Fix contiv api certificate generation (#3531)

2018-10-17 00:34:33 +02:00 · 2018-10-17 00:34:33 +02:00 · 4d2b6b71f2
commit 4d2b6b71f2
parent 7bec169d58
1 changed files with 13 additions and 4 deletions
--- a/roles/network_plugin/contiv/tasks/main.yml
+++ b/roles/network_plugin/contiv/tasks/main.yml
@ -97,16 +97,25 @@
  delegate_to: "{{ groups['kube-master'][0] }}"
  run_once: true

- name: Contiv | Generate contiv-api-proxy certificates
-  script: /var/contiv/generate-certificate.sh
-  args:
-    creates: /var/contiv/auth_proxy_key.pem
+- name: Contiv | Check for cert key existence
+  stat:
+    path: /var/contiv/auth_proxy_key.pem
+  register: contiv_certificate_key_state
  when:
    - contiv_enable_api_proxy
    - contiv_generate_certificate
  delegate_to: "{{ groups['kube-master'][0] }}"
  run_once: true

+- name: Contiv | Generate contiv-api-proxy certificates
+  command: /var/contiv/generate-certificate.sh
+  when:
+    - contiv_enable_api_proxy
+    - contiv_generate_certificate
+    - (not contiv_certificate_key_state.stat.exists)
+  delegate_to: "{{ groups['kube-master'][0] }}"
+  run_once: true
+
 - name: Contiv | Fetch the generated certificate
  fetch:
    src: "/var/contiv/{{ item }}"