From 89fcbb72447ab74b440c15d1e35a1dd10cef1c49 Mon Sep 17 00:00:00 2001
From: Andrew Butcher <abutcher@redhat.com>
Date: Mon, 6 Nov 2017 12:35:13 -0500
Subject: Temporarily set master servingInfo.clientCA as client-ca-bundle.crt
 during rolling CA redeployment.

---
 playbooks/common/openshift-master/revert-client-ca.yml | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)
 create mode 100644 playbooks/common/openshift-master/revert-client-ca.yml

(limited to 'playbooks/common/openshift-master/revert-client-ca.yml')

diff --git a/playbooks/common/openshift-master/revert-client-ca.yml b/playbooks/common/openshift-master/revert-client-ca.yml
new file mode 100644
index 000000000..9ae23bf5b
--- /dev/null
+++ b/playbooks/common/openshift-master/revert-client-ca.yml
@@ -0,0 +1,17 @@
+---
+- name: Set servingInfo.clientCA = ca.crt in master config
+  hosts: oo_masters_to_config
+  tasks:
+  - name: Read master config
+    slurp:
+      src: "{{ openshift.common.config_base }}/master/master-config.yaml"
+    register: g_master_config_output
+
+  # servingInfo.clientCA may be set as the client-ca-bundle.crt from
+  # CA redeployment and this task reverts that change.
+  - name: Set servingInfo.clientCA = ca.crt in master config
+    modify_yaml:
+      dest: "{{ openshift.common.config_base }}/master/master-config.yaml"
+      yaml_key: servingInfo.clientCA
+      yaml_value: ca.crt
+    when: (g_master_config_output.content|b64decode|from_yaml).servingInfo.clientCA != 'ca.crt'
-- 
cgit v1.2.3