Enable openstack_cacert to be either file or base64 string (#5243)
parent
2864e13ff9
commit
dea9304968
|
@ -5,6 +5,9 @@ To deploy kubespray on [OpenStack](https://www.openstack.org/) uncomment the `cl
|
||||||
|
|
||||||
After that make sure to source in your OpenStack credentials like you would do when using `nova-client` or `neutron-client` by using `source path/to/your/openstack-rc` or `. path/to/your/openstack-rc`.
|
After that make sure to source in your OpenStack credentials like you would do when using `nova-client` or `neutron-client` by using `source path/to/your/openstack-rc` or `. path/to/your/openstack-rc`.
|
||||||
|
|
||||||
|
For those who prefer to pass the OpenStack CA certificate as a string, one can
|
||||||
|
base64 encode the cacert file and store it in the variable `openstack_cacert`.
|
||||||
|
|
||||||
The next step is to make sure the hostnames in your `inventory` file are identical to your instance names in OpenStack.
|
The next step is to make sure the hostnames in your `inventory` file are identical to your instance names in OpenStack.
|
||||||
Otherwise [cinder](https://wiki.openstack.org/wiki/Cinder) won't work as expected.
|
Otherwise [cinder](https://wiki.openstack.org/wiki/Cinder) won't work as expected.
|
||||||
|
|
||||||
|
|
|
@ -166,14 +166,24 @@
|
||||||
- cloud-provider
|
- cloud-provider
|
||||||
- facts
|
- facts
|
||||||
|
|
||||||
|
- name: Test if openstack_cacert is a base64 string
|
||||||
|
set_fact:
|
||||||
|
openstack_cacert_is_base64: "{% if openstack_cacert | b64decode %}true{% else %}false{% endif %}"
|
||||||
|
when:
|
||||||
|
- cloud_provider is defined
|
||||||
|
- cloud_provider == 'openstack'
|
||||||
|
- openstack_cacert is defined
|
||||||
|
- openstack_cacert | length > 0
|
||||||
|
|
||||||
|
|
||||||
- name: Write cacert file
|
- name: Write cacert file
|
||||||
copy:
|
copy:
|
||||||
src: "{{ openstack_cacert }}"
|
src: "{{ openstack_cacert if not openstack_cacert_is_base64 else omit }}"
|
||||||
|
content: "{{ openstack_cacert | b64decode if openstack_cacert_is_base64 else omit }}"
|
||||||
dest: "{{ kube_config_dir }}/openstack-cacert.pem"
|
dest: "{{ kube_config_dir }}/openstack-cacert.pem"
|
||||||
group: "{{ kube_cert_group }}"
|
group: "{{ kube_cert_group }}"
|
||||||
mode: 0640
|
mode: 0640
|
||||||
when:
|
when:
|
||||||
- inventory_hostname in groups['k8s-cluster']
|
|
||||||
- cloud_provider is defined
|
- cloud_provider is defined
|
||||||
- cloud_provider == 'openstack'
|
- cloud_provider == 'openstack'
|
||||||
- openstack_cacert is defined
|
- openstack_cacert is defined
|
||||||
|
@ -197,4 +207,4 @@
|
||||||
- import_tasks: kubelet.yml
|
- import_tasks: kubelet.yml
|
||||||
tags:
|
tags:
|
||||||
- kubelet
|
- kubelet
|
||||||
- kubeadm
|
- kubeadm
|
||||||
|
|
Loading…
Reference in New Issue