From 94a77cb1d81b6e4e316ae679890df4994816532f Mon Sep 17 00:00:00 2001
From: Jason DeTiberus <jdetiber@redhat.com>
Date: Fri, 22 May 2015 13:13:17 -0400
Subject: Templatize configs and 0.5.2 changes

- Templatize node config
- Templatize master config
- Integrated sdn changes
- Updates for openshift_facts
  - Added support for node, master and sdn related changes
    - registry_url
  - added identity provider facts
- Removed openshift_sdn_* roles
- Install httpd-tools if configuring htpasswd auth
- Remove references to external_id
  - Setting external_id interferes with nodes associating with the generated
    node object when pre-registering nodes.
- osc/oc and osadm/oadm binary detection in openshift_facts

Misc Changes:
- make non-errata puddle default for byo example
- comment out master in list of nodes in inventory/byo/hosts
- remove non-error errors from fluentd_* roles
- Use admin kubeconfig instead of openshift-client
---
 roles/openshift_register_nodes/tasks/main.yml | 59 +++++++++++----------------
 1 file changed, 24 insertions(+), 35 deletions(-)

(limited to 'roles/openshift_register_nodes/tasks')

diff --git a/roles/openshift_register_nodes/tasks/main.yml b/roles/openshift_register_nodes/tasks/main.yml
index 7a85f6624..b78e00a98 100644
--- a/roles/openshift_register_nodes/tasks/main.yml
+++ b/roles/openshift_register_nodes/tasks/main.yml
@@ -1,51 +1,42 @@
 ---
-# TODO: support new create-config command to generate node certs and config
-# TODO: recreate master/node configs if settings that affect the configs
-# change (hostname, public_hostname, ip, public_ip, etc)
-
-
-# TODO: use a template lookup here
-# TODO: create a failed_when condition
-- name: Use enterprise default for oreg_url if not set
-  set_fact:
-    oreg_url: "openshift3_beta/ose-${component}:${version}"
-  when: openshift.common.deployment_type == 'enterprise' and oreg_url is not defined
-
-- name: Use online default for oreg_url if not set
-  set_fact:
-    oreg_url: "docker-registry.ops.rhcloud.com/openshift3_beta/ose-${component}:${version}"
-  when: openshift.common.deployment_type == 'online' and oreg_url is not defined
-
 - name: Create openshift_generated_configs_dir if it doesn't exist
   file:
     path: "{{ openshift_generated_configs_dir }}"
     state: directory
 
-- name: Create node config
+- name: Generate the node client config
   command: >
-    /usr/bin/openshift admin create-node-config
-      --node-dir={{ openshift_generated_configs_dir }}/node-{{ item.openshift.common.hostname }}
-      --node={{ item.openshift.common.hostname }}
-      --hostnames={{ [item.openshift.common.hostname, item.openshift.common.public_hostname]|unique|join(",") }}
-      --dns-domain={{ openshift.dns.domain }}
-      --dns-ip={{ openshift.dns.ip }}
+    {{ openshift.common.admin_binary }} create-api-client-config
+      --certificate-authority={{ openshift_master_ca_cert }}
+      --client-dir={{ openshift_generated_configs_dir }}/node-{{ item.openshift.common.hostname }}
+      --groups=system:nodes
       --master={{ openshift.master.api_url }}
-      --signer-key={{ openshift_master_ca_key }}
       --signer-cert={{ openshift_master_ca_cert }}
-      --certificate-authority={{ openshift_master_ca_cert }}
+      --signer-key={{ openshift_master_ca_key }}
       --signer-serial={{ openshift_master_ca_serial }}
-      --node-client-certificate-authority={{ openshift_master_ca_cert }}
-      {{ ('--images=' ~ oreg_url) if oreg_url is defined else '' }}
-      --listen=https://0.0.0.0:10250
-      --volume-dir={{ openshift_data_dir }}/openshift.local.volumes
+      --user=system:node-{{ item.openshift.common.hostname }}
   args:
     chdir: "{{ openshift_generated_configs_dir }}"
     creates: "{{ openshift_generated_configs_dir }}/node-{{ item.openshift.common.hostname }}"
-  with_items: openshift_nodes
+  with_items: nodes_needing_certs
+
+- name: Generate the node server certificate
+  delegate_to: "{{ openshift_first_master }}"
+  command: >
+    {{ openshift.common.admin_binary }} create-server-cert
+      --cert=server.crt --key=server.key --overwrite=true
+      --hostnames={{ [item.openshift.common.hostname, item.openshift.common.public_hostname]|unique|join(",") }}
+      --signer-cert={{ openshift_master_ca_cert }}
+      --signer-key={{ openshift_master_ca_key }}
+      --signer-serial={{ openshift_master_ca_serial }}
+  args:
+    chdir: "{{ openshift_generated_configs_dir }}/node-{{ item.openshift.common.hostname }}"
+    creates: "{{ openshift_generated_configs_dir }}/node-{{ item.openshift.common.hostname }}/server.crt"
+  with_items: nodes_needing_certs
 
 - name: Register unregistered nodes
   kubernetes_register_node:
-    kubectl_cmd: ['osc']
+    kubectl_cmd: "{{ [openshift.common.client_binary] }}"
     default_client_config: '~/.config/openshift/.config'
     name: "{{ item.openshift.common.hostname }}"
     api_version: "{{ openshift_kube_api_version }}"
@@ -55,8 +46,6 @@
     host_ip: "{{ item.openshift.common.ip }}"
     labels: "{{ item.openshift.node.labels | default({}) }}"
     annotations: "{{ item.openshift.node.annotations | default({}) }}"
-    external_id: "{{ item.openshift.node.external_id }}"
-    # TODO: support customizing other attributes such as: client_config,
-    # client_cluster, client_context, client_user
   with_items: openshift_nodes
   register: register_result
+
-- 
cgit v1.2.3