|
|
@@ -14,20 +14,11 @@
|
|
|
# configured, we need to make sure to set the node properties beforehand if
|
|
|
# we do not want the defaults
|
|
|
- openshift_facts:
|
|
|
- role: "{{ item.role }}"
|
|
|
- local_facts: "{{ item.local_facts }}"
|
|
|
- with_items:
|
|
|
- - role: common
|
|
|
- local_facts:
|
|
|
- hostname: "{{ openshift_hostname | default(None) }}"
|
|
|
- public_hostname: "{{ openshift_public_hostname | default(None) }}"
|
|
|
- deployment_type: "{{ openshift_deployment_type }}"
|
|
|
- use_flannel: "{{ openshift_use_flannel | default(None) }}"
|
|
|
- - role: node
|
|
|
- local_facts:
|
|
|
- labels: "{{ openshift_node_labels | default(None) }}"
|
|
|
- annotations: "{{ openshift_node_annotations | default(None) }}"
|
|
|
- schedulable: "{{ openshift_schedulable | default(openshift_scheduleable) | default(None) }}"
|
|
|
+ role: node
|
|
|
+ local_facts:
|
|
|
+ labels: "{{ openshift_node_labels | default(None) }}"
|
|
|
+ annotations: "{{ openshift_node_annotations | default(None) }}"
|
|
|
+ schedulable: "{{ openshift_schedulable | default(openshift_scheduleable) | default(None) }}"
|
|
|
- name: Check status of node certificates
|
|
|
stat:
|
|
|
path: "{{ openshift.common.config_base }}/node/{{ item }}"
|
|
|
@@ -45,22 +36,6 @@
|
|
|
node_subdir: node-{{ openshift.common.hostname }}
|
|
|
config_dir: "{{ openshift.common.config_base }}/generated-configs/node-{{ openshift.common.hostname }}"
|
|
|
node_cert_dir: "{{ openshift.common.config_base }}/node"
|
|
|
- - name: Check status of flannel external etcd certificates
|
|
|
- stat:
|
|
|
- path: "{{ openshift.common.config_base }}/node/{{ item }}"
|
|
|
- with_items:
|
|
|
- - node.etcd-client.crt
|
|
|
- - node.etcd-ca.crt
|
|
|
- register: g_external_etcd_flannel_cert_stat_result
|
|
|
- when: groups.oo_etcd_to_config is defined and groups.oo_etcd_to_config and (openshift.common.use_flannel | bool)
|
|
|
- - set_fact:
|
|
|
- etcd_client_flannel_certs_missing: "{{ g_external_etcd_flannel_cert_stat_result.results
|
|
|
- | oo_collect(attribute='stat.exists')
|
|
|
- | list | intersect([false])}}"
|
|
|
- etcd_cert_subdir: openshift-node-{{ openshift.common.hostname }}
|
|
|
- etcd_cert_config_dir: "{{ openshift.common.config_base }}/node"
|
|
|
- etcd_cert_prefix: node.etcd-
|
|
|
- when: groups.oo_etcd_to_config is defined and groups.oo_etcd_to_config and (openshift.common.use_flannel | bool)
|
|
|
|
|
|
- name: Create temp directory for syncing certs
|
|
|
hosts: localhost
|
|
|
@@ -73,65 +48,6 @@
|
|
|
register: mktemp
|
|
|
changed_when: False
|
|
|
|
|
|
-- name: Configure flannel etcd certificates
|
|
|
- hosts: oo_first_etcd
|
|
|
- vars:
|
|
|
- etcd_generated_certs_dir: /etc/etcd/generated_certs
|
|
|
- sync_tmpdir: "{{ hostvars.localhost.mktemp.stdout }}"
|
|
|
- pre_tasks:
|
|
|
- - set_fact:
|
|
|
- etcd_needing_client_certs: "{{ hostvars
|
|
|
- | oo_select_keys(groups['oo_nodes_to_config'])
|
|
|
- | oo_filter_list(filter_attr='etcd_client_flannel_certs_missing') | default([]) }}"
|
|
|
- when: etcd_client_flannel_certs_missing is defined and etcd_client_flannel_certs_missing
|
|
|
- roles:
|
|
|
- - role: etcd_certificates
|
|
|
- when: openshift_use_flannel | default(false) | bool
|
|
|
- post_tasks:
|
|
|
- - name: Create a tarball of the etcd flannel certs
|
|
|
- command: >
|
|
|
- tar -czvf {{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}.tgz
|
|
|
- -C {{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }} .
|
|
|
- args:
|
|
|
- creates: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}.tgz"
|
|
|
- with_items: etcd_needing_client_certs
|
|
|
- when: etcd_client_flannel_certs_missing is defined and etcd_client_flannel_certs_missing
|
|
|
- - name: Retrieve the etcd cert tarballs
|
|
|
- fetch:
|
|
|
- src: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}.tgz"
|
|
|
- dest: "{{ sync_tmpdir }}/"
|
|
|
- flat: yes
|
|
|
- fail_on_missing: yes
|
|
|
- validate_checksum: yes
|
|
|
- with_items: etcd_needing_client_certs
|
|
|
- when: etcd_client_flannel_certs_missing is defined and etcd_client_flannel_certs_missing
|
|
|
-
|
|
|
-- name: Copy the external etcd flannel certs to the nodes
|
|
|
- hosts: oo_nodes_to_config
|
|
|
- vars:
|
|
|
- sync_tmpdir: "{{ hostvars.localhost.mktemp.stdout }}"
|
|
|
- tasks:
|
|
|
- - name: Ensure certificate directory exists
|
|
|
- file:
|
|
|
- path: "{{ openshift.common.config_base }}/node"
|
|
|
- state: directory
|
|
|
- when: etcd_client_flannel_certs_missing is defined and etcd_client_flannel_certs_missing
|
|
|
- - name: Unarchive the tarball on the master
|
|
|
- unarchive:
|
|
|
- src: "{{ sync_tmpdir }}/{{ etcd_cert_subdir }}.tgz"
|
|
|
- dest: "{{ etcd_cert_config_dir }}"
|
|
|
- when: etcd_client_flannel_certs_missing is defined and etcd_client_flannel_certs_missing
|
|
|
- - file:
|
|
|
- path: "{{ etcd_cert_config_dir }}/{{ item }}"
|
|
|
- owner: root
|
|
|
- group: root
|
|
|
- mode: 0600
|
|
|
- with_items:
|
|
|
- - node.etcd-client.crt
|
|
|
- - node.etcd-client.key
|
|
|
- - node.etcd-ca.crt
|
|
|
- when: etcd_client_flannel_certs_missing is defined and etcd_client_flannel_certs_missing
|
|
|
-
|
|
|
- name: Create node certificates
|
|
|
hosts: oo_first_master
|
|
|
vars:
|
|
|
@@ -210,6 +126,86 @@
|
|
|
roles:
|
|
|
- openshift_node
|
|
|
|
|
|
+- name: Gather and set facts for flannel certificatess
|
|
|
+ hosts: oo_nodes_to_config
|
|
|
+ tasks:
|
|
|
+ - name: Check status of flannel external etcd certificates
|
|
|
+ stat:
|
|
|
+ path: "{{ openshift.common.config_base }}/node/{{ item }}"
|
|
|
+ with_items:
|
|
|
+ - node.etcd-client.crt
|
|
|
+ - node.etcd-ca.crt
|
|
|
+ register: g_external_etcd_flannel_cert_stat_result
|
|
|
+ when: groups.oo_etcd_to_config is defined and groups.oo_etcd_to_config and (openshift.common.use_flannel | bool)
|
|
|
+ - set_fact:
|
|
|
+ etcd_client_flannel_certs_missing: "{{ g_external_etcd_flannel_cert_stat_result.results
|
|
|
+ | oo_collect(attribute='stat.exists')
|
|
|
+ | list | intersect([false])}}"
|
|
|
+ etcd_cert_subdir: openshift-node-{{ openshift.common.hostname }}
|
|
|
+ etcd_cert_config_dir: "{{ openshift.common.config_base }}/node"
|
|
|
+ etcd_cert_prefix: node.etcd-
|
|
|
+ when: groups.oo_etcd_to_config is defined and groups.oo_etcd_to_config and (openshift.common.use_flannel | bool)
|
|
|
+
|
|
|
+- name: Configure flannel etcd certificates
|
|
|
+ hosts: oo_first_etcd
|
|
|
+ vars:
|
|
|
+ etcd_generated_certs_dir: /etc/etcd/generated_certs
|
|
|
+ sync_tmpdir: "{{ hostvars.localhost.mktemp.stdout }}"
|
|
|
+ pre_tasks:
|
|
|
+ - set_fact:
|
|
|
+ etcd_needing_client_certs: "{{ hostvars
|
|
|
+ | oo_select_keys(groups['oo_nodes_to_config'])
|
|
|
+ | oo_filter_list(filter_attr='etcd_client_flannel_certs_missing') | default([]) }}"
|
|
|
+ when: etcd_client_flannel_certs_missing is defined and etcd_client_flannel_certs_missing
|
|
|
+ roles:
|
|
|
+ - role: etcd_certificates
|
|
|
+ when: openshift_use_flannel | default(false) | bool
|
|
|
+ post_tasks:
|
|
|
+ - name: Create a tarball of the etcd flannel certs
|
|
|
+ command: >
|
|
|
+ tar -czvf {{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}.tgz
|
|
|
+ -C {{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }} .
|
|
|
+ args:
|
|
|
+ creates: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}.tgz"
|
|
|
+ with_items: etcd_needing_client_certs
|
|
|
+ when: etcd_client_flannel_certs_missing is defined and etcd_client_flannel_certs_missing
|
|
|
+ - name: Retrieve the etcd cert tarballs
|
|
|
+ fetch:
|
|
|
+ src: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}.tgz"
|
|
|
+ dest: "{{ sync_tmpdir }}/"
|
|
|
+ flat: yes
|
|
|
+ fail_on_missing: yes
|
|
|
+ validate_checksum: yes
|
|
|
+ with_items: etcd_needing_client_certs
|
|
|
+ when: etcd_client_flannel_certs_missing is defined and etcd_client_flannel_certs_missing
|
|
|
+
|
|
|
+- name: Copy the external etcd flannel certs to the nodes
|
|
|
+ hosts: oo_nodes_to_config
|
|
|
+ vars:
|
|
|
+ sync_tmpdir: "{{ hostvars.localhost.mktemp.stdout }}"
|
|
|
+ tasks:
|
|
|
+ - name: Ensure certificate directory exists
|
|
|
+ file:
|
|
|
+ path: "{{ openshift.common.config_base }}/node"
|
|
|
+ state: directory
|
|
|
+ when: etcd_client_flannel_certs_missing is defined and etcd_client_flannel_certs_missing
|
|
|
+ - name: Unarchive the tarball on the master
|
|
|
+ unarchive:
|
|
|
+ src: "{{ sync_tmpdir }}/{{ etcd_cert_subdir }}.tgz"
|
|
|
+ dest: "{{ etcd_cert_config_dir }}"
|
|
|
+ when: etcd_client_flannel_certs_missing is defined and etcd_client_flannel_certs_missing
|
|
|
+ - file:
|
|
|
+ path: "{{ etcd_cert_config_dir }}/{{ item }}"
|
|
|
+ owner: root
|
|
|
+ group: root
|
|
|
+ mode: 0600
|
|
|
+ with_items:
|
|
|
+ - node.etcd-client.crt
|
|
|
+ - node.etcd-client.key
|
|
|
+ - node.etcd-ca.crt
|
|
|
+ when: etcd_client_flannel_certs_missing is defined and etcd_client_flannel_certs_missing
|
|
|
+
|
|
|
+
|
|
|
- name: Additional node config
|
|
|
hosts: oo_nodes_to_config
|
|
|
vars:
|
Jason DeTiberus