vvraskin commented on a change in pull request #3077: Enable ssl on the path
between edge and controllers
URL:
https://github.com/apache/incubator-openwhisk/pull/3077#discussion_r168181773
##########
File path: ansible/group_vars/all
##########
@@ -65,6 +65,25 @@ controller:
# We recommend to enable HA for the controllers only, if bookkeeping data
are shared too. (localBookkeeping: false)
ha: "{{ controller_enable_ha | default(True) and groups['controllers'] |
length > 1 }}"
loglevel: "{{ controller_loglevel | default(whisk_loglevel) |
default('INFO') }}"
+ protocol: "{{ controllerProtocolForSetup }}"
+ ssl:
+ cn: openwhisk-controllers
+ cert: "{{ controller_ca_cert |
default('controller-openwhisk-server-cert.pem') }}"
+ key: "{{ controller_key | default('controller-openwhisk-server-key.pem')
}}"
+ clientAuth: "{{ controller_client_auth | default('true') }}"
+ storeFlavor: PKCS12
+ keystore:
+ password: "{{ controllerKeystorePassword }}"
+ path: "/conf/{{ controllerKeystoreName }}"
+# keystore and truststore are the same as long as controller and nginx share
the certificate
+ truststore:
+ password: "{{ controllerKeystorePassword }}"
+ path: "/conf/{{ controllerKeystoreName }}"
+# move controller protocol outside to not evaluate controller variables during
execution of setup.yml
+controllerProtocolForSetup: "{{ controller_protocol | default('https') }}"
Review comment:
The problem is that when we execute `setup.yml` ansible doesn't know about
the `groups[controllers]` and it is complaining about the undefined vabiable.
So I moved it to `controllerProtocolForSetup` so we don't evaluate all
controller properties.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
With regards,
Apache Git Services
