Consolidate etcd certs roles

This is a part of the etcd_ like role consolidationi into an action-based role.
As part of the consilidation some roles have been removed and some replaced by
include_role module. Resulting in reorder and shift of role dependencies
from a role into a play.

playbooks/common/openshift-cluster/redeploy-certificates/etcd-ca.yml

@@ -37,10 +37,17 @@
 - name: Generate new etcd CA
   hosts: oo_first_etcd
   roles:
-  - role: openshift_etcd_ca
-    etcd_peers: "{{ groups.oo_etcd_to_config | default([], true) }}"
-    etcd_ca_host: "{{ groups.oo_etcd_to_config.0 }}"
-    etcd_certificates_etcd_hosts: "{{ groups.oo_etcd_to_config | default([], true) }}"
+  - role: openshift_etcd_facts
+  tasks:
+  - include_role:
+      name: etcd
+      tasks_from: ca
+    vars:
+      etcd_peers: "{{ groups.oo_etcd_to_config | default([], true) }}"
+      etcd_ca_host: "{{ groups.oo_etcd_to_config.0 }}"
+      etcd_certificates_etcd_hosts: "{{ groups.oo_etcd_to_config | default([], true) }}"
+    when:
+    - etcd_ca_setup | default(True) | bool
 
 - name: Create temp directory for syncing certs
   hosts: localhost

playbooks/common/openshift-cluster/redeploy-certificates/etcd.yml

@@ -45,19 +45,23 @@
 - name: Redeploy etcd certificates
   hosts: oo_etcd_to_config
   any_errors_fatal: true
-  roles:
-    - role: openshift_etcd_server_certificates
-      etcd_certificates_redeploy: true
-      etcd_ca_host: "{{ groups.oo_etcd_to_config.0 }}"
-      etcd_peers: "{{ groups.oo_etcd_to_config | default([], true) }}"
-      etcd_certificates_etcd_hosts: "{{ groups.oo_etcd_to_config | default([], true) }}"
-      openshift_ca_host: "{{ groups.oo_first_master.0 }}"
-      r_etcd_common_etcd_runtime: "{{ openshift.common.etcd_runtime }}"
+  tasks:
+    - include_role:
+        name: etcd
+        tasks_from: server_certificates
+      vars:
+        etcd_certificates_redeploy: true
+        etcd_ca_host: "{{ groups.oo_etcd_to_config.0 }}"
+        etcd_peers: "{{ groups.oo_etcd_to_config | default([], true) }}"
+        etcd_certificates_etcd_hosts: "{{ groups.oo_etcd_to_config | default([], true) }}"
+        openshift_ca_host: "{{ groups.oo_first_master.0 }}"
+        r_etcd_common_etcd_runtime: "{{ openshift.common.etcd_runtime }}"
 
 - name: Redeploy etcd client certificates for masters
   hosts: oo_masters_to_config
   any_errors_fatal: true
   roles:
+    - role: openshift_etcd_facts
     - role: openshift_etcd_client_certificates
       etcd_certificates_redeploy: true
       etcd_ca_host: "{{ groups.oo_etcd_to_config.0 }}"

playbooks/common/openshift-master/config.yml

@@ -192,6 +192,7 @@
   - role: openshift_master_facts
   - role: openshift_hosted_facts
   - role: openshift_master_certificates
+  - role: openshift_etcd_facts
   - role: openshift_etcd_client_certificates
     etcd_cert_subdir: "openshift-master-{{ openshift.common.hostname }}"
     etcd_cert_config_dir: "{{ openshift.common.config_base }}/master"
@@ -215,6 +216,8 @@
     openshift_master_default_registry_value: "{{ hostvars[groups.oo_first_master.0].l_default_registry_value }}"
     openshift_master_default_registry_value_api: "{{ hostvars[groups.oo_first_master.0].l_default_registry_value_api }}"
     openshift_master_default_registry_value_controllers: "{{ hostvars[groups.oo_first_master.0].l_default_registry_value_controllers }}"
+  - role: nuage_ca
+  - role: nuage_common
   - role: nuage_master
     when: openshift_use_nuage | default(false) | bool
   - role: calico_master

playbooks/common/openshift-node/config.yml

@@ -65,12 +65,16 @@
   vars:
     openshift_node_master_api_url: "{{ hostvars[groups.oo_first_master.0].openshift.master.api_url }}"
   roles:
-  - role: flannel
-    etcd_urls: "{{ hostvars[groups.oo_first_master.0].openshift.master.etcd_urls }}"
-    embedded_etcd: "{{ hostvars[groups.oo_first_master.0].openshift.master.embedded_etcd }}"
+  - role: openshift_facts
+  - role: openshift_etcd_facts
+  - role: openshift_etcd_client_certificates
+    etcd_cert_prefix: flannel.etcd-
     etcd_ca_host: "{{ groups.oo_etcd_to_config.0 }}"
     etcd_cert_subdir: "openshift-node-{{ openshift.common.hostname }}"
     etcd_cert_config_dir: "{{ openshift.common.config_base }}/node"
+  - role: flannel
+    etcd_urls: "{{ hostvars[groups.oo_first_master.0].openshift.master.etcd_urls }}"
+    embedded_etcd: "{{ hostvars[groups.oo_first_master.0].openshift.master.embedded_etcd }}"
     when: openshift_use_flannel | default(false) | bool
   - role: calico
     when: openshift_use_calico | default(false) | bool

roles/calico/tasks/main.yml

@@ -2,10 +2,14 @@
 - name: Calico Node | Error if invalid cert arguments
   fail:
     msg: "Must provide all or none for the following etcd params: calico_etcd_cert_dir, calico_etcd_ca_cert_file, calico_etcd_cert_file, calico_etcd_key_file, calico_etcd_endpoints"
-  when: (calico_etcd_cert_dir is defined or calico_etcd_ca_cert_file is defined or calico_etcd_cert_file is defined or calico_etcd_key_file is defined or calico_etcd_endpoints is defined) and not (calico_etcd_cert_dir is defined and calico_etcd_ca_cert_file is defined and calico_etcd_cert_file is defined and calico_etcd_key_file is defined and calico_etcd_endpoints is defined)
+  when:
+  - calico_etcd_cert_dir is defined or calico_etcd_ca_cert_file is defined or calico_etcd_cert_file is defined or calico_etcd_key_file is defined or calico_etcd_endpoints is defined
+  - not (calico_etcd_cert_dir is defined and calico_etcd_ca_cert_file is defined and calico_etcd_cert_file is defined and calico_etcd_key_file is defined and calico_etcd_endpoints is defined)
 
 - name: Calico Node | Generate OpenShift-etcd certs
-  include: ../../../roles/etcd_client_certificates/tasks/main.yml
+  include_role:
+    name: etcd
+    tasks_from: client_certificates
   when: calico_etcd_ca_cert_file is not defined or calico_etcd_cert_file is not defined or calico_etcd_key_file is not defined or calico_etcd_endpoints is not defined or calico_etcd_cert_dir is not defined
   vars:
     etcd_cert_prefix: calico.etcd-
@@ -28,18 +32,18 @@
     msg: "Invalid etcd configuration for calico."
   when: item is not defined or item == ''
   with_items:
-    - calico_etcd_ca_cert_file
-    - calico_etcd_cert_file
-    - calico_etcd_key_file
-    - calico_etcd_endpoints
+  - calico_etcd_ca_cert_file
+  - calico_etcd_cert_file
+  - calico_etcd_key_file
+  - calico_etcd_endpoints
 
 - name: Calico Node | Assure the calico certs are present
   stat:
     path: "{{ item }}"
   with_items:
-    - "{{ calico_etcd_ca_cert_file }}"
-    - "{{ calico_etcd_cert_file }}"
-    - "{{ calico_etcd_key_file }}"
+  - "{{ calico_etcd_ca_cert_file }}"
+  - "{{ calico_etcd_cert_file }}"
+  - "{{ calico_etcd_key_file }}"
 
 - name: Calico Node | Configure Calico service unit file
   template:

roles/etcd/meta/main.yml

@@ -18,5 +18,4 @@ galaxy_info:
 dependencies:
 - role: lib_openshift
 - role: lib_os_firewall
-- role: etcd_server_certificates
 - role: etcd_common

roles/etcd/tasks/ca.yml

@@ -0,0 +1,2 @@
+---
+- include: ca/deploy.yml

roles/etcd_ca/tasks/main.yml

@@ -1,6 +1,8 @@
 ---
 - name: Install openssl
-  package: name=openssl state=present
+  package:
+    name: openssl
+    state: present
   when: not etcd_is_atomic | bool
   delegate_to: "{{ etcd_ca_host }}"
   run_once: true

roles/etcd/tasks/client_certificates.yml

@@ -0,0 +1,2 @@
+---
+- include: client_certificates/fetch_from_ca.yml

roles/etcd_client_certificates/tasks/main.yml

@@ -9,7 +9,7 @@
 - fail:
     msg: >
       CA certificate {{ etcd_ca_cert }} doesn't exist on CA host
-      {{ etcd_ca_host }}. Apply 'etcd_ca' role to
+      {{ etcd_ca_host }}. Apply 'etcd_ca' action from `etcd` role to
       {{ etcd_ca_host }}.
   when: not g_ca_cert_stat_result.stat.exists | bool
   run_once: true

roles/etcd/tasks/main.yml

@@ -1,4 +1,6 @@
 ---
+- include: server_certificates.yml
+
 - name: Set hostname and ip facts
   set_fact:
     # Store etcd_hostname and etcd_ip such that they will be available

roles/etcd/tasks/server_certificates.yml

@@ -0,0 +1,2 @@
+---
+- include: server_certificates/fetch_from_ca.yml

roles/etcd_server_certificates/tasks/main.yml

@@ -1,6 +1,12 @@
 ---
+- include: ../ca/deploy.yml
+  when:
+  - etcd_ca_setup | default(True) | bool
+
 - name: Install etcd
-  package: name=etcd{{ '-' + etcd_version if etcd_version is defined else '' }} state=present
+  package:
+    name: "etcd{{ '-' + etcd_version if etcd_version is defined else '' }}"
+    state: present
   when: not etcd_is_containerized | bool
 
 - name: Check status of etcd certificates

roles/etcd_ca/README.md

@@ -1,34 +0,0 @@
-etcd_ca
-========================
-
-TODO
-
-Requirements
-------------
-
-TODO
-
-Role Variables
---------------
-
-TODO
-
-Dependencies
-------------
-
-TODO
-
-Example Playbook
-----------------
-
-TODO
-
-License
--------
-
-Apache License Version 2.0
-
-Author Information
-------------------
-
-Scott Dodson (sdodson@redhat.com)

roles/etcd_ca/meta/main.yml

@@ -1,16 +0,0 @@
----
-galaxy_info:
-  author: Jason DeTiberus
-  description: Etcd CA
-  company: Red Hat, Inc.
-  license: Apache License, Version 2.0
-  min_ansible_version: 2.1
-  platforms:
-  - name: EL
-    versions:
-    - 7
-  categories:
-  - cloud
-  - system
-dependencies:
-- role: etcd_common

roles/etcd_client_certificates/README.md

@@ -1,34 +0,0 @@
-OpenShift Etcd Certificates
-===========================
-
-TODO
-
-Requirements
-------------
-
-TODO
-
-Role Variables
---------------
-
-TODO
-
-Dependencies
-------------
-
-TODO
-
-Example Playbook
-----------------
-
-TODO
-
-License
--------
-
-Apache License Version 2.0
-
-Author Information
-------------------
-
-Scott Dodson (sdodson@redhat.com)

roles/etcd_client_certificates/meta/main.yml

@@ -1,16 +0,0 @@
----
-galaxy_info:
-  author: Jason DeTiberus
-  description: Etcd Client Certificates
-  company: Red Hat, Inc.
-  license: Apache License, Version 2.0
-  min_ansible_version: 2.1
-  platforms:
-  - name: EL
-    versions:
-    - 7
-  categories:
-  - cloud
-  - system
-dependencies:
-- role: etcd_common

roles/etcd_server_certificates/README.md

@@ -1,34 +0,0 @@
-OpenShift Etcd Certificates
-===========================
-
-TODO
-
-Requirements
-------------
-
-TODO
-
-Role Variables
---------------
-
-TODO
-
-Dependencies
-------------
-
-TODO
-
-Example Playbook
-----------------
-
-TODO
-
-License
--------
-
-Apache License Version 2.0
-
-Author Information
-------------------
-
-Scott Dodson (sdodson@redhat.com)

roles/etcd_server_certificates/meta/main.yml

@@ -1,17 +0,0 @@
----
-galaxy_info:
-  author: Jason DeTiberus
-  description: Etcd Server Certificates
-  company: Red Hat, Inc.
-  license: Apache License, Version 2.0
-  min_ansible_version: 2.1
-  platforms:
-  - name: EL
-    versions:
-    - 7
-  categories:
-  - cloud
-  - system
-dependencies:
-- role: etcd_ca
-  when: (etcd_ca_setup | default(True) | bool)

roles/flannel/README.md

@@ -27,8 +27,6 @@ Role Variables
 Dependencies
 ------------
 
-openshift_facts
-
 Example Playbook
 ----------------
 

roles/flannel/meta/main.yml

@@ -12,7 +12,4 @@ galaxy_info:
   categories:
   - cloud
   - system
-dependencies:
-- role: openshift_facts
-- role: openshift_etcd_client_certificates
-  etcd_cert_prefix: flannel.etcd-
+dependencies: []

roles/nuage_master/meta/main.yml

@@ -13,8 +13,5 @@ galaxy_info:
   - cloud
   - system
 dependencies:
-- role: nuage_ca
-- role: nuage_common
-- role: openshift_etcd_client_certificates
 - role: lib_openshift
 - role: lib_os_firewall

roles/openshift_etcd_ca/meta/main.yml

@@ -1,18 +0,0 @@
----
-galaxy_info:
-  author: Tim Bielawa
-  description: Meta role around the etcd_ca role
-  company: Red Hat, Inc.
-  license: Apache License, Version 2.0
-  min_ansible_version: 2.2
-  platforms:
-  - name: EL
-    versions:
-    - 7
-  categories:
-  - cloud
-  - system
-dependencies:
-- role: openshift_etcd_facts
-- role: etcd_ca
-  when: (etcd_ca_setup | default(True) | bool)

roles/openshift_etcd_client_certificates/meta/main.yml

@@ -11,6 +11,4 @@ galaxy_info:
     - 7
   categories:
   - cloud
-dependencies:
-- role: openshift_etcd_facts
-- role: etcd_client_certificates
+dependencies: []

roles/openshift_etcd_client_certificates/tasks/main.yml

@@ -0,0 +1,4 @@
+---
+- include_role:
+    name: etcd
+    tasks_from: client_certificates

roles/openshift_etcd_server_certificates/meta/main.yml

@@ -1,16 +0,0 @@
----
-galaxy_info:
-  author: Jason DeTiberus
-  description: OpenShift Etcd Server Certificates
-  company: Red Hat, Inc.
-  license: Apache License, Version 2.0
-  min_ansible_version: 2.1
-  platforms:
-  - name: EL
-    versions:
-    - 7
-  categories:
-  - cloud
-dependencies:
-- role: openshift_etcd_facts
-- role: etcd_server_certificates