diff options
author | Andrew Butcher <abutcher@redhat.com> | 2017-09-21 12:20:04 -0400 |
---|---|---|
committer | Andrew Butcher <abutcher@redhat.com> | 2017-09-21 15:18:57 -0400 |
commit | 4ba216918e27d2e075b237e3151630d55d1a563d (patch) | |
tree | 0bee48e9ddeaeb15a6a90dc399584375acb3011b /playbooks/common/openshift-cluster/redeploy-certificates/etcd-ca.yml | |
parent | 505764651b3f8279ffe8881e9b26851d1dd14258 (diff) | |
download | openshift-4ba216918e27d2e075b237e3151630d55d1a563d.tar.gz openshift-4ba216918e27d2e075b237e3151630d55d1a563d.tar.bz2 openshift-4ba216918e27d2e075b237e3151630d55d1a563d.tar.xz openshift-4ba216918e27d2e075b237e3151630d55d1a563d.zip |
Improve CA playbook restart logic and skip restarts when related services had previously expired certificates.
Diffstat (limited to 'playbooks/common/openshift-cluster/redeploy-certificates/etcd-ca.yml')
-rw-r--r-- | playbooks/common/openshift-cluster/redeploy-certificates/etcd-ca.yml | 26 |
1 files changed, 16 insertions, 10 deletions
diff --git a/playbooks/common/openshift-cluster/redeploy-certificates/etcd-ca.yml b/playbooks/common/openshift-cluster/redeploy-certificates/etcd-ca.yml index 6964e8567..78d1ba11c 100644 --- a/playbooks/common/openshift-cluster/redeploy-certificates/etcd-ca.yml +++ b/playbooks/common/openshift-cluster/redeploy-certificates/etcd-ca.yml @@ -146,13 +146,19 @@ changed_when: false - include: ../../openshift-master/restart.yml - # Do not restart masters when master certificates were previously expired. - when: ('expired' not in hostvars - | oo_select_keys(groups['oo_masters_to_config']) - | oo_collect('check_results.check_results.ocp_certs') - | oo_collect('health', {'path':hostvars[groups.oo_first_master.0].openshift.common.config_base ~ "/master/master.server.crt"})) - and - ('expired' not in hostvars - | oo_select_keys(groups['oo_masters_to_config']) - | oo_collect('check_results.check_results.ocp_certs') - | oo_collect('health', {'path':hostvars[groups.oo_first_master.0].openshift.common.config_base ~ "/master/ca-bundle.crt"})) + # Do not restart masters when master or etcd certificates were previously expired. + when: + # masters + - ('expired' not in hostvars + | oo_select_keys(groups['oo_masters_to_config']) + | oo_collect('check_results.check_results.ocp_certs') + | oo_collect('health', {'path':hostvars[groups.oo_first_master.0].openshift.common.config_base ~ "/master/master.server.crt"})) + - ('expired' not in hostvars + | oo_select_keys(groups['oo_masters_to_config']) + | oo_collect('check_results.check_results.ocp_certs') + | oo_collect('health', {'path':hostvars[groups.oo_first_master.0].openshift.common.config_base ~ "/master/ca-bundle.crt"})) + # etcd + - ('expired' not in (hostvars + | oo_select_keys(groups['etcd']) + | oo_collect('check_results.check_results.etcd') + | oo_collect('health'))) |