mirror of
https://github.com/kubernetes-sigs/kubespray.git
synced 2026-02-28 16:28:45 -03:30
Fix SAN check on newer versions versions of openssl (#11277)
This commit is contained in:
M. Hamzah Khan
GitHub
@@ -145,12 +145,14 @@
|
|||||||
loop: "{{ apiserver_ips }}"
|
loop: "{{ apiserver_ips }}"
|
||||||
register: apiserver_sans_ip_check
|
register: apiserver_sans_ip_check
|
||||||
changed_when: apiserver_sans_ip_check.stdout is not search('does match certificate')
|
changed_when: apiserver_sans_ip_check.stdout is not search('does match certificate')
|
||||||
|
failed_when: apiserver_sans_ip_check.rc != 0 and apiserver_sans_ip_check.stdout is not search('does NOT match certificate')
|
||||||
- name: Kubeadm | Check apiserver.crt SAN hosts
|
- name: Kubeadm | Check apiserver.crt SAN hosts
|
||||||
command:
|
command:
|
||||||
cmd: "openssl x509 -noout -in {{ kube_cert_dir }}/apiserver.crt -checkhost {{ item }}"
|
cmd: "openssl x509 -noout -in {{ kube_cert_dir }}/apiserver.crt -checkhost {{ item }}"
|
||||||
loop: "{{ apiserver_hosts }}"
|
loop: "{{ apiserver_hosts }}"
|
||||||
register: apiserver_sans_host_check
|
register: apiserver_sans_host_check
|
||||||
changed_when: apiserver_sans_host_check.stdout is not search('does match certificate')
|
changed_when: apiserver_sans_host_check.stdout is not search('does match certificate')
|
||||||
|
failed_when: apiserver_sans_host_check.rc != 0 and apiserver_sans_host_check.stdout is not search('does NOT match certificate')
|
||||||
|
|
||||||
- name: Kubeadm | regenerate apiserver cert 1/2
|
- name: Kubeadm | regenerate apiserver cert 1/2
|
||||||
file:
|
file:
|
||||||
|
|||||||
Reference in New Issue
Block a user