c12s-kubespray/roles/network_plugin/weave/tasks/main.yml
Andreas Krüger d84ff06f73 Set filemode to 0640 (#2315)
* Set filemode to 0640

weave-net.yml file is readable by all users on the host. It however contains the weave_password to encrypt all pod communication. It should only be readable by root.

* Set mode 0640 on users_file with basic auth
2018-02-21 23:13:46 +03:00

21 lines
619 B
YAML

---
- import_tasks: seed.yml
when: weave_mode_seed
- name: Weave | Copy cni plugins from hyperkube
command: "{{ docker_bin_dir }}/docker run --rm -v /opt/cni/bin:/cnibindir {{ hyperkube_image_repo }}:{{ hyperkube_image_tag }} /bin/cp -r /opt/cni/bin/. /cnibindir/"
register: cni_task_result
until: cni_task_result.rc == 0
retries: 4
delay: "{{ retry_stagger | random + 3 }}"
changed_when: false
tags:
- hyperkube
- upgrade
- name: Weave | Create weave-net manifest
template:
src: weave-net.yml.j2
dest: "{{ kube_config_dir }}/weave-net.yml"
mode: 0640
register: weave_manifest