7 years ago · 775128cc52
--- a/playbooks/byo/openshift-cluster/redeploy-certificates.yml
+++ b/playbooks/byo/openshift-cluster/redeploy-certificates.yml
@@ -7,6 +7,10 @@
 
				   tags:
			
 
				   - always
			
 
				 
			
 
				+- include: ../../common/openshift-cluster/redeploy-certificates/check-expiry.yml
			
 
				+  vars:
			
 
				+    g_check_expiry_hosts: 'oo_etcd_to_config'
			
 
				+
			
 
				 - include: ../../common/openshift-cluster/redeploy-certificates/etcd.yml
			
 
				 
			
 
				 - include: ../../common/openshift-cluster/redeploy-certificates/masters.yml
			
@@ -14,6 +18,8 @@
 
				 - include: ../../common/openshift-cluster/redeploy-certificates/nodes.yml
			
 
				 
			
 
				 - include: ../../common/openshift-etcd/restart.yml
			
 
				+  vars:
			
 
				+    g_etcd_certificates_expired: "{{ ('expired' in (hostvars | oo_select_keys(groups['etcd']) | oo_collect('check_results.check_results.etcd') | oo_collect('health'))) | bool }}"
			
 
				 
			
 
				 - include: ../../common/openshift-master/restart.yml
			
 
				 
			
--- a/playbooks/byo/openshift-cluster/redeploy-etcd-certificates.yml
+++ b/playbooks/byo/openshift-cluster/redeploy-etcd-certificates.yml
@@ -7,8 +7,14 @@
 
				   tags:
			
 
				   - always
			
 
				 
			
 
				+- include: ../../common/openshift-cluster/redeploy-certificates/check-expiry.yml
			
 
				+  vars:
			
 
				+    g_check_expiry_hosts: 'oo_etcd_to_config'
			
 
				+
			
 
				 - include: ../../common/openshift-cluster/redeploy-certificates/etcd.yml
			
 
				 
			
 
				 - include: ../../common/openshift-etcd/restart.yml
			
 
				+  vars:
			
 
				+    g_etcd_certificates_expired: "{{ ('expired' in (hostvars | oo_select_keys(groups['etcd']) | oo_collect('check_results.check_results.etcd') | oo_collect('health'))) | bool }}"
			
 
				 
			
 
				 - include: ../../common/openshift-master/restart.yml
			
--- a/playbooks/common/openshift-cluster/redeploy-certificates/check-expiry.yml
+++ b/playbooks/common/openshift-cluster/redeploy-certificates/check-expiry.yml
@@ -0,0 +1,12 @@
 
				+---
			
 
				+- name: Check cert expirys
			
 
				+  hosts: "{{ g_check_expiry_hosts }}"
			
 
				+  vars:
			
 
				+    openshift_certificate_expiry_show_all: yes
			
 
				+  roles:
			
 
				+  # Sets 'check_results' per host which contains health status for
			
 
				+  # etcd, master and node certificates.  We will use 'check_results'
			
 
				+  # to determine if any certificates were expired prior to running
			
 
				+  # this playbook. Service restarts will be skipped if any
			
 
				+  # certificates were previously expired.
			
 
				+  - role: openshift_certificate_expiry
			
--- a/playbooks/common/openshift-etcd/restart.yml
+++ b/playbooks/common/openshift-etcd/restart.yml
@@ -7,3 +7,21 @@
 
				       service:
			
 
				         name: "{{ 'etcd_container' if openshift.common.etcd_runtime == 'docker' else 'etcd' }}"
			
 
				         state: restarted
			
 
				+      when:
			
 
				+        - not g_etcd_certificates_expired | default(false) | bool
			
 
				+
			
 
				+- name: Restart etcd
			
 
				+  hosts: oo_etcd_to_config
			
 
				+  tasks:
			
 
				+    - name: stop etcd
			
 
				+      service:
			
 
				+        name: "{{ 'etcd_container' if openshift.common.etcd_runtime == 'docker' else 'etcd' }}"
			
 
				+        state: stopped
			
 
				+      when:
			
 
				+        - g_etcd_certificates_expired | default(false) | bool
			
 
				+    - name: start etcd
			
 
				+      service:
			
 
				+        name: "{{ 'etcd_container' if openshift.common.etcd_runtime == 'docker' else 'etcd' }}"
			
 
				+        state: started
			
 
				+      when:
			
 
				+        - g_etcd_certificates_expired | default(false) | bool