Enable openstack_cacert to be either file or base64 string (#5243)

This commit is contained in:
Matthew Mosesohn 2019-10-09 12:19:49 +03:00 committed by Kubernetes Prow Robot
parent 2864e13ff9
commit dea9304968
2 changed files with 16 additions and 3 deletions

View file

@ -5,6 +5,9 @@ To deploy kubespray on [OpenStack](https://www.openstack.org/) uncomment the `cl
After that make sure to source in your OpenStack credentials like you would do when using `nova-client` or `neutron-client` by using `source path/to/your/openstack-rc` or `. path/to/your/openstack-rc`. After that make sure to source in your OpenStack credentials like you would do when using `nova-client` or `neutron-client` by using `source path/to/your/openstack-rc` or `. path/to/your/openstack-rc`.
For those who prefer to pass the OpenStack CA certificate as a string, one can
base64 encode the cacert file and store it in the variable `openstack_cacert`.
The next step is to make sure the hostnames in your `inventory` file are identical to your instance names in OpenStack. The next step is to make sure the hostnames in your `inventory` file are identical to your instance names in OpenStack.
Otherwise [cinder](https://wiki.openstack.org/wiki/Cinder) won't work as expected. Otherwise [cinder](https://wiki.openstack.org/wiki/Cinder) won't work as expected.

View file

@ -166,14 +166,24 @@
- cloud-provider - cloud-provider
- facts - facts
- name: Test if openstack_cacert is a base64 string
set_fact:
openstack_cacert_is_base64: "{% if openstack_cacert | b64decode %}true{% else %}false{% endif %}"
when:
- cloud_provider is defined
- cloud_provider == 'openstack'
- openstack_cacert is defined
- openstack_cacert | length > 0
- name: Write cacert file - name: Write cacert file
copy: copy:
src: "{{ openstack_cacert }}" src: "{{ openstack_cacert if not openstack_cacert_is_base64 else omit }}"
content: "{{ openstack_cacert | b64decode if openstack_cacert_is_base64 else omit }}"
dest: "{{ kube_config_dir }}/openstack-cacert.pem" dest: "{{ kube_config_dir }}/openstack-cacert.pem"
group: "{{ kube_cert_group }}" group: "{{ kube_cert_group }}"
mode: 0640 mode: 0640
when: when:
- inventory_hostname in groups['k8s-cluster']
- cloud_provider is defined - cloud_provider is defined
- cloud_provider == 'openstack' - cloud_provider == 'openstack'
- openstack_cacert is defined - openstack_cacert is defined
@ -197,4 +207,4 @@
- import_tasks: kubelet.yml - import_tasks: kubelet.yml
tags: tags:
- kubelet - kubelet
- kubeadm - kubeadm