1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
|
---
# TODO: support configuration for multiple masters, currently hardcoding
# the info from the first master
# TODO: create a failed_when condition
- name: Create node server certificates
command: >
/usr/bin/openshift admin create-server-cert
--overwrite=false
--cert={{ openshift_cert_dir }}/node-{{ item.openshift_node_hostname }}/server.crt
--key={{ openshift_cert_dir }}/node-{{ item.openshift_node_hostname }}/server.key
--hostnames={{ [openshift_hostname, openshift_public_hostname, openshift_ip, openshift_public_ip]|join(",") }}
args:
chdir: "{{ openshift_cert_dir_parent }}"
creates: "{{ openshift_cert_dir_abs }}/node-{{ item.openshift_node_hostname }}/server.crt"
with_items: openshift_nodes
register: server_cert_result
# TODO: create a failed_when condition
- name: Create node client certificates
command: >
/usr/bin/openshift admin create-node-cert
--overwrite=false
--cert={{ openshift_cert_dir }}/node-{{ item.openshift_node_hostname }}/cert.crt
--key={{ openshift_cert_dir }}/node-{{ item.openshift_node_hostname }}/key.key
--node-name={{ item.openshift_node_hostname }}
args:
chdir: "{{ openshift_cert_dir_parent }}"
creates: "{{ openshift_cert_dir_abs }}/node-{{ item.openshift_node_hostname }}/cert.crt"
with_items: openshift_nodes
register: node_cert_result
# TODO: re-create kubeconfig if certs were regenerated, not just if
# .kubeconfig doesn't exist
# TODO: create a failed_when condition
- name: Create kubeconfigs for nodes
command: >
/usr/bin/openshift admin create-kubeconfig
--client-certificate={{ openshift_cert_dir }}/node-{{ item.openshift_node_hostname }}/cert.crt
--client-key={{ openshift_cert_dir }}/node-{{ item.openshift_node_hostname }}/key.key
--kubeconfig={{ openshift_cert_dir }}/node-{{ item.openshift_node_hostname }}/.kubeconfig
--master={{ openshift_master_urls[0] }}
--public-master={{ openshift_master_public_urls[0] }}
args:
chdir: "{{ openshift_cert_dir_parent }}"
creates: "{{ openshift_cert_dir_abs }}/node-{{ item.openshift_node_hostname }}/.kubeconfig"
with_items: openshift_nodes
register: kubeconfig_result
# TODO: generate the node configs (openshift start node --write-config
# --config='{{ openshift_cert_dir }}/node-{{ item.openshift_node_hostname }}/node.yaml'
# --kubeconfig='{{ openshift_cert_dir }}/node-{{ item.openshift_node_hostname }}/.kubeconfig'
# will need to modify the generated node config as needed
# (servingInfo.{certFile,clientCA,keyFile})
- name: Register unregistered nodes
kubernetes_register_node:
name: "{{ item.openshift_node_name }}"
api_version: "{{ openshift_kube_api_version }}"
cpu: "{{ item.openshift_node_cpu if item.openshift_node_cpu else None }}"
memory: "{{ item.openshift_node_memory if item.openshift_node_memory else None }}"
pod_cidr: "{{ item.openshift_node_pod_cidr if item.openshift_node_pod_cidr else None }}"
host_ip: "{{ item.openshift_node_host_ip }}"
labels: "{{ item.openshift_node_labels if item.openshift_node_labels else {} }}"
annotations: "{{ item.openshift_node_annotations if item.openshift_node_annotations else {} }}"
# TODO: support customizing other attributes such as: client_config,
# client_cluster, client_context, client_user
# TODO: update for v1beta3 changes after rebase: hostnames, external_ips,
# internal_ips, external_id
with_items: openshift_nodes
register: register_result
|
