Use node cert for etcd tasks instead of delegating to first etcd (#2386)
For etcdctl commands, use admin cert instead of node because this file doesn't exist on etcd only hosts.
This commit is contained in:
parent
810c10a0e9
commit
bc0fc5df98
3 changed files with 10 additions and 13 deletions
|
@ -50,8 +50,8 @@
|
||||||
command: |-
|
command: |-
|
||||||
{{ bin_dir }}/etcdctl \
|
{{ bin_dir }}/etcdctl \
|
||||||
--peers={{ etcd_access_addresses }} \
|
--peers={{ etcd_access_addresses }} \
|
||||||
--cert-file {{ etcd_cert_dir }}/node-{{ groups['etcd'][0] }}.pem \
|
--cert-file {{ etcd_cert_dir }}/admin-{{ groups['etcd'][0] }}.pem \
|
||||||
--key-file {{ etcd_cert_dir }}/node-{{ groups['etcd'][0] }}-key.pem \
|
--key-file {{ etcd_cert_dir }}/admin-{{ groups['etcd'][0] }}-key.pem \
|
||||||
set /calico/bgp/v1/rr_v4/{{ rr_ip }} \
|
set /calico/bgp/v1/rr_v4/{{ rr_ip }} \
|
||||||
'{
|
'{
|
||||||
"ip": "{{ rr_ip }}",
|
"ip": "{{ rr_ip }}",
|
||||||
|
|
|
@ -83,26 +83,24 @@
|
||||||
uri:
|
uri:
|
||||||
url: https://localhost:2379/health
|
url: https://localhost:2379/health
|
||||||
validate_certs: no
|
validate_certs: no
|
||||||
client_cert: "{{ etcd_cert_dir }}/node-{{ groups['etcd'][0] }}.pem"
|
client_cert: "{{ etcd_cert_dir }}/node-{{ inventory_hostname }}.pem"
|
||||||
client_key: "{{ etcd_cert_dir }}/node-{{ groups['etcd'][0] }}-key.pem"
|
client_key: "{{ etcd_cert_dir }}/node-{{ inventory_hostname }}-key.pem"
|
||||||
register: result
|
register: result
|
||||||
until: result.status == 200 or result.status == 401
|
until: result.status == 200 or result.status == 401
|
||||||
retries: 10
|
retries: 10
|
||||||
delay: 5
|
delay: 5
|
||||||
delegate_to: "{{groups['etcd'][0]}}"
|
|
||||||
run_once: true
|
run_once: true
|
||||||
|
|
||||||
- name: Calico | Check if calico network pool has already been configured
|
- name: Calico | Check if calico network pool has already been configured
|
||||||
command: |-
|
command: |-
|
||||||
curl \
|
curl \
|
||||||
--cacert {{ etcd_cert_dir }}/ca.pem \
|
--cacert {{ etcd_cert_dir }}/ca.pem \
|
||||||
--cert {{ etcd_cert_dir}}/admin-{{ groups['etcd'][0] }}.pem \
|
--cert {{ etcd_cert_dir}}/node-{{ inventory_hostname }}.pem \
|
||||||
--key {{ etcd_cert_dir }}/admin-{{ groups['etcd'][0] }}-key.pem \
|
--key {{ etcd_cert_dir }}/node-{{ inventory_hostname }}-key.pem \
|
||||||
https://localhost:2379/v2/keys/calico/v1/ipam/v4/pool
|
https://localhost:2379/v2/keys/calico/v1/ipam/v4/pool
|
||||||
register: calico_conf
|
register: calico_conf
|
||||||
retries: 4
|
retries: 4
|
||||||
delay: "{{ retry_stagger | random + 3 }}"
|
delay: "{{ retry_stagger | random + 3 }}"
|
||||||
delegate_to: "{{groups['etcd'][0]}}"
|
|
||||||
run_once: true
|
run_once: true
|
||||||
changed_when: false
|
changed_when: false
|
||||||
|
|
||||||
|
@ -125,13 +123,12 @@
|
||||||
command: |-
|
command: |-
|
||||||
curl \
|
curl \
|
||||||
--cacert {{ etcd_cert_dir }}/ca.pem \
|
--cacert {{ etcd_cert_dir }}/ca.pem \
|
||||||
--cert {{ etcd_cert_dir}}/admin-{{ groups['etcd'][0] }}.pem \
|
--cert {{ etcd_cert_dir}}/node-{{ inventory_hostname }}.pem \
|
||||||
--key {{ etcd_cert_dir }}/admin-{{ groups['etcd'][0] }}-key.pem \
|
--key {{ etcd_cert_dir }}/node-{{ inventory_hostname }}-key.pem \
|
||||||
https://localhost:2379/v2/keys/calico/v1/ipam/v4/pool
|
https://localhost:2379/v2/keys/calico/v1/ipam/v4/pool
|
||||||
register: calico_pools_raw
|
register: calico_pools_raw
|
||||||
retries: 4
|
retries: 4
|
||||||
delay: "{{ retry_stagger | random + 3 }}"
|
delay: "{{ retry_stagger | random + 3 }}"
|
||||||
delegate_to: "{{groups['etcd'][0]}}"
|
|
||||||
run_once: true
|
run_once: true
|
||||||
|
|
||||||
- set_fact:
|
- set_fact:
|
||||||
|
|
|
@ -35,8 +35,8 @@
|
||||||
changed_when: false
|
changed_when: false
|
||||||
run_once: true
|
run_once: true
|
||||||
environment:
|
environment:
|
||||||
ETCDCTL_CERT_FILE: "{{ etcd_cert_dir }}/node-{{ groups['etcd'][0] }}.pem"
|
ETCDCTL_CERT_FILE: "{{ etcd_cert_dir }}/admin-{{ groups['etcd'][0] }}.pem"
|
||||||
ETCDCTL_KEY_FILE: "{{ etcd_cert_dir }}/node-{{ groups['etcd'][0] }}-key.pem"
|
ETCDCTL_KEY_FILE: "{{ etcd_cert_dir }}/admin-{{ groups['etcd'][0] }}-key.pem"
|
||||||
|
|
||||||
- name: Canal | Create canal node manifests
|
- name: Canal | Create canal node manifests
|
||||||
template:
|
template:
|
||||||
|
|
Loading…
Reference in a new issue