From 7a3956173a9cab4063bc21d5bcef2d101d84ce12 Mon Sep 17 00:00:00 2001
From: Matthew Mosesohn <mmosesohn@mirantis.com>
Date: Fri, 3 Mar 2017 16:33:00 +0300
Subject: [PATCH] Disable vault role properly on ansible 2.2.0

when condition does not seem to work correctly at playbook
level for ansible 2.2.0.
---
 roles/kubernetes/secrets/tasks/main.yml | 7 +------
 roles/vault/tasks/main.yml              | 4 ++--
 2 files changed, 3 insertions(+), 8 deletions(-)

diff --git a/roles/kubernetes/secrets/tasks/main.yml b/roles/kubernetes/secrets/tasks/main.yml
index ab2cb76b2..6da147170 100644
--- a/roles/kubernetes/secrets/tasks/main.yml
+++ b/roles/kubernetes/secrets/tasks/main.yml
@@ -71,8 +71,7 @@
   delegate_to: "{{groups['kube-master'][0]}}"
   when: gen_tokens|default(false)
 
-- include: gen_certs_script.yml
-  when: cert_management == "script"
+- include: "gen_certs_{{ cert_management }}.yml"
   tags: k8s-secrets
 
 - include: sync_kube_master_certs.yml
@@ -83,9 +82,5 @@
   when: cert_management == "vault" and inventory_hostname in groups['k8s-cluster']
   tags: k8s-secrets
 
-- include: gen_certs_vault.yml
-  when: cert_management == "vault"
-  tags: k8s-secrets
-
 - include: gen_tokens.yml
   tags: k8s-secrets
diff --git a/roles/vault/tasks/main.yml b/roles/vault/tasks/main.yml
index f7414b74f..4aef875ce 100644
--- a/roles/vault/tasks/main.yml
+++ b/roles/vault/tasks/main.yml
@@ -12,8 +12,8 @@
 
 ## Bootstrap
 - include: bootstrap/main.yml
-  when: vault_bootstrap | d()
+  when: cert_management == 'vault' and vault_bootstrap | d()
 
 ## Cluster
 - include: cluster/main.yml
-  when: not vault_bootstrap | d()
+  when: cert_management == 'vault' and not vault_bootstrap | d()