a422ad0d50
Fixed sync_tokens fact Fixed sync_certs for k8s tokens fact Disabled register docker images changability Fixed CNI dir permission Fix idempotency for etcd pre upgrade checks
69 lines
2.4 KiB
YAML
69 lines
2.4 KiB
YAML
---
|
|
- name: "Check_certs | check if all certs have already been generated on first master"
|
|
find:
|
|
paths: "{{ etcd_cert_dir }}"
|
|
patterns: "ca.pem,node*.pem"
|
|
get_checksum: true
|
|
delegate_to: "{{groups['etcd'][0]}}"
|
|
register: etcdcert_master
|
|
run_once: true
|
|
|
|
- name: "Check_certs | Set default value for 'sync_certs', 'gen_certs' and 'etcd_secret_changed' to false"
|
|
set_fact:
|
|
sync_certs: false
|
|
gen_certs: false
|
|
etcd_secret_changed: false
|
|
|
|
- name: "Check certs | check if a cert already exists on node"
|
|
stat:
|
|
path: "{{ etcd_cert_dir }}/{{ item }}"
|
|
register: etcdcert_node
|
|
with_items:
|
|
- ca.pem
|
|
- node-{{ inventory_hostname }}-key.pem
|
|
|
|
|
|
- name: "Check_certs | Set 'gen_certs' to true"
|
|
set_fact:
|
|
gen_certs: true
|
|
when: "not '{{ item }}' in etcdcert_master.files|map(attribute='path') | list"
|
|
run_once: true
|
|
with_items: >-
|
|
['{{etcd_cert_dir}}/ca.pem',
|
|
{% set all_etcd_hosts = groups['k8s-cluster']|union(groups['etcd'])|union(groups['calico-rr']|default([]))|unique|sort %}
|
|
{% for host in all_etcd_hosts %}
|
|
'{{etcd_cert_dir}}/node-{{ host }}-key.pem'
|
|
{% if not loop.last %}{{','}}{% endif %}
|
|
{% endfor %}]
|
|
|
|
|
|
- name: "Check_certs | Set 'gen_node_certs' to true"
|
|
set_fact:
|
|
gen_node_certs: |-
|
|
{
|
|
{% set all_etcd_hosts = groups['k8s-cluster']|union(groups['etcd'])|union(groups['calico-rr']|default([]))|unique|sort -%}
|
|
{% set existing_certs = etcdcert_master.files|map(attribute='path')|list|sort %}
|
|
{% for host in all_etcd_hosts -%}
|
|
{% set host_cert = "%s/node-%s-key.pem"|format(etcd_cert_dir, host) %}
|
|
{% if host_cert in existing_certs -%}
|
|
"{{ host }}": False,
|
|
{% else -%}
|
|
"{{ host }}": True,
|
|
{% endif -%}
|
|
{% endfor %}
|
|
}
|
|
run_once: true
|
|
|
|
- name: "Check_certs | Set 'sync_certs' to true"
|
|
set_fact:
|
|
sync_certs: true
|
|
when: >-
|
|
{%- set certs = {'sync': False} -%}
|
|
{% if gen_node_certs[inventory_hostname] or
|
|
(not etcdcert_node.results[0].stat.exists|default(False)) or
|
|
(not etcdcert_node.results[1].stat.exists|default(False)) or
|
|
(etcdcert_node.results[1].stat.checksum|default('') != etcdcert_master.files|selectattr("path", "equalto", etcdcert_node.results[1].stat.path)|first|map(attribute="checksum")|default('')) -%}
|
|
{%- set _ = certs.update({'sync': True}) -%}
|
|
{% endif %}
|
|
{{ certs.sync }}
|
|
|