From 098d0c24bb2d08e2107b6c4a55d350ae751458f7 Mon Sep 17 00:00:00 2001 From: Andrew Butcher Date: Mon, 30 May 2016 14:34:19 -0400 Subject: Revert openshift-certificates changes. --- roles/openshift_master_certificates/tasks/main.yml | 123 ++++----------------- 1 file changed, 20 insertions(+), 103 deletions(-) (limited to 'roles/openshift_master_certificates/tasks') diff --git a/roles/openshift_master_certificates/tasks/main.yml b/roles/openshift_master_certificates/tasks/main.yml index dd105652b..394f9d381 100644 --- a/roles/openshift_master_certificates/tasks/main.yml +++ b/roles/openshift_master_certificates/tasks/main.yml @@ -1,121 +1,38 @@ --- -- set_fact: - openshift_master_certs_no_etcd: - - admin.crt - - master.kubelet-client.crt - - "{{ 'master.proxy-client.crt' if openshift.common.version_gte_3_1_or_1_1 else omit }}" - - master.server.crt - - openshift-master.crt - - openshift-registry.crt - - openshift-router.crt - - etcd.server.crt - openshift_master_certs_etcd: - - master.etcd-client.crt - -- set_fact: - openshift_master_certs: "{{ (openshift_master_certs_no_etcd | union(openshift_master_certs_etcd )) if openshift_master_etcd_hosts | length > 0 else openshift_master_certs_no_etcd }}" - -- name: Check status of master certificates - stat: - path: "{{ openshift_master_config_dir }}/{{ item }}" - with_items: - - "{{ openshift_master_certs }}" - register: g_master_cert_stat_result - -- set_fact: - master_certs_missing: "{{ False in (g_master_cert_stat_result.results - | oo_collect(attribute='stat.exists') - | list) }}" - - name: Ensure the generated_configs directory present file: - path: "{{ openshift_master_generated_config_dir }}" + path: "{{ openshift_generated_configs_dir }}/{{ item.master_cert_subdir }}" state: directory mode: 0700 - when: master_certs_missing | bool - delegate_to: "{{ openshift_ca_host }}" + with_items: "{{ masters_needing_certs | default([]) }}" - file: - src: "{{ openshift_master_config_dir }}/{{ item }}" - dest: "{{ openshift_master_generated_config_dir }}/{{ item }}" + src: "{{ openshift_master_config_dir }}/{{ item.1 }}" + dest: "{{ openshift_generated_configs_dir }}/{{ item.0.master_cert_subdir }}/{{ item.1 }}" state: hard - with_items: - - ca.crt - - ca.key - - ca.serial.txt - when: master_certs_missing | bool - delegate_to: "{{ openshift_ca_host }}" + with_nested: + - "{{ masters_needing_certs | default([]) }}" + - + - ca.crt + - ca.key + - ca.serial.txt - name: Create the master certificates if they do not already exist command: > {{ openshift.common.admin_binary }} create-master-certs - --hostnames={{ openshift.common.all_hostnames | join(',') }} - --master={{ openshift.master.api_url }} - --public-master={{ openshift.master.public_api_url }} - --cert-dir={{ openshift_master_generated_config_dir }} + --hostnames={{ item.openshift.common.all_hostnames | join(',') }} + --master={{ item.openshift.master.api_url }} + --public-master={{ item.openshift.master.public_api_url }} + --cert-dir={{ openshift_generated_configs_dir }}/{{ item.master_cert_subdir }} --overwrite=false - when: master_certs_missing | bool - delegate_to: "{{ openshift_ca_host }}" + when: item.master_certs_missing | bool + with_items: "{{ masters_needing_certs | default([]) }}" - file: - src: "{{ openshift_master_config_dir }}/{{ item }}" - dest: "{{ openshift_master_generated_config_dir }}/{{ item }}" + src: "{{ openshift_master_config_dir }}/{{ item.1 }}" + dest: "{{ openshift_generated_configs_dir }}/{{ item.0.master_cert_subdir }}/{{ item.1 }}" state: hard force: true - with_items: + with_nested: + - "{{ masters_needing_certs | default([]) }}" - "{{ hostvars[inventory_hostname] | certificates_to_synchronize }}" - when: master_certs_missing | bool - delegate_to: "{{ openshift_ca_host }}" - -- name: Remove generated etcd client certs when using external etcd - file: - path: "{{ openshift_master_generated_config_dir }}/{{ item }}" - state: absent - when: openshift_master_etcd_hosts | length > 0 - with_items: - - master.etcd-client.crt - - master.etcd-client.key - delegate_to: "{{ openshift_ca_host }}" - -- name: Create local temp directory for syncing certs - local_action: command mktemp -d /tmp/openshift-ansible-XXXXXXX - register: g_master_mktemp - changed_when: False - when: master_certs_missing | bool - delegate_to: localhost - -- name: Create a tarball of the master certs - command: > - tar -czvf {{ openshift_master_generated_config_dir }}.tgz - -C {{ openshift_master_generated_config_dir }} . - args: - creates: "{{ openshift_master_generated_config_dir }}.tgz" - when: master_certs_missing | bool and inventory_hostname != openshift_ca_host - delegate_to: "{{ openshift_ca_host }}" - -- name: Retrieve the master cert tarball from the master - fetch: - src: "{{ openshift_master_generated_config_dir }}.tgz" - dest: "{{ g_master_mktemp.stdout }}/" - flat: yes - fail_on_missing: yes - validate_checksum: yes - when: master_certs_missing | bool and inventory_hostname != openshift_ca_host - delegate_to: "{{ openshift_ca_host }}" - -- name: Ensure certificate directory exists - file: - path: "{{ openshift_master_config_dir }}" - state: directory - when: master_certs_missing | bool and inventory_hostname != openshift_ca_host - -- name: Unarchive the tarball on the master - unarchive: - src: "{{ g_master_mktemp.stdout }}/{{ openshift_master_cert_subdir }}.tgz" - dest: "{{ openshift_master_config_dir }}" - when: master_certs_missing | bool and inventory_hostname != openshift_ca_host - -- file: name={{ g_master_mktemp.stdout }} state=absent - changed_when: False - when: master_certs_missing | bool - delegate_to: localhost -- cgit v1.2.3