From b30c15b83937e45b7b3356ef4cb6e93c9203ff68 Mon Sep 17 00:00:00 2001
From: Andrew Butcher <abutcher@redhat.com>
Date: Mon, 16 Jan 2017 11:41:56 -0500
Subject: Create individual serving cert and loopback kubeconfig for additional
 masters.

Deprecates use of 'create-master-certs' for generating master serving
certificate and loopback kubeconfig in order to reference the first
master's CA serial file.
---
 filter_plugins/openshift_master.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'filter_plugins')

diff --git a/filter_plugins/openshift_master.py b/filter_plugins/openshift_master.py
index 437f4c400..f71d9b863 100644
--- a/filter_plugins/openshift_master.py
+++ b/filter_plugins/openshift_master.py
@@ -517,7 +517,9 @@ class FilterModule(object):
         ''' Return certificates to synchronize based on facts. '''
         if not issubclass(type(hostvars), dict):
             raise errors.AnsibleFilterError("|failed expects hostvars is a dict")
-        certs = ['admin.crt',
+        certs = ['ca.crt',
+                 'ca.key',
+                 'admin.crt',
                  'admin.key',
                  'admin.kubeconfig',
                  'master.kubelet-client.crt',
-- 
cgit v1.2.1