Remove openshift_master_config_dir variable

We are hard-coding these paths now to /etc/origin/master.

roles/cockpit-ui/defaults/main.yml

@@ -1,3 +1,2 @@
 ---
 openshift_config_base: "/etc/origin"
-openshift_master_config_dir: "{{ openshift.common.config_base | default(openshift_config_base) }}/master"

roles/cockpit-ui/tasks/main.yml

@@ -7,7 +7,7 @@
   # not be run.
   - name: fetch the docker-registry route
     oc_route:
-      kubeconfig: "{{ openshift_master_config_dir }}/admin.kubeconfig"
+      kubeconfig: "/etc/origin/master/admin.kubeconfig"
       name: docker-registry
       namespace: default
       state: list
@@ -15,7 +15,7 @@
 
   - name: Create passthrough route for registry-console
     oc_route:
-      kubeconfig: "{{ openshift_master_config_dir }}/admin.kubeconfig"
+      kubeconfig: "/etc/origin/master/admin.kubeconfig"
       name: registry-console
       namespace: default
       service_name: registry-console
@@ -34,7 +34,7 @@
 
   - name: Copy the admin client config(s)
     command: >
-      cp {{ openshift_master_config_dir }}/admin.kubeconfig {{ openshift_hosted_kubeconfig }}
+      cp /etc/origin/master/admin.kubeconfig {{ openshift_hosted_kubeconfig }}
     changed_when: False
 
   - name: Deploy registry-console

roles/nuage_master/vars/main.yaml

@@ -1,14 +1,13 @@
 ---
-openshift_master_config_dir: "{{ openshift.common.config_base }}/master"
-openshift_master_ca_cert: "{{ openshift_master_config_dir }}/ca.crt"
-openshift_master_ca_key: "{{ openshift_master_config_dir }}/ca.key"
-openshift_master_ca_serial: "{{ openshift_master_config_dir }}/ca.serial.txt"
-ca_cert: "{{ openshift_master_config_dir }}/ca.crt"
+openshift_master_ca_cert: "/etc/origin/master/ca.crt"
+openshift_master_ca_key: "/etc/origin/master/ca.key"
+openshift_master_ca_serial: "/etc/origin/master/ca.serial.txt"
+ca_cert: "/etc/origin/master/ca.crt"
 admin_config: "{{ openshift.common.config_base }}/master/admin.kubeconfig"
 cert_output_dir: /usr/share/nuage-openshift-monitor
 kube_config: /usr/share/nuage-openshift-monitor/nuage.kubeconfig
 kubemon_yaml: /usr/share/nuage-openshift-monitor/nuage-openshift-monitor.yaml
-master_config_yaml: "{{ openshift_master_config_dir }}/master-config.yaml"
+master_config_yaml: "/etc/origin/master/master-config.yaml"
 nuage_mon_rest_server_url: "0.0.0.0:{{ nuage_mon_rest_server_port }}"
 nuage_mon_rest_server_logdir: "{{ nuage_openshift_monitor_log_dir | default('/var/log/nuage-openshift-monitor') }}"
 nuage_mon_log_level: "{{ nuage_openshift_monitor_log_level | default('3') }}"

roles/openshift_control_plane/defaults/main.yml

@@ -76,10 +76,9 @@ ha_svc_template_path: "native-cluster"
 
 openshift_docker_service_name: "{{ 'container-engine' if (openshift_docker_use_system_container | default(False) | bool) else 'docker' }}"
 
-openshift_master_loopback_config: "{{ openshift_master_config_dir }}/openshift-master.kubeconfig"
+openshift_master_loopback_config: "/etc/origin/master/openshift-master.kubeconfig"
 loopback_context_string: "current-context: {{ openshift.master.loopback_context_name }}"
-openshift_master_session_secrets_file: "{{ openshift_master_config_dir }}/session-secrets.yaml"
-openshift_master_policy: "{{ openshift_master_config_dir }}/policy.json"
+openshift_master_policy: "/etc/origin/master/policy.json"
 
 scheduler_config:
   kind: Policy
@@ -131,15 +130,9 @@ r_openshift_master_sdn_network_plugin_name: "{{ r_openshift_master_sdn_network_p
 openshift_master_image_config_latest_default: "{{ openshift_image_config_latest | default(False) }}"
 openshift_master_image_config_latest: "{{ openshift_master_image_config_latest_default }}"
 
-openshift_master_config_dir_default: "{{ openshift.common.config_base ~ '/master' if openshift is defined and 'common' in openshift else '/etc/origin/master' }}"
-openshift_master_config_dir: "{{ openshift_master_config_dir_default }}"
-
 openshift_master_csr_sa: node-bootstrapper
 openshift_master_csr_namespace: openshift-infra
 
-openshift_master_config_file: "{{ openshift_master_config_dir }}/master-config.yaml"
-openshift_master_scheduler_conf: "{{ openshift_master_config_dir }}/scheduler.json"
-
 l_osm_sess_auth_def: "{{ hostvars[groups.oo_first_master.0]['l_osm_session_auth_secrets'] }}"
 l_osm_session_auth_secrets: "{{ openshift_master_session_auth_secrets | default(l_osm_sess_auth_def) }}"
 

roles/openshift_control_plane/tasks/bootstrap.yml

@@ -12,4 +12,4 @@
 - name: put service account kubeconfig into a file on disk for bootstrap
   copy:
     content: "{{ kubeconfig_out.stdout }}"
-    dest: "{{ openshift_master_config_dir }}/bootstrap.kubeconfig"
+    dest: "/etc/origin/master/bootstrap.kubeconfig"

roles/openshift_control_plane/tasks/main.yml

@@ -26,7 +26,7 @@
 
 - name: Create config parent directory if it does not exist
   file:
-    path: "{{ openshift_master_config_dir }}"
+    path: "/etc/origin/master"
     state: directory
 
 - name: Create the policy file if it does not already exist
@@ -46,7 +46,7 @@
 
 - name: Create the ldap ca file if needed
   copy:
-    dest: "{{ item.ca if 'ca' in item and '/' in item.ca else openshift_master_config_dir ~ '/' ~ item.ca | default('ldap_ca.crt') }}"
+    dest: "{{ item.ca if 'ca' in item and '/' in item.ca else '/etc/origin/master/' ~ item.ca | default('ldap_ca.crt') }}"
     content: "{{ openshift.master.ldap_ca }}"
     mode: 0600
     backup: yes
@@ -57,7 +57,7 @@
 
 - name: Create the openid ca file if needed
   copy:
-    dest: "{{ item.ca if 'ca' in item and '/' in item.ca else openshift_master_config_dir ~ '/' ~ item.ca | default('openid_ca.crt') }}"
+    dest: "{{ item.ca if 'ca' in item and '/' in item.ca else '/etc/origin/master/' ~ item.ca | default('openid_ca.crt') }}"
     content: "{{ openshift.master.openid_ca }}"
     mode: 0600
     backup: yes
@@ -69,7 +69,7 @@
 
 - name: Create the request header ca file if needed
   copy:
-    dest: "{{ item.clientCA if 'clientCA' in item and '/' in item.clientCA else openshift_master_config_dir ~ '/' ~ item.clientCA | default('request_header_ca.crt') }}"
+    dest: "{{ item.clientCA if 'clientCA' in item and '/' in item.clientCA else '/etc/origin/master/' ~ item.clientCA | default('request_header_ca.crt') }}"
     content: "{{ openshift_master_request_header_ca }}"
     mode: 0600
     backup: yes

roles/openshift_control_plane/tasks/set_loopback_context.yml

@@ -8,7 +8,7 @@
 
 - command: >
     {{ openshift_client_binary }} config set-cluster
-    --certificate-authority={{ openshift_master_config_dir }}/ca.crt
+    --certificate-authority=/etc/origin/master/ca.crt
     --embed-certs=true --server={{ openshift.master.loopback_api_url }}
     {{ openshift.master.loopback_cluster_name }}
     --config={{ openshift_master_loopback_config }}

roles/openshift_control_plane/vars/main.yml

@@ -80,3 +80,7 @@ osm_older_priorities_no_zone:
     weight: 1
   - name: SelectorSpreadPriority
     weight: 1
+
+openshift_master_config_file: "/etc/origin/master/master-config.yaml"
+openshift_master_scheduler_conf: "/etc/origin/master/scheduler.json"
+openshift_master_session_secrets_file: "/etc/origin/master/session-secrets.yaml"

roles/openshift_hosted/defaults/main.yml

@@ -18,7 +18,6 @@ openshift_default_projects:
 openshift_additional_projects: {}
 
 openshift_config_base: "/etc/origin"
-openshift_master_config_dir: "{{ openshift.common.config_base | default(openshift_config_base) }}/master"
 openshift_cluster_domain: 'cluster.local'
 
 openshift_hosted_images_dict:

roles/openshift_hosted/tasks/router.yml

@@ -37,22 +37,22 @@
 - block:
   - name: generate a default wildcard router certificate
     oc_adm_ca_server_cert:
-      signer_cert: "{{ openshift_master_config_dir }}/ca.crt"
-      signer_key: "{{ openshift_master_config_dir }}/ca.key"
-      signer_serial: "{{ openshift_master_config_dir }}/ca.serial.txt"
+      signer_cert: "/etc/origin/master/ca.crt"
+      signer_key: "/etc/origin/master/ca.key"
+      signer_serial: "/etc/origin/master/ca.serial.txt"
       hostnames:
       - "{{ openshift_master_default_subdomain }}"
       - "*.{{ openshift_master_default_subdomain }}"
-      cert: "{{ openshift_master_config_dir ~ '/openshift-router.crt' }}"
-      key: "{{ openshift_master_config_dir ~ '/openshift-router.key' }}"
+      cert: "/etc/origin/master/openshift-router.crt"
+      key: "/etc/origin/master/openshift-router.key"
     with_items: "{{ openshift_hosted_routers }}"
 
   - name: set the openshift_hosted_router_certificate
     set_fact:
       openshift_hosted_router_certificate:
-        certfile: "{{ openshift_master_config_dir ~ '/openshift-router.crt' }}"
-        keyfile: "{{ openshift_master_config_dir ~ '/openshift-router.key' }}"
-        cafile: "{{ openshift_master_config_dir ~ '/ca.crt' }}"
+        certfile: "/etc/origin/master/openshift-router.crt"
+        keyfile: "/etc/origin/master/openshift-router.key"
+        cafile: "/etc/origin/master/ca.crt"
   when:
   - openshift_hosted_router_create_certificate | bool
   - openshift_hosted_router_certificate == {}

roles/openshift_hosted/tasks/secure.yml

@@ -23,9 +23,9 @@
 
 - name: Generate self-signed docker-registry certificates
   oc_adm_ca_server_cert:
-    signer_cert: "{{ openshift_master_config_dir }}/ca.crt"
-    signer_key: "{{ openshift_master_config_dir }}/ca.key"
-    signer_serial: "{{ openshift_master_config_dir }}/ca.serial.txt"
+    signer_cert: "/etc/origin/master/ca.crt"
+    signer_key: "/etc/origin/master/ca.key"
+    signer_serial: "/etc/origin/master/ca.serial.txt"
     hostnames:
     - "{{ docker_registry_service.results.clusterip }}"
     - "{{ docker_registry_route.results[0].spec.host }}"
@@ -53,11 +53,11 @@
   - name: Generate certificate bundle
     copy:
       content: "{{ certificate_files.results | map(attribute='content') | map('b64decode') | join('') }}"
-      dest: "{{ openshift_master_config_dir }}/named_certificates/docker-registry.pem"
+      dest: "/etc/origin/master/named_certificates/docker-registry.pem"
 
   - name: Reset the certificate path to use the bundle
     set_fact:
-      docker_registry_cert_path: "{{ openshift_master_config_dir }}/named_certificates/docker-registry.pem"
+      docker_registry_cert_path: "/etc/origin/master/named_certificates/docker-registry.pem"
 
 - name: Create the secret for the registry certificates
   oc_secret:

roles/openshift_hosted/tasks/secure/passthrough.yml

@@ -2,9 +2,9 @@
 # Generate a self-signed certificate when there is no user-supplied certificate
 - name: Configure self-signed certificate file paths
   set_fact:
-    docker_registry_cert_path: "{{ openshift_master_config_dir }}/registry.crt"
-    docker_registry_key_path: "{{ openshift_master_config_dir }}/registry.key"
-    docker_registry_cacert_path: "{{ openshift_master_config_dir }}/ca.crt"
+    docker_registry_cert_path: "/etc/origin/master/registry.crt"
+    docker_registry_key_path: "/etc/origin/master/registry.key"
+    docker_registry_cacert_path: "/etc/origin/master/ca.crt"
     docker_registry_self_signed: true
   when:
   - "'certfile' not in openshift_hosted_registry_routecertificates"
@@ -17,21 +17,21 @@
   block:
   - name: Configure provided certificate file paths
     set_fact:
-      docker_registry_cert_path: "{{ openshift_master_config_dir }}/named_certificates/{{ openshift_hosted_registry_routecertificates['certfile'] | basename }}"
-      docker_registry_key_path: "{{ openshift_master_config_dir }}/named_certificates/{{ openshift_hosted_registry_routecertificates['keyfile'] | basename }}"
+      docker_registry_cert_path: "/etc/origin/master/named_certificates/{{ openshift_hosted_registry_routecertificates['certfile'] | basename }}"
+      docker_registry_key_path: "/etc/origin/master/named_certificates/{{ openshift_hosted_registry_routecertificates['keyfile'] | basename }}"
       docker_registry_self_signed: false
 
   # Since we end up bundling the cert, cacert and key in a .pem file, the 'cafile'
   # is optional
   - name: Configure provided ca certificate file path
     set_fact:
-      docker_registry_cacert_path: "{{ openshift_master_config_dir }}/named_certificates/{{ openshift_hosted_registry_routecertificates['cafile'] | basename }}"
+      docker_registry_cacert_path: "/etc/origin/master/named_certificates/{{ openshift_hosted_registry_routecertificates['cafile'] | basename }}"
     when: "'cafile' in openshift_hosted_registry_routecertificates"
 
   - name: Retrieve provided certificate files
     copy:
       backup: True
-      dest: "{{ openshift_master_config_dir }}/named_certificates/{{ item.value | basename }}"
+      dest: "/etc/origin/master/named_certificates/{{ item.value | basename }}"
       src: "{{ item.value }}"
     when: item.key in ['certfile', 'keyfile', 'cafile'] and item.value
     with_dict: "{{ openshift_hosted_registry_routecertificates }}"

roles/openshift_hosted/tasks/secure/reencrypt.yml

@@ -10,15 +10,15 @@
 
 - name: Configure self-signed certificate file paths
   set_fact:
-    docker_registry_cert_path: "{{ openshift_master_config_dir }}/registry.crt"
-    docker_registry_key_path: "{{ openshift_master_config_dir }}/registry.key"
-    docker_registry_cacert_path: "{{ openshift_master_config_dir }}/ca.crt"
+    docker_registry_cert_path: "/etc/origin/master/registry.crt"
+    docker_registry_key_path: "/etc/origin/master/registry.key"
+    docker_registry_cacert_path: "/etc/origin/master/ca.crt"
     docker_registry_self_signed: true
 
 - name: Retrieve provided certificate files
   copy:
     backup: True
-    dest: "{{ openshift_master_config_dir }}/named_certificates/{{ item.value | basename }}"
+    dest: "/etc/origin/master/named_certificates/{{ item.value | basename }}"
     src: "{{ item.value }}"
   when: item.key in ['certfile', 'keyfile', 'cafile'] and item.value
   with_dict: "{{ openshift_hosted_registry_routecertificates }}"
@@ -32,7 +32,7 @@
     service_name: docker-registry
     tls_termination: "{{ openshift_hosted_registry_routetermination }}"
     host: "{{ openshift_hosted_registry_routehost | default(omit, true) }}"
-    cert_path: "{{ openshift_master_config_dir }}/named_certificates/{{ openshift_hosted_registry_routecertificates['certfile'] | basename }}"
-    key_path: "{{ openshift_master_config_dir }}/named_certificates/{{ openshift_hosted_registry_routecertificates['keyfile'] | basename }}"
-    cacert_path: "{{ openshift_master_config_dir }}/named_certificates/{{ openshift_hosted_registry_routecertificates['cafile'] | basename }}"
-    dest_cacert_path: "{{ openshift_master_config_dir }}/ca.crt"
+    cert_path: "/etc/origin/master/named_certificates/{{ openshift_hosted_registry_routecertificates['certfile'] | basename }}"
+    key_path: "/etc/origin/master/named_certificates/{{ openshift_hosted_registry_routecertificates['keyfile'] | basename }}"
+    cacert_path: "/etc/origin/master/named_certificates/{{ openshift_hosted_registry_routecertificates['cafile'] | basename }}"
+    dest_cacert_path: "/etc/origin/master/ca.crt"

roles/openshift_hosted/tasks/wait_for_pod.yml

@@ -5,7 +5,7 @@
     command: |
       {{ openshift_client_binary }} rollout status deploymentconfig {{ item.name }} \
                         --namespace {{ item.namespace | default('default') }} \
-                        --config {{ openshift_master_config_dir }}/admin.kubeconfig
+                        --config /etc/origin/master/admin.kubeconfig
     async: 600
     poll: 5
     with_items: "{{ l_openshift_hosted_wfp_items }}"
@@ -15,7 +15,7 @@
     command: |
       {{ openshift_client_binary }} get deploymentconfig {{ item.name }} \
              --namespace {{ item.namespace }} \
-             --config {{ openshift_master_config_dir }}/admin.kubeconfig \
+             --config /etc/origin/master/admin.kubeconfig \
              -o jsonpath='{ .status.latestVersion }'
     register: l_openshift_hosted_wfp_latest_version
     with_items: "{{ l_openshift_hosted_wfp_items }}"
@@ -24,7 +24,7 @@
     command: |
       {{ openshift_client_binary }} get replicationcontroller {{ item.0.name }}-{{ item.1.stdout }} \
              --namespace {{ item.0.namespace }} \
-             --config {{ openshift_master_config_dir }}/admin.kubeconfig \
+             --config /etc/origin/master/admin.kubeconfig \
              -o jsonpath='{ .metadata.annotations.openshift\.io/deployment\.phase }'
     register: openshift_hosted_wfp_rc_phase
     until: "'Complete' in openshift_hosted_wfp_rc_phase.stdout"

roles/openshift_logging/vars/main.yaml

@@ -1,5 +1,4 @@
 ---
-openshift_master_config_dir: "{{ openshift.common.config_base }}/master"
 es_node_quorum: "{{ (openshift_logging_es_cluster_size | int/2 | round(0,'floor') + 1) | int}}"
 es_recover_expected_nodes: "{{openshift_logging_es_cluster_size | int}}"
 es_ops_node_quorum: "{{ (openshift_logging_es_ops_cluster_size | int/2 | round(0,'floor') + 1) | int}}"

roles/openshift_logging_elasticsearch/vars/main.yml

@@ -8,7 +8,6 @@ __es_local_curl: "curl -s --cacert /etc/elasticsearch/secret/admin-ca --cert /et
 __elasticsearch_ready_retries: "{{ openshift_logging_elasticsearch_poll_timeout_minutes | default(20) | int * 2 }}"
 
 # TODO: integrate these
-openshift_master_config_dir: "{{ openshift.common.config_base }}/master"
 es_node_quorum: "{{ openshift_logging_elasticsearch_replica_count | int/2 + 1 }}"
 es_min_masters_default: "{{ (openshift_logging_elasticsearch_replica_count | int / 2 | round(0,'floor') + 1) | int }}"
 es_min_masters: "{{ (openshift_logging_elasticsearch_replica_count == 1) | ternary(1, es_min_masters_default) }}"

roles/openshift_master_certificates/README.md

@@ -22,7 +22,6 @@ From this role:
 | openshift_generated_configs_dir       | `{{ openshift.common.config_base }}/generated-configs`                    | Directory in which per-master generated config directories will be created on the `openshift_ca_host`.                        |
 | openshift_master_cert_subdir          | `master-{{ openshift.common.hostname }}`                                  | Directory within `openshift_generated_configs_dir` where per-master configurations will be placed on the `openshift_ca_host`. |
 | openshift_master_cert_expire_days     | `730` (2 years)                                                           | Validity of the certificates in days. Works only with OpenShift version 1.5 (3.5) and later.                                  |
-| openshift_master_config_dir           | `{{ openshift.common.config_base }}/master`                               | Master configuration directory in which certificates will be deployed on masters.                                             |
 | openshift_master_generated_config_dir | `{{ openshift_generated_configs_dir }}/{{ openshift_master_cert_subdir }` | Full path to the per-master generated config directory.                                                                       |
 
 Dependencies

roles/openshift_master_certificates/tasks/main.yml

@@ -1,7 +1,7 @@
 ---
 - name: Check status of master certificates
   stat:
-    path: "{{ openshift_master_config_dir }}/{{ item }}"
+    path: "/etc/origin/master/{{ item }}"
   with_items:
   - admin.crt
   - ca.crt
@@ -32,7 +32,7 @@
   delegate_to: "{{ openshift_ca_host }}"
 
 - find:
-    paths: "{{ openshift_master_config_dir }}/legacy-ca/"
+    paths: "/etc/origin/master/legacy-ca/"
     patterns: ".*-ca.crt"
     use_regex: true
   register: g_master_legacy_ca_result
@@ -89,7 +89,7 @@
   run_once: true
 
 - file:
-    src: "{{ openshift_master_config_dir }}/{{ item }}"
+    src: "/etc/origin/master/{{ item }}"
     dest: "{{ openshift_master_generated_config_dir }}/{{ item }}"
     state: hard
     force: true
@@ -142,14 +142,14 @@
 
 - name: Ensure certificate directory exists
   file:
-    path: "{{ openshift_master_config_dir }}"
+    path: "/etc/origin/master"
     state: directory
   when: master_certs_missing | bool and inventory_hostname != openshift_ca_host
 
 - name: Unarchive the tarball on the master
   unarchive:
     src: "{{ g_master_certs_mktemp.stdout }}/{{ openshift_master_cert_subdir }}.tgz"
-    dest: "{{ openshift_master_config_dir }}"
+    dest: "/etc/origin/master"
   when: master_certs_missing | bool and inventory_hostname != openshift_ca_host
 
 - name: Delete local temp directory
@@ -178,7 +178,7 @@
 # the dest file, will need to make sure to ignore things that could be added
 - name: Copy the admin client config(s)
   copy:
-    src: "{{ openshift_master_config_dir }}/admin.kubeconfig"
+    src: "/etc/origin/master/admin.kubeconfig"
     dest: "~{{ item }}/.kube/config"
     remote_src: yes
     force: "{{ openshift_certificates_redeploy | default(false) }}"

roles/openshift_master_certificates/vars/main.yml

@@ -1,5 +1,4 @@
 ---
 openshift_generated_configs_dir: "{{ openshift.common.config_base }}/generated-configs"
 openshift_master_cert_subdir: "master-{{ openshift.common.hostname }}"
-openshift_master_config_dir: "{{ openshift.common.config_base }}/master"
 openshift_master_generated_config_dir: "{{ openshift_generated_configs_dir }}/{{ openshift_master_cert_subdir }}"

roles/openshift_master_facts/vars/main.yml

@@ -1,4 +1,3 @@
 ---
-openshift_master_config_dir: "{{ openshift.common.config_base }}/master"
-openshift_master_config_file: "{{ openshift_master_config_dir }}/master-config.yaml"
-openshift_master_scheduler_conf: "{{ openshift_master_config_dir }}/scheduler.json"
+openshift_master_config_file: "/etc/origin/master/master-config.yaml"
+openshift_master_scheduler_conf: "/etc/origin/master/scheduler.json"

roles/openshift_persistent_volumes/tasks/main.yml

@@ -6,7 +6,7 @@
 
 - name: Copy the admin client config(s)
   command: >
-    cp {{ openshift_master_config_dir }}/admin.kubeconfig {{ mktemp.stdout }}/admin.kubeconfig
+    cp /etc/origin/master/admin.kubeconfig {{ mktemp.stdout }}/admin.kubeconfig
   changed_when: False
 
 - set_fact:

roles/openshift_persistent_volumes/vars/main.yml

@@ -1,2 +1 @@
 ---
-openshift_master_config_dir: "{{ openshift.common.config_base }}/master"

roles/template_service_broker/defaults/main.yml

@@ -21,5 +21,3 @@ l_tsb_image_dict:
 template_service_broker_prefix: "{{ l_tsb_image_dict[openshift_deployment_type]['prefix'] }}"
 template_service_broker_version: "{{ l_tsb_image_dict[openshift_deployment_type]['version'] }}"
 template_service_broker_image_name: "{{ l_tsb_image_dict[openshift_deployment_type]['image_name'] }}"
-
-openshift_master_config_dir: "{{ openshift.common.config_base }}/master"

roles/template_service_broker/tasks/deploy.yml

@@ -63,7 +63,7 @@
   changed_when: false
 
 - slurp:
-    src: "{{ openshift_master_config_dir }}/service-signer.crt"
+    src: "/etc/origin/master/service-signer.crt"
   register: __ca_bundle
 
 # Register with broker