diff options
author | Christian Albrecht <christian.albrecht@mayflower.de> | 2019-03-11 11:42:48 +0100 |
---|---|---|
committer | Christian Albrecht <christian.albrecht@mayflower.de> | 2019-03-11 12:22:59 +0100 |
commit | e3a80ebc40c9ce68db32a20dc806710b36393080 (patch) | |
tree | 6935e2031c4ec59211097c4fc6100898916be406 /nixos/modules/services | |
parent | 45e683fbd6bc2b8ccf57b6425f4877deed618569 (diff) | |
download | nixpkgs-e3a80ebc40c9ce68db32a20dc806710b36393080.tar nixpkgs-e3a80ebc40c9ce68db32a20dc806710b36393080.tar.gz nixpkgs-e3a80ebc40c9ce68db32a20dc806710b36393080.tar.bz2 nixpkgs-e3a80ebc40c9ce68db32a20dc806710b36393080.tar.lz nixpkgs-e3a80ebc40c9ce68db32a20dc806710b36393080.tar.xz nixpkgs-e3a80ebc40c9ce68db32a20dc806710b36393080.tar.zst nixpkgs-e3a80ebc40c9ce68db32a20dc806710b36393080.zip |
Cleanup pki: remove mkWaitCurl
Diffstat (limited to 'nixos/modules/services')
-rw-r--r-- | nixos/modules/services/cluster/kubernetes/default.nix | 13 | ||||
-rw-r--r-- | nixos/modules/services/cluster/kubernetes/pki.nix | 22 |
2 files changed, 12 insertions, 23 deletions
diff --git a/nixos/modules/services/cluster/kubernetes/default.nix b/nixos/modules/services/cluster/kubernetes/default.nix index 7cc172f1255..84ed6821692 100644 --- a/nixos/modules/services/cluster/kubernetes/default.nix +++ b/nixos/modules/services/cluster/kubernetes/default.nix @@ -73,18 +73,6 @@ let }; }; - mkWaitCurl = { address ? cfg.apiserverAddress, sleep ? 2, path ? "", args ? "-o /dev/null", - cacert ? null, cert ? null, key ? null, }: '' - while ! ${pkgs.curl}/bin/curl --fail-early -fs \ - ${if cacert != null then "--cacert ${cacert}" else ""} \ - ${if cert != null then "--cert ${cert}" else ""} \ - ${if key != null then "--key ${key}" else ""} \ - ${address}${path} ${args} ; do - sleep ${toString sleep} - echo Waiting to be able to reach ${address}${path} - done - ''; - kubeConfigDefaults = { server = mkDefault cfg.kubeconfig.server; caFile = mkDefault cfg.kubeconfig.caFile; @@ -174,7 +162,6 @@ in { inherit mkCert; inherit mkKubeConfig; inherit mkKubeConfigOptions; - inherit mkWaitCurl; }; type = types.attrs; }; diff --git a/nixos/modules/services/cluster/kubernetes/pki.nix b/nixos/modules/services/cluster/kubernetes/pki.nix index 1d0232fa235..4cf3269e18f 100644 --- a/nixos/modules/services/cluster/kubernetes/pki.nix +++ b/nixos/modules/services/cluster/kubernetes/pki.nix @@ -182,12 +182,12 @@ in description = "Wait for ${remote} to be reachable."; wantedBy = [ "cfssl-online.target" ]; before = [ "cfssl-online.target" ]; + path = [ pkgs.curl ]; preStart = '' - ${top.lib.mkWaitCurl { - address = remote; - path = "/api/v1/cfssl/info"; - args = "-kd '{}' -o /dev/null"; - }} + until curl --fail-early -fskd '{}' ${remote}/api/v1/cfssl/info -o /dev/null; do + echo curl ${remote}/api/v1/cfssl/info: exit status $? + sleep 2 + done ''; script = "echo Ok"; serviceConfig = { @@ -200,6 +200,7 @@ in wantedBy = [ "cfssl-online.target" ]; after = [ "cfssl-online.target" ]; before = [ "certmgr.service" ]; + path = with pkgs; [ curl cfssl ]; script = concatStringsSep "\n" ['' set -e @@ -218,11 +219,12 @@ in '' (optionalString (cfg.pkiTrustOnBootstrap) '' if [ ! -s "${top.caFile}" ]; then - ${top.lib.mkWaitCurl { - address = "https://${top.masterAddress}:${cfsslPort}"; - path = "/api/v1/cfssl/info"; - args = "-kd '{}' -o - | ${pkgs.cfssl}/bin/cfssljson -stdout >${top.caFile}"; - }} + until test -s ${top.caFile}.json; do + sleep 2 + curl --fail-early -fskd '{}' ${remote}/api/v1/cfssl/info -o ${top.caFile}.json + done + cfssljson -f ${top.caFile}.json -stdout >${top.caFile} + rm ${top.caFile}.json fi '') ]; |