C12s/c12s-kubespray
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Update openssl.conf to count better and work with Jinja 2.9

Browse source
This commit is contained in:
woopstar 2018-03-28 17:42:12 +02:00 committed by Andreas Kruger
parent 03117d9572
commit 0df32b03ca
2 changed files with 36 additions and 29 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

21
roles/etcd/templates/openssl.conf.j2
View file

@ -1,4 +1,4 @@
[req] {% set counter = {'dns': 2,'ip': 1,} %}{% macro increment(dct, key, inc=1)%}{% if dct.update({key: dct[key] + inc}) %} {% endif %}{% endmacro %}[req]
req_extensions = v3_req req_extensions = v3_req
distinguished_name = req_distinguished_name distinguished_name = req_distinguished_name
@ -25,19 +25,18 @@ authorityKeyIdentifier=keyid:always,issuer
[alt_names] [alt_names]
DNS.1 = localhost DNS.1 = localhost
{% for host in groups['etcd'] %} {% for host in groups['etcd'] %}
DNS.{{ 1 + loop.index }} = {{ host }} DNS.{{ counter["dns"] }} = {{ host }}{{ increment(counter, 'dns') }}
{% endfor %} {% endfor %}
{% if loadbalancer_apiserver is defined %} {% if apiserver_loadbalancer_domain_name is defined %}
{% set idx = groups['etcd'] | length | int + 2 %} DNS.{{ counter["dns"] }} = {{ apiserver_loadbalancer_domain_name }}{{ increment(counter, 'dns') }}
DNS.{{ idx | string }} = {{ apiserver_loadbalancer_domain_name }}
{% endif %} {% endif %}
{% set idx = groups['etcd'] | length | int + 3 %}
{% for etcd_alt_name in etcd_cert_alt_names %} {% for etcd_alt_name in etcd_cert_alt_names %}
DNS.{{ idx + 1 + loop.index }} = {{ etcd_alt_name }} DNS.{{ counter["dns"] }} = {{ etcd_alt_name }}{{ increment(counter, 'dns') }}
{% endfor %} {% endfor %}
{% for host in groups['etcd'] %} {% for host in groups['etcd'] %}
IP.{{ 2 * loop.index - 1 }} = {{ hostvars[host]['access_ip'] | default(hostvars[host]['ansible_default_ipv4']['address']) }} {% if hostvars[host]['access_ip'] is defined %}
IP.{{ 2 * loop.index }} = {{ hostvars[host]['ip'] | default(hostvars[host]['ansible_default_ipv4']['address']) }} IP.{{ counter["ip"] }} = {{ hostvars[host]['access_ip'] }}{{ increment(counter, 'ip') }}
{% endif %}
IP.{{ counter["ip"] }} = {{ hostvars[host]['ip'] | default(hostvars[host]['ansible_default_ipv4']['address']) }}{{ increment(counter, 'ip') }}
{% endfor %} {% endfor %}
{% set idx = groups['etcd'] | length | int * 2 + 1 %} IP.{{ counter["ip"] }} = 127.0.0.1
IP.{{ idx }} = 127.0.0.1

44
roles/kubernetes/secrets/templates/openssl.conf.j2
View file

@ -1,4 +1,4 @@
[req] {% set counter = {'dns': 6,'ip': 1,} %}{% macro increment(dct, key, inc=1)%}{% if dct.update({key: dct[key] + inc}) %} {% endif %}{% endmacro %}[req]
req_extensions = v3_req req_extensions = v3_req
distinguished_name = req_distinguished_name distinguished_name = req_distinguished_name
[req_distinguished_name] [req_distinguished_name]
@ -13,31 +13,39 @@ DNS.3 = kubernetes.default.svc
DNS.4 = kubernetes.default.svc.{{ dns_domain }} DNS.4 = kubernetes.default.svc.{{ dns_domain }}
DNS.5 = localhost DNS.5 = localhost
{% for host in groups['kube-master'] %} {% for host in groups['kube-master'] %}
DNS.{{ 5 + loop.index }} = {{ host }} DNS.{{ counter["dns"] }} = {{ host }}{{ increment(counter, 'dns') }}
{% endfor %} {% endfor %}
{% set idns = groups['kube-master'] | length | int + 5 %} {% for host in groups['kube-node'] %}
{% if loadbalancer_apiserver is defined %} DNS.{{ counter["dns"] }} = {{ host }}{{ increment(counter, 'dns') }}
{% set idns = idns + 1 %} {% endfor %}
DNS.{{ idns | string }} = {{ apiserver_loadbalancer_domain_name }} {% if apiserver_loadbalancer_domain_name is defined %}
DNS.{{ counter["dns"] }} = {{ apiserver_loadbalancer_domain_name }}{{ increment(counter, 'dns') }}
{% endif %} {% endif %}
{% for host in groups['kube-master'] %} {% for host in groups['kube-master'] %}
IP.{{ 2 * loop.index - 1 }} = {{ hostvars[host]['access_ip'] | default(hostvars[host]['ansible_default_ipv4']['address']) }} {% if hostvars[host]['access_ip'] is defined %}
IP.{{ 2 * loop.index }} = {{ hostvars[host]['ip'] | default(hostvars[host]['ansible_default_ipv4']['address']) }} IP.{{ counter["ip"] }} = {{ hostvars[host]['access_ip'] }}{{ increment(counter, 'ip') }}
{% endfor %} {% endif %}
{% set idx = groups['kube-master'] | length | int * 2 + 1 %} IP.{{ counter["ip"] }} = {{ hostvars[host]['ip'] | default(hostvars[host]['ansible_default_ipv4']['address']) }}{{ increment(counter, 'ip') }}
IP.{{ idx }} = {{ kube_apiserver_ip }} {% endfor %}
{% if loadbalancer_apiserver is defined %} {% for host in groups['kube-node'] %}
IP.{{ idx + 1 }} = {{ loadbalancer_apiserver.address }} {% if hostvars[host]['access_ip'] is defined %}
{% set idx = idx + 1 %} IP.{{ counter["ip"] }} = {{ hostvars[host]['access_ip'] }}{{ increment(counter, 'ip') }}
{% endif %}
IP.{{ counter["ip"] }} = {{ hostvars[host]['ip'] | default(hostvars[host]['ansible_default_ipv4']['address']) }}{{ increment(counter, 'ip') }}
{% endfor %}
{% if kube_apiserver_ip is defined %}
IP.{{ counter["ip"] }} = {{ kube_apiserver_ip }}{{ increment(counter, 'ip') }}
{% endif %}
{% if loadbalancer_apiserver.address is defined %}
IP.{{ counter["ip"] }} = {{ loadbalancer_apiserver.address }}{{ increment(counter, 'ip') }}
{% endif %} {% endif %}
IP.{{ idx + 1 }} = 127.0.0.1
{% if supplementary_addresses_in_ssl_keys is defined %} {% if supplementary_addresses_in_ssl_keys is defined %}
{% set is = idx + 1 %}
{% for addr in supplementary_addresses_in_ssl_keys %} {% for addr in supplementary_addresses_in_ssl_keys %}
{% if addr | ipaddr %} {% if addr | ipaddr %}
IP.{{ is + loop.index }} = {{ addr }} IP.{{ counter["ip"] }} = {{ addr }}{{ increment(counter, 'ip') }}
{% else %} {% else %}
DNS.{{ idns + loop.index }} = {{ addr }} DNS.{{ counter["dns"] }} = {{ addr }}{{ increment(counter, 'dns') }}
{% endif %} {% endif %}
{% endfor %} {% endfor %}
{% endif %} {% endif %}
IP.{{ counter["ip"] }} = 127.0.0.1