Make sure IPA has the right ACI
We need a special ACI in FreeIPA to allow etcd to obtain a
certificate with an IP SAN. This ACI needs to be added ahead of
time. We add a call for a validation here to make sure that the
relevant ACI has been added.
On failure, the installation will fail with instructions to add
the ACI.
Depends-On: https://review.opendev.org/#/c/749575/
Change-Id: I9baaa77b5b846c96cf075244a8ccb6889469b08e
(cherry picked from commit 32934b30ab
)
This commit is contained in:
parent
66c014e13e
commit
c7eb592794
|
@ -205,11 +205,25 @@ outputs:
|
|||
- /var/lib/config-data/etcd/etc/etcd/:/etc/etcd:ro
|
||||
- /var/lib/etcd:/var/lib/etcd:ro
|
||||
host_prep_tasks:
|
||||
- name: create /var/lib/etcd
|
||||
file:
|
||||
path: /var/lib/etcd
|
||||
state: directory
|
||||
setype: svirt_sandbox_file_t
|
||||
list_concat:
|
||||
-
|
||||
- name: create /var/lib/etcd
|
||||
file:
|
||||
path: /var/lib/etcd
|
||||
state: directory
|
||||
setype: svirt_sandbox_file_t
|
||||
-
|
||||
if:
|
||||
- internal_tls_enabled
|
||||
-
|
||||
- name: check if ipa server has required permissions
|
||||
import_role:
|
||||
name: tls_everywhere
|
||||
tasks_from: ipa-server-check
|
||||
tags:
|
||||
- opendev-validation
|
||||
- opendev-validation-tls-everywhere
|
||||
- null
|
||||
upgrade_tasks: []
|
||||
metadata_settings:
|
||||
if:
|
||||
|
|
Loading…
Reference in New Issue