External-Mirrors/kubespray
2
0
Fork 0
mirror of https://github.com/kubernetes-sigs/kubespray.git synced 2026-05-07 17:37:39 -02:30
Code Issues Packages Projects Releases Wiki Activity

Prune unnecessary certs from vault setup (#1652)

Browse Source 
* Cleaning up cert checks for vault

* Removing all unnecessary etcd certs from each node

* Removing all unnecessary kube certs from each node
This commit is contained in:
Brad Beam
2017-09-14 06:28:11 -05:00
committed by Matthew Mosesohn
parent 4b587aaf99
commit ac281476c8
5 changed files with 20 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
roles/vault/tasks/shared/sync_file.yml
View File

@@ -16,8 +16,7 @@
- name: "sync_file | Set fact for key path name"
set_fact:
sync_file_key_path: "{{ sync_file_path.rsplit('.', 1)|first + '-key.' + sync_file_path.rsplit('.', 1)|last }}"
when: >-
sync_file_is_cert|d() and (sync_file_key_path is not defined or sync_file_key_path == '')
when: sync_file_key_path is not defined or sync_file_key_path == ''
- name: "sync_file | Check if {{sync_file_path}} file exists"
stat:
@@ -28,31 +27,29 @@
stat:
path: "{{ sync_file_key_path }}"
register: sync_file_key_stat
when: sync_file_is_cert|d()
- name: "sync_file | Combine all possible file sync sources"
set_fact:
sync_file_srcs: "{{ sync_file_srcs|default([]) + [host_item] }}"
with_items: "{{ sync_file_hosts | unique }}"
with_items: "{{ sync_file_hosts|default() | unique }}"
loop_control:
loop_var: host_item
when: hostvars[host_item].get("sync_file_stat", {}).get("stat", {}).get("exists")
when: sync_file_stat.stat.exists|default()
- name: "sync_file | Combine all possible key file sync sources"
set_fact:
sync_file_key_srcs: "{{ sync_file_key_srcs|default([]) + [host_item] }}"
with_items: "{{ sync_file_hosts | unique }}"
with_items: "{{ sync_file_hosts|default() | unique }}"
loop_control:
loop_var: host_item
when: sync_file_is_cert|d() and hostvars[host_item].get("sync_file_key_stat", {}).get("stat", {}).get("exists")
when: sync_file_key_stat.stat.exists|default()
- name: "sync_file | Remove sync sources with files that do not match sync_file_srcs|first"
set_fact:
_: "{% if inventory_hostname in sync_file_srcs %}{{ sync_file_srcs.remove(inventory_hostname) }}{% endif %}"
when: >-
sync_file_srcs|d([])|length > 1 and
inventory_hostname != sync_file_srcs|first and
sync_file_stat.stat.get("checksum") != hostvars[sync_file_srcs|first].get("sync_file_stat", {}).get("stat", {}).get("checksum")
inventory_hostname != sync_file_srcs|first
- name: "sync_file | Remove sync sources with keys that do not match sync_file_srcs|first"
set_fact:
@@ -60,8 +57,7 @@
when: >-
sync_file_is_cert|d() and
sync_file_key_srcs|d([])|length > 1 and
inventory_hostname != sync_file_key_srcs|first and
sync_file_key_stat.stat.get("checksum") != hostvars[sync_file_srcs|first].get("sync_file_key_stat", {}).get("stat", {}).get("checksum")
inventory_hostname != sync_file_key_srcs|first
- name: "sync_file | Consolidate file and key sources"
set_fact: