/
main.yml
111 lines (84 loc) · 3.75 KB
/
main.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
---
# (c) Wong Hoi Sing Edison <hswong3i@pantarei-design.com>
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# etcd version.
etcd_version: "v3.4.15"
# etcd download details.
etcd_download: "{{ _etcd_download[etcd_version] }}"
# Human-readable name for this member.
etcd_name: "{{ inventory_hostname }}"
# Path to the data directory.
etcd_data_dir: "/var/lib/etcd/default"
# Number of committed transactions to trigger a snapshot to disk.
etcd_snapshot_count: 10000
# List of URLs to listen on for peer traffic.
etcd_listen_peer_urls: "https://{{ ansible_default_ipv4.address }}:2380,https://127.0.0.1:2380"
# List of URLs to listen on for client traffic.
etcd_listen_client_urls: "https://{{ ansible_default_ipv4.address }}:2379,https://127.0.0.1:2379"
# List of this member's peer URLs to advertise to the rest of the cluster.
etcd_initial_advertise_peer_urls: "https://{{ ansible_default_ipv4.address }}:2380"
# initial cluster configuration for bootstrapping.
etcd_initial_cluster: >-
{%- set _ns = namespace() -%}
{%- set _ns._params = [] -%}
{%- for host in groups['etcd'] -%}
{%- set _ns._params = _ns._params + [host + "=https://" + hostvars[host].ansible_default_ipv4.address + ":2380"] -%}
{%- endfor -%}
{{ _ns._params | join(',') }}
# Initial cluster state ("new" or "existing").
etcd_initial_cluster_state: "new"
# Initial cluster token for the etcd cluster during bootstrap.
etcd_initial_cluster_token: "etcd-cluster"
# List of this member's client URLs to advertise to the rest of the cluster.
etcd_advertise_client_urls: "https://{{ ansible_default_ipv4.address }}:2379"
# Path to the client server TLS cert file.
etcd_cert_file: "/etc/etcd/pki/server.crt"
# Path to the client server TLS key file.
etcd_key_file: "{{ etcd_cert_file | splitext | first }}.key"
# commonName field of the CSR.
etcd_csr_common_name: "{{ groups['etcd'][0] }}"
# subjectAltName field of the CSR.
etcd_csr_subject_alt_name: >-
{%- set _ns = namespace() -%}
{%- set _ns._params = ["DNS:localhost", "IP:127.0.0.1"] -%}
{%- for host in groups['etcd'] -%}
{%- set _ns._params = _ns._params + ["DNS:" + host, "IP:" + hostvars[host].ansible_default_ipv4.address] -%}
{%- endfor -%}
{{ _ns._params }}
# Enable client cert authentication.
etcd_client_cert_auth: true
# Path to the client server TLS trusted CA key file.
etcd_trusted_ca_file: "/etc/etcd/pki/ca.crt"
# Client TLS using generated certificates.
etcd_auto_tls: false
# Path to the peer server TLS cert file.
etcd_peer_cert_file: "/etc/etcd/pki/peer.crt"
# Path to the peer server TLS key file.
etcd_peer_key_file: "{{ etcd_peer_cert_file | splitext | first }}.key"
# commonName field of the CSR.
etcd_peer_csr_common_name: "{{ groups['etcd'][0] }}"
# subjectAltName field of the CSR.
etcd_peer_csr_subject_alt_name: >-
{%- set _ns = namespace() -%}
{%- set _ns._params = ["DNS:localhost", "IP:127.0.0.1"] -%}
{%- for host in groups['etcd'] -%}
{%- set _ns._params = _ns._params + ["DNS:" + host, "IP:" + hostvars[host].ansible_default_ipv4.address] -%}
{%- endfor -%}
{{ _ns._params }}
# Enable peer client cert authentication.
etcd_peer_client_cert_auth: true
# Peer TLS using generated certificates.
etcd_peer_auto_tls: false
# Path to the peer server TLS trusted CA file.
etcd_peer_trusted_ca_file: "{{ etcd_trusted_ca_file }}"