Description of problem: -- - When users need to update cert, they want to make the impact minimal. - For example, when master.etcd-ca.crt has been expired, it seems we need to use redeploy-openshift-ca.yml. It means that all services including etcd, masters, nodes and docker have to be restarted. That's not good UX and cannot use for critical system. Version-Release number of selected component (if applicable): --- - 3.x How reproducible: --- - 100% Steps to Reproduce: --- 1. Update master.etcd-ca.crt by using redeploy-openshift-ca.yml. Actual results: --- - All service are restarted. Expected results: --- - Not all services are rebooted. - There are several options: a) playbook updates only master.etcd-ca.crt (or all of each certs). b) use current redeploy-openshift-ca.yml but restart operations can be conducted manually after the cert update.
*** This bug has been marked as a duplicate of bug 1451927 ***