mirror of
https://github.com/KevinMidboe/kazan-ansible.git
synced 2026-01-01 23:06:38 +00:00
etcd role for controller nodes
This commit is contained in:
14
roles/etcd/tasks/certs-controller.yml
Normal file
14
roles/etcd/tasks/certs-controller.yml
Normal file
@@ -0,0 +1,14 @@
|
||||
---
|
||||
- name: Copy controller certificates
|
||||
copy:
|
||||
src: "{{ playbook_dir }}/../../kazan-ssl/pki/{{ item }}"
|
||||
dest: "/etc/etcd/"
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0644
|
||||
|
||||
become: true
|
||||
with_items:
|
||||
- ca/ca.pem
|
||||
- api/kubernetes-key.pem
|
||||
- api/kubernetes.pem
|
||||
14
roles/etcd/tasks/certs-lb.yml
Normal file
14
roles/etcd/tasks/certs-lb.yml
Normal file
@@ -0,0 +1,14 @@
|
||||
---
|
||||
- name: Copy load-balancer certificates
|
||||
copy:
|
||||
src: "{{ playbook_dir }}/../../kazan-ssl/pki/{{ item }}"
|
||||
dest: "/etc/etcd/"
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0644
|
||||
|
||||
become: true
|
||||
with_items:
|
||||
- ca/ca.pem
|
||||
- api/kubernetes-key.pem
|
||||
- api/kubernetes.pem
|
||||
18
roles/etcd/tasks/certs-worker.yml
Normal file
18
roles/etcd/tasks/certs-worker.yml
Normal file
@@ -0,0 +1,18 @@
|
||||
---
|
||||
- name: Copy worker certificates
|
||||
copy:
|
||||
src: "{{ playbook_dir }}/../../kazan-ssl/pki/{{ item }}"
|
||||
dest: "/etc/etcd/"
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0644
|
||||
|
||||
become: true
|
||||
with_items:
|
||||
- ca/ca.pem
|
||||
- clients/w1.kazan.schleppe-key.pem
|
||||
- clients/w1.kazan.schleppe.pem
|
||||
- clients/w2.kazan.schleppe-key.pem
|
||||
- clients/w2.kazan.schleppe.pem
|
||||
- clients/w3.kazan.schleppe-key.pem
|
||||
- clients/w3.kazan.schleppe.pem
|
||||
8
roles/etcd/tasks/install.yml
Normal file
8
roles/etcd/tasks/install.yml
Normal file
@@ -0,0 +1,8 @@
|
||||
---
|
||||
- name: Create etcd config dir
|
||||
file: path=/etc/etcd state=directory
|
||||
become: true
|
||||
|
||||
- name: Create etcd data dir
|
||||
file: path=/var/lib/etcd state=directory
|
||||
become: true
|
||||
14
roles/etcd/tasks/main.yml
Normal file
14
roles/etcd/tasks/main.yml
Normal file
@@ -0,0 +1,14 @@
|
||||
---
|
||||
- include: install.yml
|
||||
|
||||
- include: certs-controller.yml
|
||||
when: "'controller' in group_names or 'load-balancer' in group_names"
|
||||
|
||||
# - include: certs-lb.yml
|
||||
# when: "'load-balancer' in group_names"
|
||||
|
||||
- include: certs-worker.yml
|
||||
when: "'worker' in group_names"
|
||||
|
||||
- include: systemd-service.yml
|
||||
when: "'controller' in group_names"
|
||||
32
roles/etcd/tasks/systemd-service.yml
Normal file
32
roles/etcd/tasks/systemd-service.yml
Normal file
@@ -0,0 +1,32 @@
|
||||
---
|
||||
- name: Add etcd systemd unit
|
||||
template:
|
||||
src: etcd.service.j2
|
||||
dest: /etc/systemd/system/etcd.service
|
||||
mode: 700
|
||||
become: true
|
||||
|
||||
- name: Reload systemd
|
||||
command: systemctl daemon-reload
|
||||
become: true
|
||||
|
||||
- name: Enable etcd service
|
||||
command: systemctl enable etcd
|
||||
become: true
|
||||
|
||||
- name: Restart etcd
|
||||
service:
|
||||
name: etcd
|
||||
state: restarted
|
||||
enabled: yes
|
||||
become: true
|
||||
|
||||
- name: Wait for etcd listening
|
||||
wait_for: port=2379 timeout=60
|
||||
|
||||
# - name: Verify etcd cluster health
|
||||
# shell: etcdctl --ca-file=/etc/etcd/ca.pem cluster-health
|
||||
# register: cmd_result
|
||||
# until: cmd_result.stdout.find("cluster is healthy") != -1
|
||||
# retries: 5
|
||||
# delay: 5
|
||||
Reference in New Issue
Block a user