1 files changed, 41 insertions, 39 deletions

diff --git a/playbooks/common/openshift-node/config.yml b/playbooks/common/openshift-node/config.yml
index 55abedfe7..9e642f3d3 100644
--- a/playbooks/common/openshift-node/config.yml
+++ b/playbooks/common/openshift-node/config.yml
@@ -4,9 +4,9 @@
   roles:
   - openshift_facts
   tasks:
-  # Since the master is registering the nodes before they are configured, we
-  # need to make sure to set the node properties beforehand if we do not want
-  # the defaults
+  # Since the master is generating the node certificates before they are
+  # configured, we need to make sure to set the node properties beforehand if
+  # we do not want the defaults
   - openshift_facts:
       role: "{{ item.role }}"
       local_facts: "{{ item.local_facts }}"
@@ -18,13 +18,26 @@
           deployment_type: "{{ openshift_deployment_type }}"
       - role: node
         local_facts:
-          external_id: "{{ openshift_node_external_id | default(None) }}"
           resources_cpu: "{{ openshift_node_resources_cpu | default(None) }}"
           resources_memory: "{{ openshift_node_resources_memory | default(None) }}"
           pod_cidr: "{{ openshift_node_pod_cidr | default(None) }}"
           labels: "{{ openshift_node_labels | default(None) }}"
           annotations: "{{ openshift_node_annotations | default(None) }}"
-
+  - name: Check status of node certificates
+    stat:
+      path: "{{ item }}"
+    with_items:
+    - "/etc/openshift/node/node.key"
+    - "/etc/openshift/node/node.kubeconfig"
+    - "/etc/openshift/node/ca.crt"
+    - "/etc/openshift/node/server.key"
+    register: stat_result
+  - set_fact:
+      certs_missing: "{{ stat_result.results | map(attribute='stat.exists')
+                         | list | intersect([false])}}"
+      node_subdir: node-{{ openshift.common.hostname }}
+      config_dir: /etc/openshift/generated-configs/node-{{ openshift.common.hostname }}
+      node_cert_dir: /etc/openshift/node
 
 - name: Create temp directory for syncing certs
   hosts: localhost
@@ -37,66 +50,57 @@
     register: mktemp
     changed_when: False
 
-
 - name: Register nodes
   hosts: oo_first_master
   vars:
-    openshift_nodes: "{{ hostvars | oo_select_keys(groups['oo_nodes_to_config']) }}"
+    nodes_needing_certs: "{{ hostvars
+                             | oo_select_keys(groups['oo_nodes_to_config'])
+                             | oo_filter_list(filter_attr='certs_missing') }}"
+    openshift_nodes: "{{ hostvars
+                         | oo_select_keys(groups['oo_nodes_to_config']) }}"
     sync_tmpdir: "{{ hostvars.localhost.mktemp.stdout }}"
   roles:
   - openshift_register_nodes
-  tasks:
-  # TODO: update so that we only sync necessary configs/directories, currently
-  # we sync for all nodes in oo_nodes_to_config.  We will need to inspect the
-  # configs on the nodes to make the determination on whether to sync or not.
-  - name: Create the temp directory on the master
-    file:
-      path: "{{ sync_tmpdir }}"
-      owner: "{{ ansible_ssh_user }}"
-      mode: 0700
-      state: directory
-    changed_when: False
-
+  post_tasks:
   - name: Create a tarball of the node config directories
-    command: tar -czvf {{ sync_tmpdir }}/{{ item.openshift.common.hostname }}.tgz ./
+    command: >
+      tar -czvf {{ item.config_dir }}.tgz
+        --transform 's|system:{{ item.node_subdir }}|node|'
+        -C {{ item.config_dir }} .
     args:
-      chdir: "{{ openshift_cert_dir }}/node-{{ item.openshift.common.hostname }}"
-    with_items: openshift_nodes
-    changed_when: False
+      creates: "{{ item.config_dir }}.tgz"
+    with_items: nodes_needing_certs
 
   - name: Retrieve the node config tarballs from the master
     fetch:
-      src: "{{ sync_tmpdir }}/{{ item.openshift.common.hostname }}.tgz"
+      src: "{{ item.config_dir }}.tgz"
       dest: "{{ sync_tmpdir }}/"
+      flat: yes
       fail_on_missing: yes
       validate_checksum: yes
-    with_items: openshift_nodes
-    changed_when: False
-
+    with_items: nodes_needing_certs
 
 - name: Configure node instances
   hosts: oo_nodes_to_config
-  gather_facts: no
   vars:
-    sync_tmpdir: "{{ hostvars.localhost.mktemp.stdout }}/{{ groups['oo_first_master'][0] }}/{{ hostvars.localhost.mktemp.stdout }}"
-    openshift_sdn_master_url: "https://{{ hostvars[groups['oo_first_master'][0]].openshift.common.hostname }}:4001"
+    sync_tmpdir: "{{ hostvars.localhost.mktemp.stdout }}"
+    openshift_node_master_api_url: "{{ hostvars[openshift_first_master].openshift.master.api_url }}"
   pre_tasks:
   - name: Ensure certificate directory exists
     file:
-      path: "{{ openshift_node_cert_dir }}"
+      path: "{{ node_cert_dir }}"
       state: directory
 
-  # TODO: notify restart openshift-node and/or restart openshift-sdn-node,
+  # TODO: notify restart openshift-node
   # possibly test service started time against certificate/config file
-  # timestamps in openshift-node or openshift-sdn-node to trigger notify
+  # timestamps in openshift-node to trigger notify
   - name: Unarchive the tarball on the node
     unarchive:
-      src: "{{ sync_tmpdir }}/{{ openshift.common.hostname }}.tgz"
-      dest: "{{ openshift_node_cert_dir }}"
+      src: "{{ sync_tmpdir }}/{{ node_subdir }}.tgz"
+      dest: "{{ node_cert_dir }}"
+    when: certs_missing
   roles:
   - openshift_node
-  - role: openshift_sdn_node
-    when: openshift.common.use_openshift_sdn | bool
   - role: fluentd_node
     when: openshift.common.use_fluentd | bool
   tasks:
@@ -113,7 +117,6 @@
   - file: name={{ sync_tmpdir }} state=absent
     changed_when: False
 
-
 - name: Delete temporary directory on localhost
   hosts: localhost
   connection: local
@@ -123,7 +126,6 @@
   - file: name={{ mktemp.stdout }} state=absent
     changed_when: False
 
-
 # Additional config for online type deployments
 - name: Additional instance config
   hosts: oo_nodes_deployment_type_online