From 4c66a9b62488b5e344f2e65cda6bc2ba3e0f2933 Mon Sep 17 00:00:00 2001
From: Andrew Butcher <abutcher@redhat.com>
Date: Wed, 15 Jun 2016 13:19:59 -0400
Subject: Add options for specifying named ca certificates to be added to the
openshift ca bundle.
---
roles/openshift_ca/meta/main.yml | 1 +
roles/openshift_ca/tasks/main.yml | 14 +++++++++-----
2 files changed, 10 insertions(+), 5 deletions(-)
(limited to 'roles/openshift_ca')
diff --git a/roles/openshift_ca/meta/main.yml b/roles/openshift_ca/meta/main.yml
index a08aa1686..444c5b77e 100644
--- a/roles/openshift_ca/meta/main.yml
+++ b/roles/openshift_ca/meta/main.yml
@@ -15,3 +15,4 @@ galaxy_info:
dependencies:
- role: openshift_repos
- role: openshift_cli
+- role: openshift_named_certificates
diff --git a/roles/openshift_ca/tasks/main.yml b/roles/openshift_ca/tasks/main.yml
index 4d9768ce7..2e147840d 100644
--- a/roles/openshift_ca/tasks/main.yml
+++ b/roles/openshift_ca/tasks/main.yml
@@ -28,6 +28,7 @@
path: "{{ openshift_ca_config_dir }}/{{ item }}"
register: g_master_ca_stat_result
with_items:
+ - ca-bundle.crt
- ca.crt
- ca.key
delegate_to: "{{ openshift_ca_host }}"
@@ -43,11 +44,14 @@
- name: Create the master certificates if they do not already exist
command: >
{{ openshift.common.admin_binary }} create-master-certs
- --hostnames={{ openshift_master_hostnames | join(',') }}
- --master={{ openshift.master.api_url }}
- --public-master={{ openshift.master.public_api_url }}
- --cert-dir={{ openshift_ca_config_dir }}
- --overwrite=false
+ {% for named_ca_certificate in openshift.master.named_certificates | default([]) | oo_collect('cafile') %}
+ --certificate-authority {{ named_ca_certificate }}
+ {% endfor %}
+ --hostnames={{ openshift_master_hostnames | join(',') }}
+ --master={{ openshift.master.api_url }}
+ --public-master={{ openshift.master.public_api_url }}
+ --cert-dir={{ openshift_ca_config_dir }}
+ --overwrite=false
when: hostvars[openshift_ca_host].master_ca_missing | bool
delegate_to: "{{ openshift_ca_host }}"
run_once: true
--
cgit v1.2.3