From 1884d89d3b49fa8d2a93848350725050bd17ba74 Mon Sep 17 00:00:00 2001
From: Smana <smainklh@gmail.com>
Date: Thu, 12 May 2016 10:07:34 +0200
Subject: [PATCH] fixes the certs issue when masters or not in the kube-node
 group

---
 roles/kubernetes/secrets/tasks/gen_certs.yml  |  9 ++++++---
 roles/kubernetes/secrets/tasks/gen_tokens.yml | 16 ++++++++++------
 2 files changed, 16 insertions(+), 9 deletions(-)

diff --git a/roles/kubernetes/secrets/tasks/gen_certs.yml b/roles/kubernetes/secrets/tasks/gen_certs.yml
index 37568d694..295ebcb0c 100644
--- a/roles/kubernetes/secrets/tasks/gen_certs.yml
+++ b/roles/kubernetes/secrets/tasks/gen_certs.yml
@@ -4,7 +4,8 @@
     src: "openssl.conf.j2"
     dest: "{{ kube_config_dir }}/openssl.conf"
   run_once: yes
-  when: inventory_hostname == groups['kube-master'][0] and gen_certs|default(false)
+  delegate_to: "{{groups['kube-master'][0]}}"
+  when: gen_certs|default(false)
 
 - name: certs | copy certs generation script
   copy:
@@ -12,12 +13,14 @@
     dest: "{{ kube_script_dir }}/make-ssl.sh"
     mode: 0700
   run_once: yes
-  when: inventory_hostname == groups['kube-master'][0] and gen_certs|default(false)
+  delegate_to: "{{groups['kube-master'][0]}}"
+  when: gen_certs|default(false)
 
 - name: certs | run cert generation script
   command: "{{ kube_script_dir }}/make-ssl.sh -f {{ kube_config_dir }}/openssl.conf -d {{ kube_cert_dir }}"
   run_once: yes
-  when: inventory_hostname == groups['kube-master'][0] and gen_certs|default(false)
+  delegate_to: "{{groups['kube-master'][0]}}"
+  when: gen_certs|default(false)
   notify: set secret_changed
 
 - set_fact:
diff --git a/roles/kubernetes/secrets/tasks/gen_tokens.yml b/roles/kubernetes/secrets/tasks/gen_tokens.yml
index 987326500..b43213247 100644
--- a/roles/kubernetes/secrets/tasks/gen_tokens.yml
+++ b/roles/kubernetes/secrets/tasks/gen_tokens.yml
@@ -5,7 +5,8 @@
     dest: "{{ kube_script_dir }}/kube-gen-token.sh"
     mode: 0700
   run_once: yes
-  when: inventory_hostname == groups['kube-master'][0] and gen_tokens|default(false)
+  delegate_to: "{{groups['kube-master'][0]}}"
+  when: gen_tokens|default(false)
 
 - name: tokens | generate tokens for master components
   command: "{{ kube_script_dir }}/kube-gen-token.sh {{ item[0] }}-{{ item[1] }}"
@@ -18,7 +19,8 @@
   changed_when: "'Added' in gentoken_master.stdout"
   notify: set secret_changed
   run_once: yes
-  when: inventory_hostname == groups['kube-master'][0] and gen_tokens|default(false)
+  delegate_to: "{{groups['kube-master'][0]}}"
+  when: gen_tokens|default(false)
 
 - name: tokens | generate tokens for node components
   command: "{{ kube_script_dir }}/kube-gen-token.sh {{ item[0] }}-{{ item[1] }}"
@@ -31,22 +33,24 @@
   changed_when: "'Added' in gentoken_node.stdout"
   notify: set secret_changed
   run_once: yes
-  when: inventory_hostname == groups['kube-master'][0] and gen_tokens|default(false)
+  delegate_to: "{{groups['kube-master'][0]}}"
+  when: gen_tokens|default(false)
 
 - name: tokens | Get list of tokens from first master
   shell: "(find {{ kube_token_dir }} -maxdepth 1 -type f)"
   register: tokens_list
   changed_when: false
-  when: inventory_hostname == groups['kube-master'][0] and sync_tokens|default(false)
+  delegate_to: "{{groups['kube-master'][0]}}"
+  when: sync_tokens|default(false)
 
 - name: tokens | Get the tokens from first master
   slurp:
     src: "{{ item }}"
-  delegate_to: "{{groups['kube-master'][0]}}"
   register: slurp_tokens
   with_items: '{{tokens_list.stdout_lines}}'
-  when: sync_tokens|default(false)
   run_once: true
+  delegate_to: "{{groups['kube-master'][0]}}"
+  when: sync_tokens|default(false)
   notify: set secret_changed
 
 - name: tokens | Copy tokens on masters
-- 
GitLab