summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDevan Goodwin <dgoodwin@redhat.com>2016-09-29 12:41:16 -0300
committerDevan Goodwin <dgoodwin@redhat.com>2016-09-29 12:41:16 -0300
commit9461cbf44d75c657ed400324b1cc2c39a2d6b9ff (patch)
tree12d81034186226a561cb921ea0a1ed4db56f0258
parentde196a56aec48a6545d993dae9e739ad9ab511ba (diff)
downloadopenshift-9461cbf44d75c657ed400324b1cc2c39a2d6b9ff.tar.gz
openshift-9461cbf44d75c657ed400324b1cc2c39a2d6b9ff.tar.bz2
openshift-9461cbf44d75c657ed400324b1cc2c39a2d6b9ff.tar.xz
openshift-9461cbf44d75c657ed400324b1cc2c39a2d6b9ff.zip
Fix bug with service signer cert on upgrade.
It is invalid Ansible to use a when on an include that contains plays, as it cannot be applied to plays. Issue filed upstream for a better error, or to get it working.
-rw-r--r--playbooks/common/openshift-cluster/upgrades/create_service_signer_cert.yml7
-rw-r--r--playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml1
2 files changed, 7 insertions, 1 deletions
diff --git a/playbooks/common/openshift-cluster/upgrades/create_service_signer_cert.yml b/playbooks/common/openshift-cluster/upgrades/create_service_signer_cert.yml
index e8a20aa2b..78f6c46f3 100644
--- a/playbooks/common/openshift-cluster/upgrades/create_service_signer_cert.yml
+++ b/playbooks/common/openshift-cluster/upgrades/create_service_signer_cert.yml
@@ -9,6 +9,7 @@
local_action: command mktemp -d /tmp/openshift-ansible-XXXXXXX
register: local_cert_sync_tmpdir
changed_when: false
+ when: not (hostvars[groups.oo_first_master.0].service_signer_cert_stat.stat.exists | bool)
- name: Create service signer certificate
hosts: oo_first_master
@@ -17,6 +18,7 @@
command: mktemp -d /tmp/openshift-ansible-XXXXXXX
register: remote_cert_create_tmpdir
changed_when: false
+ when: not (hostvars[groups.oo_first_master.0].service_signer_cert_stat.stat.exists | bool)
- name: Create service signer certificate
command: >
@@ -27,6 +29,7 @@
--serial=service-signer.serial.txt
args:
chdir: "{{ remote_cert_create_tmpdir.stdout }}/"
+ when: not (hostvars[groups.oo_first_master.0].service_signer_cert_stat.stat.exists | bool)
- name: Retrieve service signer certificate
fetch:
@@ -38,12 +41,14 @@
with_items:
- "service-signer.crt"
- "service-signer.key"
+ when: not (hostvars[groups.oo_first_master.0].service_signer_cert_stat.stat.exists | bool)
- name: Delete remote temp directory
file:
name: "{{ remote_cert_create_tmpdir.stdout }}"
state: absent
changed_when: false
+ when: not (hostvars[groups.oo_first_master.0].service_signer_cert_stat.stat.exists | bool)
- name: Deploy service signer certificate
hosts: oo_masters_to_config
@@ -55,6 +60,7 @@
with_items:
- "service-signer.crt"
- "service-signer.key"
+ when: not (hostvars[groups.oo_first_master.0].service_signer_cert_stat.stat.exists | bool)
- name: Delete local temp directory
hosts: localhost
@@ -67,3 +73,4 @@
name: "{{ local_cert_sync_tmpdir.stdout }}"
state: absent
changed_when: false
+ when: not (hostvars[groups.oo_first_master.0].service_signer_cert_stat.stat.exists | bool)
diff --git a/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml b/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml
index 0063bdb2f..2c641e21e 100644
--- a/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml
+++ b/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml
@@ -111,7 +111,6 @@
# Create service signer cert when missing. Service signer certificate
# is added to master config in the master config hook for v3_3.
- include: create_service_signer_cert.yml
- when: not (hostvars[groups.oo_first_master.0].service_signer_cert_stat.stat.exists | bool)
- name: Upgrade master config and systemd units
hosts: oo_masters_to_config