etcd: use dynamic group for certs generation check (#10610)

We take advantage of group_by to create the list of nodes needing new certs, instead of manually looping inside a Jinja template. This should make the role more readable and less susceptible to white space problems.
2026-02-28 09:39:12 +03:00 · 2023-12-12 11:22:29 +01:00
parent 51069223f5
commit 0fb404c775
3 changed files with 21 additions and 63 deletions
--- a/roles/etcd/vars/main.yml
+++ b/roles/etcd/vars/main.yml
@@ -0,0 +1,10 @@
+---
+cert_files:
+  master:
+  - "{{ etcd_cert_dir }}/member-{{ inventory_hostname }}.pem"
+  - "{{ etcd_cert_dir }}/member-{{ inventory_hostname }}-key.pem"
+  - "{{ etcd_cert_dir }}/admin-{{ inventory_hostname }}.pem"
+  - "{{ etcd_cert_dir }}/admin-{{ inventory_hostname }}-key.pem"
+  node:
+  - "{{ etcd_cert_dir}}/node-{{ inventory_hostname }}.pem"
+  - "{{ etcd_cert_dir}}/node-{{ inventory_hostname }}-key.pem"