Make sure IPA has the right ACI
We need a special ACI in FreeIPA to allow etcd to obtain a
certificate with an IP SAN. This ACI needs to be added ahead of
time. We add a call for a validation here to make sure that the
relevant ACI has been added.
On failure, the installation will fail with instructions to add
the ACI.
The validation that is invoked here has already mereged in:
https://review.opendev.org/#/c/741313/
Change-Id: I9baaa77b5b846c96cf075244a8ccb6889469b08e
(cherry picked from commit dc959f17c8
)
This commit is contained in:
parent
ca966eef90
commit
1cde17b813
|
@ -205,11 +205,25 @@ outputs:
|
|||
- /var/lib/config-data/etcd/etc/etcd/:/etc/etcd:ro
|
||||
- /var/lib/etcd:/var/lib/etcd:ro
|
||||
host_prep_tasks:
|
||||
- name: create /var/lib/etcd
|
||||
file:
|
||||
path: /var/lib/etcd
|
||||
state: directory
|
||||
setype: container_file_t
|
||||
list_concat:
|
||||
-
|
||||
- name: create /var/lib/etcd
|
||||
file:
|
||||
path: /var/lib/etcd
|
||||
state: directory
|
||||
setype: container_file_t
|
||||
-
|
||||
if:
|
||||
- internal_tls_enabled
|
||||
-
|
||||
- name: check if ipa server has required permissions
|
||||
import_role:
|
||||
name: tls_everywhere
|
||||
tasks_from: ipa-server-check
|
||||
tags:
|
||||
- opendev-validation
|
||||
- opendev-validation-tls-everywhere
|
||||
- null
|
||||
upgrade_tasks: []
|
||||
metadata_settings:
|
||||
if:
|
||||
|
|
Loading…
Reference in New Issue