diff options
| author | Jan Chaloupka <jchaloup@redhat.com> | 2017-09-19 15:14:18 +0200 |
|---|---|---|
| committer | Jan Chaloupka <jchaloup@redhat.com> | 2017-09-22 10:12:20 +0200 |
| commit | f8664e17ef5e6bead61d8471facd2859fd10c180 (patch) | |
| tree | 478c21fd924ce9d6abf410b57257c004637aa31a /roles/etcd/tasks/migration/add_ttls.yml | |
| parent | 2d0501b63ff07b177b3fb5b1c6663ed369656240 (diff) | |
| download | openshift-f8664e17ef5e6bead61d8471facd2859fd10c180.tar.gz openshift-f8664e17ef5e6bead61d8471facd2859fd10c180.tar.bz2 openshift-f8664e17ef5e6bead61d8471facd2859fd10c180.tar.xz openshift-f8664e17ef5e6bead61d8471facd2859fd10c180.zip | |
consolidate etcd_migrate role
Diffstat (limited to 'roles/etcd/tasks/migration/add_ttls.yml')
| -rw-r--r-- | roles/etcd/tasks/migration/add_ttls.yml | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/roles/etcd/tasks/migration/add_ttls.yml b/roles/etcd/tasks/migration/add_ttls.yml new file mode 100644 index 000000000..14625e49e --- /dev/null +++ b/roles/etcd/tasks/migration/add_ttls.yml @@ -0,0 +1,34 @@ +--- +# To be executed on first master +- slurp: + src: "{{ openshift.common.config_base }}/master/master-config.yaml" + register: g_master_config_output + +- set_fact: + accessTokenMaxAgeSeconds: "{{ (g_master_config_output.content|b64decode|from_yaml).oauthConfig.tokenConfig.accessTokenMaxAgeSeconds | default(86400) }}" + authroizeTokenMaxAgeSeconds: "{{ (g_master_config_output.content|b64decode|from_yaml).oauthConfig.tokenConfig.authroizeTokenMaxAgeSeconds | default(500) }}" + controllerLeaseTTL: "{{ (g_master_config_output.content|b64decode|from_yaml).controllerLeaseTTL | default(30) }}" + +- name: Re-introduce leases (as a replacement for key TTLs) + command: > + oadm migrate etcd-ttl \ + --cert {{ r_etcd_common_master_peer_cert_file }} \ + --key {{ r_etcd_common_master_peer_key_file }} \ + --cacert {{ r_etcd_common_master_peer_ca_file }} \ + --etcd-address 'https://{{ etcd_peer }}:{{ etcd_client_port }}' \ + --ttl-keys-prefix {{ item.keys }} \ + --lease-duration {{ item.ttl }} + environment: + ETCDCTL_API: 3 + PATH: "/usr/local/bin:/var/usrlocal/bin:{{ ansible_env.PATH }}" + with_items: + - keys: "/kubernetes.io/events" + ttl: "1h" + - keys: "/kubernetes.io/masterleases" + ttl: "10s" + - keys: "/openshift.io/oauth/accesstokens" + ttl: "{{ accessTokenMaxAgeSeconds }}s" + - keys: "/openshift.io/oauth/authorizetokens" + ttl: "{{ authroizeTokenMaxAgeSeconds }}s" + - keys: "/openshift.io/leases/controllers" + ttl: "{{ controllerLeaseTTL }}s" |