From 8319b3217b2170b84fcc55b42f10cd7501326551 Mon Sep 17 00:00:00 2001 From: gjmzj Date: Wed, 27 Mar 2019 21:59:34 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E5=A4=8D=E5=BD=93=E7=AC=AC=E4=B8=80?= =?UTF-8?q?=E4=B8=AAetcd=E6=88=90=E5=91=98=E6=95=85=E9=9A=9C=E6=97=B6apise?= =?UTF-8?q?rver=E4=B9=9F=E6=95=85=E9=9A=9C=E7=9A=84bug=EF=BC=8C=E8=AF=A6?= =?UTF-8?q?=E8=A7=81=20kubernetes=20issue=20#72102?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- roles/etcd/tasks/main.yml | 8 -------- roles/etcd/templates/etcd-csr.json.j2 | 6 ++++-- 2 files changed, 4 insertions(+), 10 deletions(-) diff --git a/roles/etcd/tasks/main.yml b/roles/etcd/tasks/main.yml index 7cafffe..872a17a 100644 --- a/roles/etcd/tasks/main.yml +++ b/roles/etcd/tasks/main.yml @@ -22,18 +22,10 @@ - ca-config.json delegate_to: "{{ groups.deploy[0] }}" -# 注册变量p,根据p的stat信息判断是否已经生成过etcd证书,如果没有,下一步生成证书 -# 如果已经有etcd证书,为了保证整个安装的幂等性,跳过证书生成的步骤 -- name: 读取etcd证书stat信息 - stat: path="/etc/etcd/ssl/etcd.pem" - register: p - - name: 创建etcd证书请求 template: src=etcd-csr.json.j2 dest=/etc/etcd/ssl/etcd-csr.json - when: p.stat.isreg is not defined - name: 创建 etcd证书和私钥 - when: p.stat.isreg is not defined shell: "cd /etc/etcd/ssl && {{ bin_dir }}/cfssl gencert \ -ca={{ ca_dir }}/ca.pem \ -ca-key={{ ca_dir }}/ca-key.pem \ diff --git a/roles/etcd/templates/etcd-csr.json.j2 b/roles/etcd/templates/etcd-csr.json.j2 index 674a334..80ec8ae 100644 --- a/roles/etcd/templates/etcd-csr.json.j2 +++ b/roles/etcd/templates/etcd-csr.json.j2 @@ -1,8 +1,10 @@ { "CN": "etcd", "hosts": [ - "127.0.0.1", - "{{ inventory_hostname }}" +{% for host in groups['etcd'] %} + "{{ host }}", +{% endfor %} + "127.0.0.1" ], "key": { "algo": "rsa",