From 5494d608e5400a5658155fbed3af2c478409a404 Mon Sep 17 00:00:00 2001 From: Sergii Golovatiuk Date: Fri, 10 Feb 2017 12:50:26 +0100 Subject: [PATCH] Set ssl_ca_dirs for rkt based on fact Since systemd kubelet.service has {{ ssl_ca_dirs }}, fact should be gathered before writing kubelet.service. Closes: #1007 Signed-off-by: Sergii Golovatiuk --- roles/kubernetes/node/tasks/install.yml | 8 ++++---- roles/kubernetes/node/templates/kubelet.rkt.service.j2 | 10 +++++++--- 2 files changed, 11 insertions(+), 7 deletions(-) diff --git a/roles/kubernetes/node/tasks/install.yml b/roles/kubernetes/node/tasks/install.yml index e949e87de..b45a42194 100644 --- a/roles/kubernetes/node/tasks/install.yml +++ b/roles/kubernetes/node/tasks/install.yml @@ -21,10 +21,6 @@ path: /var/lib/kubelet when: kubelet_deployment_type == "rkt" -- name: install | Write kubelet systemd init file - template: "src=kubelet.{{ kubelet_deployment_type }}.service.j2 dest=/etc/systemd/system/kubelet.service backup=yes" - notify: restart kubelet - - name: install | Set SSL CA directories set_fact: ssl_ca_dirs: "[ @@ -39,6 +35,10 @@ ]" tags: facts +- name: install | Write kubelet systemd init file + template: "src=kubelet.{{ kubelet_deployment_type }}.service.j2 dest=/etc/systemd/system/kubelet.service backup=yes" + notify: restart kubelet + - name: install | Install kubelet launch script template: src=kubelet-container.j2 dest="{{ bin_dir }}/kubelet" owner=kube mode=0755 backup=yes notify: restart kubelet diff --git a/roles/kubernetes/node/templates/kubelet.rkt.service.j2 b/roles/kubernetes/node/templates/kubelet.rkt.service.j2 index 12ce01c75..a36ce1ef9 100644 --- a/roles/kubernetes/node/templates/kubelet.rkt.service.j2 +++ b/roles/kubernetes/node/templates/kubelet.rkt.service.j2 @@ -27,9 +27,11 @@ ExecStart=/usr/bin/rkt run \ --volume etcd-ssl,kind=host,source={{ etcd_config_dir }},readOnly=true \ --volume opt-cni,kind=host,source=/opt/cni,readOnly=true \ --volume run,kind=host,source=/run,readOnly=false \ - --volume usr-share-certs,kind=host,source=/usr/share/ca-certificates,readOnly=true \ + {% for dir in ssl_ca_dirs -%} + --volume {{ dir | regex_replace('^/(.*)$', '\\1' ) | regex_replace('/', '-') }},kind=host,source={{ dir }},readOnly=true \ + {% endfor -%} --volume var-lib-docker,kind=host,source={{ docker_daemon_graph }},readOnly=false \ - --volume var-lib-kubelet,kind=host,source=/var/lib/kubelet,readOnly=false \ + --volume var-lib-kubelet,kind=host,source=/var/lib/kubelet,readOnly=false \ --volume var-log,kind=host,source=/var/log \ --mount volume=dns,target=/etc/resolv.conf \ --mount volume=etc-cni,target=/etc/cni \ @@ -38,7 +40,9 @@ ExecStart=/usr/bin/rkt run \ --mount volume=etcd-ssl,target={{ etcd_config_dir }} \ --mount volume=opt-cni,target=/opt/cni \ --mount volume=run,target=/run \ - --mount volume=usr-share-certs,target=/usr/share/ca-certificates \ + {% for dir in ssl_ca_dirs -%} + --mount volume={{ dir | regex_replace('^/(.*)$', '\\1' ) | regex_replace('/', '-') }},target={{ dir }} \ + {% endfor -%} --mount volume=var-lib-docker,target=/var/lib/docker \ --mount volume=var-lib-kubelet,target=/var/lib/kubelet \ --mount volume=var-log,target=/var/log \