Merge pull request #3817 from ingvagabund/polish-etcd-role

Refactor etcd roles

playbooks/byo/openshift-etcd/config.yml

@@ -0,0 +1,14 @@
+---
+- include: ../openshift-cluster/initialize_groups.yml
+  tags:
+  - always
+
+- include: ../../common/openshift-cluster/std_include.yml
+  tags:
+  - always
+
+- include: ../../common/openshift-etcd/config.yml
+  vars:
+    openshift_cluster_id: "{{ cluster_id | default('default') }}"
+    openshift_debug_level: "{{ debug_level | default(2) }}"
+    openshift_deployment_subtype: "{{ deployment_subtype | default(none) }}"

roles/etcd/defaults/main.yaml

@@ -13,5 +13,4 @@ etcd_listen_peer_urls: "{{ etcd_peer_url_scheme }}://{{ etcd_ip }}:{{ etcd_peer_
 etcd_advertise_client_urls: "{{ etcd_url_scheme }}://{{ etcd_ip }}:{{ etcd_client_port }}"
 etcd_listen_client_urls: "{{ etcd_url_scheme }}://{{ etcd_ip }}:{{ etcd_client_port }}"
 
-etcd_data_dir: /var/lib/etcd/
 etcd_systemd_dir: "/etc/systemd/system/{{ etcd_service }}.service.d"

roles/etcd/files/etcdctl.sh

@@ -1,11 +0,0 @@
-#!/bin/bash
-# Sets up handy aliases for etcd, need etcdctl2 and etcdctl3 because
-# command flags are different between the two. Should work on stand
-# alone etcd hosts and master + etcd hosts too because we use the peer keys.
-etcdctl2() {
- /usr/bin/etcdctl --cert-file /etc/etcd/peer.crt --key-file /etc/etcd/peer.key --ca-file /etc/etcd/ca.crt -C https://`hostname`:2379 ${@}
-}
-
-etcdctl3() {
- ETCDCTL_API=3 /usr/bin/etcdctl --cert /etc/etcd/peer.crt --key /etc/etcd/peer.key --cacert /etc/etcd/ca.crt --endpoints https://`hostname`:2379 ${@}
-}

roles/etcd/meta/main.yml

@@ -24,3 +24,4 @@ dependencies:
   - service: etcd peering
     port: "{{ etcd_peer_port }}/tcp"
 - role: etcd_server_certificates
+- role: etcd_common

roles/etcd/tasks/etcdctl.yml

@@ -4,9 +4,9 @@
   when: not openshift.common.is_atomic | bool
 
 - name: Configure etcd profile.d alises
-  copy:
-    src: etcdctl.sh
-    dest: /etc/profile.d/etcdctl.sh
+  template:
+    dest: "/etc/profile.d/etcdctl.sh"
+    src: etcdctl.sh.j2
     mode: 0755
     owner: root
     group: root

roles/etcd/tasks/main.yml

@@ -10,51 +10,45 @@
   package: name=etcd{{ '-' + etcd_version if etcd_version is defined else '' }} state=present
   when: not etcd_is_containerized | bool
 
-- name: Pull etcd container
-  command: docker pull {{ openshift.etcd.etcd_image }}
-  register: pull_result
-  changed_when: "'Downloaded newer image' in pull_result.stdout"
+- block:
+  - name: Pull etcd container
+    command: docker pull {{ openshift.etcd.etcd_image }}
+    register: pull_result
+    changed_when: "'Downloaded newer image' in pull_result.stdout"
+
+  - name: Install etcd container service file
+    template:
+      dest: "/etc/systemd/system/etcd_container.service"
+      src: etcd.docker.service
   when:
   - etcd_is_containerized | bool
   - not openshift.common.is_etcd_system_container | bool
 
-- name: Install etcd container service file
-  template:
-    dest: "/etc/systemd/system/etcd_container.service"
-    src: etcd.docker.service
-  when:
-  - etcd_is_containerized | bool
-  - not openshift.common.is_etcd_system_container | bool
-
-
 # Start secondary etcd instance for third party integrations
 # TODO: Determine an alternative to using thirdparty variable
-
-- name: Create configuration directory
-  file:
-    path: "{{ etcd_conf_dir }}"
-    state: directory
-    mode: 0700
-  when: etcd_is_thirdparty | bool
+- block:
+  - name: Create configuration directory
+    file:
+      path: "{{ etcd_conf_dir }}"
+      state: directory
+      mode: 0700
 
   # TODO: retest with symlink to confirm it does or does not function
-- name: Copy service file for etcd instance
-  copy:
-    src: /usr/lib/systemd/system/etcd.service
-    dest: "/etc/systemd/system/{{ etcd_service }}.service"
-    remote_src: True
-  when: etcd_is_thirdparty | bool
-
-- name: Create third party etcd service.d directory exists
-  file:
-    path: "{{ etcd_systemd_dir }}"
-    state: directory
-  when: etcd_is_thirdparty | bool
-
-- name: Configure third part etcd service unit file
-  template:
-    dest: "{{ etcd_systemd_dir }}/custom.conf"
-    src: custom.conf.j2
+  - name: Copy service file for etcd instance
+    copy:
+      src: /usr/lib/systemd/system/etcd.service
+      dest: "/etc/systemd/system/{{ etcd_service }}.service"
+      remote_src: True
+
+  - name: Create third party etcd service.d directory exists
+    file:
+      path: "{{ etcd_systemd_dir }}"
+      state: directory
+
+  - name: Configure third part etcd service unit file
+    template:
+      dest: "{{ etcd_systemd_dir }}/custom.conf"
+      src: custom.conf.j2
   when: etcd_is_thirdparty
 
   # TODO: this task may not be needed with Validate permissions
@@ -80,28 +74,28 @@
   command: systemctl daemon-reload
   when: etcd_is_thirdparty | bool
 
-- name: Disable system etcd when containerized
-  systemd:
-    name: etcd
-    state: stopped
-    enabled: no
-    masked: yes
-    daemon_reload: yes
-  when:
-  - etcd_is_containerized | bool
-  - not openshift.common.is_etcd_system_container | bool
-  register: task_result
-  failed_when: "task_result|failed and 'could not' not in task_result.msg|lower"
-
-- name: Install etcd container service file
-  template:
-    dest: "/etc/systemd/system/etcd_container.service"
-    src: etcd.docker.service
-  when: etcd_is_containerized | bool and not openshift.common.is_etcd_system_container | bool
-
-- name: Install Etcd system container
-  include: system_container.yml
-  when: etcd_is_containerized | bool and openshift.common.is_etcd_system_container | bool
+- block:
+  - name: Disable system etcd when containerized
+    systemd:
+      name: etcd
+      state: stopped
+      enabled: no
+      masked: yes
+      daemon_reload: yes
+    when: not openshift.common.is_etcd_system_container | bool
+    register: task_result
+    failed_when: "task_result|failed and 'could not' not in task_result.msg|lower"
+
+  - name: Install etcd container service file
+    template:
+      dest: "/etc/systemd/system/etcd_container.service"
+      src: etcd.docker.service
+    when: not openshift.common.is_etcd_system_container | bool
+
+  - name: Install Etcd system container
+    include: system_container.yml
+    when: openshift.common.is_etcd_system_container | bool
+  when: etcd_is_containerized | bool
 
 - name: Validate permissions on the config dir
   file:

roles/etcd/templates/etcd.docker.service

@@ -5,9 +5,9 @@ Requires=docker.service
 PartOf=docker.service
 
 [Service]
-EnvironmentFile=/etc/etcd/etcd.conf
+EnvironmentFile={{ etcd_conf_file }}
 ExecStartPre=-/usr/bin/docker rm -f {{ etcd_service }}
-ExecStart=/usr/bin/docker run --name {{ etcd_service }} --rm -v /var/lib/etcd:/var/lib/etcd:z -v /etc/etcd:/etc/etcd:ro --env-file=/etc/etcd/etcd.conf --net=host --entrypoint=/usr/bin/etcd {{ openshift.etcd.etcd_image }}
+ExecStart=/usr/bin/docker run --name {{ etcd_service }} --rm -v {{ etcd_data_dir }}:{{ etcd_data_dir }}:z -v {{ etcd_conf_dir }}:{{ etcd_conf_dir }}:ro --env-file={{ etcd_conf_file }} --net=host --entrypoint=/usr/bin/etcd {{ openshift.etcd.etcd_image }}
 ExecStop=/usr/bin/docker stop {{ etcd_service }}
 SyslogIdentifier=etcd_container
 Restart=always

roles/etcd/templates/etcdctl.sh.j2

@@ -0,0 +1,12 @@
+#!/bin/bash
+# Sets up handy aliases for etcd, need etcdctl2 and etcdctl3 because
+# command flags are different between the two. Should work on stand
+# alone etcd hosts and master + etcd hosts too because we use the peer keys.
+etcdctl2() {
+ /usr/bin/etcdctl --cert-file {{ etcd_peer_cert_file }} --key-file {{ etcd_peer_key_file }} --ca-file {{ etcd_peer_ca_file }} -C https://`hostname`:2379 ${@}
+
+}
+
+etcdctl3() {
+ ETCDCTL_API=3 /usr/bin/etcdctl --cert {{ etcd_peer_cert_file }} --key {{ etcd_peer_key_file }} --cacert {{ etcd_peer_ca_file }} --endpoints https://`hostname`:2379 ${@}
+}

roles/etcd_common/defaults/main.yml

@@ -35,3 +35,6 @@ etcd_ip: "{{ ansible_default_ipv4.address }}"
 etcd_is_atomic: False
 etcd_is_containerized: False
 etcd_is_thirdparty: False
+
+# etcd dir vars
+etcd_data_dir: /var/lib/etcd/

roles/etcd_server_certificates/meta/main.yml

@@ -13,4 +13,4 @@ galaxy_info:
   - cloud
   - system
 dependencies:
-- role: openshift_etcd_ca
+- role: etcd_ca

roles/openshift_etcd_ca/tasks/main.yml

@@ -1 +0,0 @@
----