Skip to content
Snippets Groups Projects
Unverified Commit d54cfba6 authored by M. Hamzah Khan's avatar M. Hamzah Khan Committed by GitHub
Browse files

Fix SAN check on newer versions versions of openssl (#11277)

parent 533dbc62
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
roles/kubernetes/control-plane/tasks/kubeadm-setup.yml
+ 2
0
View file @ d54cfba6
...@@ -145,12 +145,14 @@ ...@@ -145,12 +145,14 @@
loop: "{{ apiserver_ips }}" loop: "{{ apiserver_ips }}"
register: apiserver_sans_ip_check register: apiserver_sans_ip_check
changed_when: apiserver_sans_ip_check.stdout is not search('does match certificate') changed_when: apiserver_sans_ip_check.stdout is not search('does match certificate')
failed_when: apiserver_sans_ip_check.rc != 0 and apiserver_sans_ip_check.stdout is not search('does NOT match certificate')
- name: Kubeadm | Check apiserver.crt SAN hosts - name: Kubeadm | Check apiserver.crt SAN hosts
command: command:
cmd: "openssl x509 -noout -in {{ kube_cert_dir }}/apiserver.crt -checkhost {{ item }}" cmd: "openssl x509 -noout -in {{ kube_cert_dir }}/apiserver.crt -checkhost {{ item }}"
loop: "{{ apiserver_hosts }}" loop: "{{ apiserver_hosts }}"
register: apiserver_sans_host_check register: apiserver_sans_host_check
changed_when: apiserver_sans_host_check.stdout is not search('does match certificate') changed_when: apiserver_sans_host_check.stdout is not search('does match certificate')
failed_when: apiserver_sans_host_check.rc != 0 and apiserver_sans_host_check.stdout is not search('does NOT match certificate')
- name: Kubeadm | regenerate apiserver cert 1/2 - name: Kubeadm | regenerate apiserver cert 1/2
file: file:
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment