blob: e4602337eb8d07764ff74af2fed8e677d00bd941 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
|
---
- name: Ensure the generated_configs directory present
file:
path: "{{ openshift_generated_configs_dir }}/{{ item.master_cert_subdir }}"
state: directory
mode: 0700
with_items: masters_needing_certs
- file:
src: "{{ openshift_master_config_dir }}/{{ item.1 }}"
dest: "{{ openshift_generated_configs_dir }}/{{ item.0.master_cert_subdir }}/{{ item.1 }}"
state: hard
with_nested:
- masters_needing_certs
- - ca.crt
- ca.key
- ca.serial.txt
- admin.crt
- admin.key
- admin.kubeconfig
- master.kubelet-client.crt
- master.kubelet-client.key
- "{{ 'master.proxy-client.crt' if openshift.common.version_greater_than_3_1_or_1_1 else omit }}"
- "{{ 'master.proxy-client.key' if openshift.common.version_greater_than_3_1_or_1_1 else omit }}"
- openshift-master.crt
- openshift-master.key
- openshift-master.kubeconfig
- openshift-registry.crt
- openshift-registry.key
- openshift-registry.kubeconfig
- openshift-router.crt
- openshift-router.key
- openshift-router.kubeconfig
- serviceaccounts.private.key
- serviceaccounts.public.key
- name: Create the master certificates if they do not already exist
command: >
{{ openshift.common.admin_binary }} create-master-certs
--hostnames={{ item.openshift.common.all_hostnames | join(',') }}
--master={{ item.openshift.master.api_url }}
--public-master={{ item.openshift.master.public_api_url }}
--cert-dir={{ openshift_generated_configs_dir }}/{{ item.master_cert_subdir }}
--overwrite=false
when: master_certs_missing
with_items: masters_needing_certs
|