From 8e8f2207ddac5ef56781110ba4e4fefae90550e9 Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@spreadspace.org>
Date: Sat, 20 Jan 2018 00:46:48 +0100
Subject: added new streamer hosts, kubernetes-net can now clean up peers too

---
 roles/kubernetes-net/tasks/main.yaml | 33 ++++++++++++++++++++++++++++++---
 1 file changed, 30 insertions(+), 3 deletions(-)

(limited to 'roles/kubernetes-net/tasks/main.yaml')

diff --git a/roles/kubernetes-net/tasks/main.yaml b/roles/kubernetes-net/tasks/main.yaml
index 6a50cf00..48d56b25 100644
--- a/roles/kubernetes-net/tasks/main.yaml
+++ b/roles/kubernetes-net/tasks/main.yaml
@@ -36,7 +36,7 @@
   copy:
     src: kubenet-interfaces.service
     dest: /etc/systemd/system/kubenet-interfaces.service
-  # TODO: notify: reload...
+  # TODO: notify: reload???
 
 - name: make sure kubenet interfaces service is started and enabled
   systemd:
@@ -45,14 +45,41 @@
     state: started
     enabled: yes
 
+- name: get list of currently installed wireguard peers installed
+  find:
+    path: /etc/systemd/system/
+    pattern: "kubenet-peer-*.service"
+  register: kubenet_peers_installed
+
+- name: compute list of peers to be added
+  set_fact:
+    kubenet_peers_to_add: "{{ kubernetes.net_index.keys() | difference(inventory_hostname) }}"
+
+- name: compute list of peers to be removed
+  set_fact:
+    kubenet_peers_to_remove: "{{ kubenet_peers_installed.files | map(attribute='path') | map('replace', '/etc/systemd/system/kubenet-peer-', '') | map('replace', '.service', '') | difference(kubenet_peers_to_add) }}"
+
+- name: stop/disable systemd units for stale wireguard peers
+  with_items: "{{ kubenet_peers_to_remove }}"
+  systemd:
+    name: "kubenet-peer-{{ item }}.service"
+    state: stopped
+    enabled: no
+
+- name: remove systemd units for stale wireguard peers
+  with_items: "{{ kubenet_peers_to_remove }}"
+  file:
+    name: "/etc/systemd/system/kubenet-peer-{{ item }}.service"
+    state: absent
+
 - name: install systemd units for every wireguard peer
-  with_items: "{{ kubernetes.net_index.keys() | difference(inventory_hostname) }}"
+  with_items: "{{ kubenet_peers_to_add }}"
   template:
     src: kubenet-peer.service.j2
     dest: "/etc/systemd/system/kubenet-peer-{{ item }}.service"
 
 - name: make sure kubenet peer services are started and enabled
-  with_items: "{{ kubernetes.net_index.keys() | difference(inventory_hostname) }}"
+  with_items: "{{ kubenet_peers_to_add }}"
   systemd:
     daemon_reload: yes
     name: "kubenet-peer-{{ item }}.service"
-- 
cgit v1.2.3