[Issue-12117]-Certificates for the new hosts are not generated during scale.yml

KARTHIK S · KARTHIK S · commit 872787eba1a1 · 2025-04-17T17:30:34.000-05:00
diff --git a/playbooks/scale.yml b/playbooks/scale.yml
@@ -5,22 +5,8 @@
 - name: Gather facts
   import_playbook: facts.yml
 
-- name: Generate the etcd certificates beforehand
-  hosts: etcd:kube_control_plane
-  gather_facts: false
-  any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
-  environment: "{{ proxy_disable_env }}"
-  roles:
-    - { role: kubespray-defaults }
-    - role: etcd
-      tags: etcd
-      vars:
-        etcd_cluster_setup: false
-        etcd_events_cluster_setup: false
-      when:
-        - etcd_deployment_type != "kubeadm"
-        - kube_network_plugin in ["calico", "flannel", "canal", "cilium"] or cilium_deploy_additionally | default(false) | bool
-        - kube_network_plugin != "calico" or calico_datastore == "etcd"
+- name: Install etcd
+  import_playbook: install_etcd.yml
 
 - name: Download images to ansible host cache via first kube_control_plane node
   hosts: kube_control_plane[0]
diff --git a/roles/etcd/tasks/check_certs.yml b/roles/etcd/tasks/check_certs.yml
@@ -95,32 +95,6 @@
     key: "gen_{{ item.node_type }}_certs_{{ force_etcd_cert_refresh or item.certs is not subset(existing_certs) }}"
   loop: "{{ cert_files | dict2items(key_name='node_type', value_name='certs') }}"
 
-- name: "Check_certs | Set 'gen_node_certs' object to track which nodes needs to have certs generated on first etcd node"
-  set_fact:
-    gen_node_certs: |-
-      {
-      {% set k8s_nodes = groups['k8s_cluster'] -%}
-      {% set existing_certs = etcdcert_master.files | map(attribute='path') | list | sort %}
-      {% for host in k8s_nodes -%}
-        {% set host_cert = "%s/node-%s.pem" | format(etcd_cert_dir, host) %}
-        {% set host_key = "%s/node-%s-key.pem" | format(etcd_cert_dir, host) %}
-        {% if force_etcd_cert_refresh -%}
-        "{{ host }}"{% if not loop.last %},{% endif %}
-        {% elif host_cert not in existing_certs and host_key not in existing_certs -%}
-        "{{ host }}"{% if not loop.last %},{% endif %}
-        {% endif -%}
-      {% endfor %}
-      }
-  run_once: true
-
-- name: "Check_certs | Add gen_node_certs object into 'gen_node_certs_True' group on first etcd node"
-  ansible.builtin.add_host:
-    name: "{{ item }}"
-    groups: gen_node_certs_True
-  with_items: "{{ gen_node_certs }}"
-  run_once: true
-  when: gen_node_certs | length > 0
-
 - name: "Check_certs | Set 'etcd_member_requires_sync' to true if ca or member/admin cert and key don't exist on etcd member or checksum doesn't match"
   set_fact:
     etcd_member_requires_sync: true
