From aa6e19725685b77537e1d4e530eaa0b4e6e0a2a6 Mon Sep 17 00:00:00 2001
From: ghsbhatia <sbhatia.jobs@gmail.com>
Date: Wed, 22 Nov 2023 12:46:20 -0700
Subject: [PATCH] Update rke2-init.sh

fix tls-san handling in rke2 config
---
 modules/userdata/files/rke2-init.sh | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/modules/userdata/files/rke2-init.sh b/modules/userdata/files/rke2-init.sh
index c3a1620..b246b44 100644
--- a/modules/userdata/files/rke2-init.sh
+++ b/modules/userdata/files/rke2-init.sh
@@ -36,6 +36,16 @@ append_config() {
   echo "$1" >> "/etc/rancher/rke2/config.yaml"
 }
 
+append_config_san() {
+  grep "^tls-san:$" /etc/rancher/rke2/config.yaml > /dev/null
+  if [ $? -eq 0 ]; then
+    sed -i "/^tls-san:$/a \ \ - ${server_url}" /etc/rancher/rke2/config.yaml
+    return
+  fi
+  echo "tls-san:" >> /etc/rancher/rke2/config.yaml
+  echo "  - ${server_url}" >> /etc/rancher/rke2/config.yaml
+}
+
 # The most simple "leader election" you've ever seen in your life
 elect_leader() {
   # Fetch other running instances in ASG
@@ -168,10 +178,7 @@ upload() {
     # Initialize server
     identify
 
-    cat <<EOF >> "/etc/rancher/rke2/config.yaml"
-tls-san:
-  - ${server_url}
-EOF
+    append_config_san
 
     if [ $SERVER_TYPE = "server" ]; then     # additional server joining an existing cluster
       append_config 'server: https://${server_url}:9345'