2 files changed, 21 insertions, 11 deletions

diff --git a/playbooks/common/openshift-cluster/redeploy-certificates/registry.yml b/playbooks/common/openshift-cluster/redeploy-certificates/registry.yml
index 18b93e1d6..999e4af65 100644
--- a/playbooks/common/openshift-cluster/redeploy-certificates/registry.yml
+++ b/playbooks/common/openshift-cluster/redeploy-certificates/registry.yml
@@ -2,6 +2,8 @@
 - name: Update registry certificates
   hosts: oo_first_master
   vars:
+  roles:
+  - lib_openshift
   tasks:
   - name: Create temp directory for kubeconfig
     command: mktemp -d /tmp/openshift-ansible-XXXXXX
@@ -70,13 +72,17 @@
         --key={{ openshift.common.config_base }}/master/registry.key
 
     - name: Update registry certificates secret
-      shell: >
-        {{ openshift.common.client_binary }} secret new registry-certificates
-        {{ openshift.common.config_base }}/master/registry.crt
-        {{ openshift.common.config_base }}/master/registry.key
-        --config={{ mktemp.stdout }}/admin.kubeconfig
-        -n default
-        -o json | oc replace -f -
+      oc_secret:
+        kubeconfig: "{{ mktemp.stdout }}/admin.kubeconfig"
+        name: registry-certificates
+        namespace: default
+        state: present
+        files:
+        - name: registry.crt
+          path: "{{ openshift.common.config_base }}/master/registry.crt"
+        - name: registry.key
+          path: "{{ openshift.common.config_base }}/master/registry.key"
+      run_once: true
     when: l_docker_registry_dc.rc == 0 and 'registry-certificates' in docker_registry_secrets and 'REGISTRY_HTTP_TLS_CERTIFICATE' in docker_registry_env_vars and 'REGISTRY_HTTP_TLS_KEY' in docker_registry_env_vars
 
   - name: Redeploy docker registry
diff --git a/playbooks/common/openshift-cluster/redeploy-certificates/router.yml b/playbooks/common/openshift-cluster/redeploy-certificates/router.yml
index a9e9f0915..707fb6424 100644
--- a/playbooks/common/openshift-cluster/redeploy-certificates/router.yml
+++ b/playbooks/common/openshift-cluster/redeploy-certificates/router.yml
@@ -7,6 +7,8 @@
     command: mktemp -d /tmp/openshift-ansible-XXXXXX
     register: mktemp
     changed_when: false
+  roles:
+  - lib_openshift
 
   - name: Copy admin client config(s)
     command: >
@@ -45,10 +47,12 @@
 
   - block:
     - name: Delete existing router certificate secret
-      command: >
-        {{ openshift.common.client_binary }} delete secret/router-certs
-        --config={{ mktemp.stdout }}/admin.kubeconfig
-        -n default
+      oc_secret:
+        kubeconfig: "{{ mktemp.stdout }}/admin.kubeconfig"
+        name: router-certs
+        namespace: default
+        state: absent
+        run_once: true
 
     - name: Remove router service annotations
       command: >