parent: cc111ae5 | patch | commit | ignore whitespace
Jim Rigsbee
2019-08-16 915b28eaf23bd6beb9906315eb65dde967a4364b 
IdM installation fix and Longer delay for API cert application (#589)

* Fixed typo in ipa-cacert-manage command

* Fixes when running in production:
1) Increased wait time to 6m for Lets Encrypt certs
2) Had to upgrade the NSS package for idm server to install properly
2 files modified
15 ■■■■■ changed files
ansible/roles/idm-server/tasks/prep.yml 5 ●●●●● patch | view | raw | blame | history
ansible/roles/ocp4-workload-enable-lets-encrypt-certificates/tasks/workload.yml 10 ●●●● patch | view | raw | blame | history 
 ansible/roles/idm-server/tasks/prep.yml


@@ -5,6 +5,11 @@


    name: "{{ idm_rpms }}"


    state: installed




- name: Upgrade NSS package


  package:


    name: nss


    state: latest




# Cannot use a handler here


- name: Ensure firewalld is running


  service:




 ansible/roles/ocp4-workload-enable-lets-encrypt-certificates/tasks/workload.yml


@@ -73,7 +73,7 @@


    loop:


    - api-certs.j2


    - router-certs.j2


    




  - name: Read Certificate


    slurp:


      src: "$HOME/certificates/fullchain.pem"


@@ -107,15 +107,15 @@


        state: present


        definition: "{{ lookup('template', './templates/api-server.j2' ) | from_yaml }}"




    # Sleep 5 minutes per David Eads.


    # Sleep 6 minutes per David Eads.


    # It takes about 70 seconds per API Server to


    # restart with certificates (due to AWS


    # Load Balancer). Therefore sleep


    # 5 minutes to give the kube-apiserver


    # 6 minutes to give the kube-apiserver


    # cluster operator enough time to progress.


    - name: Wait 5m for all APIservers to be back up


    - name: Wait 6m for all APIservers to be back up


      pause:


        minutes: 5


        minutes: 6




    - name: Find all Kube Configs


      become: yes