dsk-dev kubespray 이동

ansible/kubespray/extra_playbooks/roles/etcd/handlers/backup.yml

@@ -0,0 +1,62 @@
+---
+- name: Backup etcd data
+  command: /bin/true
+  notify:
+    - Refresh Time Fact
+    - Set Backup Directory
+    - Create Backup Directory
+    - Stat etcd v2 data directory
+    - Backup etcd v2 data
+    - Backup etcd v3 data
+  when: etcd_cluster_is_healthy.rc == 0
+
+- name: Refresh Time Fact
+  setup: filter=ansible_date_time
+
+- name: Set Backup Directory
+  set_fact:
+    etcd_backup_directory: "{{ etcd_backup_prefix }}/etcd-{{ ansible_date_time.date }}_{{ ansible_date_time.time }}"
+
+- name: Create Backup Directory
+  file:
+    path: "{{ etcd_backup_directory }}"
+    state: directory
+    owner: root
+    group: root
+    mode: 0600
+
+- name: Stat etcd v2 data directory
+  stat:
+    path: "{{ etcd_data_dir }}/member"
+    get_attributes: no
+    get_checksum: no
+    get_mime: no
+  register: etcd_data_dir_member
+
+- name: Backup etcd v2 data
+  when: etcd_data_dir_member.stat.exists
+  command: >-
+    {{ bin_dir }}/etcdctl backup
+      --data-dir {{ etcd_data_dir }}
+      --backup-dir {{ etcd_backup_directory }}
+  environment:
+    ETCDCTL_API: 2
+  retries: 3
+  register: backup_v2_command
+  until: backup_v2_command.rc == 0
+  delay: "{{ retry_stagger | random + 3 }}"
+
+- name: Backup etcd v3 data
+  command: >-
+    {{ bin_dir }}/etcdctl
+      snapshot save {{ etcd_backup_directory }}/snapshot.db
+  environment:
+    ETCDCTL_API: 3
+    ETCDCTL_ENDPOINTS: "{{ etcd_access_addresses.split(',') | first }}"
+    ETCDCTL_CERT: "{{ etcd_cert_dir }}/admin-{{ inventory_hostname }}.pem"
+    ETCDCTL_KEY: "{{ etcd_cert_dir }}/admin-{{ inventory_hostname }}-key.pem"
+    ETCDCTL_CACERT: "{{ etcd_cert_dir }}/ca.pem"
+  retries: 3
+  register: etcd_backup_v3_command
+  until: etcd_backup_v3_command.rc == 0
+  delay: "{{ retry_stagger | random + 3 }}"

ansible/kubespray/extra_playbooks/roles/etcd/handlers/backup_cleanup.yml

@@ -0,0 +1,11 @@
+---
+- name: Cleanup etcd backups
+  command: /bin/true
+  notify:
+    - Remove old etcd backups
+
+- name: Remove old etcd backups
+  shell:
+    chdir: "{{ etcd_backup_prefix }}"
+    cmd: "find . -name 'etcd-*' -type d | sort -n | head -n -{{ etcd_backup_retention_count }} | xargs rm -rf"
+  when: etcd_backup_retention_count >= 0

ansible/kubespray/extra_playbooks/roles/etcd/handlers/main.yml

@@ -0,0 +1,62 @@
+---
+- name: restart etcd
+  command: /bin/true
+  notify:
+    - Backup etcd data
+    - etcd | reload systemd
+    - reload etcd
+    - wait for etcd up
+    - Cleanup etcd backups
+
+- name: restart etcd-events
+  command: /bin/true
+  notify:
+    - etcd | reload systemd
+    - reload etcd-events
+    - wait for etcd-events up
+
+- import_tasks: backup.yml
+
+- name: etcd | reload systemd
+  systemd:
+    daemon_reload: true
+
+- name: reload etcd
+  service:
+    name: etcd
+    state: restarted
+  when: is_etcd_master
+
+- name: reload etcd-events
+  service:
+    name: etcd-events
+    state: restarted
+  when: is_etcd_master
+
+- name: wait for etcd up
+  uri:
+    url: "https://{% if is_etcd_master %}{{ etcd_address }}{% else %}127.0.0.1{% endif %}:2379/health"
+    validate_certs: no
+    client_cert: "{{ etcd_cert_dir }}/member-{{ inventory_hostname }}.pem"
+    client_key: "{{ etcd_cert_dir }}/member-{{ inventory_hostname }}-key.pem"
+  register: result
+  until: result.status is defined and result.status == 200
+  retries: 60
+  delay: 1
+
+- import_tasks: backup_cleanup.yml
+
+- name: wait for etcd-events up
+  uri:
+    url: "https://{% if is_etcd_master %}{{ etcd_address }}{% else %}127.0.0.1{% endif %}:2383/health"
+    validate_certs: no
+    client_cert: "{{ etcd_cert_dir }}/member-{{ inventory_hostname }}.pem"
+    client_key: "{{ etcd_cert_dir }}/member-{{ inventory_hostname }}-key.pem"
+  register: result
+  until: result.status is defined and result.status == 200
+  retries: 60
+  delay: 1
+
+- name: set etcd_secret_changed
+  set_fact:
+    etcd_secret_changed: true