aeadaa1184
Since systemd kubelet.service has {{ ssl_ca_dirs }}, fact should be gathered before writing kubelet.service. Closes: #1007 Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
45 lines
1.4 KiB
YAML
45 lines
1.4 KiB
YAML
---
|
|
- name: Trust kubelet container
|
|
command: >-
|
|
/usr/bin/rkt trust
|
|
--skip-fingerprint-review
|
|
--root
|
|
{{ item }}
|
|
register: kubelet_rkt_trust_result
|
|
until: kubelet_rkt_trust_result.rc == 0
|
|
with_items:
|
|
- "https://quay.io/aci-signing-key"
|
|
- "https://coreos.com/dist/pubkeys/aci-pubkeys.gpg"
|
|
retries: 4
|
|
delay: "{{ retry_stagger | random + 3 }}"
|
|
changed_when: false
|
|
when: kubelet_deployment_type == "rkt"
|
|
|
|
- name: create kubelet working directory
|
|
file:
|
|
state: directory
|
|
path: /var/lib/kubelet
|
|
when: kubelet_deployment_type == "rkt"
|
|
|
|
- name: install | Set SSL CA directories
|
|
set_fact:
|
|
ssl_ca_dirs: "[
|
|
{% if ansible_os_family in ['CoreOS', 'Container Linux by CoreOS'] -%}
|
|
'/usr/share/ca-certificates',
|
|
{% elif ansible_os_family == 'RedHat' -%}
|
|
'/etc/pki/tls',
|
|
'/etc/pki/ca-trust',
|
|
{% elif ansible_os_family == 'Debian' -%}
|
|
'/usr/share/ca-certificates',
|
|
{% endif -%}
|
|
]"
|
|
tags: facts
|
|
|
|
- name: install | Write kubelet systemd init file
|
|
template: "src=kubelet.{{ kubelet_deployment_type }}.service.j2 dest=/etc/systemd/system/kubelet.service backup=yes"
|
|
notify: restart kubelet
|
|
|
|
- name: install | Install kubelet launch script
|
|
template: src=kubelet-container.j2 dest="{{ bin_dir }}/kubelet" owner=kube mode=0755 backup=yes
|
|
notify: restart kubelet
|
|
when: kubelet_deployment_type == "docker"
|