7 lat temu · 53eeaf6097
--- a/roles/etcd_server_certificates/tasks/main.yml
+++ b/roles/etcd_server_certificates/tasks/main.yml
@@ -5,11 +5,14 @@
 
				 
			
 
				 - name: Check status of etcd certificates
			
 
				   stat:
			
 
				-    path: "{{ etcd_cert_config_dir }}/{{ item }}"
			
 
				+    path: "{{ item }}"
			
 
				   with_items:
			
 
				-  - "{{ etcd_cert_prefix }}server.crt"
			
 
				-  - "{{ etcd_cert_prefix }}peer.crt"
			
 
				-  - "{{ etcd_cert_prefix }}ca.crt"
			
 
				+  - "{{ etcd_cert_config_dir }}/{{ etcd_cert_prefix }}server.crt"
			
 
				+  - "{{ etcd_cert_config_dir }}/{{ etcd_cert_prefix }}peer.crt"
			
 
				+  - "{{ etcd_cert_config_dir }}/{{ etcd_cert_prefix }}ca.crt"
			
 
				+  - "{{ etcd_system_container_cert_config_dir }}/{{ etcd_cert_prefix }}server.crt"
			
 
				+  - "{{ etcd_system_container_cert_config_dir }}/{{ etcd_cert_prefix }}peer.crt"
			
 
				+  - "{{ etcd_system_container_cert_config_dir }}/{{ etcd_cert_prefix }}ca.crt"
			
 
				   register: g_etcd_server_cert_stat_result
			
 
				   when: not etcd_certificates_redeploy | default(false) | bool
			
 
				 
			
@@ -132,8 +135,11 @@
 
				 
			
 
				 - name: Ensure certificate directory exists
			
 
				   file:
			
 
				-    path: "{{ etcd_cert_config_dir }}"
			
 
				+    path: "{{ item }}"
			
 
				     state: directory
			
 
				+  with_items:
			
 
				+  - "{{ etcd_cert_config_dir }}"
			
 
				+  - "{{ etcd_system_container_cert_config_dir }}"
			
 
				   when: etcd_server_certs_missing | bool
			
 
				 
			
 
				 - name: Unarchive cert tarball
			
@@ -164,15 +170,28 @@
 
				 
			
 
				 - name: Ensure ca directory exists
			
 
				   file:
			
 
				-    path: "{{ etcd_ca_dir }}"
			
 
				+    path: "{{ item }}"
			
 
				     state: directory
			
 
				+  with_items:
			
 
				+  - "{{ etcd_ca_dir }}"
			
 
				+  - "{{ etcd_system_container_cert_config_dir }}/ca"
			
 
				   when: etcd_server_certs_missing | bool
			
 
				 
			
 
				-- name: Unarchive etcd ca cert tarballs
			
 
				+- name: Unarchive cert tarball for the system container
			
 
				+  unarchive:
			
 
				+    src: "{{ g_etcd_server_mktemp.stdout }}/{{ etcd_cert_subdir }}.tgz"
			
 
				+    dest: "{{ etcd_system_container_cert_config_dir }}"
			
 
				+  when:
			
 
				+  - etcd_server_certs_missing | bool
			
 
				+  - r_etcd_common_etcd_runtime == 'runc'
			
 
				+
			
 
				+- name: Unarchive etcd ca cert tarballs for the system container
			
 
				   unarchive:
			
 
				     src: "{{ g_etcd_server_mktemp.stdout }}/{{ etcd_ca_name }}.tgz"
			
 
				-    dest: "{{ etcd_ca_dir }}"
			
 
				-  when: etcd_server_certs_missing | bool
			
 
				+    dest: "{{ etcd_system_container_cert_config_dir }}/ca"
			
 
				+  when:
			
 
				+  - etcd_server_certs_missing | bool
			
 
				+  - r_etcd_common_etcd_runtime == 'runc'
			
 
				 
			
 
				 - name: Delete temporary directory
			
 
				   local_action: file path="{{ g_etcd_server_mktemp.stdout }}" state=absent
			
--- a/roles/openshift_etcd_facts/vars/main.yml
+++ b/roles/openshift_etcd_facts/vars/main.yml
@@ -6,5 +6,6 @@ etcd_ip: "{{ openshift.common.ip }}"
 
				 etcd_cert_subdir: "etcd-{{ openshift.common.hostname }}"
			
 
				 etcd_cert_prefix:
			
 
				 etcd_cert_config_dir: "/etc/etcd"
			
 
				+etcd_system_container_cert_config_dir: /var/lib/etcd/etcd.etcd/etc
			
 
				 etcd_peer_url_scheme: https
			
 
				 etcd_url_scheme: https