wip pr for improved cert sync

roles/etcd/tasks/gen_certs_vault.yml

@@ -62,3 +62,5 @@
   with_items: "{{ etcd_node_certs_needed|d([]) }}"
   when: inventory_hostname in etcd_node_cert_hosts
   notify: set etcd_secret_changed
+
+- fail:

roles/etcd/tasks/sync_etcd_master_certs.yml

@@ -8,13 +8,13 @@
         "member-" + inventory_hostname + ".pem"
         ] }}
 
-- include_tasks: ../../vault/tasks/shared/sync_file.yml
-  vars:
-    sync_file: "{{ item }}"
-    sync_file_dir: "{{ etcd_cert_dir }}"
-    sync_file_hosts: [ "{{ inventory_hostname }}" ]
-    sync_file_is_cert: true
-  with_items: "{{ etcd_master_cert_list|d([]) }}"
+#- include_tasks: ../../vault/tasks/shared/sync_file.yml
+#  vars:
+#    sync_file: "{{ item }}"
+#    sync_file_dir: "{{ etcd_cert_dir }}"
+#    sync_file_hosts: [ "{{ inventory_hostname }}" ]
+#    sync_file_is_cert: true
+#  with_items: "{{ etcd_master_cert_list|d([]) }}"
 
 - name: sync_etcd_certs | Set facts for etcd sync_file results
   set_fact:
@@ -22,16 +22,16 @@
   with_items: "{{ sync_file_results|d([]) }}"
   when: item.no_srcs|bool
 
-- name: sync_etcd_certs | Unset sync_file_results after etcd certs sync
-  set_fact:
-    sync_file_results: []
-
-- include_tasks: ../../vault/tasks/shared/sync_file.yml
-  vars:
-    sync_file: ca.pem
-    sync_file_dir: "{{ etcd_cert_dir }}"
-    sync_file_hosts: [ "{{ inventory_hostname }}" ]
-
-- name: sync_etcd_certs | Unset sync_file_results after ca.pem sync
-  set_fact:
-    sync_file_results: []
+#- name: sync_etcd_certs | Unset sync_file_results after etcd certs sync
+#  set_fact:
+#    sync_file_results: []
+#
+#- include_tasks: ../../vault/tasks/shared/sync_file.yml
+#  vars:
+#    sync_file: ca.pem
+#    sync_file_dir: "{{ etcd_cert_dir }}"
+#    sync_file_hosts: [ "{{ inventory_hostname }}" ]
+#
+#- name: sync_etcd_certs | Unset sync_file_results after ca.pem sync
+#  set_fact:
+#    sync_file_results: []

roles/etcd/tasks/sync_etcd_node_certs.yml

@@ -4,30 +4,30 @@
   set_fact:
     etcd_node_cert_list: "{{ etcd_node_cert_list|default([]) +  ['node-' + inventory_hostname + '.pem'] }}"
 
-- include_tasks: ../../vault/tasks/shared/sync_file.yml
-  vars:
-    sync_file: "{{ item }}"
-    sync_file_dir: "{{ etcd_cert_dir }}"
-    sync_file_hosts: [ "{{ inventory_hostname }}" ]
-    sync_file_is_cert: true
-  with_items: "{{ etcd_node_cert_list|d([]) }}"
-
+#- include_tasks: ../../vault/tasks/shared/sync_file.yml
+#  vars:
+#    sync_file: "{{ item }}"
+#    sync_file_dir: "{{ etcd_cert_dir }}"
+#    sync_file_hosts: [ "{{ inventory_hostname }}" ]
+#    sync_file_is_cert: true
+#  with_items: "{{ etcd_node_cert_list|d([]) }}"
+#
 - name: sync_etcd_node_certs | Set facts for etcd sync_file results
   set_fact:
     etcd_node_certs_needed: "{{ etcd_node_certs_needed|default([]) + [item.path] }}"
   with_items: "{{ sync_file_results|d([]) }}"
   when: item.no_srcs|bool
 
-- name: sync_etcd_node_certs | Unset sync_file_results after etcd node certs
-  set_fact:
-    sync_file_results: []
-
-- include_tasks: ../../vault/tasks/shared/sync_file.yml
-  vars:
-    sync_file: ca.pem
-    sync_file_dir: "{{ etcd_cert_dir }}"
-    sync_file_hosts: "{{ groups['etcd'] }}"
-
-- name: sync_etcd_node_certs | Unset sync_file_results after ca.pem
-  set_fact:
-    sync_file_results: []
+#- name: sync_etcd_node_certs | Unset sync_file_results after etcd node certs
+#  set_fact:
+#    sync_file_results: []
+#
+#- include_tasks: ../../vault/tasks/shared/sync_file.yml
+#  vars:
+#    sync_file: ca.pem
+#    sync_file_dir: "{{ etcd_cert_dir }}"
+#    sync_file_hosts: "{{ groups['etcd'] }}"
+#
+#- name: sync_etcd_node_certs | Unset sync_file_results after ca.pem
+#  set_fact:
+#    sync_file_results: []