Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Custom router certificate is not copied even if it's specified #5160

Closed
aerialls opened this issue Aug 22, 2017 · 1 comment
Closed

Custom router certificate is not copied even if it's specified #5160

aerialls opened this issue Aug 22, 2017 · 1 comment

Comments

@aerialls
Copy link
Contributor

aerialls commented Aug 22, 2017
edited
Loading

Description

Hello,

I think #4693 broke the behavior when you have a custom certificate declared for the hosted router.

In my ansible configuration, I've the following configuration for my internal certificate.

openshift_hosted_router_certificate={"certfile": "/root/certificates/wildcard.foobar.com.crt", "keyfile": "/root/certificates/wildcard.foobar.com.key", "cafile": "/root/certificates/internal-ca.crt"}

In the execution, the copy task is skipped.

TASK [openshift_hosted : Get the certificate contents for router] ***************************************************************************************
skipping: [node01.foobar.com] => (item=/root/certificates/wildcard.foobar.com.key)
skipping: [node01.foobar.com] => (item=/root/certificates/wildcard.foobar.com.crt)
skipping: [node01.foobar.com] => (item=/root/certificates/internal-ca.crt)

After some digging in this repo, The PR #4693 changed the default value for openshift_hosted_router_create_certificate from false to true. After that, the condition for the Get the certificate contents for router is now

  when: not openshift_hosted_router_create_certificate | bool

https://github.com/openshift/openshift-ansible/blob/release-3.6/roles/openshift_hosted/tasks/router/router.yml#L49

The generate a default wildcard router certificate task is also skipped because the openshift_hosted_router_certificate is not empty so I don't have any certificate and the Create OpenShift router task failed after that.

I can manually set the openshift_hosted_router_create_certificate parameter to false but I found no reference to this parameter in the documentation or elsewhere.

IMO, files should be copied if the parameter openshift_hosted_router_certificate is not empty regardless of the value of the openshift_hosted_router_create_certificate?

Version

!# ansible --version
ansible 2.3.1.0

!# git describe
openshift-ansible-3.6.173.0.7-1-4-ga74df94
@aerialls aerialls changed the title Router certificate is not copied if it's specified Custom router certificate is not copied even if it's specified Aug 22, 2017
@aerialls
Copy link
Contributor Author

I tried to open a PR to fix this issue with my understanding. 😄

@aerialls aerialls mentioned this issue Aug 22, 2017
Merged
@aerialls aerialls closed this as completed Sep 7, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@aerialls