|
|
|
@ -33,10 +33,29 @@ |
|
|
|
['{{ etcd_cert_dir }}/ca.pem', |
|
|
|
{% set all_etcd_hosts = groups['k8s-cluster']|union(groups['etcd'])|union(groups['calico-rr']|default([]))|unique|sort %} |
|
|
|
{% for host in all_etcd_hosts %} |
|
|
|
'{{ etcd_cert_dir }}/node-{{ host }}-key.pem' |
|
|
|
{% if not loop.last %}{{','}}{% endif %} |
|
|
|
'{{ etcd_cert_dir }}/node-{{ host }}-key.pem', |
|
|
|
'{{ etcd_cert_dir }}/admin-{{ host }}-key.pem', |
|
|
|
'{{ etcd_cert_dir }}/member-{{ host }}-key.pem' |
|
|
|
{% if not loop.last %}{{','}}{% endif %} |
|
|
|
{% endfor %}] |
|
|
|
|
|
|
|
- name: "Check_certs | Set 'gen_master_certs' to true" |
|
|
|
set_fact: |
|
|
|
gen_master_certs: |- |
|
|
|
{ |
|
|
|
{% set all_etcd_hosts = groups['k8s-cluster']|union(groups['etcd'])|union(groups['calico-rr']|default([]))|unique|sort -%} |
|
|
|
{% set existing_certs = etcdcert_master.files|map(attribute='path')|list|sort %} |
|
|
|
{% for host in all_etcd_hosts -%} |
|
|
|
{% set host_cert = "%s/member-%s-key.pem"|format(etcd_cert_dir, host) %} |
|
|
|
{% if host_cert in existing_certs -%} |
|
|
|
"{{ host }}": False, |
|
|
|
{% else -%} |
|
|
|
"{{ host }}": True, |
|
|
|
{% endif -%} |
|
|
|
{% endfor %} |
|
|
|
} |
|
|
|
run_once: true |
|
|
|
|
|
|
|
- name: "Check_certs | Set 'gen_node_certs' to true" |
|
|
|
set_fact: |
|
|
|
gen_node_certs: |- |
|
|
|
@ -59,6 +78,7 @@ |
|
|
|
sync_certs: true |
|
|
|
when: |
|
|
|
- gen_node_certs[inventory_hostname] or |
|
|
|
gen_master_certs[inventory_hostname] or |
|
|
|
(not etcdcert_node.results[0].stat.exists|default(false)) or |
|
|
|
(not etcdcert_node.results[1].stat.exists|default(false)) or |
|
|
|
(etcdcert_node.results[1].stat.checksum|default('') != etcdcert_master.files|selectattr("path", "equalto", etcdcert_node.results[1].stat.path)|map(attribute="checksum")|first|default('')) |
Etienne Champetier
4 years ago
GitHub