f106bf5bc4
Squashed commits: [f9355ea] Swap order in which we reload docker/socket [2ca6819] Reload docker.socket after installing flannel on coreos Workaround for #569 [9f976e5] Vagrantfile: setup proxy inside virtual machines In corporate networks, it is good to pre-configure proxy variables. [9d7142f] Vagrantfile: use Ubuntu 16.04 LTS Use recent supported version of Ubuntu for local development setup with Vagrant. [50f77cc] Add CI test layouts * Drop Wily from test matrix * Replace the Wily cases dropped with extra cases to test separate roles deployment Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com> [03e162b] Update OWNERS [c7b00ca] Use tar+register instead of copy/slurp for distributing tokens and certs Related bug: https://github.com/ansible/ansible/issues/15405 Uses tar and register because synchronize module cannot sudo on the remote side correctly and copy is too slow. This patch dramatically cuts down the number of tasks to process for cert synchronization. [2778ac6] Add new var skip_dnsmasq_k8s If skip_dnsmasq is set, it will still not set up dnsmasq k8s pod. This enables independent setup of resolvconf section before kubelet is up.
57 lines
1.9 KiB
YAML
57 lines
1.9 KiB
YAML
---
|
|
- name: Gen_tokens | copy tokens generation script
|
|
copy:
|
|
src: "kube-gen-token.sh"
|
|
dest: "{{ kube_script_dir }}/kube-gen-token.sh"
|
|
mode: 0700
|
|
run_once: yes
|
|
delegate_to: "{{groups['kube-master'][0]}}"
|
|
when: gen_tokens|default(false)
|
|
|
|
- name: Gen_tokens | generate tokens for master components
|
|
command: "{{ kube_script_dir }}/kube-gen-token.sh {{ item[0] }}-{{ item[1] }}"
|
|
environment:
|
|
TOKEN_DIR: "{{ kube_token_dir }}"
|
|
with_nested:
|
|
- [ "system:kubectl" ]
|
|
- "{{ groups['kube-master'] }}"
|
|
register: gentoken_master
|
|
changed_when: "'Added' in gentoken_master.stdout"
|
|
notify: set secret_changed
|
|
run_once: yes
|
|
delegate_to: "{{groups['kube-master'][0]}}"
|
|
when: gen_tokens|default(false)
|
|
|
|
- name: Gen_tokens | generate tokens for node components
|
|
command: "{{ kube_script_dir }}/kube-gen-token.sh {{ item[0] }}-{{ item[1] }}"
|
|
environment:
|
|
TOKEN_DIR: "{{ kube_token_dir }}"
|
|
with_nested:
|
|
- [ 'system:kubelet' ]
|
|
- "{{ groups['kube-node'] }}"
|
|
register: gentoken_node
|
|
changed_when: "'Added' in gentoken_node.stdout"
|
|
notify: set secret_changed
|
|
run_once: yes
|
|
delegate_to: "{{groups['kube-master'][0]}}"
|
|
when: gen_tokens|default(false)
|
|
|
|
- name: Gen_tokens | Get list of tokens from first master
|
|
shell: "(find {{ kube_token_dir }} -maxdepth 1 -type f)"
|
|
register: tokens_list
|
|
changed_when: false
|
|
delegate_to: "{{groups['kube-master'][0]}}"
|
|
when: sync_tokens|default(false)
|
|
|
|
- name: Gen_tokens | Gather tokens
|
|
shell: "tar cfz - {{ tokens_list.stdout_lines | join(' ') }} | base64 --wrap=0"
|
|
register: tokens_data
|
|
delegate_to: "{{groups['kube-master'][0]}}"
|
|
run_once: true
|
|
when: sync_tokens|default(false)
|
|
|
|
- name: Gen_tokens | Copy tokens on masters
|
|
shell: "echo '{{ tokens_data.stdout|quote }}' | base64 -d | tar xz -C /"
|
|
changed_when: false
|
|
when: inventory_hostname in groups['kube-master'] and sync_tokens|default(false) and
|
|
inventory_hostname != groups['kube-master'][0]
|