More idempotency fixes

Fixed sync_tokens fact Fixed sync_certs for k8s tokens fact Disabled register docker images changability Fixed CNI dir permission Fix idempotency for etcd pre upgrade checks
2026-02-18 19:50:11 -03:30 · 2017-03-15 14:00:42 +03:00
parent 3feab1cb2d
commit a422ad0d50
13 changed files with 69 additions and 43 deletions
--- a/roles/network_plugin/calico/tasks/main.yml
+++ b/roles/network_plugin/calico/tasks/main.yml
@@ -41,7 +41,7 @@
  notify: restart calico-node

 - name: Calico | Copy cni plugins from hyperkube
-  command: "{{ docker_bin_dir }}/docker run --rm -v /opt/cni/bin:/cnibindir {{ hyperkube_image_repo }}:{{ hyperkube_image_tag }} /usr/bin/rsync -a /opt/cni/bin/ /cnibindir/"
+  command: "{{ docker_bin_dir }}/docker run --rm -v /opt/cni/bin:/cnibindir {{ hyperkube_image_repo }}:{{ hyperkube_image_tag }} /usr/bin/rsync -ac /opt/cni/bin/ /cnibindir/"
  register: cni_task_result
  until: cni_task_result.rc == 0
  retries: 4
@@ -59,6 +59,14 @@
  when: "{{ overwrite_hyperkube_cni|bool }}"
  tags: [hyperkube, upgrade]

+- name: Calico | Set cni directory permissions
+  file:
+    path: /opt/cni/bin
+    state: directory
+    owner: kube
+    recurse: true
+    mode: 0755
+
 - name: Calico | wait for etcd
  uri:
    url: https://localhost:2379/health
@@ -80,6 +88,7 @@
  register: calico_conf
  delegate_to: "{{groups['etcd'][0]}}"
  run_once: true
+  changed_when: false

 - name: Calico | Configure calico network pool
  shell: >
--- a/roles/network_plugin/canal/tasks/main.yml
+++ b/roles/network_plugin/canal/tasks/main.yml
@@ -44,7 +44,7 @@
  register: canal_node_manifest

 - name: Canal | Copy cni plugins from hyperkube
-  command: "{{ docker_bin_dir }}/docker run --rm -v /opt/cni/bin:/cnibindir {{ hyperkube_image_repo }}:{{ hyperkube_image_tag }} /usr/bin/rsync -a /opt/cni/bin/ /cnibindir/"
+  command: "{{ docker_bin_dir }}/docker run --rm -v /opt/cni/bin:/cnibindir {{ hyperkube_image_repo }}:{{ hyperkube_image_tag }} /usr/bin/rsync -ac /opt/cni/bin/ /cnibindir/"
  register: cni_task_result
  until: cni_task_result.rc == 0
  retries: 4
@@ -61,6 +61,14 @@
  changed_when: false
  tags: [hyperkube, upgrade]

+- name: Canal | Set cni directory permissions
+  file:
+    path: /opt/cni/bin
+    state: directory
+    owner: kube
+    recurse: true
+    mode: 0755
+
 - name: Canal | Install calicoctl container script
  template:
    src: calicoctl-container.j2
--- a/roles/network_plugin/cloud/tasks/main.yml
+++ b/roles/network_plugin/cloud/tasks/main.yml
@@ -1,5 +1,4 @@
 ---
-
 - name: Cloud | Copy cni plugins from hyperkube
  command: "{{ docker_bin_dir }}/docker run --rm -v /opt/cni/bin:/cnibindir {{ hyperkube_image_repo }}:{{ hyperkube_image_tag }} /bin/cp -r /opt/cni/bin/. /cnibindir/"
  register: cni_task_result
@@ -7,3 +6,12 @@
  retries: 4
  delay: "{{ retry_stagger | random + 3 }}"
  changed_when: false
+
+- name: Cloud | Set cni directory permissions
+  file:
+    path: /opt/cni/bin
+    state: directory
+    owner: kube
+    recurse: true
+    mode: "u=rwX,g-rwx,o-rwx"
+