From bc74a376961b2d9d7b6d822ab471a58e1de6ed22 Mon Sep 17 00:00:00 2001
From: Matthew Mosesohn <matthew.mosesohn@gmail.com>
Date: Thu, 1 Nov 2018 15:50:26 +0300
Subject: [PATCH] Calculate etcd client cert serial for appropriate groups
 (#3605)

Standalone etcd nodes do not generate node-$hostname certs and do
not need this serial calculated.
---
 roles/etcd/tasks/main.yml | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/roles/etcd/tasks/main.yml b/roles/etcd/tasks/main.yml
index 0ce11d355..544b37b80 100644
--- a/roles/etcd/tasks/main.yml
+++ b/roles/etcd/tasks/main.yml
@@ -17,7 +17,8 @@
   command: "openssl x509 -in {{ etcd_cert_dir }}/node-{{ inventory_hostname }}.pem -noout -serial"
   register: "etcd_client_cert_serial_result"
   changed_when: false
-  when: inventory_hostname in groups['k8s-cluster']|union(groups['etcd'])|union(groups['calico-rr']|default([]))|unique|sort
+  when:
+    - inventory_hostname in groups['k8s-cluster']|union(groups['calico-rr']|default([]))|unique|sort
   tags:
     - master
     - network
@@ -25,7 +26,8 @@
 - name: Set etcd_client_cert_serial
   set_fact:
     etcd_client_cert_serial: "{{ etcd_client_cert_serial_result.stdout.split('=')[1] }}"
-  when: inventory_hostname in groups['k8s-cluster']|union(groups['etcd'])|union(groups['calico-rr']|default([]))|unique|sort
+  when:
+    - inventory_hostname in groups['k8s-cluster']|union(groups['calico-rr']|default([]))|unique|sort
   tags:
     - master
     - network