External-Mirrors/kubespray
2
0
Fork 0
mirror of https://github.com/kubernetes-sigs/kubespray.git synced 2026-05-16 05:47:42 -02:30
Code Issues Packages Projects Releases Wiki Activity

Fix vault setup partially (#1531)

Browse Source 
This does not address per-node certs and scheduler/proxy/controller-manager
component certs which are now required. This should be handled in a
follow-up patch.
This commit is contained in:
Matthew Mosesohn
2017-08-18 15:09:45 +03:00
committed by GitHub
parent 8373129588
commit 2645e88b0c
7 changed files with 37 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
roles/vault/tasks/shared/issue_cert.yml
View File

@@ -18,6 +18,11 @@
# issue_cert_role: The Vault role to issue the cert with
# issue_cert_url: Url to reach Vault, including protocol and port
- name: issue_cert | debug who issues certs
debug:
msg: "{{ issue_cert_hosts }} issues certs"
- name: issue_cert | Ensure target directory exists
file:
path: "{{ issue_cert_path | dirname }}"
@@ -38,11 +43,16 @@
format: "{{ issue_cert_format | d('pem') }}"
ip_sans: "{{ issue_cert_ip_sans | default([]) | join(',') }}"
register: issue_cert_result
when: inventory_hostname == issue_cert_hosts|first
delegate_to: "{{ issue_cert_hosts|first }}"
- name: issue_cert | results
debug:
msg: "{{ issue_cert_result }}"
- name: "issue_cert | Copy {{ issue_cert_path }} cert to all hosts"
copy:
content: "{{ hostvars[issue_cert_hosts|first]['issue_cert_result']['json']['data']['certificate'] }}"
content: "{{ issue_cert_result['json']['data']['certificate'] }}"
dest: "{{ issue_cert_path }}"
group: "{{ issue_cert_file_group | d('root' )}}"
mode: "{{ issue_cert_file_mode | d('0644') }}"
@@ -50,7 +60,7 @@
- name: "issue_cert | Copy key for {{ issue_cert_path }} to all hosts"
copy:
content: "{{ hostvars[issue_cert_hosts|first]['issue_cert_result']['json']['data']['private_key'] }}"
content: "{{ issue_cert_result['json']['data']['private_key'] }}"
dest: "{{ issue_cert_path.rsplit('.', 1)|first }}-key.{{ issue_cert_path.rsplit('.', 1)|last }}"
group: "{{ issue_cert_file_group | d('root' )}}"
mode: "{{ issue_cert_file_mode | d('0640') }}"
@@ -58,7 +68,7 @@
- name: issue_cert | Copy issuing CA cert
copy:
content: "{{ hostvars[issue_cert_hosts|first]['issue_cert_result']['json']['data']['issuing_ca'] }}"
content: "{{ issue_cert_result['json']['data']['issuing_ca'] }}"
dest: "{{ issue_cert_path | dirname }}/ca.pem"
group: "{{ issue_cert_file_group | d('root' )}}"
mode: "{{ issue_cert_file_mode | d('0644') }}"