fad22bae97
Fixed sync_tokens fact Fixed sync_certs for k8s tokens fact Disabled register docker images changability Fixed CNI dir permission Fix idempotency for etcd pre upgrade checks
59 lines
2.1 KiB
YAML
59 lines
2.1 KiB
YAML
- name: "Pre-upgrade | check for etcd-proxy unit file"
|
|
stat:
|
|
path: /etc/systemd/system/etcd-proxy.service
|
|
register: etcd_proxy_service_file
|
|
tags: facts
|
|
|
|
- name: "Pre-upgrade | check for etcd-proxy init script"
|
|
stat:
|
|
path: /etc/init.d/etcd-proxy
|
|
register: etcd_proxy_init_script
|
|
tags: facts
|
|
|
|
- name: "Pre-upgrade | stop etcd-proxy if service defined"
|
|
service:
|
|
name: etcd-proxy
|
|
state: stopped
|
|
when: (etcd_proxy_service_file.stat.exists|default(False) or etcd_proxy_init_script.stat.exists|default(False))
|
|
|
|
- name: "Pre-upgrade | remove etcd-proxy service definition"
|
|
file:
|
|
path: "{{ item }}"
|
|
state: absent
|
|
when: (etcd_proxy_service_file.stat.exists|default(False) or etcd_proxy_init_script.stat.exists|default(False))
|
|
with_items:
|
|
- /etc/systemd/system/etcd-proxy.service
|
|
- /etc/init.d/etcd-proxy
|
|
|
|
- name: "Pre-upgrade | find etcd-proxy container"
|
|
command: "{{ docker_bin_dir }}/docker ps -aq --filter 'name=etcd-proxy*'"
|
|
register: etcd_proxy_container
|
|
changed_when: false
|
|
failed_when: false
|
|
|
|
- name: "Pre-upgrade | remove etcd-proxy if it exists"
|
|
command: "{{ docker_bin_dir }}/docker rm -f {{item}}"
|
|
with_items: "{{etcd_proxy_container.stdout_lines}}"
|
|
|
|
- name: "Pre-upgrade | see if etcdctl is installed"
|
|
stat:
|
|
path: "{{ bin_dir }}/etcdctl"
|
|
register: etcdctl_installed
|
|
|
|
- name: "Pre-upgrade | check if member list is non-SSL"
|
|
command: "{{ bin_dir }}/etcdctl --no-sync --peers={{ etcd_access_addresses | regex_replace('https','http') }} member list"
|
|
register: etcd_member_list
|
|
retries: 10
|
|
delay: 3
|
|
until: etcd_member_list.rc != 2
|
|
run_once: true
|
|
when: etcdctl_installed.stat.exists
|
|
changed_when: false
|
|
failed_when: false
|
|
|
|
- name: "Pre-upgrade | change peer names to SSL"
|
|
shell: >-
|
|
{{ bin_dir }}/etcdctl --no-sync --peers={{ etcd_access_addresses | regex_replace('https','http') }} member list |
|
|
awk -F"[: =]" '{print "{{ bin_dir }}/etcdctl --peers={{ etcd_access_addresses | regex_replace('https','http') }} member update "$1" https:"$7":"$8}' | bash
|
|
run_once: true
|
|
when: 'etcdctl_installed.stat.exists and etcd_member_list.rc == 0 and "http://" in etcd_member_list.stdout'
|