kubespray/roles/etcd/handlers/main.yml

---
- name: Backup etcd
  import_tasks: backup.yml

- name: Restart etcd
  systemd_service:
    name: etcd
    state: restarted
    daemon_reload: true
  when: ('etcd' in group_names)
  throttle: "{{ groups['etcd'] | length // 2 }}"
  # Etcd cluster MUST have an odd number of members
  # Truncated integer division by 2 will always return (majority - 1) which
  # means the cluster will keep quorum and stay available

- name: Restart etcd-events
  systemd_service:
    name: etcd-events
    state: restarted
    daemon_reload: true
  # TODO: this seems odd. etcd-events should be a different group possibly ?
  when: ('etcd' in group_names)
  throttle: "{{ groups['etcd'] | length // 2 }}"

- name: Wait for etcd up
  uri:
    url: "https://{% if 'etcd' in group_names %}{{ etcd_address }}{% else %}127.0.0.1{% endif %}:2379/health"
    validate_certs: false
    client_cert: "{{ etcd_cert_dir }}/member-{{ inventory_hostname }}.pem"
    client_key: "{{ etcd_cert_dir }}/member-{{ inventory_hostname }}-key.pem"
  register: result
  until: result.status is defined and result.status == 200
  retries: 60
  delay: 1
  listen: Restart etcd

- name: Cleanup etcd backups
  import_tasks: backup_cleanup.yml

- name: Wait for etcd-events up
  uri:
    url: "https://{% if 'etcd' in group_names %}{{ etcd_address }}{% else %}127.0.0.1{% endif %}:2383/health"
    validate_certs: false
    client_cert: "{{ etcd_cert_dir }}/member-{{ inventory_hostname }}.pem"
    client_key: "{{ etcd_cert_dir }}/member-{{ inventory_hostname }}-key.pem"
  register: result
  until: result.status is defined and result.status == 200
  retries: 60
  delay: 1
  listen: Restart etcd-events

- name: Set etcd_secret_changed
  set_fact:
    etcd_secret_changed: true
etcd directly in host fix etcd configuration for nodes fix wrong calico checksums using a var name etcd_bin_dir fix etcd handlers for sysvinit using a var name etcd_bin_dir sysvinit script review etcd configuration 2016-01-19 22:23:19 +08:00			`---`
Resolve ansible-lint name errors (#10253) * project: fix ansible-lint name Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> * project: ignore jinja template error in names Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> * project: capitalize ansible name Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> * project: update notify after name capitalization Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> --------- Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> 2023-07-26 22:36:22 +08:00			`- name: Backup etcd`
			`import_tasks: backup.yml`
Backup etcd data before restarting etcd etcd is crucial part of kubernetes cluster. Ansible restarts etcd on reconfiguration. Backup helps operator to restore cluster manually in case of any issues. Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com> 2017-03-17 03:38:13 +08:00
etcd: throttle restart for availability (#11677) * etcd: throttle restart for availability During upgrade, etcd member are restarted all at once. This can impact the availability of the etcd cluster and subsequently of the Kubernetes cluster. Limit the concurrent restart so that the etcd cluster can keep quorum. * Simplify etcd handlers 2024-11-05 14:11:29 +08:00			`- name: Restart etcd`
Rename systemd module to systemd_service (#11396) Signed-off-by: tu1h <lihai.tu@daocloud.io> 2024-07-26 16:11:39 +08:00			`systemd_service:`
Ensure that etcd health checks always pass in the etcd handler, the reload etcd action was called after ansible waits for etcd to be up, this means that the health checks which are called immediately after fail (resulting in the etcd role always failing and never finishing) This patch changes the order to move the 'wait for etcd up' resource after the 'reload etcd resource', ensuring that the service is up before the health check is called. 2016-11-19 06:08:19 +08:00			`name: etcd`
			`state: restarted`
etcd: throttle restart for availability (#11677) * etcd: throttle restart for availability During upgrade, etcd member are restarted all at once. This can impact the availability of the etcd cluster and subsequently of the Kubernetes cluster. Limit the concurrent restart so that the etcd cluster can keep quorum. * Simplify etcd handlers 2024-11-05 14:11:29 +08:00			`daemon_reload: true`
Rename master to control plane - non-breaking changes only (#11394) K8s is moving away from the "master" terminology, so kubespray should follow the same naming conventions. See https://github.com/kubernetes/community/blob/65d886bb3029e73d9729e1d4f27422a7985233ed/sig-architecture/naming/recommendations/001-master-control-plane.md 2024-09-06 14:56:19 +08:00			`when: ('etcd' in group_names)`
etcd: throttle restart for availability (#11677) * etcd: throttle restart for availability During upgrade, etcd member are restarted all at once. This can impact the availability of the etcd cluster and subsequently of the Kubernetes cluster. Limit the concurrent restart so that the etcd cluster can keep quorum. * Simplify etcd handlers 2024-11-05 14:11:29 +08:00			`throttle: "{{ groups['etcd'] \| length // 2 }}"`
			`# Etcd cluster MUST have an odd number of members`
			`# Truncated integer division by 2 will always return (majority - 1) which`
			`# means the cluster will keep quorum and stay available`
Ensure that etcd health checks always pass in the etcd handler, the reload etcd action was called after ansible waits for etcd to be up, this means that the health checks which are called immediately after fail (resulting in the etcd role always failing and never finishing) This patch changes the order to move the 'wait for etcd up' resource after the 'reload etcd resource', ensuring that the service is up before the health check is called. 2016-11-19 06:08:19 +08:00
etcd: throttle restart for availability (#11677) * etcd: throttle restart for availability During upgrade, etcd member are restarted all at once. This can impact the availability of the etcd cluster and subsequently of the Kubernetes cluster. Limit the concurrent restart so that the etcd cluster can keep quorum. * Simplify etcd handlers 2024-11-05 14:11:29 +08:00			`- name: Restart etcd-events`
			`systemd_service:`
Add etcd-events cluster for kube-apiserver (#2385) Add etcd-events cluster for kube-apiserver 2018-03-01 16:39:14 +08:00			`name: etcd-events`
			`state: restarted`
etcd: throttle restart for availability (#11677) * etcd: throttle restart for availability During upgrade, etcd member are restarted all at once. This can impact the availability of the etcd cluster and subsequently of the Kubernetes cluster. Limit the concurrent restart so that the etcd cluster can keep quorum. * Simplify etcd handlers 2024-11-05 14:11:29 +08:00			`daemon_reload: true`
			`# TODO: this seems odd. etcd-events should be a different group possibly ?`
Rename master to control plane - non-breaking changes only (#11394) K8s is moving away from the "master" terminology, so kubespray should follow the same naming conventions. See https://github.com/kubernetes/community/blob/65d886bb3029e73d9729e1d4f27422a7985233ed/sig-architecture/naming/recommendations/001-master-control-plane.md 2024-09-06 14:56:19 +08:00			`when: ('etcd' in group_names)`
etcd: throttle restart for availability (#11677) * etcd: throttle restart for availability During upgrade, etcd member are restarted all at once. This can impact the availability of the etcd cluster and subsequently of the Kubernetes cluster. Limit the concurrent restart so that the etcd cluster can keep quorum. * Simplify etcd handlers 2024-11-05 14:11:29 +08:00			`throttle: "{{ groups['etcd'] \| length // 2 }}"`
Add etcd-events cluster for kube-apiserver (#2385) Add etcd-events cluster for kube-apiserver 2018-03-01 16:39:14 +08:00
Resolve ansible-lint name errors (#10253) * project: fix ansible-lint name Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> * project: ignore jinja template error in names Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> * project: capitalize ansible name Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> * project: update notify after name capitalization Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> --------- Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> 2023-07-26 22:36:22 +08:00			`- name: Wait for etcd up`
Cleanup legacy syntax, spacing, files all to yml Migrate older inline= syntax to pure yml syntax for module args as to be consistant with most of the rest of the tasks Cleanup some spacing in various files Rename some files named yaml to yml for consistancy 2017-02-18 05:22:34 +08:00			`uri:`
Rename master to control plane - non-breaking changes only (#11394) K8s is moving away from the "master" terminology, so kubespray should follow the same naming conventions. See https://github.com/kubernetes/community/blob/65d886bb3029e73d9729e1d4f27422a7985233ed/sig-architecture/naming/recommendations/001-master-control-plane.md 2024-09-06 14:56:19 +08:00			`url: "https://{% if 'etcd' in group_names %}{{ etcd_address }}{% else %}127.0.0.1{% endif %}:2379/health"`
Do not use ‘yes/no’ for boolean values (#11472) Consistent boolean values in ansible playbooks 2024-08-28 13:30:56 +08:00			`validate_certs: false`
Add etcd key and cert environment variables for use with client auth 2017-11-07 22:06:16 +08:00			`client_cert: "{{ etcd_cert_dir }}/member-{{ inventory_hostname }}.pem"`
			`client_key: "{{ etcd_cert_dir }}/member-{{ inventory_hostname }}-key.pem"`
Set default etcd deployment to docker Improved docker reload command to wait for etcd to be up before proceeding. Switched reload to run restart because it can't reload if it is not guaranteed to be in running state. 2016-07-19 21:45:37 +08:00			`register: result`
Remove etcd-proxy from all nodes and use etcd multiaccess 2016-11-09 18:31:12 +08:00			`until: result.status is defined and result.status == 200`
Purge legacy cleanup tasks from older than 1 year (#4450) We don't need to support upgrades from 2 year old installs, just from the last major version. Also changed most retried tasks to 1s delay instead of longer. 2019-04-24 15:08:05 +08:00			`retries: 60`
			`delay: 1`
Refactor "multi" handlers to use listen (#10542) * containerd: refactor handlers to use 'listen' * cri-dockerd: refactor handlers to use 'listen' * cri-o: refactor handlers to use 'listen' * docker: refactor handlers to use 'listen' * etcd: refactor handlers to use 'listen' * control-plane: refactor handlers to use 'listen' * kubeadm: refactor handlers to use 'listen' * node: refactor handlers to use 'listen' * preinstall: refactor handlers to use 'listen' * calico: refactor handlers to use 'listen' * kube-router: refactor handlers to use 'listen' * macvlan: refactor handlers to use 'listen' 2023-11-08 19:28:30 +08:00			`listen: Restart etcd`
Add optional deployment mode for Docker etcd_deployment_type Running etcd in Docker reduces the number of individual file downloads and services running on the host. Note: etcd container v3.0.1 moves bindir to /usr/local/bin Fixes: #298 2016-06-24 20:25:16 +08:00
Resolve ansible-lint name errors (#10253) * project: fix ansible-lint name Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> * project: ignore jinja template error in names Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> * project: capitalize ansible name Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> * project: update notify after name capitalization Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> --------- Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> 2023-07-26 22:36:22 +08:00			`- name: Cleanup etcd backups`
			`import_tasks: backup_cleanup.yml`
Move old etcd backup removal after etcd restart (#9147) 2022-08-05 23:09:59 +08:00
Resolve ansible-lint name errors (#10253) * project: fix ansible-lint name Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> * project: ignore jinja template error in names Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> * project: capitalize ansible name Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> * project: update notify after name capitalization Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> --------- Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> 2023-07-26 22:36:22 +08:00			`- name: Wait for etcd-events up`
Add etcd-events cluster for kube-apiserver (#2385) Add etcd-events cluster for kube-apiserver 2018-03-01 16:39:14 +08:00			`uri:`
Rename master to control plane - non-breaking changes only (#11394) K8s is moving away from the "master" terminology, so kubespray should follow the same naming conventions. See https://github.com/kubernetes/community/blob/65d886bb3029e73d9729e1d4f27422a7985233ed/sig-architecture/naming/recommendations/001-master-control-plane.md 2024-09-06 14:56:19 +08:00			`url: "https://{% if 'etcd' in group_names %}{{ etcd_address }}{% else %}127.0.0.1{% endif %}:2383/health"`
Do not use ‘yes/no’ for boolean values (#11472) Consistent boolean values in ansible playbooks 2024-08-28 13:30:56 +08:00			`validate_certs: false`
Add etcd-events cluster for kube-apiserver (#2385) Add etcd-events cluster for kube-apiserver 2018-03-01 16:39:14 +08:00			`client_cert: "{{ etcd_cert_dir }}/member-{{ inventory_hostname }}.pem"`
			`client_key: "{{ etcd_cert_dir }}/member-{{ inventory_hostname }}-key.pem"`
			`register: result`
			`until: result.status is defined and result.status == 200`
Purge legacy cleanup tasks from older than 1 year (#4450) We don't need to support upgrades from 2 year old installs, just from the last major version. Also changed most retried tasks to 1s delay instead of longer. 2019-04-24 15:08:05 +08:00			`retries: 60`
			`delay: 1`
Refactor "multi" handlers to use listen (#10542) * containerd: refactor handlers to use 'listen' * cri-dockerd: refactor handlers to use 'listen' * cri-o: refactor handlers to use 'listen' * docker: refactor handlers to use 'listen' * etcd: refactor handlers to use 'listen' * control-plane: refactor handlers to use 'listen' * kubeadm: refactor handlers to use 'listen' * node: refactor handlers to use 'listen' * preinstall: refactor handlers to use 'listen' * calico: refactor handlers to use 'listen' * kube-router: refactor handlers to use 'listen' * macvlan: refactor handlers to use 'listen' 2023-11-08 19:28:30 +08:00			`listen: Restart etcd-events`
Add etcd-events cluster for kube-apiserver (#2385) Add etcd-events cluster for kube-apiserver 2018-03-01 16:39:14 +08:00
Resolve ansible-lint name errors (#10253) * project: fix ansible-lint name Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> * project: ignore jinja template error in names Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> * project: capitalize ansible name Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> * project: update notify after name capitalization Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> --------- Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> 2023-07-26 22:36:22 +08:00			`- name: Set etcd_secret_changed`
Add etcd TLS support 2016-11-09 18:44:41 +08:00			`set_fact:`
			`etcd_secret_changed: true`