--- - name: "Check_certs | check if all certs have already been generated on first master" stat: path: "{{ etcd_cert_dir }}/{{ item }}" get_md5: no delegate_to: "{{groups['etcd'][0]}}" async: 1000 poll: 0 register: etcdcert_master run_once: true with_items: >- ['ca.pem', {% set all_etcd_hosts = groups['k8s-cluster']|union(groups['etcd'])|union(groups['calico-rr']|default([]))|unique %} {% for host in all_etcd_hosts %} 'node-{{ host }}-key.pem' {% if not loop.last %}{{','}}{% endif %} {% endfor %}] - name: "Check_certs | check on checking certs" async_status: jid={{ etcdcert_master.ansible_job_id }} register: job_result until: job_result.finished retries: 30 - name: "Check_certs | Set default value for 'sync_certs', 'gen_certs' and 'etcd_secret_changed' to false" set_fact: sync_certs: false gen_certs: false etcd_secret_changed: false - name: "Check_certs | Set 'gen_certs' to true" set_fact: gen_certs: true when: "not {{item.stat.exists}}" run_once: true with_items: "{{etcdcert_master.results}}" - name: "Check certs | check if a cert already exists" stat: path: "{{ etcd_cert_dir }}/{{ item }}" register: etcdcert with_items: - ca.pem - node-{{ inventory_hostname }}-key.pem - name: "Check_certs | Set 'sync_certs' to true" set_fact: sync_certs: true when: >- {%- set certs = {'sync': False} -%} {% set all_etcd_hosts = groups['k8s-cluster']|union(groups['etcd'])|union(groups['calico-rr']|default([]))|unique %} {% for host in all_etcd_hosts %} {% if host == inventory_hostname %} {% if (not etcdcert.results[0].stat.exists|default(False)) or (not etcdcert.results[1].stat.exists|default(False)) or (etcdcert.results[1].stat.checksum|default('') != etcdcert_master.results[loop.index].stat.checksum|default('')) -%} {%- set _ = certs.update({'sync': True}) -%} {% endif %} {% endif %} {%- endfor -%} {{ certs.sync }}