commit
c2c334d22f
7 changed files with 67 additions and 49 deletions
|
@ -30,14 +30,20 @@
|
||||||
mode: 0600
|
mode: 0600
|
||||||
|
|
||||||
- name: Backup etcd v2 data
|
- name: Backup etcd v2 data
|
||||||
command: "{{ bin_dir }}/etcdctl backup --data-dir {{ etcd_data_dir }} --backup-dir {{ etcd_backup_directory }}"
|
command: >-
|
||||||
|
{{ bin_dir }}/etcdctl backup
|
||||||
|
--data-dir {{ etcd_data_dir }}
|
||||||
|
--backup-dir {{ etcd_backup_directory }}
|
||||||
environment:
|
environment:
|
||||||
ETCDCTL_API: 2
|
ETCDCTL_API: 2
|
||||||
retries: 3
|
retries: 3
|
||||||
delay: "{{ retry_stagger | random + 3 }}"
|
delay: "{{ retry_stagger | random + 3 }}"
|
||||||
|
|
||||||
- name: Backup etcd v3 data
|
- name: Backup etcd v3 data
|
||||||
command: "{{ bin_dir }}/etcdctl --endpoints={{ etcd_access_addresses }} snapshot save {{ etcd_backup_directory }}/snapshot.db"
|
command: >-
|
||||||
|
{{ bin_dir }}/etcdctl
|
||||||
|
--endpoints={{ etcd_access_addresses }}
|
||||||
|
snapshot save {{ etcd_backup_directory }}/snapshot.db
|
||||||
environment:
|
environment:
|
||||||
ETCDCTL_API: 3
|
ETCDCTL_API: 3
|
||||||
retries: 3
|
retries: 3
|
||||||
|
|
|
@ -12,6 +12,15 @@
|
||||||
when: is_etcd_master and etcd_member_in_cluster.rc != 0 and etcd_cluster_is_healthy.rc == 0
|
when: is_etcd_master and etcd_member_in_cluster.rc != 0 and etcd_cluster_is_healthy.rc == 0
|
||||||
shell: "{{ bin_dir }}/etcdctl --peers={{ etcd_access_addresses }} member add {{ etcd_member_name }} {{ etcd_peer_url }}"
|
shell: "{{ bin_dir }}/etcdctl --peers={{ etcd_access_addresses }} member add {{ etcd_member_name }} {{ etcd_peer_url }}"
|
||||||
|
|
||||||
|
- name: Install etcd launch script
|
||||||
|
template:
|
||||||
|
src: etcd.j2
|
||||||
|
dest: "{{ bin_dir }}/etcd"
|
||||||
|
owner: 'root'
|
||||||
|
mode: 0755
|
||||||
|
backup: yes
|
||||||
|
notify: restart etcd
|
||||||
|
|
||||||
- name: Configure | Copy etcd.service systemd file
|
- name: Configure | Copy etcd.service systemd file
|
||||||
template:
|
template:
|
||||||
src: "etcd-{{ etcd_deployment_type }}.service.j2"
|
src: "etcd-{{ etcd_deployment_type }}.service.j2"
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
---
|
---
|
||||||
- name: Refresh config | Create etcd config file
|
- name: Refresh config | Create etcd config file
|
||||||
template:
|
template:
|
||||||
src: etcd.j2
|
src: etcd.env.yml
|
||||||
dest: /etc/etcd.env
|
dest: /etc/etcd.env
|
||||||
notify: restart etcd
|
notify: restart etcd
|
||||||
when: is_etcd_master
|
when: is_etcd_master
|
||||||
|
|
|
@ -6,25 +6,8 @@ After=docker.service
|
||||||
[Service]
|
[Service]
|
||||||
User=root
|
User=root
|
||||||
PermissionsStartOnly=true
|
PermissionsStartOnly=true
|
||||||
ExecStart={{ docker_bin_dir }}/docker run --restart=on-failure:5 \
|
EnvironmentFile=/etc/etcd.env
|
||||||
--env-file=/etc/etcd.env \
|
ExecStart={{ bin_dir }}/etcd
|
||||||
{# TODO(mattymo): Allow docker IP binding and disable in envfile
|
|
||||||
-p 2380:2380 -p 2379:2379 #}
|
|
||||||
--net=host \
|
|
||||||
-v /etc/ssl/certs:/etc/ssl/certs:ro \
|
|
||||||
-v {{ etcd_cert_dir }}:{{ etcd_cert_dir }}:ro \
|
|
||||||
-v {{ etcd_data_dir }}:/var/lib/etcd:rw \
|
|
||||||
{% if etcd_memory_limit is defined %}
|
|
||||||
--memory={{ etcd_memory_limit|regex_replace('Mi', 'M') }} \
|
|
||||||
{% endif %}
|
|
||||||
{% if etcd_cpu_limit is defined %}
|
|
||||||
--cpu-shares={{ etcd_cpu_limit|regex_replace('m', '') }} \
|
|
||||||
{% endif %}
|
|
||||||
--name={{ etcd_member_name | default("etcd") }} \
|
|
||||||
{{ etcd_image_repo }}:{{ etcd_image_tag }} \
|
|
||||||
{% if etcd_after_v3 %}
|
|
||||||
{{ etcd_container_bin_dir }}etcd
|
|
||||||
{% endif %}
|
|
||||||
ExecStartPre=-{{ docker_bin_dir }}/docker rm -f {{ etcd_member_name | default("etcd") }}
|
ExecStartPre=-{{ docker_bin_dir }}/docker rm -f {{ etcd_member_name | default("etcd") }}
|
||||||
ExecReload={{ docker_bin_dir }}/docker restart {{ etcd_member_name | default("etcd") }}
|
ExecReload={{ docker_bin_dir }}/docker restart {{ etcd_member_name | default("etcd") }}
|
||||||
ExecStop={{ docker_bin_dir }}/docker stop {{ etcd_member_name | default("etcd") }}
|
ExecStop={{ docker_bin_dir }}/docker stop {{ etcd_member_name | default("etcd") }}
|
||||||
|
|
22
roles/etcd/templates/etcd.env.yml
Normal file
22
roles/etcd/templates/etcd.env.yml
Normal file
|
@ -0,0 +1,22 @@
|
||||||
|
ETCD_DATA_DIR={{ etcd_data_dir }}
|
||||||
|
ETCD_ADVERTISE_CLIENT_URLS={{ etcd_client_url }}
|
||||||
|
ETCD_INITIAL_ADVERTISE_PEER_URLS={{ etcd_peer_url }}
|
||||||
|
ETCD_INITIAL_CLUSTER_STATE={% if etcd_cluster_is_healthy.rc != 0 | bool %}new{% else %}existing{% endif %}
|
||||||
|
|
||||||
|
ETCD_LISTEN_CLIENT_URLS=https://{{ etcd_address }}:2379,https://127.0.0.1:2379
|
||||||
|
ETCD_ELECTION_TIMEOUT={{ etcd_election_timeout }}
|
||||||
|
ETCD_HEARTBEAT_INTERVAL={{ etcd_heartbeat_interval }}
|
||||||
|
ETCD_INITIAL_CLUSTER_TOKEN=k8s_etcd
|
||||||
|
ETCD_LISTEN_PEER_URLS=https://{{ etcd_address }}:2380
|
||||||
|
ETCD_NAME={{ etcd_member_name }}
|
||||||
|
ETCD_PROXY=off
|
||||||
|
ETCD_INITIAL_CLUSTER={{ etcd_peer_addresses }}
|
||||||
|
|
||||||
|
# TLS settings
|
||||||
|
ETCD_TRUSTED_CA_FILE={{ etcd_cert_dir }}/ca.pem
|
||||||
|
ETCD_CERT_FILE={{ etcd_cert_dir }}/member-{{ inventory_hostname }}.pem
|
||||||
|
ETCD_KEY_FILE={{ etcd_cert_dir }}/member-{{ inventory_hostname }}-key.pem
|
||||||
|
ETCD_PEER_TRUSTED_CA_FILE={{ etcd_cert_dir }}/ca.pem
|
||||||
|
ETCD_PEER_CERT_FILE={{ etcd_cert_dir }}/member-{{ inventory_hostname }}.pem
|
||||||
|
ETCD_PEER_KEY_FILE={{ etcd_cert_dir }}/member-{{ inventory_hostname }}-key.pem
|
||||||
|
ETCD_PEER_CLIENT_CERT_AUTH=true
|
|
@ -1,22 +1,20 @@
|
||||||
ETCD_DATA_DIR={{ etcd_data_dir }}
|
#!/bin/bash
|
||||||
ETCD_ADVERTISE_CLIENT_URLS={{ etcd_client_url }}
|
{{ docker_bin_dir }}/docker run \
|
||||||
ETCD_INITIAL_ADVERTISE_PEER_URLS={{ etcd_peer_url }}
|
--restart=on-failure:5 \
|
||||||
ETCD_INITIAL_CLUSTER_STATE={% if etcd_cluster_is_healthy.rc != 0 | bool %}new{% else %}existing{% endif %}
|
--env-file=/etc/etcd.env \
|
||||||
|
--net=host \
|
||||||
ETCD_LISTEN_CLIENT_URLS=https://{{ etcd_address }}:2379,https://127.0.0.1:2379
|
-v /etc/ssl/certs:/etc/ssl/certs:ro \
|
||||||
ETCD_ELECTION_TIMEOUT={{ etcd_election_timeout }}
|
-v {{ etcd_cert_dir }}:{{ etcd_cert_dir }}:ro \
|
||||||
ETCD_HEARTBEAT_INTERVAL={{ etcd_heartbeat_interval }}
|
-v {{ etcd_data_dir }}:/var/lib/etcd:rw \
|
||||||
ETCD_INITIAL_CLUSTER_TOKEN=k8s_etcd
|
{% if etcd_memory_limit is defined %}
|
||||||
ETCD_LISTEN_PEER_URLS=https://{{ etcd_address }}:2380
|
--memory={{ etcd_memory_limit|regex_replace('Mi', 'M') }} \
|
||||||
ETCD_NAME={{ etcd_member_name }}
|
{% endif %}
|
||||||
ETCD_PROXY=off
|
{% if etcd_cpu_limit is defined %}
|
||||||
ETCD_INITIAL_CLUSTER={{ etcd_peer_addresses }}
|
--cpu-shares={{ etcd_cpu_limit|regex_replace('m', '') }} \
|
||||||
|
{% endif %}
|
||||||
# TLS settings
|
--name={{ etcd_member_name | default("etcd") }} \
|
||||||
ETCD_TRUSTED_CA_FILE={{ etcd_cert_dir }}/ca.pem
|
{{ etcd_image_repo }}:{{ etcd_image_tag }} \
|
||||||
ETCD_CERT_FILE={{ etcd_cert_dir }}/member-{{ inventory_hostname }}.pem
|
{% if etcd_after_v3 %}
|
||||||
ETCD_KEY_FILE={{ etcd_cert_dir }}/member-{{ inventory_hostname }}-key.pem
|
{{ etcd_container_bin_dir }}etcd \
|
||||||
ETCD_PEER_TRUSTED_CA_FILE={{ etcd_cert_dir }}/ca.pem
|
{% endif %}
|
||||||
ETCD_PEER_CERT_FILE={{ etcd_cert_dir }}/member-{{ inventory_hostname }}.pem
|
"$@"
|
||||||
ETCD_PEER_KEY_FILE={{ etcd_cert_dir }}/member-{{ inventory_hostname }}-key.pem
|
|
||||||
ETCD_PEER_CLIENT_CERT_AUTH=true
|
|
||||||
|
|
Loading…
Reference in a new issue