External-Mirrors/kubespray
2
0
Fork 0
mirror of https://github.com/kubernetes-sigs/kubespray.git synced 2026-05-14 12:57:45 -02:30
Code Issues Packages Projects Releases Wiki Activity

project: fix var-spacing ansible rule (#10266)

Browse Source 
* project: fix var-spacing ansible rule

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>

* project: fix spacing on the beginning/end of jinja template

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>

* project: fix spacing of default filter

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>

* project: fix spacing between filter arguments

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>

* project: fix double space at beginning/end of jinja

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>

* project: fix remaining jinja[spacing] ansible-lint warning

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>

---------

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>
This commit is contained in:
Arthur Outhenin-Chalandre
2023-07-05 05:36:54 +02:00
committed by GitHub
parent f8b93fa88a
commit 5d00b851ce
178 changed files with 767 additions and 733 deletions
Download Patch File Download Diff File Expand all files Collapse all files

64
roles/etcd/tasks/check_certs.yml
View File

@@ -42,7 +42,7 @@
- name: "Check_certs | Set 'gen_certs' to true if expected certificates are not on the first etcd node(1/2)"
set_fact:
gen_certs: true
when: force_etcd_cert_refresh or not item in etcdcert_master.files|map(attribute='path') | list
when: force_etcd_cert_refresh or not item in etcdcert_master.files | map(attribute='path') | list
run_once: true
with_items: "{{ expected_files }}"
vars:
@@ -59,7 +59,7 @@
{% for host in k8s_nodes %}
'{{ etcd_cert_dir }}/node-{{ host }}.pem',
'{{ etcd_cert_dir }}/node-{{ host }}-key.pem'
{% if not loop.last %}{{','}}{% endif %}
{% if not loop.last %}{{ ',' }}{% endif %}
{% endfor %}]
- name: "Check_certs | Set 'gen_certs' to true if expected certificates are not on the first etcd node(2/2)"
@@ -77,28 +77,29 @@
'{{ etcd_cert_dir }}/member-{{ host }}.pem',
'{{ etcd_cert_dir }}/member-{{ host }}-key.pem',
{% endfor %}
{% set k8s_nodes = groups['k8s_cluster']|unique|sort %}
{% set k8s_nodes = groups['k8s_cluster'] | unique | sort %}
{% for host in k8s_nodes %}
'{{ etcd_cert_dir }}/node-{{ host }}.pem',
'{{ etcd_cert_dir }}/node-{{ host }}-key.pem'
{% if not loop.last %}{{','}}{% endif %}
{% if not loop.last %}{{ ',' }}{% endif %}
{% endfor %}]
when:
- kube_network_plugin in ["calico", "flannel", "cilium"] or cilium_deploy_additionally | default(false) | bool
- kube_network_plugin != "calico" or calico_datastore == "etcd"
- force_etcd_cert_refresh or not item in etcdcert_master.files|map(attribute='path') | list
- force_etcd_cert_refresh or not item in etcdcert_master.files | map(attribute='path') | list
- name: "Check_certs | Set 'gen_master_certs' object to track whether member and admin certs exist on first etcd node"
set_fact:
# noqa: jinja[spacing]
gen_master_certs: |-
{
{% set etcd_members = groups['etcd'] -%}
{% set existing_certs = etcdcert_master.files|map(attribute='path')|list|sort %}
{% set existing_certs = etcdcert_master.files | map(attribute='path') | list | sort %}
{% for host in etcd_members -%}
{% set member_cert = "%s/member-%s.pem"|format(etcd_cert_dir, host) %}
{% set member_key = "%s/member-%s-key.pem"|format(etcd_cert_dir, host) %}
{% set admin_cert = "%s/admin-%s.pem"|format(etcd_cert_dir, host) %}
{% set admin_key = "%s/admin-%s-key.pem"|format(etcd_cert_dir, host) %}
{% set member_cert = "%s/member-%s.pem" | format(etcd_cert_dir, host) %}
{% set member_key = "%s/member-%s-key.pem" | format(etcd_cert_dir, host) %}
{% set admin_cert = "%s/admin-%s.pem" | format(etcd_cert_dir, host) %}
{% set admin_key = "%s/admin-%s-key.pem" | format(etcd_cert_dir, host) %}
{% if force_etcd_cert_refresh -%}
"{{ host }}": True,
{% elif member_cert in existing_certs and member_key in existing_certs and admin_cert in existing_certs and admin_key in existing_certs -%}
@@ -112,13 +113,14 @@
- name: "Check_certs | Set 'gen_node_certs' object to track whether node certs exist on first etcd node"
set_fact:
# noqa: jinja[spacing]
gen_node_certs: |-
{
{% set k8s_nodes = groups['k8s_cluster'] -%}
{% set existing_certs = etcdcert_master.files|map(attribute='path')|list|sort %}
{% set existing_certs = etcdcert_master.files | map(attribute='path') | list | sort %}
{% for host in k8s_nodes -%}
{% set host_cert = "%s/node-%s.pem"|format(etcd_cert_dir, host) %}
{% set host_key = "%s/node-%s-key.pem"|format(etcd_cert_dir, host) %}
{% set host_cert = "%s/node-%s.pem" | format(etcd_cert_dir, host) %}
{% set host_key = "%s/node-%s-key.pem" | format(etcd_cert_dir, host) %}
{% if force_etcd_cert_refresh -%}
"{{ host }}": True,
{% elif host_cert in existing_certs and host_key in existing_certs -%}
@@ -135,16 +137,16 @@
etcd_member_requires_sync: true
when:
- inventory_hostname in groups['etcd']
- (not etcd_member_certs.results[0].stat.exists|default(false)) or
(not etcd_member_certs.results[1].stat.exists|default(false)) or
(not etcd_member_certs.results[2].stat.exists|default(false)) or
(not etcd_member_certs.results[3].stat.exists|default(false)) or
(not etcd_member_certs.results[4].stat.exists|default(false)) or
(etcd_member_certs.results[0].stat.checksum|default('') != etcdcert_master.files|selectattr("path", "equalto", etcd_member_certs.results[0].stat.path)|map(attribute="checksum")|first|default('')) or
(etcd_member_certs.results[1].stat.checksum|default('') != etcdcert_master.files|selectattr("path", "equalto", etcd_member_certs.results[1].stat.path)|map(attribute="checksum")|first|default('')) or
(etcd_member_certs.results[2].stat.checksum|default('') != etcdcert_master.files|selectattr("path", "equalto", etcd_member_certs.results[2].stat.path)|map(attribute="checksum")|first|default('')) or
(etcd_member_certs.results[3].stat.checksum|default('') != etcdcert_master.files|selectattr("path", "equalto", etcd_member_certs.results[3].stat.path)|map(attribute="checksum")|first|default('')) or
(etcd_member_certs.results[4].stat.checksum|default('') != etcdcert_master.files|selectattr("path", "equalto", etcd_member_certs.results[4].stat.path)|map(attribute="checksum")|first|default(''))
- (not etcd_member_certs.results[0].stat.exists | default(false)) or
(not etcd_member_certs.results[1].stat.exists | default(false)) or
(not etcd_member_certs.results[2].stat.exists | default(false)) or
(not etcd_member_certs.results[3].stat.exists | default(false)) or
(not etcd_member_certs.results[4].stat.exists | default(false)) or
(etcd_member_certs.results[0].stat.checksum | default('') != etcdcert_master.files | selectattr("path", "equalto", etcd_member_certs.results[0].stat.path) | map(attribute="checksum") | first | default('')) or
(etcd_member_certs.results[1].stat.checksum | default('') != etcdcert_master.files | selectattr("path", "equalto", etcd_member_certs.results[1].stat.path) | map(attribute="checksum") | first | default('')) or
(etcd_member_certs.results[2].stat.checksum | default('') != etcdcert_master.files | selectattr("path", "equalto", etcd_member_certs.results[2].stat.path) | map(attribute="checksum") | first | default('')) or
(etcd_member_certs.results[3].stat.checksum | default('') != etcdcert_master.files | selectattr("path", "equalto", etcd_member_certs.results[3].stat.path) | map(attribute="checksum") | first | default('')) or
(etcd_member_certs.results[4].stat.checksum | default('') != etcdcert_master.files | selectattr("path", "equalto", etcd_member_certs.results[4].stat.path) | map(attribute="checksum") | first | default(''))
- name: "Check_certs | Set 'kubernetes_host_requires_sync' to true if ca or node cert and key don't exist on kubernetes host or checksum doesn't match"
set_fact:
@@ -152,18 +154,18 @@
when:
- inventory_hostname in groups['k8s_cluster'] and
inventory_hostname not in groups['etcd']
- (not etcd_node_certs.results[0].stat.exists|default(false)) or
(not etcd_node_certs.results[1].stat.exists|default(false)) or
(not etcd_node_certs.results[2].stat.exists|default(false)) or
(etcd_node_certs.results[0].stat.checksum|default('') != etcdcert_master.files|selectattr("path", "equalto", etcd_node_certs.results[0].stat.path)|map(attribute="checksum")|first|default('')) or
(etcd_node_certs.results[1].stat.checksum|default('') != etcdcert_master.files|selectattr("path", "equalto", etcd_node_certs.results[1].stat.path)|map(attribute="checksum")|first|default('')) or
(etcd_node_certs.results[2].stat.checksum|default('') != etcdcert_master.files|selectattr("path", "equalto", etcd_node_certs.results[2].stat.path)|map(attribute="checksum")|first|default(''))
- (not etcd_node_certs.results[0].stat.exists | default(false)) or
(not etcd_node_certs.results[1].stat.exists | default(false)) or
(not etcd_node_certs.results[2].stat.exists | default(false)) or
(etcd_node_certs.results[0].stat.checksum | default('') != etcdcert_master.files | selectattr("path", "equalto", etcd_node_certs.results[0].stat.path) | map(attribute="checksum") | first | default('')) or
(etcd_node_certs.results[1].stat.checksum | default('') != etcdcert_master.files | selectattr("path", "equalto", etcd_node_certs.results[1].stat.path) | map(attribute="checksum") | first | default('')) or
(etcd_node_certs.results[2].stat.checksum | default('') != etcdcert_master.files | selectattr("path", "equalto", etcd_node_certs.results[2].stat.path) | map(attribute="checksum") | first | default(''))
- name: "Check_certs | Set 'sync_certs' to true"
set_fact:
sync_certs: true
when:
- etcd_member_requires_sync|default(false) or
kubernetes_host_requires_sync|default(false) or
- etcd_member_requires_sync | default(false) or
kubernetes_host_requires_sync | default(false) or
(inventory_hostname in gen_master_certs and gen_master_certs[inventory_hostname]) or
(inventory_hostname in gen_node_certs and gen_node_certs[inventory_hostname])