d84ff06f73
* Set filemode to 0640 weave-net.yml file is readable by all users on the host. It however contains the weave_password to encrypt all pod communication. It should only be readable by root. * Set mode 0640 on users_file with basic auth
21 lines
619 B
YAML
21 lines
619 B
YAML
---
|
|
- import_tasks: seed.yml
|
|
when: weave_mode_seed
|
|
|
|
- name: Weave | Copy cni plugins from hyperkube
|
|
command: "{{ docker_bin_dir }}/docker run --rm -v /opt/cni/bin:/cnibindir {{ hyperkube_image_repo }}:{{ hyperkube_image_tag }} /bin/cp -r /opt/cni/bin/. /cnibindir/"
|
|
register: cni_task_result
|
|
until: cni_task_result.rc == 0
|
|
retries: 4
|
|
delay: "{{ retry_stagger | random + 3 }}"
|
|
changed_when: false
|
|
tags:
|
|
- hyperkube
|
|
- upgrade
|
|
|
|
- name: Weave | Create weave-net manifest
|
|
template:
|
|
src: weave-net.yml.j2
|
|
dest: "{{ kube_config_dir }}/weave-net.yml"
|
|
mode: 0640
|
|
register: weave_manifest
|