c12s-kubespray/roles/kubernetes/node/tasks/install.yml
Sergii Golovatiuk aeadaa1184 Set ssl_ca_dirs for rkt based on fact
Since systemd kubelet.service has {{ ssl_ca_dirs }}, fact should be
gathered before writing kubelet.service.

Closes: #1007
Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
2017-02-13 13:28:29 +01:00

45 lines
1.4 KiB
YAML

---
- name: Trust kubelet container
command: >-
/usr/bin/rkt trust
--skip-fingerprint-review
--root
{{ item }}
register: kubelet_rkt_trust_result
until: kubelet_rkt_trust_result.rc == 0
with_items:
- "https://quay.io/aci-signing-key"
- "https://coreos.com/dist/pubkeys/aci-pubkeys.gpg"
retries: 4
delay: "{{ retry_stagger | random + 3 }}"
changed_when: false
when: kubelet_deployment_type == "rkt"
- name: create kubelet working directory
file:
state: directory
path: /var/lib/kubelet
when: kubelet_deployment_type == "rkt"
- name: install | Set SSL CA directories
set_fact:
ssl_ca_dirs: "[
{% if ansible_os_family in ['CoreOS', 'Container Linux by CoreOS'] -%}
'/usr/share/ca-certificates',
{% elif ansible_os_family == 'RedHat' -%}
'/etc/pki/tls',
'/etc/pki/ca-trust',
{% elif ansible_os_family == 'Debian' -%}
'/usr/share/ca-certificates',
{% endif -%}
]"
tags: facts
- name: install | Write kubelet systemd init file
template: "src=kubelet.{{ kubelet_deployment_type }}.service.j2 dest=/etc/systemd/system/kubelet.service backup=yes"
notify: restart kubelet
- name: install | Install kubelet launch script
template: src=kubelet-container.j2 dest="{{ bin_dir }}/kubelet" owner=kube mode=0755 backup=yes
notify: restart kubelet
when: kubelet_deployment_type == "docker"