Accueil Explorer Aide
S'inscrire Connexion
shixiong
/
okd
1
0
Fork 0
Fichiers Tickets 0 Pull Requests 0 Wiki
Aborescence: d81b5d69ee
Branches Tags
okd
/
roles
/
calico
/
tasks
/
main.yml

main.yml 3.7 KB
Historique Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100 
  1. ---
    2. 

  2. - name: Calico Node | Error if invalid cert arguments
    3. 

  3.   fail:
    4. 

  4.     msg: "Must provide all or none for the following etcd params: calico_etcd_cert_dir, calico_etcd_ca_cert_file, calico_etcd_cert_file, calico_etcd_key_file, calico_etcd_endpoints"
    5. 

  5.   when: (calico_etcd_cert_dir is defined or calico_etcd_ca_cert_file is defined or calico_etcd_cert_file is defined or calico_etcd_key_file is defined or calico_etcd_endpoints is defined) and not (calico_etcd_cert_dir is defined and calico_etcd_ca_cert_file is defined and calico_etcd_cert_file is defined and calico_etcd_key_file is defined and calico_etcd_endpoints is defined)
    6. 

  6. 

  7. - name: Calico Node | Generate OpenShift-etcd certs
    8. 

  8.   include: ../../../roles/etcd_client_certificates/tasks/main.yml
    9. 

  9.   when: calico_etcd_ca_cert_file is not defined or calico_etcd_cert_file is not defined or calico_etcd_key_file is not defined or calico_etcd_endpoints is not defined or calico_etcd_cert_dir is not defined
    10. 

  10.   vars:
    11. 

  11.     etcd_cert_prefix: calico.etcd-
    12. 

  12.     etcd_cert_config_dir: "{{ openshift.common.config_base }}/calico"
    13. 

  13.     embedded_etcd: "{{ hostvars[groups.oo_first_master.0].openshift.master.embedded_etcd }}"
    14. 

  14.     etcd_ca_host: "{{ groups.oo_etcd_to_config.0 }}"
    15. 

  15.     etcd_cert_subdir: "openshift-calico-{{ openshift.common.hostname }}"
    16. 

  16. 

  17. - name: Calico Node | Set etcd cert location facts
    18. 

  18.   when: calico_etcd_ca_cert_file is not defined or calico_etcd_cert_file is not defined or calico_etcd_key_file is not defined or calico_etcd_endpoints is not defined or calico_etcd_cert_dir is not defined
    19. 

  19.   set_fact:
    20. 

  20.     calico_etcd_ca_cert_file: "/etc/origin/calico/calico.etcd-ca.crt"
    21. 

  21.     calico_etcd_cert_file: "/etc/origin/calico/calico.etcd-client.crt"
    22. 

  22.     calico_etcd_key_file: "/etc/origin/calico/calico.etcd-client.key"
    23. 

  23.     calico_etcd_endpoints: "{{ hostvars[groups.oo_first_master.0].openshift.master.etcd_urls | join(',') }}"
    24. 

  24.     calico_etcd_cert_dir: "/etc/origin/calico/"
    25. 

  25. 

  26. - name: Calico Node | Error if no certs set.
    27. 

  27.   fail:
    28. 

  28.     msg: "Invalid etcd configuration for calico."
    29. 

  29.   when: item is not defined or item == ''
    30. 

  30.   with_items:
    31. 

  31.     - calico_etcd_ca_cert_file
    32. 

  32.     - calico_etcd_cert_file
    33. 

  33.     - calico_etcd_key_file
    34. 

  34.     - calico_etcd_endpoints
    35. 

  35. 

  36. - name: Calico Node | Assure the calico certs are present
    37. 

  37.   stat:
    38. 

  38.     path: "{{ item }}"
    39. 

  39.   with_items:
    40. 

  40.     - "{{ calico_etcd_ca_cert_file }}"
    41. 

  41.     - "{{ calico_etcd_cert_file }}"
    42. 

  42.     - "{{ calico_etcd_key_file }}"
    43. 

  43. 

  44. - name: Calico Node | Configure Calico service unit file
    45. 

  45.   template:
    46. 

  46.     dest: "/lib/systemd/system/calico.service"
    47. 

  47.     src: calico.service.j2
    48. 

  48. 

  49. - name: Calico Node | Enable calico
    50. 

  50.   become: yes
    51. 

  51.   systemd:
    52. 

  52.     name: calico
    53. 

  53.     daemon_reload: yes
    54. 

  54.     state: started
    55. 

  55.     enabled: yes
    56. 

  56.   register: start_result
    57. 

  57. 

  58. - name: Calico Node | Assure CNI conf dir exists
    59. 

  59.   become: yes
    60. 

  60.   file: path="{{ cni_conf_dir }}" state=directory
    61. 

  61. 

  62. - name: Calico Node | Generate Calico CNI config
    63. 

  63.   become: yes
    64. 

  64.   template:
    65. 

  65.     src: "10-calico.conf.j2"
    66. 

  66.     dest: "{{ cni_conf_dir }}/10-calico.conf"
    67. 

  67. 

  68. - name: Calico Node | Assures Kuberentes CNI bin dir exists
    69. 

  69.   become: yes
    70. 

  70.   file: path="{{ cni_bin_dir }}" state=directory
    71. 

  71. 

  72. - name: Calico Node | Download Calico CNI Plugin
    73. 

  73.   become: yes
    74. 

  74.   get_url:
    75. 

  75.     url: "{{ calico_url_cni }}"
    76. 

  76.     dest: "{{ cni_bin_dir }}"
    77. 

  77.     mode: a+x
    78. 

  78. 

  79. - name: Calico Node | Download Calico IPAM Plugin
    80. 

  80.   become: yes
    81. 

  81.   get_url:
    82. 

  82.     url: "{{ calico_url_ipam }}"
    83. 

  83.     dest: "{{ cni_bin_dir }}"
    84. 

  84.     mode: a+x
    85. 

  85. 

  86. - name: Calico Node | Download and extract standard CNI plugins
    87. 

  87.   become: yes
    88. 

  88.   unarchive:
    89. 

  89.     remote_src: True
    90. 

  90.     src: "{{ cni_url }}"
    91. 

  91.     dest: "{{ cni_bin_dir }}"
    92. 

  92. 

  93. - name: Calico Node | Assure Calico conf dir exists
    94. 

  94.   become: yes
    95. 

  95.   file: path=/etc/calico/ state=directory
    96. 

  96. 

  97. - name: Calico Node | Set calicoctl.cfg
    98. 

  98.   template:
    99. 

  99.     src: calicoctl.cfg.j2
    100. 

  100.     dest: "/etc/calico/calicoctl.cfg"
    101.