Merge pull request #96 from ghsbhatia/fix-tls-san

Fix tls-san handling in rke2 config
rancherfederal · Nov 28, 2023 · 4206e41 · 4206e41
2 parents 1fe22df + aa6e197
commit 4206e41
Showing 1 changed file with 11 additions and 4 deletions.
diff --git a/modules/userdata/files/rke2-init.sh b/modules/userdata/files/rke2-init.sh
@@ -36,6 +36,16 @@ append_config() {
   echo "$1" >> "/etc/rancher/rke2/config.yaml"
 }
 
+append_config_san() {
+  grep "^tls-san:$" /etc/rancher/rke2/config.yaml > /dev/null
+  if [ $? -eq 0 ]; then
+    sed -i "/^tls-san:$/a \ \ - ${server_url}" /etc/rancher/rke2/config.yaml
+    return
+  fi
+  echo "tls-san:" >> /etc/rancher/rke2/config.yaml
+  echo "  - ${server_url}" >> /etc/rancher/rke2/config.yaml
+}
+
 # The most simple "leader election" you've ever seen in your life
 elect_leader() {
   # Fetch other running instances in ASG
@@ -168,10 +178,7 @@ upload() {
     # Initialize server
     identify
 
-    cat <<EOF >> "/etc/rancher/rke2/config.yaml"
-tls-san:
-  - ${server_url}
-EOF
+    append_config_san
 
     if [ $SERVER_TYPE = "server" ]; then     # additional server joining an existing cluster
       append_config 'server: https://${server_url}:9345'