Fix certificates checking when adding etcd node to existing k8s node (#5807)
Co-authored-by: alexkomrakov <alexkomrakov@gmail.com>
This commit is contained in:
parent
474fbf09c4
commit
6ad6609872
2 changed files with 23 additions and 3 deletions
|
@ -33,10 +33,29 @@
|
||||||
['{{ etcd_cert_dir }}/ca.pem',
|
['{{ etcd_cert_dir }}/ca.pem',
|
||||||
{% set all_etcd_hosts = groups['k8s-cluster']|union(groups['etcd'])|union(groups['calico-rr']|default([]))|unique|sort %}
|
{% set all_etcd_hosts = groups['k8s-cluster']|union(groups['etcd'])|union(groups['calico-rr']|default([]))|unique|sort %}
|
||||||
{% for host in all_etcd_hosts %}
|
{% for host in all_etcd_hosts %}
|
||||||
'{{ etcd_cert_dir }}/node-{{ host }}-key.pem'
|
'{{ etcd_cert_dir }}/node-{{ host }}-key.pem',
|
||||||
|
'{{ etcd_cert_dir }}/admin-{{ host }}-key.pem',
|
||||||
|
'{{ etcd_cert_dir }}/member-{{ host }}-key.pem'
|
||||||
{% if not loop.last %}{{','}}{% endif %}
|
{% if not loop.last %}{{','}}{% endif %}
|
||||||
{% endfor %}]
|
{% endfor %}]
|
||||||
|
|
||||||
|
- name: "Check_certs | Set 'gen_master_certs' to true"
|
||||||
|
set_fact:
|
||||||
|
gen_master_certs: |-
|
||||||
|
{
|
||||||
|
{% set all_etcd_hosts = groups['k8s-cluster']|union(groups['etcd'])|union(groups['calico-rr']|default([]))|unique|sort -%}
|
||||||
|
{% set existing_certs = etcdcert_master.files|map(attribute='path')|list|sort %}
|
||||||
|
{% for host in all_etcd_hosts -%}
|
||||||
|
{% set host_cert = "%s/member-%s-key.pem"|format(etcd_cert_dir, host) %}
|
||||||
|
{% if host_cert in existing_certs -%}
|
||||||
|
"{{ host }}": False,
|
||||||
|
{% else -%}
|
||||||
|
"{{ host }}": True,
|
||||||
|
{% endif -%}
|
||||||
|
{% endfor %}
|
||||||
|
}
|
||||||
|
run_once: true
|
||||||
|
|
||||||
- name: "Check_certs | Set 'gen_node_certs' to true"
|
- name: "Check_certs | Set 'gen_node_certs' to true"
|
||||||
set_fact:
|
set_fact:
|
||||||
gen_node_certs: |-
|
gen_node_certs: |-
|
||||||
|
@ -59,6 +78,7 @@
|
||||||
sync_certs: true
|
sync_certs: true
|
||||||
when:
|
when:
|
||||||
- gen_node_certs[inventory_hostname] or
|
- gen_node_certs[inventory_hostname] or
|
||||||
|
gen_master_certs[inventory_hostname] or
|
||||||
(not etcdcert_node.results[0].stat.exists|default(false)) or
|
(not etcdcert_node.results[0].stat.exists|default(false)) or
|
||||||
(not etcdcert_node.results[1].stat.exists|default(false)) or
|
(not etcdcert_node.results[1].stat.exists|default(false)) or
|
||||||
(etcdcert_node.results[1].stat.checksum|default('') != etcdcert_master.files|selectattr("path", "equalto", etcdcert_node.results[1].stat.path)|map(attribute="checksum")|first|default(''))
|
(etcdcert_node.results[1].stat.checksum|default('') != etcdcert_master.files|selectattr("path", "equalto", etcdcert_node.results[1].stat.path)|map(attribute="checksum")|first|default(''))
|
||||||
|
|
|
@ -55,7 +55,7 @@
|
||||||
command: "bash -x {{ etcd_script_dir }}/make-ssl-etcd.sh -f {{ etcd_config_dir }}/openssl.conf -d {{ etcd_cert_dir }}"
|
command: "bash -x {{ etcd_script_dir }}/make-ssl-etcd.sh -f {{ etcd_config_dir }}/openssl.conf -d {{ etcd_cert_dir }}"
|
||||||
environment:
|
environment:
|
||||||
- MASTERS: "{% for m in groups['etcd'] %}
|
- MASTERS: "{% for m in groups['etcd'] %}
|
||||||
{% if gen_node_certs[m] %}
|
{% if gen_master_certs[m] %}
|
||||||
{{ m }}
|
{{ m }}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% endfor %}"
|
{% endfor %}"
|
||||||
|
|
Loading…
Reference in a new issue