richard
/
kubespray
mirror of https://github.com/kubernetes-sigs/kubespray.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Merge pull request #596 from kubernetes-incubator/fix_etcd_coreos_ca 

Fix ca certificate loading on CoreOS
pull/602/head
Smaine Kahlouch 8 years ago
committed by GitHub
parent
6cc05c103a 46ee9faca9
commit
f6233ffc9a
2 changed files with 15 additions and 14 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 15
      roles/etcd/tasks/gen_certs.yml
  2. 14
      roles/kubernetes/secrets/tasks/gen_certs.yml

15
roles/etcd/tasks/gen_certs.yml
View File

@ -84,21 +84,21 @@
when: inventory_hostname in groups['etcd']
changed_when: false
- name: Gen_certs | target ca-certificates directory
- name: Gen_certs | target ca-certificate store file
set_fact:
ca_cert_dir: |-
ca_cert_path: |-
{% if ansible_os_family == "Debian" -%}
/usr/local/share/ca-certificates
/usr/local/share/ca-certificates/etcd-ca.crt
{%- elif ansible_os_family == "RedHat" -%}
/etc/pki/ca-trust/source/anchors
/etc/pki/ca-trust/source/anchors/etcd-ca.crt
{%- elif ansible_os_family == "CoreOS" -%}
/etc/ssl/certs
/etc/ssl/certs/etcd-ca.pem
{%- endif %}
- name: Gen_certs | add CA to trusted CA dir
copy:
src: "{{ etcd_cert_dir }}/ca.pem"
dest: "{{ ca_cert_dir }}/etcd-ca.crt"
dest: "{{ ca_cert_path }}"
remote_src: true
register: etcd_ca_cert
@ -106,6 +106,7 @@
command: update-ca-certificates
when: etcd_ca_cert.changed and ansible_os_family in ["Debian", "CoreOS"]
- name: Gen_certs | update ca-certificatesa (RedHat)
- name: Gen_certs | update ca-certificates (RedHat)
command: update-ca-trust extract
when: etcd_ca_cert.changed and ansible_os_family == "RedHat"

14
roles/kubernetes/secrets/tasks/gen_certs.yml
View File

@ -65,21 +65,21 @@
when: inventory_hostname in groups['kube-master']
changed_when: false
- name: Gen_certs | target ca-certificates directory
- name: Gen_certs | target ca-certificates path
set_fact:
ca_cert_dir: |-
ca_cert_path: |-
{% if ansible_os_family == "Debian" -%}
/usr/local/share/ca-certificates
/usr/local/share/ca-certificates/kube-ca.crt
{%- elif ansible_os_family == "RedHat" -%}
/etc/pki/ca-trust/source/anchors
/etc/pki/ca-trust/source/anchors/kube-ca.crt
{%- elif ansible_os_family == "CoreOS" -%}
/etc/ssl/certs
/etc/ssl/certs/kube-ca.pem
{%- endif %}
- name: Gen_certs | add CA to trusted CA dir
copy:
src: "{{ kube_cert_dir }}/ca.pem"
dest: "{{ ca_cert_dir }}/kube-ca.crt"
dest: "{{ ca_cert_path }}"
remote_src: true
register: kube_ca_cert
@ -87,7 +87,7 @@
command: update-ca-certificates
when: kube_ca_cert.changed and ansible_os_family in ["Debian", "CoreOS"]
- name: Gen_certs | update ca-certificatesa (RedHat)
- name: Gen_certs | update ca-certificates (RedHat)
command: update-ca-trust extract
when: kube_ca_cert.changed and ansible_os_family == "RedHat"
Write Preview
Loading…
Cancel
Save