c12s-kubespray/roles/etcd/tasks/configure.yml
Matthew Mosesohn 4209f1cbfd Security fixes for etcd (#1778)
* Security fixes for etcd

* Use certs when querying etcd
2017-10-12 13:32:54 +01:00

39 lines
1.1 KiB
YAML

---
- name: Configure | Check if member is in cluster
shell: "{{ bin_dir }}/etcdctl --no-sync --peers={{ etcd_access_addresses }} member list | grep -q {{ etcd_access_address }}"
register: etcd_member_in_cluster
ignore_errors: true
changed_when: false
check_mode: no
tags:
- facts
- name: Configure | Add member to the cluster if it is not there
when: etcd_member_in_cluster.rc != 0 and etcd_cluster_is_healthy.rc == 0
shell: "{{ bin_dir }}/etcdctl --peers={{ etcd_access_addresses }} member add {{ etcd_member_name }} {{ etcd_peer_url }}"
- name: Install etcd launch script
template:
src: etcd.j2
dest: "{{ bin_dir }}/etcd"
owner: 'root'
mode: 0755
backup: yes
notify: restart etcd
- name: Configure | Copy etcd.service systemd file
template:
src: "etcd-{{ etcd_deployment_type }}.service.j2"
dest: /etc/systemd/system/etcd.service
backup: yes
notify: restart etcd
- name: Confugure | Set etcd data dir permissions
file:
path: "{{ etcd_data_dir }}"
owner: etcd
group: etcd
mode: 0700
state: directory
recurse: yes