Description of problem:

customer is redeploying custom ca with parameters:

openshift_additional_ca=<custom-root-ca>.pem
openshift_master_ca_certificate={'certfile': '<custom-ca>.cer', 'keyfile': '<custom-ca>.key'}

the playbook finishes correctly, however, the /etc/origin/master/ca.crt is still the same.
# openssl x509 -in /etc/origin/master/ca.crt -text -noout

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=openshift-signer@1564141585
        Validity
            Not Before: Jul 26 11:46:24 2019 GMT
            Not After : Jul 24 11:46:25 2024 GMT
        Subject: CN=openshift-signer@1564141585
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:


Version-Release number of the following components:
rpm -q openshift-ansible
rpm -q ansible
ansible-playbook 2.6.16

will provide the rest

How reproducible:
n/a

Steps to Reproduce:
1.
2.
3.

Actual results:
Please include the entire output from the last TASK line through the end of output if an error is generated

Expected results:

Additional info:
Please attach logs from ansible-playbook with the -vvv flag