From 852fc9c2aeda78c78993a82c95137e200f9de6d5 Mon Sep 17 00:00:00 2001 From: OpenShift Merge Robot Date: Oct 05 2020 20:42:44 +0000 Subject: Merge pull request #12248 from mtnbikenc/fix-1757081 Bug 1757081: playbooks/openshift-etcd: Ensure etcd CA is present on first etcd host --- diff --git a/playbooks/openshift-etcd/private/redeploy-certificates.yml b/playbooks/openshift-etcd/private/redeploy-certificates.yml index 778d7c7..74783d6 100644 --- a/playbooks/openshift-etcd/private/redeploy-certificates.yml +++ b/playbooks/openshift-etcd/private/redeploy-certificates.yml @@ -1,4 +1,12 @@ --- +- name: Ensure etcd CA is present on first etcd host + hosts: oo_first_etcd + any_errors_fatal: true + tasks: + - import_role: + name: etcd + tasks_from: verify_ca_certificates.yml + - import_playbook: certificates-backup.yml - import_playbook: certificates.yml diff --git a/roles/etcd/tasks/verify_ca_certificates.yml b/roles/etcd/tasks/verify_ca_certificates.yml new file mode 100644 index 0000000..914f35c --- /dev/null +++ b/roles/etcd/tasks/verify_ca_certificates.yml @@ -0,0 +1,26 @@ +--- + +- name: Determine if CA certificate directory exists + stat: + path: "{{ item }}" + get_checksum: false + get_attributes: false + get_mime: false + with_items: + - "{{ etcd_ca_dir }}/ca.crt" + - "{{ etcd_ca_dir }}/ca.key" + register: etcd_ca_dir_stat + +- name: Set fact etcd_ca_certs_missing + set_fact: + etcd_ca_certs_missing: "{{ False in (etcd_ca_dir_stat.results | default({}) + | lib_utils_oo_collect(attribute='stat.exists') + | list ) }}" + +- name: Fail during etcd certificate redeploy if CA certificate directory contents missing + fail: + msg: > + Required files are missing from {{ etcd_ca_dir }} on {{ etcd_ca_host }}. + Please run playbooks/openshift-etcd/redeploy-ca.yml to ensure the CA exists before + running redeploy-certificates.yml. + when: etcd_ca_certs_missing