summaryrefslogtreecommitdiffstats
path: root/roles/etcd
diff options
context:
space:
mode:
Diffstat (limited to 'roles/etcd')
-rw-r--r--roles/etcd/defaults/main.yaml18
-rw-r--r--roles/etcd/meta/main.yml9
-rw-r--r--roles/etcd/tasks/main.yml46
-rw-r--r--roles/etcd/templates/etcd.conf.j212
-rw-r--r--roles/etcd/templates/etcd.docker.service6
5 files changed, 50 insertions, 41 deletions
diff --git a/roles/etcd/defaults/main.yaml b/roles/etcd/defaults/main.yaml
index 9e7fa59cf..2ec62c37c 100644
--- a/roles/etcd/defaults/main.yaml
+++ b/roles/etcd/defaults/main.yaml
@@ -1,6 +1,5 @@
---
-etcd_service: "{{ 'etcd' if not openshift.common.is_containerized else 'etcd_container' }}"
-etcd_interface: "{{ ansible_default_ipv4.interface }}"
+etcd_service: "{{ 'etcd' if not etcd_is_containerized | bool else 'etcd_container' }}"
etcd_client_port: 2379
etcd_peer_port: 2380
etcd_url_scheme: http
@@ -9,16 +8,9 @@ etcd_peer_url_scheme: http
etcd_initial_cluster_state: new
etcd_initial_cluster_token: etcd-cluster-1
-etcd_initial_advertise_peer_urls: "{{ etcd_peer_url_scheme }}://{{ hostvars[inventory_hostname]['ansible_' + etcd_interface]['ipv4']['address'] }}:{{ etcd_peer_port }}"
-etcd_listen_peer_urls: "{{ etcd_peer_url_scheme }}://{{ hostvars[inventory_hostname]['ansible_' + etcd_interface]['ipv4']['address'] }}:{{ etcd_peer_port }}"
-etcd_advertise_client_urls: "{{ etcd_url_scheme }}://{{ hostvars[inventory_hostname]['ansible_' + etcd_interface]['ipv4']['address'] }}:{{ etcd_client_port }}"
-etcd_listen_client_urls: "{{ etcd_url_scheme }}://{{ hostvars[inventory_hostname]['ansible_' + etcd_interface]['ipv4']['address'] }}:{{ etcd_client_port }}"
+etcd_initial_advertise_peer_urls: "{{ etcd_peer_url_scheme }}://{{ etcd_ip }}:{{ etcd_peer_port }}"
+etcd_listen_peer_urls: "{{ etcd_peer_url_scheme }}://{{ etcd_ip }}:{{ etcd_peer_port }}"
+etcd_advertise_client_urls: "{{ etcd_url_scheme }}://{{ etcd_ip }}:{{ etcd_client_port }}"
+etcd_listen_client_urls: "{{ etcd_url_scheme }}://{{ etcd_ip }}:{{ etcd_client_port }}"
etcd_data_dir: /var/lib/etcd/
-
-os_firewall_use_firewalld: False
-os_firewall_allow:
-- service: etcd
- port: "{{etcd_client_port}}/tcp"
-- service: etcd peering
- port: "{{ etcd_peer_port }}/tcp"
diff --git a/roles/etcd/meta/main.yml b/roles/etcd/meta/main.yml
index a71b36237..7156a9fff 100644
--- a/roles/etcd/meta/main.yml
+++ b/roles/etcd/meta/main.yml
@@ -16,5 +16,10 @@ galaxy_info:
- cloud
- system
dependencies:
-- { role: os_firewall }
-- { role: etcd_common }
+- role: os_firewall
+ os_firewall_allow:
+ - service: etcd
+ port: "{{etcd_client_port}}/tcp"
+ - service: etcd peering
+ port: "{{ etcd_peer_port }}/tcp"
+- role: etcd_common
diff --git a/roles/etcd/tasks/main.yml b/roles/etcd/tasks/main.yml
index e72509c4d..71735dc25 100644
--- a/roles/etcd/tasks/main.yml
+++ b/roles/etcd/tasks/main.yml
@@ -1,59 +1,67 @@
---
-- fail:
- msg: Interface {{ etcd_interface }} not found
- when: "'ansible_' ~ etcd_interface not in hostvars[inventory_hostname]"
-
-- fail:
- msg: IPv4 address not found for {{ etcd_interface }}
- when: "'ipv4' not in hostvars[inventory_hostname]['ansible_' ~ etcd_interface] or 'address' not in hostvars[inventory_hostname]['ansible_' ~ etcd_interface].ipv4"
+- name: Set hostname and ip facts
+ set_fact:
+ # Store etcd_hostname and etcd_ip such that they will be available
+ # in hostvars. Defaults for these variables are set in etcd_common.
+ etcd_hostname: "{{ etcd_hostname }}"
+ etcd_ip: "{{ etcd_ip }}"
- name: Install etcd
action: "{{ ansible_pkg_mgr }} name=etcd state=present"
- when: not openshift.common.is_containerized | bool
+ when: not etcd_is_containerized | bool
- name: Pull etcd container
command: docker pull {{ openshift.etcd.etcd_image }}
- when: openshift.common.is_containerized | bool
+ when: etcd_is_containerized | bool
- name: Install etcd container service file
template:
dest: "/etc/systemd/system/etcd_container.service"
src: etcd.docker.service
register: install_etcd_result
- when: openshift.common.is_containerized | bool
+ when: etcd_is_containerized | bool
- name: Ensure etcd datadir exists
- when: openshift.common.is_containerized | bool
+ when: etcd_is_containerized | bool
file:
path: "{{ etcd_data_dir }}"
state: directory
mode: 0700
+- name: Check for etcd service presence
+ command: systemctl show etcd.service
+ register: etcd_show
+ changed_when: false
+
- name: Disable system etcd when containerized
- when: openshift.common.is_containerized | bool
+ when: etcd_is_containerized | bool and 'LoadState=not-found' not in etcd_show.stdout
service:
name: etcd
state: stopped
enabled: no
+- name: Mask system etcd when containerized
+ when: etcd_is_containerized | bool and 'LoadState=not-found' not in etcd_show.stdout
+ command: systemctl mask etcd
+
- name: Reload systemd units
command: systemctl daemon-reload
- when: openshift.common.is_containerized and ( install_etcd_result | changed )
+ when: etcd_is_containerized | bool and ( install_etcd_result | changed )
- name: Validate permissions on the config dir
file:
path: "{{ etcd_conf_dir }}"
state: directory
- owner: "{{ 'etcd' if not openshift.common.is_containerized | bool else omit }}"
- group: "{{ 'etcd' if not openshift.common.is_containerized | bool else omit }}"
+ owner: "{{ 'etcd' if not etcd_is_containerized | bool else omit }}"
+ group: "{{ 'etcd' if not etcd_is_containerized | bool else omit }}"
mode: 0700
- name: Validate permissions on certificate files
file:
path: "{{ item }}"
mode: 0600
- owner: "{{ 'etcd' if not openshift.common.is_containerized | bool else omit }}"
- group: "{{ 'etcd' if not openshift.common.is_containerized | bool else omit }}"
+ owner: "{{ 'etcd' if not etcd_is_containerized | bool else omit }}"
+ group: "{{ 'etcd' if not etcd_is_containerized | bool else omit }}"
when: etcd_url_scheme == 'https'
with_items:
- "{{ etcd_ca_file }}"
@@ -64,8 +72,8 @@
file:
path: "{{ item }}"
mode: 0600
- owner: "{{ 'etcd' if not openshift.common.is_containerized | bool else omit }}"
- group: "{{ 'etcd' if not openshift.common.is_containerized | bool else omit }}"
+ owner: "{{ 'etcd' if not etcd_is_containerized | bool else omit }}"
+ group: "{{ 'etcd' if not etcd_is_containerized | bool else omit }}"
when: etcd_peer_url_scheme == 'https'
with_items:
- "{{ etcd_peer_ca_file }}"
diff --git a/roles/etcd/templates/etcd.conf.j2 b/roles/etcd/templates/etcd.conf.j2
index 28816fd87..cd048ec60 100644
--- a/roles/etcd/templates/etcd.conf.j2
+++ b/roles/etcd/templates/etcd.conf.j2
@@ -1,15 +1,15 @@
{% macro initial_cluster() -%}
-{% for host in groups[etcd_peers_group] -%}
+{% for host in etcd_peers -%}
{% if loop.last -%}
-{{ host }}={{ etcd_peer_url_scheme }}://{{ etcd_host_int_map[host].interface.ipv4.address }}:{{ etcd_peer_port }}
+{{ hostvars[host].etcd_hostname }}={{ etcd_peer_url_scheme }}://{{ hostvars[host].etcd_ip }}:{{ etcd_peer_port }}
{%- else -%}
-{{ host }}={{ etcd_peer_url_scheme }}://{{ etcd_host_int_map[host].interface.ipv4.address }}:{{ etcd_peer_port }},
+{{ hostvars[host].etcd_hostname }}={{ etcd_peer_url_scheme }}://{{ hostvars[host].etcd_ip }}:{{ etcd_peer_port }},
{%- endif -%}
{% endfor -%}
{% endmacro -%}
-{% if groups[etcd_peers_group] and groups[etcd_peers_group] | length > 1 %}
-ETCD_NAME={{ inventory_hostname }}
+{% if etcd_peers | default([]) | length > 1 %}
+ETCD_NAME={{ etcd_hostname }}
ETCD_LISTEN_PEER_URLS={{ etcd_listen_peer_urls }}
{% else %}
ETCD_NAME=default
@@ -23,7 +23,7 @@ ETCD_LISTEN_CLIENT_URLS={{ etcd_listen_client_urls }}
#ETCD_MAX_WALS=5
#ETCD_CORS=
-{% if groups[etcd_peers_group] and groups[etcd_peers_group] | length > 1 %}
+{% if etcd_peers | default([]) | length > 1 %}
#[cluster]
ETCD_INITIAL_ADVERTISE_PEER_URLS={{ etcd_initial_advertise_peer_urls }}
ETCD_INITIAL_CLUSTER={{ initial_cluster() }}
diff --git a/roles/etcd/templates/etcd.docker.service b/roles/etcd/templates/etcd.docker.service
index 8058fa188..cf957ede8 100644
--- a/roles/etcd/templates/etcd.docker.service
+++ b/roles/etcd/templates/etcd.docker.service
@@ -1,13 +1,17 @@
[Unit]
Description=The Etcd Server container
After=docker.service
+Requires=docker.service
+PartOf=docker.service
[Service]
EnvironmentFile=/etc/etcd/etcd.conf
ExecStartPre=-/usr/bin/docker rm -f {{ etcd_service }}
ExecStart=/usr/bin/docker run --name {{ etcd_service }} --rm -v /var/lib/etcd:/var/lib/etcd:z -v /etc/etcd:/etc/etcd:z --env-file=/etc/etcd/etcd.conf --net=host --entrypoint=/usr/bin/etcd {{ openshift.etcd.etcd_image }}
ExecStop=/usr/bin/docker stop {{ etcd_service }}
+SyslogIdentifier=etcd_container
Restart=always
+RestartSec=5s
[Install]
-WantedBy=multi-user.target
+WantedBy=docker.service