This PR adds/or modifies a few tasks to allow for the playbook to
be run by limit on each node without regard for order. The changes make sure that all of the directories needed to do certificate management are on the master[0] or etcd[0] node regardless of when the playbook gets run on each node. This allows for separate ansible playbook runs in parallel that don't have to be synchronized.
This commit is contained in:
parent
2a61ad1b57
commit
6c69da1573
3 changed files with 73 additions and 8 deletions
|
@ -1,12 +1,4 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- name: Gen_certs | create etcd script dir
|
|
||||||
file:
|
|
||||||
path: "{{ etcd_script_dir }}"
|
|
||||||
state: directory
|
|
||||||
owner: root
|
|
||||||
when: inventory_hostname == groups['etcd'][0]
|
|
||||||
|
|
||||||
- name: Gen_certs | create etcd cert dir
|
- name: Gen_certs | create etcd cert dir
|
||||||
file:
|
file:
|
||||||
path={{ etcd_cert_dir }}
|
path={{ etcd_cert_dir }}
|
||||||
|
@ -15,6 +7,24 @@
|
||||||
owner=root
|
owner=root
|
||||||
recurse=yes
|
recurse=yes
|
||||||
|
|
||||||
|
- name: Gen_certs | create etcd script dir
|
||||||
|
file:
|
||||||
|
path: "{{ etcd_script_dir }}"
|
||||||
|
state: directory
|
||||||
|
owner: root
|
||||||
|
run_once: yes
|
||||||
|
delegate_to: "{{groups['etcd'][0]}}"
|
||||||
|
|
||||||
|
- name: Gen_certs | create etcd cert dir (on first etcd)
|
||||||
|
file:
|
||||||
|
path={{ etcd_cert_dir }}
|
||||||
|
group={{ etcd_cert_group }}
|
||||||
|
state=directory
|
||||||
|
owner=root
|
||||||
|
recurse=yes
|
||||||
|
run_once: yes
|
||||||
|
delegate_to: "{{groups['etcd'][0]}}"
|
||||||
|
|
||||||
- name: Gen_certs | write openssl config
|
- name: Gen_certs | write openssl config
|
||||||
template:
|
template:
|
||||||
src: "openssl.conf.j2"
|
src: "openssl.conf.j2"
|
||||||
|
|
|
@ -1,4 +1,24 @@
|
||||||
---
|
---
|
||||||
|
- name: Gen_certs | Create kubernetes config directory (on master[0])
|
||||||
|
file:
|
||||||
|
path: "{{ kube_config_dir }}"
|
||||||
|
state: directory
|
||||||
|
owner: kube
|
||||||
|
run_once: yes
|
||||||
|
delegate_to: "{{groups['kube-master'][0]}}"
|
||||||
|
tags: [kubelet, k8s-secrets, kube-controller-manager, kube-apiserver, bootstrap-os, apps, network, master, node]
|
||||||
|
when: gen_certs|default(false)
|
||||||
|
|
||||||
|
- name: Gen_certs | Create kubernetes script directory (on master[0])
|
||||||
|
file:
|
||||||
|
path: "{{ kube_script_dir }}"
|
||||||
|
state: directory
|
||||||
|
owner: kube
|
||||||
|
run_once: yes
|
||||||
|
delegate_to: "{{groups['kube-master'][0]}}"
|
||||||
|
tags: [k8s-secrets, bootstrap-os]
|
||||||
|
when: gen_certs|default(false)
|
||||||
|
|
||||||
- name: Gen_certs | write openssl config
|
- name: Gen_certs | write openssl config
|
||||||
template:
|
template:
|
||||||
src: "openssl.conf.j2"
|
src: "openssl.conf.j2"
|
||||||
|
|
|
@ -35,6 +35,41 @@
|
||||||
when: inventory_hostname in "{{ groups['kube-master'] }}"
|
when: inventory_hostname in "{{ groups['kube-master'] }}"
|
||||||
notify: set secret_changed
|
notify: set secret_changed
|
||||||
|
|
||||||
|
#
|
||||||
|
# The following directory creates make sure that the directories
|
||||||
|
# exist on the first master for cases where the first master isn't
|
||||||
|
# being run.
|
||||||
|
#
|
||||||
|
- name: Gen_certs | Create kubernetes config directory (on master[0])
|
||||||
|
file:
|
||||||
|
path: "{{ kube_config_dir }}"
|
||||||
|
state: directory
|
||||||
|
owner: kube
|
||||||
|
run_once: yes
|
||||||
|
delegate_to: "{{groups['kube-master'][0]}}"
|
||||||
|
tags: [kubelet, k8s-secrets, kube-controller-manager, kube-apiserver, bootstrap-os, apps, network, master, node]
|
||||||
|
when: gen_certs|default(false) or gen_tokens|default(false)
|
||||||
|
|
||||||
|
- name: Gen_certs | Create kubernetes script directory (on master[0])
|
||||||
|
file:
|
||||||
|
path: "{{ kube_script_dir }}"
|
||||||
|
state: directory
|
||||||
|
owner: kube
|
||||||
|
run_once: yes
|
||||||
|
delegate_to: "{{groups['kube-master'][0]}}"
|
||||||
|
tags: [k8s-secrets, bootstrap-os]
|
||||||
|
when: gen_certs|default(false) or gen_tokens|default(false)
|
||||||
|
|
||||||
|
- name: Get_tokens | Make sure the tokens directory exits (on master[0])
|
||||||
|
file:
|
||||||
|
path={{ kube_token_dir }}
|
||||||
|
state=directory
|
||||||
|
mode=o-rwx
|
||||||
|
group={{ kube_cert_group }}
|
||||||
|
run_once: yes
|
||||||
|
delegate_to: "{{groups['kube-master'][0]}}"
|
||||||
|
when: gen_tokens|default(false)
|
||||||
|
|
||||||
- include: gen_certs.yml
|
- include: gen_certs.yml
|
||||||
tags: k8s-secrets
|
tags: k8s-secrets
|
||||||
- include: gen_tokens.yml
|
- include: gen_tokens.yml
|
||||||
|
|
Loading…
Reference in a new issue