Use async for slow long loop cert tasks
Checking for certs and generating tokens takes up to 1.5s per node for each of three tasks. Async should parallelize this and reduce the time significantly.
This commit is contained in:
Matthew Mosesohn
parent
a5cd73d047
commit
70e122e7c2
3 changed files with 24 additions and 0 deletions
|
|
@ -4,6 +4,8 @@
|
||||||
path: "{{ etcd_cert_dir }}/{{ item }}"
|
path: "{{ etcd_cert_dir }}/{{ item }}"
|
||||||
get_md5: no
|
get_md5: no
|
||||||
delegate_to: "{{groups['etcd'][0]}}"
|
delegate_to: "{{groups['etcd'][0]}}"
|
||||||
|
async: 1000
|
||||||
|
poll: 0
|
||||||
register: etcdcert_master
|
register: etcdcert_master
|
||||||
run_once: true
|
run_once: true
|
||||||
with_items: >-
|
with_items: >-
|
||||||
|
|
@ -14,6 +16,12 @@
|
||||||
{% if not loop.last %}{{','}}{% endif %}
|
{% if not loop.last %}{{','}}{% endif %}
|
||||||
{% endfor %}]
|
{% endfor %}]
|
||||||
|
|
||||||
|
- name: "Check_certs | check on checking certs"
|
||||||
|
async_status: jid={{ etcdcert_master.ansible_job_id }}
|
||||||
|
register: job_result
|
||||||
|
until: job_result.finished
|
||||||
|
retries: 30
|
||||||
|
|
||||||
- name: "Check_certs | Set default value for 'sync_certs', 'gen_certs' and 'etcd_secret_changed' to false"
|
- name: "Check_certs | Set default value for 'sync_certs', 'gen_certs' and 'etcd_secret_changed' to false"
|
||||||
set_fact:
|
set_fact:
|
||||||
sync_certs: false
|
sync_certs: false
|
||||||
|
|
|
||||||
|
|
@ -3,6 +3,8 @@
|
||||||
stat:
|
stat:
|
||||||
path: "{{ kube_cert_dir }}/{{ item }}"
|
path: "{{ kube_cert_dir }}/{{ item }}"
|
||||||
delegate_to: "{{groups['kube-master'][0]}}"
|
delegate_to: "{{groups['kube-master'][0]}}"
|
||||||
|
async: 1000
|
||||||
|
poll: 0
|
||||||
register: kubecert_master
|
register: kubecert_master
|
||||||
run_once: true
|
run_once: true
|
||||||
with_items: >-
|
with_items: >-
|
||||||
|
|
@ -12,6 +14,12 @@
|
||||||
{% if not loop.last %}{{','}}{% endif %}
|
{% if not loop.last %}{{','}}{% endif %}
|
||||||
{% endfor %}]
|
{% endfor %}]
|
||||||
|
|
||||||
|
- name: "Check_certs | check on checking certs"
|
||||||
|
async_status: jid={{ kubecert_master.ansible_job_id }}
|
||||||
|
register: job_result
|
||||||
|
until: job_result.finished
|
||||||
|
retries: 30
|
||||||
|
|
||||||
- name: "Check_certs | Set default value for 'sync_certs', 'gen_certs', and 'secret_changed' to false"
|
- name: "Check_certs | Set default value for 'sync_certs', 'gen_certs', and 'secret_changed' to false"
|
||||||
set_fact:
|
set_fact:
|
||||||
sync_certs: false
|
sync_certs: false
|
||||||
|
|
|
||||||
|
|
@ -30,12 +30,20 @@
|
||||||
- [ 'system:kubelet' ]
|
- [ 'system:kubelet' ]
|
||||||
- "{{ groups['kube-node'] }}"
|
- "{{ groups['kube-node'] }}"
|
||||||
register: gentoken_node
|
register: gentoken_node
|
||||||
|
async: 1000
|
||||||
|
poll: 0
|
||||||
changed_when: "'Added' in gentoken_node.stdout"
|
changed_when: "'Added' in gentoken_node.stdout"
|
||||||
notify: set secret_changed
|
notify: set secret_changed
|
||||||
run_once: yes
|
run_once: yes
|
||||||
delegate_to: "{{groups['kube-master'][0]}}"
|
delegate_to: "{{groups['kube-master'][0]}}"
|
||||||
when: gen_tokens|default(false)
|
when: gen_tokens|default(false)
|
||||||
|
|
||||||
|
- name: "Gen_tokens | check on generating tokens"
|
||||||
|
async_status: jid={{ gentoken_node.ansible_job_id }}
|
||||||
|
register: job_result
|
||||||
|
until: job_result.finished
|
||||||
|
retries: 30
|
||||||
|
|
||||||
- name: Gen_tokens | Get list of tokens from first master
|
- name: Gen_tokens | Get list of tokens from first master
|
||||||
shell: "(find {{ kube_token_dir }} -maxdepth 1 -type f)"
|
shell: "(find {{ kube_token_dir }} -maxdepth 1 -type f)"
|
||||||
register: tokens_list
|
register: tokens_list
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue