This PR adds/or modifies a few tasks to allow for the playbook to

be run by limit on each node without regard for order.

The changes make sure that all of the directories needed to do
certificate management are on the master[0] or etcd[0] node regardless
of when the playbook gets run on each node.  This allows for separate
ansible playbook runs in parallel that don't have to be synchronized.
This commit is contained in:
Greg Althaus 2017-01-14 23:24:34 -06:00
parent 2a61ad1b57
commit 6c69da1573
3 changed files with 73 additions and 8 deletions

View file

@ -1,12 +1,4 @@
--- ---
- name: Gen_certs | create etcd script dir
file:
path: "{{ etcd_script_dir }}"
state: directory
owner: root
when: inventory_hostname == groups['etcd'][0]
- name: Gen_certs | create etcd cert dir - name: Gen_certs | create etcd cert dir
file: file:
path={{ etcd_cert_dir }} path={{ etcd_cert_dir }}
@ -15,6 +7,24 @@
owner=root owner=root
recurse=yes recurse=yes
- name: Gen_certs | create etcd script dir
file:
path: "{{ etcd_script_dir }}"
state: directory
owner: root
run_once: yes
delegate_to: "{{groups['etcd'][0]}}"
- name: Gen_certs | create etcd cert dir (on first etcd)
file:
path={{ etcd_cert_dir }}
group={{ etcd_cert_group }}
state=directory
owner=root
recurse=yes
run_once: yes
delegate_to: "{{groups['etcd'][0]}}"
- name: Gen_certs | write openssl config - name: Gen_certs | write openssl config
template: template:
src: "openssl.conf.j2" src: "openssl.conf.j2"

View file

@ -1,4 +1,24 @@
--- ---
- name: Gen_certs | Create kubernetes config directory (on master[0])
file:
path: "{{ kube_config_dir }}"
state: directory
owner: kube
run_once: yes
delegate_to: "{{groups['kube-master'][0]}}"
tags: [kubelet, k8s-secrets, kube-controller-manager, kube-apiserver, bootstrap-os, apps, network, master, node]
when: gen_certs|default(false)
- name: Gen_certs | Create kubernetes script directory (on master[0])
file:
path: "{{ kube_script_dir }}"
state: directory
owner: kube
run_once: yes
delegate_to: "{{groups['kube-master'][0]}}"
tags: [k8s-secrets, bootstrap-os]
when: gen_certs|default(false)
- name: Gen_certs | write openssl config - name: Gen_certs | write openssl config
template: template:
src: "openssl.conf.j2" src: "openssl.conf.j2"

View file

@ -35,6 +35,41 @@
when: inventory_hostname in "{{ groups['kube-master'] }}" when: inventory_hostname in "{{ groups['kube-master'] }}"
notify: set secret_changed notify: set secret_changed
#
# The following directory creates make sure that the directories
# exist on the first master for cases where the first master isn't
# being run.
#
- name: Gen_certs | Create kubernetes config directory (on master[0])
file:
path: "{{ kube_config_dir }}"
state: directory
owner: kube
run_once: yes
delegate_to: "{{groups['kube-master'][0]}}"
tags: [kubelet, k8s-secrets, kube-controller-manager, kube-apiserver, bootstrap-os, apps, network, master, node]
when: gen_certs|default(false) or gen_tokens|default(false)
- name: Gen_certs | Create kubernetes script directory (on master[0])
file:
path: "{{ kube_script_dir }}"
state: directory
owner: kube
run_once: yes
delegate_to: "{{groups['kube-master'][0]}}"
tags: [k8s-secrets, bootstrap-os]
when: gen_certs|default(false) or gen_tokens|default(false)
- name: Get_tokens | Make sure the tokens directory exits (on master[0])
file:
path={{ kube_token_dir }}
state=directory
mode=o-rwx
group={{ kube_cert_group }}
run_once: yes
delegate_to: "{{groups['kube-master'][0]}}"
when: gen_tokens|default(false)
- include: gen_certs.yml - include: gen_certs.yml
tags: k8s-secrets tags: k8s-secrets
- include: gen_tokens.yml - include: gen_tokens.yml