c12s-kubespray/roles/recover_control_plane/etcd/tasks/recover_lost_quorum.yml

---
- name: Save etcd snapshot
  shell: "{{ bin_dir }}/etcdctl snapshot save /tmp/snapshot.db"
  environment:
    - ETCDCTL_API: 3
    - ETCDCTL_CA_FILE: /etc/ssl/etcd/ssl/ca.pem
    - ETCDCTL_CERT: "/etc/ssl/etcd/ssl/member-{{ inventory_hostname }}.pem"
    - ETCDCTL_KEY: "/etc/ssl/etcd/ssl/member-{{ inventory_hostname }}-key.pem"
  when: etcd_snapshot is not defined

- name: Transfer etcd snapshot to host
  copy:
    src: "{{ etcd_snapshot }}"
    dest: /tmp/snapshot.db
  when: etcd_snapshot is defined

- name: Stop etcd
  systemd:
    name: etcd
    state: stopped

- name: Remove etcd data-dir
  shell: "rm -rf {{ etcd_data_dir }}"

- name: Restore etcd snapshot
  shell: "{{ bin_dir }}/etcdctl snapshot restore /tmp/snapshot.db --name {{ etcd_member_name }} --initial-cluster {{ etcd_member_name }}={{ etcd_peer_url }} --initial-cluster-token k8s_etcd --initial-advertise-peer-urls {{ etcd_peer_url }} --data-dir {{ etcd_data_dir }}"
  environment:
    - ETCDCTL_API: 3
    - ETCDCTL_CA_FILE: /etc/ssl/etcd/ssl/ca.pem
    - ETCDCTL_CERT: "/etc/ssl/etcd/ssl/member-{{ inventory_hostname }}.pem"
    - ETCDCTL_KEY: "/etc/ssl/etcd/ssl/member-{{ inventory_hostname }}-key.pem"

- name: Remove etcd snapshot
  file:
    path: /tmp/snapshot.db
    state: absent

- name: Change etcd data-dir owner
  file:
    path: "{{ etcd_data_dir }}"
    owner: etcd
    group: etcd
    recurse: true

- name: Reconfigure etcd
  replace:
    path: /etc/etcd.env
    regexp: "^(ETCD_INITIAL_CLUSTER=).*"
    replace: '\1{{ etcd_member_name }}={{ etcd_peer_url }}'

- name: Start etcd
  systemd:
    name: etcd
    state: started
Documentation and playbook for recovering control plane from node failure (#4146) 2019-04-29 08:40:20 +00:00			`---`
			`- name: Save etcd snapshot`
			`shell: "{{ bin_dir }}/etcdctl snapshot save /tmp/snapshot.db"`
			`environment:`
			`- ETCDCTL_API: 3`
			`- ETCDCTL_CA_FILE: /etc/ssl/etcd/ssl/ca.pem`
			`- ETCDCTL_CERT: "/etc/ssl/etcd/ssl/member-{{ inventory_hostname }}.pem"`
			`- ETCDCTL_KEY: "/etc/ssl/etcd/ssl/member-{{ inventory_hostname }}-key.pem"`
			`when: etcd_snapshot is not defined`

			`- name: Transfer etcd snapshot to host`
			`copy:`
			`src: "{{ etcd_snapshot }}"`
			`dest: /tmp/snapshot.db`
			`when: etcd_snapshot is defined`

			`- name: Stop etcd`
			`systemd:`
			`name: etcd`
			`state: stopped`

			`- name: Remove etcd data-dir`
			`shell: "rm -rf {{ etcd_data_dir }}"`

			`- name: Restore etcd snapshot`
			`shell: "{{ bin_dir }}/etcdctl snapshot restore /tmp/snapshot.db --name {{ etcd_member_name }} --initial-cluster {{ etcd_member_name }}={{ etcd_peer_url }} --initial-cluster-token k8s_etcd --initial-advertise-peer-urls {{ etcd_peer_url }} --data-dir {{ etcd_data_dir }}"`
			`environment:`
			`- ETCDCTL_API: 3`
			`- ETCDCTL_CA_FILE: /etc/ssl/etcd/ssl/ca.pem`
			`- ETCDCTL_CERT: "/etc/ssl/etcd/ssl/member-{{ inventory_hostname }}.pem"`
			`- ETCDCTL_KEY: "/etc/ssl/etcd/ssl/member-{{ inventory_hostname }}-key.pem"`

			`- name: Remove etcd snapshot`
			`file:`
			`path: /tmp/snapshot.db`
			`state: absent`

			`- name: Change etcd data-dir owner`
			`file:`
			`path: "{{ etcd_data_dir }}"`
			`owner: etcd`
			`group: etcd`
			`recurse: true`

			`- name: Reconfigure etcd`
			`replace:`
			`path: /etc/etcd.env`
			`regexp: "^(ETCD_INITIAL_CLUSTER=).*"`
			`replace: '\1{{ etcd_member_name }}={{ etcd_peer_url }}'`

			`- name: Start etcd`
			`systemd:`
			`name: etcd`
			`state: started`