---
- include: ../../init/main.yml

- include: ../../common/openshift-cluster/redeploy-certificates/check-expiry.yml
  vars:
    g_check_expiry_hosts: 'oo_etcd_to_config'

- include: ../../common/openshift-cluster/redeploy-certificates/etcd-backup.yml

- include: ../../openshift-etcd/private/certificates.yml
  vars:
    etcd_certificates_redeploy: true

- include: ../../common/openshift-cluster/redeploy-certificates/masters-backup.yml

- include: ../../openshift-master/private/certificates.yml
  vars:
    openshift_certificates_redeploy: true

- include: ../../common/openshift-cluster/redeploy-certificates/nodes-backup.yml

- include: ../../openshift-node/private/certificates.yml
  vars:
    openshift_certificates_redeploy: true

- include: ../../openshift-etcd/private/restart.yml
  vars:
    g_etcd_certificates_expired: "{{ ('expired' in (hostvars | oo_select_keys(groups['etcd']) | oo_collect('check_results.check_results.etcd') | oo_collect('health'))) | bool }}"

- include: ../../openshift-master/private/restart.yml

- include: ../../openshift-node/private/restart.yml

- include: ../../common/openshift-cluster/redeploy-certificates/router.yml
  when: openshift_hosted_manage_router | default(true) | bool

- include: ../../common/openshift-cluster/redeploy-certificates/registry.yml
  when: openshift_hosted_manage_registry | default(true) | bool

- include: ../../openshift-master/private/revert-client-ca.yml

- include: ../../openshift-master/private/restart.yml