etcd: use as system container

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>

3 files changed, 84 insertions, 5 deletions

diff --git a/roles/etcd/defaults/main.yaml b/roles/etcd/defaults/main.yaml
index 2ec62c37c..e0746d70d 100644
--- a/roles/etcd/defaults/main.yaml
+++ b/roles/etcd/defaults/main.yaml
@@ -1,5 +1,5 @@
 ---
-etcd_service: "{{ 'etcd' if not etcd_is_containerized | bool else 'etcd_container' }}"
+etcd_service: "{{ 'etcd' if openshift.common.is_etcd_system_container | bool or not etcd_is_containerized | bool else 'etcd_container' }}"
 etcd_client_port: 2379
 etcd_peer_port: 2380
 etcd_url_scheme: http
diff --git a/roles/etcd/tasks/main.yml b/roles/etcd/tasks/main.yml
index 41f25be70..5f3ca461e 100644
--- a/roles/etcd/tasks/main.yml
+++ b/roles/etcd/tasks/main.yml
@@ -14,13 +14,17 @@
   command: docker pull {{ openshift.etcd.etcd_image }}
   register: pull_result
   changed_when: "'Downloaded newer image' in pull_result.stdout"
-  when: etcd_is_containerized | bool
+  when:
+  - etcd_is_containerized | bool
+  - not openshift.common.is_etcd_system_container | bool
 
 - name: Install etcd container service file
   template:
     dest: "/etc/systemd/system/etcd_container.service"
     src: etcd.docker.service
-  when: etcd_is_containerized | bool
+  when:
+  - etcd_is_containerized | bool
+  - not openshift.common.is_etcd_system_container | bool
 
 - name: Ensure etcd datadir exists when containerized
   file:
@@ -36,10 +40,22 @@
     enabled: no
     masked: yes
     daemon_reload: yes
-  when: etcd_is_containerized | bool
+  when:
+  - etcd_is_containerized | bool
+  - not openshift.common.is_etcd_system_container | bool
   register: task_result
   failed_when: "task_result|failed and 'could not' not in task_result.msg|lower"
 
+- name: Install etcd container service file
+  template:
+    dest: "/etc/systemd/system/etcd_container.service"
+    src: etcd.docker.service
+  when: etcd_is_containerized | bool and not openshift.common.is_etcd_system_container | bool
+
+- name: Install Etcd system container
+  include: system_container.yml
+  when: etcd_is_containerized | bool and openshift.common.is_etcd_system_container | bool
+
 - name: Validate permissions on the config dir
   file:
     path: "{{ etcd_conf_dir }}"
@@ -54,7 +70,7 @@
     dest: /etc/etcd/etcd.conf
     backup: true
   notify:
-    - restart etcd
+  - restart etcd
 
 - name: Enable etcd
   systemd:
diff --git a/roles/etcd/tasks/system_container.yml b/roles/etcd/tasks/system_container.yml
new file mode 100644
index 000000000..241180e2c
--- /dev/null
+++ b/roles/etcd/tasks/system_container.yml
@@ -0,0 +1,63 @@
+---
+- name: Pull etcd system container
+  command: atomic pull --storage=ostree {{ openshift.etcd.etcd_image }}
+  register: pull_result
+  changed_when: "'Pulling layer' in pull_result.stdout"
+
+- name: Check etcd system container package
+  command: >
+    atomic containers list --no-trunc -a -f container=etcd
+  register: result
+
+- name: Set initial Etcd cluster
+  set_fact:
+    etcd_initial_cluster: >
+      {% for host in etcd_peers | default([]) -%}
+      {% if loop.last -%}
+      {{ hostvars[host].etcd_hostname }}={{ etcd_peer_url_scheme }}://{{ hostvars[host].etcd_ip }}:{{ etcd_peer_port }}
+      {%- else -%}
+      {{ hostvars[host].etcd_hostname }}={{ etcd_peer_url_scheme }}://{{ hostvars[host].etcd_ip }}:{{ etcd_peer_port }},
+      {%- endif -%}
+      {% endfor -%}
+
+- name: Update Etcd system container package
+  command: >
+    atomic containers update
+    --set ETCD_LISTEN_PEER_URLS={{ etcd_listen_peer_urls }}
+    --set ETCD_NAME={{ etcd_hostname }}
+    --set ETCD_INITIAL_CLUSTER={{ etcd_initial_cluster | replace('\n', '') }}
+    --set ETCD_LISTEN_CLIENT_URLS={{ etcd_listen_client_urls }}
+    --set ETCD_INITIAL_ADVERTISE_PEER_URLS={{ etcd_initial_advertise_peer_urls }}
+    --set ETCD_INITIAL_CLUSTER_STATE={{ etcd_initial_cluster_state }}
+    --set ETCD_INITIAL_CLUSTER_TOKEN={{ etcd_initial_cluster_token }}
+    --set ETCD_ADVERTISE_CLIENT_URLS={{ etcd_advertise_client_urls }}
+    --set ETCD_CA_FILE={{ etcd_system_container_conf_dir }}/ca.crt
+    --set ETCD_CERT_FILE={{ etcd_system_container_conf_dir }}/server.crt
+    --set ETCD_KEY_FILE={{ etcd_system_container_conf_dir }}/server.key
+    --set ETCD_PEER_CA_FILE={{ etcd_system_container_conf_dir }}/ca.crt
+    --set ETCD_PEER_CERT_FILE={{ etcd_system_container_conf_dir }}/peer.crt
+    --set ETCD_PEER_KEY_FILE={{ etcd_system_container_conf_dir }}/peer.key
+    etcd
+  when:
+  - ("etcd" in result.stdout)
+
+- name: Install Etcd system container package
+  command: >
+    atomic install --system --name=etcd
+    --set ETCD_LISTEN_PEER_URLS={{ etcd_listen_peer_urls }}
+    --set ETCD_NAME={{ etcd_hostname }}
+    --set ETCD_INITIAL_CLUSTER={{ etcd_initial_cluster | replace('\n', '') }}
+    --set ETCD_LISTEN_CLIENT_URLS={{ etcd_listen_client_urls }}
+    --set ETCD_INITIAL_ADVERTISE_PEER_URLS={{ etcd_initial_advertise_peer_urls }}
+    --set ETCD_INITIAL_CLUSTER_STATE={{ etcd_initial_cluster_state }}
+    --set ETCD_INITIAL_CLUSTER_TOKEN={{ etcd_initial_cluster_token }}
+    --set ETCD_ADVERTISE_CLIENT_URLS={{ etcd_advertise_client_urls }}
+    --set ETCD_CA_FILE={{ etcd_system_container_conf_dir }}/ca.crt
+    --set ETCD_CERT_FILE={{ etcd_system_container_conf_dir }}/server.crt
+    --set ETCD_KEY_FILE={{ etcd_system_container_conf_dir }}/server.key
+    --set ETCD_PEER_CA_FILE={{ etcd_system_container_conf_dir }}/ca.crt
+    --set ETCD_PEER_CERT_FILE={{ etcd_system_container_conf_dir }}/peer.crt
+    --set ETCD_PEER_KEY_FILE={{ etcd_system_container_conf_dir }}/peer.key
+    {{ openshift.etcd.etcd_image }}
+  when:
+  - ("etcd" not in result.stdout)