shixiong
/
okd


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101
							---
- name: Set hostname and ip facts
  set_fact:
    # Store etcd_hostname and etcd_ip such that they will be available
    # in hostvars. Defaults for these variables are set in etcd_common.
    etcd_hostname: "{{ etcd_hostname }}"
    etcd_ip: "{{ etcd_ip }}"

- name: Install etcd
  action: "{{ ansible_pkg_mgr }} name=etcd state=present"
  when: not etcd_is_containerized | bool

- name: Pull etcd container
  command: docker pull {{ openshift.etcd.etcd_image }}
  register: pull_result
  changed_when: "'Downloaded newer image' in pull_result.stdout"
  when: etcd_is_containerized | bool

- name: Install etcd container service file
  template:
    dest: "/etc/systemd/system/etcd_container.service"
    src: etcd.docker.service
  register: install_etcd_result
  when: etcd_is_containerized | bool

- name: Ensure etcd datadir exists
  when: etcd_is_containerized | bool
  file:
    path: "{{ etcd_data_dir }}"
    state: directory
    mode: 0700

- name: Check for etcd service presence
  command: systemctl show etcd.service
  register: etcd_show
  changed_when: false

- name: Disable system etcd when containerized
  when: etcd_is_containerized | bool and 'LoadState=not-found' not in etcd_show.stdout
  service:
    name: etcd
    state: stopped
    enabled: no

- name: Mask system etcd when containerized
  when: etcd_is_containerized | bool and 'LoadState=not-found' not in etcd_show.stdout
  command: systemctl mask etcd

- name: Reload systemd units
  command: systemctl daemon-reload
  when: etcd_is_containerized | bool and ( install_etcd_result | changed )

- name: Validate permissions on the config dir
  file:
    path: "{{ etcd_conf_dir }}"
    state: directory
    owner: "{{ 'etcd' if not etcd_is_containerized | bool else omit }}"
    group: "{{ 'etcd' if not etcd_is_containerized | bool else omit }}"
    mode: 0700

- name: Validate permissions on certificate files
  file:
    path: "{{ item }}"
    mode: 0600
    owner: "{{ 'etcd' if not etcd_is_containerized | bool else omit }}"
    group: "{{ 'etcd' if not etcd_is_containerized | bool else omit }}"
  when: etcd_url_scheme == 'https'
  with_items:
  - "{{ etcd_ca_file }}"
  - "{{ etcd_cert_file }}"
  - "{{ etcd_key_file }}"

- name: Validate permissions on peer certificate files
  file:
    path: "{{ item }}"
    mode: 0600
    owner: "{{ 'etcd' if not etcd_is_containerized | bool else omit }}"
    group: "{{ 'etcd' if not etcd_is_containerized | bool else omit }}"
  when: etcd_peer_url_scheme == 'https'
  with_items:
  - "{{ etcd_peer_ca_file }}"
  - "{{ etcd_peer_cert_file }}"
  - "{{ etcd_peer_key_file }}"

- name: Write etcd global config file
  template:
    src: etcd.conf.j2
    dest: /etc/etcd/etcd.conf
    backup: true
  notify:
    - restart etcd

- name: Enable etcd
  service:
    name: "{{ etcd_service }}"
    state: started
    enabled: yes
  register: start_result

- set_fact:
    etcd_service_status_changed: "{{ start_result | changed }}"