kubespray/roles/etcd/tasks/check_certs.yml

52 lines
1.7 KiB
YAML
Raw Normal View History

2016-11-09 18:44:41 +08:00
---
- name: "Check_certs | check if all certs have already been generated on first master"
2016-11-09 18:44:41 +08:00
stat:
path: "{{ etcd_cert_dir }}/{{ item }}"
2016-11-09 18:44:41 +08:00
delegate_to: "{{groups['etcd'][0]}}"
register: etcdcert_master
run_once: true
with_items: >-
['ca.pem',
{% set all_etcd_hosts = groups['k8s-cluster']|union(groups['etcd'])|union(groups['calico-rr']|default([]))|unique %}
{% for host in all_etcd_hosts %}
'node-{{ host }}-key.pem'
{% if not loop.last %}{{','}}{% endif %}
{% endfor %}]
2016-11-09 18:44:41 +08:00
- name: "Check_certs | Set default value for 'sync_certs', 'gen_certs' and 'etcd_secret_changed' to false"
2016-11-09 18:44:41 +08:00
set_fact:
sync_certs: false
gen_certs: false
etcd_secret_changed: false
2016-11-09 18:44:41 +08:00
- name: "Check_certs | Set 'gen_certs' to true"
2016-11-09 18:44:41 +08:00
set_fact:
gen_certs: true
when: "not {{item.stat.exists}}"
2016-11-09 18:44:41 +08:00
run_once: true
with_items: "{{etcdcert_master.results}}"
2016-11-09 18:44:41 +08:00
- name: "Check certs | check if a cert already exists"
stat:
path: "{{ etcd_cert_dir }}/{{ item }}"
2016-11-09 18:44:41 +08:00
register: etcdcert
with_items:
- ca.pem
- node-{{ inventory_hostname }}-key.pem
2016-11-09 18:44:41 +08:00
- name: "Check_certs | Set 'sync_certs' to true"
set_fact:
sync_certs: true
when: >-
{%- set certs = {'sync': False} -%}
{% set all_etcd_hosts = groups['k8s-cluster']|union(groups['etcd'])|union(groups['calico-rr']|default([]))|unique %}
{% for host in all_etcd_hosts %}
{% if host == inventory_hostname %}
{% if (not etcdcert.results[0].stat.exists|default(False)) or
(etcdcert.results[1].stat.checksum|default('') != etcdcert_master.results[loop.index].stat.checksum|default('')) -%}
{%- set _ = certs.update({'sync': True}) -%}
{% endif %}
{% endif %}
2016-11-09 18:44:41 +08:00
{%- endfor -%}
{{ certs.sync }}