From: Balint Varga Date: Fri, 26 Jul 2019 07:07:20 +0000 (+0200) Subject: CN added for all certs X-Git-Url: https://gerrit.akraino.org/r/gitweb?a=commitdiff_plain;h=9e5538257e8b65d90a5d7af9052a55925de070db;p=ta%2Fcaas-install.git CN added for all certs Signed-off-by: Balint Varga Change-Id: I0891e3ca9a9961d4a6455a6fb84c919cb92bdfcf --- diff --git a/SPECS/instantiate.spec b/SPECS/instantiate.spec index 5ab7542..7c46560 100644 --- a/SPECS/instantiate.spec +++ b/SPECS/instantiate.spec @@ -15,7 +15,7 @@ %define COMPONENT instantiate %define RPM_NAME caas-%{COMPONENT} %define RPM_MAJOR_VERSION 1.0.0 -%define RPM_MINOR_VERSION 9 +%define RPM_MINOR_VERSION 10 Name: %{RPM_NAME} Version: %{RPM_MAJOR_VERSION} diff --git a/ansible/roles/docker/meta/main.yml b/ansible/roles/docker/meta/main.yml index 79bd0dc..cf20f6a 100644 --- a/ansible/roles/docker/meta/main.yml +++ b/ansible/roles/docker/meta/main.yml @@ -32,15 +32,10 @@ dependencies: - role: cert instance: "docker{{ nodeindex }}" - cert_path: /etc/docker - become: true - become_user: "root" - - - role: cert + cert_path: "{{ caas.cert_directory }}" cert_name: "cert.pem" key_name: "key.pem" - instance: "docker" - cert_path: /etc/docker + common_name: "docker" alt_names: ip: - "{{ ansible_host }}" @@ -48,8 +43,9 @@ dependencies: become_user: "root" - role: cert - instance: "client{{ nodeindex }}" - cert_path: /etc/docker + instance: "docker-client{{ nodeindex }}" + cert_path: "{{ caas.cert_path }}" + common_name: "docker-client" add_users: - kube become: true diff --git a/ansible/roles/docker/tasks/configure_docker.yml b/ansible/roles/docker/tasks/configure_docker.yml index c911ebb..4f0b860 100644 --- a/ansible/roles/docker/tasks/configure_docker.yml +++ b/ansible/roles/docker/tasks/configure_docker.yml @@ -48,4 +48,4 @@ with_items: - "DOCKER_HOST=tcp://{{ networking.infra_internal.ip }}:2375" - "DOCKER_TLS_VERIFY=1" - - "DOCKER_CERT_PATH=/etc/docker" + - "DOCKER_CERT_PATH={{ caas.cert_directory }}" diff --git a/ansible/roles/docker/tasks/main.yml b/ansible/roles/docker/tasks/main.yml index da98b49..725df82 100755 --- a/ansible/roles/docker/tasks/main.yml +++ b/ansible/roles/docker/tasks/main.yml @@ -42,5 +42,5 @@ with_items: - "export DOCKER_HOST=tcp://{{ networking.infra_internal.ip }}:2375" - "export DOCKER_TLS_VERIFY='1'" - - "export DOCKER_CERT_PATH=/etc/docker" + - "export DOCKER_CERT_PATH={{ caas.cert_directory }}" become_user: "root" diff --git a/ansible/roles/docker/templates/docker.service b/ansible/roles/docker/templates/docker.service index 2e20c3e..d7a0df4 100644 --- a/ansible/roles/docker/templates/docker.service +++ b/ansible/roles/docker/templates/docker.service @@ -57,7 +57,7 @@ Restart=on-failure RestartSec=1s Environment=DOCKER_HOST=tcp://{{ hostname|lower }}:2375 Environment=DOCKER_TLS_VERIFY=1 -Environment=DOCKER_CERT_PATH=/etc/docker +Environment=DOCKER_CERT_PATH={{ caas.cert_directory }} [Install] WantedBy=multi-user.target diff --git a/ansible/roles/docker_image_load/defaults/main.yaml b/ansible/roles/docker_image_load/defaults/main.yaml index 2c51cbc..e09e8da 100644 --- a/ansible/roles/docker_image_load/defaults/main.yaml +++ b/ansible/roles/docker_image_load/defaults/main.yaml @@ -16,7 +16,7 @@ docker_environment: DOCKER_HOST: "tcp://{{ networking.infra_internal.ip }}:2375" DOCKER_TLS_VERIFY: "1" - DOCKER_CERT_PATH: "/etc/docker" + DOCKER_CERT_PATH: "{{ caas.cert_directory }}" image_file_extension: .tar image_directory: "{{ caas.infra_containers_directory }}" diff --git a/ansible/roles/docker_image_push/defaults/main.yaml b/ansible/roles/docker_image_push/defaults/main.yaml index d6fccf1..9a56557 100644 --- a/ansible/roles/docker_image_push/defaults/main.yaml +++ b/ansible/roles/docker_image_push/defaults/main.yaml @@ -16,7 +16,7 @@ docker_environment: DOCKER_HOST: "tcp://{{ networking.infra_internal.ip }}:2375" DOCKER_TLS_VERIFY: "1" - DOCKER_CERT_PATH: "/etc/docker" + DOCKER_CERT_PATH: "{{ caas.cert_directory }}" registry: "{{ caas.registry_url }}:{{ caas.registry_port }}" registry_repo: "{{ caas.registry_repo }}"