Re-arrange master and node role dependencies.

roles/openshift_master/meta/main.yml

@@ -13,8 +13,6 @@ galaxy_info:
   - cloud
 dependencies:
 - role: openshift_clock
-- role: openshift_docker
-- role: openshift_cli
 - role: openshift_master_certificates
 - role: openshift_cloud_provider
 - role: openshift_builddefaults

roles/openshift_node_certificates/meta/main.yml

@@ -13,4 +13,4 @@ galaxy_info:
   - cloud
   - system
 dependencies:
-- role: openshift_ca
+- role: openshift_facts

roles/openshift_node_certificates/tasks/main.yml

@@ -1,4 +1,19 @@
 ---
+- name: Ensure CA certificate exists on openshift_ca_host
+  stat:
+    path: "{{ openshift_ca_cert }}"
+  register: g_ca_cert_stat_result
+  delegate_to: "{{ openshift_ca_host }}"
+  run_once: true
+
+- fail:
+    msg: >
+      CA certificate {{ openshift_ca_cert }} doesn't exist on CA host
+      {{ openshift_ca_host }}. Apply 'openshift_ca' role to
+      {{ openshift_ca_host }}.
+  when: not g_ca_cert_stat_result.stat.exists | bool
+  run_once: true
+
 - name: Check status of node certificates
   stat:
     path: "{{ openshift.common.config_base }}/node/{{ item }}"

roles/openshift_node_certificates/vars/main.yml

@@ -4,3 +4,8 @@ openshift_node_cert_dir: "{{ openshift.common.config_base }}/node"
 openshift_node_cert_subdir: "node-{{ openshift.common.hostname }}"
 openshift_node_config_dir: "{{ openshift.common.config_base }}/node"
 openshift_node_generated_config_dir: "{{ openshift_generated_configs_dir }}/{{ openshift_node_cert_subdir }}"
+
+openshift_ca_config_dir: "{{ openshift.common.config_base }}/master"
+openshift_ca_cert: "{{ openshift_ca_config_dir }}/ca.crt"
+openshift_ca_key: "{{ openshift_ca_config_dir }}/ca.key"
+openshift_ca_serial: "{{ openshift_ca_config_dir }}/ca.serial.txt"