Merge pull request #905 from galthaus/async-runs

Add tasks to ensure that the first nodes have their directories for cert gen
7 years ago · 8ce32eb3e1
3 changed files with 68 additions and 3 deletions
--- a/roles/etcd/tasks/gen_certs.yml
+++ b/roles/etcd/tasks/gen_certs.yml
@ -1,19 +1,29 @@
 ---
+- name: Gen_certs | create etcd cert dir
+  file:
+    path={{ etcd_cert_dir }}
+    group={{ etcd_cert_group }}
+    state=directory
+    owner=root
+    recurse=yes

- name: Gen_certs | create etcd script dir
+- name: "Gen_certs | create etcd script dir (on {{groups['etcd'][0]}})"
  file:
    path: "{{ etcd_script_dir }}"
    state: directory
    owner: root
-  when: inventory_hostname == groups['etcd'][0]
+  run_once: yes
+  delegate_to: "{{groups['etcd'][0]}}"

- name: Gen_certs | create etcd cert dir
+- name: "Gen_certs | create etcd cert dir (on {{groups['etcd'][0]}})"
  file:
    path={{ etcd_cert_dir }}
    group={{ etcd_cert_group }}
    state=directory
    owner=root
    recurse=yes
+  run_once: yes
+  delegate_to: "{{groups['etcd'][0]}}"

 - name: Gen_certs | write openssl config
  template:
--- a/roles/kubernetes/secrets/tasks/gen_certs.yml
+++ b/roles/kubernetes/secrets/tasks/gen_certs.yml
@ -1,4 +1,24 @@
 ---
+- name: "Gen_certs | Create kubernetes config directory (on {{groups['kube-master'][0]}})"
+  file:
+    path: "{{ kube_config_dir }}"
+    state: directory
+    owner: kube
+  run_once: yes
+  delegate_to: "{{groups['kube-master'][0]}}"
+  tags: [kubelet, k8s-secrets, kube-controller-manager, kube-apiserver, bootstrap-os, apps, network, master, node]
+  when: gen_certs|default(false)
+
+- name: "Gen_certs | Create kubernetes script directory (on {{groups['kube-master'][0]}})"
+  file:
+    path: "{{ kube_script_dir }}"
+    state: directory
+    owner: kube
+  run_once: yes
+  delegate_to: "{{groups['kube-master'][0]}}"
+  tags: [k8s-secrets, bootstrap-os]
+  when: gen_certs|default(false)
+
 - name: Gen_certs | write openssl config
  template:
    src: "openssl.conf.j2"
--- a/roles/kubernetes/secrets/tasks/main.yml
+++ b/roles/kubernetes/secrets/tasks/main.yml
@ -35,6 +35,41 @@
  when: inventory_hostname in "{{ groups['kube-master'] }}"
  notify: set secret_changed

+#
+# The following directory creates make sure that the directories
+# exist on the first master for cases where the first master isn't
+# being run.
+#
+- name: "Gen_certs | Create kubernetes config directory (on {{groups['kube-master'][0]}})"
+  file:
+    path: "{{ kube_config_dir }}"
+    state: directory
+    owner: kube
+  run_once: yes
+  delegate_to: "{{groups['kube-master'][0]}}"
+  tags: [kubelet, k8s-secrets, kube-controller-manager, kube-apiserver, bootstrap-os, apps, network, master, node]
+  when: gen_certs|default(false) or gen_tokens|default(false)
+
+- name: "Gen_certs | Create kubernetes script directory (on {{groups['kube-master'][0]}})"
+  file:
+    path: "{{ kube_script_dir }}"
+    state: directory
+    owner: kube
+  run_once: yes
+  delegate_to: "{{groups['kube-master'][0]}}"
+  tags: [k8s-secrets, bootstrap-os]
+  when: gen_certs|default(false) or gen_tokens|default(false)
+
+- name: "Get_tokens | Make sure the tokens directory exits (on {{groups['kube-master'][0]}})"
+  file:
+    path={{ kube_token_dir }}
+    state=directory
+    mode=o-rwx
+    group={{ kube_cert_group }}
+  run_once: yes
+  delegate_to: "{{groups['kube-master'][0]}}"
+  when: gen_tokens|default(false)
+
 - include: gen_certs.yml
  tags: k8s-secrets
 - include: gen_tokens.yml