From 4d2b6b71f21dffcb737efacf945f9c723c2841ca Mon Sep 17 00:00:00 2001
From: Erwan Miran <mirwan@users.noreply.github.com>
Date: Wed, 17 Oct 2018 00:34:33 +0200
Subject: [PATCH] Fix contiv api certificate generation (#3531)

---
 roles/network_plugin/contiv/tasks/main.yml | 17 +++++++++++++----
 1 file changed, 13 insertions(+), 4 deletions(-)

diff --git a/roles/network_plugin/contiv/tasks/main.yml b/roles/network_plugin/contiv/tasks/main.yml
index d5231c3b6..b6163a22b 100644
--- a/roles/network_plugin/contiv/tasks/main.yml
+++ b/roles/network_plugin/contiv/tasks/main.yml
@@ -97,16 +97,25 @@
   delegate_to: "{{ groups['kube-master'][0] }}"
   run_once: true
 
-- name: Contiv | Generate contiv-api-proxy certificates
-  script: /var/contiv/generate-certificate.sh
-  args:
-    creates: /var/contiv/auth_proxy_key.pem
+- name: Contiv | Check for cert key existence
+  stat:
+    path: /var/contiv/auth_proxy_key.pem
+  register: contiv_certificate_key_state
   when:
     - contiv_enable_api_proxy
     - contiv_generate_certificate
   delegate_to: "{{ groups['kube-master'][0] }}"
   run_once: true
 
+- name: Contiv | Generate contiv-api-proxy certificates
+  command: /var/contiv/generate-certificate.sh
+  when:
+    - contiv_enable_api_proxy
+    - contiv_generate_certificate
+    - (not contiv_certificate_key_state.stat.exists)
+  delegate_to: "{{ groups['kube-master'][0] }}"
+  run_once: true
+
 - name: Contiv | Fetch the generated certificate
   fetch:
     src: "/var/contiv/{{ item }}"