summaryrefslogtreecommitdiffstats
path: root/roles/etcd
diff options
context:
space:
mode:
Diffstat (limited to 'roles/etcd')
-rw-r--r--roles/etcd/README.md4
-rw-r--r--roles/etcd/defaults/main.yaml9
-rw-r--r--roles/etcd/handlers/main.yml4
-rw-r--r--roles/etcd/meta/main.yml2
-rw-r--r--roles/etcd/tasks/main.yml59
-rw-r--r--roles/etcd/templates/etcd.conf.j226
-rw-r--r--roles/etcd/templates/etcd.docker.service13
7 files changed, 82 insertions, 35 deletions
diff --git a/roles/etcd/README.md b/roles/etcd/README.md
index 49207c428..329a926c0 100644
--- a/roles/etcd/README.md
+++ b/roles/etcd/README.md
@@ -7,7 +7,7 @@ Requirements
------------
This role assumes it's being deployed on a RHEL/Fedora based host with package
-named 'etcd' available via yum.
+named 'etcd' available via yum or dnf (conditionally).
Role Variables
--------------
@@ -17,7 +17,7 @@ TODO
Dependencies
------------
-None
+etcd-common
Example Playbook
----------------
diff --git a/roles/etcd/defaults/main.yaml b/roles/etcd/defaults/main.yaml
index 0f216b84e..e6b10cab7 100644
--- a/roles/etcd/defaults/main.yaml
+++ b/roles/etcd/defaults/main.yaml
@@ -1,17 +1,10 @@
---
+etcd_service: "{{ 'etcd' if not openshift.common.is_containerized | bool else 'etcd_container' }}"
etcd_interface: "{{ ansible_default_ipv4.interface }}"
etcd_client_port: 2379
etcd_peer_port: 2380
-etcd_peers_group: etcd
etcd_url_scheme: http
etcd_peer_url_scheme: http
-etcd_conf_dir: /etc/etcd
-etcd_ca_file: "{{ etcd_conf_dir }}/ca.crt"
-etcd_cert_file: "{{ etcd_conf_dir }}/server.crt"
-etcd_key_file: "{{ etcd_conf_dir }}/server.key"
-etcd_peer_ca_file: "{{ etcd_conf_dir }}/ca.crt"
-etcd_peer_cert_file: "{{ etcd_conf_dir }}/peer.crt"
-etcd_peer_key_file: "{{ etcd_conf_dir }}/peer.key"
etcd_initial_cluster_state: new
etcd_initial_cluster_token: etcd-cluster-1
diff --git a/roles/etcd/handlers/main.yml b/roles/etcd/handlers/main.yml
index b897913f9..e00e1cac4 100644
--- a/roles/etcd/handlers/main.yml
+++ b/roles/etcd/handlers/main.yml
@@ -1,3 +1,5 @@
---
+
- name: restart etcd
- service: name=etcd state=restarted
+ service: name={{ etcd_service }} state=restarted
+ when: not (etcd_service_status_changed | default(false) | bool)
diff --git a/roles/etcd/meta/main.yml b/roles/etcd/meta/main.yml
index 92d44ef4d..a71b36237 100644
--- a/roles/etcd/meta/main.yml
+++ b/roles/etcd/meta/main.yml
@@ -17,4 +17,4 @@ galaxy_info:
- system
dependencies:
- { role: os_firewall }
-- { role: openshift_repos }
+- { role: etcd_common }
diff --git a/roles/etcd/tasks/main.yml b/roles/etcd/tasks/main.yml
index 27bfb7de9..e72509c4d 100644
--- a/roles/etcd/tasks/main.yml
+++ b/roles/etcd/tasks/main.yml
@@ -1,21 +1,59 @@
---
+- fail:
+ msg: Interface {{ etcd_interface }} not found
+ when: "'ansible_' ~ etcd_interface not in hostvars[inventory_hostname]"
+
+- fail:
+ msg: IPv4 address not found for {{ etcd_interface }}
+ when: "'ipv4' not in hostvars[inventory_hostname]['ansible_' ~ etcd_interface] or 'address' not in hostvars[inventory_hostname]['ansible_' ~ etcd_interface].ipv4"
+
- name: Install etcd
- yum: pkg=etcd-2.* state=present
+ action: "{{ ansible_pkg_mgr }} name=etcd state=present"
+ when: not openshift.common.is_containerized | bool
+
+- name: Pull etcd container
+ command: docker pull {{ openshift.etcd.etcd_image }}
+ when: openshift.common.is_containerized | bool
+
+- name: Install etcd container service file
+ template:
+ dest: "/etc/systemd/system/etcd_container.service"
+ src: etcd.docker.service
+ register: install_etcd_result
+ when: openshift.common.is_containerized | bool
+
+- name: Ensure etcd datadir exists
+ when: openshift.common.is_containerized | bool
+ file:
+ path: "{{ etcd_data_dir }}"
+ state: directory
+ mode: 0700
+
+- name: Disable system etcd when containerized
+ when: openshift.common.is_containerized | bool
+ service:
+ name: etcd
+ state: stopped
+ enabled: no
+
+- name: Reload systemd units
+ command: systemctl daemon-reload
+ when: openshift.common.is_containerized and ( install_etcd_result | changed )
- name: Validate permissions on the config dir
file:
path: "{{ etcd_conf_dir }}"
state: directory
- owner: etcd
- group: etcd
+ owner: "{{ 'etcd' if not openshift.common.is_containerized | bool else omit }}"
+ group: "{{ 'etcd' if not openshift.common.is_containerized | bool else omit }}"
mode: 0700
- name: Validate permissions on certificate files
file:
path: "{{ item }}"
mode: 0600
- group: etcd
- owner: etcd
+ owner: "{{ 'etcd' if not openshift.common.is_containerized | bool else omit }}"
+ group: "{{ 'etcd' if not openshift.common.is_containerized | bool else omit }}"
when: etcd_url_scheme == 'https'
with_items:
- "{{ etcd_ca_file }}"
@@ -26,8 +64,8 @@
file:
path: "{{ item }}"
mode: 0600
- group: etcd
- owner: etcd
+ owner: "{{ 'etcd' if not openshift.common.is_containerized | bool else omit }}"
+ group: "{{ 'etcd' if not openshift.common.is_containerized | bool else omit }}"
when: etcd_peer_url_scheme == 'https'
with_items:
- "{{ etcd_peer_ca_file }}"
@@ -38,15 +76,16 @@
template:
src: etcd.conf.j2
dest: /etc/etcd/etcd.conf
+ backup: true
notify:
- restart etcd
- name: Enable etcd
service:
- name: etcd
+ name: "{{ etcd_service }}"
state: started
enabled: yes
register: start_result
-- pause: seconds=30
- when: start_result | changed
+- set_fact:
+ etcd_service_status_changed: "{{ start_result | changed }}"
diff --git a/roles/etcd/templates/etcd.conf.j2 b/roles/etcd/templates/etcd.conf.j2
index 9ac23b1dd..28816fd87 100644
--- a/roles/etcd/templates/etcd.conf.j2
+++ b/roles/etcd/templates/etcd.conf.j2
@@ -1,9 +1,9 @@
{% macro initial_cluster() -%}
{% for host in groups[etcd_peers_group] -%}
{% if loop.last -%}
-{{ host }}={{ etcd_peer_url_scheme }}://{{ hostvars[host]['ansible_' + etcd_interface]['ipv4']['address'] }}:{{ etcd_peer_port }}
+{{ host }}={{ etcd_peer_url_scheme }}://{{ etcd_host_int_map[host].interface.ipv4.address }}:{{ etcd_peer_port }}
{%- else -%}
-{{ host }}={{ etcd_peer_url_scheme }}://{{ hostvars[host]['ansible_' + etcd_interface]['ipv4']['address'] }}:{{ etcd_peer_port }},
+{{ host }}={{ etcd_peer_url_scheme }}://{{ etcd_host_int_map[host].interface.ipv4.address }}:{{ etcd_peer_port }},
{%- endif -%}
{% endfor -%}
{% endmacro -%}
@@ -15,13 +15,13 @@ ETCD_LISTEN_PEER_URLS={{ etcd_listen_peer_urls }}
ETCD_NAME=default
{% endif %}
ETCD_DATA_DIR={{ etcd_data_dir }}
-#ETCD_SNAPSHOT_COUNTER="10000"
-ETCD_HEARTBEAT_INTERVAL="500"
-ETCD_ELECTION_TIMEOUT="2500"
+#ETCD_SNAPSHOT_COUNTER=10000
+ETCD_HEARTBEAT_INTERVAL=500
+ETCD_ELECTION_TIMEOUT=2500
ETCD_LISTEN_CLIENT_URLS={{ etcd_listen_client_urls }}
-#ETCD_MAX_SNAPSHOTS="5"
-#ETCD_MAX_WALS="5"
-#ETCD_CORS=""
+#ETCD_MAX_SNAPSHOTS=5
+#ETCD_MAX_WALS=5
+#ETCD_CORS=
{% if groups[etcd_peers_group] and groups[etcd_peers_group] | length > 1 %}
#[cluster]
@@ -29,15 +29,15 @@ ETCD_INITIAL_ADVERTISE_PEER_URLS={{ etcd_initial_advertise_peer_urls }}
ETCD_INITIAL_CLUSTER={{ initial_cluster() }}
ETCD_INITIAL_CLUSTER_STATE={{ etcd_initial_cluster_state }}
ETCD_INITIAL_CLUSTER_TOKEN={{ etcd_initial_cluster_token }}
-#ETCD_DISCOVERY=""
-#ETCD_DISCOVERY_SRV=""
-#ETCD_DISCOVERY_FALLBACK="proxy"
-#ETCD_DISCOVERY_PROXY=""
+#ETCD_DISCOVERY=
+#ETCD_DISCOVERY_SRV=
+#ETCD_DISCOVERY_FALLBACK=proxy
+#ETCD_DISCOVERY_PROXY=
{% endif %}
ETCD_ADVERTISE_CLIENT_URLS={{ etcd_advertise_client_urls }}
#[proxy]
-#ETCD_PROXY="off"
+#ETCD_PROXY=off
#[security]
{% if etcd_url_scheme == 'https' -%}
diff --git a/roles/etcd/templates/etcd.docker.service b/roles/etcd/templates/etcd.docker.service
new file mode 100644
index 000000000..8058fa188
--- /dev/null
+++ b/roles/etcd/templates/etcd.docker.service
@@ -0,0 +1,13 @@
+[Unit]
+Description=The Etcd Server container
+After=docker.service
+
+[Service]
+EnvironmentFile=/etc/etcd/etcd.conf
+ExecStartPre=-/usr/bin/docker rm -f {{ etcd_service }}
+ExecStart=/usr/bin/docker run --name {{ etcd_service }} --rm -v /var/lib/etcd:/var/lib/etcd:z -v /etc/etcd:/etc/etcd:z --env-file=/etc/etcd/etcd.conf --net=host --entrypoint=/usr/bin/etcd {{ openshift.etcd.etcd_image }}
+ExecStop=/usr/bin/docker stop {{ etcd_service }}
+Restart=always
+
+[Install]
+WantedBy=multi-user.target
generated by cgit v1.2.3 (git 2.25.1) at 2024-10-19 16:09:19 +0000