Fix SAN check on newer versions versions of openssl (#11277)

8 months ago · d54cfba6c2
1 changed files with 2 additions and 0 deletions
--- a/roles/kubernetes/control-plane/tasks/kubeadm-setup.yml
+++ b/roles/kubernetes/control-plane/tasks/kubeadm-setup.yml
@ -145,12 +145,14 @@
      loop: "{{ apiserver_ips }}"
      register: apiserver_sans_ip_check
      changed_when: apiserver_sans_ip_check.stdout is not search('does match certificate')
+      failed_when: apiserver_sans_ip_check.rc != 0 and apiserver_sans_ip_check.stdout is not search('does NOT match certificate')
    - name: Kubeadm | Check apiserver.crt SAN hosts
      command:
        cmd: "openssl x509 -noout -in {{ kube_cert_dir }}/apiserver.crt -checkhost {{ item }}"
      loop: "{{ apiserver_hosts }}"
      register: apiserver_sans_host_check
      changed_when: apiserver_sans_host_check.stdout is not search('does match certificate')
+      failed_when: apiserver_sans_host_check.rc != 0 and apiserver_sans_host_check.stdout is not search('does NOT match certificate')

 - name: Kubeadm | regenerate apiserver cert 1/2
  file: