C12s/c12s-kubespray
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
c12s-kubespray/roles/kubernetes/secrets/tasks/gen_tokens.yml
Vladimir Rutsky 09847567ae set "check_mode: no" for read-only "shell" steps that registers result 
"shell" step doesn't support check mode, which currently leads to failures,
when Ansible is being run in check mode (because Ansible doesn't run command,
assuming that command might have effect, and no "rc" or "output" is registered).

Setting "check_mode: no" allows to run those "shell" commands in check mode
(which is safe, because those shell commands doesn't have side effects).
2017-02-13 18:53:41 +03:00

59 lines
2 KiB
YAML
Raw Blame History

---
- name: Gen_tokens | copy tokens generation script
copy:
src: "kube-gen-token.sh"
dest: "{{ kube_script_dir }}/kube-gen-token.sh"
mode: 0700
run_once: yes
delegate_to: "{{groups['kube-master'][0]}}"
when: gen_tokens|default(false)
- name: Gen_tokens | generate tokens for master components
command: "{{ kube_script_dir }}/kube-gen-token.sh {{ item[0] }}-{{ item[1] }}"
environment:
TOKEN_DIR: "{{ kube_token_dir }}"
with_nested:
- [ "system:kubectl" ]
- "{{ groups['kube-master'] }}"
register: gentoken_master
changed_when: "'Added' in gentoken_master.stdout"
notify: set secret_changed
run_once: yes
delegate_to: "{{groups['kube-master'][0]}}"
when: gen_tokens|default(false)
- name: Gen_tokens | generate tokens for node components
command: "{{ kube_script_dir }}/kube-gen-token.sh {{ item[0] }}-{{ item[1] }}"
environment:
TOKEN_DIR: "{{ kube_token_dir }}"
with_nested:
- [ 'system:kubelet' ]
- "{{ groups['kube-node'] }}"
register: gentoken_node
changed_when: "'Added' in gentoken_node.stdout"
notify: set secret_changed
run_once: yes
delegate_to: "{{groups['kube-master'][0]}}"
when: gen_tokens|default(false)
- name: Gen_tokens | Get list of tokens from first master
shell: "(find {{ kube_token_dir }} -maxdepth 1 -type f)"
register: tokens_list
changed_when: false
check_mode: no
delegate_to: "{{groups['kube-master'][0]}}"
when: sync_tokens|default(false)
- name: Gen_tokens | Gather tokens
shell: "tar cfz - {{ tokens_list.stdout_lines | join(' ') }} | base64 --wrap=0"
register: tokens_data
check_mode: no
delegate_to: "{{groups['kube-master'][0]}}"
run_once: true
when: sync_tokens|default(false)
- name: Gen_tokens | Copy tokens on masters
shell: "echo '{{ tokens_data.stdout|quote }}' | base64 -d | tar xz -C /"
changed_when: false
when: inventory_hostname in groups['kube-master'] and sync_tokens|default(false) and
inventory_hostname != groups['kube-master'][0]
Reference in a new issue View git blame Copy permalink