Home Explore Help
Register Sign In
shixiong
/
okd
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Merge pull request #7711 from mtnbikenc/fix-1529575

[1529575] Ensure etcd.conf variables are updated during upgrade
OpenShift Merge Robot 7 years ago
parent
b29bfceaf1 4a79a7e219
commit
35f5fb9525
4 changed files with 49 additions and 10 deletions
Split View Show Diff Stats
  1. 1 4
      roles/etcd/tasks/upgrade/upgrade_image.yml
  2. 1 4
      roles/etcd/tasks/upgrade/upgrade_rpm.yml
  3. 45 0
      roles/etcd/tasks/upgrade/validate_etcd_conf.yml
  4. 2 2
      roles/lib_utils/library/openshift_cert_expiry.py

+ 1 - 4
roles/etcd/tasks/upgrade/upgrade_image.yml
View File 

@@ -20,10 +20,7 @@
 
     regexp: "{{ current_image.stdout }}$"
 
     replace: "{{ new_etcd_image }}"
 
 
-- lineinfile:
 
-    destfile: "{{ etcd_conf_file }}"
 
-    regexp: '^ETCD_QUOTA_BACKEND_BYTES='
 
-    line: "ETCD_QUOTA_BACKEND_BYTES={{ etcd_quota_backend_bytes }}"
 
+- import_tasks: validate_etcd_conf.yml
 
 
 - name: Restart etcd_container
 
   systemd:

+ 1 - 4
roles/etcd/tasks/upgrade/upgrade_rpm.yml
View File 

@@ -21,10 +21,7 @@
 
   register: result
 
   until: result is succeeded
 
 
-- lineinfile:
 
-    destfile: "{{ etcd_conf_file }}"
 
-    regexp: '^ETCD_QUOTA_BACKEND_BYTES='
 
-    line: "ETCD_QUOTA_BACKEND_BYTES={{ etcd_quota_backend_bytes }}"
 
+- import_tasks: validate_etcd_conf.yml
 
 
 - name: Restart etcd
 
   service:

+ 45 - 0
roles/etcd/tasks/upgrade/validate_etcd_conf.yml
View File 

@@ -0,0 +1,45 @@
 
+---
 
+# This task file ensures expected variables exist in the case where systems have
 
+# been upgraded from states where these values were not initially configured.
 
+
 
+- name: Ensure ETCD_CA_FILE is absent
 
+  lineinfile:
 
+    destfile: "{{ etcd_conf_file }}"
 
+    regexp: 'ETCD_CA_FILE'
 
+    state: absent
 
+
 
+- name: Ensure ETCD_PEER_CA_FILE is absent
 
+  lineinfile:
 
+    destfile: "{{ etcd_conf_file }}"
 
+    regexp: 'ETCD_PEER_CA_FILE'
 
+    state: absent
 
+
 
+- name: Ensure ETCD_QUOTA_BACKEND_BYTES exists
 
+  lineinfile:
 
+    destfile: "{{ etcd_conf_file }}"
 
+    regexp: '^ETCD_QUOTA_BACKEND_BYTES='
 
+    line: 'ETCD_QUOTA_BACKEND_BYTES={{ etcd_quota_backend_bytes }}'
 
+
 
+- name: Ensure ETCD_CLIENT_CERT_AUTH exists
 
+  lineinfile:
 
+    destfile: "{{ etcd_conf_file }}"
 
+    regexp: '^ETCD_CLIENT_CERT_AUTH='
 
+    line: 'ETCD_CLIENT_CERT_AUTH="true"'
 
+
 
+- name: Ensure ETCD_PEER_CLIENT_CERT_AUTH exists
 
+  lineinfile:
 
+    destfile: "{{ etcd_conf_file }}"
 
+    regexp: '^ETCD_PEER_CLIENT_CERT_AUTH='
 
+    line: 'ETCD_PEER_CLIENT_CERT_AUTH="true"'
 
+
 
+- name: Ensure ETCD_TRUSTED_CA_FILE exists
 
+  lineinfile:
 
+    destfile: "{{ etcd_conf_file }}"
 
+    regexp: '^ETCD_TRUSTED_CA_FILE='
 
+    line: 'ETCD_TRUSTED_CA_FILE={{ etcd_ca_file }}'
 
+
 
+- name: Ensure ETCD_PEER_TRUSTED_CA_FILE exists
 
+  lineinfile:
 
+    destfile: "{{ etcd_conf_file }}"
 
+    regexp: '^ETCD_PEER_TRUSTED_CA_FILE='
 
+    line: 'ETCD_PEER_TRUSTED_CA_FILE={{ etcd_peer_ca_file }}'

+ 2 - 2
roles/lib_utils/library/openshift_cert_expiry.py
View File 

@@ -456,9 +456,9 @@ an OpenShift Container Platform cluster
 
 
     # etcd, where do you hide your certs? Used when parsing etcd.conf
 
     etcd_cert_params = [
 
-        "ETCD_CA_FILE",
 
+        "ETCD_TRUSTED_CA_FILE",
 
         "ETCD_CERT_FILE",
 
-        "ETCD_PEER_CA_FILE",
 
+        "ETCD_PEER_TRUSTED_CA_FILE",
 
         "ETCD_PEER_CERT_FILE",
 
     ]