summaryrefslogtreecommitdiffstats
path: root/roles/etcd/defaults/main.yaml
blob: daf29f036fa556b11f97fe317a4aebb810a934f8 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
---
r_etcd_common_backup_tag: ''
r_etcd_common_backup_sufix_name: ''

# runc, docker, host
r_etcd_common_etcd_runtime: "docker"
r_etcd_common_embedded_etcd: false

# etcd run on a host => use etcdctl command directly
# etcd run as a docker container => use docker exec
# etcd run as a runc container => use runc exec
r_etcd_common_etcdctl_command: "{{ 'etcdctl' if r_etcd_common_etcd_runtime == 'host' or r_etcd_common_embedded_etcd | bool else 'docker exec etcd_container etcdctl' if r_etcd_common_etcd_runtime == 'docker' else 'runc exec etcd etcdctl' }}"

# etcd server vars
etcd_conf_dir: '/etc/etcd'
r_etcd_common_system_container_host_dir: /var/lib/etcd/etcd.etcd
etcd_system_container_conf_dir: /var/lib/etcd/etc
etcd_conf_file: "{{ etcd_conf_dir }}/etcd.conf"
etcd_ca_file: "{{ etcd_conf_dir }}/ca.crt"
etcd_cert_file: "{{ etcd_conf_dir }}/server.crt"
etcd_key_file: "{{ etcd_conf_dir }}/server.key"
etcd_peer_ca_file: "{{ etcd_conf_dir }}/ca.crt"
etcd_peer_cert_file: "{{ etcd_conf_dir }}/peer.crt"
etcd_peer_key_file: "{{ etcd_conf_dir }}/peer.key"

# etcd ca vars
etcd_ca_dir: "{{ etcd_conf_dir}}/ca"
etcd_generated_certs_dir: "{{ etcd_conf_dir }}/generated_certs"
etcd_ca_cert: "{{ etcd_ca_dir }}/ca.crt"
etcd_ca_key: "{{ etcd_ca_dir }}/ca.key"
etcd_openssl_conf: "{{ etcd_ca_dir }}/openssl.cnf"
etcd_ca_name: etcd_ca
etcd_req_ext: etcd_v3_req
etcd_ca_exts_peer: etcd_v3_ca_peer
etcd_ca_exts_server: etcd_v3_ca_server
etcd_ca_exts_self: etcd_v3_ca_self
etcd_ca_exts_client: etcd_v3_ca_client
etcd_ca_crl_dir: "{{ etcd_ca_dir }}/crl"
etcd_ca_new_certs_dir: "{{ etcd_ca_dir }}/certs"
etcd_ca_db: "{{ etcd_ca_dir }}/index.txt"
etcd_ca_serial: "{{ etcd_ca_dir }}/serial"
etcd_ca_crl_number: "{{ etcd_ca_dir }}/crlnumber"
etcd_ca_default_days: 1825

r_etcd_common_master_peer_cert_file: /etc/origin/master/master.etcd-client.crt
r_etcd_common_master_peer_key_file: /etc/origin/master/master.etcd-client.key
r_etcd_common_master_peer_ca_file: /etc/origin/master/master.etcd-ca.crt

# etcd server & certificate vars
etcd_hostname: "{{ inventory_hostname }}"
etcd_ip: "{{ ansible_default_ipv4.address }}"
etcd_is_atomic: False
etcd_is_containerized: False
etcd_is_thirdparty: False

# etcd dir vars
etcd_data_dir: "{{ '/var/lib/origin/openshift.local.etcd' if r_etcd_common_embedded_etcd | bool else '/var/lib/etcd/' if r_etcd_common_etcd_runtime != 'runc' else '/var/lib/etcd/etcd.etcd/' }}"

# etcd ports and protocols
etcd_client_port: 2379
etcd_peer_port: 2380
etcd_url_scheme: http
etcd_peer_url_scheme: http

etcd_initial_cluster_state: new
etcd_initial_cluster_token: etcd-cluster-1

etcd_initial_advertise_peer_urls: "{{ etcd_peer_url_scheme }}://{{ etcd_ip }}:{{ etcd_peer_port }}"
etcd_listen_peer_urls: "{{ etcd_peer_url_scheme }}://{{ etcd_ip }}:{{ etcd_peer_port }}"
etcd_advertise_client_urls: "{{ etcd_url_scheme }}://{{ etcd_ip }}:{{ etcd_client_port }}"
etcd_listen_client_urls: "{{ etcd_url_scheme }}://{{ etcd_ip }}:{{ etcd_client_port }}"

# required role variable
#etcd_peer: 127.0.0.1
etcdctlv2: "etcdctl --cert-file {{ etcd_peer_cert_file }} --key-file {{ etcd_peer_key_file }} --ca-file {{ etcd_peer_ca_file }} -C https://{{ etcd_peer }}:{{ etcd_client_port }}"

etcd_service: "{{ 'etcd_container' if r_etcd_common_etcd_runtime == 'docker' else 'etcd' }}"
# Location of the service file is fixed and not meant to be changed
etcd_service_file: "/etc/systemd/system/{{ etcd_service }}.service"

r_etcd_firewall_enabled: "{{ os_firewall_enabled | default(True) }}"
r_etcd_use_firewalld: "{{ os_firewall_use_firewalld | default(Falsel) }}"

etcd_systemd_dir: "/etc/systemd/system/{{ etcd_service }}.service.d"
r_etcd_os_firewall_deny: []
r_etcd_os_firewall_allow:
- service: etcd
  port: "{{etcd_client_port}}/tcp"
- service: etcd peering
  port: "{{ etcd_peer_port }}/tcp"

# set the backend quota to 4GB by default
etcd_quota_backend_bytes: 4294967296