From 1884d89d3b49fa8d2a93848350725050bd17ba74 Mon Sep 17 00:00:00 2001 From: Smana Date: Thu, 12 May 2016 10:07:34 +0200 Subject: [PATCH] fixes the certs issue when masters or not in the kube-node group --- roles/kubernetes/secrets/tasks/gen_certs.yml | 9 ++++++--- roles/kubernetes/secrets/tasks/gen_tokens.yml | 16 ++++++++++------ 2 files changed, 16 insertions(+), 9 deletions(-) diff --git a/roles/kubernetes/secrets/tasks/gen_certs.yml b/roles/kubernetes/secrets/tasks/gen_certs.yml index 37568d694..295ebcb0c 100644 --- a/roles/kubernetes/secrets/tasks/gen_certs.yml +++ b/roles/kubernetes/secrets/tasks/gen_certs.yml @@ -4,7 +4,8 @@ src: "openssl.conf.j2" dest: "{{ kube_config_dir }}/openssl.conf" run_once: yes - when: inventory_hostname == groups['kube-master'][0] and gen_certs|default(false) + delegate_to: "{{groups['kube-master'][0]}}" + when: gen_certs|default(false) - name: certs | copy certs generation script copy: @@ -12,12 +13,14 @@ dest: "{{ kube_script_dir }}/make-ssl.sh" mode: 0700 run_once: yes - when: inventory_hostname == groups['kube-master'][0] and gen_certs|default(false) + delegate_to: "{{groups['kube-master'][0]}}" + when: gen_certs|default(false) - name: certs | run cert generation script command: "{{ kube_script_dir }}/make-ssl.sh -f {{ kube_config_dir }}/openssl.conf -d {{ kube_cert_dir }}" run_once: yes - when: inventory_hostname == groups['kube-master'][0] and gen_certs|default(false) + delegate_to: "{{groups['kube-master'][0]}}" + when: gen_certs|default(false) notify: set secret_changed - set_fact: diff --git a/roles/kubernetes/secrets/tasks/gen_tokens.yml b/roles/kubernetes/secrets/tasks/gen_tokens.yml index 987326500..b43213247 100644 --- a/roles/kubernetes/secrets/tasks/gen_tokens.yml +++ b/roles/kubernetes/secrets/tasks/gen_tokens.yml @@ -5,7 +5,8 @@ dest: "{{ kube_script_dir }}/kube-gen-token.sh" mode: 0700 run_once: yes - when: inventory_hostname == groups['kube-master'][0] and gen_tokens|default(false) + delegate_to: "{{groups['kube-master'][0]}}" + when: gen_tokens|default(false) - name: tokens | generate tokens for master components command: "{{ kube_script_dir }}/kube-gen-token.sh {{ item[0] }}-{{ item[1] }}" @@ -18,7 +19,8 @@ changed_when: "'Added' in gentoken_master.stdout" notify: set secret_changed run_once: yes - when: inventory_hostname == groups['kube-master'][0] and gen_tokens|default(false) + delegate_to: "{{groups['kube-master'][0]}}" + when: gen_tokens|default(false) - name: tokens | generate tokens for node components command: "{{ kube_script_dir }}/kube-gen-token.sh {{ item[0] }}-{{ item[1] }}" @@ -31,22 +33,24 @@ changed_when: "'Added' in gentoken_node.stdout" notify: set secret_changed run_once: yes - when: inventory_hostname == groups['kube-master'][0] and gen_tokens|default(false) + delegate_to: "{{groups['kube-master'][0]}}" + when: gen_tokens|default(false) - name: tokens | Get list of tokens from first master shell: "(find {{ kube_token_dir }} -maxdepth 1 -type f)" register: tokens_list changed_when: false - when: inventory_hostname == groups['kube-master'][0] and sync_tokens|default(false) + delegate_to: "{{groups['kube-master'][0]}}" + when: sync_tokens|default(false) - name: tokens | Get the tokens from first master slurp: src: "{{ item }}" - delegate_to: "{{groups['kube-master'][0]}}" register: slurp_tokens with_items: '{{tokens_list.stdout_lines}}' - when: sync_tokens|default(false) run_once: true + delegate_to: "{{groups['kube-master'][0]}}" + when: sync_tokens|default(false) notify: set secret_changed - name: tokens | Copy tokens on masters