Description of problem: customer is redeploying custom ca with parameters: openshift_additional_ca=<custom-root-ca>.pem openshift_master_ca_certificate={'certfile': '<custom-ca>.cer', 'keyfile': '<custom-ca>.key'} the playbook finishes correctly, however, the /etc/origin/master/ca.crt is still the same. # openssl x509 -in /etc/origin/master/ca.crt -text -noout Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: sha256WithRSAEncryption Issuer: CN=openshift-signer@1564141585 Validity Not Before: Jul 26 11:46:24 2019 GMT Not After : Jul 24 11:46:25 2024 GMT Subject: CN=openshift-signer@1564141585 Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: Version-Release number of the following components: rpm -q openshift-ansible rpm -q ansible ansible-playbook 2.6.16 will provide the rest How reproducible: n/a Steps to Reproduce: 1. 2. 3. Actual results: Please include the entire output from the last TASK line through the end of output if an error is generated Expected results: Additional info: Please attach logs from ansible-playbook with the -vvv flag
the version is openshift-ansible 3.11.98