openstack/kolla-ansible
Code Issues Proposed changes
kolla-ansible/ansible/roles/etcd/defaults/main.yml
Roman Krček 006ff07185 Don't notify handlers during copy-cert 
This is a prerequisite for patchset #745164

This fixes unwanted restarts during copying of certificates.
By removing conditional statements from role handlers in #745164,
copying certificates caused containers to restart, this is unwanted
during the genconfig process. However, if we would remove handler
notifiers from copying certificates, the container would never
restart, since from #745164, containers will restart only if any
of the files specified in config.json change. Certificates are now
copied to intermediary location inside of the container, from which
the script kolla_copy_cacerts will install them in the trust store.

Depends-on: https://review.opendev.org/c/openstack/kolla/+/926882
Change-Id: Ib89048c7e0f250182c4bf57d8c8a1b5478e9b4ab
Signed-off-by: Roman Krček <roman.krcek@tietoevry.com>
2024-12-01 22:16:25 +01:00

88 lines
4.0 KiB
YAML
Raw Blame History

---
etcd_services:
etcd:
container_name: etcd
group: etcd
enabled: true
environment: "{{ etcd_base_environment | combine(etcd_default_environment) }}"
image: "{{ etcd_image_full }}"
volumes: "{{ etcd_default_volumes + etcd_extra_volumes }}"
dimensions: "{{ etcd_dimensions }}"
haproxy:
etcd:
enabled: true
mode: "http"
external: false
port: "{{ etcd_client_port }}"
tls_backend: "{{ etcd_enable_tls | bool }}"
####################
# Environment
####################
etcd_base_environment:
# KOLLA_BOOTSTRAP_STATUS is used to indicate whether the container should
# be recreated. Otherwise the kolla_container task doesn't detect that the
# environment has changed if variables are removed.
KOLLA_BOOTSTRAP_STATUS: "undefined"
ETCDCTL_API: "3"
ETCDCTL_ENDPOINTS: "{{ etcd_client_internal_endpoint }}"
ETCDCTL_WRITE_OUT: "json"
ETCD_DATA_DIR: "/var/lib/etcd"
ETCD_NAME: "{{ ansible_facts.hostname }}"
ETCD_ADVERTISE_CLIENT_URLS: "{{ etcd_client_internal_endpoint }}"
ETCD_LISTEN_CLIENT_URLS: "{{ etcd_client_internal_endpoint }}"
ETCD_LISTEN_PEER_URLS: "{{ etcd_peer_internal_endpoint }}"
ETCD_LOGGER: "zap"
ETCD_LOG_OUTPUTS: "stderr,/var/log/kolla/etcd/etcd.log"
KOLLA_CONFIG_STRATEGY: "{{ config_strategy }}"
ETCD_CERT_FILE: "{% if etcd_enable_tls | bool %}/etc/etcd/certs/etcd-cert.pem{% endif %}"
ETCD_KEY_FILE: "{% if etcd_enable_tls | bool %}/etc/etcd/certs/etcd-key.pem{% endif %}"
ETCD_PEER_CERT_FILE: "{% if etcd_enable_tls | bool %}/etc/etcd/certs/etcd-cert.pem{% endif %}"
ETCD_PEER_KEY_FILE: "{% if etcd_enable_tls | bool %}/etc/etcd/certs/etcd-key.pem{% endif %}"
etcd_default_environment:
KOLLA_BOOTSTRAP_STATUS: "bootstrap completed"
etcd_bootstrap_service_environment:
KOLLA_BOOTSTRAP_STATUS: "bootstrap service"
ETCD_INITIAL_CLUSTER_STATE: "existing"
ETCD_INITIAL_ADVERTISE_PEER_URLS: "{{ etcd_peer_internal_endpoint }}"
ETCD_INITIAL_CLUSTER_TOKEN: "{{ etcd_cluster_token }}"
ETCD_INITIAL_CLUSTER: "{% for host in groups['etcd_had_volume_True'] %}{{ hostvars[host].ansible_facts.hostname }}={{ etcd_protocol }}://{{ 'api' | kolla_address(host) | put_address_in_context('url') }}:{{ etcd_peer_port }},{% endfor %}{{ ansible_facts.hostname }}={{ etcd_protocol }}://{{ 'api' | kolla_address(inventory_hostname) | put_address_in_context('url') }}:{{ etcd_peer_port }}"
etcd_bootstrap_cluster_environment:
KOLLA_BOOTSTRAP_STATUS: "bootstrap cluster"
ETCD_INITIAL_CLUSTER_STATE: "new"
ETCD_INITIAL_ADVERTISE_PEER_URLS: "{{ etcd_peer_internal_endpoint }}"
ETCD_INITIAL_CLUSTER_TOKEN: "{{ etcd_cluster_token }}"
ETCD_INITIAL_CLUSTER: "{% for host in groups['etcd'] %}{{ hostvars[host].ansible_facts.hostname }}={{ etcd_protocol }}://{{ 'api' | kolla_address(host) | put_address_in_context('url') }}:{{ etcd_peer_port }}{% if not loop.last %},{% endif %}{% endfor %}"
####################
# Docker
####################
etcd_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ docker_image_name_prefix }}etcd"
etcd_tag: "{{ openstack_tag }}"
etcd_image_full: "{{ etcd_image }}:{{ etcd_tag }}"
etcd_dimensions: "{{ default_container_dimensions }}"
etcd_default_volumes:
- "{{ node_config_directory }}/etcd/:{{ container_config_directory }}/:ro"
- "/etc/localtime:/etc/localtime:ro"
- "{{ '/etc/timezone:/etc/timezone:ro' if ansible_facts.os_family == 'Debian' else '' }}"
- "kolla_etcd:/var/lib/etcd/"
- "kolla_logs:/var/log/kolla/"
etcd_extra_volumes: "{{ default_extra_volumes }}"
############
# Endpoints
############
etcd_client_internal_endpoint: "{{ etcd_protocol }}://{{ api_interface_address | put_address_in_context('url') }}:{{ etcd_client_port }}"
etcd_peer_internal_endpoint: "{{ etcd_protocol }}://{{ api_interface_address | put_address_in_context('url') }}:{{ etcd_peer_port }}"
###################
# Managing members
###################
etcd_remove_deleted_members: "no"
###################
# Copy certificates
###################
etcd_copy_certs: "{{ kolla_copy_ca_into_containers | bool or etcd_enable_tls | bool }}"
View Git Blame Copy Permalink