diff options
| author | Christian Pointner <equinox@spreadspace.org> | 2018-01-20 00:46:48 +0100 |
|---|---|---|
| committer | Christian Pointner <equinox@spreadspace.org> | 2018-01-20 00:46:48 +0100 |
| commit | 8e8f2207ddac5ef56781110ba4e4fefae90550e9 (patch) | |
| tree | cf7e1b8106f3a2b78c6d5e9266420399e9fb21b1 /roles/kubernetes-net/tasks/main.yaml | |
| parent | 3gb for root fs of helene and dione (diff) | |
added new streamer hosts, kubernetes-net can now clean up peers too
Diffstat (limited to 'roles/kubernetes-net/tasks/main.yaml')
| -rw-r--r-- | roles/kubernetes-net/tasks/main.yaml | 33 |
1 files changed, 30 insertions, 3 deletions
diff --git a/roles/kubernetes-net/tasks/main.yaml b/roles/kubernetes-net/tasks/main.yaml index 6a50cf00..48d56b25 100644 --- a/roles/kubernetes-net/tasks/main.yaml +++ b/roles/kubernetes-net/tasks/main.yaml @@ -36,7 +36,7 @@ copy: src: kubenet-interfaces.service dest: /etc/systemd/system/kubenet-interfaces.service - # TODO: notify: reload... + # TODO: notify: reload??? - name: make sure kubenet interfaces service is started and enabled systemd: @@ -45,14 +45,41 @@ state: started enabled: yes +- name: get list of currently installed wireguard peers installed + find: + path: /etc/systemd/system/ + pattern: "kubenet-peer-*.service" + register: kubenet_peers_installed + +- name: compute list of peers to be added + set_fact: + kubenet_peers_to_add: "{{ kubernetes.net_index.keys() | difference(inventory_hostname) }}" + +- name: compute list of peers to be removed + set_fact: + kubenet_peers_to_remove: "{{ kubenet_peers_installed.files | map(attribute='path') | map('replace', '/etc/systemd/system/kubenet-peer-', '') | map('replace', '.service', '') | difference(kubenet_peers_to_add) }}" + +- name: stop/disable systemd units for stale wireguard peers + with_items: "{{ kubenet_peers_to_remove }}" + systemd: + name: "kubenet-peer-{{ item }}.service" + state: stopped + enabled: no + +- name: remove systemd units for stale wireguard peers + with_items: "{{ kubenet_peers_to_remove }}" + file: + name: "/etc/systemd/system/kubenet-peer-{{ item }}.service" + state: absent + - name: install systemd units for every wireguard peer - with_items: "{{ kubernetes.net_index.keys() | difference(inventory_hostname) }}" + with_items: "{{ kubenet_peers_to_add }}" template: src: kubenet-peer.service.j2 dest: "/etc/systemd/system/kubenet-peer-{{ item }}.service" - name: make sure kubenet peer services are started and enabled - with_items: "{{ kubernetes.net_index.keys() | difference(inventory_hostname) }}" + with_items: "{{ kubenet_peers_to_add }}" systemd: daemon_reload: yes name: "kubenet-peer-{{ item }}.service" |