roles/openshift_master/meta/main.yml index 0a69b3eef..46d7c72e8 100644 --- a/roles/openshift_master/meta/main.yml +++ b/roles/openshift_master/meta/main.yml @@ -4,7 +4,7 @@ galaxy_info: description: Master company: Red Hat, Inc. license: Apache License, Version 2.0 - min_ansible_version: 1.7 + min_ansible_version: 2.1 platforms: - name: EL versions: @@ -15,6 +15,7 @@ dependencies: - role: openshift_clock - role: openshift_docker - role: openshift_cli +- role: openshift_master_certificates - role: openshift_cloud_provider - role: openshift_builddefaults - role: openshift_master_facts diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml index 7a80ed8e3..b865013a3 100644 --- a/roles/openshift_master/tasks/main.yml +++ b/roles/openshift_master/tasks/main.yml @@ -210,6 +210,7 @@ until: api_available_output.stdout == 'ok' retries: 120 delay: 1 + run_once: true changed_when: false when: openshift_master_ha | bool and openshift.master.cluster_method == 'native' and master_api_service_status_changed | bool -- cgit v1.2.3 From 4ec879a68e7d50f7848364c8cb5b55e82694ef00 Mon Sep 17 00:00:00 2001 From: Andrew Butcher Date: Wed, 20 Jul 2016 19:04:40 -0400 Subject: Re-arrange master and node role dependencies. --- roles/openshift_master/meta/main.yml | 2 -- roles/openshift_node_certificates/meta/main.yml | 2 +- roles/openshift_node_certificates/tasks/main.yml | 15 +++++++++++++++ roles/openshift_node_certificates/vars/main.yml | 5 +++++ 4 files changed, 21 insertions(+), 3 deletions(-) (limited to 'roles/openshift_master') diff --git a/roles/openshift_master/meta/main.yml b/roles/openshift_master/meta/main.yml index 46d7c72e8..be70d9102 100644 --- a/roles/openshift_master/meta/main.yml +++ b/roles/openshift_master/meta/main.yml @@ -13,8 +13,6 @@ galaxy_info: - cloud dependencies: - role: openshift_clock -- role: openshift_docker -- role: openshift_cli - role: openshift_master_certificates - role: openshift_cloud_provider - role: openshift_builddefaults diff --git a/roles/openshift_node_certificates/meta/main.yml b/roles/openshift_node_certificates/meta/main.yml index a099db115..50a862ee9 100644 --- a/roles/openshift_node_certificates/meta/main.yml +++ b/roles/openshift_node_certificates/meta/main.yml @@ -13,4 +13,4 @@ galaxy_info: - cloud - system dependencies: -- role: openshift_ca +- role: openshift_facts diff --git a/roles/openshift_node_certificates/tasks/main.yml b/roles/openshift_node_certificates/tasks/main.yml index 72567132c..0e69dc6f0 100644 --- a/roles/openshift_node_certificates/tasks/main.yml +++ b/roles/openshift_node_certificates/tasks/main.yml @@ -1,4 +1,19 @@ --- +- name: Ensure CA certificate exists on openshift_ca_host + stat: + path: "{{ openshift_ca_cert }}" + register: g_ca_cert_stat_result + delegate_to: "{{ openshift_ca_host }}" + run_once: true + +- fail: + msg: > + CA certificate {{ openshift_ca_cert }} doesn't exist on CA host + {{ openshift_ca_host }}. Apply 'openshift_ca' role to + {{ openshift_ca_host }}. + when: not g_ca_cert_stat_result.stat.exists | bool + run_once: true + - name: Check status of node certificates stat: path: "{{ openshift.common.config_base }}/node/{{ item }}" diff --git a/roles/openshift_node_certificates/vars/main.yml b/roles/openshift_node_certificates/vars/main.yml index 2fafc7387..17ad8106d 100644 --- a/roles/openshift_node_certificates/vars/main.yml +++ b/roles/openshift_node_certificates/vars/main.yml @@ -4,3 +4,8 @@ openshift_node_cert_dir: "{{ openshift.common.config_base }}/node" openshift_node_cert_subdir: "node-{{ openshift.common.hostname }}" openshift_node_config_dir: "{{ openshift.common.config_base }}/node" openshift_node_generated_config_dir: "{{ openshift_generated_configs_dir }}/{{ openshift_node_cert_subdir }}" + +openshift_ca_config_dir: "{{ openshift.common.config_base }}/master" +openshift_ca_cert: "{{ openshift_ca_config_dir }}/ca.crt" +openshift_ca_key: "{{ openshift_ca_config_dir }}/ca.key" +openshift_ca_serial: "{{ openshift_ca_config_dir }}/ca.serial.txt" -- cgit v1.2.3