Home Explore Help
Register Sign In
shixiong
/
okd
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Ensure embedded etcd config uses CA bundle.

Andrew Butcher 8 years ago
parent
fc96d8d22f
commit
b0ca3ea0a2
2 changed files with 33 additions and 0 deletions
Split View Show Diff Stats
  1. 21 0
      playbooks/common/openshift-cluster/redeploy-certificates/ca.yml
  2. 12 0
      roles/openshift_master/templates/master.yaml.v1.j2

+ 21 - 0
playbooks/common/openshift-cluster/redeploy-certificates/ca.yml
View File 

@@ -160,6 +160,27 @@
 
       yaml_key: servingInfo.clientCA
 
       yaml_value: ca-bundle.crt
 
     when: (g_master_config_output.content|b64decode|from_yaml).servingInfo.clientCA != 'ca-bundle.crt'
 
+  - modify_yaml:
 
+      dest: "{{ openshift.common.config_base }}/master/master-config.yaml"
 
+      yaml_key: etcdClientInfo.ca
 
+      yaml_value: ca-bundle.crt
 
+    when:
 
+    - groups.oo_etcd_to_config | default([]) | length == 0
 
+    - (g_master_config_output.content|b64decode|from_yaml).etcdClientInfo.ca != 'ca-bundle.crt'
 
+  - modify_yaml:
 
+      dest: "{{ openshift.common.config_base }}/master/master-config.yaml"
 
+      yaml_key: etcdConfig.peerServingInfo.clientCA
 
+      yaml_value: ca-bundle.crt
 
+    when:
 
+    - groups.oo_etcd_to_config | default([]) | length == 0
 
+    - (g_master_config_output.content|b64decode|from_yaml).etcdConfig.peerServingInfo.clientCA != 'ca-bundle.crt'
 
+  - modify_yaml:
 
+      dest: "{{ openshift.common.config_base }}/master/master-config.yaml"
 
+      yaml_key: etcdConfig.servingInfo.clientCA
 
+      yaml_value: ca-bundle.crt
 
+    when:
 
+    - groups.oo_etcd_to_config | default([]) | length == 0
 
+    - (g_master_config_output.content|b64decode|from_yaml).etcdConfig.servingInfo.clientCA != 'ca-bundle.crt'
 
 
 - name: Copy current OpenShift CA to legacy directory
 
   hosts: oo_masters_to_config

+ 12 - 0
roles/openshift_master/templates/master.yaml.v1.j2
View File 

@@ -65,7 +65,11 @@ dnsConfig:
 
   bindNetwork: tcp4
 
 {% endif %}
 
 etcdClientInfo:
 
+{% if openshift.common.version_gte_3_2_or_1_2 | bool %}
 
+  ca: {{ "ca-bundle.crt" if (openshift.master.embedded_etcd | bool) else "master.etcd-ca.crt" }}
 
+{% else %}
 
   ca: {{ "ca.crt" if (openshift.master.embedded_etcd | bool) else "master.etcd-ca.crt" }}
 
+{% endif %}
 
   certFile: master.etcd-client.crt
 
   keyFile: master.etcd-client.key
 
   urls:
 
@@ -79,12 +83,20 @@ etcdConfig:
 
   peerServingInfo:
 
     bindAddress: {{ openshift.master.bind_addr }}:7001
 
     certFile: etcd.server.crt
 
+{% if openshift.common.version_gte_3_2_or_1_2 | bool %}
 
+    clientCA: ca-bundle.crt
 
+{% else %}
 
     clientCA: ca.crt
 
+{% endif %}
 
     keyFile: etcd.server.key
 
   servingInfo:
 
     bindAddress: {{ openshift.master.bind_addr }}:{{ openshift.master.etcd_port }}
 
     certFile: etcd.server.crt
 
+{% if openshift.common.version_gte_3_2_or_1_2 | bool %}
 
+    clientCA: ca-bundle.crt
 
+{% else %}
 
     clientCA: ca.crt
 
+{% endif %}
 
     keyFile: etcd.server.key
 
   storageDirectory: {{ openshift.common.data_dir }}/openshift.local.etcd
 
 {% endif %}