Merge pull request #6827 from vrutkovs/node-uppercase-certificates

Automatic merge from submit-queue.

Lowercase node names when creating certificates

Additional fix for https://github.com/openshift/openshift-ansible/pull/6812

3 files changed, 12 insertions, 12 deletions

diff --git a/roles/openshift_node/templates/node.yaml.v1.j2 b/roles/openshift_node/templates/node.yaml.v1.j2
index 5f2a94ea2..7d817463c 100644
--- a/roles/openshift_node/templates/node.yaml.v1.j2
+++ b/roles/openshift_node/templates/node.yaml.v1.j2
@@ -32,7 +32,7 @@ masterClientConnectionOverrides:
   contentType: application/vnd.kubernetes.protobuf
   burst: 200
   qps: 100
-masterKubeConfig: system:node:{{ openshift.common.hostname }}.kubeconfig
+masterKubeConfig: system:node:{{ openshift.common.hostname | lower }}.kubeconfig
 {% if openshift_node_use_openshift_sdn | bool %}
 networkPluginName: {{ openshift_node_sdn_network_plugin_name }}
 {% endif %}
diff --git a/roles/openshift_node_certificates/tasks/main.yml b/roles/openshift_node_certificates/tasks/main.yml
index 5f73f3bdc..13d9fd718 100644
--- a/roles/openshift_node_certificates/tasks/main.yml
+++ b/roles/openshift_node_certificates/tasks/main.yml
@@ -18,9 +18,9 @@
   stat:
     path: "{{ openshift.common.config_base }}/node/{{ item }}"
   with_items:
-  - "system:node:{{ openshift.common.hostname }}.crt"
-  - "system:node:{{ openshift.common.hostname }}.key"
-  - "system:node:{{ openshift.common.hostname }}.kubeconfig"
+  - "system:node:{{ openshift.common.hostname | lower }}.crt"
+  - "system:node:{{ openshift.common.hostname | lower }}.key"
+  - "system:node:{{ openshift.common.hostname | lower }}.kubeconfig"
   - ca.crt
   - server.key
   - server.crt
@@ -59,16 +59,16 @@
     --certificate-authority {{ legacy_ca_certificate }}
     {% endfor %}
     --certificate-authority={{ openshift_ca_cert }}
-    --client-dir={{ openshift_generated_configs_dir }}/node-{{ hostvars[item].openshift.common.hostname }}
+    --client-dir={{ openshift_generated_configs_dir }}/node-{{ hostvars[item].openshift.common.hostname | lower }}
     --groups=system:nodes
     --master={{ hostvars[openshift_ca_host].openshift.master.api_url }}
     --signer-cert={{ openshift_ca_cert }}
     --signer-key={{ openshift_ca_key }}
     --signer-serial={{ openshift_ca_serial }}
-    --user=system:node:{{ hostvars[item].openshift.common.hostname }}
+    --user=system:node:{{ hostvars[item].openshift.common.hostname | lower }}
     --expire-days={{ openshift_node_cert_expire_days }}
   args:
-    creates: "{{ openshift_generated_configs_dir }}/node-{{ hostvars[item].openshift.common.hostname }}"
+    creates: "{{ openshift_generated_configs_dir }}/node-{{ hostvars[item].openshift.common.hostname | lower }}"
   with_items: "{{ hostvars
                   | lib_utils_oo_select_keys(groups['oo_nodes_to_config'])
                   | lib_utils_oo_collect(attribute='inventory_hostname', filters={'node_certs_missing':True}) }}"
@@ -78,16 +78,16 @@
 - name: Generate the node server certificate
   command: >
     {{ hostvars[openshift_ca_host]['first_master_client_binary'] }} adm ca create-server-cert
-    --cert={{ openshift_generated_configs_dir }}/node-{{ hostvars[item].openshift.common.hostname }}/server.crt
-    --key={{ openshift_generated_configs_dir }}/node-{{ hostvars[item].openshift.common.hostname }}/server.key
+    --cert={{ openshift_generated_configs_dir }}/node-{{ hostvars[item].openshift.common.hostname | lower }}/server.crt
+    --key={{ openshift_generated_configs_dir }}/node-{{ hostvars[item].openshift.common.hostname | lower }}/server.key
     --expire-days={{ openshift_node_cert_expire_days }}
     --overwrite=true
-    --hostnames={{ hostvars[item].openshift.common.hostname }},{{ hostvars[item].openshift.common.public_hostname }},{{ hostvars[item].openshift.common.ip }},{{ hostvars[item].openshift.common.public_ip }}
+    --hostnames={{ hostvars[item].openshift.common.hostname }},{{ hostvars[item].openshift.common.hostname | lower }},{{ hostvars[item].openshift.common.public_hostname }},{{ hostvars[item].openshift.common.public_hostname | lower }},{{ hostvars[item].openshift.common.ip }},{{ hostvars[item].openshift.common.public_ip }}
     --signer-cert={{ openshift_ca_cert }}
     --signer-key={{ openshift_ca_key }}
     --signer-serial={{ openshift_ca_serial }}
   args:
-    creates: "{{ openshift_generated_configs_dir }}/node-{{ hostvars[item].openshift.common.hostname }}/server.crt"
+    creates: "{{ openshift_generated_configs_dir }}/node-{{ hostvars[item].openshift.common.hostname | lower }}/server.crt"
   with_items: "{{ hostvars
                   | lib_utils_oo_select_keys(groups['oo_nodes_to_config'])
                   | lib_utils_oo_collect(attribute='inventory_hostname', filters={'node_certs_missing':True}) }}"
diff --git a/roles/openshift_node_certificates/vars/main.yml b/roles/openshift_node_certificates/vars/main.yml
index 17ad8106d..12a6d3f94 100644
--- a/roles/openshift_node_certificates/vars/main.yml
+++ b/roles/openshift_node_certificates/vars/main.yml
@@ -1,7 +1,7 @@
 ---
 openshift_generated_configs_dir: "{{ openshift.common.config_base }}/generated-configs"
 openshift_node_cert_dir: "{{ openshift.common.config_base }}/node"
-openshift_node_cert_subdir: "node-{{ openshift.common.hostname }}"
+openshift_node_cert_subdir: "node-{{ openshift.common.hostname | lower }}"
 openshift_node_config_dir: "{{ openshift.common.config_base }}/node"
 openshift_node_generated_config_dir: "{{ openshift_generated_configs_dir }}/{{ openshift_node_cert_subdir }}"