Fix etcd to-SSL upgrade and task register vars
This commit is contained in:
parent
add7570a94
commit
348fc5b109
1 changed files with 17 additions and 6 deletions
|
@ -1,26 +1,26 @@
|
||||||
- name: "Pre-upgrade | check for etcd-proxy unit file"
|
- name: "Pre-upgrade | check for etcd-proxy unit file"
|
||||||
stat:
|
stat:
|
||||||
path: /etc/systemd/system/etcd-proxy.service
|
path: /etc/systemd/system/etcd-proxy.service
|
||||||
register: kube_apiserver_service_file
|
register: etcd_proxy_service_file
|
||||||
tags: facts
|
tags: facts
|
||||||
|
|
||||||
- name: "Pre-upgrade | check for etcd-proxy init script"
|
- name: "Pre-upgrade | check for etcd-proxy init script"
|
||||||
stat:
|
stat:
|
||||||
path: /etc/init.d/etcd-proxy
|
path: /etc/init.d/etcd-proxy
|
||||||
register: kube_apiserver_init_script
|
register: etcd_proxy_init_script
|
||||||
tags: facts
|
tags: facts
|
||||||
|
|
||||||
- name: "Pre-upgrade | stop etcd-proxy if service defined"
|
- name: "Pre-upgrade | stop etcd-proxy if service defined"
|
||||||
service:
|
service:
|
||||||
name: etcd-proxy
|
name: etcd-proxy
|
||||||
state: stopped
|
state: stopped
|
||||||
when: (kube_apiserver_service_file.stat.exists|default(False) or kube_apiserver_init_script.stat.exists|default(False))
|
when: (etcd_proxy_service_file.stat.exists|default(False) or etcd_proxy_init_script.stat.exists|default(False))
|
||||||
|
|
||||||
- name: "Pre-upgrade | remove etcd-proxy service definition"
|
- name: "Pre-upgrade | remove etcd-proxy service definition"
|
||||||
file:
|
file:
|
||||||
path: "{{ item }}"
|
path: "{{ item }}"
|
||||||
state: absent
|
state: absent
|
||||||
when: (kube_apiserver_service_file.stat.exists|default(False) or kube_apiserver_init_script.stat.exists|default(False))
|
when: (etcd_proxy_service_file.stat.exists|default(False) or etcd_proxy_init_script.stat.exists|default(False))
|
||||||
with_items:
|
with_items:
|
||||||
- /etc/systemd/system/etcd-proxy.service
|
- /etc/systemd/system/etcd-proxy.service
|
||||||
- /etc/init.d/etcd-proxy
|
- /etc/init.d/etcd-proxy
|
||||||
|
@ -34,12 +34,23 @@
|
||||||
command: "docker rm -f {{item}}"
|
command: "docker rm -f {{item}}"
|
||||||
with_items: "{{etcd_proxy_container.stdout_lines}}"
|
with_items: "{{etcd_proxy_container.stdout_lines}}"
|
||||||
|
|
||||||
|
- name: "Pre-upgrade | remove etcd-proxy if it exists"
|
||||||
|
command: "docker rm -f {{item}}"
|
||||||
|
with_items: "{{etcd_proxy_container.stdout_lines}}"
|
||||||
|
|
||||||
- name: "Pre-upgrade | check if member list is non-SSL"
|
- name: "Pre-upgrade | check if member list is non-SSL"
|
||||||
command: etcdctl member list
|
command: "{{ bin_dir }}/etcdctl --no-sync --peers={{ etcd_access_addresses | regex_replace('https','http') }} member list"
|
||||||
register: etcd_member_list
|
register: etcd_member_list
|
||||||
|
retries: 10
|
||||||
|
delay: 3
|
||||||
|
until: etcd_member_list.rc != 2
|
||||||
|
run_once: true
|
||||||
ignore_errors: true
|
ignore_errors: true
|
||||||
|
|
||||||
- name: "Pre-upgrade | change peer names to SSL"
|
- name: "Pre-upgrade | change peer names to SSL"
|
||||||
shell: >-
|
shell: >-
|
||||||
etcdctl member list | awk -F"[: =]" '{print "etcdctl member update "$1" https:"$7":"$8}' | bash
|
{{ bin_dir }}/etcdctl --no-sync --peers={{ etcd_access_addresses | regex_replace('https','http') }} member list |
|
||||||
|
awk -F"[: =]" '{print "{{ bin_dir }}/etcdctl --peers={{ etcd_access_addresses | regex_replace('https','http') }} member update "$1" https:"$7":"$8}' | bash
|
||||||
|
run_once: true
|
||||||
when: 'etcd_member_list is defined and "http://" in etcd_member_list.stdout'
|
when: 'etcd_member_list is defined and "http://" in etcd_member_list.stdout'
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue