From baaa6efc2badf2925f502c8989d0aba3c206d06b Mon Sep 17 00:00:00 2001 From: Smaine Kahlouch Date: Sun, 24 Jan 2016 22:27:55 +0100 Subject: [PATCH] workaround_ha_apiserver --- roles/etcd/tasks/configure.yml | 2 +- roles/kubernetes/master/tasks/main.yml | 33 ++++++++++++++----------- roles/kubernetes/node/handlers/main.yml | 2 +- roles/kubernetes/node/tasks/install.yml | 2 +- 4 files changed, 22 insertions(+), 17 deletions(-) diff --git a/roles/etcd/tasks/configure.yml b/roles/etcd/tasks/configure.yml index 34a80ed47..91f743d2e 100644 --- a/roles/etcd/tasks/configure.yml +++ b/roles/etcd/tasks/configure.yml @@ -5,7 +5,7 @@ dest: /lib/systemd/system/etcd.service backup: yes when: init_system == "systemd" - notify: restart systemd-etcd + notify: restart etcd - name: Configure | Write etcd initd script template: diff --git a/roles/kubernetes/master/tasks/main.yml b/roles/kubernetes/master/tasks/main.yml index 48cfd5bc0..7deff6861 100644 --- a/roles/kubernetes/master/tasks/main.yml +++ b/roles/kubernetes/master/tasks/main.yml @@ -58,15 +58,6 @@ backup: yes when: init_system == "sysvinit" and ansible_os_family == "Debian" -- name: Restart apiserver - command: /bin/true - notify: restart kube-apiserver - changed_when: is_gentoken_calico|default(false) or kube_apiserver_copy.stdout_lines - -- name: Allow apiserver to bind on both secure and insecure ports - shell: setcap cap_net_bind_service+ep {{ bin_dir }}/kube-apiserver - changed_when: false - - name: Write kube-apiserver config file template: src: "kube-apiserver.j2" @@ -74,11 +65,14 @@ backup: yes notify: restart kube-apiserver -# restart apiserver if calico tokens list has changed -- name: Reload tokens (restart apiserver) - command: /bin/true +- name: Allow apiserver to bind on both secure and insecure ports + shell: setcap cap_net_bind_service+ep {{ bin_dir }}/kube-apiserver + changed_when: false + +- name: Restart apiserver + command: "/bin/true" notify: restart kube-apiserver - changed_when: is_gentoken_calico|default(false) + when: is_gentoken_calico|default(false) or kube_apiserver_copy.stdout_lines # reload-systemd - meta: flush_handlers @@ -105,7 +99,6 @@ - name: wait for the apiserver to be running wait_for: port: "{{kube_apiserver_insecure_port}}" - delay: 10 timeout: 60 - name: Create 'kube-system' namespace @@ -128,3 +121,15 @@ template: src: manifests/kube-podmaster.manifest.j2 dest: "{{ kube_manifest_dir }}/kube-podmaster.manifest" + +- name: restart kubelet + service: + name: kubelet + state: restarted + changed_when: false + +- name: Enable apiserver + service: + name: kube-apiserver + enabled: yes + state: started diff --git a/roles/kubernetes/node/handlers/main.yml b/roles/kubernetes/node/handlers/main.yml index 81d7ca2c7..e0294b3d2 100644 --- a/roles/kubernetes/node/handlers/main.yml +++ b/roles/kubernetes/node/handlers/main.yml @@ -7,7 +7,7 @@ command: /bin/true notify: - reload systemd - - reload kubelet + - restart kubelet - name: set is_gentoken_calico fact set_fact: diff --git a/roles/kubernetes/node/tasks/install.yml b/roles/kubernetes/node/tasks/install.yml index 3d90fd033..c8146ec5e 100644 --- a/roles/kubernetes/node/tasks/install.yml +++ b/roles/kubernetes/node/tasks/install.yml @@ -2,7 +2,7 @@ - name: install | Write kubelet systemd init file template: src=kubelet.service.j2 dest=/etc/systemd/system/kubelet.service backup=yes when: init_system == "systemd" - notify: restart systemd-kubelet + notify: restart kubelet - name: install | Write kubelet initd script template: src=deb-kubelet.initd.j2 dest=/etc/init.d/kubelet owner=root mode=755 backup=yes