From 2b521c8ae6c468fd2bb98362221483eced103696 Mon Sep 17 00:00:00 2001 From: Jan Chaloupka Date: Fri, 23 Jun 2017 12:14:24 +0200 Subject: attach leases via the first master only and only once - move openshift-etcd/migrate.yml from byo to common and keep just the entry point - replace std_include with essential plays (e.g. no need to detect openshift version) - delegate the ttl re-attaching to the first master --- roles/etcd_migrate/tasks/check.yml | 2 +- roles/etcd_migrate/tasks/check_cluster_health.yml | 2 +- roles/etcd_migrate/tasks/check_cluster_status.yml | 8 ++++---- roles/etcd_migrate/tasks/migrate.yml | 17 ++++++++--------- 4 files changed, 14 insertions(+), 15 deletions(-) (limited to 'roles') diff --git a/roles/etcd_migrate/tasks/check.yml b/roles/etcd_migrate/tasks/check.yml index 2f07713bc..800073873 100644 --- a/roles/etcd_migrate/tasks/check.yml +++ b/roles/etcd_migrate/tasks/check.yml @@ -6,7 +6,7 @@ # Run the migration only if the data are v2 - name: Check if there are any v3 data command: > - etcdctl --cert {{ etcd_peer_cert_file }} --key {{ etcd_peer_key_file }} --cacert {{ etcd_peer_ca_file }} --endpoints 'https://{{ etcd_peer }}:2379' get "" --from-key --keys-only -w json --limit 1 + etcdctl --cert {{ etcd_peer_cert_file }} --key {{ etcd_peer_key_file }} --cacert {{ etcd_peer_ca_file }} --endpoints 'https://{{ etcd_peer }}:{{ etcd_client_port }}' get "" --from-key --keys-only -w json --limit 1 environment: ETCDCTL_API: 3 register: l_etcdctl_output diff --git a/roles/etcd_migrate/tasks/check_cluster_health.yml b/roles/etcd_migrate/tasks/check_cluster_health.yml index 1abd6a32f..201d83f99 100644 --- a/roles/etcd_migrate/tasks/check_cluster_health.yml +++ b/roles/etcd_migrate/tasks/check_cluster_health.yml @@ -1,7 +1,7 @@ --- - name: Check cluster health command: > - etcdctl --cert-file /etc/etcd/peer.crt --key-file /etc/etcd/peer.key --ca-file /etc/etcd/ca.crt --endpoint https://{{ etcd_peer }}:2379 cluster-health + etcdctl --cert-file {{ etcd_peer_cert_file }} --key-file {{ etcd_peer_key_file }} --ca-file {{ etcd_peer_ca_file }} --endpoint https://{{ etcd_peer }}:{{ etcd_client_port }} cluster-health register: etcd_cluster_health changed_when: false failed_when: false diff --git a/roles/etcd_migrate/tasks/check_cluster_status.yml b/roles/etcd_migrate/tasks/check_cluster_status.yml index 90fe385c1..b69fb5a52 100644 --- a/roles/etcd_migrate/tasks/check_cluster_status.yml +++ b/roles/etcd_migrate/tasks/check_cluster_status.yml @@ -2,7 +2,7 @@ # etcd_ip originates from etcd_common role - name: Check cluster status command: > - etcdctl --cert /etc/etcd/peer.crt --key /etc/etcd/peer.key --cacert /etc/etcd/ca.crt --endpoints 'https://{{ etcd_peer }}:2379' -w json endpoint status + etcdctl --cert {{ etcd_peer_cert_file }} --key {{ etcd_peer_key_file }} --cacert {{ etcd_peer_ca_file }} --endpoints 'https://{{ etcd_peer }}:{{ etcd_client_port }}' -w json endpoint status environment: ETCDCTL_API: 3 register: l_etcd_cluster_status @@ -15,7 +15,7 @@ # http://docs.ansible.com/ansible/playbooks_filters.html#extracting-values-from-containers - name: Group all raftIndices into a list set_fact: - etcd_members_raft_indices: "{{ groups['oo_etcd_to_config'] | map('extract', hostvars, 'etcd_member_raft_index') | list | unique }}" + etcd_members_raft_indices: "{{ groups['oo_etcd_to_migrate'] | map('extract', hostvars, 'etcd_member_raft_index') | list | unique }}" - name: Check the minimum and the maximum of raftIndices is at most 1 set_fact: @@ -24,9 +24,9 @@ - debug: msg: "Raft indices difference: {{ etcd_members_raft_indices_diff }}" - when: inventory_hostname in groups.oo_etcd_to_config[0] + when: inventory_hostname in groups.oo_etcd_to_migrate[0] # The cluster raft status is ok if the difference of the max and min raft index is at most 1 - name: capture the status set_fact: - l_etcd_cluster_status_ok: "{{ hostvars[groups.oo_etcd_to_config[0]]['etcd_members_raft_indices_diff'] | int < 2 }}" + l_etcd_cluster_status_ok: "{{ hostvars[groups.oo_etcd_to_migrate[0]]['etcd_members_raft_indices_diff'] | int < 2 }}" diff --git a/roles/etcd_migrate/tasks/migrate.yml b/roles/etcd_migrate/tasks/migrate.yml index cb479b0cc..27eb945aa 100644 --- a/roles/etcd_migrate/tasks/migrate.yml +++ b/roles/etcd_migrate/tasks/migrate.yml @@ -20,10 +20,12 @@ - name: Check the etcd v2 data are correctly migrated fail: msg: "Failed to migrate a member" - when: "'finished transforming keys' not in l_etcdctl_migrate.stdout" + when: "'finished transforming keys' not in l_etcdctl_migrate.stdout and 'no v2 keys to migrate' not in l_etcdctl_migrate.stdout" + +- name: Migration message + debug: + msg: "Etcd migration finished with: {{ l_etcdctl_migrate.stdout }}" -# TODO(jchaloup): start the etcd on a different port so noone can access it -# Once the validation is done - name: Enable etcd member service: name: "{{ l_etcd_service }}" @@ -35,7 +37,7 @@ --cert {{ etcd_peer_cert_file }} \ --key {{ etcd_peer_key_file }} \ --cacert {{ etcd_peer_ca_file }} \ - --etcd-address 'https://{{ etcd_peer }}:2379' \ + --etcd-address 'https://{{ etcd_peer }}:{{ etcd_client_port }}' \ --ttl-keys-prefix {{ item }} \ --lease-duration 1h environment: @@ -43,11 +45,8 @@ with_items: - "/kubernetes.io/events" - "/kubernetes.io/masterleases" + delegate_to: "{{ groups.oo_first_master[0] }}" + run_once: true - set_fact: r_etcd_migrate_success: true - -- name: Enable etcd member - service: - name: "{{ l_etcd_service }}" - state: started -- cgit v1.2.3