Merge pull request #5643 from mtnbikenc/refactor-certificates

Automatic merge from submit-queue.

Refactor certificate playbooks for checkpointing

The recent breakout of the certificate playbooks resulted in the certificate portion of the install to be outside of the component checkpoint.  This PR moves the certificate playbooks inside their respective config.yml playbook.

Removes an unused tasks file from the openshift_named_certificates role.

9 files changed, 15 insertions, 25 deletions

diff --git a/playbooks/byo/openshift-master/certificates.yml b/playbooks/byo/openshift-master/certificates.yml
index 26b964034..e147dcba1 100644
--- a/playbooks/byo/openshift-master/certificates.yml
+++ b/playbooks/byo/openshift-master/certificates.yml
@@ -3,6 +3,4 @@
 
 - include: ../../common/openshift-cluster/std_include.yml
 
-- include: ../../common/openshift-master/ca.yml
-
 - include: ../../common/openshift-master/certificates.yml
diff --git a/playbooks/byo/openshift-node/scaleup.yml b/playbooks/byo/openshift-node/scaleup.yml
index 9f992cca6..e0c36fb69 100644
--- a/playbooks/byo/openshift-node/scaleup.yml
+++ b/playbooks/byo/openshift-node/scaleup.yml
@@ -16,6 +16,4 @@
 
 - include: ../../common/openshift-cluster/std_include.yml
 
-- include: ../../common/openshift-node/certificates.yml
-
 - include: ../../common/openshift-node/config.yml
diff --git a/playbooks/common/openshift-cluster/config.yml b/playbooks/common/openshift-cluster/config.yml
index 4ca0d48e4..96a43230d 100644
--- a/playbooks/common/openshift-cluster/config.yml
+++ b/playbooks/common/openshift-cluster/config.yml
@@ -18,10 +18,6 @@
       - docker_image_availability
       - docker_storage
 
-- include: ../openshift-etcd/ca.yml
-
-- include: ../openshift-etcd/certificates.yml
-
 - include: ../openshift-etcd/config.yml
 
 - include: ../openshift-nfs/config.yml
@@ -30,16 +26,10 @@
 - include: ../openshift-loadbalancer/config.yml
   when: groups.oo_lb_to_config | default([]) | count > 0
 
-- include: ../openshift-master/ca.yml
-
-- include: ../openshift-master/certificates.yml
-
 - include: ../openshift-master/config.yml
 
 - include: ../openshift-master/additional_config.yml
 
-- include: ../openshift-node/certificates.yml
-
 - include: ../openshift-node/config.yml
 
 - include: ../openshift-glusterfs/config.yml
diff --git a/playbooks/common/openshift-cluster/redeploy-certificates/openshift-ca.yml b/playbooks/common/openshift-cluster/redeploy-certificates/openshift-ca.yml
index 12cd209d2..e4193a00e 100644
--- a/playbooks/common/openshift-cluster/redeploy-certificates/openshift-ca.yml
+++ b/playbooks/common/openshift-cluster/redeploy-certificates/openshift-ca.yml
@@ -114,12 +114,18 @@
     register: g_new_openshift_ca_mktemp
     changed_when: false
 
-- include: ../../openshift-master/ca.yml
+- name: Create OpenShift CA
+  hosts: oo_first_master
   vars:
     # Set openshift_ca_config_dir to a temporary directory where CA
     # will be created. We'll replace the existing CA with the CA
     # created in the temporary directory.
     openshift_ca_config_dir: "{{ hostvars[groups.oo_first_master.0].g_new_openshift_ca_mktemp.stdout }}"
+  roles:
+  - role: openshift_master_facts
+  - role: openshift_named_certificates
+  - role: openshift_ca
+    openshift_ca_host: "{{ groups.oo_first_master.0 }}"
 
 - name: Create temp directory for syncing certs
   hosts: localhost
diff --git a/playbooks/common/openshift-etcd/config.yml b/playbooks/common/openshift-etcd/config.yml
index 2cae231b4..82539dac8 100644
--- a/playbooks/common/openshift-etcd/config.yml
+++ b/playbooks/common/openshift-etcd/config.yml
@@ -10,6 +10,10 @@
         installer_phase_etcd: "In Progress"
       aggregate: false
 
+- include: ca.yml
+
+- include: certificates.yml
+
 - name: Configure etcd
   hosts: oo_etcd_to_config
   any_errors_fatal: true
diff --git a/playbooks/common/openshift-master/ca.yml b/playbooks/common/openshift-master/ca.yml
deleted file mode 100644
index 5bb796fa3..000000000
--- a/playbooks/common/openshift-master/ca.yml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-- name: Create OpenShift CA
-  hosts: oo_masters_to_config
-  roles:
-  - role: openshift_master_facts
-  - role: openshift_named_certificates
-  - role: openshift_ca
-    openshift_ca_host: "{{ groups.oo_first_master.0 }}"
diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml
index 766e0e501..bc1fee982 100644
--- a/playbooks/common/openshift-master/config.yml
+++ b/playbooks/common/openshift-master/config.yml
@@ -10,6 +10,8 @@
         installer_phase_master: "In Progress"
       aggregate: false
 
+- include: certificates.yml
+
 - name: Disable excluders
   hosts: oo_masters_to_config
   gather_facts: no
diff --git a/playbooks/common/openshift-master/scaleup.yml b/playbooks/common/openshift-master/scaleup.yml
index d007fac85..f4dc9df8a 100644
--- a/playbooks/common/openshift-master/scaleup.yml
+++ b/playbooks/common/openshift-master/scaleup.yml
@@ -47,8 +47,6 @@
 
 - include: ../openshift-etcd/certificates.yml
 
-- include: ../openshift-master/certificates.yml
-
 - include: ../openshift-master/config.yml
 
 - include: ../openshift-loadbalancer/config.yml
diff --git a/playbooks/common/openshift-node/config.yml b/playbooks/common/openshift-node/config.yml
index 6fd8aa6f1..700aab48c 100644
--- a/playbooks/common/openshift-node/config.yml
+++ b/playbooks/common/openshift-node/config.yml
@@ -10,6 +10,8 @@
         installer_phase_node: "In Progress"
       aggregate: false
 
+- include: certificates.yml
+
 - include: setup.yml
 
 - include: containerized_nodes.yml