From 6d3e2025adc77a8b559c99f960bcf0682b43fe67 Mon Sep 17 00:00:00 2001 From: jmgao Date: Mon, 19 Feb 2018 09:04:50 +0800 Subject: [PATCH] =?UTF-8?q?=E8=B0=83=E6=95=B4=E6=9B=B4=E6=96=B0etcd?= =?UTF-8?q?=E4=B8=8D=E9=9C=80=E8=A6=81=E9=87=8D=E6=96=B0=E7=94=9F=E6=88=90?= =?UTF-8?q?=E8=AF=81=E4=B9=A6?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- roles/etcd/tasks/main.yml | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/roles/etcd/tasks/main.yml b/roles/etcd/tasks/main.yml index 42783ef..782bfc5 100644 --- a/roles/etcd/tasks/main.yml +++ b/roles/etcd/tasks/main.yml @@ -4,11 +4,22 @@ - etcd - etcdctl +# 注册变量result,根据result结果判断是否已经生成过etcd证书 +# result|failed 说明没有生成过证书,下一步生成证书 +# result|succeeded 说明已经有etcd证书,使用原证书可以保证api-server和calico/node等对etcd集群 +# 的访问不受影响,因此跳过证书生成的步骤 +- name: 注册变量result + command: ls /etc/etcd/ssl/etcd.pem + register: result + ignore_errors: True + - name: 创建etcd证书目录 file: name=/etc/etcd/ssl state=directory + when: result|failed - name: 创建etcd证书请求 template: src=etcd-csr.json.j2 dest=/etc/etcd/ssl/etcd-csr.json + when: result|failed - name: 创建 etcd证书和私钥 shell: "cd /etc/etcd/ssl && {{ bin_dir }}/cfssl gencert \ @@ -16,6 +27,7 @@ -ca-key={{ ca_dir }}/ca-key.pem \ -config={{ ca_dir }}/ca-config.json \ -profile=kubernetes etcd-csr.json | {{ bin_dir }}/cfssljson -bare etcd" + when: result|failed - name: 创建etcd工作目录 file: name=/var/lib/etcd state=directory