You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

58 lines
2.0 KiB

  1. ---
  2. - name: Gen_tokens | copy tokens generation script
  3. copy:
  4. src: "kube-gen-token.sh"
  5. dest: "{{ kube_script_dir }}/kube-gen-token.sh"
  6. mode: 0700
  7. run_once: yes
  8. delegate_to: "{{groups['kube-master'][0]}}"
  9. when: gen_tokens|default(false)
  10. - name: Gen_tokens | generate tokens for master components
  11. command: "{{ kube_script_dir }}/kube-gen-token.sh {{ item[0] }}-{{ item[1] }}"
  12. environment:
  13. TOKEN_DIR: "{{ kube_token_dir }}"
  14. with_nested:
  15. - [ "system:kubectl" ]
  16. - "{{ groups['kube-master'] }}"
  17. register: gentoken_master
  18. changed_when: "'Added' in gentoken_master.stdout"
  19. notify: set secret_changed
  20. run_once: yes
  21. delegate_to: "{{groups['kube-master'][0]}}"
  22. when: gen_tokens|default(false)
  23. - name: Gen_tokens | generate tokens for node components
  24. command: "{{ kube_script_dir }}/kube-gen-token.sh {{ item[0] }}-{{ item[1] }}"
  25. environment:
  26. TOKEN_DIR: "{{ kube_token_dir }}"
  27. with_nested:
  28. - [ 'system:kubelet' ]
  29. - "{{ groups['kube-node'] }}"
  30. register: gentoken_node
  31. changed_when: "'Added' in gentoken_node.stdout"
  32. notify: set secret_changed
  33. run_once: yes
  34. delegate_to: "{{groups['kube-master'][0]}}"
  35. when: gen_tokens|default(false)
  36. - name: Gen_tokens | Get list of tokens from first master
  37. shell: "(find {{ kube_token_dir }} -maxdepth 1 -type f)"
  38. register: tokens_list
  39. check_mode: no
  40. delegate_to: "{{groups['kube-master'][0]}}"
  41. run_once: true
  42. when: sync_tokens|default(false)
  43. - name: Gen_tokens | Gather tokens
  44. shell: "tar cfz - {{ tokens_list.stdout_lines | join(' ') }} | base64 --wrap=0"
  45. register: tokens_data
  46. check_mode: no
  47. delegate_to: "{{groups['kube-master'][0]}}"
  48. run_once: true
  49. when: sync_tokens|default(false)
  50. - name: Gen_tokens | Copy tokens on masters
  51. shell: "echo '{{ tokens_data.stdout|quote }}' | base64 -d | tar xz -C /"
  52. when: inventory_hostname in groups['kube-master'] and sync_tokens|default(false) and
  53. inventory_hostname != groups['kube-master'][0] and tokens_data.stdout != ''