Home Explore Help
Register Sign In
shixiong
/
okd
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Fix bug with service signer cert on upgrade.

It is invalid Ansible to use a when on an include that contains plays,
as it cannot be applied to plays. Issue filed upstream for a better
error, or to get it working.
Devan Goodwin 8 years ago
parent
de196a56ae
commit
9461cbf44d
2 changed files with 7 additions and 1 deletions
Split View Show Diff Stats
  1. 7 0
      playbooks/common/openshift-cluster/upgrades/create_service_signer_cert.yml
  2. 0 1
      playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml

+ 7 - 0
playbooks/common/openshift-cluster/upgrades/create_service_signer_cert.yml
View File 

@@ -9,6 +9,7 @@
 
     local_action: command mktemp -d /tmp/openshift-ansible-XXXXXXX
 
     register: local_cert_sync_tmpdir
 
     changed_when: false
 
+    when: not (hostvars[groups.oo_first_master.0].service_signer_cert_stat.stat.exists | bool)
 
 
 - name: Create service signer certificate
 
   hosts: oo_first_master
 
@@ -17,6 +18,7 @@
 
     command: mktemp -d /tmp/openshift-ansible-XXXXXXX
 
     register: remote_cert_create_tmpdir
 
     changed_when: false
 
+    when: not (hostvars[groups.oo_first_master.0].service_signer_cert_stat.stat.exists | bool)
 
 
   - name: Create service signer certificate
 
     command: >
 
@@ -27,6 +29,7 @@
 
       --serial=service-signer.serial.txt
 
     args:
 
       chdir: "{{ remote_cert_create_tmpdir.stdout }}/"
 
+    when: not (hostvars[groups.oo_first_master.0].service_signer_cert_stat.stat.exists | bool)
 
 
   - name: Retrieve service signer certificate
 
     fetch:
 
@@ -38,12 +41,14 @@
 
     with_items:
 
     - "service-signer.crt"
 
     - "service-signer.key"
 
+    when: not (hostvars[groups.oo_first_master.0].service_signer_cert_stat.stat.exists | bool)
 
 
   - name: Delete remote temp directory
 
     file:
 
       name: "{{ remote_cert_create_tmpdir.stdout }}"
 
       state: absent
 
     changed_when: false
 
+    when: not (hostvars[groups.oo_first_master.0].service_signer_cert_stat.stat.exists | bool)
 
 
 - name: Deploy service signer certificate
 
   hosts: oo_masters_to_config
 
@@ -55,6 +60,7 @@
 
     with_items:
 
     - "service-signer.crt"
 
     - "service-signer.key"
 
+    when: not (hostvars[groups.oo_first_master.0].service_signer_cert_stat.stat.exists | bool)
 
 
 - name: Delete local temp directory
 
   hosts: localhost
 
@@ -67,3 +73,4 @@
 
       name: "{{ local_cert_sync_tmpdir.stdout }}"
 
       state: absent
 
     changed_when: false
 
+    when: not (hostvars[groups.oo_first_master.0].service_signer_cert_stat.stat.exists | bool)

+ 0 - 1
playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml
View File 

@@ -111,7 +111,6 @@
 
 # Create service signer cert when missing. Service signer certificate
 
 # is added to master config in the master config hook for v3_3.
 
 - include: create_service_signer_cert.yml
 
-  when: not (hostvars[groups.oo_first_master.0].service_signer_cert_stat.stat.exists | bool)
 
 
 - name: Upgrade master config and systemd units
 
   hosts: oo_masters_to_config