diff --git a/automation/molecule/tests/etcd/etcd.yml b/automation/molecule/tests/etcd/etcd.yml index c37599fd6..161fa6944 100644 --- a/automation/molecule/tests/etcd/etcd.yml +++ b/automation/molecule/tests/etcd/etcd.yml @@ -1,7 +1,7 @@ --- - name: Check etcd health ansible.builtin.uri: - url: "{{ patroni_etcd_protocol }}://{{ inventory_hostname }}:2379/health" + url: "{{ patroni_etcd_protocol | default('http', true) }}://{{ inventory_hostname }}:2379/health" method: GET return_content: true validate_certs: "{{ tls_cert_generate | bool }}" diff --git a/automation/roles/confd/templates/confd.toml.j2 b/automation/roles/confd/templates/confd.toml.j2 index add558254..dcd8e39f9 100644 --- a/automation/roles/confd/templates/confd.toml.j2 +++ b/automation/roles/confd/templates/confd.toml.j2 @@ -4,12 +4,12 @@ watch = true nodes = [ {% if not dcs_exists|bool and dcs_type == 'etcd' %} {% for host in groups['etcd_cluster'] %} - "{{ patroni_etcd_protocol }}://{{ hostvars[host]['inventory_hostname'] }}:2379", + "{{ patroni_etcd_protocol | default('http', true) }}://{{ hostvars[host]['inventory_hostname'] }}:2379", {% endfor %} {% endif %} {% if dcs_exists|bool and dcs_type == 'etcd' %} {% for etcd_hosts in patroni_etcd_hosts %} - "{{ patroni_etcd_protocol }}://{{etcd_hosts.host}}:{{etcd_hosts.port}}", + "{{ patroni_etcd_protocol | default('http', true) }}://{{etcd_hosts.host}}:{{etcd_hosts.port}}", {% endfor %} {% endif %} ] diff --git a/automation/roles/etcd/tasks/main.yml b/automation/roles/etcd/tasks/main.yml index ff3985177..fc8c47f47 100644 --- a/automation/roles/etcd/tasks/main.yml +++ b/automation/roles/etcd/tasks/main.yml @@ -136,7 +136,7 @@ - name: Wait until the etcd cluster is healthy ansible.builtin.command: > /usr/local/bin/etcdctl endpoint health - --endpoints={{ patroni_etcd_protocol }}://{{ inventory_hostname }}:2379 + --endpoints={{ patroni_etcd_protocol | default('http', true) }}://{{ inventory_hostname }}:2379 {% if tls_cert_generate | bool %} --cacert={{ tls_etcd_ca_cert_path | default('/etc/etcd/ca.crt') }} --cert={{ tls_etcd_cert_path | default('/etc/etcd/server.crt') }} diff --git a/automation/roles/etcd/templates/etcd.conf.j2 b/automation/roles/etcd/templates/etcd.conf.j2 index ada454ef1..cd46d54bb 100644 --- a/automation/roles/etcd/templates/etcd.conf.j2 +++ b/automation/roles/etcd/templates/etcd.conf.j2 @@ -1,10 +1,10 @@ ETCD_NAME="{{ ansible_hostname }}" -ETCD_LISTEN_CLIENT_URLS="{{ patroni_etcd_protocol }}://{{ inventory_hostname }}:2379,{{ patroni_etcd_protocol }}://127.0.0.1:2379" -ETCD_ADVERTISE_CLIENT_URLS="{{ patroni_etcd_protocol }}://{{ inventory_hostname }}:2379" -ETCD_LISTEN_PEER_URLS="{{ patroni_etcd_protocol }}://{{ inventory_hostname }}:2380" -ETCD_INITIAL_ADVERTISE_PEER_URLS="{{ patroni_etcd_protocol }}://{{ inventory_hostname }}:2380" +ETCD_LISTEN_CLIENT_URLS="{{ patroni_etcd_protocol | default('http', true) }}://{{ inventory_hostname }}:2379,{{ patroni_etcd_protocol | default('http', true) }}://127.0.0.1:2379" +ETCD_ADVERTISE_CLIENT_URLS="{{ patroni_etcd_protocol | default('http', true) }}://{{ inventory_hostname }}:2379" +ETCD_LISTEN_PEER_URLS="{{ patroni_etcd_protocol | default('http', true) }}://{{ inventory_hostname }}:2380" +ETCD_INITIAL_ADVERTISE_PEER_URLS="{{ patroni_etcd_protocol | default('http', true) }}://{{ inventory_hostname }}:2380" ETCD_INITIAL_CLUSTER_TOKEN="{{ etcd_cluster_name }}" -ETCD_INITIAL_CLUSTER="{% for host in groups['etcd_cluster'] %}{{ hostvars[host]['ansible_hostname'] }}={{ patroni_etcd_protocol }}://{{ hostvars[host]['inventory_hostname'] }}:2380{% if not loop.last %},{% endif %}{% endfor %}" +ETCD_INITIAL_CLUSTER="{% for host in groups['etcd_cluster'] %}{{ hostvars[host]['ansible_hostname'] }}={{ patroni_etcd_protocol | default('http', true) }}://{{ hostvars[host]['inventory_hostname'] }}:2380{% if not loop.last %},{% endif %}{% endfor %}" ETCD_INITIAL_CLUSTER_STATE="new" ETCD_DATA_DIR="{{ etcd_data_dir }}" ETCD_ELECTION_TIMEOUT="5000" @@ -12,12 +12,12 @@ ETCD_HEARTBEAT_INTERVAL="1000" ETCD_INITIAL_ELECTION_TICK_ADVANCE="false" ETCD_AUTO_COMPACTION_RETENTION="1" {% if tls_cert_generate | bool %} -ETCD_CERT_FILE="{{ tls_etcd_cert_path }}" -ETCD_KEY_FILE="{{ tls_etcd_privatekey_path }}" -ETCD_TRUSTED_CA_FILE="{{ tls_etcd_ca_cert_path }}" -ETCD_PEER_CERT_FILE="{{ tls_etcd_cert_path }}" -ETCD_PEER_KEY_FILE="{{ tls_etcd_privatekey_path }}" -ETCD_PEER_TRUSTED_CA_FILE="{{ tls_etcd_ca_cert_path }}" +ETCD_CERT_FILE="{{ tls_etcd_cert_path | default('/etc/etcd/server.crt') }}" +ETCD_KEY_FILE="{{ tls_etcd_privatekey_path | default('/etc/etcd/server.key') }}" +ETCD_TRUSTED_CA_FILE="{{ tls_etcd_ca_cert_path | default('/etc/etcd/ca.crt') }}" +ETCD_PEER_CERT_FILE="{{ tls_etcd_cert_path | default('/etc/etcd/server.crt') }}" +ETCD_PEER_KEY_FILE="{{ tls_etcd_privatekey_path | default('/etc/etcd/server.key') }}" +ETCD_PEER_TRUSTED_CA_FILE="{{ tls_etcd_ca_cert_path | default('/etc/etcd/ca.crt') }}" ETCD_PEER_CLIENT_CERT_AUTH="true" ETCD_CLIENT_CERT_AUTH="true" ETCD_TLS_MIN_VERSION="TLS1.2" diff --git a/automation/roles/vip-manager/templates/vip-manager.yml.j2 b/automation/roles/vip-manager/templates/vip-manager.yml.j2 index ca02f929a..2ace2a3a5 100644 --- a/automation/roles/vip-manager/templates/vip-manager.yml.j2 +++ b/automation/roles/vip-manager/templates/vip-manager.yml.j2 @@ -27,12 +27,12 @@ dcs-type: {{ vip_manager_dcs_type | default(dcs_type) }} # etcd, consul or patro {% if not dcs_exists | bool %} dcs-endpoints: {% for host in groups['etcd_cluster'] %} - - {{ patroni_etcd_protocol }}://{{ hostvars[host]['inventory_hostname'] }}:2379 + - {{ patroni_etcd_protocol | default('http', true) }}://{{ hostvars[host]['inventory_hostname'] }}:2379 {% endfor %} {% else %} dcs-endpoints: {% for etcd_hosts in patroni_etcd_hosts %} - - {{ patroni_etcd_protocol }}://{{ etcd_hosts.host }}:{{ etcd_hosts.port }} + - {{ patroni_etcd_protocol | default('http', true) }}://{{ etcd_hosts.host }}:{{ etcd_hosts.port }} {% endfor %} {% endif %} {% endif %}