epostnikof/kubespray
1
0
Fork 0
mirror of https://github.com/kubernetes-sigs/kubespray.git synced 2026-02-28 09:39:12 +03:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' of https://github.com/kubernetes-incubator/kubespray into etcd-fix-4

Browse Source
This commit is contained in:
woopstar
2018-05-02 13:37:15 +02:00
committed by Andreas Kruger
parent 32a8ea8094 223ed98828
commit 4c81cd2a71
104 changed files with 663 additions and 294 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
roles/etcd/defaults/main.yml
View File

@@ -32,6 +32,12 @@ etcd_election_timeout: "5000"
etcd_metrics: "basic"
## A dictionary of extra environment variables to add to etcd.env, formatted like:
## etcd_extra_vars:
## ETCD_VAR1: "value1"
## ETCD_VAR2: "value2"
etcd_extra_vars: {}
# Limits
# Limit memory only if <4GB memory on host. 0=unlimited
etcd_memory_limit: "{% if ansible_memtotal_mb < 4096 %}512M{% else %}0{% endif %}"

6
roles/etcd/tasks/upd_ca_trust.yml
View File

@@ -8,6 +8,8 @@
/etc/pki/ca-trust/source/anchors/etcd-ca.crt
{%- elif ansible_os_family in ["CoreOS", "Container Linux by CoreOS"] -%}
/etc/ssl/certs/etcd-ca.pem
{%- elif ansible_os_family == "Suse" -%}
/etc/pki/trust/anchors/etcd-ca.pem
{%- endif %}
tags:
- facts
@@ -19,9 +21,9 @@
remote_src: true
register: etcd_ca_cert
- name: Gen_certs | update ca-certificates (Debian/Ubuntu/Container Linux by CoreOS)
- name: Gen_certs | update ca-certificates (Debian/Ubuntu/SUSE/Container Linux by CoreOS)
command: update-ca-certificates
when: etcd_ca_cert.changed and ansible_os_family in ["Debian", "CoreOS", "Container Linux by CoreOS"]
when: etcd_ca_cert.changed and ansible_os_family in ["Debian", "CoreOS", "Container Linux by CoreOS", "Suse"]
- name: Gen_certs | update ca-certificates (RedHat)
command: update-ca-trust extract

4
roles/etcd/templates/etcd.env.j2
View File

@@ -27,3 +27,7 @@ ETCD_PEER_TRUSTED_CA_FILE={{ etcd_cert_dir }}/ca.pem
ETCD_PEER_CERT_FILE={{ etcd_cert_dir }}/member-{{ inventory_hostname }}.pem
ETCD_PEER_KEY_FILE={{ etcd_cert_dir }}/member-{{ inventory_hostname }}-key.pem
ETCD_PEER_CLIENT_CERT_AUTH={{ etcd_peer_client_auth }}
{% for key, value in etcd_extra_vars.iteritems() %}
{{ key }}={{ value }}
{% endfor %}