Openshift-ansible: redeploy_certificates does not update the web console ones

Description

I was replacing the master CA and certificates using the documentation here: https://docs.openshift.org/latest/install_config/redeploying_certificates.html

After running redeploy-openshift-ca.yml and redeploy-certificates.yml playbooks the various services were up and running except the webconsole.

Looking at the logs the master-api was failing to connect to the webconsole container due to non matching CA for the webconsole certificate and in the webconsole logs there was a bad certificate error.

After some investigation it turned out the webconsole secret was not updated and it still had the old certificate and service-signer ca.

Destroying the openshift-web-console project and re-runnig the openshift-webconsole/configure.yml playbook fixed the problem.

Version

• Your ansible version per ansible --version

ansible 2.5.0
  config file = None
  configured module search path = [u'xxx/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/local/Cellar/ansible/2.5.0/libexec/lib/python2.7/site-packages/ansible
  executable location = /usr/local/bin/ansible
  python version = 2.7.14 (default, Mar 22 2018, 15:00:11) [GCC 4.2.1 Compatible Apple LLVM 8.0.0 (clang-800.0.42.1)]

• The output of git describe

openshift-ansible-3.9.32-1-2-g2eb24fe

Steps To Reproduce

1. install OpenShift Origin with a custom openshift_master_ca_certificate
2. change the CA certificate
3. run redeploy-openshift-ca.yml and redeploy-certificates.yml
4. try to connect to the webconsole

Expected Results

Web console should work just fine.

Observed Results

Web console returns a 502. There are bad certificate/unknown CA messages in the origin-master-api service and webconsole container logs.

http: proxy error: x509: certificate signed by unknown authority

Additional Information

Provide any additional information which may help us diagnose the
issue.

• Your operating system and version, ie: RHEL 7.2, Fedora 23 ($ cat /etc/redhat-release)

CentOS Linux release 7.5.1804 (Core) 

• Your inventory file (especially any non-standard configuration parameters)

openshift_master_ca_certificate={'certfile': 'openshift-dev.crt', 'keyfile': 'openshift-dev.key'}
openshift_master_named_certificates=[{"certfile": "openshift-master-full.crt", "keyfile": "openshift-master.key", "cafile": "ca-chain.crt", "names": ["openshift-master.xxx", "openshift-master-1.us-east-1.xxx"]}]