movefasta/nixpkgs
0
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-07-13 21:50:33 +03:00
Code Activity

Cleanup pki: remove mkWaitCurl

Browse source
This commit is contained in:
Christian Albrecht 2019-03-11 11:42:48 +01:00
parent 45e683fbd6
commit e3a80ebc40
No known key found for this signature in database
GPG key ID: 866AF4B25DF7EB00
2 changed files with 12 additions and 23 deletions
Download patch file Download diff file Expand all files Collapse all files

13
nixos/modules/services/cluster/kubernetes/default.nix
View file

@ -73,18 +73,6 @@ let
}; };
}; };
mkWaitCurl = { address ? cfg.apiserverAddress, sleep ? 2, path ? "", args ? "-o /dev/null",
cacert ? null, cert ? null, key ? null, }: ''
while ! ${pkgs.curl}/bin/curl --fail-early -fs \
${if cacert != null then "--cacert ${cacert}" else ""} \
${if cert != null then "--cert ${cert}" else ""} \
${if key != null then "--key ${key}" else ""} \
${address}${path} ${args} ; do
sleep ${toString sleep}
echo Waiting to be able to reach ${address}${path}
done
'';
kubeConfigDefaults = { kubeConfigDefaults = {
server = mkDefault cfg.kubeconfig.server; server = mkDefault cfg.kubeconfig.server;
caFile = mkDefault cfg.kubeconfig.caFile; caFile = mkDefault cfg.kubeconfig.caFile;
@ -174,7 +162,6 @@ in {
inherit mkCert; inherit mkCert;
inherit mkKubeConfig; inherit mkKubeConfig;
inherit mkKubeConfigOptions; inherit mkKubeConfigOptions;
inherit mkWaitCurl;
}; };
type = types.attrs; type = types.attrs;
}; };

22
nixos/modules/services/cluster/kubernetes/pki.nix
View file

@ -182,12 +182,12 @@ in
description = "Wait for ${remote} to be reachable."; description = "Wait for ${remote} to be reachable.";
wantedBy = [ "cfssl-online.target" ]; wantedBy = [ "cfssl-online.target" ];
before = [ "cfssl-online.target" ]; before = [ "cfssl-online.target" ];
path = [ pkgs.curl ];
preStart = '' preStart = ''
${top.lib.mkWaitCurl { until curl --fail-early -fskd '{}' ${remote}/api/v1/cfssl/info -o /dev/null; do
address = remote; echo curl ${remote}/api/v1/cfssl/info: exit status $?
path = "/api/v1/cfssl/info"; sleep 2
args = "-kd '{}' -o /dev/null"; done
}}
''; '';
script = "echo Ok"; script = "echo Ok";
serviceConfig = { serviceConfig = {
@ -200,6 +200,7 @@ in
wantedBy = [ "cfssl-online.target" ]; wantedBy = [ "cfssl-online.target" ];
after = [ "cfssl-online.target" ]; after = [ "cfssl-online.target" ];
before = [ "certmgr.service" ]; before = [ "certmgr.service" ];
path = with pkgs; [ curl cfssl ];
script = concatStringsSep "\n" ['' script = concatStringsSep "\n" [''
set -e set -e
@ -218,11 +219,12 @@ in
'' ''
(optionalString (cfg.pkiTrustOnBootstrap) '' (optionalString (cfg.pkiTrustOnBootstrap) ''
if [ ! -s "${top.caFile}" ]; then if [ ! -s "${top.caFile}" ]; then
${top.lib.mkWaitCurl { until test -s ${top.caFile}.json; do
address = "https://${top.masterAddress}:${cfsslPort}"; sleep 2
path = "/api/v1/cfssl/info"; curl --fail-early -fskd '{}' ${remote}/api/v1/cfssl/info -o ${top.caFile}.json
args = "-kd '{}' -o - | ${pkgs.cfssl}/bin/cfssljson -stdout >${top.caFile}"; done
}} cfssljson -f ${top.caFile}.json -stdout >${top.caFile}
rm ${top.caFile}.json
fi fi
'') '')
]; ];