mirror of https://github.com/easzlab/kubeasz.git
增加添加etcd节点脚本
parent
4898ae072d
commit
d80404b7d9
|
@ -0,0 +1,54 @@
|
|||
# add new-etcd node, one at a time
|
||||
- hosts:
|
||||
- new-etcd
|
||||
tasks:
|
||||
- name: add a new etcd member
|
||||
shell: "ETCDCTL_API=3 {{ bin_dir }}/etcdctl member add {{ NODE_NAME }} --peer-urls=https://{{ inventory_hostname }}:2380"
|
||||
delegate_to: "{{ groups.etcd[0] }}"
|
||||
when: "inventory_hostname == groups['new-etcd'][0]"
|
||||
|
||||
# start the new-etcd node
|
||||
- hosts:
|
||||
- new-etcd
|
||||
roles:
|
||||
- { role: chrony, when: "hostvars[groups.deploy[0]]['NTP_ENABLED'] == 'yes' and inventory_hostname == groups['new-etcd'][0]" }
|
||||
- { role: prepare, when: "inventory_hostname == groups['new-etcd'][0]" }
|
||||
- { role: new-etcd, when: "inventory_hostname == groups['new-etcd'][0]" }
|
||||
|
||||
# restart the original etcd cluster with the new configuration
|
||||
- hosts:
|
||||
- etcd
|
||||
roles:
|
||||
- { role: new-etcd, when: "groups['new-etcd']|length > 0" }
|
||||
|
||||
# modify the ansible hosts file
|
||||
- hosts:
|
||||
- new-etcd
|
||||
tasks:
|
||||
- name: tag new-etcd's node FINISHED=yes
|
||||
lineinfile:
|
||||
dest: "{{ base_dir }}/hosts"
|
||||
state: present
|
||||
regexp: '{{ NODE_NAME }}'
|
||||
line: "{{ inventory_hostname }} NODE_NAME={{ NODE_NAME }} FINISHED=yes"
|
||||
connection: local
|
||||
when: "inventory_hostname == groups['new-etcd'][0]"
|
||||
|
||||
- name: cp new-etcd's node to etcd group
|
||||
lineinfile:
|
||||
dest: "{{ base_dir }}/hosts"
|
||||
state: present
|
||||
insertafter: '^\[etcd\]'
|
||||
firstmatch: yes
|
||||
line: "{{ inventory_hostname }} NODE_NAME={{ NODE_NAME }}"
|
||||
connection: local
|
||||
when: "inventory_hostname == groups['new-etcd'][0]"
|
||||
|
||||
- hosts: deploy
|
||||
tasks:
|
||||
- name: rm new-etcd's node
|
||||
lineinfile:
|
||||
dest: "{{ base_dir }}/hosts"
|
||||
state: absent
|
||||
regexp: 'FINISHED=yes'
|
||||
connection: local
|
|
@ -0,0 +1,19 @@
|
|||
# to clean 'etcd' nodes
|
||||
- hosts:
|
||||
- etcd
|
||||
- new-etcd
|
||||
tasks:
|
||||
- name: stop and disable etcd service
|
||||
service:
|
||||
name: etcd
|
||||
state: stopped
|
||||
enabled: no
|
||||
ignore_errors: true
|
||||
|
||||
- name: remove files and dirs
|
||||
file: name={{ item }} state=absent
|
||||
with_items:
|
||||
- "/var/lib/etcd"
|
||||
- "/etc/etcd/"
|
||||
- "/backup/k8s"
|
||||
- "/etc/systemd/system/etcd.service"
|
|
@ -0,0 +1,4 @@
|
|||
# etcd 集群间通信的IP和端口, 根据etcd组成员自动生成
|
||||
# 新增 etcd 节点,一次只能增加一个
|
||||
TMP_NODES: "{% for h in groups['etcd'] %}{{ hostvars[h]['NODE_NAME'] }}=https://{{ h }}:2380,{% endfor %}{% if groups['new-etcd']|length > 0 %}{{ hostvars[groups['new-etcd'][0]]['NODE_NAME'] }}=https://{{ groups['new-etcd'][0] }}:2380,{% endif %}"
|
||||
ETCD_NODES: "{{ TMP_NODES.rstrip(',') }}"
|
|
@ -0,0 +1,62 @@
|
|||
- name: prepare some dirs
|
||||
file: name={{ item }} state=directory
|
||||
with_items:
|
||||
- "{{ bin_dir }}"
|
||||
- "{{ ca_dir }}"
|
||||
- "/etc/etcd/ssl" # etcd 证书目录
|
||||
- "/var/lib/etcd" # etcd 工作目录
|
||||
|
||||
- name: 下载etcd二进制文件
|
||||
copy: src={{ base_dir }}/bin/{{ item }} dest={{ bin_dir }}/{{ item }} mode=0755
|
||||
with_items:
|
||||
- etcd
|
||||
- etcdctl
|
||||
tags: upgrade_etcd
|
||||
|
||||
- name: 分发证书相关
|
||||
synchronize: src={{ ca_dir }}/{{ item }} dest={{ ca_dir }}/{{ item }}
|
||||
with_items:
|
||||
- ca.pem
|
||||
- ca-key.pem
|
||||
- ca.csr
|
||||
- ca-config.json
|
||||
delegate_to: "{{ groups.deploy[0] }}"
|
||||
|
||||
# 注册变量p,根据p的stat信息判断是否已经生成过etcd证书,如果没有,下一步生成证书
|
||||
# 如果已经有etcd证书,为了保证整个安装的幂等性,跳过证书生成的步骤
|
||||
- name: 读取etcd证书stat信息
|
||||
stat: path="/etc/etcd/ssl/etcd.pem"
|
||||
register: p
|
||||
|
||||
- name: 创建etcd证书请求
|
||||
template: src=etcd-csr.json.j2 dest=/etc/etcd/ssl/etcd-csr.json
|
||||
when: p.stat.isreg is not defined
|
||||
|
||||
- name: 创建 etcd证书和私钥
|
||||
when: p.stat.isreg is not defined
|
||||
shell: "cd /etc/etcd/ssl && {{ bin_dir }}/cfssl gencert \
|
||||
-ca={{ ca_dir }}/ca.pem \
|
||||
-ca-key={{ ca_dir }}/ca-key.pem \
|
||||
-config={{ ca_dir }}/ca-config.json \
|
||||
-profile=kubernetes etcd-csr.json | {{ bin_dir }}/cfssljson -bare etcd"
|
||||
|
||||
- name: 创建etcd的systemd unit文件
|
||||
template: src=etcd.service.j2 dest=/etc/systemd/system/etcd.service
|
||||
tags: upgrade_etcd
|
||||
|
||||
- name: 开机启用etcd服务
|
||||
shell: systemctl enable etcd
|
||||
ignore_errors: true
|
||||
|
||||
- name: 开启etcd服务
|
||||
shell: systemctl daemon-reload && systemctl restart etcd
|
||||
ignore_errors: true
|
||||
tags: upgrade_etcd
|
||||
|
||||
- name: 以轮询的方式等待服务同步完成
|
||||
shell: "systemctl status etcd.service|grep Active"
|
||||
register: etcd_status
|
||||
until: '"running" in etcd_status.stdout'
|
||||
retries: 8
|
||||
delay: 8
|
||||
tags: upgrade_etcd
|
|
@ -0,0 +1,20 @@
|
|||
{
|
||||
"CN": "etcd",
|
||||
"hosts": [
|
||||
"127.0.0.1",
|
||||
"{{ inventory_hostname }}"
|
||||
],
|
||||
"key": {
|
||||
"algo": "rsa",
|
||||
"size": 2048
|
||||
},
|
||||
"names": [
|
||||
{
|
||||
"C": "CN",
|
||||
"ST": "HangZhou",
|
||||
"L": "XS",
|
||||
"O": "k8s",
|
||||
"OU": "System"
|
||||
}
|
||||
]
|
||||
}
|
|
@ -0,0 +1,32 @@
|
|||
[Unit]
|
||||
Description=Etcd Server
|
||||
After=network.target
|
||||
After=network-online.target
|
||||
Wants=network-online.target
|
||||
Documentation=https://github.com/coreos
|
||||
|
||||
[Service]
|
||||
Type=notify
|
||||
WorkingDirectory=/var/lib/etcd/
|
||||
ExecStart={{ bin_dir }}/etcd \
|
||||
--name={{ NODE_NAME }} \
|
||||
--cert-file=/etc/etcd/ssl/etcd.pem \
|
||||
--key-file=/etc/etcd/ssl/etcd-key.pem \
|
||||
--peer-cert-file=/etc/etcd/ssl/etcd.pem \
|
||||
--peer-key-file=/etc/etcd/ssl/etcd-key.pem \
|
||||
--trusted-ca-file={{ ca_dir }}/ca.pem \
|
||||
--peer-trusted-ca-file={{ ca_dir }}/ca.pem \
|
||||
--initial-advertise-peer-urls=https://{{ inventory_hostname }}:2380 \
|
||||
--listen-peer-urls=https://{{ inventory_hostname }}:2380 \
|
||||
--listen-client-urls=https://{{ inventory_hostname }}:2379,http://127.0.0.1:2379 \
|
||||
--advertise-client-urls=https://{{ inventory_hostname }}:2379 \
|
||||
--initial-cluster-token=etcd-cluster-0 \
|
||||
--initial-cluster={{ ETCD_NODES }} \
|
||||
--initial-cluster-state=existing \
|
||||
--data-dir=/var/lib/etcd
|
||||
Restart=on-failure
|
||||
RestartSec=5
|
||||
LimitNOFILE=65536
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
Loading…
Reference in New Issue