Merge pull request #7662 from mgugino-upstream-stage/remove-etcd-migrate

Automatic merge from submit-queue.

Remove etcd_migrate and embedded2external

This commit removes all task files, plays, and
variables that are specific to etcd 2-3 migration and
embedded to external migration.

playbooks/openshift-etcd/embedded2external.yml

@@ -1,10 +0,0 @@
----
-- import_playbook: ../init/main.yml
-  vars:
-    skip_version: True
-    l_openshift_version_set_hosts: "all:!all"
-    l_openshift_version_check_hosts: "all:!all"
-    l_init_fact_hosts: "oo_masters_to_config:oo_etcd_to_config:oo_lb_to_config"
-    l_sanity_check_hosts: "{{ groups['oo_etcd_to_config'] | union(groups['oo_masters_to_config']) }}"
-
-- import_playbook: private/embedded2external.yml

playbooks/openshift-etcd/migrate.yml

@@ -1,10 +0,0 @@
----
-- import_playbook: ../init/main.yml
-  vars:
-    skip_version: True
-    l_openshift_version_set_hosts: "all:!all"
-    l_openshift_version_check_hosts: "all:!all"
-    l_init_fact_hosts: "oo_masters_to_config:oo_etcd_to_config:oo_lb_to_config"
-    l_sanity_check_hosts: "{{ groups['oo_etcd_to_config'] | union(groups['oo_masters_to_config']) }}"
-
-- import_playbook: private/migrate.yml

playbooks/openshift-etcd/private/embedded2external.yml

@@ -1,164 +0,0 @@
----
-- name: Pre-migrate checks
-  hosts: localhost
-  tasks:
-  # Check there is only one etcd host
-  - assert:
-      that: groups.oo_etcd_to_config | default([]) | length == 1
-      msg: "[etcd] group must contain only one host"
-  # Check there is only one master
-  - assert:
-      that: groups.oo_masters_to_config | default([]) | length == 1
-      msg: "[master] group must contain only one host"
-
-# 1. stop a master
-- name: Prepare masters for etcd data migration
-  hosts: oo_first_master
-  roles:
-  - role: openshift_facts
-  tasks:
-  - name: Check the master API is ready
-    import_role:
-      name: openshift_master
-      tasks_from: check_master_api_is_ready.yml
-  - set_fact:
-      master_service: "{{ openshift_service_type + '-master' }}"
-      embedded_etcd_backup_suffix: "{{ lookup('pipe', 'date +%Y%m%d%H%M%S') }}"
-  - debug:
-      msg: "master service name: {{ master_service }}"
-  - name: Stop master
-    service:
-      name: "{{ master_service }}"
-      state: stopped
-  # 2. backup embedded etcd
-  # Can't use with_items with import_role: https://github.com/ansible/ansible/issues/21285
-  - import_role:
-      name: etcd
-      tasks_from: backup.yml
-    vars:
-      r_etcd_common_backup_tag: pre-migrate
-      r_etcd_common_embedded_etcd: "{{ true }}"
-      r_etcd_common_backup_sufix_name: "{{ embedded_etcd_backup_suffix }}"
-
-  - import_role:
-      name: etcd
-      tasks_from: backup.archive.yml
-    vars:
-      r_etcd_common_backup_tag: pre-migrate
-      r_etcd_common_embedded_etcd: "{{ true }}"
-      r_etcd_common_backup_sufix_name: "{{ embedded_etcd_backup_suffix }}"
-
-# 3. deploy certificates (for etcd and master)
-- import_playbook: ca.yml
-
-- import_playbook: server_certificates.yml
-
-- name: Backup etcd client certificates for master host
-  hosts: oo_first_master
-  tasks:
-  - import_role:
-      name: etcd
-      tasks_from: backup_master_etcd_certificates.yml
-
-- name: Redeploy master etcd certificates
-  import_playbook: master_etcd_certificates.yml
-  vars:
-    etcd_certificates_redeploy: "{{ true }}"
-
-# 4. deploy external etcd
-- import_playbook: config.yml
-
-# 5. stop external etcd
-- name: Cleanse etcd
-  hosts: oo_etcd_to_config[0]
-  gather_facts: no
-  pre_tasks:
-  - import_role:
-      name: etcd
-      tasks_from: disable_etcd.yml
-  - import_role:
-      name: etcd
-      tasks_from: clean_data.yml
-
-# 6. copy the embedded etcd backup to the external host
-# TODO(jchaloup): if the etcd and first master are on the same host, just copy the directory
-- name: Copy embedded etcd backup to the external host
-  hosts: localhost
-  tasks:
-  - name: Create local temp directory for syncing etcd backup
-    local_action: command mktemp -d /tmp/etcd_backup-XXXXXXX
-    register: g_etcd_client_mktemp
-    changed_when: False
-
-  - name: Chmod local temp directory for syncing etcd backup
-    local_action: command chmod 777 "{{ g_etcd_client_mktemp.stdout }}"
-    changed_when: False
-
-  - import_role:
-      name: etcd
-      tasks_from: backup.fetch.yml
-    vars:
-      etcd_backup_sync_directory: "{{ g_etcd_client_mktemp.stdout }}"
-      r_etcd_common_backup_tag: pre-migrate
-      r_etcd_common_embedded_etcd: "{{ true }}"
-      r_etcd_common_backup_sufix_name: "{{ hostvars[groups.oo_first_master.0].embedded_etcd_backup_suffix }}"
-    delegate_to: "{{ groups.oo_first_master[0] }}"
-
-  - import_role:
-      name: etcd
-      tasks_from: backup.copy.yml
-    vars:
-      etcd_backup_sync_directory: "{{ g_etcd_client_mktemp.stdout }}"
-      r_etcd_common_backup_tag: pre-migrate
-      r_etcd_common_backup_sufix_name: "{{ hostvars[groups.oo_first_master.0].embedded_etcd_backup_suffix }}"
-    delegate_to: "{{ groups.oo_etcd_to_config[0] }}"
-
-  - debug:
-      msg: "etcd_backup_dest_directory: {{ g_etcd_client_mktemp.stdout }}"
-
-  - name: Delete temporary directory
-    local_action: file path="{{ g_etcd_client_mktemp.stdout }}" state=absent
-    changed_when: False
-
-# 7. force new cluster from the backup
-- name: Force new etcd cluster
-  hosts: oo_etcd_to_config[0]
-  tasks:
-  - import_role:
-      name: etcd
-      tasks_from: backup.unarchive.yml
-    vars:
-      r_etcd_common_backup_tag: pre-migrate
-      r_etcd_common_backup_sufix_name: "{{ hostvars[groups.oo_first_master.0].embedded_etcd_backup_suffix }}"
-
-  - import_role:
-      name: etcd
-      tasks_from: backup.force_new_cluster.yml
-    vars:
-      r_etcd_common_backup_tag: pre-migrate
-      r_etcd_common_backup_sufix_name: "{{ hostvars[groups.oo_first_master.0].embedded_etcd_backup_suffix }}"
-      etcd_peer: "{{ openshift.common.ip }}"
-      etcd_url_scheme: "https"
-      etcd_peer_url_scheme: "https"
-
-# 8. re-configure master to use the external etcd
-- name: Configure master to use external etcd
-  hosts: oo_first_master
-  tasks:
-  - import_role:
-      name: openshift_master
-      tasks_from: configure_external_etcd.yml
-    vars:
-      etcd_peer_url_scheme: "https"
-      etcd_ip: "{{ hostvars[groups.oo_etcd_to_config.0].openshift.common.ip }}"
-      etcd_peer_port: 2379
-
-  # 9. start the master
-  - name: Start master
-    service:
-      name: "{{ master_service }}"
-      state: started
-    register: service_status
-    until: service_status.state is defined and service_status.state == "started"
-    retries: 5
-    delay: 10

playbooks/openshift-etcd/private/migrate.yml

@@ -1,160 +0,0 @@
----
-- name: Check if the master has embedded etcd
-  hosts: localhost
-  connection: local
-  gather_facts: no
-  tags:
-  - always
-  tasks:
-  - fail:
-      msg: "Migration of an embedded etcd is not supported. Please, migrate the embedded etcd into an external etcd first."
-    when:
-    - groups.oo_etcd_to_config | default([]) | length == 0
-
-- name: Run pre-checks
-  hosts: oo_etcd_to_migrate
-  tasks:
-  - import_role:
-      name: etcd
-      tasks_from: migrate.pre_check.yml
-    vars:
-      etcd_peer: "{{ ansible_default_ipv4.address }}"
-
-# TODO: This will be different for release-3.6 branch
-- name: Prepare masters for etcd data migration
-  hosts: oo_masters_to_config
-  tasks:
-  - set_fact:
-      master_services:
-      - "{{ openshift_service_type + '-master-controllers' }}"
-      - "{{ openshift_service_type + '-master-api' }}"
-  - debug:
-      msg: "master service name: {{ master_services }}"
-  - name: Stop masters
-    service:
-      name: "{{ item }}"
-      state: stopped
-    with_items: "{{ master_services }}"
-
-- name: Backup v2 data
-  hosts: oo_etcd_to_migrate
-  gather_facts: no
-  roles:
-  - role: openshift_facts
-  post_tasks:
-  - import_role:
-      name: etcd
-      tasks_from: backup.yml
-    vars:
-      r_etcd_common_backup_tag: pre-migration
-      r_etcd_common_backup_sufix_name: "{{ lookup('pipe', 'date +%Y%m%d%H%M%S') }}"
-
-- name: Gate on etcd backup
-  hosts: localhost
-  connection: local
-  tasks:
-  - set_fact:
-      etcd_backup_completed: "{{ hostvars
-                                 | lib_utils_oo_select_keys(groups.oo_etcd_to_migrate)
-                                 | lib_utils_oo_collect('inventory_hostname', {'r_etcd_common_backup_complete': true}) }}"
-  - set_fact:
-      etcd_backup_failed: "{{ groups.oo_etcd_to_migrate | difference(etcd_backup_completed) | list }}"
-  - fail:
-      msg: "Migration cannot continue. The following hosts did not complete etcd backup: {{ etcd_backup_failed | join(',') }}"
-    when:
-    - etcd_backup_failed | length > 0
-
-- name: Stop etcd
-  hosts: oo_etcd_to_migrate
-  gather_facts: no
-  pre_tasks:
-  - import_role:
-      name: etcd
-      tasks_from: disable_etcd.yml
-
-- name: Migrate data on first etcd
-  hosts: oo_etcd_to_migrate[0]
-  gather_facts: no
-  tasks:
-  - import_role:
-      name: etcd
-      tasks_from: migrate.yml
-    vars:
-      etcd_peer: "{{ openshift.common.ip }}"
-      etcd_url_scheme: "https"
-      etcd_peer_url_scheme: "https"
-
-- name: Clean data stores on remaining etcd hosts
-  hosts: oo_etcd_to_migrate[1:]
-  gather_facts: no
-  tasks:
-  - import_role:
-      name: etcd
-      tasks_from: clean_data.yml
-    vars:
-      etcd_peer: "{{ openshift.common.ip }}"
-      etcd_url_scheme: "https"
-      etcd_peer_url_scheme: "https"
-  - name: Add etcd hosts
-    delegate_to: localhost
-    add_host:
-      name: "{{ item }}"
-      groups: oo_new_etcd_to_config
-      ansible_ssh_user: "{{ g_ssh_user | default(omit) }}"
-      ansible_become: "{{ g_sudo | default(omit) }}"
-    with_items: "{{ groups.oo_etcd_to_migrate[1:] | default([]) }}"
-    changed_when: no
-  - name: Set success
-    set_fact:
-      r_etcd_migrate_success: true
-
-- import_playbook: scaleup.yml
-
-- name: Gate on etcd migration
-  hosts: oo_masters_to_config
-  gather_facts: no
-  tasks:
-  - set_fact:
-      etcd_migration_completed: "{{ hostvars
-                                 | lib_utils_oo_select_keys(groups.oo_etcd_to_migrate)
-                                 | lib_utils_oo_collect('inventory_hostname', {'r_etcd_migrate_success': true}) }}"
-  - set_fact:
-      etcd_migration_failed: "{{ groups.oo_etcd_to_migrate | difference(etcd_migration_completed) | list }}"
-
-- name: Add TTLs on the first master
-  hosts: oo_first_master[0]
-  tasks:
-  - import_role:
-      name: etcd
-      tasks_from: migrate.add_ttls.yml
-    vars:
-      etcd_peer: "{{ hostvars[groups.oo_etcd_to_migrate.0].openshift.common.ip }}"
-      etcd_url_scheme: "https"
-      etcd_peer_url_scheme: "https"
-    when: etcd_migration_failed | length == 0
-
-- name: Configure masters if etcd data migration is succesfull
-  hosts: oo_masters_to_config
-  tasks:
-  - import_role:
-      name: etcd
-      tasks_from: migrate.configure_master.yml
-    when: etcd_migration_failed | length == 0
-  - debug:
-      msg: "Skipping master re-configuration since migration failed."
-    when:
-    - etcd_migration_failed | length > 0
-  - name: Start master services
-    service:
-      name: "{{ item }}"
-      state: started
-    register: service_status
-    # Sometimes the master-api, resp. master-controllers fails to start for the first time
-    until: service_status.state is defined and service_status.state == "started"
-    retries: 5
-    delay: 10
-    with_items: "{{ master_services[::-1] }}"
-  - fail:
-      msg: "Migration failed. The following hosts were not properly migrated: {{ etcd_migration_failed | join(',') }}"
-    when:
-    - etcd_migration_failed | length > 0

roles/etcd/defaults/main.yaml

@@ -6,7 +6,6 @@ l_is_etcd_system_container: "{{ (openshift_use_etcd_system_container | default(o
 
 # runc, docker, host
 r_etcd_common_etcd_runtime: "{{ 'runc' if l_is_etcd_system_container else 'docker' if openshift_is_containerized else 'host' }}"
-r_etcd_common_embedded_etcd: false
 
 osm_etcd_image: 'registry.access.redhat.com/rhel7/etcd'
 etcd_image_dict:
@@ -17,7 +16,7 @@ etcd_image: "{{ etcd_image_dict[openshift_deployment_type | default('origin')] }
 # etcd run on a host => use etcdctl command directly
 # etcd run as a docker container => use docker exec
 # etcd run as a runc container => use runc exec
-r_etcd_common_etcdctl_command: "{{ 'etcdctl' if r_etcd_common_etcd_runtime == 'host' or r_etcd_common_embedded_etcd | bool else 'docker exec etcd_container etcdctl' if r_etcd_common_etcd_runtime == 'docker' else 'runc exec etcd etcdctl' }}"
+r_etcd_common_etcdctl_command: "{{ 'etcdctl' if r_etcd_common_etcd_runtime == 'host' | bool else 'docker exec etcd_container etcdctl' if r_etcd_common_etcd_runtime == 'docker' else 'runc exec etcd etcdctl' }}"
 
 # etcd server vars
 etcd_conf_dir: '/etc/etcd'
@@ -60,7 +59,7 @@ etcd_is_containerized: False
 etcd_is_thirdparty: False
 
 # etcd dir vars
-etcd_data_dir: "{{ '/var/lib/origin/openshift.local.etcd' if r_etcd_common_embedded_etcd | bool else '/var/lib/etcd/' }}"
+etcd_data_dir: "/var/lib/etcd/"
 
 # etcd ports and protocols
 etcd_client_port: 2379

roles/etcd/tasks/auxiliary/clean_data.yml

@@ -1,5 +0,0 @@
----
-- name: Remove member data
-  file:
-    path: "{{ etcd_data_dir }}/member"
-    state: absent

roles/etcd/tasks/auxiliary/disable_etcd.yml

@@ -1,5 +0,0 @@
----
-- name: Disable etcd members
-  service:
-    name: "{{ etcd_service }}"
-    state: stopped

roles/etcd/tasks/auxiliary/force_new_cluster.yml

@@ -1,31 +0,0 @@
----
-- name: Set ETCD_FORCE_NEW_CLUSTER=true on first etcd host
-  lineinfile:
-    line: "ETCD_FORCE_NEW_CLUSTER=true"
-    dest: /etc/etcd/etcd.conf
-    backup: true
-
-- name: Start etcd
-  systemd:
-    name: "{{ etcd_service }}"
-    state: started
-
-- name: Wait for cluster to become healthy after bringing up first member
-  command: >
-    etcdctl --cert-file {{ etcd_peer_cert_file }} --key-file {{ etcd_peer_key_file }} --ca-file {{ etcd_peer_ca_file }} --endpoint https://{{ etcd_peer }}:{{ etcd_client_port }} cluster-health
-  register: l_etcd_migrate_health
-  until: l_etcd_migrate_health.rc == 0
-  retries: 3
-  delay: 30
-
-- name: Unset ETCD_FORCE_NEW_CLUSTER=true on first etcd host
-  lineinfile:
-    line: "ETCD_FORCE_NEW_CLUSTER=true"
-    dest: /etc/etcd/etcd.conf
-    state: absent
-    backup: true
-
-- name: Restart first etcd host
-  systemd:
-    name: "{{ etcd_service }}"
-    state: restarted

roles/etcd/tasks/backup.archive.yml

@@ -1,3 +0,0 @@
----
-- include_tasks: backup/vars.yml
-- include_tasks: backup/archive.yml

roles/etcd/tasks/backup.copy.yml

@@ -1,3 +0,0 @@
----
-- include_tasks: backup/vars.yml
-- include_tasks: backup/copy.yml

roles/etcd/tasks/backup.fetch.yml

@@ -1,3 +0,0 @@
----
-- include_tasks: backup/vars.yml
-- include_tasks: backup/fetch.yml

roles/etcd/tasks/backup.force_new_cluster.yml

@@ -1,12 +0,0 @@
----
-- include_tasks: backup/vars.yml
-
-- name: Move content of etcd backup under the etcd data directory
-  command: >
-    mv "{{ l_etcd_backup_dir }}/member" "{{ etcd_data_dir }}"
-
-- name: Set etcd group for the etcd data directory
-  command: >
-    chown -R etcd:etcd "{{ etcd_data_dir }}"
-
-- include_tasks: auxiliary/force_new_cluster.yml

roles/etcd/tasks/backup.unarchive.yml

@@ -1,3 +0,0 @@
----
-- include_tasks: backup/vars.yml
-- include_tasks: backup/unarchive.yml

roles/etcd/tasks/backup/backup.yml

@@ -24,28 +24,16 @@
       {{ l_avail_disk.stdout }} Kb available.
   when: l_etcd_disk_usage.stdout|int*2 > l_avail_disk.stdout|int
 
-# For non containerized and non embedded we should have the correct version of
+# For non containerized we should have the correct version of
 # etcd installed already. So don't do anything.
 #
 # For containerized installs we now exec into etcd_container
-#
-# For embedded non containerized we need to ensure we have the latest version
-# etcd on the host.
+
 - name: Detecting Atomic Host Operating System
   stat:
     path: /run/ostree-booted
   register: l_ostree_booted
 
-- name: Install latest etcd for embedded
-  package:
-    name: etcd
-    state: latest
-  when:
-  - r_etcd_common_embedded_etcd | bool
-  - not l_ostree_booted.stat.exists | bool
-  register: result
-  until: result is succeeded
-
 - name: Check selinux label of '{{ etcd_data_dir }}'
   command: >
     stat -c '%C' {{ etcd_data_dir }}

roles/etcd/tasks/backup_master_etcd_certificates.yml

@@ -1,2 +0,0 @@
----
-- include_tasks: certificates/backup_master_etcd_certificates.yml

roles/etcd/tasks/certificates/backup_master_etcd_certificates.yml

@@ -1,7 +0,0 @@
----
-- name: Backup master etcd certificates
-  shell: >
-    tar -czvf /etc/origin/master/master-etcd-certificate-backup-{{ ansible_date_time.epoch }}.tgz
-    /etc/origin/master/master.etcd-*
-  args:
-    warn: no

roles/etcd/tasks/check_cluster_health.yml

@@ -1,2 +0,0 @@
----
-- include_tasks: migration/check_cluster_health.yml

roles/etcd/tasks/clean_data.yml

@@ -1,2 +0,0 @@
----
-- include_tasks: auxiliary/clean_data.yml

roles/etcd/tasks/disable_etcd.yml

@@ -1,2 +0,0 @@
----
-- include_tasks: auxiliary/disable_etcd.yml

roles/etcd/tasks/migrate.add_ttls.yml

@@ -1,2 +0,0 @@
----
-- include_tasks: migration/add_ttls.yml

roles/etcd/tasks/migrate.configure_master.yml

@@ -1,2 +0,0 @@
----
-- include_tasks: migration/configure_master.yml

roles/etcd/tasks/migrate.pre_check.yml

@@ -1,2 +0,0 @@
----
-- include_tasks: migration/check.yml

roles/etcd/tasks/migrate.yml

@@ -1,2 +0,0 @@
----
-- include_tasks: migration/migrate.yml

roles/etcd/tasks/migration/add_ttls.yml

@@ -1,34 +0,0 @@
----
-# To be executed on first master
-- slurp:
-    src: "{{ openshift.common.config_base }}/master/master-config.yaml"
-  register: g_master_config_output
-
-- set_fact:
-    accessTokenMaxAgeSeconds: "{{ (g_master_config_output.content|b64decode|from_yaml).oauthConfig.tokenConfig.accessTokenMaxAgeSeconds | default(86400) }}"
-    authorizeTokenMaxAgeSeconds: "{{ (g_master_config_output.content|b64decode|from_yaml).oauthConfig.tokenConfig.authorizeTokenMaxAgeSeconds | default(500) }}"
-    controllerLeaseTTL: "{{ (g_master_config_output.content|b64decode|from_yaml).controllerLeaseTTL | default(30) }}"
-
-- name: Re-introduce leases (as a replacement for key TTLs)
-  command: >
-    {{ openshift_client_binary }} adm migrate etcd-ttl \
-    --cert {{ r_etcd_common_master_peer_cert_file }} \
-    --key {{ r_etcd_common_master_peer_key_file }} \
-    --cacert {{ r_etcd_common_master_peer_ca_file }} \
-    --etcd-address 'https://{{ etcd_peer }}:{{ etcd_client_port }}' \
-    --ttl-keys-prefix {{ item.keys }} \
-    --lease-duration {{ item.ttl }}
-  environment:
-    ETCDCTL_API: 3
-    PATH: "/usr/local/bin:/var/usrlocal/bin:{{ ansible_env.PATH }}"
-  with_items:
-    - keys: "/kubernetes.io/events"
-      ttl: "1h"
-    - keys: "/kubernetes.io/masterleases"
-      ttl: "10s"
-    - keys: "/openshift.io/oauth/accesstokens"
-      ttl: "{{ accessTokenMaxAgeSeconds }}s"
-    - keys: "/openshift.io/oauth/authorizetokens"
-      ttl: "{{ authorizeTokenMaxAgeSeconds }}s"
-    - keys: "/openshift.io/leases/controllers"
-      ttl: "{{ controllerLeaseTTL }}s"

roles/etcd/tasks/migration/check.yml

@@ -1,67 +0,0 @@
----
-
-# Check the cluster is healthy
-- include_tasks: check_cluster_health.yml
-
-# Check if there is at least one v2 snapshot
-- name: Check if there is at least one v2 snapshot
-  find:
-    paths: "{{ etcd_data_dir }}/member/snap"
-    patterns: '*.snap'
-  register: snapshots_result
-
-- fail:
-    msg: "Before the migration can proceed the etcd member must write down at least one snapshot under {{ etcd_data_dir }}/member/snap directory."
-  when: snapshots_result.matched | int == 0
-
-# Check if the member has v3 data already
-# Run the migration only if the data are v2
-- name: Check if there are any v3 data
-  command: >
-    etcdctl --cert {{ etcd_peer_cert_file }} --key {{ etcd_peer_key_file }} --cacert {{ etcd_peer_ca_file }} --endpoints 'https://{{ etcd_peer }}:{{ etcd_client_port }}' get "" --from-key --keys-only -w json --limit 1
-  environment:
-    ETCDCTL_API: 3
-  register: l_etcdctl_output
-
-- fail:
-    msg: "Unable to get a number of v3 keys"
-  when: l_etcdctl_output.rc != 0
-
-- fail:
-    msg: "The etcd has at least one v3 key"
-  when: "'count' in (l_etcdctl_output.stdout | from_json) and (l_etcdctl_output.stdout | from_json).count != 0"
-
-
-# TODO(jchaloup): once the until loop can be used over include/block,
-#                 remove the repetive code
-# - until loop not supported over include statement (nor block)
-#   https://github.com/ansible/ansible/issues/17098
-# - with_items not supported over block
-
-# Check the cluster status for the first time
-- include_tasks: check_cluster_status.yml
-
-# Check the cluster status for the second time
-- block:
-  - debug:
-      msg: "l_etcd_cluster_status_ok: {{ l_etcd_cluster_status_ok }}"
-  - name: Wait a while before another check
-    pause:
-      seconds: 5
-    when: not l_etcd_cluster_status_ok | bool
-
-  - include_tasks: check_cluster_status.yml
-    when: not l_etcd_cluster_status_ok | bool
-
-
-# Check the cluster status for the third time
-- block:
-  - debug:
-      msg: "l_etcd_cluster_status_ok: {{ l_etcd_cluster_status_ok }}"
-  - name: Wait a while before another check
-    pause:
-      seconds: 5
-    when: not l_etcd_cluster_status_ok | bool
-
-  - include_tasks: check_cluster_status.yml
-    when: not l_etcd_cluster_status_ok | bool

roles/etcd/tasks/migration/check_cluster_health.yml

@@ -1,23 +0,0 @@
----
-- name: Check cluster health
-  command: >
-    etcdctl --cert-file {{ etcd_peer_cert_file }} --key-file {{ etcd_peer_key_file }} --ca-file {{ etcd_peer_ca_file }} --endpoint https://{{ etcd_peer }}:{{ etcd_client_port }} cluster-health
-  register: etcd_cluster_health
-  changed_when: false
-  failed_when: false
-
-- name: Assume a member is not healthy
-  set_fact:
-    etcd_member_healthy: false
-
-- name: Get member item health status
-  set_fact:
-    etcd_member_healthy: true
-  with_items: "{{ etcd_cluster_health.stdout_lines }}"
-  when: "(etcd_peer in item) and ('is healthy' in item)"
-
-- name: Check the etcd cluster health
-  # TODO(jchaloup): should we fail or ask user if he wants to continue? Or just wait until the cluster is healthy?
-  fail:
-    msg: "Etcd member {{ etcd_peer }} is not healthy"
-  when: not etcd_member_healthy

roles/etcd/tasks/migration/check_cluster_status.yml

@@ -1,32 +0,0 @@
----
-# etcd_ip originates from etcd_common role
-- name: Check cluster status
-  command: >
-    etcdctl --cert {{ etcd_peer_cert_file }} --key {{ etcd_peer_key_file }} --cacert {{ etcd_peer_ca_file }} --endpoints 'https://{{ etcd_peer }}:{{ etcd_client_port }}' -w json endpoint status
-  environment:
-    ETCDCTL_API: 3
-  register: l_etcd_cluster_status
-
-- name: Retrieve raftIndex
-  set_fact:
-    etcd_member_raft_index: "{{ (l_etcd_cluster_status.stdout | from_json)[0]['Status']['raftIndex'] }}"
-
-- block:
-  # http://docs.ansible.com/ansible/playbooks_filters.html#extracting-values-from-containers
-  - name: Group all raftIndices into a list
-    set_fact:
-      etcd_members_raft_indices: "{{ groups['oo_etcd_to_migrate'] | map('extract', hostvars, 'etcd_member_raft_index') | list | unique }}"
-
-  - name: Check the minimum and the maximum of raftIndices is at most 1
-    set_fact:
-      etcd_members_raft_indices_diff: "{{ ((etcd_members_raft_indices | max | int) - (etcd_members_raft_indices | min | int)) | int }}"
-
-  - debug:
-      msg: "Raft indices difference: {{ etcd_members_raft_indices_diff }}"
-
-  when: inventory_hostname in groups.oo_etcd_to_migrate[0]
-
-# The cluster raft status is ok if the difference of the max and min raft index is at most 1
-- name: capture the status
-  set_fact:
-    l_etcd_cluster_status_ok: "{{ hostvars[groups.oo_etcd_to_migrate[0]]['etcd_members_raft_indices_diff'] | int < 2 }}"

roles/etcd/tasks/migration/configure_master.yml

@@ -1,13 +0,0 @@
----
-- name: Configure master to use etcd3 storage backend
-  yedit:
-    src: /etc/origin/master/master-config.yaml
-    key: "{{ item.key }}"
-    value: "{{ item.value }}"
-  with_items:
-    - key: kubernetesMasterConfig.apiServerArguments.storage-backend
-      value:
-        - etcd3
-    - key: kubernetesMasterConfig.apiServerArguments.storage-media-type
-      value:
-        - application/vnd.kubernetes.protobuf

roles/etcd/tasks/migration/migrate.yml

@@ -1,56 +0,0 @@
----
-# Should this be run in a serial manner?
-- set_fact:
-    l_etcd_service: "{{ 'etcd_container' if (openshift_is_containerized | bool) else 'etcd' }}"
-
-- name: Migrate etcd data
-  command: >
-    etcdctl migrate --data-dir={{ etcd_data_dir }}
-  environment:
-    ETCDCTL_API: 3
-  register: l_etcdctl_migrate
-# TODO(jchaloup): If any of the members fails, we need to restore all members to v2 from the pre-migrate backup
-- name: Check the etcd v2 data are correctly migrated
-  fail:
-    msg: "Failed to migrate a member"
-  when: "'finished transforming keys' not in l_etcdctl_migrate.stdout and 'no v2 keys to migrate' not in l_etcdctl_migrate.stdout"
-- name: Migration message
-  debug:
-    msg: "Etcd migration finished with: {{ l_etcdctl_migrate.stdout }}"
-- name: Set ETCD_FORCE_NEW_CLUSTER=true on first etcd host
-  lineinfile:
-    line: "ETCD_FORCE_NEW_CLUSTER=true"
-    dest: /etc/etcd/etcd.conf
-    backup: true
-- name: Start etcd
-  systemd:
-    name: "{{ l_etcd_service }}"
-    state: started
-- name: Wait for cluster to become healthy after bringing up first member
-  command: >
-    etcdctl --cert-file {{ etcd_peer_cert_file }} --key-file {{ etcd_peer_key_file }} --ca-file {{ etcd_peer_ca_file }} --endpoint https://{{ etcd_peer }}:{{ etcd_client_port }} cluster-health
-  register: l_etcd_migrate_health
-  until: l_etcd_migrate_health.rc == 0
-  retries: 3
-  delay: 30
-- name: Unset ETCD_FORCE_NEW_CLUSTER=true on first etcd host
-  lineinfile:
-    line: "ETCD_FORCE_NEW_CLUSTER=true"
-    dest: /etc/etcd/etcd.conf
-    state: absent
-    backup: true
-- name: Restart first etcd host
-  systemd:
-    name: "{{ l_etcd_service }}"
-    state: restarted
-
-- name: Wait for cluster to become healthy after bringing up first member
-  command: >
-    etcdctl --cert-file {{ etcd_peer_cert_file }} --key-file {{ etcd_peer_key_file }} --ca-file {{ etcd_peer_ca_file }} --endpoint https://{{ etcd_peer }}:{{ etcd_client_port }} cluster-health
-  register: l_etcd_migrate_health
-  until: l_etcd_migrate_health.rc == 0
-  retries: 3
-  delay: 30
-
-- set_fact:
-    r_etcd_migrate_success: true

roles/lib_utils/library/openshift_cert_expiry.py

@@ -665,45 +665,6 @@ an OpenShift Container Platform cluster
             classify_cert(expire_check_result, now, time_remaining, expire_window, etcd_certs)
 
     ######################################################################
-    # Now the embedded etcd
-    ######################################################################
-    try:
-        with io.open('/etc/origin/master/master-config.yaml', 'r', encoding='utf-8') as fp:
-            cfg = yaml.load(fp)
-    except IOError:
-        # Not present
-        pass
-    else:
-        if cfg.get('etcdConfig', {}).get('servingInfo', {}).get('certFile', None) is not None:
-            # This is embedded
-            etcd_crt_name = cfg['etcdConfig']['servingInfo']['certFile']
-        else:
-            # Not embedded
-            etcd_crt_name = None
-
-        if etcd_crt_name is not None:
-            # etcd_crt_name is relative to the location of the
-            # master-config.yaml file
-            cfg_path = os.path.dirname(fp.name)
-            etcd_cert = os.path.join(cfg_path, etcd_crt_name)
-            with open(etcd_cert, 'r') as etcd_fp:
-                (cert_subject,
-                 cert_expiry_date,
-                 time_remaining,
-                 cert_serial) = load_and_handle_cert(etcd_fp.read(), now, ans_module=module)
-
-                expire_check_result = {
-                    'cert_cn': cert_subject,
-                    'path': etcd_fp.name,
-                    'expiry': cert_expiry_date,
-                    'days_remaining': time_remaining.days,
-                    'health': None,
-                    'serial': cert_serial
-                }
-
-                classify_cert(expire_check_result, now, time_remaining, expire_window, etcd_certs)
-
-    ######################################################################
     # /Check etcd certs
     ######################################################################
 

roles/nuage_master/tasks/etcd_certificates.yml

@@ -7,7 +7,6 @@
   vars:
     etcd_cert_prefix: nuageEtcd-
     etcd_cert_config_dir: "{{ cert_output_dir }}"
-    embedded_etcd: "{{ hostvars[groups.oo_first_master.0].openshift.master.embedded_etcd }}"
     etcd_ca_host: "{{ groups.oo_etcd_to_config.0 }}"
     etcd_cert_subdir: "openshift-nuage-{{ openshift.common.hostname }}"
 

roles/openshift_control_plane/defaults/main.yml

@@ -50,9 +50,6 @@ default_r_openshift_master_os_firewall_allow:
   port: "{{ openshift_master_dns_port }}/tcp"
 - service: skydns udp
   port: "{{ openshift_master_dns_port }}/udp"
-- service: etcd embedded
-  port: 4001/tcp
-  cond: "{{ groups.oo_etcd_to_config | default([]) | length == 0 }}"
 r_openshift_master_os_firewall_allow: "{{ default_r_openshift_master_os_firewall_allow | union(openshift_master_open_ports | default([])) }}"
 
 # oreg_url is defined by user input

roles/openshift_master/defaults/main.yml

@@ -68,9 +68,6 @@ default_r_openshift_master_os_firewall_allow:
   port: "{{ openshift_master_dns_port }}/tcp"
 - service: skydns udp
   port: "{{ openshift_master_dns_port }}/udp"
-- service: etcd embedded
-  port: 4001/tcp
-  cond: "{{ groups.oo_etcd_to_config | default([]) | length == 0 }}"
 r_openshift_master_os_firewall_allow: "{{ default_r_openshift_master_os_firewall_allow | union(openshift_master_open_ports | default([])) }}"
 
 # oreg_url is defined by user input

roles/openshift_master/tasks/configure_external_etcd.yml

@@ -1,17 +0,0 @@
----
-- name: Remove etcdConfig section
-  yedit:
-    src: /etc/origin/master/master-config.yaml
-    key: "etcdConfig"
-    state: absent
-- name: Set etcdClientInfo.ca to master.etcd-ca.crt
-  yedit:
-    src: /etc/origin/master/master-config.yaml
-    key: etcdClientInfo.ca
-    value: master.etcd-ca.crt
-- name: Set etcdClientInfo.urls to the external etcd
-  yedit:
-    src: /etc/origin/master/master-config.yaml
-    key: etcdClientInfo.urls
-    value:
-      - "{{ etcd_peer_url_scheme }}://{{ etcd_ip }}:{{ etcd_peer_port }}"