From 801779eeb6f6308f81ae7c48409de7686c04a0aa Mon Sep 17 00:00:00 2001
From: Michael Gugino <mgugino@redhat.com>
Date: Wed, 13 Dec 2017 12:42:32 -0500
Subject: Relocate filter plugins to lib_utils

This commit relocates filter_plugings to lib_utils,
changes the namespacing to prevent unintended use of
older versions that may be present in filter_plugins/
directory on existing installs.

Add lib_utils to meta depends for roles

Also consolidate some plugins into lib_utils from
various other areas.

Update rpm spec, obsolete plugin rpms.
---
 roles/etcd/tasks/certificates/fetch_client_certificates_from_ca.yml | 2 +-
 roles/etcd/tasks/certificates/fetch_server_certificates_from_ca.yml | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

(limited to 'roles/etcd/tasks/certificates')

diff --git a/roles/etcd/tasks/certificates/fetch_client_certificates_from_ca.yml b/roles/etcd/tasks/certificates/fetch_client_certificates_from_ca.yml
index 119071a72..d4518554c 100644
--- a/roles/etcd/tasks/certificates/fetch_client_certificates_from_ca.yml
+++ b/roles/etcd/tasks/certificates/fetch_client_certificates_from_ca.yml
@@ -28,7 +28,7 @@
     etcd_client_certs_missing: "{{ true if etcd_certificates_redeploy | default(false) | bool
                                    else (False in (g_external_etcd_cert_stat_result.results
                                                    | default({})
-                                                   | oo_collect(attribute='stat.exists')
+                                                   | lib_utils_oo_collect(attribute='stat.exists')
                                                    | list)) }}"
 
 - name: Ensure generated_certs directory present
diff --git a/roles/etcd/tasks/certificates/fetch_server_certificates_from_ca.yml b/roles/etcd/tasks/certificates/fetch_server_certificates_from_ca.yml
index deb2301d7..59a6b6590 100644
--- a/roles/etcd/tasks/certificates/fetch_server_certificates_from_ca.yml
+++ b/roles/etcd/tasks/certificates/fetch_server_certificates_from_ca.yml
@@ -21,7 +21,7 @@
     etcd_server_certs_missing: "{{ true if etcd_certificates_redeploy | default(false) | bool
                                    else (False in (g_etcd_server_cert_stat_result.results
                                                    | default({})
-                                                   | oo_collect(attribute='stat.exists')
+                                                   | lib_utils_oo_collect(attribute='stat.exists')
                                                    | list)) }}"
 
 - name: Ensure generated_certs directory present
-- 
cgit v1.2.3


From 7923eb92c86a128504436ba0708c96b655de5269 Mon Sep 17 00:00:00 2001
From: Michael Gugino <mgugino@redhat.com>
Date: Wed, 3 Jan 2018 15:10:26 -0500
Subject: Remove become=no from various roles and tasks

etcd runs some actions locally to copy certs from the
CA cert host. This commit ensures that we respect
the end user's intended behavior with become
when using 'anisble_become' in the inventory.

Other roles with similar tasks have been modified
in the same manner.

We shouldn't hard-code become behavior as it can be
unexpected for the end user.

This only currently works in the CI because the CI
passes the '-b' argument on the command line, which
will override the task behavior.
---
 .../fetch_client_certificates_from_ca.yml          | 23 +++++++---------------
 .../fetch_server_certificates_from_ca.yml          | 18 ++++-------------
 2 files changed, 11 insertions(+), 30 deletions(-)

(limited to 'roles/etcd/tasks/certificates')

diff --git a/roles/etcd/tasks/certificates/fetch_client_certificates_from_ca.yml b/roles/etcd/tasks/certificates/fetch_client_certificates_from_ca.yml
index d4518554c..78578a055 100644
--- a/roles/etcd/tasks/certificates/fetch_client_certificates_from_ca.yml
+++ b/roles/etcd/tasks/certificates/fetch_client_certificates_from_ca.yml
@@ -79,13 +79,6 @@
   when: etcd_client_certs_missing | bool
   delegate_to: "{{ etcd_ca_host }}"
 
-- name: Create local temp directory for syncing certs
-  local_action: command mktemp -d /tmp/etcd_certificates-XXXXXXX
-  register: g_etcd_client_mktemp
-  changed_when: False
-  when: etcd_client_certs_missing | bool
-  become: no
-
 - name: Create a tarball of the etcd certs
   command: >
     tar -czvf {{ etcd_generated_certs_dir }}/{{ etcd_cert_subdir }}.tgz
@@ -101,8 +94,7 @@
 - name: Retrieve the etcd cert tarballs
   fetch:
     src: "{{ etcd_generated_certs_dir }}/{{ etcd_cert_subdir }}.tgz"
-    dest: "{{ g_etcd_client_mktemp.stdout }}/"
-    flat: yes
+    dest: "/tmp"
     fail_on_missing: yes
     validate_checksum: yes
   when: etcd_client_certs_missing | bool
@@ -116,10 +108,15 @@
 
 - name: Unarchive etcd cert tarballs
   unarchive:
-    src: "{{ g_etcd_client_mktemp.stdout }}/{{ etcd_cert_subdir }}.tgz"
+    src: "/tmp/{{ inventory_hostname }}/{{ etcd_generated_certs_dir }}/{{ etcd_cert_subdir }}.tgz"
     dest: "{{ etcd_cert_config_dir }}"
   when: etcd_client_certs_missing | bool
 
+- name: Delete temporary directory
+  local_action: file path="/tmp/{{ inventory_hostname }}" state=absent
+  changed_when: False
+  when: etcd_client_certs_missing | bool
+
 - file:
     path: "{{ etcd_cert_config_dir }}/{{ item }}"
     owner: root
@@ -130,9 +127,3 @@
   - "{{ etcd_cert_prefix }}client.key"
   - "{{ etcd_cert_prefix }}ca.crt"
   when: etcd_client_certs_missing | bool
-
-- name: Delete temporary directory
-  local_action: file path="{{ g_etcd_client_mktemp.stdout }}" state=absent
-  changed_when: False
-  when: etcd_client_certs_missing | bool
-  become: no
diff --git a/roles/etcd/tasks/certificates/fetch_server_certificates_from_ca.yml b/roles/etcd/tasks/certificates/fetch_server_certificates_from_ca.yml
index 59a6b6590..987380d0c 100644
--- a/roles/etcd/tasks/certificates/fetch_server_certificates_from_ca.yml
+++ b/roles/etcd/tasks/certificates/fetch_server_certificates_from_ca.yml
@@ -105,13 +105,6 @@
   when: etcd_server_certs_missing | bool
   delegate_to: "{{ etcd_ca_host }}"
 
-- name: Create local temp directory for syncing certs
-  local_action: command mktemp -d /tmp/etcd_certificates-XXXXXXX
-  become: no
-  register: g_etcd_server_mktemp
-  changed_when: False
-  when: etcd_server_certs_missing | bool
-
 - name: Create a tarball of the etcd certs
   command: >
     tar -czvf {{ etcd_generated_certs_dir }}/{{ etcd_cert_subdir }}.tgz
@@ -127,8 +120,7 @@
 - name: Retrieve etcd cert tarball
   fetch:
     src: "{{ etcd_generated_certs_dir }}/{{ etcd_cert_subdir }}.tgz"
-    dest: "{{ g_etcd_server_mktemp.stdout }}/"
-    flat: yes
+    dest: "/tmp"
     fail_on_missing: yes
     validate_checksum: yes
   when: etcd_server_certs_missing | bool
@@ -144,7 +136,7 @@
 
 - name: Unarchive cert tarball
   unarchive:
-    src: "{{ g_etcd_server_mktemp.stdout }}/{{ etcd_cert_subdir }}.tgz"
+    src: "/tmp/{{ inventory_hostname }}/{{ etcd_generated_certs_dir }}/{{ etcd_cert_subdir }}.tgz"
     dest: "{{ etcd_cert_config_dir }}"
   when: etcd_server_certs_missing | bool
 
@@ -161,8 +153,7 @@
 - name: Retrieve etcd ca cert tarball
   fetch:
     src: "{{ etcd_generated_certs_dir }}/{{ etcd_ca_name }}.tgz"
-    dest: "{{ g_etcd_server_mktemp.stdout }}/"
-    flat: yes
+    dest: "/tmp"
     fail_on_missing: yes
     validate_checksum: yes
   when: etcd_server_certs_missing | bool
@@ -177,8 +168,7 @@
   when: etcd_server_certs_missing | bool
 
 - name: Delete temporary directory
-  local_action: file path="{{ g_etcd_server_mktemp.stdout }}" state=absent
-  become: no
+  local_action: file path="/tmp/{{ inventory_hostname }}" state=absent
   changed_when: False
   when: etcd_server_certs_missing | bool
 
-- 
cgit v1.2.3


From d3fefc32a727fe3c13159c4e9fe4399f35b487a8 Mon Sep 17 00:00:00 2001
From: Michael Gugino <mgugino@redhat.com>
Date: Thu, 4 Jan 2018 23:55:34 -0500
Subject: Move more plugins to lib_utils

This commit continues moving plugins into lib_utils.

This commit does not move any plugins for add-on roles
such as logging and metrics.
---
 roles/etcd/tasks/certificates/fetch_client_certificates_from_ca.yml | 1 +
 roles/etcd/tasks/certificates/fetch_server_certificates_from_ca.yml | 2 ++
 2 files changed, 3 insertions(+)

(limited to 'roles/etcd/tasks/certificates')

diff --git a/roles/etcd/tasks/certificates/fetch_client_certificates_from_ca.yml b/roles/etcd/tasks/certificates/fetch_client_certificates_from_ca.yml
index 78578a055..ce295d2f5 100644
--- a/roles/etcd/tasks/certificates/fetch_client_certificates_from_ca.yml
+++ b/roles/etcd/tasks/certificates/fetch_client_certificates_from_ca.yml
@@ -57,6 +57,7 @@
 
 # Certificates must be signed serially in order to avoid competing
 # for the serial file.
+# delegated_serial_command is a custom module in lib_utils
 - name: Sign and create the client crt
   delegated_serial_command:
     command: >
diff --git a/roles/etcd/tasks/certificates/fetch_server_certificates_from_ca.yml b/roles/etcd/tasks/certificates/fetch_server_certificates_from_ca.yml
index 987380d0c..7c8b87d99 100644
--- a/roles/etcd/tasks/certificates/fetch_server_certificates_from_ca.yml
+++ b/roles/etcd/tasks/certificates/fetch_server_certificates_from_ca.yml
@@ -50,6 +50,7 @@
 
 # Certificates must be signed serially in order to avoid competing
 # for the serial file.
+# delegated_serial_command is a custom module in lib_utils
 - name: Sign and create the server crt
   delegated_serial_command:
     command: >
@@ -83,6 +84,7 @@
 
 # Certificates must be signed serially in order to avoid competing
 # for the serial file.
+# delegated_serial_command is a custom module in lib_utils
 - name: Sign and create the peer crt
   delegated_serial_command:
     command: >
-- 
cgit v1.2.3