Fix SAN check on newer versions versions of openssl (#11277)

pull/11525/head
M. Hamzah Khan 2024-09-09 10:04:27 +01:00 committed by GitHub
parent 533dbc62fe
commit d54cfba6c2
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 2 additions and 0 deletions

View File

@ -145,12 +145,14 @@
loop: "{{ apiserver_ips }}" loop: "{{ apiserver_ips }}"
register: apiserver_sans_ip_check register: apiserver_sans_ip_check
changed_when: apiserver_sans_ip_check.stdout is not search('does match certificate') changed_when: apiserver_sans_ip_check.stdout is not search('does match certificate')
failed_when: apiserver_sans_ip_check.rc != 0 and apiserver_sans_ip_check.stdout is not search('does NOT match certificate')
- name: Kubeadm | Check apiserver.crt SAN hosts - name: Kubeadm | Check apiserver.crt SAN hosts
command: command:
cmd: "openssl x509 -noout -in {{ kube_cert_dir }}/apiserver.crt -checkhost {{ item }}" cmd: "openssl x509 -noout -in {{ kube_cert_dir }}/apiserver.crt -checkhost {{ item }}"
loop: "{{ apiserver_hosts }}" loop: "{{ apiserver_hosts }}"
register: apiserver_sans_host_check register: apiserver_sans_host_check
changed_when: apiserver_sans_host_check.stdout is not search('does match certificate') changed_when: apiserver_sans_host_check.stdout is not search('does match certificate')
failed_when: apiserver_sans_host_check.rc != 0 and apiserver_sans_host_check.stdout is not search('does NOT match certificate')
- name: Kubeadm | regenerate apiserver cert 1/2 - name: Kubeadm | regenerate apiserver cert 1/2
file: file: