| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124 |
- ---
- - name: Set etcd facts needed for generating certs
- hosts: oo_etcd_to_config
- roles:
- - openshift_facts
- tasks:
- - openshift_facts:
- role: "{{ item.role }}"
- local_facts: "{{ item.local_facts }}"
- with_items:
- - role: common
- local_facts:
- hostname: "{{ openshift_hostname | default(None) }}"
- public_hostname: "{{ openshift_public_hostname | default(None) }}"
- deployment_type: "{{ openshift_deployment_type }}"
- - role: etcd
- local_facts:
- etcd_image: "{{ osm_etcd_image | default(None) }}"
- - name: Check status of etcd certificates
- stat:
- path: "{{ item }}"
- with_items:
- - /etc/etcd/server.crt
- - /etc/etcd/peer.crt
- - /etc/etcd/ca.crt
- register: g_etcd_server_cert_stat_result
- - set_fact:
- etcd_server_certs_missing: "{{ g_etcd_server_cert_stat_result.results | oo_collect(attribute='stat.exists')
- | list | intersect([false])}}"
- etcd_cert_subdir: etcd-{{ openshift.common.hostname }}
- etcd_cert_config_dir: /etc/etcd
- etcd_cert_prefix:
- - name: Create temp directory for syncing certs
- hosts: localhost
- connection: local
- become: no
- gather_facts: no
- tasks:
- - name: Create local temp directory for syncing certs
- local_action: command mktemp -d /tmp/openshift-ansible-XXXXXXX
- register: g_etcd_mktemp
- changed_when: False
- - name: Configure etcd certificates
- hosts: oo_first_etcd
- vars:
- etcd_generated_certs_dir: /etc/etcd/generated_certs
- etcd_needing_server_certs: "{{ hostvars
- | oo_select_keys(groups['oo_etcd_to_config'])
- | oo_filter_list(filter_attr='etcd_server_certs_missing') }}"
- sync_tmpdir: "{{ hostvars.localhost.g_etcd_mktemp.stdout }}"
- roles:
- - etcd_certificates
- post_tasks:
- - name: Create a tarball of the etcd certs
- command: >
- tar -czvf {{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}.tgz
- -C {{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }} .
- args:
- creates: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}.tgz"
- with_items: etcd_needing_server_certs
- - name: Retrieve the etcd cert tarballs
- fetch:
- src: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}.tgz"
- dest: "{{ sync_tmpdir }}/"
- flat: yes
- fail_on_missing: yes
- validate_checksum: yes
- with_items: etcd_needing_server_certs
- - name: Configure first etcd host
- hosts: oo_first_etcd
- vars:
- sync_tmpdir: "{{ hostvars.localhost.g_etcd_mktemp.stdout }}"
- etcd_url_scheme: https
- etcd_peer_url_scheme: https
- etcd_peers_group: oo_etcd_to_config
- pre_tasks:
- - name: Ensure certificate directory exists
- file:
- path: "{{ etcd_cert_config_dir }}"
- state: directory
- - name: Unarchive the tarball on the etcd host
- unarchive:
- src: "{{ sync_tmpdir }}/{{ etcd_cert_subdir }}.tgz"
- dest: "{{ etcd_cert_config_dir }}"
- when: etcd_server_certs_missing
- roles:
- - openshift_etcd
- - nickhammond.logrotate
- - name: Configure remaining etcd hosts
- hosts: oo_etcd_to_config:!oo_first_etcd
- vars:
- sync_tmpdir: "{{ hostvars.localhost.g_etcd_mktemp.stdout }}"
- etcd_url_scheme: https
- etcd_peer_url_scheme: https
- etcd_peers_group: oo_etcd_to_config
- pre_tasks:
- - name: Ensure certificate directory exists
- file:
- path: "{{ etcd_cert_config_dir }}"
- state: directory
- - name: Unarchive the tarball on the etcd host
- unarchive:
- src: "{{ sync_tmpdir }}/{{ etcd_cert_subdir }}.tgz"
- dest: "{{ etcd_cert_config_dir }}"
- when: etcd_server_certs_missing
- roles:
- - etcd
- - role: nickhammond.logrotate
- - name: Delete temporary directory on localhost
- hosts: localhost
- connection: local
- become: no
- gather_facts: no
- tasks:
- - file: name={{ g_etcd_mktemp.stdout }} state=absent
- changed_when: False
|
