Make sure IPA has the right ACI
We need a special ACI in FreeIPA to allow etcd to obtain a certificate with an IP SAN. This ACI needs to be added ahead of time. We add a call for a validation here to make sure that the relevant ACI has been added. On failure, the installation will fail with instructions to add the ACI. Depends-On: I03575a5717456ad647cb10825b8d5646a55a6378 Change-Id: I9baaa77b5b846c96cf075244a8ccb6889469b08e
This commit is contained in:
parent
1ecccef564
commit
32934b30ab
|
@ -205,11 +205,25 @@ outputs:
|
|||
- /var/lib/config-data/etcd/etc/etcd/:/etc/etcd:ro
|
||||
- /var/lib/etcd:/var/lib/etcd:ro
|
||||
host_prep_tasks:
|
||||
- name: create /var/lib/etcd
|
||||
file:
|
||||
path: /var/lib/etcd
|
||||
state: directory
|
||||
setype: container_file_t
|
||||
list_concat:
|
||||
-
|
||||
- name: create /var/lib/etcd
|
||||
file:
|
||||
path: /var/lib/etcd
|
||||
state: directory
|
||||
setype: svirt_sandbox_file_t
|
||||
-
|
||||
if:
|
||||
- internal_tls_enabled
|
||||
-
|
||||
- name: check if ipa server has required permissions
|
||||
import_role:
|
||||
name: tls_everywhere
|
||||
tasks_from: ipa-server-check
|
||||
tags:
|
||||
- opendev-validation
|
||||
- opendev-validation-tls-everywhere
|
||||
- null
|
||||
upgrade_tasks: []
|
||||
metadata_settings:
|
||||
if:
|
||||
|
|
Loading…
Reference in New Issue