Use local_ipv4 when public_ipv4 is not present.

2025-07-25 12:43:23 +00:00 · 2016-02-09 16:35:38 -05:00 · 2016-02-09 16:35:38 -05:00 · 646c22e47c
commit 646c22e47c
parent f36b604bec
1 changed files with 10 additions and 1 deletions
--- a/cluster/saltbase/salt/generate-cert/make-ca-cert.sh
+++ b/cluster/saltbase/salt/generate-cert/make-ca-cert.sh
@ -33,7 +33,16 @@ if [ "$cert_ip" == "_use_gce_external_ip_" ]; then
 fi

 if [ "$cert_ip" == "_use_aws_external_ip_" ]; then
-  cert_ip=$(curl -s http://169.254.169.254/latest/meta-data/public-ipv4)
+  # If there's no public IP assigned (e.g. this host is running on an internal subnet in a VPC), then
+  # curl will happily spit out the contents of AWS's 404 page and an exit code of zero.
+  #
+  # The string containing the 404 page trips up one of easyrsa's calls to openssl later; whichever
+  # one creates the CA certificate, because the 404 page is > 64 characters.
+  if cert_ip=$(curl -f -s http://169.254.169.254/latest/meta-data/public-ipv4); then
+    :
+  else
+    cert_ip=$(curl -f -s http://169.254.169.254/latest/meta-data/local-ipv4)
+  fi
 fi

 sans="IP:${cert_ip}"