From 9c83551a0e052915d5c0453693c975e7308a962f Mon Sep 17 00:00:00 2001 From: ankitcharolia Date: Fri, 2 Nov 2018 16:27:53 +0100 Subject: [PATCH] add certificate authority file (#3433) --- roles/etcd/handlers/backup.yml | 1 + roles/etcd/tasks/configure.yml | 6 ++++++ roles/etcd/tasks/join_etcd_member.yml | 2 ++ 3 files changed, 9 insertions(+) diff --git a/roles/etcd/handlers/backup.yml b/roles/etcd/handlers/backup.yml index d40a3740d..407c70a3d 100644 --- a/roles/etcd/handlers/backup.yml +++ b/roles/etcd/handlers/backup.yml @@ -52,6 +52,7 @@ ETCDCTL_API: 3 ETCDCTL_CERT: "{{ etcd_cert_dir }}/admin-{{ inventory_hostname }}.pem" ETCDCTL_KEY: "{{ etcd_cert_dir }}/admin-{{ inventory_hostname }}-key.pem" + ETCDCTL_CA_FILE: "{{ etcd_cert_dir }}/ca.pem" retries: 3 register: etcd_backup_v3_command until: etcd_backup_v3_command.rc == 0 diff --git a/roles/etcd/tasks/configure.yml b/roles/etcd/tasks/configure.yml index 674d202e0..ded28fc60 100644 --- a/roles/etcd/tasks/configure.yml +++ b/roles/etcd/tasks/configure.yml @@ -11,6 +11,7 @@ environment: ETCDCTL_CERT_FILE: "{{ etcd_cert_dir }}/admin-{{ inventory_hostname }}.pem" ETCDCTL_KEY_FILE: "{{ etcd_cert_dir }}/admin-{{ inventory_hostname }}-key.pem" + ETCDCTL_CA_FILE: "{{ etcd_cert_dir }}/ca.pem" - name: Configure | Check if etcd-events cluster is healthy shell: "{{ bin_dir }}/etcdctl --endpoints={{ etcd_events_access_addresses }} cluster-health | grep -q 'cluster is healthy'" @@ -24,6 +25,7 @@ environment: ETCDCTL_CERT_FILE: "{{ etcd_cert_dir }}/admin-{{ inventory_hostname }}.pem" ETCDCTL_KEY_FILE: "{{ etcd_cert_dir }}/admin-{{ inventory_hostname }}-key.pem" + ETCDCTL_CA_FILE: "{{ etcd_cert_dir }}/ca.pem" - include_tasks: refresh_config.yml when: is_etcd_master @@ -75,6 +77,7 @@ environment: ETCDCTL_CERT_FILE: "{{ etcd_cert_dir }}/admin-{{ inventory_hostname }}.pem" ETCDCTL_KEY_FILE: "{{ etcd_cert_dir }}/admin-{{ inventory_hostname }}-key.pem" + ETCDCTL_CA_FILE: "{{ etcd_cert_dir }}/ca.pem" - name: Configure | Check if etcd-events cluster is healthy shell: "{{ bin_dir }}/etcdctl --endpoints={{ etcd_events_access_addresses }} cluster-health | grep -q 'cluster is healthy'" @@ -91,6 +94,7 @@ environment: ETCDCTL_CERT_FILE: "{{ etcd_cert_dir }}/admin-{{ inventory_hostname }}.pem" ETCDCTL_KEY_FILE: "{{ etcd_cert_dir }}/admin-{{ inventory_hostname }}-key.pem" + ETCDCTL_CA_FILE: "{{ etcd_cert_dir }}/ca.pem" - name: Configure | Check if member is in etcd cluster shell: "{{ bin_dir }}/etcdctl --no-sync --endpoints={{ etcd_access_addresses }} member list | grep -q {{ etcd_access_address }}" @@ -104,6 +108,7 @@ environment: ETCDCTL_CERT_FILE: "{{ etcd_cert_dir }}/admin-{{ inventory_hostname }}.pem" ETCDCTL_KEY_FILE: "{{ etcd_cert_dir }}/admin-{{ inventory_hostname }}-key.pem" + ETCDCTL_CA_FILE: "{{ etcd_cert_dir }}/ca.pem" - name: Configure | Check if member is in etcd-events cluster shell: "{{ bin_dir }}/etcdctl --no-sync --endpoints={{ etcd_events_access_addresses }} member list | grep -q {{ etcd_access_address }}" @@ -117,6 +122,7 @@ environment: ETCDCTL_CERT_FILE: "{{ etcd_cert_dir }}/admin-{{ inventory_hostname }}.pem" ETCDCTL_KEY_FILE: "{{ etcd_cert_dir }}/admin-{{ inventory_hostname }}-key.pem" + ETCDCTL_CA_FILE: "{{ etcd_cert_dir }}/ca.pem" - name: Configure | Join member(s) to etcd cluster one at a time include_tasks: join_etcd_member.yml diff --git a/roles/etcd/tasks/join_etcd_member.yml b/roles/etcd/tasks/join_etcd_member.yml index 60cfd16cd..0aad02049 100644 --- a/roles/etcd/tasks/join_etcd_member.yml +++ b/roles/etcd/tasks/join_etcd_member.yml @@ -9,6 +9,7 @@ environment: ETCDCTL_CERT_FILE: "{{ etcd_cert_dir }}/admin-{{ inventory_hostname }}.pem" ETCDCTL_KEY_FILE: "{{ etcd_cert_dir }}/admin-{{ inventory_hostname }}-key.pem" + ETCDCTL_CA_FILE: "{{ etcd_cert_dir }}/ca.pem" - include_tasks: refresh_config.yml vars: @@ -34,3 +35,4 @@ environment: ETCDCTL_CERT_FILE: "{{ etcd_cert_dir }}/admin-{{ inventory_hostname }}.pem" ETCDCTL_KEY_FILE: "{{ etcd_cert_dir }}/admin-{{ inventory_hostname }}-key.pem" + ETCDCTL_CA_FILE: "{{ etcd_cert_dir }}/ca.pem"