| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119 |
- ---
- - name: Set etcd facts needed for generating certs
- hosts: oo_etcd_to_config
- any_errors_fatal: true
- roles:
- - openshift_facts
- tasks:
- - openshift_facts:
- role: etcd
- local_facts:
- etcd_image: "{{ osm_etcd_image | default(None) }}"
- - name: Check status of etcd certificates
- stat:
- path: "{{ item }}"
- with_items:
- - /etc/etcd/server.crt
- - /etc/etcd/peer.crt
- - /etc/etcd/ca.crt
- register: g_etcd_server_cert_stat_result
- - set_fact:
- etcd_server_certs_missing: "{{ g_etcd_server_cert_stat_result.results | oo_collect(attribute='stat.exists')
- | list | intersect([false])}}"
- etcd_cert_subdir: etcd-{{ openshift.common.hostname }}
- etcd_cert_config_dir: /etc/etcd
- etcd_cert_prefix:
- etcd_hostname: "{{ openshift.common.hostname }}"
- etcd_ip: "{{ openshift.common.ip }}"
- - name: Create temp directory for syncing certs
- hosts: localhost
- connection: local
- become: no
- gather_facts: no
- tasks:
- - name: Create local temp directory for syncing certs
- local_action: command mktemp -d /tmp/openshift-ansible-XXXXXXX
- register: g_etcd_mktemp
- changed_when: False
- - name: Configure etcd certificates
- hosts: oo_first_etcd
- vars:
- etcd_generated_certs_dir: /etc/etcd/generated_certs
- etcd_needing_server_certs: "{{ hostvars
- | oo_select_keys(groups['oo_etcd_to_config'])
- | oo_filter_list(filter_attr='etcd_server_certs_missing') }}"
- sync_tmpdir: "{{ hostvars.localhost.g_etcd_mktemp.stdout }}"
- roles:
- - openshift_etcd_certificates
- post_tasks:
- - name: Create a tarball of the etcd certs
- command: >
- tar -czvf {{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}.tgz
- -C {{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }} .
- args:
- creates: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}.tgz"
- with_items: "{{ etcd_needing_server_certs | default([]) }}"
- - name: Retrieve the etcd cert tarballs
- fetch:
- src: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}.tgz"
- dest: "{{ sync_tmpdir }}/"
- flat: yes
- fail_on_missing: yes
- validate_checksum: yes
- with_items: "{{ etcd_needing_server_certs | default([]) }}"
- # Configure a first etcd host to avoid conflicts in choosing a leader
- # if other members come online too quickly.
- - name: Configure first etcd host
- hosts: oo_first_etcd
- vars:
- sync_tmpdir: "{{ hostvars.localhost.g_etcd_mktemp.stdout }}"
- etcd_url_scheme: https
- etcd_peer_url_scheme: https
- etcd_peers: "{{ groups.oo_etcd_to_config | default([], true) }}"
- pre_tasks:
- - name: Ensure certificate directory exists
- file:
- path: "{{ etcd_cert_config_dir }}"
- state: directory
- - name: Unarchive the tarball on the etcd host
- unarchive:
- src: "{{ sync_tmpdir }}/{{ etcd_cert_subdir }}.tgz"
- dest: "{{ etcd_cert_config_dir }}"
- when: etcd_server_certs_missing
- roles:
- - openshift_etcd
- - nickhammond.logrotate
- # Configure the remaining etcd hosts, skipping the first one we dealt with above.
- - name: Configure remaining etcd hosts
- hosts: oo_etcd_to_config:!oo_first_etcd
- vars:
- sync_tmpdir: "{{ hostvars.localhost.g_etcd_mktemp.stdout }}"
- etcd_url_scheme: https
- etcd_peer_url_scheme: https
- etcd_peers: "{{ groups.oo_etcd_to_config | default([], true) }}"
- pre_tasks:
- - name: Ensure certificate directory exists
- file:
- path: "{{ etcd_cert_config_dir }}"
- state: directory
- - name: Unarchive the tarball on the etcd host
- unarchive:
- src: "{{ sync_tmpdir }}/{{ etcd_cert_subdir }}.tgz"
- dest: "{{ etcd_cert_config_dir }}"
- when: etcd_server_certs_missing
- roles:
- - openshift_etcd
- - role: nickhammond.logrotate
- - name: Delete temporary directory on localhost
- hosts: localhost
- connection: local
- become: no
- gather_facts: no
- tasks:
- - file: name={{ g_etcd_mktemp.stdout }} state=absent
- changed_when: False
|
