summaryrefslogtreecommitdiffstats
path: root/playbooks/common/openshift-etcd
diff options
context:
space:
mode:
authorJason DeTiberus <jdetiber@redhat.com>2015-07-10 14:46:43 -0400
committerJason DeTiberus <jdetiber@redhat.com>2015-07-10 14:46:43 -0400
commitadd3fbcce31e9db4ea8c76acb9c8579f20581912 (patch)
treeb2734a94adc7d6e05c49c348bf83b566960f01da /playbooks/common/openshift-etcd
parent5991073262127e4b85e9b1cf4ad7f62fb2c7c345 (diff)
downloadopenshift-add3fbcce31e9db4ea8c76acb9c8579f20581912.tar.gz
openshift-add3fbcce31e9db4ea8c76acb9c8579f20581912.tar.bz2
openshift-add3fbcce31e9db4ea8c76acb9c8579f20581912.tar.xz
openshift-add3fbcce31e9db4ea8c76acb9c8579f20581912.zip
Etcd role updates and playbook updates
- fix firewall conflict issues with co-located etcd and openshift hosts - added os_firewall dependency to etcd role - updated etcd template to better handle clustered and non-clustered installs - added etcd_ca role - generates a self-signed cert to manage etcd certificates, since etcd peer certificates are required to be client and server certs and the openshift ca will only generate client or server certs (not one authorized for both). - renamed openshift_etcd_certs role to etcd_certificates and updated it to manage certificates generated from the CA managed by the etcd_ca role - remove hard coded etcd_port in openshift_facts - updates for the openshift-etcd common playbook - removed etcd and openshift-etcd playbooks from the byo playbooks directory - added a common playbook for setting etcd launch facts - added an openshift-etcd common service playbook - removed unused variables - fixed tests for embedded_{etcd,dns,kube} in openshift_master - removed old workaround for reloading systemd units
Diffstat (limited to 'playbooks/common/openshift-etcd')
-rw-r--r--playbooks/common/openshift-etcd/config.yml96
l---------playbooks/common/openshift-etcd/lookup_plugins1
-rw-r--r--playbooks/common/openshift-etcd/service.yml18
3 files changed, 62 insertions, 53 deletions
diff --git a/playbooks/common/openshift-etcd/config.yml b/playbooks/common/openshift-etcd/config.yml
index 2c920df49..3cc561ba0 100644
--- a/playbooks/common/openshift-etcd/config.yml
+++ b/playbooks/common/openshift-etcd/config.yml
@@ -1,30 +1,32 @@
---
-- name: Gather and set facts for etcd hosts
- hosts: oo_etcd_hosts_to_config
+- name: Set etcd facts needed for generating certs
+ hosts: oo_etcd_to_config
roles:
- openshift_facts
tasks:
- openshift_facts:
- role: common
- local_facts:
- hostname: "{{ openshift_hostname | default(None) }}"
- - name: Check for etcd certificates
+ role: "{{ item.role }}"
+ local_facts: "{{ item.local_facts }}"
+ with_items:
+ - role: common
+ local_facts:
+ hostname: "{{ openshift_hostname | default(None) }}"
+ public_hostname: "{{ openshift_public_hostname | default(None) }}"
+ deployment_type: "{{ openshift_deployment_type }}"
+ - name: Check status of etcd certificates
stat:
path: "{{ item }}"
with_items:
- - "/etc/etcd/ca.crt"
- - "/etc/etcd/client.crt"
- - "/etc/etcd/client.key"
- - "/etc/etcd/peer-ca.crt"
- - "/etc/etcd/peer.crt"
- - "/etc/etcd/peer.key"
- register: g_etcd_certs_stat
+ - /etc/etcd/server.crt
+ - /etc/etcd/peer.crt
+ - /etc/etcd/ca.crt
+ register: g_etcd_server_cert_stat_result
- set_fact:
- etcd_certs_missing: "{{ g_etcd_certs_stat.results | map(attribute='stat.exists')
- | list | intersect([false])}}"
- etcd_subdir: etcd-{{ openshift.common.hostname }}
- etcd_dir: /etc/openshift/generated-configs/etcd-{{ openshift.common.hostname }}
- etcd_cert_dir: /etc/etcd
+ etcd_server_certs_missing: "{{ g_etcd_server_cert_stat_result.results | map(attribute='stat.exists')
+ | list | intersect([false])}}"
+ etcd_cert_subdir: etcd-{{ openshift.common.hostname }}
+ etcd_cert_config_dir: /etc/etcd
+ etcd_cert_prefix:
- name: Create temp directory for syncing certs
hosts: localhost
@@ -37,65 +39,53 @@
register: g_etcd_mktemp
changed_when: False
-- name: Create etcd certs
- hosts: oo_first_master
+- name: Configure etcd certificates
+ hosts: oo_first_etcd
vars:
- etcd_hosts_needing_certs: "{{ hostvars
- | oo_select_keys(groups['oo_etcd_hosts_to_config'])
- | oo_filter_list(filter_attr='etcd_certs_missing') }}"
- etcd_hosts: "{{ hostvars
- | oo_select_keys(groups['oo_etcd_hosts_to_config']) }}"
+ etcd_generated_certs_dir: /etc/etcd/generated_certs
+ etcd_needing_server_certs: "{{ hostvars
+ | oo_select_keys(groups['oo_etcd_to_config'])
+ | oo_filter_list(filter_attr='etcd_server_certs_missing') }}"
sync_tmpdir: "{{ hostvars.localhost.g_etcd_mktemp.stdout }}"
roles:
- - openshift_etcd_certs
+ - etcd_certificates
post_tasks:
- name: Create a tarball of the etcd certs
command: >
- tar -czvf {{ item.etcd_dir }}.tgz
- -C {{ item.etcd_dir }} .
+ tar -czvf {{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}.tgz
+ -C {{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }} .
args:
- creates: "{{ item.etcd_dir }}.tgz"
- with_items: etcd_hosts_needing_certs
-
- - name: Retrieve the etcd cert tarballs from the master
+ creates: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}.tgz"
+ with_items: etcd_needing_server_certs
+ - name: Retrieve the etcd cert tarballs
fetch:
- src: "{{ item.etcd_dir }}.tgz"
+ src: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}.tgz"
dest: "{{ sync_tmpdir }}/"
flat: yes
fail_on_missing: yes
validate_checksum: yes
- with_items: etcd_hosts_needing_certs
+ with_items: etcd_needing_server_certs
-- name: Deploy etcd
- hosts: oo_etcd_hosts_to_config
+- name: Configure etcd hosts
+ hosts: oo_etcd_to_config
vars:
sync_tmpdir: "{{ hostvars.localhost.g_etcd_mktemp.stdout }}"
etcd_url_scheme: https
+ etcd_peer_url_scheme: https
+ etcd_peers_group: oo_etcd_to_config
pre_tasks:
- name: Ensure certificate directory exists
file:
- path: "{{ etcd_cert_dir }}"
+ path: "{{ etcd_cert_config_dir }}"
state: directory
- - name: Unarchive the tarball on the node
+ - name: Unarchive the tarball on the etcd host
unarchive:
- src: "{{ sync_tmpdir }}/{{ etcd_subdir }}.tgz"
- dest: "{{ etcd_cert_dir }}"
- when: etcd_certs_missing
- - file: path=/etc/etcd/client.crt mode=0600 owner=etcd group=etcd
- - file: path=/etc/etcd/client.key mode=0600 owner=etcd group=etcd
- - file: path=/etc/etcd/ca.crt mode=0644 owner=etcd group=etcd
+ src: "{{ sync_tmpdir }}/{{ etcd_cert_subdir }}.tgz"
+ dest: "{{ etcd_cert_config_dir }}"
+ when: etcd_server_certs_missing
roles:
- etcd
-- name: Delete the temporary directory on the master
- hosts: oo_first_master
- gather_facts: no
- vars:
- sync_tmpdir: "{{ hostvars.localhost.g_etcd_mktemp.stdout }}"
- tasks:
- - file: name={{ sync_tmpdir }} state=absent
- changed_when: False
-
- name: Delete temporary directory on localhost
hosts: localhost
connection: local
diff --git a/playbooks/common/openshift-etcd/lookup_plugins b/playbooks/common/openshift-etcd/lookup_plugins
new file mode 120000
index 000000000..ac79701db
--- /dev/null
+++ b/playbooks/common/openshift-etcd/lookup_plugins
@@ -0,0 +1 @@
+../../../lookup_plugins \ No newline at end of file
diff --git a/playbooks/common/openshift-etcd/service.yml b/playbooks/common/openshift-etcd/service.yml
new file mode 100644
index 000000000..0bf69b22f
--- /dev/null
+++ b/playbooks/common/openshift-etcd/service.yml
@@ -0,0 +1,18 @@
+---
+- name: Populate g_service_masters host group if needed
+ hosts: localhost
+ gather_facts: no
+ tasks:
+ - fail: msg="new_cluster_state is required to be injected in this playbook"
+ when: new_cluster_state is not defined
+
+ - name: Evaluate g_service_etcd
+ add_host: name={{ item }} groups=g_service_etcd
+ with_items: oo_host_group_exp | default([])
+
+- name: Change etcd state on etcd instance(s)
+ hosts: g_service_etcd
+ connection: ssh
+ gather_facts: no
+ tasks:
+ - service: name=etcd state="{{ new_cluster_state }}"