fix flannel deployment, remove docker bridge before restarting

ae5ff890 · Smana · 242e96d2 · ae5ff890 · ae5ff890 · ae5ff890
Commit ae5ff890 authored 8 years ago by Smana
--- a/roles/kubernetes/secrets/tasks/check-certs.yml
+++ b/roles/kubernetes/secrets/tasks/check-certs.yml
 ---
- name: "Check certs | check if the certs have already been generated on first master"
+- name: "Check_certs | check if the certs have already been generated on first master"
  stat:
    path: "{{ kube_cert_dir }}/ca.pem"
  delegate_to: "{{groups['kube-master'][0]}}"

--- a/roles/kubernetes/secrets/tasks/check-tokens.yml
+++ b/roles/kubernetes/secrets/tasks/check-tokens.yml
 ---
- name: "Check tokens | check if the tokens have already been generated on first master"
+- name: "Check_tokens | check if the tokens have already been generated on first master"
  stat:
    path: "{{ kube_token_dir }}/known_tokens.csv"
  delegate_to: "{{groups['kube-master'][0]}}"

--- a/roles/kubernetes/secrets/tasks/gen_certs.yml
+++ b/roles/kubernetes/secrets/tasks/gen_certs.yml
 ---
- name: certs | write openssl config
+- name: Gen_certs | write openssl config
  template:
    src: "openssl.conf.j2"
    dest: "{{ kube_config_dir }}/openssl.conf"
@@ -7,7 +7,7 @@
  delegate_to: "{{groups['kube-master'][0]}}"
  when: gen_certs|default(false)

- name: certs | copy certs generation script
+- name: Gen_certs | copy certs generation script
  copy:
    src: "make-ssl.sh"
    dest: "{{ kube_script_dir }}/make-ssl.sh"
@@ -16,7 +16,7 @@
  delegate_to: "{{groups['kube-master'][0]}}"
  when: gen_certs|default(false)

- name: certs | run cert generation script
+- name: Gen_certs | run cert generation script
  command: "{{ kube_script_dir }}/make-ssl.sh -f {{ kube_config_dir }}/openssl.conf -d {{ kube_cert_dir }}"
  run_once: yes
  delegate_to: "{{groups['kube-master'][0]}}"
@@ -27,7 +27,7 @@
    master_certs: ['ca-key.pem', 'admin.pem', 'admin-key.pem', 'apiserver-key.pem', 'apiserver.pem']
    node_certs: ['ca.pem', 'node.pem', 'node-key.pem']

- name: certs | Get the certs from first master
+- name: Gen_certs | Get the certs from first master
  slurp:
    src: "{{ kube_cert_dir }}/{{ item }}"
  delegate_to: "{{groups['kube-master'][0]}}"
@@ -37,7 +37,7 @@
  run_once: true
  notify: set secret_changed

- name: certs | Copy certs on masters
+- name: Gen_certs | Copy certs on masters
  copy:
    content: "{{ item.content|b64decode }}"
    dest: "{{ item.source }}"
@@ -45,7 +45,7 @@
  when: inventory_hostname in groups['kube-master'] and sync_certs|default(false) and
        inventory_hostname != groups['kube-master'][0]

- name: certs | Copy certs on nodes
+- name: Gen_certs | Copy certs on nodes
  copy:
    content: "{{ item.content|b64decode }}"
    dest: "{{ item.source }}"
@@ -54,19 +54,14 @@
        inventory_hostname in groups['kube-node'] and sync_certs|default(false) and
        inventory_hostname != groups['kube-master'][0]

- name: certs | check certificate permissions
+- name: Gen_certs | check certificate permissions
  file:
    path={{ kube_cert_dir }}
    group={{ kube_cert_group }}
    owner=kube
    recurse=yes

- shell: ls {{ kube_cert_dir}}/*key.pem
-  register: keyfiles
+- name: Gen_certs | set permissions on keys
+  shell: chmod 0600 {{ kube_cert_dir}}/*key.pem
+  when: inventory_hostname in groups['kube-master']
  changed_when: false
-
- name: certs | set permissions on keys
-  file:
-    path: "{{ item }}"
-    mode: 0600
-  with_items: "{{ keyfiles.stdout_lines }}"
--- a/roles/kubernetes/secrets/tasks/gen_tokens.yml
+++ b/roles/kubernetes/secrets/tasks/gen_tokens.yml
 ---
- name: tokens | copy tokens generation script
+- name: Gen_tokens | copy tokens generation script
  copy:
    src: "kube-gen-token.sh"
    dest: "{{ kube_script_dir }}/kube-gen-token.sh"
@@ -8,7 +8,7 @@
  delegate_to: "{{groups['kube-master'][0]}}"
  when: gen_tokens|default(false)

- name: tokens | generate tokens for master components
+- name: Gen_tokens | generate tokens for master components
  command: "{{ kube_script_dir }}/kube-gen-token.sh {{ item[0] }}-{{ item[1] }}"
  environment:
    TOKEN_DIR: "{{ kube_token_dir }}"
@@ -22,7 +22,7 @@
  delegate_to: "{{groups['kube-master'][0]}}"
  when: gen_tokens|default(false)

- name: tokens | generate tokens for node components
+- name: Gen_tokens | generate tokens for node components
  command: "{{ kube_script_dir }}/kube-gen-token.sh {{ item[0] }}-{{ item[1] }}"
  environment:
    TOKEN_DIR: "{{ kube_token_dir }}"
@@ -36,14 +36,14 @@
  delegate_to: "{{groups['kube-master'][0]}}"
  when: gen_tokens|default(false)

- name: tokens | Get list of tokens from first master
+- name: Gen_tokens | Get list of tokens from first master
  shell: "(find {{ kube_token_dir }} -maxdepth 1 -type f)"
  register: tokens_list
  changed_when: false
  delegate_to: "{{groups['kube-master'][0]}}"
  when: sync_tokens|default(false)

- name: tokens | Get the tokens from first master
+- name: Gen_tokens | Get the tokens from first master
  slurp:
    src: "{{ item }}"
  register: slurp_tokens
@@ -53,7 +53,7 @@
  when: sync_tokens|default(false)
  notify: set secret_changed

- name: tokens | Copy tokens on masters
+- name: Gen_tokens | Copy tokens on masters
  copy:
    content: "{{ item.content|b64decode }}"
    dest: "{{ item.source }}"

--- a/roles/network_plugin/flannel/handlers/main.yml
+++ b/roles/network_plugin/flannel/handlers/main.yml
 ---
+- name: delete default docker bridge
+  command: ip link delete docker0
+  ignore_errors: yes
+  notify: restart docker
+
 - name: restart docker
  command: /bin/true
  notify:
@@ -6,11 +11,6 @@
    - reload docker
    - reload kubelet

- name: delete default docker bridge
-  command: ip link delete docker0
-  ignore_errors: yes
-  notify: restart docker
-
 - name : reload systemd
  shell: systemctl daemon-reload
  when: ansible_service_mgr == "systemd"