Home Explore Help
Register Sign In
shixiong
/
okd
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: aa9e19c20b
Branches Tags
okd
/
playbooks
/
common
/
openshift-cluster
/
redeploy-certificates
/
etcd.yml

etcd.yml 2.4 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566 
  1. ---
    2. 

  2. - name: Backup and remove generated etcd certificates
    3. 

  3.   hosts: oo_first_etcd
    4. 

  4.   any_errors_fatal: true
    5. 

  5.   roles:
    6. 

  6.     - etcd_common
    7. 

  7.   post_tasks:
    8. 

  8.     - name: Determine if generated etcd certificates exist
    9. 

  9.       stat:
    10. 

  10.         path: "{{ etcd_conf_dir }}/generated_certs"
    11. 

  11.       register: etcd_generated_certs_dir_stat
    12. 

  12.     - name: Backup generated etcd certificates
    13. 

  13.       command: >
    14. 

  14.         tar -czf {{ etcd_conf_dir }}/etcd-generated-certificate-backup-{{ ansible_date_time.epoch }}.tgz
    15. 

  15.         {{ etcd_conf_dir }}/generated_certs
    16. 

  16.       args:
    17. 

  17.         warn: no
    18. 

  18.       when: etcd_generated_certs_dir_stat.stat.exists | bool
    19. 

  19.     - name: Remove generated etcd certificates
    20. 

  20.       file:
    21. 

  21.         path: "{{ item }}"
    22. 

  22.         state: absent
    23. 

  23.       with_items:
    24. 

  24.         - "{{ etcd_conf_dir }}/generated_certs"
    25. 

  25. 

  26. - name: Backup and removed deployed etcd certificates
    27. 

  27.   hosts: oo_etcd_to_config
    28. 

  28.   any_errors_fatal: true
    29. 

  29.   roles:
    30. 

  30.     - etcd_common
    31. 

  31.   post_tasks:
    32. 

  32.     - name: Backup etcd certificates
    33. 

  33.       command: >
    34. 

  34.         tar -czvf /etc/etcd/etcd-server-certificate-backup-{{ ansible_date_time.epoch }}.tgz
    35. 

  35.         {{ etcd_conf_dir }}/ca.crt
    36. 

  36.         {{ etcd_conf_dir }}/server.crt
    37. 

  37.         {{ etcd_conf_dir }}/server.key
    38. 

  38.         {{ etcd_conf_dir }}/peer.crt
    39. 

  39.         {{ etcd_conf_dir }}/peer.key
    40. 

  40.       args:
    41. 

  41.         warn: no
    42. 

  42. 

  43. - name: Redeploy etcd certificates
    44. 

  44.   hosts: oo_etcd_to_config
    45. 

  45.   any_errors_fatal: true
    46. 

  46.   roles:
    47. 

  47.     - role: openshift_etcd_server_certificates
    48. 

  48.       etcd_certificates_redeploy: true
    49. 

  49.       etcd_ca_host: "{{ groups.oo_etcd_to_config.0 }}"
    50. 

  50.       etcd_peers: "{{ groups.oo_etcd_to_config | default([], true) }}"
    51. 

  51.       etcd_certificates_etcd_hosts: "{{ groups.oo_etcd_to_config | default([], true) }}"
    52. 

  52.       openshift_ca_host: "{{ groups.oo_first_master.0 }}"
    53. 

  53. 

  54. - name: Redeploy etcd client certificates for masters
    55. 

  55.   hosts: oo_masters_to_config
    56. 

  56.   any_errors_fatal: true
    57. 

  57.   roles:
    58. 

  58.     - role: openshift_etcd_client_certificates
    59. 

  59.       etcd_certificates_redeploy: true
    60. 

  60.       etcd_ca_host: "{{ groups.oo_etcd_to_config.0 }}"
    61. 

  61.       etcd_cert_subdir: "openshift-master-{{ openshift.common.hostname }}"
    62. 

  62.       etcd_cert_config_dir: "{{ openshift.common.config_base }}/master"
    63. 

  63.       etcd_cert_prefix: "master.etcd-"
    64. 

  64.       openshift_ca_host: "{{ groups.oo_first_master.0 }}"
    65. 

  65.       openshift_master_count: "{{ openshift.master.master_count | default(groups.oo_masters | length) }}"
    66. 

  66.       when: groups.oo_etcd_to_config is defined and groups.oo_etcd_to_config
    67.