From 1c43bb19d2903f730a27a913457126bda23c53c2 Mon Sep 17 00:00:00 2001 From: Danny Bessems Date: Thu, 25 Aug 2022 08:22:28 +0200 Subject: [PATCH] Add acme provisioner;Force system certs update --- .../ansible_payload/roles/metacluster/tasks/main.yml | 1 + ansible/vars/metacluster.yml | 8 ++++++++ 2 files changed, 9 insertions(+) diff --git a/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/main.yml b/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/main.yml index 5d24fc3..717a0ba 100644 --- a/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/main.yml +++ b/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/main.yml @@ -159,6 +159,7 @@ --fingerprint={{ stepca_configmap.resources[0].data['defaults.json'] | from_json | json_query('fingerprint') }} \ --install \ --force + update-ca-certificates - name: Install harbor chart kubernetes.core.helm: diff --git a/ansible/vars/metacluster.yml b/ansible/vars/metacluster.yml index 00d43e1..aa5f00d 100644 --- a/ansible/vars/metacluster.yml +++ b/ansible/vars/metacluster.yml @@ -69,6 +69,14 @@ components: parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sed '/:/!s/$/:latest/' | sort -u chart_values: !unsafe | ca: + bootstrap: + postInitHook: | + echo '{{ vapp["guestinfo.rootpw"] }}' > ~/pwfile + step ca provisioner add acme \ + --type ACME \ + --password-file=~/pwfile \ + --force-cn + rm ~/pwfile dns: ca.{{ vapp['metacluster.fqdn'] }},step-certificates.step-ca.svc.cluster.local,127.0.0.1 password: "{{ vapp['guestinfo.rootpw'] }}" provisioner: