mirror of
https://github.com/phfroidmont/self-hosting.git
synced 2025-12-25 13:46:59 +01:00
Install etcd cluster
This commit is contained in:
Paul-Henri Froidmont
parent
e0b240c7bd
commit
7e1e5f9c91
13 changed files with 55 additions and 1033 deletions
|
|
@ -1,60 +1,13 @@
|
|||
---
|
||||
# The directory from where to copy the K8s certificates. By default this
|
||||
# will expand to user's LOCAL $HOME (the user that run's "ansible-playbook ..."
|
||||
# plus "/k8s/certs". That means if the user's $HOME directory is e.g.
|
||||
# "/home/da_user" then "k8s_ca_conf_directory" will have a value of
|
||||
# "/home/da_user/k8s/certs".
|
||||
k8s_ca_conf_directory: "{{ '~/k8s/certs' | expanduser }}"
|
||||
|
||||
# etcd version
|
||||
etcd_version: "3.2.13"
|
||||
# Port where etcd listening for clients
|
||||
etcd_client_port: "2379"
|
||||
# Port where etcd is listening for it's peer's
|
||||
etcd_peer_port: "2380"
|
||||
# Interface to bind etcd ports to
|
||||
etcd_interface: "tap0"
|
||||
# Directroy for etcd configuration
|
||||
etcd_conf_dir: "/etc/etcd"
|
||||
# Directory to store downloaded etcd archive
|
||||
# Should not be deleted to avoid downloading over and over again
|
||||
etcd_download_dir: "/opt/etcd"
|
||||
# Directroy to store etcd binaries
|
||||
etcd_bin_dir: "/usr/local/bin"
|
||||
# etcd data directory (etcd database files so to say)
|
||||
etcd_data_dir: "/var/lib/etcd"
|
||||
|
||||
etcd_settings:
|
||||
"name": "{{ansible_hostname}}"
|
||||
"cert-file": "{{etcd_conf_dir}}/etcd.pem"
|
||||
"key-file": "{{etcd_conf_dir}}/etcd-key.pem"
|
||||
"peer-cert-file": "{{etcd_conf_dir}}/etcd.pem"
|
||||
"peer-key-file": "{{etcd_conf_dir}}/etcd-key.pem"
|
||||
"peer-trusted-ca-file": "{{etcd_conf_dir}}/ca.pem"
|
||||
"peer-client-cert-auth": "true" # # Enable peer client cert authentication
|
||||
"client-cert-auth": "true" # Enable client cert authentication
|
||||
"trusted-ca-file": "{{etcd_conf_dir}}/ca.pem"
|
||||
"advertise-client-urls": "{{'https://' + hostvars[inventory_hostname]['ansible_' + etcd_interface].ipv4.address + ':' + etcd_client_port}}"
|
||||
"initial-advertise-peer-urls": "{{'https://' + hostvars[inventory_hostname]['ansible_' + etcd_interface].ipv4.address + ':' + etcd_peer_port}}"
|
||||
"listen-peer-urls": "{{'https://' + hostvars[inventory_hostname]['ansible_' + etcd_interface].ipv4.address + ':' + etcd_peer_port}}"
|
||||
"listen-client-urls": "{{'https://' + hostvars[inventory_hostname]['ansible_' + etcd_interface].ipv4.address + ':' + etcd_client_port + ',https://127.0.0.1:' + etcd_client_port}}"
|
||||
"initial-cluster-token": "etcd-cluster-0" # Initial cluster token for the etcd cluster during bootstrap.
|
||||
"initial-cluster-state": "new" # Initial cluster state ('new' or 'existing')
|
||||
"data-dir": "{{etcd_data_dir}}" # etcd data directory (etcd database files so to say)
|
||||
"wal-dir": "" # Dedicated wal directory ("" means no seperated WAL directory)
|
||||
"auto-compaction-retention": "0" # Auto compaction retention in hour. 0 means disable auto compaction.
|
||||
"snapshot-count": "100000" # Number of committed transactions to trigger a snapshot to disk
|
||||
"heartbeat-interval": "100" # Time (in milliseconds) of a heartbeat interval
|
||||
"election-timeout": "1000" # Time (in milliseconds) for an election to timeout. See tuning documentation for details
|
||||
"max-snapshots": "5" # Maximum number of snapshot files to retain (0 is unlimited)
|
||||
"max-wals": "5" # Maximum number of wal files to retain (0 is unlimited)
|
||||
"cors": "" # Comma-separated whitelist of origins for CORS (cross-origin resource sharing)
|
||||
"quota-backend-bytes": "0" # Raise alarms when backend size exceeds the given quota (0 defaults to low space quota)
|
||||
"log-package-levels": "" # Specify a particular log level for each etcd package (eg: 'etcdmain=CRITICAL,etcdserver=DEBUG')
|
||||
"log-output": "default" # Specify 'stdout' or 'stderr' to skip journald logging even when running under systemd
|
||||
|
||||
# Certificate authority and certificate files for etcd
|
||||
etcd_certificates:
|
||||
- ca.pem # client server TLS trusted CA key file/peer server TLS trusted CA file
|
||||
- etcd.pem # peer server TLS cert file
|
||||
- etcd-key.pem # peer server TLS key file
|
||||
etcd_name: "etcd_{{ ansible_hostname }}"
|
||||
#etcd_advertise_client_urls: "http://{{ ansible_hostname }}:2379"
|
||||
etcd_advertise_client_urls: "http://{{ vpn_ip }}:2379"
|
||||
#etcd_listen_client_urls: 'http://{{ ansible_hostname }}:2379,http://127.0.0.1:2379'
|
||||
etcd_listen_client_urls: 'http://{{ vpn_ip }}:2379,http://127.0.0.1:2379'
|
||||
#etcd_initial_advertise_peer_urls: "http://{{ ansible_hostname }}:2380"
|
||||
etcd_initial_advertise_peer_urls: "http://{{ vpn_ip }}:2380"
|
||||
#etcd_listen_peer_urls: "http://{{ ansible_hostname }}:2380"
|
||||
etcd_listen_peer_urls: "http://{{ vpn_ip }}:2380"
|
||||
# Create the list of initial cluster by using a template lookup
|
||||
etcd_initial_cluster: "{{ lookup('template', 'templates/initial_cluster.j2') | replace('\n', '')}}"
|
||||
etcd_initial_cluster_token: "token_{{ hostvars[initial_master]['ansible_hostname'] }}"
|
||||
etcd_initial_cluster_state: "new"
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue