From ae5ff890d4e02fcb09148ff1280b3b0e8da6683a Mon Sep 17 00:00:00 2001
From: Smana <smainklh@gmail.com>
Date: Fri, 13 May 2016 15:08:28 +0200
Subject: [PATCH] fix flannel deployment, remove docker bridge before
 restarting

---
 .../kubernetes/secrets/tasks/check-certs.yml  |  2 +-
 .../kubernetes/secrets/tasks/check-tokens.yml |  2 +-
 roles/kubernetes/secrets/tasks/gen_certs.yml  | 25 ++++++++-----------
 roles/kubernetes/secrets/tasks/gen_tokens.yml | 12 ++++-----
 .../network_plugin/flannel/handlers/main.yml  | 10 ++++----
 5 files changed, 23 insertions(+), 28 deletions(-)

diff --git a/roles/kubernetes/secrets/tasks/check-certs.yml b/roles/kubernetes/secrets/tasks/check-certs.yml
index 5875fdbf4..1d64dd0f1 100644
--- a/roles/kubernetes/secrets/tasks/check-certs.yml
+++ b/roles/kubernetes/secrets/tasks/check-certs.yml
@@ -1,5 +1,5 @@
 ---
-- name: "Check certs | check if the certs have already been generated on first master"
+- name: "Check_certs | check if the certs have already been generated on first master"
   stat:
     path: "{{ kube_cert_dir }}/ca.pem"
   delegate_to: "{{groups['kube-master'][0]}}"
diff --git a/roles/kubernetes/secrets/tasks/check-tokens.yml b/roles/kubernetes/secrets/tasks/check-tokens.yml
index cfb579ad7..1ecaa7006 100644
--- a/roles/kubernetes/secrets/tasks/check-tokens.yml
+++ b/roles/kubernetes/secrets/tasks/check-tokens.yml
@@ -1,5 +1,5 @@
 ---
-- name: "Check tokens | check if the tokens have already been generated on first master"
+- name: "Check_tokens | check if the tokens have already been generated on first master"
   stat:
     path: "{{ kube_token_dir }}/known_tokens.csv"
   delegate_to: "{{groups['kube-master'][0]}}"
diff --git a/roles/kubernetes/secrets/tasks/gen_certs.yml b/roles/kubernetes/secrets/tasks/gen_certs.yml
index 295ebcb0c..7178bce0c 100644
--- a/roles/kubernetes/secrets/tasks/gen_certs.yml
+++ b/roles/kubernetes/secrets/tasks/gen_certs.yml
@@ -1,5 +1,5 @@
 ---
-- name: certs | write openssl config
+- name: Gen_certs | write openssl config
   template:
     src: "openssl.conf.j2"
     dest: "{{ kube_config_dir }}/openssl.conf"
@@ -7,7 +7,7 @@
   delegate_to: "{{groups['kube-master'][0]}}"
   when: gen_certs|default(false)
 
-- name: certs | copy certs generation script
+- name: Gen_certs | copy certs generation script
   copy:
     src: "make-ssl.sh"
     dest: "{{ kube_script_dir }}/make-ssl.sh"
@@ -16,7 +16,7 @@
   delegate_to: "{{groups['kube-master'][0]}}"
   when: gen_certs|default(false)
 
-- name: certs | run cert generation script
+- name: Gen_certs | run cert generation script
   command: "{{ kube_script_dir }}/make-ssl.sh -f {{ kube_config_dir }}/openssl.conf -d {{ kube_cert_dir }}"
   run_once: yes
   delegate_to: "{{groups['kube-master'][0]}}"
@@ -27,7 +27,7 @@
     master_certs: ['ca-key.pem', 'admin.pem', 'admin-key.pem', 'apiserver-key.pem', 'apiserver.pem']
     node_certs: ['ca.pem', 'node.pem', 'node-key.pem']
 
-- name: certs | Get the certs from first master
+- name: Gen_certs | Get the certs from first master
   slurp:
     src: "{{ kube_cert_dir }}/{{ item }}"
   delegate_to: "{{groups['kube-master'][0]}}"
@@ -37,7 +37,7 @@
   run_once: true
   notify: set secret_changed
 
-- name: certs | Copy certs on masters
+- name: Gen_certs | Copy certs on masters
   copy:
     content: "{{ item.content|b64decode }}"
     dest: "{{ item.source }}"
@@ -45,7 +45,7 @@
   when: inventory_hostname in groups['kube-master'] and sync_certs|default(false) and
         inventory_hostname != groups['kube-master'][0]
 
-- name: certs | Copy certs on nodes
+- name: Gen_certs | Copy certs on nodes
   copy:
     content: "{{ item.content|b64decode }}"
     dest: "{{ item.source }}"
@@ -54,19 +54,14 @@
         inventory_hostname in groups['kube-node'] and sync_certs|default(false) and
         inventory_hostname != groups['kube-master'][0]
 
-- name: certs | check certificate permissions
+- name: Gen_certs | check certificate permissions
   file:
     path={{ kube_cert_dir }}
     group={{ kube_cert_group }}
     owner=kube
     recurse=yes
 
-- shell: ls {{ kube_cert_dir}}/*key.pem
-  register: keyfiles
+- name: Gen_certs | set permissions on keys
+  shell: chmod 0600 {{ kube_cert_dir}}/*key.pem
+  when: inventory_hostname in groups['kube-master']
   changed_when: false
-
-- name: certs | set permissions on keys
-  file:
-    path: "{{ item }}"
-    mode: 0600
-  with_items: "{{ keyfiles.stdout_lines }}"
diff --git a/roles/kubernetes/secrets/tasks/gen_tokens.yml b/roles/kubernetes/secrets/tasks/gen_tokens.yml
index b43213247..796657f65 100644
--- a/roles/kubernetes/secrets/tasks/gen_tokens.yml
+++ b/roles/kubernetes/secrets/tasks/gen_tokens.yml
@@ -1,5 +1,5 @@
 ---
-- name: tokens | copy tokens generation script
+- name: Gen_tokens | copy tokens generation script
   copy:
     src: "kube-gen-token.sh"
     dest: "{{ kube_script_dir }}/kube-gen-token.sh"
@@ -8,7 +8,7 @@
   delegate_to: "{{groups['kube-master'][0]}}"
   when: gen_tokens|default(false)
 
-- name: tokens | generate tokens for master components
+- name: Gen_tokens | generate tokens for master components
   command: "{{ kube_script_dir }}/kube-gen-token.sh {{ item[0] }}-{{ item[1] }}"
   environment:
     TOKEN_DIR: "{{ kube_token_dir }}"
@@ -22,7 +22,7 @@
   delegate_to: "{{groups['kube-master'][0]}}"
   when: gen_tokens|default(false)
 
-- name: tokens | generate tokens for node components
+- name: Gen_tokens | generate tokens for node components
   command: "{{ kube_script_dir }}/kube-gen-token.sh {{ item[0] }}-{{ item[1] }}"
   environment:
     TOKEN_DIR: "{{ kube_token_dir }}"
@@ -36,14 +36,14 @@
   delegate_to: "{{groups['kube-master'][0]}}"
   when: gen_tokens|default(false)
 
-- name: tokens | Get list of tokens from first master
+- name: Gen_tokens | Get list of tokens from first master
   shell: "(find {{ kube_token_dir }} -maxdepth 1 -type f)"
   register: tokens_list
   changed_when: false
   delegate_to: "{{groups['kube-master'][0]}}"
   when: sync_tokens|default(false)
 
-- name: tokens | Get the tokens from first master
+- name: Gen_tokens | Get the tokens from first master
   slurp:
     src: "{{ item }}"
   register: slurp_tokens
@@ -53,7 +53,7 @@
   when: sync_tokens|default(false)
   notify: set secret_changed
 
-- name: tokens | Copy tokens on masters
+- name: Gen_tokens | Copy tokens on masters
   copy:
     content: "{{ item.content|b64decode }}"
     dest: "{{ item.source }}"
diff --git a/roles/network_plugin/flannel/handlers/main.yml b/roles/network_plugin/flannel/handlers/main.yml
index 427370569..cb3986312 100644
--- a/roles/network_plugin/flannel/handlers/main.yml
+++ b/roles/network_plugin/flannel/handlers/main.yml
@@ -1,4 +1,9 @@
 ---
+- name: delete default docker bridge
+  command: ip link delete docker0
+  ignore_errors: yes
+  notify: restart docker
+
 - name: restart docker
   command: /bin/true
   notify:
@@ -6,11 +11,6 @@
     - reload docker
     - reload kubelet
 
-- name: delete default docker bridge
-  command: ip link delete docker0
-  ignore_errors: yes
-  notify: restart docker
-
 - name : reload systemd
   shell: systemctl daemon-reload
   when: ansible_service_mgr == "systemd"