Fix etcd to-SSL upgrade and task register vars

This commit is contained in:
Matthew Mosesohn 2016-12-19 15:05:49 +03:00
parent add7570a94
commit 348fc5b109

View file

@ -1,26 +1,26 @@
- name: "Pre-upgrade | check for etcd-proxy unit file" - name: "Pre-upgrade | check for etcd-proxy unit file"
stat: stat:
path: /etc/systemd/system/etcd-proxy.service path: /etc/systemd/system/etcd-proxy.service
register: kube_apiserver_service_file register: etcd_proxy_service_file
tags: facts tags: facts
- name: "Pre-upgrade | check for etcd-proxy init script" - name: "Pre-upgrade | check for etcd-proxy init script"
stat: stat:
path: /etc/init.d/etcd-proxy path: /etc/init.d/etcd-proxy
register: kube_apiserver_init_script register: etcd_proxy_init_script
tags: facts tags: facts
- name: "Pre-upgrade | stop etcd-proxy if service defined" - name: "Pre-upgrade | stop etcd-proxy if service defined"
service: service:
name: etcd-proxy name: etcd-proxy
state: stopped state: stopped
when: (kube_apiserver_service_file.stat.exists|default(False) or kube_apiserver_init_script.stat.exists|default(False)) when: (etcd_proxy_service_file.stat.exists|default(False) or etcd_proxy_init_script.stat.exists|default(False))
- name: "Pre-upgrade | remove etcd-proxy service definition" - name: "Pre-upgrade | remove etcd-proxy service definition"
file: file:
path: "{{ item }}" path: "{{ item }}"
state: absent state: absent
when: (kube_apiserver_service_file.stat.exists|default(False) or kube_apiserver_init_script.stat.exists|default(False)) when: (etcd_proxy_service_file.stat.exists|default(False) or etcd_proxy_init_script.stat.exists|default(False))
with_items: with_items:
- /etc/systemd/system/etcd-proxy.service - /etc/systemd/system/etcd-proxy.service
- /etc/init.d/etcd-proxy - /etc/init.d/etcd-proxy
@ -34,12 +34,23 @@
command: "docker rm -f {{item}}" command: "docker rm -f {{item}}"
with_items: "{{etcd_proxy_container.stdout_lines}}" with_items: "{{etcd_proxy_container.stdout_lines}}"
- name: "Pre-upgrade | remove etcd-proxy if it exists"
command: "docker rm -f {{item}}"
with_items: "{{etcd_proxy_container.stdout_lines}}"
- name: "Pre-upgrade | check if member list is non-SSL" - name: "Pre-upgrade | check if member list is non-SSL"
command: etcdctl member list command: "{{ bin_dir }}/etcdctl --no-sync --peers={{ etcd_access_addresses | regex_replace('https','http') }} member list"
register: etcd_member_list register: etcd_member_list
retries: 10
delay: 3
until: etcd_member_list.rc != 2
run_once: true
ignore_errors: true ignore_errors: true
- name: "Pre-upgrade | change peer names to SSL" - name: "Pre-upgrade | change peer names to SSL"
shell: >- shell: >-
etcdctl member list | awk -F"[: =]" '{print "etcdctl member update "$1" https:"$7":"$8}' | bash {{ bin_dir }}/etcdctl --no-sync --peers={{ etcd_access_addresses | regex_replace('https','http') }} member list |
awk -F"[: =]" '{print "{{ bin_dir }}/etcdctl --peers={{ etcd_access_addresses | regex_replace('https','http') }} member update "$1" https:"$7":"$8}' | bash
run_once: true
when: 'etcd_member_list is defined and "http://" in etcd_member_list.stdout' when: 'etcd_member_list is defined and "http://" in etcd_member_list.stdout'