Update deploy-env role
When generating keys and sharing them between nodes in a multinode env it is important that task which generates keys is finished before trying to use these keys on another node. The PR splits the Ansible block into two blocks and makes sure the playbook deploy-env is run with the linear strategy. Thus we can be sure that keys are first generated on all affected nodes and only then are used to setup tunnels and passwordless ssh. Change-Id: I9985855d7909aa5365876a24e2a806ab6be1dd7c
This commit is contained in:
parent
c68a4ff43e
commit
a5f6eb6ed4
@ -12,6 +12,7 @@
|
|||||||
|
|
||||||
---
|
---
|
||||||
- hosts: all
|
- hosts: all
|
||||||
|
strategy: linear
|
||||||
become: true
|
become: true
|
||||||
gather_facts: true
|
gather_facts: true
|
||||||
roles:
|
roles:
|
||||||
|
@ -11,28 +11,28 @@
|
|||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
|
|
||||||
---
|
---
|
||||||
- name: Setup passwordless ssh from primary and cluster nodes
|
- name: Set client user home directory
|
||||||
block:
|
|
||||||
- name: Set client user home directory
|
|
||||||
set_fact:
|
set_fact:
|
||||||
client_user_home_directory: /home/{{ client_ssh_user }}
|
client_user_home_directory: /home/{{ client_ssh_user }}
|
||||||
when: client_ssh_user != "root"
|
when: client_ssh_user != "root"
|
||||||
|
|
||||||
- name: Set client user home directory
|
- name: Set client user home directory
|
||||||
set_fact:
|
set_fact:
|
||||||
client_user_home_directory: /root
|
client_user_home_directory: /root
|
||||||
when: client_ssh_user == "root"
|
when: client_ssh_user == "root"
|
||||||
|
|
||||||
- name: Set cluster user home directory
|
- name: Set cluster user home directory
|
||||||
set_fact:
|
set_fact:
|
||||||
cluster_user_home_directory: /home/{{ cluster_ssh_user }}
|
cluster_user_home_directory: /home/{{ cluster_ssh_user }}
|
||||||
when: cluster_ssh_user != "root"
|
when: cluster_ssh_user != "root"
|
||||||
|
|
||||||
- name: Set cluster user home directory
|
- name: Set cluster user home directory
|
||||||
set_fact:
|
set_fact:
|
||||||
cluster_user_home_directory: /root
|
cluster_user_home_directory: /root
|
||||||
when: cluster_ssh_user == "root"
|
when: cluster_ssh_user == "root"
|
||||||
|
|
||||||
|
- name: Setup ssh keys
|
||||||
|
block:
|
||||||
- name: Generate ssh key pair
|
- name: Generate ssh key pair
|
||||||
shell: |
|
shell: |
|
||||||
ssh-keygen -t ed25519 -q -N "" -f {{ client_user_home_directory }}/.ssh/id_ed25519
|
ssh-keygen -t ed25519 -q -N "" -f {{ client_user_home_directory }}/.ssh/id_ed25519
|
||||||
@ -45,6 +45,8 @@
|
|||||||
register: ssh_public_key
|
register: ssh_public_key
|
||||||
when: (inventory_hostname in (groups['primary'] | default([])))
|
when: (inventory_hostname in (groups['primary'] | default([])))
|
||||||
|
|
||||||
|
- name: Setup passwordless ssh from primary and cluster nodes
|
||||||
|
block:
|
||||||
- name: Set primary ssh public key
|
- name: Set primary ssh public key
|
||||||
set_fact:
|
set_fact:
|
||||||
client_ssh_public_key: "{{ (groups['primary'] | map('extract', hostvars, ['ssh_public_key', 'stdout']))[0] }}"
|
client_ssh_public_key: "{{ (groups['primary'] | map('extract', hostvars, ['ssh_public_key', 'stdout']))[0] }}"
|
||||||
|
@ -19,7 +19,7 @@
|
|||||||
set_fact:
|
set_fact:
|
||||||
client_default_ip: "{{ (groups['primary'] | map('extract', hostvars, ['ansible_default_ipv4', 'address']))[0] }}"
|
client_default_ip: "{{ (groups['primary'] | map('extract', hostvars, ['ansible_default_ipv4', 'address']))[0] }}"
|
||||||
|
|
||||||
- name: Setup wireguard tunnel between primary and cluster control-plane node
|
- name: Setup wireguard keys
|
||||||
when: (groups['primary'] | difference(groups['k8s_control_plane']) | length > 0)
|
when: (groups['primary'] | difference(groups['k8s_control_plane']) | length > 0)
|
||||||
block:
|
block:
|
||||||
- name: Generate wireguard key pair
|
- name: Generate wireguard key pair
|
||||||
@ -33,6 +33,9 @@
|
|||||||
register: wg_public_key
|
register: wg_public_key
|
||||||
when: (inventory_hostname in (groups['primary'] | default([]))) or (inventory_hostname in (groups['k8s_control_plane'] | default([])))
|
when: (inventory_hostname in (groups['primary'] | default([]))) or (inventory_hostname in (groups['k8s_control_plane'] | default([])))
|
||||||
|
|
||||||
|
- name: Setup wireguard tunnel between primary and cluster control-plane node
|
||||||
|
when: (groups['primary'] | difference(groups['k8s_control_plane']) | length > 0)
|
||||||
|
block:
|
||||||
- name: Set primary wireguard public key
|
- name: Set primary wireguard public key
|
||||||
set_fact:
|
set_fact:
|
||||||
client_wg_public_key: "{{ (groups['primary'] | map('extract', hostvars, ['wg_public_key', 'stdout']))[0] }}"
|
client_wg_public_key: "{{ (groups['primary'] | map('extract', hostvars, ['wg_public_key', 'stdout']))[0] }}"
|
||||||
|
Loading…
Reference in New Issue
Block a user