7 lat temu · f8664e17ef
--- a/playbooks/common/openshift-etcd/migrate.yml
+++ b/playbooks/common/openshift-etcd/migrate.yml
@@ -1,11 +1,13 @@
 
				 ---
			
 
				 - name: Run pre-checks
			
 
				   hosts: oo_etcd_to_migrate
			
 
				-  roles:
			
 
				-  - role: etcd_migrate
			
 
				-    r_etcd_migrate_action: check
			
 
				-    r_etcd_common_embedded_etcd: "{{ groups.oo_etcd_to_config | default([]) | length == 0 }}"
			
 
				-    etcd_peer: "{{ ansible_default_ipv4.address }}"
			
 
				+  tasks:
			
 
				+  - include_role:
			
 
				+      name: etcd
			
 
				+      tasks_from: migrate.pre_check
			
 
				+    vars:
			
 
				+      r_etcd_common_embedded_etcd: "{{ groups.oo_etcd_to_config | default([]) | length == 0 }}"
			
 
				+      etcd_peer: "{{ ansible_default_ipv4.address }}"
			
 
				 
			
 
				 # TODO: This will be different for release-3.6 branch
			
 
				 - name: Prepare masters for etcd data migration
			
@@ -65,25 +67,28 @@
 
				 - name: Migrate data on first etcd
			
 
				   hosts: oo_etcd_to_migrate[0]
			
 
				   gather_facts: no
			
 
				-  roles:
			
 
				-  - role: etcd_migrate
			
 
				-    r_etcd_migrate_action: migrate
			
 
				-    r_etcd_common_embedded_etcd: "{{ groups.oo_etcd_to_config | default([]) | length == 0 }}"
			
 
				-    etcd_peer: "{{ openshift.common.ip }}"
			
 
				-    etcd_url_scheme: "https"
			
 
				-    etcd_peer_url_scheme: "https"
			
 
				+  tasks:
			
 
				+  - include_role:
			
 
				+      name: etcd
			
 
				+      tasks_from: migrate
			
 
				+    vars:
			
 
				+      r_etcd_common_embedded_etcd: "{{ groups.oo_etcd_to_config | default([]) | length == 0 }}"
			
 
				+      etcd_peer: "{{ openshift.common.ip }}"
			
 
				+      etcd_url_scheme: "https"
			
 
				+      etcd_peer_url_scheme: "https"
			
 
				 
			
 
				 - name: Clean data stores on remaining etcd hosts
			
 
				   hosts: oo_etcd_to_migrate[1:]
			
 
				   gather_facts: no
			
 
				-  roles:
			
 
				-  - role: etcd_migrate
			
 
				-    r_etcd_migrate_action: clean_data
			
 
				-    r_etcd_common_embedded_etcd: "{{ groups.oo_etcd_to_config | default([]) | length == 0 }}"
			
 
				-    etcd_peer: "{{ openshift.common.ip }}"
			
 
				-    etcd_url_scheme: "https"
			
 
				-    etcd_peer_url_scheme: "https"
			
 
				-  post_tasks:
			
 
				+  tasks:
			
 
				+  - include_role:
			
 
				+      name: etcd
			
 
				+      tasks_from: clean_data
			
 
				+    vars:
			
 
				+      r_etcd_common_embedded_etcd: "{{ groups.oo_etcd_to_config | default([]) | length == 0 }}"
			
 
				+      etcd_peer: "{{ openshift.common.ip }}"
			
 
				+      etcd_url_scheme: "https"
			
 
				+      etcd_peer_url_scheme: "https"
			
 
				   - name: Add etcd hosts
			
 
				     delegate_to: localhost
			
 
				     add_host:
			
@@ -112,21 +117,23 @@
 
				 
			
 
				 - name: Add TTLs on the first master
			
 
				   hosts: oo_first_master[0]
			
 
				-  roles:
			
 
				-  - role: etcd_migrate
			
 
				-    r_etcd_migrate_action: add_ttls
			
 
				-    etcd_peer: "{{ hostvars[groups.oo_etcd_to_migrate.0].openshift.common.ip }}"
			
 
				-    etcd_url_scheme: "https"
			
 
				-    etcd_peer_url_scheme: "https"
			
 
				+  tasks:
			
 
				+  - include_role:
			
 
				+      name: etcd
			
 
				+      tasks_from: migrate.add_ttls
			
 
				+    vars:
			
 
				+      etcd_peer: "{{ hostvars[groups.oo_etcd_to_migrate.0].openshift.common.ip }}"
			
 
				+      etcd_url_scheme: "https"
			
 
				+      etcd_peer_url_scheme: "https"
			
 
				     when: etcd_migration_failed | length == 0
			
 
				 
			
 
				 - name: Configure masters if etcd data migration is succesfull
			
 
				   hosts: oo_masters_to_config
			
 
				-  roles:
			
 
				-  - role: etcd_migrate
			
 
				-    r_etcd_migrate_action: configure
			
 
				-    when: etcd_migration_failed | length == 0
			
 
				   tasks:
			
 
				+  - include_role:
			
 
				+      name: etcd
			
 
				+      tasks_from: migrate.configure_master
			
 
				+    when: etcd_migration_failed | length == 0
			
 
				   - debug:
			
 
				       msg: "Skipping master re-configuration since migration failed."
			
 
				     when:
			
--- a/roles/etcd/meta/main.yml
+++ b/roles/etcd/meta/main.yml
@@ -18,4 +18,5 @@ galaxy_info:
 
				 dependencies:
			
 
				 - role: lib_openshift
			
 
				 - role: lib_os_firewall
			
 
				+- role: lib_utils
			
 
				 - role: etcd_common
			
--- a/roles/etcd/tasks/auxiliary/clean_data.yml
+++ b/roles/etcd/tasks/auxiliary/clean_data.yml
--- a/roles/etcd/tasks/clean_data.yml
+++ b/roles/etcd/tasks/clean_data.yml
@@ -0,0 +1,2 @@
 
				+---
			
 
				+- include: auxiliary/clean_data.yml
			
--- a/roles/etcd/tasks/migrate.add_ttls.yml
+++ b/roles/etcd/tasks/migrate.add_ttls.yml
@@ -0,0 +1,2 @@
 
				+---
			
 
				+- include: migration/add_ttls.yml
			
--- a/roles/etcd/tasks/migrate.configure_master.yml
+++ b/roles/etcd/tasks/migrate.configure_master.yml
@@ -0,0 +1,2 @@
 
				+---
			
 
				+- include: migration/configure_master.yml
			
--- a/roles/etcd/tasks/migrate.pre_check.yml
+++ b/roles/etcd/tasks/migrate.pre_check.yml
@@ -0,0 +1,2 @@
 
				+---
			
 
				+- include: migration/check.yml
			
--- a/roles/etcd/tasks/migrate.yml
+++ b/roles/etcd/tasks/migrate.yml
@@ -0,0 +1,2 @@
 
				+---
			
 
				+- include: migration/migrate.yml
			
--- a/roles/etcd_migrate/tasks/add_ttls.yml
+++ b/roles/etcd_migrate/tasks/add_ttls.yml
@@ -8,6 +8,7 @@
 
				     accessTokenMaxAgeSeconds: "{{ (g_master_config_output.content|b64decode|from_yaml).oauthConfig.tokenConfig.accessTokenMaxAgeSeconds | default(86400) }}"
			
 
				     authroizeTokenMaxAgeSeconds: "{{ (g_master_config_output.content|b64decode|from_yaml).oauthConfig.tokenConfig.authroizeTokenMaxAgeSeconds | default(500) }}"
			
 
				     controllerLeaseTTL: "{{ (g_master_config_output.content|b64decode|from_yaml).controllerLeaseTTL | default(30) }}"
			
 
				+
			
 
				 - name: Re-introduce leases (as a replacement for key TTLs)
			
 
				   command: >
			
 
				     oadm migrate etcd-ttl \
			
--- a/roles/etcd/tasks/migration/check.yml
+++ b/roles/etcd/tasks/migration/check.yml
--- a/roles/etcd/tasks/migration/check_cluster_health.yml
+++ b/roles/etcd/tasks/migration/check_cluster_health.yml
--- a/roles/etcd/tasks/migration/check_cluster_status.yml
+++ b/roles/etcd/tasks/migration/check_cluster_status.yml
--- a/roles/etcd/tasks/migration/configure_master.yml
+++ b/roles/etcd/tasks/migration/configure_master.yml
--- a/roles/etcd/tasks/migration/migrate.yml
+++ b/roles/etcd/tasks/migration/migrate.yml
--- a/roles/etcd_migrate/README.md
+++ b/roles/etcd_migrate/README.md
@@ -1,53 +0,0 @@
 
				-Role Name
			
 
				-=========
			
 
				-
			
 
				-Offline etcd migration of data from v2 to v3
			
 
				-
			
 
				-Requirements
			
 
				-------------
			
 
				-
			
 
				-It is expected all consumers of the etcd data are not accessing the data.
			
 
				-Otherwise the migrated data can be out-of-sync with the v2 and can result in unhealthy etcd cluster.
			
 
				-
			
 
				-The role itself is responsible for:
			
 
				-- checking etcd cluster health and raft status before the migration
			
 
				-- checking of presence of any v3 data (in that case the migration is stopped)
			
 
				-- migration of v2 data to v3 data (including attaching leases of keys prefixed with "/kubernetes.io/events" and "/kubernetes.io/masterleases" string)
			
 
				-- validation of migrated data (all v2 keys and in v3 keys and are set to the identical value)
			
 
				-
			
 
				-The migration itself requires an etcd member to be down in the process. Once the migration is done, the etcd member is started.
			
 
				-
			
 
				-Role Variables
			
 
				---------------
			
 
				-
			
 
				-TBD
			
 
				-
			
 
				-Dependencies
			
 
				-------------
			
 
				-
			
 
				-- etcd_common
			
 
				-- lib_utils
			
 
				-
			
 
				-Example Playbook
			
 
				-----------------
			
 
				-
			
 
				-```yaml
			
 
				-- name: Migrate etcd data from v2 to v3
			
 
				-  hosts: oo_etcd_to_config
			
 
				-  gather_facts: no
			
 
				-  tasks:
			
 
				-  - include_role:
			
 
				-      name: openshift_etcd_migrate
			
 
				-    vars:
			
 
				-      etcd_peer: "{{ ansible_default_ipv4.address }}"
			
 
				-```
			
 
				-
			
 
				-License
			
 
				--------
			
 
				-
			
 
				-Apache License, Version 2.0
			
 
				-
			
 
				-Author Information
			
 
				-------------------
			
 
				-
			
 
				-Jan Chaloupka (jchaloup@redhat.com)
			
--- a/roles/etcd_migrate/defaults/main.yml
+++ b/roles/etcd_migrate/defaults/main.yml
@@ -1,3 +0,0 @@
 
				----
			
 
				-# Default action when calling this role, choices: check, migrate, configure
			
 
				-r_etcd_migrate_action: migrate
			
--- a/roles/etcd_migrate/meta/main.yml
+++ b/roles/etcd_migrate/meta/main.yml
@@ -1,17 +0,0 @@
 
				----
			
 
				-galaxy_info:
			
 
				-  author: Jan Chaloupka
			
 
				-  description: Etcd migration
			
 
				-  company: Red Hat, Inc.
			
 
				-  license: Apache License, Version 2.0
			
 
				-  min_ansible_version: 2.1
			
 
				-  platforms:
			
 
				-  - name: EL
			
 
				-    versions:
			
 
				-    - 7
			
 
				-  categories:
			
 
				-  - cloud
			
 
				-  - system
			
 
				-dependencies:
			
 
				-- { role: etcd_common }
			
 
				-- { role: lib_utils }
			
--- a/roles/etcd_migrate/tasks/main.yml
+++ b/roles/etcd_migrate/tasks/main.yml
@@ -1,25 +0,0 @@
 
				----
			
 
				-- name: Fail if invalid r_etcd_migrate_action provided
			
 
				-  fail:
			
 
				-    msg: "etcd_migrate role can only be called with 'check', 'migrate', 'configure', 'add_ttls', or 'clean_data'"
			
 
				-  when: r_etcd_migrate_action not in ['check', 'migrate', 'configure', 'add_ttls', 'clean_data']
			
 
				-
			
 
				-- name: Include main action task file
			
 
				-  include: "{{ r_etcd_migrate_action }}.yml"
			
 
				-
			
 
				-# 2. migrate v2 datadir into v3:
			
 
				-#   ETCDCTL_API=3 ./etcdctl migrate  --data-dir=${data_dir} --no-ttl
			
 
				-#   backup the etcd datadir first
			
 
				-#   Provide a way for an operator to specify transformer
			
 
				-
			
 
				-# 3. re-configure OpenShift master at /etc/origin/master/master-config.yml
			
 
				-#   set storage-backend to “etcd3”
			
 
				-# 4. we could leave the master restart to current logic (there is already the code ready (single vs. HA master))
			
 
				-
			
 
				-# Run
			
 
				-# etcdctl --cert-file /etc/etcd/peer.crt --key-file /etc/etcd/peer.key --ca-file /etc/etcd/ca.crt --endpoint https://172.16.186.45:2379 cluster-health
			
 
				-# to check the cluster health (from the etcdctl.sh aliases file)
			
 
				-
			
 
				-# Another assumption:
			
 
				-# - in order to migrate all etcd v2 data into v3, we need to shut down the cluster (let's verify that on Wednesday meeting)
			
 
				-# -