C12s/c12s-kubespray
3
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
c12s-kubespray/roles/etcd/handlers/main.yml
Matthew Mosesohn 4209f1cbfd Security fixes for etcd (#1778) 
* Security fixes for etcd

* Use certs when querying etcd
2017-10-12 13:32:54 +01:00

35 lines
813 B
YAML
Raw Blame History

---
- name: restart etcd
command: /bin/true
notify:
- Backup etcd data
- etcd | reload systemd
- reload etcd
- wait for etcd up
- include: backup.yml
- name: etcd | reload systemd
command: systemctl daemon-reload
- name: reload etcd
service:
name: etcd
state: restarted
when: is_etcd_master
- name: wait for etcd up
uri:
url: "https://{% if is_etcd_master %}{{ etcd_address }}{% else %}127.0.0.1{% endif %}:2379/health"
client_cert: "{{ etcd_cert_dir}}/admin-{{ groups['etcd'][0] }}.pem"
client_key: "{{ etcd_cert_dir }}/admin-{{ groups['etcd'][0] }}-key.pem"
validate_certs: no
register: result
until: result.status is defined and result.status == 200
retries: 10
delay: 5
- name: set etcd_secret_changed
set_fact:
etcd_secret_changed: true
Reference in a new issue View git blame Copy permalink