diff options
| -rw-r--r-- | playbooks/common/openshift-node/config.yml | 23 | ||||
| -rw-r--r-- | roles/etcd_certificates/tasks/client.yml | 8 | ||||
| -rw-r--r-- | roles/etcd_certificates/tasks/server.yml | 12 |
3 files changed, 20 insertions, 23 deletions
diff --git a/playbooks/common/openshift-node/config.yml b/playbooks/common/openshift-node/config.yml index f0bb91568..b0407ef74 100644 --- a/playbooks/common/openshift-node/config.yml +++ b/playbooks/common/openshift-node/config.yml @@ -148,15 +148,15 @@ register: g_external_etcd_flannel_cert_stat_result when: groups.oo_etcd_to_config is defined and groups.oo_etcd_to_config and (openshift.common.use_flannel | bool) - set_fact: - etcd_client_flannel_certs_missing: "{{ g_external_etcd_flannel_cert_stat_result.results + etcd_client_flannel_certs_missing: "{{ False in g_external_etcd_flannel_cert_stat_result.results | oo_collect(attribute='stat.exists') - | list | intersect([false])}}" + | list }}" etcd_cert_subdir: openshift-node-{{ openshift.common.hostname }} etcd_cert_config_dir: "{{ openshift.common.config_base }}/node" etcd_cert_prefix: node.etcd- etcd_hostname: "{{ openshift.common.hostname }}" etcd_ip: "{{ openshift.common.ip }}" - when: groups.oo_etcd_to_config is defined and groups.oo_etcd_to_config and (openshift.common.use_flannel | bool) + when: groups.oo_etcd_to_config is defined and groups.oo_etcd_to_config | length > 0 and (openshift.common.use_flannel | bool) - name: Configure flannel etcd certificates hosts: oo_first_etcd @@ -166,9 +166,8 @@ pre_tasks: - set_fact: etcd_needing_client_certs: "{{ hostvars - | oo_select_keys(groups['oo_nodes_to_config']) - | oo_filter_list(filter_attr='etcd_client_flannel_certs_missing') | default([]) }}" - when: etcd_client_flannel_certs_missing is defined and etcd_client_flannel_certs_missing + | oo_select_keys(groups['oo_nodes_to_config']) + | oo_filter_list('etcd_client_flannel_certs_missing') | default([]) }}" roles: - role: openshift_etcd_certificates when: openshift_use_flannel | default(false) | bool @@ -179,8 +178,7 @@ -C {{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }} . args: creates: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}.tgz" - with_items: "{{ etcd_needing_client_certs | default([]) }}" - when: etcd_client_flannel_certs_missing is defined and etcd_client_flannel_certs_missing + with_items: etcd_needing_client_certs | default([]) - name: Retrieve the etcd cert tarballs fetch: src: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}.tgz" @@ -188,8 +186,7 @@ flat: yes fail_on_missing: yes validate_checksum: yes - with_items: "{{ etcd_needing_client_certs | default([]) }}" - when: etcd_client_flannel_certs_missing is defined and etcd_client_flannel_certs_missing + with_items: etcd_needing_client_certs | default([]) - name: Copy the external etcd flannel certs to the nodes hosts: oo_nodes_to_config @@ -200,12 +197,12 @@ file: path: "{{ openshift.common.config_base }}/node" state: directory - when: etcd_client_flannel_certs_missing is defined and etcd_client_flannel_certs_missing + when: etcd_client_flannel_certs_missing | default(false) | bool - name: Unarchive the tarball on the master unarchive: src: "{{ sync_tmpdir }}/{{ etcd_cert_subdir }}.tgz" dest: "{{ etcd_cert_config_dir }}" - when: etcd_client_flannel_certs_missing is defined and etcd_client_flannel_certs_missing + when: etcd_client_flannel_certs_missing | default(false) | bool - file: path: "{{ etcd_cert_config_dir }}/{{ item }}" owner: root @@ -215,7 +212,7 @@ - node.etcd-client.crt - node.etcd-client.key - node.etcd-ca.crt - when: etcd_client_flannel_certs_missing is defined and etcd_client_flannel_certs_missing + when: etcd_client_flannel_certs_missing | default(false) | bool - name: Additional node config diff --git a/roles/etcd_certificates/tasks/client.yml b/roles/etcd_certificates/tasks/client.yml index b497a46c0..a9f130bb9 100644 --- a/roles/etcd_certificates/tasks/client.yml +++ b/roles/etcd_certificates/tasks/client.yml @@ -4,7 +4,7 @@ path: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}" state: directory mode: 0700 - with_items: "{{ etcd_needing_client_certs | default([]) }}" + with_items: etcd_needing_client_certs | default([]) - name: Create the client csr command: > @@ -19,7 +19,7 @@ ~ item.etcd_cert_prefix ~ 'client.csr' }}" environment: SAN: "IP:{{ item.etcd_ip }}" - with_items: "{{ etcd_needing_client_certs | default([]) }}" + with_items: etcd_needing_client_certs | default([]) - name: Sign and create the client crt command: > @@ -33,10 +33,10 @@ ~ item.etcd_cert_prefix ~ 'client.crt' }}" environment: SAN: "IP:{{ item.etcd_ip }}" - with_items: "{{ etcd_needing_client_certs | default([]) }}" + with_items: etcd_needing_client_certs | default([]) - file: src: "{{ etcd_ca_cert }}" dest: "{{ etcd_generated_certs_dir}}/{{ item.etcd_cert_subdir }}/{{ item.etcd_cert_prefix }}ca.crt" state: hard - with_items: "{{ etcd_needing_client_certs | default([]) }}" + with_items: etcd_needing_client_certs | default([]) diff --git a/roles/etcd_certificates/tasks/server.yml b/roles/etcd_certificates/tasks/server.yml index 934b8b805..223917ccd 100644 --- a/roles/etcd_certificates/tasks/server.yml +++ b/roles/etcd_certificates/tasks/server.yml @@ -4,7 +4,7 @@ path: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}" state: directory mode: 0700 - with_items: "{{ etcd_needing_server_certs | default([]) }}" + with_items: etcd_needing_server_certs | default([]) - name: Create the server csr command: > @@ -19,7 +19,7 @@ ~ item.etcd_cert_prefix ~ 'server.csr' }}" environment: SAN: "IP:{{ item.etcd_ip }}" - with_items: "{{ etcd_needing_server_certs | default([]) }}" + with_items: etcd_needing_server_certs | default([]) - name: Sign and create the server crt command: > @@ -33,7 +33,7 @@ ~ item.etcd_cert_prefix ~ 'server.crt' }}" environment: SAN: "IP:{{ item.etcd_ip }}" - with_items: "{{ etcd_needing_server_certs | default([]) }}" + with_items: etcd_needing_server_certs | default([]) - name: Create the peer csr command: > @@ -48,7 +48,7 @@ ~ item.etcd_cert_prefix ~ 'peer.csr' }}" environment: SAN: "IP:{{ item.etcd_ip }}" - with_items: "{{ etcd_needing_server_certs | default([]) }}" + with_items: etcd_needing_server_certs | default([]) - name: Sign and create the peer crt command: > @@ -62,10 +62,10 @@ ~ item.etcd_cert_prefix ~ 'peer.crt' }}" environment: SAN: "IP:{{ item.etcd_ip }}" - with_items: "{{ etcd_needing_server_certs | default([]) }}" + with_items: etcd_needing_server_certs | default([]) - file: src: "{{ etcd_ca_cert }}" dest: "{{ etcd_generated_certs_dir}}/{{ item.etcd_cert_subdir }}/{{ item.etcd_cert_prefix }}ca.crt" state: hard - with_items: "{{ etcd_needing_server_certs | default([]) }}" + with_items: etcd_needing_server_certs | default([]) |