diff options
| author | Andrew Butcher <abutcher@redhat.com> | 2016-06-15 13:19:59 -0400 | 
|---|---|---|
| committer | Andrew Butcher <abutcher@redhat.com> | 2016-08-01 11:33:14 -0400 | 
| commit | 4c66a9b62488b5e344f2e65cda6bc2ba3e0f2933 (patch) | |
| tree | 57f0d2ee98a622e012d339c044e84d5855718949 /roles/openshift_master | |
| parent | 1bdbe5ed4b609d06651d4d3ded4dc70a7f7ed865 (diff) | |
| download | openshift-4c66a9b62488b5e344f2e65cda6bc2ba3e0f2933.tar.gz openshift-4c66a9b62488b5e344f2e65cda6bc2ba3e0f2933.tar.bz2 openshift-4c66a9b62488b5e344f2e65cda6bc2ba3e0f2933.tar.xz openshift-4c66a9b62488b5e344f2e65cda6bc2ba3e0f2933.zip | |
Add options for specifying named ca certificates to be added to the openshift ca bundle.
Diffstat (limited to 'roles/openshift_master')
| -rw-r--r-- | roles/openshift_master/handlers/main.yml | 7 | ||||
| -rw-r--r-- | roles/openshift_master/meta/main.yml | 1 | ||||
| -rw-r--r-- | roles/openshift_master/tasks/main.yml | 7 | ||||
| -rw-r--r-- | roles/openshift_master/templates/master.yaml.v1.j2 | 14 | 
4 files changed, 23 insertions, 6 deletions
| diff --git a/roles/openshift_master/handlers/main.yml b/roles/openshift_master/handlers/main.yml index f7dfb11f7..edb7369de 100644 --- a/roles/openshift_master/handlers/main.yml +++ b/roles/openshift_master/handlers/main.yml @@ -17,7 +17,12 @@    # Using curl here since the uri module requires python-httplib2 and    # wait_for port doesn't provide health information.    command: > -    curl --silent --cacert {{ openshift.common.config_base }}/master/ca.crt +    curl --silent +    {% if openshift.common.version_gte_3_2_or_1_2 | bool %} +    --cacert {{ openshift.common.config_base }}/master/ca-bundle.crt +    {% else %} +    --cacert {{ openshift.common.config_base }}/master/ca.crt +    {% endif %}      {{ openshift.master.api_url }}/healthz/ready    register: api_available_output    until: api_available_output.stdout == 'ok' diff --git a/roles/openshift_master/meta/main.yml b/roles/openshift_master/meta/main.yml index e391acfaa..a2f665702 100644 --- a/roles/openshift_master/meta/main.yml +++ b/roles/openshift_master/meta/main.yml @@ -12,4 +12,3 @@ galaxy_info:    categories:    - cloud  dependencies: [] - diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml index 115a64aeb..e1efb4c2b 100644 --- a/roles/openshift_master/tasks/main.yml +++ b/roles/openshift_master/tasks/main.yml @@ -224,7 +224,12 @@    # Using curl here since the uri module requires python-httplib2 and    # wait_for port doesn't provide health information.    command: > -    curl --silent --cacert {{ openshift.common.config_base }}/master/ca.crt +    curl --silent +    {% if openshift.common.version_gte_3_2_or_1_2 | bool %} +    --cacert {{ openshift.common.config_base }}/master/ca-bundle.crt +    {% else %} +    --cacert {{ openshift.common.config_base }}/master/ca.crt +    {% endif %}      {{ openshift.master.api_url }}/healthz/ready    register: api_available_output    until: api_available_output.stdout == 'ok' diff --git a/roles/openshift_master/templates/master.yaml.v1.j2 b/roles/openshift_master/templates/master.yaml.v1.j2 index b18a42e32..662f23aa3 100644 --- a/roles/openshift_master/templates/master.yaml.v1.j2 +++ b/roles/openshift_master/templates/master.yaml.v1.j2 @@ -156,7 +156,11 @@ oauthConfig:  {% for line in translated_identity_providers.splitlines() %}    {{ line }}  {% endfor %} -  masterCA: ca.crt +{% if openshift.common.version_gte_3_2_or_1_2 | bool %} +  masterCA: ca-bundle.crt +{% else %} +  masterCA: ca.rt +{% endif %}    masterPublicURL: {{ openshift.master.public_api_url }}    masterURL: {{ openshift.master.api_url }}    sessionConfig: @@ -189,7 +193,11 @@ serviceAccountConfig:    - default    - builder    - deployer -  masterCA: ca.crt +{% if openshift.common.version_gte_3_2_or_1_2 | bool %} +  masterCA: ca-bundle.crt +{% else %} +  masterCA: ca.rt +{% endif %}    privateKeyFile: serviceaccounts.private.key    publicKeyFiles:    - serviceaccounts.public.key @@ -201,7 +209,7 @@ servingInfo:    keyFile: master.server.key    maxRequestsInFlight: {{ openshift.master.max_requests_inflight }}    requestTimeoutSeconds: 3600 -{% if openshift.master.named_certificates %} +{% if openshift.master.named_certificates | default([]) | length > 0 %}    namedCertificates:  {% for named_certificate in openshift.master.named_certificates %}    - certFile: {{ named_certificate['certfile'] }} | 
