Skip to content
Snippets Groups Projects
Unverified Commit 36e5d742 authored by Arthur Outhenin-Chalandre's avatar Arthur Outhenin-Chalandre Committed by GitHub
Browse files

Resolve ansible-lint name errors (#10253)


* project: fix ansible-lint name

Signed-off-by: default avatarArthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>

* project: ignore jinja template error in names

Signed-off-by: default avatarArthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>

* project: capitalize ansible name

Signed-off-by: default avatarArthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>

* project: update notify after name capitalization

Signed-off-by: default avatarArthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>

---------

Signed-off-by: default avatarArthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>
parent b9e38613
No related branches found
No related tags found
No related merge requests found
Showing
with 124 additions and 105 deletions
---
- name: skopeo | check if fedora coreos
- name: Skopeo | check if fedora coreos
stat:
path: /run/ostree-booted
get_attributes: no
......@@ -7,11 +7,11 @@
get_mime: no
register: ostree
- name: skopeo | set is_ostree
- name: Skopeo | set is_ostree
set_fact:
is_ostree: "{{ ostree.stat.exists }}"
- name: skopeo | Uninstall skopeo package managed by package manager
- name: Skopeo | Uninstall skopeo package managed by package manager
package:
name: skopeo
state: absent
......@@ -19,7 +19,7 @@
- not (is_ostree or (ansible_distribution == "Flatcar Container Linux by Kinvolk") or (ansible_distribution == "Flatcar"))
ignore_errors: true # noqa ignore-errors
- name: skopeo | Download skopeo binary
- name: Skopeo | Download skopeo binary
include_tasks: "../../../download/tasks/download_file.yml"
vars:
download: "{{ download_defaults | combine(downloads.skopeo) }}"
......
---
- name: validate-container-engine | check if fedora coreos
- name: Validate-container-engine | check if fedora coreos
stat:
path: /run/ostree-booted
get_attributes: no
......@@ -9,7 +9,7 @@
tags:
- facts
- name: validate-container-engine | set is_ostree
- name: Validate-container-engine | set is_ostree
set_fact:
is_ostree: "{{ ostree.stat.exists }}"
tags:
......
......@@ -8,7 +8,8 @@
- role: adduser
user: "{{ addusers.kube }}"
tasks:
- include_tasks: "../../../../download/tasks/download_file.yml"
- name: Download CNI
include_tasks: "../../../../download/tasks/download_file.yml"
vars:
download: "{{ download_defaults | combine(downloads.cni) }}"
......
---
- name: youki | Download youki
- name: Youki | Download youki
include_tasks: "../../../download/tasks/download_file.yml"
vars:
download: "{{ download_defaults | combine(downloads.youki) }}"
- name: youki | Copy youki binary from download dir
- name: Youki | Copy youki binary from download dir
copy:
src: "{{ local_release_dir }}/youki_v{{ youki_version | regex_replace('\\.', '_') }}_linux/youki-v{{ youki_version }}/youki"
dest: "{{ youki_bin_dir }}/youki"
......
---
# The image_info_command depends on the Container Runtime and will output something like the following:
# nginx:1.15,gcr.io/google-containers/kube-proxy:v1.14.1,gcr.io/google-containers/kube-proxy@sha256:44af2833c6cbd9a7fc2e9d2f5244a39dfd2e31ad91bf9d4b7d810678db738ee9,gcr.io/google-containers/kube-apiserver:v1.14.1,etc...
- name: check_pull_required | Generate a list of information about the images on a node # noqa command-instead-of-shell - image_info_command contains a pipe, therefore requiring shell
- name: Check_pull_required | Generate a list of information about the images on a node # noqa command-instead-of-shell - image_info_command contains a pipe, therefore requiring shell
shell: "{{ image_info_command }}"
register: docker_images
changed_when: false
check_mode: no
when: not download_always_pull
- name: check_pull_required | Set pull_required if the desired image is not yet loaded
- name: Check_pull_required | Set pull_required if the desired image is not yet loaded
set_fact:
pull_required: >-
{%- if image_reponame | regex_replace('^docker\.io/(library/)?', '') in docker_images.stdout.split(',') %}false{%- else -%}true{%- endif -%}
when: not download_always_pull
- name: check_pull_required | Check that the local digest sha256 corresponds to the given image tag
- name: Check_pull_required | Check that the local digest sha256 corresponds to the given image tag
assert:
that: "{{ download.repo }}:{{ download.tag }} in docker_images.stdout.split(',')"
when:
......
---
- block:
- name: set default values for flag variables
- name: Set default values for flag variables
set_fact:
image_is_cached: false
image_changed: false
......@@ -8,12 +8,12 @@
tags:
- facts
- name: download_container | Set a few facts
- name: Download_container | Set a few facts
import_tasks: set_container_facts.yml
tags:
- facts
- name: download_container | Prepare container download
- name: Download_container | Prepare container download
include_tasks: check_pull_required.yml
when:
- not download_always_pull
......@@ -21,7 +21,7 @@
- debug: # noqa name[missing]
msg: "Pull {{ image_reponame }} required is: {{ pull_required }}"
- name: download_container | Determine if image is in cache
- name: Download_container | Determine if image is in cache
stat:
path: "{{ image_path_cached }}"
get_attributes: no
......@@ -36,7 +36,7 @@
when:
- download_force_cache
- name: download_container | Set fact indicating if image is in cache
- name: Download_container | Set fact indicating if image is in cache
set_fact:
image_is_cached: "{{ cache_image.stat.exists }}"
tags:
......@@ -52,7 +52,7 @@
- download_force_cache
- not download_run_once
- name: download_container | Download image if required
- name: Download_container | Download image if required
command: "{{ image_pull_command_on_localhost if download_localhost else image_pull_command }} {{ image_reponame }}"
delegate_to: "{{ download_delegate if download_run_once else inventory_hostname }}"
delegate_facts: yes
......@@ -67,7 +67,7 @@
- pull_required or download_run_once
- not image_is_cached
- name: download_container | Save and compress image
- name: Download_container | Save and compress image
shell: "{{ image_save_command_on_localhost if download_localhost else image_save_command }}" # noqa command-instead-of-shell - image_save_command_on_localhost contains a pipe, therefore requires shell
delegate_to: "{{ download_delegate }}"
delegate_facts: no
......@@ -79,7 +79,7 @@
- not image_is_cached
- download_run_once
- name: download_container | Copy image to ansible host cache
- name: Download_container | Copy image to ansible host cache
ansible.posix.synchronize:
src: "{{ image_path_final }}"
dest: "{{ image_path_cached }}"
......@@ -91,7 +91,7 @@
- not download_localhost
- download_delegate == inventory_hostname
- name: download_container | Upload image to node if it is cached
- name: Download_container | Upload image to node if it is cached
ansible.posix.synchronize:
src: "{{ image_path_cached }}"
dest: "{{ image_path_final }}"
......@@ -107,7 +107,7 @@
- pull_required
- download_force_cache
- name: download_container | Load image into the local container registry
- name: Download_container | Load image into the local container registry
shell: "{{ image_load_command }}" # noqa command-instead-of-shell - image_load_command uses pipes, therefore requires shell
register: container_load_status
failed_when: container_load_status is failed
......@@ -115,7 +115,7 @@
- pull_required
- download_force_cache
- name: download_container | Remove container image from cache
- name: Download_container | Remove container image from cache
file:
state: absent
path: "{{ image_path_final }}"
......
---
- block:
- name: prep_download | Set a few facts
- name: "Download_file | download {{ download.dest }}"
block:
- name: Prep_download | Set a few facts
set_fact:
download_force_cache: "{{ true if download_run_once else download_force_cache }}"
- name: download_file | Starting download of file
- name: Download_file | Starting download of file
debug:
msg: "{{ download.url }}"
run_once: "{{ download_run_once }}"
- name: download_file | Set pathname of cached file
- name: Download_file | Set pathname of cached file
set_fact:
file_path_cached: "{{ download_cache_dir }}/{{ download.dest | basename }}"
tags:
- facts
- name: download_file | Create dest directory on node
- name: Download_file | Create dest directory on node
file:
path: "{{ download.dest | dirname }}"
owner: "{{ download.owner | default(omit) }}"
......@@ -23,7 +24,7 @@
state: directory
recurse: yes
- name: download_file | Create local cache directory
- name: Download_file | Create local cache directory
file:
path: "{{ file_path_cached | dirname }}"
state: directory
......@@ -38,7 +39,7 @@
tags:
- localhost
- name: download_file | Create cache directory on download_delegate host
- name: Download_file | Create cache directory on download_delegate host
file:
path: "{{ file_path_cached | dirname }}"
state: directory
......@@ -52,7 +53,7 @@
# We check a number of mirrors that may hold the file and pick a working one at random
# This task will avoid logging it's parameters to not leak environment passwords in the log
- name: download_file | Validate mirrors
- name: Download_file | Validate mirrors
uri:
url: "{{ mirror }}"
method: HEAD
......@@ -75,14 +76,14 @@
ignore_errors: true
# Ansible 2.9 requires we convert a generator to a list
- name: download_file | Get the list of working mirrors
- name: Download_file | Get the list of working mirrors
set_fact:
valid_mirror_urls: "{{ uri_result.results | selectattr('failed', 'eq', False) | map(attribute='mirror') | list }}"
delegate_to: "{{ download_delegate if download_force_cache else inventory_hostname }}"
# This must always be called, to check if the checksum matches. On no-match the file is re-downloaded.
# This task will avoid logging it's parameters to not leak environment passwords in the log
- name: download_file | Download item
- name: Download_file | Download item
get_url:
url: "{{ valid_mirror_urls | random }}"
dest: "{{ file_path_cached if download_force_cache else download.dest }}"
......@@ -104,7 +105,7 @@
environment: "{{ proxy_env }}"
no_log: "{{ not (unsafe_show_logs | bool) }}"
- name: download_file | Copy file back to ansible host file cache
- name: Download_file | Copy file back to ansible host file cache
ansible.posix.synchronize:
src: "{{ file_path_cached }}"
dest: "{{ file_path_cached }}"
......@@ -115,7 +116,7 @@
- not download_localhost
- download_delegate == inventory_hostname
- name: download_file | Copy file from cache to nodes, if it is available
- name: Download_file | Copy file from cache to nodes, if it is available
ansible.posix.synchronize:
src: "{{ file_path_cached }}"
dest: "{{ download.dest }}"
......@@ -128,7 +129,7 @@
when:
- download_force_cache
- name: download_file | Set mode and owner
- name: Download_file | Set mode and owner
file:
path: "{{ download.dest }}"
mode: "{{ download.mode | default(omit) }}"
......@@ -136,7 +137,7 @@
when:
- download_force_cache
- name: "download_file | Extract file archives"
- name: "Download_file | Extract file archives"
include_tasks: "extract_file.yml"
tags:
......
---
- name: extract_file | Unpacking archive
- name: Extract_file | Unpacking archive
unarchive:
src: "{{ download.dest }}"
dest: "{{ download.dest | dirname }}"
......
---
- name: download | Prepare working directories and variables
- name: Download | Prepare working directories and variables
import_tasks: prep_download.yml
when:
- not skip_downloads | default(false)
......@@ -7,7 +7,7 @@
- download
- upload
- name: download | Get kubeadm binary and list of required images
- name: Download | Get kubeadm binary and list of required images
include_tasks: prep_kubeadm_images.yml
when:
- not skip_downloads | default(false)
......@@ -16,7 +16,7 @@
- download
- upload
- name: download | Download files / images
- name: Download | Download files / images
include_tasks: "{{ include_file }}"
loop: "{{ downloads | combine(kubeadm_images) | dict2items }}"
vars:
......
---
- name: prep_download | Set a few facts
- name: Prep_download | Set a few facts
set_fact:
download_force_cache: "{{ true if download_run_once else download_force_cache }}"
tags:
- facts
- name: prep_download | On localhost, check if passwordless root is possible
- name: Prep_download | On localhost, check if passwordless root is possible
command: "true"
delegate_to: localhost
connection: local
......@@ -20,7 +20,7 @@
- localhost
- asserts
- name: prep_download | On localhost, check if user has access to the container runtime without using sudo
- name: Prep_download | On localhost, check if user has access to the container runtime without using sudo
shell: "{{ image_info_command_on_localhost }}" # noqa command-instead-of-shell - image_info_command_on_localhost contains pipe, therefore requires shell
delegate_to: localhost
connection: local
......@@ -35,7 +35,7 @@
- localhost
- asserts
- name: prep_download | Parse the outputs of the previous commands
- name: Prep_download | Parse the outputs of the previous commands
set_fact:
user_in_docker_group: "{{ not test_docker.failed }}"
user_can_become_root: "{{ not test_become.failed }}"
......@@ -45,7 +45,7 @@
- localhost
- asserts
- name: prep_download | Check that local user is in group or can become root
- name: Prep_download | Check that local user is in group or can become root
assert:
that: "user_in_docker_group or user_can_become_root"
msg: >-
......@@ -56,7 +56,7 @@
- localhost
- asserts
- name: prep_download | Register docker images info
- name: Prep_download | Register docker images info
shell: "{{ image_info_command }}" # noqa command-instead-of-shell - image_info_command contains pipe therefore requires shell
no_log: "{{ not (unsafe_show_logs | bool) }}"
register: docker_images
......@@ -65,7 +65,7 @@
check_mode: no
when: download_container
- name: prep_download | Create staging directory on remote node
- name: Prep_download | Create staging directory on remote node
file:
path: "{{ local_release_dir }}/images"
state: directory
......@@ -75,7 +75,7 @@
when:
- ansible_os_family not in ["Flatcar", "Flatcar Container Linux by Kinvolk"]
- name: prep_download | Create local cache for files and images on control node
- name: Prep_download | Create local cache for files and images on control node
file:
path: "{{ download_cache_dir }}/images"
state: directory
......
---
- name: prep_kubeadm_images | Check kubeadm version matches kubernetes version
- name: Prep_kubeadm_images | Check kubeadm version matches kubernetes version
fail:
msg: "Kubeadm version {{ kubeadm_version }} do not matches kubernetes {{ kube_version }}"
when:
- not skip_downloads | default(false)
- not kubeadm_version == downloads.kubeadm.version
- name: prep_kubeadm_images | Download kubeadm binary
- name: Prep_kubeadm_images | Download kubeadm binary
include_tasks: "download_file.yml"
vars:
download: "{{ download_defaults | combine(downloads.kubeadm) }}"
......@@ -14,7 +14,7 @@
- not skip_downloads | default(false)
- downloads.kubeadm.enabled
- name: prep_kubeadm_images | Create kubeadm config
- name: Prep_kubeadm_images | Create kubeadm config
template:
src: "kubeadm-images.yaml.j2"
dest: "{{ kube_config_dir }}/kubeadm-images.yaml"
......@@ -22,20 +22,20 @@
when:
- not skip_kubeadm_images | default(false)
- name: prep_kubeadm_images | Copy kubeadm binary from download dir to system path
- name: Prep_kubeadm_images | Copy kubeadm binary from download dir to system path
copy:
src: "{{ downloads.kubeadm.dest }}"
dest: "{{ bin_dir }}/kubeadm"
mode: 0755
remote_src: true
- name: prep_kubeadm_images | Set kubeadm binary permissions
- name: Prep_kubeadm_images | Set kubeadm binary permissions
file:
path: "{{ bin_dir }}/kubeadm"
mode: "0755"
state: file
- name: prep_kubeadm_images | Generate list of required images
- name: Prep_kubeadm_images | Generate list of required images
shell: "set -o pipefail && {{ bin_dir }}/kubeadm config images list --config={{ kube_config_dir }}/kubeadm-images.yaml | grep -Ev 'coredns|pause'"
args:
executable: /bin/bash
......@@ -45,7 +45,7 @@
when:
- not skip_kubeadm_images | default(false)
- name: prep_kubeadm_images | Parse list of images
- name: Prep_kubeadm_images | Parse list of images
vars:
kubeadm_images_list: "{{ kubeadm_images_raw.stdout_lines }}"
set_fact:
......@@ -63,7 +63,7 @@
when:
- not skip_kubeadm_images | default(false)
- name: prep_kubeadm_images | Convert list of images to dict for later use
- name: Prep_kubeadm_images | Convert list of images to dict for later use
set_fact:
kubeadm_images: "{{ kubeadm_images_cooked.results | map(attribute='ansible_facts.kubeadm_image') | list | items2dict }}"
run_once: true
......
---
- name: set_container_facts | Display the name of the image being processed
- name: Set_container_facts | Display the name of the image being processed
debug:
msg: "{{ download.repo }}"
- name: set_container_facts | Set if containers should be pulled by digest
- name: Set_container_facts | Set if containers should be pulled by digest
set_fact:
pull_by_digest: "{{ download.sha256 is defined and download.sha256 }}"
- name: set_container_facts | Define by what name to pull the image
- name: Set_container_facts | Define by what name to pull the image
set_fact:
image_reponame: >-
{%- if pull_by_digest %}{{ download.repo }}@sha256:{{ download.sha256 }}{%- else -%}{{ download.repo }}:{{ download.tag }}{%- endif -%}
- name: set_container_facts | Define file name of image
- name: Set_container_facts | Define file name of image
set_fact:
image_filename: "{{ image_reponame | regex_replace('/|\0|:', '_') }}.tar"
- name: set_container_facts | Define path of image
- name: Set_container_facts | Define path of image
set_fact:
image_path_cached: "{{ download_cache_dir }}/images/{{ image_filename }}"
image_path_final: "{{ local_release_dir }}/images/{{ image_filename }}"
......
---
- name: restart etcd
- name: Restart etcd
command: /bin/true
notify:
- Backup etcd data
- etcd | reload systemd
- reload etcd
- wait for etcd up
- Etcd | reload systemd
- Reload etcd
- Wait for etcd up
- Cleanup etcd backups
- name: restart etcd-events
- name: Restart etcd-events
command: /bin/true
notify:
- etcd | reload systemd
- reload etcd-events
- wait for etcd-events up
- Etcd | reload systemd
- Reload etcd-events
- Wait for etcd-events up
- import_tasks: backup.yml
- name: Backup etcd
import_tasks: backup.yml
- name: etcd | reload systemd
- name: Etcd | reload systemd
systemd:
daemon_reload: true
- name: reload etcd
- name: Reload etcd
service:
name: etcd
state: restarted
when: is_etcd_master
- name: reload etcd-events
- name: Reload etcd-events
service:
name: etcd-events
state: restarted
when: is_etcd_master
- name: wait for etcd up
- name: Wait for etcd up
uri:
url: "https://{% if is_etcd_master %}{{ etcd_address }}{% else %}127.0.0.1{% endif %}:2379/health"
validate_certs: no
......@@ -44,9 +45,10 @@
retries: 60
delay: 1
- import_tasks: backup_cleanup.yml
- name: Cleanup etcd backups
import_tasks: backup_cleanup.yml
- name: wait for etcd-events up
- name: Wait for etcd-events up
uri:
url: "https://{% if is_etcd_master %}{{ etcd_address }}{% else %}127.0.0.1{% endif %}:2383/health"
validate_certs: no
......@@ -57,6 +59,6 @@
retries: 60
delay: 1
- name: set etcd_secret_changed
- name: Set etcd_secret_changed
set_fact:
etcd_secret_changed: true
......@@ -41,7 +41,8 @@
ETCDCTL_CACERT: "{{ etcd_cert_dir }}/ca.pem"
ETCDCTL_ENDPOINTS: "{{ etcd_events_access_addresses }}"
- include_tasks: refresh_config.yml
- name: Configure | Refresh etcd config
include_tasks: refresh_config.yml
when: is_etcd_master
- name: Configure | Copy etcd.service systemd file
......
......@@ -56,7 +56,7 @@
run_once: yes
delegate_to: "{{ groups['etcd'][0] }}"
when: gen_certs | default(false)
notify: set etcd_secret_changed
notify: Set etcd_secret_changed
- name: Gen_certs | run cert generation script for all clients
command: "bash -x {{ etcd_script_dir }}/make-ssl-etcd.sh -f {{ etcd_config_dir }}/openssl.conf -d {{ etcd_cert_dir }}"
......@@ -73,7 +73,7 @@
- kube_network_plugin in ["calico", "flannel", "cilium"] or cilium_deploy_additionally | default(false) | bool
- kube_network_plugin != "calico" or calico_datastore == "etcd"
- gen_certs | default(false)
notify: set etcd_secret_changed
notify: Set etcd_secret_changed
- name: Gen_certs | Gather etcd member/admin and kube_control_plane client certs from first etcd node
slurp:
......@@ -97,7 +97,7 @@
- inventory_hostname in groups['etcd']
- sync_certs | default(false)
- inventory_hostname != groups['etcd'][0]
notify: set etcd_secret_changed
notify: Set etcd_secret_changed
- name: Gen_certs | Write etcd member/admin and kube_control_plane client certs to other etcd nodes
copy:
......@@ -129,7 +129,7 @@
- inventory_hostname != groups['etcd'][0]
- kube_network_plugin in ["calico", "flannel", "cilium"] or cilium_deploy_additionally | default(false) | bool
- kube_network_plugin != "calico" or calico_datastore == "etcd"
notify: set etcd_secret_changed
notify: Set etcd_secret_changed
- name: Gen_certs | Write node certs to other etcd nodes
copy:
......@@ -147,12 +147,14 @@
loop_control:
label: "{{ item.item }}"
- include_tasks: gen_nodes_certs_script.yml
- name: Gen_certs | Generate etcd certs
include_tasks: gen_nodes_certs_script.yml
when:
- inventory_hostname in groups['kube_control_plane'] and
sync_certs | default(false) and inventory_hostname not in groups['etcd']
- include_tasks: gen_nodes_certs_script.yml
- name: Gen_certs | Generate etcd certs on nodes if needed
include_tasks: gen_nodes_certs_script.yml
when:
- kube_network_plugin in ["calico", "flannel", "cilium"] or cilium_deploy_additionally | default(false) | bool
- kube_network_plugin != "calico" or calico_datastore == "etcd"
......
---
- import_tasks: install_etcdctl_docker.yml
- name: Install etcdctl from docker
import_tasks: install_etcdctl_docker.yml
when: etcd_cluster_setup
- name: Get currently-deployed etcd version
......@@ -14,14 +16,14 @@
- name: Restart etcd if necessary
command: /bin/true
notify: restart etcd
notify: Restart etcd
when:
- etcd_cluster_setup
- etcd_image_tag not in etcd_current_docker_image.stdout | default('')
- name: Restart etcd-events if necessary
command: /bin/true
notify: restart etcd-events
notify: Restart etcd-events
when:
- etcd_events_cluster_setup
- etcd_image_tag not in etcd_events_current_docker_image.stdout | default('')
......
......@@ -8,19 +8,19 @@
- name: Restart etcd if necessary
command: /bin/true
notify: restart etcd
notify: Restart etcd
when:
- etcd_cluster_setup
- etcd_version.lstrip('v') not in etcd_current_host_version.stdout | default('')
- name: Restart etcd-events if necessary
command: /bin/true
notify: restart etcd-events
notify: Restart etcd-events
when:
- etcd_events_cluster_setup
- etcd_version.lstrip('v') not in etcd_current_host_version.stdout | default('')
- name: install | Download etcd and etcdctl
- name: Install | Download etcd and etcdctl
include_tasks: "../../download/tasks/download_file.yml"
vars:
download: "{{ download_defaults | combine(downloads.etcd) }}"
......@@ -29,7 +29,7 @@
- never
- etcd
- name: install | Copy etcd and etcdctl binary from download dir
- name: Install | Copy etcd and etcdctl binary from download dir
copy:
src: "{{ local_release_dir }}/etcd-{{ etcd_version }}-linux-{{ host_architecture }}/{{ item }}"
dest: "{{ bin_dir }}/{{ item }}"
......
......@@ -12,7 +12,8 @@
ETCDCTL_CACERT: "{{ etcd_cert_dir }}/ca.pem"
ETCDCTL_ENDPOINTS: "{{ etcd_events_access_addresses }}"
- include_tasks: refresh_config.yml
- name: Join Member | Refresh etcd config
include_tasks: refresh_config.yml
vars:
# noqa: jinja[spacing]
etcd_events_peer_addresses: >-
......
......@@ -13,7 +13,8 @@
ETCDCTL_CACERT: "{{ etcd_cert_dir }}/ca.pem"
ETCDCTL_ENDPOINTS: "{{ etcd_access_addresses }}"
- include_tasks: refresh_config.yml
- name: Join Member | Refresh etcd config
include_tasks: refresh_config.yml
vars:
# noqa: jinja[spacing]
etcd_peer_addresses: >-
......
---
- include_tasks: check_certs.yml
- name: Check etcd certs
include_tasks: check_certs.yml
when: cert_management == "script"
tags:
- etcd-secrets
- facts
- include_tasks: "gen_certs_script.yml"
- name: Generate etcd certs
include_tasks: "gen_certs_script.yml"
when:
- cert_management | d('script') == "script"
tags:
- etcd-secrets
- include_tasks: upd_ca_trust.yml
- name: Trust etcd CA
include_tasks: upd_ca_trust.yml
when:
- inventory_hostname in groups['etcd'] | union(groups['kube_control_plane']) | unique | sort
tags:
- etcd-secrets
- include_tasks: upd_ca_trust.yml
- name: Trust etcd CA on nodes if needed
include_tasks: upd_ca_trust.yml
when:
- kube_network_plugin in ["calico", "flannel", "cilium"] or cilium_deploy_additionally | default(false) | bool
- kube_network_plugin != "calico" or calico_datastore == "etcd"
......@@ -49,29 +53,33 @@
- master
- network
- include_tasks: "install_{{ etcd_deployment_type }}.yml"
- name: Install etcd
include_tasks: "install_{{ etcd_deployment_type }}.yml"
when: is_etcd_master
tags:
- upgrade
- include_tasks: configure.yml
- name: Configure etcd
include_tasks: configure.yml
when: is_etcd_master
- include_tasks: refresh_config.yml
- name: Refresh etcd config
include_tasks: refresh_config.yml
when: is_etcd_master
- name: Restart etcd if certs changed
command: /bin/true
notify: restart etcd
notify: Restart etcd
when: is_etcd_master and etcd_cluster_setup and etcd_secret_changed | default(false)
- name: Restart etcd-events if certs changed
command: /bin/true
notify: restart etcd
notify: Restart etcd
when: is_etcd_master and etcd_events_cluster_setup and etcd_secret_changed | default(false)
# After etcd cluster is assembled, make sure that
# initial state of the cluster is in `existing`
# state instead of `new`.
- include_tasks: refresh_config.yml
- name: Refresh etcd config again for idempotency
include_tasks: refresh_config.yml
when: is_etcd_master
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment