From 348fc5b1098b68336663b6cbfaa48efa3e78138c Mon Sep 17 00:00:00 2001
From: Matthew Mosesohn <mmosesohn@mirantis.com>
Date: Mon, 19 Dec 2016 15:05:49 +0300
Subject: [PATCH] Fix etcd to-SSL upgrade and task register vars

---
 roles/etcd/tasks/pre_upgrade.yml | 23 +++++++++++++++++------
 1 file changed, 17 insertions(+), 6 deletions(-)

diff --git a/roles/etcd/tasks/pre_upgrade.yml b/roles/etcd/tasks/pre_upgrade.yml
index ea03e23a4..b7574d9f2 100644
--- a/roles/etcd/tasks/pre_upgrade.yml
+++ b/roles/etcd/tasks/pre_upgrade.yml
@@ -1,26 +1,26 @@
 - name: "Pre-upgrade | check for etcd-proxy unit file"
   stat:
     path: /etc/systemd/system/etcd-proxy.service
-  register: kube_apiserver_service_file
+  register: etcd_proxy_service_file
   tags: facts
 
 - name: "Pre-upgrade | check for etcd-proxy init script"
   stat:
     path: /etc/init.d/etcd-proxy
-  register: kube_apiserver_init_script
+  register: etcd_proxy_init_script
   tags: facts
 
 - name: "Pre-upgrade | stop etcd-proxy if service defined"
   service:
     name: etcd-proxy
     state: stopped
-  when: (kube_apiserver_service_file.stat.exists|default(False) or kube_apiserver_init_script.stat.exists|default(False))
+  when: (etcd_proxy_service_file.stat.exists|default(False) or etcd_proxy_init_script.stat.exists|default(False))
 
 - name: "Pre-upgrade | remove etcd-proxy service definition"
   file:
     path: "{{ item }}"
     state: absent
-  when: (kube_apiserver_service_file.stat.exists|default(False) or kube_apiserver_init_script.stat.exists|default(False))
+  when: (etcd_proxy_service_file.stat.exists|default(False) or etcd_proxy_init_script.stat.exists|default(False))
   with_items:
     - /etc/systemd/system/etcd-proxy.service
     - /etc/init.d/etcd-proxy
@@ -34,12 +34,23 @@
   command: "docker rm -f {{item}}"
   with_items: "{{etcd_proxy_container.stdout_lines}}"
 
+- name: "Pre-upgrade | remove etcd-proxy if it exists"
+  command: "docker rm -f {{item}}"
+  with_items: "{{etcd_proxy_container.stdout_lines}}"
+
 - name: "Pre-upgrade | check if member list is non-SSL"
-  command: etcdctl member list
+  command: "{{ bin_dir }}/etcdctl --no-sync --peers={{ etcd_access_addresses | regex_replace('https','http') }} member list"
   register: etcd_member_list
+  retries: 10
+  delay: 3
+  until: etcd_member_list.rc != 2
+  run_once: true
   ignore_errors: true
 
 - name: "Pre-upgrade | change peer names to SSL"
   shell: >-
-    etcdctl member list | awk -F"[: =]" '{print "etcdctl member update "$1" https:"$7":"$8}' | bash
+    {{ bin_dir }}/etcdctl --no-sync --peers={{ etcd_access_addresses | regex_replace('https','http') }} member list |
+    awk -F"[: =]" '{print "{{ bin_dir }}/etcdctl --peers={{ etcd_access_addresses | regex_replace('https','http') }} member update "$1" https:"$7":"$8}' | bash
+  run_once: true
   when: 'etcd_member_list is defined and "http://" in etcd_member_list.stdout'
+