---
- name: Ensure the generated_configs directory present
  file:
    path: "{{ openshift_generated_configs_dir }}/{{ item.master_cert_subdir }}"
    state: directory
    mode: 0700
  with_items: masters_needing_certs

- set_fact:
    master_certificates:
    - ca.crt
    - ca.key
    - ca.serial.txt
    - admin.crt
    - admin.key
    - admin.kubeconfig
    - master.kubelet-client.crt
    - master.kubelet-client.key
    - openshift-master.crt
    - openshift-master.key
    - openshift-master.kubeconfig
    - openshift-registry.crt
    - openshift-registry.key
    - openshift-registry.kubeconfig
    - openshift-router.crt
    - openshift-router.key
    - openshift-router.kubeconfig
    - serviceaccounts.private.key
    - serviceaccounts.public.key
    master_31_certificates:
    - master.proxy-client.crt
    - master.proxy-client.key

- file:
    src: "{{ openshift_master_config_dir }}/{{ item.1 }}"
    dest: "{{ openshift_generated_configs_dir }}/{{ item.0.master_cert_subdir }}/{{ item.1 }}"
    state: hard
  with_nested:
  - masters_needing_certs
  - "{{ master_certificates | union(master_31_certificates) if openshift.common.version_greater_than_3_1_or_1_1 | bool else master_certificates }}"

- name: Create the master certificates if they do not already exist
  command: >
    {{ openshift.common.admin_binary }} create-master-certs
      --hostnames={{ item.openshift.common.all_hostnames | join(',') }}
      --master={{ item.openshift.master.api_url }}
      --public-master={{ item.openshift.master.public_api_url }}
      --cert-dir={{ openshift_generated_configs_dir }}/{{ item.master_cert_subdir }}
      --overwrite=false
  when: master_certs_missing
  with_items: masters_needing_certs