diff --git a/roles/etcd/tasks/gen_certs.yml b/roles/etcd/tasks/gen_certs.yml index 49ca33186..835e234b0 100644 --- a/roles/etcd/tasks/gen_certs.yml +++ b/roles/etcd/tasks/gen_certs.yml @@ -1,12 +1,4 @@ --- - -- name: Gen_certs | create etcd script dir - file: - path: "{{ etcd_script_dir }}" - state: directory - owner: root - when: inventory_hostname == groups['etcd'][0] - - name: Gen_certs | create etcd cert dir file: path={{ etcd_cert_dir }} @@ -15,6 +7,24 @@ owner=root recurse=yes +- name: Gen_certs | create etcd script dir + file: + path: "{{ etcd_script_dir }}" + state: directory + owner: root + run_once: yes + delegate_to: "{{groups['etcd'][0]}}" + +- name: Gen_certs | create etcd cert dir (on first etcd) + file: + path={{ etcd_cert_dir }} + group={{ etcd_cert_group }} + state=directory + owner=root + recurse=yes + run_once: yes + delegate_to: "{{groups['etcd'][0]}}" + - name: Gen_certs | write openssl config template: src: "openssl.conf.j2" diff --git a/roles/kubernetes/secrets/tasks/gen_certs.yml b/roles/kubernetes/secrets/tasks/gen_certs.yml index 545cba31f..a343a9337 100644 --- a/roles/kubernetes/secrets/tasks/gen_certs.yml +++ b/roles/kubernetes/secrets/tasks/gen_certs.yml @@ -1,4 +1,24 @@ --- +- name: Gen_certs | Create kubernetes config directory (on master[0]) + file: + path: "{{ kube_config_dir }}" + state: directory + owner: kube + run_once: yes + delegate_to: "{{groups['kube-master'][0]}}" + tags: [kubelet, k8s-secrets, kube-controller-manager, kube-apiserver, bootstrap-os, apps, network, master, node] + when: gen_certs|default(false) + +- name: Gen_certs | Create kubernetes script directory (on master[0]) + file: + path: "{{ kube_script_dir }}" + state: directory + owner: kube + run_once: yes + delegate_to: "{{groups['kube-master'][0]}}" + tags: [k8s-secrets, bootstrap-os] + when: gen_certs|default(false) + - name: Gen_certs | write openssl config template: src: "openssl.conf.j2" diff --git a/roles/kubernetes/secrets/tasks/main.yml b/roles/kubernetes/secrets/tasks/main.yml index 4dc6f8c30..9969d5292 100644 --- a/roles/kubernetes/secrets/tasks/main.yml +++ b/roles/kubernetes/secrets/tasks/main.yml @@ -35,6 +35,41 @@ when: inventory_hostname in "{{ groups['kube-master'] }}" notify: set secret_changed +# +# The following directory creates make sure that the directories +# exist on the first master for cases where the first master isn't +# being run. +# +- name: Gen_certs | Create kubernetes config directory (on master[0]) + file: + path: "{{ kube_config_dir }}" + state: directory + owner: kube + run_once: yes + delegate_to: "{{groups['kube-master'][0]}}" + tags: [kubelet, k8s-secrets, kube-controller-manager, kube-apiserver, bootstrap-os, apps, network, master, node] + when: gen_certs|default(false) or gen_tokens|default(false) + +- name: Gen_certs | Create kubernetes script directory (on master[0]) + file: + path: "{{ kube_script_dir }}" + state: directory + owner: kube + run_once: yes + delegate_to: "{{groups['kube-master'][0]}}" + tags: [k8s-secrets, bootstrap-os] + when: gen_certs|default(false) or gen_tokens|default(false) + +- name: Get_tokens | Make sure the tokens directory exits (on master[0]) + file: + path={{ kube_token_dir }} + state=directory + mode=o-rwx + group={{ kube_cert_group }} + run_once: yes + delegate_to: "{{groups['kube-master'][0]}}" + when: gen_tokens|default(false) + - include: gen_certs.yml tags: k8s-secrets - include: gen_tokens.yml