Fix cinder & external_openstack cacert deployment (#6745) (#6832)

The CA cert was only deployed on master nodes
2020-10-21 10:48:20 +02:00 · 2020-10-21 10:48:20 +02:00 · 087d9c204f
parent 775cadda62
commit 087d9c204f
4 changed files with 34 additions and 10 deletions
--- a/roles/kubernetes-apps/csi_driver/cinder/tasks/cinder-write-cacert.yml
+++ b/roles/kubernetes-apps/csi_driver/cinder/tasks/cinder-write-cacert.yml
@ -0,0 +1,12 @@
+---
+# include to workaround mitogen issue
+# https://github.com/dw/mitogen/issues/663
+
+- name: Cinder CSI Driver | Write cacert file
+  copy:
+    src: "{{ cinder_cacert }}"
+    dest: "{{ kube_config_dir }}/cinder-cacert.pem"
+    group: "{{ kube_cert_group }}"
+    mode: 0640
+  tags: cinder-csi-driver
+  delegate_to: "{{ delegate_host_to_write_cacert }}"
--- a/roles/kubernetes-apps/csi_driver/cinder/tasks/main.yml
+++ b/roles/kubernetes-apps/csi_driver/cinder/tasks/main.yml
@ -3,11 +3,11 @@
  tags: cinder-csi-driver

 - name: Cinder CSI Driver | Write cacert file
-  copy:
-    src: "{{ cinder_cacert }}"
-    dest: "{{ kube_config_dir }}/cinder-cacert.pem"
-    group: "{{ kube_cert_group }}"
-    mode: 0640
+  include_tasks: cinder-write-cacert.yml
+  run_once: true
+  loop: "{{ groups['k8s-cluster'] }}"
+  loop_control:
+    loop_var: delegate_host_to_write_cacert
  when:
    - inventory_hostname in groups['k8s-cluster']
    - cinder_cacert is defined
--- a/roles/kubernetes-apps/external_cloud_controller/openstack/tasks/main.yml
+++ b/roles/kubernetes-apps/external_cloud_controller/openstack/tasks/main.yml
@ -3,11 +3,11 @@
  tags: external-openstack

 - name: External OpenStack Cloud Controller | Write cacert file
-  copy:
-    src: "{{ external_openstack_cacert }}"
-    dest: "{{ kube_config_dir }}/external-openstack-cacert.pem"
-    group: "{{ kube_cert_group }}"
-    mode: 0640
+  include_tasks: openstack-write-cacert.yml
+  run_once: true
+  loop: "{{ groups['k8s-cluster'] }}"
+  loop_control:
+    loop_var: delegate_host_to_write_cacert
  when:
    - inventory_hostname in groups['k8s-cluster']
    - external_openstack_cacert is defined
--- a/roles/kubernetes-apps/external_cloud_controller/openstack/tasks/openstack-write-cacert.yml
+++ b/roles/kubernetes-apps/external_cloud_controller/openstack/tasks/openstack-write-cacert.yml
@ -0,0 +1,12 @@
+---
+# include to workaround mitogen issue
+# https://github.com/dw/mitogen/issues/663
+
+- name: External OpenStack Cloud Controller | Write cacert file
+  copy:
+    src: "{{ external_openstack_cacert }}"
+    dest: "{{ kube_config_dir }}/external-openstack-cacert.pem"
+    group: "{{ kube_cert_group }}"
+    mode: 0640
+  tags: external-openstack
+  delegate_to: "{{ delegate_host_to_write_cacert }}"