From f0b1f0f7c6fc6d05f5631aeb225e6009bb47e42a Mon Sep 17 00:00:00 2001 From: Miouge1 Date: Thu, 25 Jun 2020 13:26:21 +0200 Subject: [PATCH] Explicitly set ETCDCTL_API and use ETCDCTL_ENDPOINTS --- roles/etcd/handlers/backup.yml | 2 +- roles/etcd/tasks/configure.yml | 24 ++++++++++++++----- roles/etcd/tasks/join_etcd-events_member.yml | 8 +++++-- roles/etcd/tasks/join_etcd_member.yml | 8 +++++-- .../recover_control_plane/etcd/tasks/main.yml | 24 ++++++++++++++----- .../remove-etcd-node/tasks/main.yml | 8 +++++-- 6 files changed, 55 insertions(+), 19 deletions(-) diff --git a/roles/etcd/handlers/backup.yml b/roles/etcd/handlers/backup.yml index 7124bd56bef..32c0a3d401b 100644 --- a/roles/etcd/handlers/backup.yml +++ b/roles/etcd/handlers/backup.yml @@ -46,10 +46,10 @@ - name: Backup etcd v3 data command: >- {{ bin_dir }}/etcdctl - --endpoints={{ etcd_access_addresses }} snapshot save {{ etcd_backup_directory }}/snapshot.db environment: ETCDCTL_API: 3 + ETCDCTL_ENDPOINTS: "{{ etcd_access_addresses }}" ETCDCTL_CERT: "{{ etcd_cert_dir }}/admin-{{ inventory_hostname }}.pem" ETCDCTL_KEY: "{{ etcd_cert_dir }}/admin-{{ inventory_hostname }}-key.pem" ETCDCTL_CACERT: "{{ etcd_cert_dir }}/ca.pem" diff --git a/roles/etcd/tasks/configure.yml b/roles/etcd/tasks/configure.yml index 69fb272e5e0..4dcf7c6b96c 100644 --- a/roles/etcd/tasks/configure.yml +++ b/roles/etcd/tasks/configure.yml @@ -1,6 +1,6 @@ --- - name: Configure | Check if etcd cluster is healthy - shell: "{{ bin_dir }}/etcdctl --endpoints={{ etcd_access_addresses }} cluster-health | grep -q 'cluster is healthy'" + shell: "{{ bin_dir }}/etcdctl cluster-health | grep -q 'cluster is healthy'" register: etcd_cluster_is_healthy failed_when: false changed_when: false @@ -10,12 +10,14 @@ tags: - facts environment: + ETCDCTL_API: 2 + ETCDCTL_ENDPOINTS: "{{ etcd_access_addresses }}" ETCDCTL_CERT_FILE: "{{ etcd_cert_dir }}/admin-{{ inventory_hostname }}.pem" ETCDCTL_KEY_FILE: "{{ etcd_cert_dir }}/admin-{{ inventory_hostname }}-key.pem" ETCDCTL_CA_FILE: "{{ etcd_cert_dir }}/ca.pem" - name: Configure | Check if etcd-events cluster is healthy - shell: "{{ bin_dir }}/etcdctl --endpoints={{ etcd_events_access_addresses }} cluster-health | grep -q 'cluster is healthy'" + shell: "{{ bin_dir }}/etcdctl cluster-health | grep -q 'cluster is healthy'" register: etcd_events_cluster_is_healthy failed_when: false changed_when: false @@ -25,6 +27,8 @@ tags: - facts environment: + ETCDCTL_API: 2 + ETCDCTL_ENDPOINTS: "{{ etcd_events_access_addresses }}" ETCDCTL_CERT_FILE: "{{ etcd_cert_dir }}/admin-{{ inventory_hostname }}.pem" ETCDCTL_KEY_FILE: "{{ etcd_cert_dir }}/admin-{{ inventory_hostname }}-key.pem" ETCDCTL_CA_FILE: "{{ etcd_cert_dir }}/ca.pem" @@ -70,7 +74,7 @@ when: is_etcd_master and etcd_events_cluster_setup - name: Configure | Wait for etcd cluster to be healthy - shell: "{{ bin_dir }}/etcdctl --no-sync --endpoints={{ etcd_access_addresses }} cluster-health | grep -q 'cluster is healthy'" + shell: "{{ bin_dir }}/etcdctl --no-sync cluster-health | grep -q 'cluster is healthy'" register: etcd_cluster_is_healthy until: etcd_cluster_is_healthy.rc == 0 retries: "{{ etcd_retries }}" @@ -85,12 +89,14 @@ tags: - facts environment: + ETCDCTL_API: 2 + ETCDCTL_ENDPOINTS: "{{ etcd_access_addresses }}" ETCDCTL_CERT_FILE: "{{ etcd_cert_dir }}/admin-{{ inventory_hostname }}.pem" ETCDCTL_KEY_FILE: "{{ etcd_cert_dir }}/admin-{{ inventory_hostname }}-key.pem" ETCDCTL_CA_FILE: "{{ etcd_cert_dir }}/ca.pem" - name: Configure | Wait for etcd-events cluster to be healthy - shell: "{{ bin_dir }}/etcdctl --no-sync --endpoints={{ etcd_events_access_addresses }} cluster-health | grep -q 'cluster is healthy'" + shell: "{{ bin_dir }}/etcdctl --no-sync cluster-health | grep -q 'cluster is healthy'" register: etcd_events_cluster_is_healthy until: etcd_events_cluster_is_healthy.rc == 0 retries: "{{ etcd_retries }}" @@ -105,12 +111,14 @@ tags: - facts environment: + ETCDCTL_API: 2 + ETCDCTL_ENDPOINTS: "{{ etcd_events_access_addresses }}" ETCDCTL_CERT_FILE: "{{ etcd_cert_dir }}/admin-{{ inventory_hostname }}.pem" ETCDCTL_KEY_FILE: "{{ etcd_cert_dir }}/admin-{{ inventory_hostname }}-key.pem" ETCDCTL_CA_FILE: "{{ etcd_cert_dir }}/ca.pem" - name: Configure | Check if member is in etcd cluster - shell: "{{ bin_dir }}/etcdctl --no-sync --endpoints={{ etcd_access_addresses }} member list | grep -q {{ etcd_access_address }}" + shell: "{{ bin_dir }}/etcdctl --no-sync member list | grep -q {{ etcd_access_address }}" register: etcd_member_in_cluster ignore_errors: true changed_when: false @@ -119,12 +127,14 @@ tags: - facts environment: + ETCDCTL_API: 2 + ETCDCTL_ENDPOINTS: "{{ etcd_access_addresses }}" ETCDCTL_CERT_FILE: "{{ etcd_cert_dir }}/admin-{{ inventory_hostname }}.pem" ETCDCTL_KEY_FILE: "{{ etcd_cert_dir }}/admin-{{ inventory_hostname }}-key.pem" ETCDCTL_CA_FILE: "{{ etcd_cert_dir }}/ca.pem" - name: Configure | Check if member is in etcd-events cluster - shell: "{{ bin_dir }}/etcdctl --no-sync --endpoints={{ etcd_events_access_addresses }} member list | grep -q {{ etcd_access_address }}" + shell: "{{ bin_dir }}/etcdctl --no-sync member list | grep -q {{ etcd_access_address }}" register: etcd_events_member_in_cluster ignore_errors: true changed_when: false @@ -133,6 +143,8 @@ tags: - facts environment: + ETCDCTL_API: 2 + ETCDCTL_ENDPOINTS: "{{ etcd_events_access_addresses }}" ETCDCTL_CERT_FILE: "{{ etcd_cert_dir }}/admin-{{ inventory_hostname }}.pem" ETCDCTL_KEY_FILE: "{{ etcd_cert_dir }}/admin-{{ inventory_hostname }}-key.pem" ETCDCTL_CA_FILE: "{{ etcd_cert_dir }}/ca.pem" diff --git a/roles/etcd/tasks/join_etcd-events_member.yml b/roles/etcd/tasks/join_etcd-events_member.yml index 21396a57a2a..e16811702dc 100644 --- a/roles/etcd/tasks/join_etcd-events_member.yml +++ b/roles/etcd/tasks/join_etcd-events_member.yml @@ -1,11 +1,13 @@ --- - name: Join Member | Add member to etcd-events cluster - shell: "{{ bin_dir }}/etcdctl --endpoints={{ etcd_events_access_addresses }} member add {{ etcd_member_name }} {{ etcd_events_peer_url }}" + shell: "{{ bin_dir }}/etcdctl member add {{ etcd_member_name }} {{ etcd_events_peer_url }}" register: member_add_result until: member_add_result.rc == 0 retries: "{{ etcd_retries }}" delay: "{{ retry_stagger | random + 3 }}" environment: + ETCDCTL_API: 2 + ETCDCTL_ENDPOINTS: "{{ etcd_events_access_addresses }}" ETCDCTL_CERT_FILE: "{{ etcd_cert_dir }}/admin-{{ inventory_hostname }}.pem" ETCDCTL_KEY_FILE: "{{ etcd_cert_dir }}/admin-{{ inventory_hostname }}-key.pem" @@ -22,13 +24,15 @@ {%- endfor -%} - name: Join Member | Ensure member is in etcd-events cluster - shell: "{{ bin_dir }}/etcdctl --no-sync --endpoints={{ etcd_events_access_addresses }} member list | grep -q {{ etcd_events_access_address }}" + shell: "{{ bin_dir }}/etcdctl --no-sync member list | grep -q {{ etcd_events_access_address }}" register: etcd_events_member_in_cluster changed_when: false check_mode: no tags: - facts environment: + ETCDCTL_API: 2 + ETCDCTL_ENDPOINTS: "{{ etcd_events_access_addresses }}" ETCDCTL_CERT_FILE: "{{ etcd_cert_dir }}/admin-{{ inventory_hostname }}.pem" ETCDCTL_KEY_FILE: "{{ etcd_cert_dir }}/admin-{{ inventory_hostname }}-key.pem" diff --git a/roles/etcd/tasks/join_etcd_member.yml b/roles/etcd/tasks/join_etcd_member.yml index 5c3c7aef03f..bea484c3747 100644 --- a/roles/etcd/tasks/join_etcd_member.yml +++ b/roles/etcd/tasks/join_etcd_member.yml @@ -1,11 +1,13 @@ --- - name: Join Member | Add member to etcd cluster - shell: "{{ bin_dir }}/etcdctl --endpoints={{ etcd_access_addresses }} member add {{ etcd_member_name }} {{ etcd_peer_url }}" + shell: "{{ bin_dir }}/etcdctl member add {{ etcd_member_name }} {{ etcd_peer_url }}" register: member_add_result until: member_add_result.rc == 0 retries: "{{ etcd_retries }}" delay: "{{ retry_stagger | random + 3 }}" environment: + ETCDCTL_API: 2 + ETCDCTL_ENDPOINTS: "{{ etcd_access_addresses }}" ETCDCTL_CERT_FILE: "{{ etcd_cert_dir }}/admin-{{ inventory_hostname }}.pem" ETCDCTL_KEY_FILE: "{{ etcd_cert_dir }}/admin-{{ inventory_hostname }}-key.pem" ETCDCTL_CA_FILE: "{{ etcd_cert_dir }}/ca.pem" @@ -23,13 +25,15 @@ {%- endfor -%} - name: Join Member | Ensure member is in etcd cluster - shell: "{{ bin_dir }}/etcdctl --no-sync --endpoints={{ etcd_access_addresses }} member list | grep -q {{ etcd_access_address }}" + shell: "{{ bin_dir }}/etcdctl --no-sync member list | grep -q {{ etcd_access_address }}" register: etcd_member_in_cluster changed_when: false check_mode: no tags: - facts environment: + ETCDCTL_API: 2 + ETCDCTL_ENDPOINTS: "{{ etcd_access_addresses }}" ETCDCTL_CERT_FILE: "{{ etcd_cert_dir }}/admin-{{ inventory_hostname }}.pem" ETCDCTL_KEY_FILE: "{{ etcd_cert_dir }}/admin-{{ inventory_hostname }}-key.pem" ETCDCTL_CA_FILE: "{{ etcd_cert_dir }}/ca.pem" diff --git a/roles/recover_control_plane/etcd/tasks/main.yml b/roles/recover_control_plane/etcd/tasks/main.yml index d199749cc6d..25c94a9513d 100644 --- a/roles/recover_control_plane/etcd/tasks/main.yml +++ b/roles/recover_control_plane/etcd/tasks/main.yml @@ -1,12 +1,16 @@ --- - name: Get etcd endpoint health - shell: "{{ bin_dir }}/etcdctl --cacert {{ etcd_cert_dir }}/ca.pem --cert {{ etcd_cert_dir }}/admin-{{ inventory_hostname }}.pem --key {{ etcd_cert_dir }}/admin-{{ inventory_hostname }}-key.pem --endpoints={{ etcd_access_addresses }} endpoint health" + shell: "{{ bin_dir }}/etcdctl endpoint health" register: etcd_endpoint_health ignore_errors: true changed_when: false check_mode: no environment: - - ETCDCTL_API: 3 + ETCDCTL_API: 3 + ETCDCTL_ENDPOINTS: "{{ etcd_access_addresses }}" + ETCDCTL_CERT: "{{ etcd_cert_dir }}/admin-{{ inventory_hostname }}.pem" + ETCDCTL_KEY: "{{ etcd_cert_dir }}/admin-{{ inventory_hostname }}-key.pem" + ETCDCTL_CACERT: "{{ etcd_cert_dir }}/ca.pem" when: - groups['broken_etcd'] @@ -53,21 +57,29 @@ - "item.rc != 0 and not 'No such file or directory' in item.stderr" - name: Get etcd cluster members - shell: "{{ bin_dir }}/etcdctl --cacert {{ etcd_cert_dir }}/ca.pem --cert {{ etcd_cert_dir }}/admin-{{ inventory_hostname }}.pem --key {{ etcd_cert_dir }}/admin-{{ inventory_hostname }}-key.pem member list" + shell: "{{ bin_dir }}/etcdctl member list" register: member_list changed_when: false check_mode: no environment: - - ETCDCTL_API: 3 + ETCDCTL_API: 3 + ETCDCTL_ENDPOINTS: "{{ etcd_access_addresses }}" + ETCDCTL_CERT: "{{ etcd_cert_dir }}/admin-{{ inventory_hostname }}.pem" + ETCDCTL_KEY: "{{ etcd_cert_dir }}/admin-{{ inventory_hostname }}-key.pem" + ETCDCTL_CACERT: "{{ etcd_cert_dir }}/ca.pem" when: - groups['broken_etcd'] - not healthy - has_quorum - name: Remove broken cluster members - shell: "{{ bin_dir }}/etcdctl --cacert {{ etcd_cert_dir }}/ca.pem --cert {{ etcd_cert_dir }}/admin-{{ inventory_hostname }}.pem --key {{ etcd_cert_dir }}/admin-{{ inventory_hostname }}-key.pem --endpoints={{ etcd_access_addresses }} member remove {{ item[1].replace(' ','').split(',')[0] }}" + shell: "{{ bin_dir }}/etcdctl member remove {{ item[1].replace(' ','').split(',')[0] }}" environment: - - ETCDCTL_API: 3 + ETCDCTL_API: 3 + ETCDCTL_ENDPOINTS: "{{ etcd_access_addresses }}" + ETCDCTL_CERT: "{{ etcd_cert_dir }}/admin-{{ inventory_hostname }}.pem" + ETCDCTL_KEY: "{{ etcd_cert_dir }}/admin-{{ inventory_hostname }}-key.pem" + ETCDCTL_CACERT: "{{ etcd_cert_dir }}/ca.pem" with_nested: - "{{ groups['broken_etcd'] }}" - "{{ member_list.stdout_lines }}" diff --git a/roles/remove-node/remove-etcd-node/tasks/main.yml b/roles/remove-node/remove-etcd-node/tasks/main.yml index b381691fdfb..125711a6cb4 100644 --- a/roles/remove-node/remove-etcd-node/tasks/main.yml +++ b/roles/remove-node/remove-etcd-node/tasks/main.yml @@ -6,7 +6,7 @@ - inventory_hostname in groups['etcd'] - name: Lookup etcd member id - shell: "{{ bin_dir }}/etcdctl --no-sync --endpoints={{ etcd_access_addresses }} member list | grep {{ node_ip }} | cut -d: -f1" + shell: "{{ bin_dir }}/etcdctl --no-sync member list | grep {{ node_ip }} | cut -d: -f1" register: etcd_member_id ignore_errors: true changed_when: false @@ -14,6 +14,8 @@ tags: - facts environment: + ETCDCTL_API: 2 + ETCDCTL_ENDPOINTS: "{{ etcd_access_addresses }}" ETCDCTL_CERT_FILE: "{{ etcd_cert_dir }}/admin-{{ groups['etcd']|first }}.pem" ETCDCTL_KEY_FILE: "{{ etcd_cert_dir }}/admin-{{ groups['etcd']|first }}-key.pem" ETCDCTL_CA_FILE: "{{ etcd_cert_dir }}/ca.pem" @@ -22,7 +24,7 @@ - inventory_hostname in groups['etcd'] - name: Remove etcd member from cluster - shell: "{{ bin_dir }}/etcdctl --no-sync --endpoints={{ etcd_access_addresses }} member remove {{ etcd_member_id.stdout }}" + shell: "{{ bin_dir }}/etcdctl --no-sync member remove {{ etcd_member_id.stdout }}" register: etcd_member_in_cluster ignore_errors: false retries: 6 @@ -33,6 +35,8 @@ tags: - facts environment: + ETCDCTL_API: 2 + ETCDCTL_ENDPOINTS: "{{ etcd_access_addresses }}" ETCDCTL_CERT_FILE: "{{ etcd_cert_dir }}/admin-{{ groups['etcd']|first }}.pem" ETCDCTL_KEY_FILE: "{{ etcd_cert_dir }}/admin-{{ groups['etcd']|first }}-key.pem" ETCDCTL_CA_FILE: "{{ etcd_cert_dir }}/ca.pem"