diff --git a/collection/stages/roles/day2ops/tasks/procedures/rotate_app_creds.yml b/collection/stages/roles/day2ops/tasks/procedures/rotate_app_creds.yml index b07fcd88..65b10d7a 100644 --- a/collection/stages/roles/day2ops/tasks/procedures/rotate_app_creds.yml +++ b/collection/stages/roles/day2ops/tasks/procedures/rotate_app_creds.yml @@ -10,15 +10,24 @@ name: shiftstack.stages.prepare tasks_from: app_creds.yml -- name: Rotate OpenShift Cloud Credentials +- name: Create clouds.yaml copy with cloud renamed for OCP secret ansible.builtin.shell: | set -o pipefail && \ - cat {{ clouds_yaml_file_path }} | sed 's/{{ user_cloud }}:/openstack:/' | \ - oc set data -n kube-system secret/openstack-credentials clouds.yaml=- + cat {{ clouds_yaml_file_path }} | sed '/^---$/d' | sed 's/{{ user_cloud }}:/openstack:/' > /tmp/clouds_for_ocp.yaml + changed_when: false + +- name: Rotate OpenShift Cloud Credentials + ansible.builtin.shell: | + oc set data -n kube-system secret/openstack-credentials clouds.yaml="$(cat /tmp/clouds_for_ocp.yaml)" environment: KUBECONFIG: "{{ kubeconfig }}" changed_when: true +- name: Clean up temporary file + ansible.builtin.file: + path: /tmp/clouds_for_ocp.yaml + state: absent + - name: Get OpenStack Credentials from OCP cluster ansible.builtin.shell: | set -o pipefail && \ diff --git a/collection/stages/roles/install/tasks/install_config_generation/ipi_install_config.yml b/collection/stages/roles/install/tasks/install_config_generation/ipi_install_config.yml index 156aeee8..0eb66b3f 100644 --- a/collection/stages/roles/install/tasks/install_config_generation/ipi_install_config.yml +++ b/collection/stages/roles/install/tasks/install_config_generation/ipi_install_config.yml @@ -45,9 +45,9 @@ installcfg_api_vips: "{{ ocp_deployment_topology.primary_ip_protocol == 'ipv6' }}" installcfg_api_floating_ip: "{{ precreated_api_fip }}" installcfg_ingress_floating_ip: "{{ precreated_ingress_fip }}" - installcfg_machines_subnet: "{{ machines_subnet_id | default(omit) }}" + installcfg_machines_subnet: "{{ machines_subnet_id | default('') }}" installcfg_cluster_network: "{{ ocp_deployment_topology[ocp_deployment_topology.primary_ip_protocol].cluster_network }}" installcfg_service_network: "{{ ocp_deployment_topology[ocp_deployment_topology.primary_ip_protocol].service_network }}" installcfg_default_machine_platform: "{{ ocp_deployment_topology.defaultMachinePlatform | default({}) }}" installcfg_cluster_os_image_properties: "{{ ocp_deployment_topology.platform.openstack.clusterOSImageProperties | default({}) }}" - installcfg_additional_trust_bundle: "{{ _cacert_content.stdout_lines | default(omit) }}" + installcfg_additional_trust_bundle: "{{ _cacert_content.stdout_lines | default([]) }}" diff --git a/collection/stages/roles/install/templates/install-config-ipi.yaml.j2 b/collection/stages/roles/install/templates/install-config-ipi.yaml.j2 index b9dd21de..79c8c68b 100644 --- a/collection/stages/roles/install/templates/install-config-ipi.yaml.j2 +++ b/collection/stages/roles/install/templates/install-config-ipi.yaml.j2 @@ -45,7 +45,7 @@ platform: {{ key }}: {{ value }} {%- endfor +%} {%- endif +%} - {%- if installcfg_machines_subnet is defined +%} + {%- if installcfg_machines_subnet +%} machinesSubnet: {{ installcfg_machines_subnet }} {%- endif +%} {%- if installcfg_api_vips +%} @@ -64,7 +64,7 @@ platform: externalNetwork: "{{ installcfg_external_network }}" apiFloatingIP: "{{ installcfg_api_floating_ip }}" ingressFloatingIP: "{{ installcfg_ingress_floating_ip }}" - {%- if installcfg_machines_subnet is not defined +%} + {%- if not installcfg_machines_subnet +%} externalDNS: {{ installcfg_dns_servers }} {%- endif +%} {%- endif +%} @@ -72,7 +72,7 @@ pullSecret: | {{ ocp_pull_secret }} sshKey: | {{ ocp_public_key }} -{%- if installcfg_additional_trust_bundle is defined +%} +{%- if installcfg_additional_trust_bundle +%} additionalTrustBundle: | {% for line in installcfg_additional_trust_bundle %} {{ line }}