summaryrefslogtreecommitdiffstats
path: root/roles
diff options
context:
space:
mode:
authorOpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com>2017-09-26 12:43:17 -0700
committerGitHub <noreply@github.com>2017-09-26 12:43:17 -0700
commita7f2d65bba267bbbd7aa13c65cee348c015be5f5 (patch)
tree71a662375126e06536639b3e0cb421599c24f080 /roles
parent06c8afc884d40be2fcd0c3fbd6cd54db85e8f00a (diff)
parent8fd1083f57ab582cf47e9a9f78eaaf489f0b7cd6 (diff)
downloadopenshift-a7f2d65bba267bbbd7aa13c65cee348c015be5f5.tar.gz
openshift-a7f2d65bba267bbbd7aa13c65cee348c015be5f5.tar.bz2
openshift-a7f2d65bba267bbbd7aa13c65cee348c015be5f5.tar.xz
openshift-a7f2d65bba267bbbd7aa13c65cee348c015be5f5.zip
Merge pull request #5529 from abutcher/aggregator-api-client-config
Automatic merge from submit-queue Generate aggregator api client config in temporary directory. The `run_once`'s probably aren't necessary since the role is ran serially.
Diffstat (limited to 'roles')
-rw-r--r--roles/openshift_service_catalog/tasks/wire_aggregator.yml40
1 files changed, 29 insertions, 11 deletions
diff --git a/roles/openshift_service_catalog/tasks/wire_aggregator.yml b/roles/openshift_service_catalog/tasks/wire_aggregator.yml
index 6431c6d3f..300a7db62 100644
--- a/roles/openshift_service_catalog/tasks/wire_aggregator.yml
+++ b/roles/openshift_service_catalog/tasks/wire_aggregator.yml
@@ -75,17 +75,35 @@
path: /etc/origin/master/aggregator-front-proxy.kubeconfig
register: first_front_proxy_kubeconfig
delegate_to: "{{ first_master }}"
-
-- name: Create first master api-client config for Aggregator
- command: >
- {{ hostvars[first_master].openshift.common.client_binary }} adm create-api-client-config
- --certificate-authority=/etc/origin/master/front-proxy-ca.crt
- --signer-cert=/etc/origin/master/front-proxy-ca.crt
- --signer-key=/etc/origin/master/front-proxy-ca.key
- --user aggregator-front-proxy
- --client-dir=/etc/origin/master
- --signer-serial=/etc/origin/master/ca.serial.txt
- delegate_to: "{{ first_master }}"
+ run_once: true
+
+# create-api-client-config generates a ca.crt file which will
+# overwrite the OpenShift CA certificate. Generate the aggregator
+# kubeconfig in a temporary directory and then copy files into the
+# master config dir to avoid overwriting ca.crt.
+- block:
+ - name: Create first master api-client config for Aggregator
+ command: >
+ {{ hostvars[first_master].openshift.common.client_binary }} adm create-api-client-config
+ --certificate-authority=/etc/origin/master/front-proxy-ca.crt
+ --signer-cert=/etc/origin/master/front-proxy-ca.crt
+ --signer-key=/etc/origin/master/front-proxy-ca.key
+ --user aggregator-front-proxy
+ --client-dir={{ certtemp.stdout }}
+ --signer-serial=/etc/origin/master/ca.serial.txt
+ delegate_to: "{{ first_master }}"
+ run_once: true
+ - name: Copy first master api-client config for Aggregator
+ copy:
+ src: "{{ certtemp.stdout }}/{{ item }}"
+ dest: "/etc/origin/master/"
+ remote_src: true
+ with_items:
+ - aggregator-front-proxy.crt
+ - aggregator-front-proxy.key
+ - aggregator-front-proxy.kubeconfig
+ delegate_to: "{{ first_master }}"
+ run_once: true
when:
- not first_front_proxy_kubeconfig.stat.exists