Skip to content
Snippets Groups Projects
Commit 0df32b03 authored by woopstar's avatar woopstar Committed by Andreas Kruger
Browse files

Update openssl.conf to count better and work with Jinja 2.9

parent 03117d95
Branches
Tags
No related merge requests found
Show whitespace changes
Inline Side-by-side
roles/etcd/templates/openssl.conf.j2
+ 10
11
View file @ 0df32b03
[req] {% set counter = {'dns': 2,'ip': 1,} %}{% macro increment(dct, key, inc=1)%}{% if dct.update({key: dct[key] + inc}) %} {% endif %}{% endmacro %}[req]
req_extensions = v3_req req_extensions = v3_req
distinguished_name = req_distinguished_name distinguished_name = req_distinguished_name
...@@ -25,19 +25,18 @@ authorityKeyIdentifier=keyid:always,issuer ...@@ -25,19 +25,18 @@ authorityKeyIdentifier=keyid:always,issuer
[alt_names] [alt_names]
DNS.1 = localhost DNS.1 = localhost
{% for host in groups['etcd'] %} {% for host in groups['etcd'] %}
DNS.{{ 1 + loop.index }} = {{ host }} DNS.{{ counter["dns"] }} = {{ host }}{{ increment(counter, 'dns') }}
{% endfor %} {% endfor %}
{% if loadbalancer_apiserver is defined %} {% if apiserver_loadbalancer_domain_name is defined %}
{% set idx = groups['etcd'] | length | int + 2 %} DNS.{{ counter["dns"] }} = {{ apiserver_loadbalancer_domain_name }}{{ increment(counter, 'dns') }}
DNS.{{ idx | string }} = {{ apiserver_loadbalancer_domain_name }}
{% endif %} {% endif %}
{% set idx = groups['etcd'] | length | int + 3 %}
{% for etcd_alt_name in etcd_cert_alt_names %} {% for etcd_alt_name in etcd_cert_alt_names %}
DNS.{{ idx + 1 + loop.index }} = {{ etcd_alt_name }} DNS.{{ counter["dns"] }} = {{ etcd_alt_name }}{{ increment(counter, 'dns') }}
{% endfor %} {% endfor %}
{% for host in groups['etcd'] %} {% for host in groups['etcd'] %}
IP.{{ 2 * loop.index - 1 }} = {{ hostvars[host]['access_ip'] | default(hostvars[host]['ansible_default_ipv4']['address']) }} {% if hostvars[host]['access_ip'] is defined %}
IP.{{ 2 * loop.index }} = {{ hostvars[host]['ip'] | default(hostvars[host]['ansible_default_ipv4']['address']) }} IP.{{ counter["ip"] }} = {{ hostvars[host]['access_ip'] }}{{ increment(counter, 'ip') }}
{% endif %}
IP.{{ counter["ip"] }} = {{ hostvars[host]['ip'] | default(hostvars[host]['ansible_default_ipv4']['address']) }}{{ increment(counter, 'ip') }}
{% endfor %} {% endfor %}
{% set idx = groups['etcd'] | length | int * 2 + 1 %} IP.{{ counter["ip"] }} = 127.0.0.1
IP.{{ idx }} = 127.0.0.1
roles/kubernetes/secrets/templates/openssl.conf.j2
+ 25
17
View file @ 0df32b03
[req] {% set counter = {'dns': 6,'ip': 1,} %}{% macro increment(dct, key, inc=1)%}{% if dct.update({key: dct[key] + inc}) %} {% endif %}{% endmacro %}[req]
req_extensions = v3_req req_extensions = v3_req
distinguished_name = req_distinguished_name distinguished_name = req_distinguished_name
[req_distinguished_name] [req_distinguished_name]
...@@ -13,31 +13,39 @@ DNS.3 = kubernetes.default.svc ...@@ -13,31 +13,39 @@ DNS.3 = kubernetes.default.svc
DNS.4 = kubernetes.default.svc.{{ dns_domain }} DNS.4 = kubernetes.default.svc.{{ dns_domain }}
DNS.5 = localhost DNS.5 = localhost
{% for host in groups['kube-master'] %} {% for host in groups['kube-master'] %}
DNS.{{ 5 + loop.index }} = {{ host }} DNS.{{ counter["dns"] }} = {{ host }}{{ increment(counter, 'dns') }}
{% endfor %} {% endfor %}
{% set idns = groups['kube-master'] | length | int + 5 %} {% for host in groups['kube-node'] %}
{% if loadbalancer_apiserver is defined %} DNS.{{ counter["dns"] }} = {{ host }}{{ increment(counter, 'dns') }}
{% set idns = idns + 1 %} {% endfor %}
DNS.{{ idns | string }} = {{ apiserver_loadbalancer_domain_name }} {% if apiserver_loadbalancer_domain_name is defined %}
DNS.{{ counter["dns"] }} = {{ apiserver_loadbalancer_domain_name }}{{ increment(counter, 'dns') }}
{% endif %} {% endif %}
{% for host in groups['kube-master'] %} {% for host in groups['kube-master'] %}
IP.{{ 2 * loop.index - 1 }} = {{ hostvars[host]['access_ip'] | default(hostvars[host]['ansible_default_ipv4']['address']) }} {% if hostvars[host]['access_ip'] is defined %}
IP.{{ 2 * loop.index }} = {{ hostvars[host]['ip'] | default(hostvars[host]['ansible_default_ipv4']['address']) }} IP.{{ counter["ip"] }} = {{ hostvars[host]['access_ip'] }}{{ increment(counter, 'ip') }}
{% endif %}
IP.{{ counter["ip"] }} = {{ hostvars[host]['ip'] | default(hostvars[host]['ansible_default_ipv4']['address']) }}{{ increment(counter, 'ip') }}
{% endfor %} {% endfor %}
{% set idx = groups['kube-master'] | length | int * 2 + 1 %} {% for host in groups['kube-node'] %}
IP.{{ idx }} = {{ kube_apiserver_ip }} {% if hostvars[host]['access_ip'] is defined %}
{% if loadbalancer_apiserver is defined %} IP.{{ counter["ip"] }} = {{ hostvars[host]['access_ip'] }}{{ increment(counter, 'ip') }}
IP.{{ idx + 1 }} = {{ loadbalancer_apiserver.address }} {% endif %}
{% set idx = idx + 1 %} IP.{{ counter["ip"] }} = {{ hostvars[host]['ip'] | default(hostvars[host]['ansible_default_ipv4']['address']) }}{{ increment(counter, 'ip') }}
{% endfor %}
{% if kube_apiserver_ip is defined %}
IP.{{ counter["ip"] }} = {{ kube_apiserver_ip }}{{ increment(counter, 'ip') }}
{% endif %}
{% if loadbalancer_apiserver.address is defined %}
IP.{{ counter["ip"] }} = {{ loadbalancer_apiserver.address }}{{ increment(counter, 'ip') }}
{% endif %} {% endif %}
IP.{{ idx + 1 }} = 127.0.0.1
{% if supplementary_addresses_in_ssl_keys is defined %} {% if supplementary_addresses_in_ssl_keys is defined %}
{% set is = idx + 1 %}
{% for addr in supplementary_addresses_in_ssl_keys %} {% for addr in supplementary_addresses_in_ssl_keys %}
{% if addr | ipaddr %} {% if addr | ipaddr %}
IP.{{ is + loop.index }} = {{ addr }} IP.{{ counter["ip"] }} = {{ addr }}{{ increment(counter, 'ip') }}
{% else %} {% else %}
DNS.{{ idns + loop.index }} = {{ addr }} DNS.{{ counter["dns"] }} = {{ addr }}{{ increment(counter, 'dns') }}
{% endif %} {% endif %}
{% endfor %} {% endfor %}
{% endif %} {% endif %}
IP.{{ counter["ip"] }} = 127.0.0.1
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment