首页 发现 帮助
注册 登录
shixiong
/
okd
1
0
派生 0
文件 工单管理 0 合并请求 0 Wiki
目录树: 8e91ce82be
分支列表 标签列表
okd
/
playbooks
/
common
/
openshift-cluster
/
redeploy-certificates
/
masters.yml

masters.yml 2.5 KB
文件历史 原始文件

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263 
  1. ---
    2. 

  2. - name: Redeploy master certificates
    3. 

  3.   hosts: oo_masters_to_config
    4. 

  4.   any_errors_fatal: true
    5. 

  5.   vars:
    6. 

  6.     openshift_ca_host: "{{ groups.oo_first_master.0 }}"
    7. 

  7.     openshift_master_count: "{{ openshift.master.master_count | default(groups.oo_masters | length) }}"
    8. 

  8.   pre_tasks:
    9. 

  9.   - stat:
    10. 

  10.       path: "{{ openshift_generated_configs_dir }}"
    11. 

  11.     register: openshift_generated_configs_dir_stat
    12. 

  12.   - name: Backup generated certificate and config directories
    13. 

  13.     command: >
    14. 

  14.       tar -czvf /etc/origin/master-node-cert-config-backup-{{ ansible_date_time.epoch }}.tgz
    15. 

  15.       {{ openshift_generated_configs_dir }}
    16. 

  16.       {{ openshift.common.config_base }}/master
    17. 

  17.     when: openshift_generated_configs_dir_stat.stat.exists
    18. 

  18.     delegate_to: "{{ openshift_ca_host }}"
    19. 

  19.     run_once: true
    20. 

  20.   - name: Remove generated certificate directories
    21. 

  21.     file:
    22. 

  22.       path: "{{ item }}"
    23. 

  23.       state: absent
    24. 

  24.     with_items:
    25. 

  25.     - "{{ openshift_generated_configs_dir }}"
    26. 

  26.   - name: Remove generated certificates
    27. 

  27.     file:
    28. 

  28.       path: "{{ openshift.common.config_base }}/master/{{ item }}"
    29. 

  29.       state: absent
    30. 

  30.     with_items:
    31. 

  31.     - "{{ hostvars[inventory_hostname] | certificates_to_synchronize(include_keys=false, include_ca=false) }}"
    32. 

  32.     - "etcd.server.crt"
    33. 

  33.     - "etcd.server.key"
    34. 

  34.     - "master.server.crt"
    35. 

  35.     - "master.server.key"
    36. 

  36.     - "openshift-master.crt"
    37. 

  37.     - "openshift-master.key"
    38. 

  38.     - "openshift-master.kubeconfig"
    39. 

  39.   - name: Remove generated etcd client certificates
    40. 

  40.     file:
    41. 

  41.       path: "{{ openshift.common.config_base }}/master/{{ item }}"
    42. 

  42.       state: absent
    43. 

  43.     with_items:
    44. 

  44.     - "master.etcd-client.crt"
    45. 

  45.     - "master.etcd-client.key"
    46. 

  46.     when: groups.oo_etcd_to_config | default([]) | length == 0
    47. 

  47.   roles:
    48. 

  48.   - role: openshift_master_certificates
    49. 

  49.     openshift_master_etcd_hosts: "{{ hostvars
    50. 

  50.                                      | oo_select_keys(groups['oo_etcd_to_config'] | default([]))
    51. 

  51.                                      | oo_collect('openshift.common.hostname')
    52. 

  52.                                      | default(none, true) }}"
    53. 

  53.     openshift_certificates_redeploy: true
    54. 

  54.   - role: lib_utils
    55. 

  55.   post_tasks:
    56. 

  56.   - yedit:
    57. 

  57.       src: "{{ openshift.common.config_base }}/master/master-config.yaml"
    58. 

  58.       key: servingInfo.namedCertificates
    59. 

  59.       value: "{{ openshift.master.named_certificates | default([]) | oo_named_certificates_list }}"
    60. 

  60.     when:
    61. 

  61.     - ('named_certificates' in openshift.master)
    62. 

  62.     - openshift.master.named_certificates | default([]) | length > 0
    63. 

  63.     - openshift_master_overwrite_named_certificates | default(false) | bool
    64.