diff options
author | Scott Dodson <sdodson@redhat.com> | 2017-08-23 10:58:41 -0400 |
---|---|---|
committer | GitHub <noreply@github.com> | 2017-08-23 10:58:41 -0400 |
commit | 2a4f95429df8f6c7c4d3ca35ccca5e27fbf372fc (patch) | |
tree | 87d851eb9768398d9e02742a054145ce60a88067 /roles/etcd_migrate/tasks/add_ttls.yml | |
parent | 099835cfd928e0bccf8c298d197ca06960bf954a (diff) | |
parent | 4b5d8d2dc25dbca20be59f3d5d111d737fd865bc (diff) | |
download | openshift-2a4f95429df8f6c7c4d3ca35ccca5e27fbf372fc.tar.gz openshift-2a4f95429df8f6c7c4d3ca35ccca5e27fbf372fc.tar.bz2 openshift-2a4f95429df8f6c7c4d3ca35ccca5e27fbf372fc.tar.xz openshift-2a4f95429df8f6c7c4d3ca35ccca5e27fbf372fc.zip |
Merge pull request #4980 from sdodson/migrate-v2
Switch to migrating one host and scaling etcd members back up
Diffstat (limited to 'roles/etcd_migrate/tasks/add_ttls.yml')
-rw-r--r-- | roles/etcd_migrate/tasks/add_ttls.yml | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/roles/etcd_migrate/tasks/add_ttls.yml b/roles/etcd_migrate/tasks/add_ttls.yml new file mode 100644 index 000000000..c10465af9 --- /dev/null +++ b/roles/etcd_migrate/tasks/add_ttls.yml @@ -0,0 +1,33 @@ +--- +# To be executed on first master +- slurp: + src: "{{ openshift.common.config_base }}/master/master-config.yaml" + register: g_master_config_output + +- set_fact: + accessTokenMaxAgeSeconds: "{{ (g_master_config_output.content|b64decode|from_yaml).oauthConfig.tokenConfig.accessTokenMaxAgeSeconds | default(86400) }}" + authroizeTokenMaxAgeSeconds: "{{ (g_master_config_output.content|b64decode|from_yaml).oauthConfig.tokenConfig.authroizeTokenMaxAgeSeconds | default(500) }}" + controllerLeaseTTL: "{{ (g_master_config_output.content|b64decode|from_yaml).controllerLeaseTTL | default(30) }}" +- name: Re-introduce leases (as a replacement for key TTLs) + command: > + oadm migrate etcd-ttl \ + --cert {{ r_etcd_common_master_peer_cert_file }} \ + --key {{ r_etcd_common_master_peer_key_file }} \ + --cacert {{ r_etcd_common_master_peer_ca_file }} \ + --etcd-address 'https://{{ etcd_peer }}:{{ etcd_client_port }}' \ + --ttl-keys-prefix {{ item.keys }} \ + --lease-duration {{ item.ttl }} + environment: + ETCDCTL_API: 3 + PATH: "/usr/local/bin:/var/usrlocal/bin:{{ ansible_env.PATH }}" + with_items: + - keys: "/kubernetes.io/events" + ttl: "1h" + - keys: "/kubernetes.io/masterleases" + ttl: "10s" + - keys: "/openshift.io/oauth/accesstokens" + ttl: "{{ accessTokenMaxAgeSeconds }}s" + - keys: "/openshift.io/oauth/authorizetokens" + ttl: "{{ authroizeTokenMaxAgeSeconds }}s" + - keys: "/openshift.io/leases/controllers" + ttl: "{{ controllerLeaseTTL }}s" |