From 8faf061f0656b8816af4efe1015c1a9ed0d34c36 Mon Sep 17 00:00:00 2001
From: Andrew Butcher <abutcher@redhat.com>
Date: Tue, 13 Feb 2018 13:51:17 -0500
Subject: oc_adm_csr: Add fail_on_timeout parameter which causes module to fail
 when timeout was reached.

---
 roles/lib_openshift/library/oc_adm_csr.py     | 7 +++++++
 roles/lib_openshift/src/ansible/oc_adm_csr.py | 7 +++++++
 roles/openshift_aws/tasks/accept_nodes.yml    | 1 +
 3 files changed, 15 insertions(+)

diff --git a/roles/lib_openshift/library/oc_adm_csr.py b/roles/lib_openshift/library/oc_adm_csr.py
index c78e379d5..bb834deb0 100644
--- a/roles/lib_openshift/library/oc_adm_csr.py
+++ b/roles/lib_openshift/library/oc_adm_csr.py
@@ -1639,6 +1639,7 @@ def main():
             timeout=dict(default=30, type='int'),
             approve_all=dict(default=False, type='bool'),
             service_account=dict(default='node-bootstrapper', type='str'),
+            fail_on_timeout=dict(default=False, type='bool'),
         ),
         supports_check_mode=True,
         mutually_exclusive=[['approve_all', 'nodes']],
@@ -1649,6 +1650,12 @@ def main():
 
     rval = OCcsr.run_ansible(module.params, module.check_mode)
 
+    # If we timed out then we weren't finished. Fail if user requested to fail.
+    if (module.params['timeout'] > 0 and
+            module.params['fail_on_timeout'] and
+            rval['timeout']):
+        return module.fail_json(msg='Timed out accepting certificate signing requests. Failing as requested.', **rval)
+
     if 'failed' in rval:
         return module.fail_json(**rval)
 
diff --git a/roles/lib_openshift/src/ansible/oc_adm_csr.py b/roles/lib_openshift/src/ansible/oc_adm_csr.py
index 9e43a810b..7b5e245d4 100644
--- a/roles/lib_openshift/src/ansible/oc_adm_csr.py
+++ b/roles/lib_openshift/src/ansible/oc_adm_csr.py
@@ -16,6 +16,7 @@ def main():
             timeout=dict(default=30, type='int'),
             approve_all=dict(default=False, type='bool'),
             service_account=dict(default='node-bootstrapper', type='str'),
+            fail_on_timeout=dict(default=False, type='bool'),
         ),
         supports_check_mode=True,
         mutually_exclusive=[['approve_all', 'nodes']],
@@ -26,6 +27,12 @@ def main():
 
     rval = OCcsr.run_ansible(module.params, module.check_mode)
 
+    # If we timed out then we weren't finished. Fail if user requested to fail.
+    if (module.params['timeout'] > 0 and
+            module.params['fail_on_timeout'] and
+            rval['timeout']):
+        return module.fail_json(msg='Timed out accepting certificate signing requests. Failing as requested.', **rval)
+
     if 'failed' in rval:
         return module.fail_json(**rval)
 
diff --git a/roles/openshift_aws/tasks/accept_nodes.yml b/roles/openshift_aws/tasks/accept_nodes.yml
index db30fe5c9..cc0cdcb0b 100644
--- a/roles/openshift_aws/tasks/accept_nodes.yml
+++ b/roles/openshift_aws/tasks/accept_nodes.yml
@@ -37,5 +37,6 @@
     #approve_all: True
     nodes: "{{ instancesout.instances|map(attribute='private_dns_name') | list  }}"
     timeout: 60
+    fail_on_timeout: "{{ openshift_aws_node_accept_fail_on_timeout | default(false) | bool }}"
   register: nodeout
   delegate_to: "{{ groups.masters.0 }}"
-- 
cgit v1.2.1