Merge pull request #1181 from holser/refactor_etcd

Refactor etcd role
This commit is contained in:
Matthew Mosesohn 2017-03-27 13:05:35 +03:00 committed by GitHub
commit 986a89be66
7 changed files with 67 additions and 49 deletions

View file

@ -30,14 +30,20 @@
mode: 0600 mode: 0600
- name: Backup etcd v2 data - name: Backup etcd v2 data
command: "{{ bin_dir }}/etcdctl backup --data-dir {{ etcd_data_dir }} --backup-dir {{ etcd_backup_directory }}" command: >-
{{ bin_dir }}/etcdctl backup
--data-dir {{ etcd_data_dir }}
--backup-dir {{ etcd_backup_directory }}
environment: environment:
ETCDCTL_API: 2 ETCDCTL_API: 2
retries: 3 retries: 3
delay: "{{ retry_stagger | random + 3 }}" delay: "{{ retry_stagger | random + 3 }}"
- name: Backup etcd v3 data - name: Backup etcd v3 data
command: "{{ bin_dir }}/etcdctl --endpoints={{ etcd_access_addresses }} snapshot save {{ etcd_backup_directory }}/snapshot.db" command: >-
{{ bin_dir }}/etcdctl
--endpoints={{ etcd_access_addresses }}
snapshot save {{ etcd_backup_directory }}/snapshot.db
environment: environment:
ETCDCTL_API: 3 ETCDCTL_API: 3
retries: 3 retries: 3

View file

@ -12,6 +12,15 @@
when: is_etcd_master and etcd_member_in_cluster.rc != 0 and etcd_cluster_is_healthy.rc == 0 when: is_etcd_master and etcd_member_in_cluster.rc != 0 and etcd_cluster_is_healthy.rc == 0
shell: "{{ bin_dir }}/etcdctl --peers={{ etcd_access_addresses }} member add {{ etcd_member_name }} {{ etcd_peer_url }}" shell: "{{ bin_dir }}/etcdctl --peers={{ etcd_access_addresses }} member add {{ etcd_member_name }} {{ etcd_peer_url }}"
- name: Install etcd launch script
template:
src: etcd.j2
dest: "{{ bin_dir }}/etcd"
owner: 'root'
mode: 0755
backup: yes
notify: restart etcd
- name: Configure | Copy etcd.service systemd file - name: Configure | Copy etcd.service systemd file
template: template:
src: "etcd-{{ etcd_deployment_type }}.service.j2" src: "etcd-{{ etcd_deployment_type }}.service.j2"

View file

@ -1,7 +1,7 @@
--- ---
- name: Refresh config | Create etcd config file - name: Refresh config | Create etcd config file
template: template:
src: etcd.j2 src: etcd.env.yml
dest: /etc/etcd.env dest: /etc/etcd.env
notify: restart etcd notify: restart etcd
when: is_etcd_master when: is_etcd_master

View file

@ -6,25 +6,8 @@ After=docker.service
[Service] [Service]
User=root User=root
PermissionsStartOnly=true PermissionsStartOnly=true
ExecStart={{ docker_bin_dir }}/docker run --restart=on-failure:5 \ EnvironmentFile=/etc/etcd.env
--env-file=/etc/etcd.env \ ExecStart={{ bin_dir }}/etcd
{# TODO(mattymo): Allow docker IP binding and disable in envfile
-p 2380:2380 -p 2379:2379 #}
--net=host \
-v /etc/ssl/certs:/etc/ssl/certs:ro \
-v {{ etcd_cert_dir }}:{{ etcd_cert_dir }}:ro \
-v {{ etcd_data_dir }}:/var/lib/etcd:rw \
{% if etcd_memory_limit is defined %}
--memory={{ etcd_memory_limit|regex_replace('Mi', 'M') }} \
{% endif %}
{% if etcd_cpu_limit is defined %}
--cpu-shares={{ etcd_cpu_limit|regex_replace('m', '') }} \
{% endif %}
--name={{ etcd_member_name | default("etcd") }} \
{{ etcd_image_repo }}:{{ etcd_image_tag }} \
{% if etcd_after_v3 %}
{{ etcd_container_bin_dir }}etcd
{% endif %}
ExecStartPre=-{{ docker_bin_dir }}/docker rm -f {{ etcd_member_name | default("etcd") }} ExecStartPre=-{{ docker_bin_dir }}/docker rm -f {{ etcd_member_name | default("etcd") }}
ExecReload={{ docker_bin_dir }}/docker restart {{ etcd_member_name | default("etcd") }} ExecReload={{ docker_bin_dir }}/docker restart {{ etcd_member_name | default("etcd") }}
ExecStop={{ docker_bin_dir }}/docker stop {{ etcd_member_name | default("etcd") }} ExecStop={{ docker_bin_dir }}/docker stop {{ etcd_member_name | default("etcd") }}

View file

@ -0,0 +1,22 @@
ETCD_DATA_DIR={{ etcd_data_dir }}
ETCD_ADVERTISE_CLIENT_URLS={{ etcd_client_url }}
ETCD_INITIAL_ADVERTISE_PEER_URLS={{ etcd_peer_url }}
ETCD_INITIAL_CLUSTER_STATE={% if etcd_cluster_is_healthy.rc != 0 | bool %}new{% else %}existing{% endif %}
ETCD_LISTEN_CLIENT_URLS=https://{{ etcd_address }}:2379,https://127.0.0.1:2379
ETCD_ELECTION_TIMEOUT={{ etcd_election_timeout }}
ETCD_HEARTBEAT_INTERVAL={{ etcd_heartbeat_interval }}
ETCD_INITIAL_CLUSTER_TOKEN=k8s_etcd
ETCD_LISTEN_PEER_URLS=https://{{ etcd_address }}:2380
ETCD_NAME={{ etcd_member_name }}
ETCD_PROXY=off
ETCD_INITIAL_CLUSTER={{ etcd_peer_addresses }}
# TLS settings
ETCD_TRUSTED_CA_FILE={{ etcd_cert_dir }}/ca.pem
ETCD_CERT_FILE={{ etcd_cert_dir }}/member-{{ inventory_hostname }}.pem
ETCD_KEY_FILE={{ etcd_cert_dir }}/member-{{ inventory_hostname }}-key.pem
ETCD_PEER_TRUSTED_CA_FILE={{ etcd_cert_dir }}/ca.pem
ETCD_PEER_CERT_FILE={{ etcd_cert_dir }}/member-{{ inventory_hostname }}.pem
ETCD_PEER_KEY_FILE={{ etcd_cert_dir }}/member-{{ inventory_hostname }}-key.pem
ETCD_PEER_CLIENT_CERT_AUTH=true

View file

@ -1,22 +1,20 @@
ETCD_DATA_DIR={{ etcd_data_dir }} #!/bin/bash
ETCD_ADVERTISE_CLIENT_URLS={{ etcd_client_url }} {{ docker_bin_dir }}/docker run \
ETCD_INITIAL_ADVERTISE_PEER_URLS={{ etcd_peer_url }} --restart=on-failure:5 \
ETCD_INITIAL_CLUSTER_STATE={% if etcd_cluster_is_healthy.rc != 0 | bool %}new{% else %}existing{% endif %} --env-file=/etc/etcd.env \
--net=host \
ETCD_LISTEN_CLIENT_URLS=https://{{ etcd_address }}:2379,https://127.0.0.1:2379 -v /etc/ssl/certs:/etc/ssl/certs:ro \
ETCD_ELECTION_TIMEOUT={{ etcd_election_timeout }} -v {{ etcd_cert_dir }}:{{ etcd_cert_dir }}:ro \
ETCD_HEARTBEAT_INTERVAL={{ etcd_heartbeat_interval }} -v {{ etcd_data_dir }}:/var/lib/etcd:rw \
ETCD_INITIAL_CLUSTER_TOKEN=k8s_etcd {% if etcd_memory_limit is defined %}
ETCD_LISTEN_PEER_URLS=https://{{ etcd_address }}:2380 --memory={{ etcd_memory_limit|regex_replace('Mi', 'M') }} \
ETCD_NAME={{ etcd_member_name }} {% endif %}
ETCD_PROXY=off {% if etcd_cpu_limit is defined %}
ETCD_INITIAL_CLUSTER={{ etcd_peer_addresses }} --cpu-shares={{ etcd_cpu_limit|regex_replace('m', '') }} \
{% endif %}
# TLS settings --name={{ etcd_member_name | default("etcd") }} \
ETCD_TRUSTED_CA_FILE={{ etcd_cert_dir }}/ca.pem {{ etcd_image_repo }}:{{ etcd_image_tag }} \
ETCD_CERT_FILE={{ etcd_cert_dir }}/member-{{ inventory_hostname }}.pem {% if etcd_after_v3 %}
ETCD_KEY_FILE={{ etcd_cert_dir }}/member-{{ inventory_hostname }}-key.pem {{ etcd_container_bin_dir }}etcd \
ETCD_PEER_TRUSTED_CA_FILE={{ etcd_cert_dir }}/ca.pem {% endif %}
ETCD_PEER_CERT_FILE={{ etcd_cert_dir }}/member-{{ inventory_hostname }}.pem "$@"
ETCD_PEER_KEY_FILE={{ etcd_cert_dir }}/member-{{ inventory_hostname }}-key.pem
ETCD_PEER_CLIENT_CERT_AUTH=true

View file

@ -1,9 +1,9 @@
--- ---
- name: install | Install kubelet launch script - name: install | Install kubelet launch script
template: template:
src: kubelet-container.j2 src: kubelet-container.j2
dest: "{{ bin_dir }}/kubelet" dest: "{{ bin_dir }}/kubelet"
owner: kube owner: kube
mode: 0755 mode: 0755
backup: yes backup: yes
notify: restart kubelet notify: restart kubelet