fix(kanidm): replicate 1/2 from 0 only with automatic_refresh (#181)
kanidm-0 is the authoritative supplier; kanidm-1 and kanidm-2 pull from kanidm-0 only. automatic_refresh = true on the kanidm-0 peer entry for kanidm-1/2 so fresh nodes auto-sync domain UUID on restart. Reviewed-on: #181
This commit was merged in pull request #181.
This commit is contained in:
@@ -44,13 +44,19 @@ spec:
|
|||||||
- |
|
- |
|
||||||
set -e
|
set -e
|
||||||
cp "/config-template/server-${POD_NAME##*-}.toml" /config/server.toml
|
cp "/config-template/server-${POD_NAME##*-}.toml" /config/server.toml
|
||||||
for peer in kanidm-0 kanidm-1 kanidm-2; do
|
if [ "${POD_NAME}" = "kanidm-0" ]; then
|
||||||
[ "${peer}" = "${POD_NAME}" ] && continue
|
peers="kanidm-1 kanidm-2"
|
||||||
|
else
|
||||||
|
peers="kanidm-0"
|
||||||
|
fi
|
||||||
|
for peer in ${peers}; do
|
||||||
cert_file="/repl-certs/${peer}"
|
cert_file="/repl-certs/${peer}"
|
||||||
[ -s "${cert_file}" ] || continue
|
[ -s "${cert_file}" ] || continue
|
||||||
fqdn="${peer}.kanidm-headless.kanidm.svc.cluster.local"
|
fqdn="${peer}.kanidm-headless.kanidm.svc.cluster.local"
|
||||||
printf '\n[replication."repl://%s:8444"]\ntype = "mutual-pull"\npartner_cert = "%s"\n' \
|
refresh=""
|
||||||
"${fqdn}" "$(cat ${cert_file})" >> /config/server.toml
|
[ "${peer}" = "kanidm-0" ] && refresh="\nautomatic_refresh = true"
|
||||||
|
printf '\n[replication."repl://%s:8444"]\ntype = "mutual-pull"\npartner_cert = "%s"%s\n' \
|
||||||
|
"${fqdn}" "$(cat ${cert_file})" "${refresh}" >> /config/server.toml
|
||||||
done
|
done
|
||||||
env:
|
env:
|
||||||
- name: POD_NAME
|
- name: POD_NAME
|
||||||
|
|||||||
Reference in New Issue
Block a user