|
|
@@ -11,69 +11,34 @@
|
|
|
- name: set_fact replicas
|
|
|
set_fact:
|
|
|
replicas: "{{ openshift.hosted.router.replicas|default(None) | get_router_replicas(router_nodes) }}"
|
|
|
+ openshift_hosted_router_selector: "{{ openshift.hosted.router.selector | default(None) }}"
|
|
|
+ openshift_hosted_router_image: "{{ openshift.hosted.router.registryurl }}"
|
|
|
|
|
|
-- block:
|
|
|
-
|
|
|
- - name: Assert that 'certfile', 'keyfile' and 'cafile' keys provided in openshift_hosted_router_certificate
|
|
|
- assert:
|
|
|
- that:
|
|
|
- - "'certfile' in openshift_hosted_router_certificate"
|
|
|
- - "'keyfile' in openshift_hosted_router_certificate"
|
|
|
- - "'cafile' in openshift_hosted_router_certificate"
|
|
|
- msg: "'certfile', 'keyfile' and 'cafile' keys must be specified when supplying the openshift_hosted_router_certificate variable."
|
|
|
-
|
|
|
- - name: Read router certificate and key
|
|
|
- become: no
|
|
|
- local_action:
|
|
|
- module: slurp
|
|
|
- src: "{{ item }}"
|
|
|
- register: openshift_router_certificate_output
|
|
|
- # Defaulting dictionary keys to none to avoid deprecation warnings
|
|
|
- # (future fatal errors) during template evaluation. Dictionary keys
|
|
|
- # won't be accessed unless openshift_hosted_router_certificate is
|
|
|
- # defined and has all keys (certfile, keyfile, cafile) which we
|
|
|
- # check above.
|
|
|
- with_items:
|
|
|
- - "{{ (openshift_hosted_router_certificate | default({'certfile':none})).certfile }}"
|
|
|
- - "{{ (openshift_hosted_router_certificate | default({'keyfile':none})).keyfile }}"
|
|
|
- - "{{ (openshift_hosted_router_certificate | default({'cafile':none})).cafile }}"
|
|
|
-
|
|
|
- - name: Persist certificate contents
|
|
|
- openshift_facts:
|
|
|
- role: hosted
|
|
|
- openshift_env:
|
|
|
- openshift_hosted_router_certificate_contents: "{% for certificate in openshift_router_certificate_output.results -%}{{ certificate.content | b64decode }}{% endfor -%}"
|
|
|
-
|
|
|
- - name: Create PEM certificate
|
|
|
- copy:
|
|
|
- content: "{{ openshift.hosted.router.certificate.contents }}"
|
|
|
- dest: "{{ openshift_master_config_dir }}/openshift-router.pem"
|
|
|
- mode: 0600
|
|
|
-
|
|
|
- when: openshift_hosted_router_certificate is defined
|
|
|
+- name: Get the certificate contents for router
|
|
|
+ copy:
|
|
|
+ backup: True
|
|
|
+ dest: "/etc/origin/master/{{ item | basename }}"
|
|
|
+ src: "{{ item }}"
|
|
|
+ with_items: "{{ openshift_hosted_routers | oo_collect(attribute='certificates') |
|
|
|
+ oo_select_keys_from_list(['keyfile', 'certfile', 'cafile']) }}"
|
|
|
|
|
|
- name: Create OpenShift router
|
|
|
oc_adm_router:
|
|
|
- name: "{{ openshift.hosted.router.name | default('router') }}"
|
|
|
- replicas: "{{ replicas }}"
|
|
|
- namespace: "{{ openshift.hosted.router.namespace | default('default') }}"
|
|
|
+ name: "{{ item.name }}"
|
|
|
+ replicas: "{{ item.replicas }}"
|
|
|
+ namespace: "{{ item.namespace | default('default') }}"
|
|
|
# This option is not yet implemented
|
|
|
# force_subdomain: "{{ openshift.hosted.router.force_subdomain | default(none) }}"
|
|
|
- service_account: router
|
|
|
- selector: "{{ openshift.hosted.router.selector | default(none) }}"
|
|
|
- images: "{{ openshift.hosted.router.registryurl | default(none) }}"
|
|
|
- default_cert: "{{ openshift_hosted_router_certificate is defined | default(false) | ternary(openshift_master_config_dir + '/openshift-router.pem', omit) }}"
|
|
|
- # These edits are being specified only to prevent 'changed' on rerun
|
|
|
- edits:
|
|
|
- - key: spec.strategy.rollingParams.intervalSeconds
|
|
|
- value: 1
|
|
|
- action: put
|
|
|
- - key: spec.strategy.rollingParams.updatePeriodSeconds
|
|
|
- value: 1
|
|
|
- action: put
|
|
|
- - key: spec.strategy.activeDeadlineSeconds
|
|
|
- value: 21600
|
|
|
- action: put
|
|
|
+ service_account: "{{ item.serviceaccount | default('router') }}"
|
|
|
+ selector: "{{ item.selector | default(none) }}"
|
|
|
+ images: "{{ item.images | default(omit) }}"
|
|
|
+ cert_file: "{{ ('/etc/origin/master/' ~ (item.certificates.certfile | basename)) if 'certfile' in item.certificates else omit }}"
|
|
|
+ key_file: "{{ ('/etc/origin/master/' ~ (item.certificates.keyfile | basename)) if 'keyfile' in item.certificates else omit }}"
|
|
|
+ cacert_file: "{{ ('/etc/origin/master/' ~ (item.certificates.cafile | basename)) if 'cafile' in item.certificates else omit }}"
|
|
|
+ edits: "{{ openshift_hosted_router_edits | union(item.edits) }}"
|
|
|
+ ports: "{{ item.ports }}"
|
|
|
+ stats_port: "{{ item.stats_port }}"
|
|
|
+ with_items: "{{ openshift_hosted_routers }}"
|
|
|
register: routerout
|
|
|
|
|
|
# This should probably move to module
|
|
|
@@ -85,7 +50,7 @@
|
|
|
- name: Ensure router replica count matches desired
|
|
|
oc_scale:
|
|
|
kind: dc
|
|
|
- name: "{{ openshift.hosted.router.name | default('router') }}"
|
|
|
- namespace: "{{ openshift.hosted.router.namespace | default('default') }}"
|
|
|
- replicas: "{{ replicas }}"
|
|
|
- when: replicas | int > 0
|
|
|
+ name: "{{ item.name | default('router') }}"
|
|
|
+ namespace: "{{ item.namespace | default('default') }}"
|
|
|
+ replicas: "{{ item.replicas }}"
|
|
|
+ with_items: "{{ openshift_hosted_routers }}"
|
Scott Dodson