--- r_etcd_common_backup_tag: '' r_etcd_common_backup_sufix_name: '' # runc, docker, host r_etcd_common_etcd_runtime: "docker" r_etcd_common_embedded_etcd: false # etcd run on a host => use etcdctl command directly # etcd run as a docker container => use docker exec # etcd run as a runc container => use runc exec r_etcd_common_etcdctl_command: "{{ 'etcdctl' if r_etcd_common_etcd_runtime == 'host' or r_etcd_common_embedded_etcd | bool else 'docker exec etcd_container etcdctl' if r_etcd_common_etcd_runtime == 'docker' else 'runc exec etcd etcdctl' }}" # etcd server vars etcd_conf_dir: '/etc/etcd' r_etcd_common_system_container_host_dir: /var/lib/etcd/etcd.etcd etcd_system_container_conf_dir: /var/lib/etcd/etc etcd_conf_file: "{{ etcd_conf_dir }}/etcd.conf" etcd_ca_file: "{{ etcd_conf_dir }}/ca.crt" etcd_cert_file: "{{ etcd_conf_dir }}/server.crt" etcd_key_file: "{{ etcd_conf_dir }}/server.key" etcd_peer_ca_file: "{{ etcd_conf_dir }}/ca.crt" etcd_peer_cert_file: "{{ etcd_conf_dir }}/peer.crt" etcd_peer_key_file: "{{ etcd_conf_dir }}/peer.key" # etcd ca vars etcd_ca_dir: "{{ etcd_conf_dir}}/ca" etcd_generated_certs_dir: "{{ etcd_conf_dir }}/generated_certs" etcd_ca_cert: "{{ etcd_ca_dir }}/ca.crt" etcd_ca_key: "{{ etcd_ca_dir }}/ca.key" etcd_openssl_conf: "{{ etcd_ca_dir }}/openssl.cnf" etcd_ca_name: etcd_ca etcd_req_ext: etcd_v3_req etcd_ca_exts_peer: etcd_v3_ca_peer etcd_ca_exts_server: etcd_v3_ca_server etcd_ca_exts_self: etcd_v3_ca_self etcd_ca_exts_client: etcd_v3_ca_client etcd_ca_crl_dir: "{{ etcd_ca_dir }}/crl" etcd_ca_new_certs_dir: "{{ etcd_ca_dir }}/certs" etcd_ca_db: "{{ etcd_ca_dir }}/index.txt" etcd_ca_serial: "{{ etcd_ca_dir }}/serial" etcd_ca_crl_number: "{{ etcd_ca_dir }}/crlnumber" etcd_ca_default_days: 1825 r_etcd_common_master_peer_cert_file: /etc/origin/master/master.etcd-client.crt r_etcd_common_master_peer_key_file: /etc/origin/master/master.etcd-client.key r_etcd_common_master_peer_ca_file: /etc/origin/master/master.etcd-ca.crt # etcd server & certificate vars etcd_hostname: "{{ inventory_hostname }}" etcd_ip: "{{ ansible_default_ipv4.address }}" etcd_is_atomic: False etcd_is_containerized: False etcd_is_thirdparty: False # etcd dir vars etcd_data_dir: "{{ '/var/lib/origin/openshift.local.etcd' if r_etcd_common_embedded_etcd | bool else '/var/lib/etcd/' if r_etcd_common_etcd_runtime != 'runc' else '/var/lib/etcd/etcd.etcd/' }}" # etcd ports and protocols etcd_client_port: 2379 etcd_peer_port: 2380 etcd_url_scheme: http etcd_peer_url_scheme: http etcd_initial_cluster_state: new etcd_initial_cluster_token: etcd-cluster-1 etcd_initial_advertise_peer_urls: "{{ etcd_peer_url_scheme }}://{{ etcd_ip }}:{{ etcd_peer_port }}" etcd_listen_peer_urls: "{{ etcd_peer_url_scheme }}://{{ etcd_ip }}:{{ etcd_peer_port }}" etcd_advertise_client_urls: "{{ etcd_url_scheme }}://{{ etcd_ip }}:{{ etcd_client_port }}" etcd_listen_client_urls: "{{ etcd_url_scheme }}://{{ etcd_ip }}:{{ etcd_client_port }}" # required role variable #etcd_peer: 127.0.0.1 etcdctlv2: "etcdctl --cert-file {{ etcd_peer_cert_file }} --key-file {{ etcd_peer_key_file }} --ca-file {{ etcd_peer_ca_file }} -C https://{{ etcd_peer }}:{{ etcd_client_port }}" etcd_service: "{{ 'etcd_container' if r_etcd_common_etcd_runtime == 'docker' else 'etcd' }}" # Location of the service file is fixed and not meant to be changed etcd_service_file: "/etc/systemd/system/{{ etcd_service }}.service" r_etcd_firewall_enabled: "{{ os_firewall_enabled | default(True) }}" r_etcd_use_firewalld: "{{ os_firewall_use_firewalld | default(Falsel) }}" etcd_systemd_dir: "/etc/systemd/system/{{ etcd_service }}.service.d" r_etcd_os_firewall_deny: [] r_etcd_os_firewall_allow: - service: etcd port: "{{etcd_client_port}}/tcp" - service: etcd peering port: "{{ etcd_peer_port }}/tcp" # set the backend quota to 4GB by default etcd_quota_backend_bytes: 4294967296