kubeasz/roles/deploy/tasks/main.yml

64 lines
2.2 KiB
YAML
Raw Permalink Blame History

This file contains ambiguous Unicode characters!

This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.

- name: prepare some dirs
file: name={{ item }} state=directory
with_items:
- "{{ cluster_dir }}/ssl"
- "{{ cluster_dir }}/backup"
- "{{ cluster_dir }}/yml"
- "~/.kube"
- name: 本地设置 bin 目录权限
file: path={{ base_dir }}/bin state=directory mode=0755 recurse=yes
# 注册变量p根据p的stat信息判断是否已经生成过ca证书如果没有下一步生成证书
# 如果已经有ca证书为了保证整个安装的幂等性跳过证书生成的步骤
- name: 读取ca证书stat信息
stat: path="{{ cluster_dir }}/ssl/ca.pem"
register: p
tags: force_change_certs
- name: 准备CA配置文件和签名请求
template: src={{ item }}.j2 dest={{ cluster_dir }}/ssl/{{ item }}
with_items:
- "ca-config.json"
- "ca-csr.json"
when: "p.stat.isreg is not defined or CHANGE_CA|bool"
tags: force_change_certs
- name: 生成 CA 证书和私钥
when: "p.stat.isreg is not defined or CHANGE_CA|bool"
tags: force_change_certs
shell: "cd {{ cluster_dir }}/ssl && \
{{ base_dir }}/bin/cfssl gencert -initca ca-csr.json | {{ base_dir }}/bin/cfssljson -bare ca"
#----------- 创建配置文件: kubectl.kubeconfig
- import_tasks: create-kubectl-kubeconfig.yml
tags: create_kctl_cfg, force_change_certs
#----------- 创建个性化客户端配置文件
- import_tasks: add-custom-kubectl-kubeconfig.yml
tags: add-kcfg, force_change_certs
when: "ADD_KCFG|bool"
#------------创建配置文件: kube-proxy.kubeconfig
- import_tasks: create-kube-proxy-kubeconfig.yml
tags: force_change_certs
#------------创建配置文件: kube-controller-manager.kubeconfig
- import_tasks: create-kube-controller-manager-kubeconfig.yml
tags: force_change_certs
#------------创建配置文件: kube-scheduler.kubeconfig
- import_tasks: create-kube-scheduler-kubeconfig.yml
tags: force_change_certs
# ansible 控制端一些易用性配置
- name: 本地创建 ezdown/ezctl 工具的软连接
file: src={{ base_dir }}/{{ item }} dest=/usr/bin/{{ item }} state=link
with_items:
- ezdown
- ezctl
- name: ansible 控制端创建 kubectl 软链接
file: src={{ base_dir }}/bin/kubectl dest=/usr/bin/kubectl state=link
ignore_errors: true