Browse Source

Use openshift_hostname/openshift_ip values for etcd configuration and certificates.

Andrew Butcher 9 years ago
parent
commit
43fa4eff62

+ 5 - 3
playbooks/common/openshift-etcd/config.yml

@@ -22,6 +22,8 @@
       etcd_cert_subdir: etcd-{{ openshift.common.hostname }}
       etcd_cert_config_dir: /etc/etcd
       etcd_cert_prefix:
+      etcd_hostname: "{{ openshift.common.hostname }}"
+      etcd_ip: "{{ openshift.common.ip }}"
 
 - name: Create temp directory for syncing certs
   hosts: localhost
@@ -43,7 +45,7 @@
                                   | oo_filter_list(filter_attr='etcd_server_certs_missing') }}"
     sync_tmpdir: "{{ hostvars.localhost.g_etcd_mktemp.stdout }}"
   roles:
-  - etcd_certificates
+  - openshift_etcd_certificates
   post_tasks:
   - name: Create a tarball of the etcd certs
     command: >
@@ -69,7 +71,7 @@
     sync_tmpdir: "{{ hostvars.localhost.g_etcd_mktemp.stdout }}"
     etcd_url_scheme: https
     etcd_peer_url_scheme: https
-    etcd_peers_group: oo_etcd_to_config
+    etcd_peers: "{{ groups.oo_etcd_to_config | default([], true) }}"
   pre_tasks:
   - name: Ensure certificate directory exists
     file:
@@ -91,7 +93,7 @@
     sync_tmpdir: "{{ hostvars.localhost.g_etcd_mktemp.stdout }}"
     etcd_url_scheme: https
     etcd_peer_url_scheme: https
-    etcd_peers_group: oo_etcd_to_config
+    etcd_peers: "{{ groups.oo_etcd_to_config | default([], true) }}"
   pre_tasks:
   - name: Ensure certificate directory exists
     file:

+ 1 - 1
playbooks/common/openshift-master/config.yml

@@ -98,7 +98,7 @@
                                    | oo_filter_list(filter_attr='etcd_client_certs_missing') }}"
     sync_tmpdir: "{{ hostvars.localhost.g_master_mktemp.stdout }}"
   roles:
-  - etcd_certificates
+  - openshift_etcd_certificates
   post_tasks:
   - name: Create a tarball of the etcd certs
     command: >

+ 3 - 1
playbooks/common/openshift-node/config.yml

@@ -154,6 +154,8 @@
       etcd_cert_subdir: openshift-node-{{ openshift.common.hostname }}
       etcd_cert_config_dir: "{{ openshift.common.config_base }}/node"
       etcd_cert_prefix: node.etcd-
+      etcd_hostname: "{{ openshift.common.hostname }}"
+      etcd_ip: "{{ openshift.common.ip }}"
     when: groups.oo_etcd_to_config is defined and groups.oo_etcd_to_config and (openshift.common.use_flannel | bool)
 
 - name: Configure flannel etcd certificates
@@ -168,7 +170,7 @@
                                    | oo_filter_list(filter_attr='etcd_client_flannel_certs_missing') | default([]) }}"
     when: etcd_client_flannel_certs_missing is defined and etcd_client_flannel_certs_missing
   roles:
-  - role: etcd_certificates
+  - role: openshift_etcd_certificates
     when: openshift_use_flannel | default(false) | bool
   post_tasks:
   - name: Create a tarball of the etcd flannel certs

+ 5 - 5
roles/etcd/defaults/main.yaml

@@ -1,5 +1,5 @@
 ---
-etcd_service: "{{ 'etcd' if not openshift.common.is_containerized | bool else 'etcd_container' }}"
+etcd_service: "{{ 'etcd' if not etcd_is_containerized | bool else 'etcd_container' }}"
 etcd_interface: "{{ ansible_default_ipv4.interface }}"
 etcd_client_port: 2379
 etcd_peer_port: 2380
@@ -9,10 +9,10 @@ etcd_peer_url_scheme: http
 etcd_initial_cluster_state: new
 etcd_initial_cluster_token: etcd-cluster-1
 
-etcd_initial_advertise_peer_urls: "{{ etcd_peer_url_scheme }}://{{ hostvars[inventory_hostname]['ansible_' + etcd_interface]['ipv4']['address'] }}:{{ etcd_peer_port }}"
-etcd_listen_peer_urls: "{{ etcd_peer_url_scheme }}://{{ hostvars[inventory_hostname]['ansible_' + etcd_interface]['ipv4']['address'] }}:{{ etcd_peer_port }}"
-etcd_advertise_client_urls: "{{ etcd_url_scheme }}://{{ hostvars[inventory_hostname]['ansible_' + etcd_interface]['ipv4']['address'] }}:{{ etcd_client_port }}"
-etcd_listen_client_urls: "{{ etcd_url_scheme }}://{{ hostvars[inventory_hostname]['ansible_' + etcd_interface]['ipv4']['address'] }}:{{ etcd_client_port }}"
+etcd_initial_advertise_peer_urls: "{{ etcd_peer_url_scheme }}://{{ etcd_ip }}:{{ etcd_peer_port }}"
+etcd_listen_peer_urls: "{{ etcd_peer_url_scheme }}://{{ etcd_ip }}:{{ etcd_peer_port }}"
+etcd_advertise_client_urls: "{{ etcd_url_scheme }}://{{ etcd_ip }}:{{ etcd_client_port }}"
+etcd_listen_client_urls: "{{ etcd_url_scheme }}://{{ etcd_ip }}:{{ etcd_client_port }}"
 
 etcd_data_dir: /var/lib/etcd/
 

+ 19 - 20
roles/etcd/tasks/main.yml

@@ -1,36 +1,35 @@
 ---
-- fail:
-    msg: Interface {{ etcd_interface }} not found
-  when: "'ansible_' ~ etcd_interface not in hostvars[inventory_hostname]"
-
-- fail:
-    msg: IPv4 address not found for {{ etcd_interface }}
-  when: "'ipv4' not in hostvars[inventory_hostname]['ansible_' ~ etcd_interface] or 'address' not in hostvars[inventory_hostname]['ansible_' ~ etcd_interface].ipv4"
+- name: Set hostname and ip facts
+  set_fact:
+    # Store etcd_hostname and etcd_ip such that they will be available
+    # in hostvars. Defaults for these variables are set in etcd_common.
+    etcd_hostname: "{{ etcd_hostname }}"
+    etcd_ip: "{{ etcd_ip }}"
 
 - name: Install etcd
   action: "{{ ansible_pkg_mgr }} name=etcd state=present"
-  when: not openshift.common.is_containerized | bool
+  when: not etcd_is_containerized | bool
 
 - name: Pull etcd container
   command: docker pull {{ openshift.etcd.etcd_image }}
-  when: openshift.common.is_containerized | bool
+  when: etcd_is_containerized | bool
 
 - name: Install etcd container service file
   template:
     dest: "/etc/systemd/system/etcd_container.service"
     src: etcd.docker.service
   register: install_etcd_result
-  when: openshift.common.is_containerized | bool
+  when: etcd_is_containerized | bool
 
 - name: Ensure etcd datadir exists
-  when: openshift.common.is_containerized | bool
+  when: etcd_is_containerized | bool
   file:
     path: "{{ etcd_data_dir }}"
     state: directory
     mode: 0700
 
 - name: Disable system etcd when containerized
-  when: openshift.common.is_containerized | bool
+  when: etcd_is_containerized | bool
   service:
     name: etcd
     state: stopped
@@ -42,27 +41,27 @@
   changed_when: false
 
 - name: Mask system etcd when containerized
-  when: openshift.common.is_containerized | bool and 'LoadState=not-found' not in etcd_show.stdout
+  when: etcd_is_containerized | bool and 'LoadState=not-found' not in etcd_show.stdout
   command: systemctl mask etcd
 
 - name: Reload systemd units
   command: systemctl daemon-reload
-  when: openshift.common.is_containerized | bool and ( install_etcd_result | changed )
+  when: etcd_is_containerized | bool and ( install_etcd_result | changed )
 
 - name: Validate permissions on the config dir
   file:
     path: "{{ etcd_conf_dir }}"
     state: directory
-    owner: "{{ 'etcd' if not openshift.common.is_containerized | bool else omit }}"
-    group: "{{ 'etcd' if not openshift.common.is_containerized | bool else omit }}"
+    owner: "{{ 'etcd' if not etcd_is_containerized | bool else omit }}"
+    group: "{{ 'etcd' if not etcd_is_containerized | bool else omit }}"
     mode: 0700
 
 - name: Validate permissions on certificate files
   file:
     path: "{{ item }}"
     mode: 0600
-    owner: "{{ 'etcd' if not openshift.common.is_containerized | bool else omit }}"
-    group: "{{ 'etcd' if not openshift.common.is_containerized | bool else omit }}"
+    owner: "{{ 'etcd' if not etcd_is_containerized | bool else omit }}"
+    group: "{{ 'etcd' if not etcd_is_containerized | bool else omit }}"
   when: etcd_url_scheme == 'https'
   with_items:
   - "{{ etcd_ca_file }}"
@@ -73,8 +72,8 @@
   file:
     path: "{{ item }}"
     mode: 0600
-    owner: "{{ 'etcd' if not openshift.common.is_containerized | bool else omit }}"
-    group: "{{ 'etcd' if not openshift.common.is_containerized | bool else omit }}"
+    owner: "{{ 'etcd' if not etcd_is_containerized | bool else omit }}"
+    group: "{{ 'etcd' if not etcd_is_containerized | bool else omit }}"
   when: etcd_peer_url_scheme == 'https'
   with_items:
   - "{{ etcd_peer_ca_file }}"

+ 6 - 6
roles/etcd/templates/etcd.conf.j2

@@ -1,15 +1,15 @@
 {% macro initial_cluster() -%}
-{% for host in groups[etcd_peers_group] -%}
+{% for host in etcd_peers -%}
 {% if loop.last -%}
-{{ host }}={{ etcd_peer_url_scheme }}://{{ etcd_host_int_map[host].interface.ipv4.address }}:{{ etcd_peer_port }}
+{{ hostvars[host].etcd_hostname }}={{ etcd_peer_url_scheme }}://{{ hostvars[host].etcd_ip }}:{{ etcd_peer_port }}
 {%- else -%}
-{{ host }}={{ etcd_peer_url_scheme }}://{{ etcd_host_int_map[host].interface.ipv4.address }}:{{ etcd_peer_port }},
+{{ hostvars[host].etcd_hostname }}={{ etcd_peer_url_scheme }}://{{ hostvars[host].etcd_ip }}:{{ etcd_peer_port }},
 {%- endif -%}
 {% endfor -%}
 {% endmacro -%}
 
-{% if groups[etcd_peers_group] and groups[etcd_peers_group] | length > 1 %}
-ETCD_NAME={{ inventory_hostname }}
+{% if etcd_peers | default([]) | length > 1 %}
+ETCD_NAME={{ etcd_hostname }}
 ETCD_LISTEN_PEER_URLS={{ etcd_listen_peer_urls }}
 {% else %}
 ETCD_NAME=default
@@ -23,7 +23,7 @@ ETCD_LISTEN_CLIENT_URLS={{ etcd_listen_client_urls }}
 #ETCD_MAX_WALS=5
 #ETCD_CORS=
 
-{% if groups[etcd_peers_group] and groups[etcd_peers_group] | length > 1 %}
+{% if etcd_peers | default([]) | length > 1 %}
 #[cluster]
 ETCD_INITIAL_ADVERTISE_PEER_URLS={{ etcd_initial_advertise_peer_urls }}
 ETCD_INITIAL_CLUSTER={{ initial_cluster() }}

+ 1 - 1
roles/etcd_ca/tasks/main.yml

@@ -1,7 +1,7 @@
 ---
 - name: Install openssl
   action: "{{ ansible_pkg_mgr }} name=openssl state=present"
-  when: not openshift.common.is_atomic | bool
+  when: not etcd_is_atomic | bool
 
 - file:
     path: "{{ item }}"

+ 3 - 3
roles/etcd_certificates/tasks/client.yml

@@ -12,13 +12,13 @@
     -config {{ etcd_openssl_conf }}
     -out {{ item.etcd_cert_prefix }}client.csr
     -reqexts {{ etcd_req_ext }} -batch -nodes
-    -subj /CN={{ item.openshift.common.hostname }}
+    -subj /CN={{ item.etcd_hostname }}
   args:
     chdir: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}"
     creates: "{{ etcd_generated_certs_dir ~ '/' ~  item.etcd_cert_subdir ~ '/'
                  ~ item.etcd_cert_prefix ~ 'client.csr' }}"
   environment:
-    SAN: "IP:{{ item.openshift.common.ip }}"
+    SAN: "IP:{{ item.etcd_ip }}"
   with_items: etcd_needing_client_certs
 
 - name: Sign and create the client crt
@@ -32,7 +32,7 @@
     creates: "{{ etcd_generated_certs_dir ~ '/' ~  item.etcd_cert_subdir ~ '/'
                  ~ item.etcd_cert_prefix ~ 'client.crt' }}"
   environment:
-    SAN: "IP:{{ item.openshift.common.ip }}"
+    SAN: "IP:{{ item.etcd_ip }}"
   with_items: etcd_needing_client_certs
 
 - file:

+ 6 - 6
roles/etcd_certificates/tasks/server.yml

@@ -12,13 +12,13 @@
     -config {{ etcd_openssl_conf }}
     -out {{ item.etcd_cert_prefix }}server.csr
     -reqexts {{ etcd_req_ext }} -batch -nodes
-    -subj /CN={{ item.openshift.common.hostname }}
+    -subj /CN={{ item.etcd_hostname }}
   args:
     chdir: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}"
     creates: "{{ etcd_generated_certs_dir ~ '/' ~  item.etcd_cert_subdir ~ '/'
                  ~ item.etcd_cert_prefix ~ 'server.csr' }}"
   environment:
-    SAN: "IP:{{ etcd_host_int_map[item.inventory_hostname].interface.ipv4.address }}"
+    SAN: "IP:{{ item.etcd_ip }}"
   with_items: etcd_needing_server_certs
 
 - name: Sign and create the server crt
@@ -32,7 +32,7 @@
     creates: "{{ etcd_generated_certs_dir ~ '/' ~  item.etcd_cert_subdir ~ '/'
                  ~ item.etcd_cert_prefix ~ 'server.crt' }}"
   environment:
-    SAN: "IP:{{ etcd_host_int_map[item.inventory_hostname].interface.ipv4.address }}"
+    SAN: "IP:{{ item.etcd_ip }}"
   with_items: etcd_needing_server_certs
 
 - name: Create the peer csr
@@ -41,13 +41,13 @@
     -config {{ etcd_openssl_conf }}
     -out {{ item.etcd_cert_prefix }}peer.csr
     -reqexts {{ etcd_req_ext }} -batch -nodes
-    -subj /CN={{ item.openshift.common.hostname }}
+    -subj /CN={{ item.etcd_hostname }}
   args:
     chdir: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}"
     creates: "{{ etcd_generated_certs_dir ~ '/' ~  item.etcd_cert_subdir ~ '/'
                  ~ item.etcd_cert_prefix ~ 'peer.csr' }}"
   environment:
-    SAN: "IP:{{ etcd_host_int_map[item.inventory_hostname].interface.ipv4.address }}"
+    SAN: "IP:{{ item.etcd_ip }}"
   with_items: etcd_needing_server_certs
 
 - name: Sign and create the peer crt
@@ -61,7 +61,7 @@
     creates: "{{ etcd_generated_certs_dir ~ '/' ~  item.etcd_cert_subdir ~ '/'
                  ~ item.etcd_cert_prefix ~ 'peer.crt' }}"
   environment:
-    SAN: "IP:{{ etcd_host_int_map[item.inventory_hostname].interface.ipv4.address }}"
+    SAN: "IP:{{ item.etcd_ip }}"
   with_items: etcd_needing_server_certs
 
 - file:

+ 6 - 2
roles/etcd_common/defaults/main.yml

@@ -1,6 +1,4 @@
 ---
-etcd_peers_group: oo_etcd_to_config
-
 # etcd server vars
 etcd_conf_dir: /etc/etcd
 etcd_ca_file: "{{ etcd_conf_dir }}/ca.crt"
@@ -28,3 +26,9 @@ etcd_ca_db: "{{ etcd_ca_dir }}/index.txt"
 etcd_ca_serial: "{{ etcd_ca_dir }}/serial"
 etcd_ca_crl_number: "{{ etcd_ca_dir }}/crlnumber"
 etcd_ca_default_days: 365
+
+# etcd server & certificate vars
+etcd_hostname: "{{ inventory_hostname }}"
+etcd_ip: "{{ ansible_default_ipv4.address }}"
+etcd_is_atomic: False
+etcd_is_containerized: False

+ 0 - 13
roles/etcd_common/tasks/main.yml

@@ -1,13 +0,0 @@
----
-- set_fact:
-    etcd_host_int_map: "{{ lookup('template', '../templates/host_int_map.j2') | from_yaml }}"
-
-- fail:
-    msg: "Interface {{ item.value.etcd_interface }} not found on host {{ item.key }}"
-  when: "'etcd_interface' in item.value and 'interface' not in item.value"
-  with_dict: etcd_host_int_map | default({})
-
-- fail:
-    msg: IPv4 address not found for {{ item.value.interface.device }} on host {{ item.key }}
-  when: "'ipv4' not in item.value.interface or 'address' not in item.value.interface.ipv4"
-  with_dict: etcd_host_int_map | default({})

+ 0 - 13
roles/etcd_common/templates/host_int_map.j2

@@ -1,13 +0,0 @@
----
-{% for host in groups[etcd_peers_group] %}
-{% set entry=hostvars[host] %}
-{{ entry.inventory_hostname }}:
-{% if 'etcd_interface' in entry %}
-  etcd_interface: {{ entry.etcd_interface }}
-{% if entry.etcd_interface in entry.ansible_interfaces %}
-  interface: {{ entry['ansible_' ~ entry.etcd_interface] | to_json }}
-{% endif %}
-{% else %}
-  interface: {{ entry['ansible_' ~ entry.ansible_default_ipv4.interface] | to_json }}
-{% endif %}
-{% endfor %}

+ 1 - 1
roles/openshift_etcd/meta/main.yml

@@ -12,7 +12,7 @@ galaxy_info:
   categories:
   - cloud
 dependencies:
-- role: openshift_facts
+- role: openshift_etcd_facts
 - role: openshift_docker
   when: openshift.common.is_containerized | bool
 - role: etcd

+ 16 - 0
roles/openshift_etcd_certificates/meta/main.yml

@@ -0,0 +1,16 @@
+---
+galaxy_info:
+  author: Andrew Butcher
+  description: OpenShift etcd Certificates
+  company: Red Hat, Inc.
+  license: Apache License, Version 2.0
+  min_ansible_version: 1.9
+  platforms:
+  - name: EL
+    versions:
+    - 7
+  categories:
+  - cloud
+dependencies:
+- role: openshift_etcd_facts
+- role: etcd_certificates

+ 15 - 0
roles/openshift_etcd_facts/meta/main.yml

@@ -0,0 +1,15 @@
+---
+galaxy_info:
+  author: Andrew Butcher
+  description: OpenShift etcd Facts
+  company: Red Hat, Inc.
+  license: Apache License, Version 2.0
+  min_ansible_version: 1.9
+  platforms:
+  - name: EL
+    versions:
+    - 7
+  categories:
+  - cloud
+dependencies:
+- role: openshift_common

+ 5 - 0
roles/openshift_etcd_facts/vars/main.yml

@@ -0,0 +1,5 @@
+---
+etcd_is_containerized: "{{ openshift.common.is_containerized }}"
+etcd_is_atomic: "{{ openshift.common.is_atomic }}"
+etcd_hostname: "{{ openshift.common.hostname }}"
+etcd_ip: "{{ openshift.common.ip }}"