Главная Обзор Помощь
Регистрация Вход
shixiong
/
okd
1
0
Ответвить 0
Файлы Задачи 0 Запросы на слияние 0 Вики
Дерево: 2c608429d8
Ветки Метки
okd
/
playbooks
/
common
/
openshift-etcd
/
config.yml

config.yml 3.7 KB
История Исходник

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116 
  1. ---
    2. 

  2. - name: Set etcd facts needed for generating certs
    3. 

  3.   hosts: oo_etcd_to_config
    4. 

  4.   roles:
    5. 

  5.   - openshift_facts
    6. 

  6.   tasks:
    7. 

  7.   - openshift_facts:
    8. 

  8.       role: etcd
    9. 

  9.       local_facts:
    10. 

  10.         etcd_image: "{{ osm_etcd_image | default(None) }}"
    11. 

  11.   - name: Check status of etcd certificates
    12. 

  12.     stat:
    13. 

  13.       path: "{{ item }}"
    14. 

  14.     with_items:
    15. 

  15.     - /etc/etcd/server.crt
    16. 

  16.     - /etc/etcd/peer.crt
    17. 

  17.     - /etc/etcd/ca.crt
    18. 

  18.     register: g_etcd_server_cert_stat_result
    19. 

  19.   - set_fact:
    20. 

  20.       etcd_server_certs_missing: "{{ g_etcd_server_cert_stat_result.results | oo_collect(attribute='stat.exists')
    21. 

  21.                                     | list | intersect([false])}}"
    22. 

  22.       etcd_cert_subdir: etcd-{{ openshift.common.hostname }}
    23. 

  23.       etcd_cert_config_dir: /etc/etcd
    24. 

  24.       etcd_cert_prefix:
    25. 

  25. 

  26. - name: Create temp directory for syncing certs
    27. 

  27.   hosts: localhost
    28. 

  28.   connection: local
    29. 

  29.   become: no
    30. 

  30.   gather_facts: no
    31. 

  31.   tasks:
    32. 

  32.   - name: Create local temp directory for syncing certs
    33. 

  33.     local_action: command mktemp -d /tmp/openshift-ansible-XXXXXXX
    34. 

  34.     register: g_etcd_mktemp
    35. 

  35.     changed_when: False
    36. 

  36. 

  37. - name: Configure etcd certificates
    38. 

  38.   hosts: oo_first_etcd
    39. 

  39.   vars:
    40. 

  40.     etcd_generated_certs_dir: /etc/etcd/generated_certs
    41. 

  41.     etcd_needing_server_certs: "{{ hostvars
    42. 

  42.                                   | oo_select_keys(groups['oo_etcd_to_config'])
    43. 

  43.                                   | oo_filter_list(filter_attr='etcd_server_certs_missing') }}"
    44. 

  44.     sync_tmpdir: "{{ hostvars.localhost.g_etcd_mktemp.stdout }}"
    45. 

  45.   roles:
    46. 

  46.   - etcd_certificates
    47. 

  47.   post_tasks:
    48. 

  48.   - name: Create a tarball of the etcd certs
    49. 

  49.     command: >
    50. 

  50.       tar -czvf {{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}.tgz
    51. 

  51.         -C {{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }} .
    52. 

  52.     args:
    53. 

  53.       creates: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}.tgz"
    54. 

  54.     with_items: etcd_needing_server_certs
    55. 

  55.   - name: Retrieve the etcd cert tarballs
    56. 

  56.     fetch:
    57. 

  57.       src: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}.tgz"
    58. 

  58.       dest: "{{ sync_tmpdir }}/"
    59. 

  59.       flat: yes
    60. 

  60.       fail_on_missing: yes
    61. 

  61.       validate_checksum: yes
    62. 

  62.     with_items: etcd_needing_server_certs
    63. 

  63. 

  64. # Configure a first etcd host to avoid conflicts in choosing a leader
    65. 

  65. # if other members come online too quickly.
    66. 

  66. - name: Configure first etcd host
    67. 

  67.   hosts: oo_first_etcd
    68. 

  68.   vars:
    69. 

  69.     sync_tmpdir: "{{ hostvars.localhost.g_etcd_mktemp.stdout }}"
    70. 

  70.     etcd_url_scheme: https
    71. 

  71.     etcd_peer_url_scheme: https
    72. 

  72.     etcd_peers_group: oo_etcd_to_config
    73. 

  73.   pre_tasks:
    74. 

  74.   - name: Ensure certificate directory exists
    75. 

  75.     file:
    76. 

  76.       path: "{{ etcd_cert_config_dir }}"
    77. 

  77.       state: directory
    78. 

  78.   - name: Unarchive the tarball on the etcd host
    79. 

  79.     unarchive:
    80. 

  80.       src: "{{ sync_tmpdir }}/{{ etcd_cert_subdir }}.tgz"
    81. 

  81.       dest: "{{ etcd_cert_config_dir }}"
    82. 

  82.     when: etcd_server_certs_missing
    83. 

  83.   roles:
    84. 

  84.   - openshift_etcd
    85. 

  85.   - nickhammond.logrotate
    86. 

  86. 

  87. # Configure the remaining etcd hosts, skipping the first one we dealt with above.
    88. 

  88. - name: Configure remaining etcd hosts
    89. 

  89.   hosts: oo_etcd_to_config:!oo_first_etcd
    90. 

  90.   vars:
    91. 

  91.     sync_tmpdir: "{{ hostvars.localhost.g_etcd_mktemp.stdout }}"
    92. 

  92.     etcd_url_scheme: https
    93. 

  93.     etcd_peer_url_scheme: https
    94. 

  94.     etcd_peers_group: oo_etcd_to_config
    95. 

  95.   pre_tasks:
    96. 

  96.   - name: Ensure certificate directory exists
    97. 

  97.     file:
    98. 

  98.       path: "{{ etcd_cert_config_dir }}"
    99. 

  99.       state: directory
    100. 

  100.   - name: Unarchive the tarball on the etcd host
    101. 

  101.     unarchive:
    102. 

  102.       src: "{{ sync_tmpdir }}/{{ etcd_cert_subdir }}.tgz"
    103. 

  103.       dest: "{{ etcd_cert_config_dir }}"
    104. 

  104.     when: etcd_server_certs_missing
    105. 

  105.   roles:
    106. 

  106.   - openshift_etcd
    107. 

  107.   - role: nickhammond.logrotate
    108. 

  108. 

  109. - name: Delete temporary directory on localhost
    110. 

  110.   hosts: localhost
    111. 

  111.   connection: local
    112. 

  112.   become: no
    113. 

  113.   gather_facts: no
    114. 

  114.   tasks:
    115. 

  115.   - file: name={{ g_etcd_mktemp.stdout }} state=absent
    116. 

  116.     changed_when: False
    117.