summaryrefslogtreecommitdiffstats
path: root/playbooks/common/openshift-etcd/config.yml
diff options
context:
space:
mode:
Diffstat (limited to 'playbooks/common/openshift-etcd/config.yml')
-rw-r--r--playbooks/common/openshift-etcd/config.yml96
1 files changed, 43 insertions, 53 deletions
diff --git a/playbooks/common/openshift-etcd/config.yml b/playbooks/common/openshift-etcd/config.yml
index 2c920df49..3cc561ba0 100644
--- a/playbooks/common/openshift-etcd/config.yml
+++ b/playbooks/common/openshift-etcd/config.yml
@@ -1,30 +1,32 @@
---
-- name: Gather and set facts for etcd hosts
- hosts: oo_etcd_hosts_to_config
+- name: Set etcd facts needed for generating certs
+ hosts: oo_etcd_to_config
roles:
- openshift_facts
tasks:
- openshift_facts:
- role: common
- local_facts:
- hostname: "{{ openshift_hostname | default(None) }}"
- - name: Check for etcd certificates
+ role: "{{ item.role }}"
+ local_facts: "{{ item.local_facts }}"
+ with_items:
+ - role: common
+ local_facts:
+ hostname: "{{ openshift_hostname | default(None) }}"
+ public_hostname: "{{ openshift_public_hostname | default(None) }}"
+ deployment_type: "{{ openshift_deployment_type }}"
+ - name: Check status of etcd certificates
stat:
path: "{{ item }}"
with_items:
- - "/etc/etcd/ca.crt"
- - "/etc/etcd/client.crt"
- - "/etc/etcd/client.key"
- - "/etc/etcd/peer-ca.crt"
- - "/etc/etcd/peer.crt"
- - "/etc/etcd/peer.key"
- register: g_etcd_certs_stat
+ - /etc/etcd/server.crt
+ - /etc/etcd/peer.crt
+ - /etc/etcd/ca.crt
+ register: g_etcd_server_cert_stat_result
- set_fact:
- etcd_certs_missing: "{{ g_etcd_certs_stat.results | map(attribute='stat.exists')
- | list | intersect([false])}}"
- etcd_subdir: etcd-{{ openshift.common.hostname }}
- etcd_dir: /etc/openshift/generated-configs/etcd-{{ openshift.common.hostname }}
- etcd_cert_dir: /etc/etcd
+ etcd_server_certs_missing: "{{ g_etcd_server_cert_stat_result.results | map(attribute='stat.exists')
+ | list | intersect([false])}}"
+ etcd_cert_subdir: etcd-{{ openshift.common.hostname }}
+ etcd_cert_config_dir: /etc/etcd
+ etcd_cert_prefix:
- name: Create temp directory for syncing certs
hosts: localhost
@@ -37,65 +39,53 @@
register: g_etcd_mktemp
changed_when: False
-- name: Create etcd certs
- hosts: oo_first_master
+- name: Configure etcd certificates
+ hosts: oo_first_etcd
vars:
- etcd_hosts_needing_certs: "{{ hostvars
- | oo_select_keys(groups['oo_etcd_hosts_to_config'])
- | oo_filter_list(filter_attr='etcd_certs_missing') }}"
- etcd_hosts: "{{ hostvars
- | oo_select_keys(groups['oo_etcd_hosts_to_config']) }}"
+ etcd_generated_certs_dir: /etc/etcd/generated_certs
+ etcd_needing_server_certs: "{{ hostvars
+ | oo_select_keys(groups['oo_etcd_to_config'])
+ | oo_filter_list(filter_attr='etcd_server_certs_missing') }}"
sync_tmpdir: "{{ hostvars.localhost.g_etcd_mktemp.stdout }}"
roles:
- - openshift_etcd_certs
+ - etcd_certificates
post_tasks:
- name: Create a tarball of the etcd certs
command: >
- tar -czvf {{ item.etcd_dir }}.tgz
- -C {{ item.etcd_dir }} .
+ tar -czvf {{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}.tgz
+ -C {{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }} .
args:
- creates: "{{ item.etcd_dir }}.tgz"
- with_items: etcd_hosts_needing_certs
-
- - name: Retrieve the etcd cert tarballs from the master
+ creates: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}.tgz"
+ with_items: etcd_needing_server_certs
+ - name: Retrieve the etcd cert tarballs
fetch:
- src: "{{ item.etcd_dir }}.tgz"
+ src: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}.tgz"
dest: "{{ sync_tmpdir }}/"
flat: yes
fail_on_missing: yes
validate_checksum: yes
- with_items: etcd_hosts_needing_certs
+ with_items: etcd_needing_server_certs
-- name: Deploy etcd
- hosts: oo_etcd_hosts_to_config
+- name: Configure etcd hosts
+ hosts: oo_etcd_to_config
vars:
sync_tmpdir: "{{ hostvars.localhost.g_etcd_mktemp.stdout }}"
etcd_url_scheme: https
+ etcd_peer_url_scheme: https
+ etcd_peers_group: oo_etcd_to_config
pre_tasks:
- name: Ensure certificate directory exists
file:
- path: "{{ etcd_cert_dir }}"
+ path: "{{ etcd_cert_config_dir }}"
state: directory
- - name: Unarchive the tarball on the node
+ - name: Unarchive the tarball on the etcd host
unarchive:
- src: "{{ sync_tmpdir }}/{{ etcd_subdir }}.tgz"
- dest: "{{ etcd_cert_dir }}"
- when: etcd_certs_missing
- - file: path=/etc/etcd/client.crt mode=0600 owner=etcd group=etcd
- - file: path=/etc/etcd/client.key mode=0600 owner=etcd group=etcd
- - file: path=/etc/etcd/ca.crt mode=0644 owner=etcd group=etcd
+ src: "{{ sync_tmpdir }}/{{ etcd_cert_subdir }}.tgz"
+ dest: "{{ etcd_cert_config_dir }}"
+ when: etcd_server_certs_missing
roles:
- etcd
-- name: Delete the temporary directory on the master
- hosts: oo_first_master
- gather_facts: no
- vars:
- sync_tmpdir: "{{ hostvars.localhost.g_etcd_mktemp.stdout }}"
- tasks:
- - file: name={{ sync_tmpdir }} state=absent
- changed_when: False
-
- name: Delete temporary directory on localhost
hosts: localhost
connection: local
generated by cgit v1.2.1 (git 2.18.0) at 2024-05-23 14:27:12 +0000