Skip to content
Snippets Groups Projects
Commit 69786b2d authored by Tatsuyuki Ishi's avatar Tatsuyuki Ishi
Browse files

gen_certs_script: refactor using stdin (Ansible 2.4+)

parent 7a2cfb85
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
roles/etcd/tasks/gen_certs_script.yml
+ 10
33
View file @ 69786b2d
...@@ -94,9 +94,9 @@ ...@@ -94,9 +94,9 @@
- facts - facts
- name: Gen_certs | Gather etcd master certs - name: Gen_certs | Gather etcd master certs
shell: "tar cfz - -C {{ etcd_cert_dir }} -T /dev/stdin <<< {{ my_master_certs|join(' ') }} {{ all_node_certs|join(' ') }} | base64 --wrap=0" command: "tar cfz - -C {{ etcd_cert_dir }} -T /dev/stdin"
args: args:
executable: /bin/bash input: "{{ my_master_certs|join(' ') }} {{ all_node_certs|join(' ') }}"
register: etcd_master_cert_data register: etcd_master_cert_data
no_log: true no_log: true
check_mode: no check_mode: no
...@@ -106,9 +106,9 @@ ...@@ -106,9 +106,9 @@
notify: set etcd_secret_changed notify: set etcd_secret_changed
- name: Gen_certs | Gather etcd node certs - name: Gen_certs | Gather etcd node certs
shell: "tar cfz - -C {{ etcd_cert_dir }} -T /dev/stdin <<< {{ my_node_certs|join(' ') }} | base64 --wrap=0" command: "tar cfz - -C {{ etcd_cert_dir }} -T /dev/stdin"
args: args:
executable: /bin/bash stdin: "{{ my_node_certs|join(' ') }}"
register: etcd_node_cert_data register: etcd_node_cert_data
no_log: true no_log: true
check_mode: no check_mode: no
...@@ -118,27 +118,10 @@ ...@@ -118,27 +118,10 @@
sync_certs|default(false) and inventory_hostname not in groups['etcd'] sync_certs|default(false) and inventory_hostname not in groups['etcd']
notify: set etcd_secret_changed notify: set etcd_secret_changed
# NOTE(mattymo): Use temporary file to copy master certs because we have a ~200k
# char limit when using shell command
# FIXME(mattymo): Use tempfile module in ansible 2.3
- name: Gen_certs | Prepare tempfile for unpacking certs
command: mktemp /tmp/certsXXXXX.tar.gz
register: cert_tempfile
when: inventory_hostname in groups['etcd'] and sync_certs|default(false) and
inventory_hostname != groups['etcd'][0]
- name: Gen_certs | Write master certs to tempfile
copy:
content: "{{etcd_master_cert_data.stdout}}"
dest: "{{cert_tempfile.stdout}}"
owner: root
mode: "0600"
when: inventory_hostname in groups['etcd'] and sync_certs|default(false) and
inventory_hostname != groups['etcd'][0]
- name: Gen_certs | Unpack certs on masters - name: Gen_certs | Unpack certs on masters
shell: "base64 -d < {{ cert_tempfile.stdout }} | tar xz -C {{ etcd_cert_dir }}" command: "tar xz -C {{ etcd_cert_dir }}"
args:
stdin: "{{ etcd_master_cert_data.stdout }}"
no_log: true no_log: true
changed_when: false changed_when: false
check_mode: no check_mode: no
...@@ -146,17 +129,11 @@ ...@@ -146,17 +129,11 @@
inventory_hostname != groups['etcd'][0] inventory_hostname != groups['etcd'][0]
notify: set secret_changed notify: set secret_changed
- name: Gen_certs | Cleanup tempfile
file:
path: "{{cert_tempfile.stdout}}"
state: absent
when: inventory_hostname in groups['etcd'] and sync_certs|default(false) and
inventory_hostname != groups['etcd'][0]
- name: Gen_certs | Copy certs on nodes - name: Gen_certs | Copy certs on nodes
shell: "base64 -d <<< '{{etcd_node_cert_data.stdout|quote}}' | tar xz -C {{ etcd_cert_dir }}" command: "tar xz -C {{ etcd_cert_dir }}"
args: args:
executable: /bin/bash stdin: "{{ etcd_node_cert_data.stdout }}"
no_log: true
changed_when: false changed_when: false
when: sync_certs|default(false) and when: sync_certs|default(false) and
inventory_hostname not in groups['etcd'] inventory_hostname not in groups['etcd']
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment