From f5374de9aab0d1c7f24ea400a63366a530a76889 Mon Sep 17 00:00:00 2001 From: Sergey Lavrinenko Date: Sat, 23 Sep 2023 22:49:35 +0300 Subject: [PATCH 01/10] Parameters for patroni etcd username, password and namespace --- roles/patroni/templates/patroni.yml.j2 | 13 +++++++++++-- vars/main.yml | 4 ++++ 2 files changed, 15 insertions(+), 2 deletions(-) diff --git a/roles/patroni/templates/patroni.yml.j2 b/roles/patroni/templates/patroni.yml.j2 index f2977b9e6..4556a01d8 100644 --- a/roles/patroni/templates/patroni.yml.j2 +++ b/roles/patroni/templates/patroni.yml.j2 @@ -3,7 +3,7 @@ scope: {{ patroni_cluster_name }} name: {{ ansible_hostname }} -namespace: /service/ +namespace: {{ patroni_etcd_namespace | default("/service/") }} {% if patroni_log_destination == 'logfile' %} log: @@ -35,7 +35,16 @@ etcd3: {% endif %} {% if dcs_exists|bool and dcs_type == 'etcd' %} etcd3: - hosts: {% for etcd_hosts in patroni_etcd_hosts %}{{etcd_hosts.host}}:{{etcd_hosts.port}}{% if not loop.last %},{% endif %}{% endfor %} + hosts: {% for etcd_hosts in patroni_etcd_hosts %}{{etcd_hosts.host}}:{{etcd_hosts.port}}{% if not loop.last %},{% endif %}{% endfor +%} + {% if patroni_etcd_username %} + username: {{ patroni_etcd_username | default("") }} + {% endif %} + {% if patroni_etcd_password | default("") %} + password: {{ patroni_etcd_password }} + {% endif %} + {% if patroni_etcd_protocol | default("") %} + protocol: {{ patroni_etcd_protocol }} + {% endif %} {% endif %} {% if dcs_type == 'consul' %} diff --git a/vars/main.yml b/vars/main.yml index 5b941206f..392c03b15 100644 --- a/vars/main.yml +++ b/vars/main.yml @@ -65,6 +65,10 @@ patroni_etcd_hosts: [] # list of servers of an existing etcd cluster # - { host: "10.128.64.140", port: "2379" } # - { host: "10.128.64.142", port: "2379" } # - { host: "10.128.64.143", port: "2379" } +patroni_etcd_namespace: "/service/" # (optional) etcd namespace for patroni cluster +patroni_etcd_username: # (optional) username for etcd authentication +patroni_etcd_password: # (optional) password for etcd authentication +patroni_etcd_protocol: # (optional) http or https, if not specified http is used # more options you can specify in the roles/patroni/templates/patroni.yml.j2 # https://patroni.readthedocs.io/en/latest/SETTINGS.html#etcd From 833668634e99caa7a4e60434854a2965aa2005f4 Mon Sep 17 00:00:00 2001 From: Sergey Lavrinenko Date: Mon, 25 Sep 2023 16:26:15 +0300 Subject: [PATCH 02/10] Update roles/patroni/templates/patroni.yml.j2 Co-authored-by: Vitaliy Kukharik <37010174+vitabaks@users.noreply.github.com> --- roles/patroni/templates/patroni.yml.j2 | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/patroni/templates/patroni.yml.j2 b/roles/patroni/templates/patroni.yml.j2 index 4556a01d8..55a41819c 100644 --- a/roles/patroni/templates/patroni.yml.j2 +++ b/roles/patroni/templates/patroni.yml.j2 @@ -35,14 +35,14 @@ etcd3: {% endif %} {% if dcs_exists|bool and dcs_type == 'etcd' %} etcd3: - hosts: {% for etcd_hosts in patroni_etcd_hosts %}{{etcd_hosts.host}}:{{etcd_hosts.port}}{% if not loop.last %},{% endif %}{% endfor +%} - {% if patroni_etcd_username %} + hosts: {% for etcd_hosts in patroni_etcd_hosts %}{{etcd_hosts.host}}:{{etcd_hosts.port}}{% if not loop.last %},{% endif %}{% endfor %} + {% if patroni_etcd_username | default("") | length > 0 %} username: {{ patroni_etcd_username | default("") }} {% endif %} - {% if patroni_etcd_password | default("") %} + {% if patroni_etcd_password | default("") | length > 0 %} password: {{ patroni_etcd_password }} {% endif %} - {% if patroni_etcd_protocol | default("") %} + {% if patroni_etcd_protocol | default("") | length > 0 %} protocol: {{ patroni_etcd_protocol }} {% endif %} {% endif %} From 1e90c5a6e29786fdb39c204c5f0bbe024d5af444 Mon Sep 17 00:00:00 2001 From: Sergey Lavrinenko Date: Mon, 25 Sep 2023 16:26:28 +0300 Subject: [PATCH 03/10] Update vars/main.yml Co-authored-by: Vitaliy Kukharik <37010174+vitabaks@users.noreply.github.com> --- vars/main.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/vars/main.yml b/vars/main.yml index 392c03b15..29d4f0ae3 100644 --- a/vars/main.yml +++ b/vars/main.yml @@ -66,9 +66,9 @@ patroni_etcd_hosts: [] # list of servers of an existing etcd cluster # - { host: "10.128.64.142", port: "2379" } # - { host: "10.128.64.143", port: "2379" } patroni_etcd_namespace: "/service/" # (optional) etcd namespace for patroni cluster -patroni_etcd_username: # (optional) username for etcd authentication -patroni_etcd_password: # (optional) password for etcd authentication -patroni_etcd_protocol: # (optional) http or https, if not specified http is used +patroni_etcd_username: "" # (optional) username for etcd authentication +patroni_etcd_password: "" # (optional) password for etcd authentication +patroni_etcd_protocol: "" # (optional) http or https, if not specified http is used # more options you can specify in the roles/patroni/templates/patroni.yml.j2 # https://patroni.readthedocs.io/en/latest/SETTINGS.html#etcd From 89fd493083b2ab5b812aff211ad6708a94b4861c Mon Sep 17 00:00:00 2001 From: Vitaliy Kukharik <37010174+vitabaks@users.noreply.github.com> Date: Mon, 25 Sep 2023 20:05:47 +0300 Subject: [PATCH 04/10] Apply suggestions from code review --- vars/main.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/vars/main.yml b/vars/main.yml index 29d4f0ae3..8955c15c9 100644 --- a/vars/main.yml +++ b/vars/main.yml @@ -66,9 +66,9 @@ patroni_etcd_hosts: [] # list of servers of an existing etcd cluster # - { host: "10.128.64.142", port: "2379" } # - { host: "10.128.64.143", port: "2379" } patroni_etcd_namespace: "/service/" # (optional) etcd namespace for patroni cluster -patroni_etcd_username: "" # (optional) username for etcd authentication -patroni_etcd_password: "" # (optional) password for etcd authentication -patroni_etcd_protocol: "" # (optional) http or https, if not specified http is used +patroni_etcd_username: "" # (optional) username for etcd authentication +patroni_etcd_password: "" # (optional) password for etcd authentication +patroni_etcd_protocol: "" # (optional) http or https, if not specified http is used # more options you can specify in the roles/patroni/templates/patroni.yml.j2 # https://patroni.readthedocs.io/en/latest/SETTINGS.html#etcd From 5084aac21606c774e0ae52c93edf4111fbc483ac Mon Sep 17 00:00:00 2001 From: Sergey Lavrinenko Date: Mon, 25 Sep 2023 22:07:56 +0300 Subject: [PATCH 05/10] confd config with etcd user, password and protocol --- roles/confd/templates/confd.toml.j2 | 10 +++++++++- roles/confd/templates/haproxy.toml.j2 | 2 +- roles/patroni/templates/patroni.yml.j2 | 2 +- vars/main.yml | 2 +- 4 files changed, 12 insertions(+), 4 deletions(-) diff --git a/roles/confd/templates/confd.toml.j2 b/roles/confd/templates/confd.toml.j2 index a9298d50b..7984f8b43 100644 --- a/roles/confd/templates/confd.toml.j2 +++ b/roles/confd/templates/confd.toml.j2 @@ -9,7 +9,15 @@ nodes = [ {% endif %} {% if dcs_exists|bool and dcs_type == 'etcd' %} {% for etcd_hosts in patroni_etcd_hosts %} - "http://{{etcd_hosts.host}}:{{etcd_hosts.port}}", + "{{ patroni_etcd_protocol | default('http') }}://{{etcd_hosts.host}}:{{etcd_hosts.port}}", {% endfor %} {% endif %} ] +{% if dcs_exists|bool and dcs_type == 'etcd' %} +{% if patroni_etcd_username | default("") | length > 0 %} +username: {{ patroni_etcd_username | default("") }} +{% endif %} +{% if patroni_etcd_password | default("") | length > 0 %} +password: {{ patroni_etcd_password }} +{% endif %} +{% endif %} \ No newline at end of file diff --git a/roles/confd/templates/haproxy.toml.j2 b/roles/confd/templates/haproxy.toml.j2 index 5063349ff..9d7c21962 100644 --- a/roles/confd/templates/haproxy.toml.j2 +++ b/roles/confd/templates/haproxy.toml.j2 @@ -1,5 +1,5 @@ [template] -prefix = "/service/{{ patroni_cluster_name }}" +prefix = "/{{ patroni_etcd_namespace | default("service") }}/{{ patroni_cluster_name }}" src = "haproxy.tmpl" dest = "/etc/haproxy/haproxy.cfg" {% if haproxy_installation_method == "src" %} diff --git a/roles/patroni/templates/patroni.yml.j2 b/roles/patroni/templates/patroni.yml.j2 index 55a41819c..907b61551 100644 --- a/roles/patroni/templates/patroni.yml.j2 +++ b/roles/patroni/templates/patroni.yml.j2 @@ -3,7 +3,7 @@ scope: {{ patroni_cluster_name }} name: {{ ansible_hostname }} -namespace: {{ patroni_etcd_namespace | default("/service/") }} +namespace: {{ patroni_etcd_namespace | default("service") }} {% if patroni_log_destination == 'logfile' %} log: diff --git a/vars/main.yml b/vars/main.yml index 8955c15c9..a4fdcf8c6 100644 --- a/vars/main.yml +++ b/vars/main.yml @@ -65,7 +65,7 @@ patroni_etcd_hosts: [] # list of servers of an existing etcd cluster # - { host: "10.128.64.140", port: "2379" } # - { host: "10.128.64.142", port: "2379" } # - { host: "10.128.64.143", port: "2379" } -patroni_etcd_namespace: "/service/" # (optional) etcd namespace for patroni cluster +patroni_etcd_namespace: "service" # (optional) etcd namespace (prefix); patroni cluster, confd and vip-manager will store keys in /{{ patroni_etcd_namespace }}/{{ patroni_cluster_name }} patroni_etcd_username: "" # (optional) username for etcd authentication patroni_etcd_password: "" # (optional) password for etcd authentication patroni_etcd_protocol: "" # (optional) http or https, if not specified http is used From eb41d4ea31aeadd9b5da4cd908fe0e054ed63db7 Mon Sep 17 00:00:00 2001 From: Sergey Lavrinenko Date: Mon, 25 Sep 2023 22:08:19 +0300 Subject: [PATCH 06/10] vip-manager config with etcd user, password and protocol --- roles/vip-manager/templates/vip-manager.yml.j2 | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/roles/vip-manager/templates/vip-manager.yml.j2 b/roles/vip-manager/templates/vip-manager.yml.j2 index be4381e23..d73b940e6 100644 --- a/roles/vip-manager/templates/vip-manager.yml.j2 +++ b/roles/vip-manager/templates/vip-manager.yml.j2 @@ -4,7 +4,7 @@ interval: {{ vip_manager_interval }} # the etcd or consul key which vip-manager will regularly poll. -trigger-key: "/service/{{ patroni_cluster_name }}/leader" +trigger-key: "/{{ patroni_etcd_namespace | default("service") }}/{{ patroni_cluster_name }}/leader" # if the value of the above key matches the trigger-value (often the hostname of this host), vip-manager will try to add the virtual ip address to the interface specified in Iface trigger-value: "{{ ansible_hostname }}" @@ -26,8 +26,15 @@ dcs-endpoints: {% if dcs_exists|bool and dcs_type == 'etcd' %} dcs-endpoints: {% for etcd_hosts in patroni_etcd_hosts %} - - http://{{ etcd_hosts.host }}:{{ etcd_hosts.port }} + - {{ patroni_etcd_protocol | default('http') }}://{{ etcd_hosts.host }}:{{ etcd_hosts.port }} {% endfor %} + +{% if patroni_etcd_username | default("") | length > 0 %} +etcd-user: {{ patroni_etcd_username | default("") }} +{% endif %} +{% if patroni_etcd_password | default("") | length > 0 %} +etcd-password: {{ patroni_etcd_password }} +{% endif %} {% endif %} # consul will always only use the first entry from this list. From 089af11d53bcaf4daadc2f08692ca79701bf54af Mon Sep 17 00:00:00 2001 From: Sergey Lavrinenko Date: Mon, 25 Sep 2023 22:59:38 +0300 Subject: [PATCH 07/10] patroni.yml.j2 fix --- roles/patroni/templates/patroni.yml.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/patroni/templates/patroni.yml.j2 b/roles/patroni/templates/patroni.yml.j2 index 907b61551..7ecc43667 100644 --- a/roles/patroni/templates/patroni.yml.j2 +++ b/roles/patroni/templates/patroni.yml.j2 @@ -35,7 +35,7 @@ etcd3: {% endif %} {% if dcs_exists|bool and dcs_type == 'etcd' %} etcd3: - hosts: {% for etcd_hosts in patroni_etcd_hosts %}{{etcd_hosts.host}}:{{etcd_hosts.port}}{% if not loop.last %},{% endif %}{% endfor %} + hosts: {% for etcd_hosts in patroni_etcd_hosts %}{{etcd_hosts.host}}:{{etcd_hosts.port}}{% if not loop.last %},{% endif %}{% endfor +%} {% if patroni_etcd_username | default("") | length > 0 %} username: {{ patroni_etcd_username | default("") }} {% endif %} From 470fa0bc209d5954f5277fdf969e3ddb5bf2e1ef Mon Sep 17 00:00:00 2001 From: Vitaliy Kukharik <37010174+vitabaks@users.noreply.github.com> Date: Mon, 25 Sep 2023 23:48:13 +0300 Subject: [PATCH 08/10] Apply suggestions from code review --- roles/patroni/templates/patroni.yml.j2 | 2 +- vars/main.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/patroni/templates/patroni.yml.j2 b/roles/patroni/templates/patroni.yml.j2 index 7ecc43667..0dc585345 100644 --- a/roles/patroni/templates/patroni.yml.j2 +++ b/roles/patroni/templates/patroni.yml.j2 @@ -3,7 +3,7 @@ scope: {{ patroni_cluster_name }} name: {{ ansible_hostname }} -namespace: {{ patroni_etcd_namespace | default("service") }} +namespace: /{{ patroni_etcd_namespace | default("service") }} {% if patroni_log_destination == 'logfile' %} log: diff --git a/vars/main.yml b/vars/main.yml index a4fdcf8c6..4859e17ad 100644 --- a/vars/main.yml +++ b/vars/main.yml @@ -65,7 +65,7 @@ patroni_etcd_hosts: [] # list of servers of an existing etcd cluster # - { host: "10.128.64.140", port: "2379" } # - { host: "10.128.64.142", port: "2379" } # - { host: "10.128.64.143", port: "2379" } -patroni_etcd_namespace: "service" # (optional) etcd namespace (prefix); patroni cluster, confd and vip-manager will store keys in /{{ patroni_etcd_namespace }}/{{ patroni_cluster_name }} +patroni_etcd_namespace: "service" # (optional) etcd namespace (prefix) patroni_etcd_username: "" # (optional) username for etcd authentication patroni_etcd_password: "" # (optional) password for etcd authentication patroni_etcd_protocol: "" # (optional) http or https, if not specified http is used From 14b54ce74f5a2005fcdef0bef14db04cbff8166b Mon Sep 17 00:00:00 2001 From: Sergey Lavrinenko Date: Tue, 26 Sep 2023 01:59:12 +0300 Subject: [PATCH 09/10] vip-manager and confd template fix --- roles/confd/templates/confd.toml.j2 | 6 +++--- roles/vip-manager/templates/vip-manager.yml.j2 | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/confd/templates/confd.toml.j2 b/roles/confd/templates/confd.toml.j2 index 7984f8b43..6208de75a 100644 --- a/roles/confd/templates/confd.toml.j2 +++ b/roles/confd/templates/confd.toml.j2 @@ -9,15 +9,15 @@ nodes = [ {% endif %} {% if dcs_exists|bool and dcs_type == 'etcd' %} {% for etcd_hosts in patroni_etcd_hosts %} - "{{ patroni_etcd_protocol | default('http') }}://{{etcd_hosts.host}}:{{etcd_hosts.port}}", + "{{ patroni_etcd_protocol | default('') or 'http' }}://{{etcd_hosts.host}}:{{etcd_hosts.port}}", {% endfor %} {% endif %} ] {% if dcs_exists|bool and dcs_type == 'etcd' %} {% if patroni_etcd_username | default("") | length > 0 %} -username: {{ patroni_etcd_username | default("") }} +username = "{{ patroni_etcd_username | default("") }}" {% endif %} {% if patroni_etcd_password | default("") | length > 0 %} -password: {{ patroni_etcd_password }} +password = "{{ patroni_etcd_password }}" {% endif %} {% endif %} \ No newline at end of file diff --git a/roles/vip-manager/templates/vip-manager.yml.j2 b/roles/vip-manager/templates/vip-manager.yml.j2 index d73b940e6..3fb357380 100644 --- a/roles/vip-manager/templates/vip-manager.yml.j2 +++ b/roles/vip-manager/templates/vip-manager.yml.j2 @@ -26,7 +26,7 @@ dcs-endpoints: {% if dcs_exists|bool and dcs_type == 'etcd' %} dcs-endpoints: {% for etcd_hosts in patroni_etcd_hosts %} - - {{ patroni_etcd_protocol | default('http') }}://{{ etcd_hosts.host }}:{{ etcd_hosts.port }} + - {{ patroni_etcd_protocol | default('') or 'http' }}://{{ etcd_hosts.host }}:{{ etcd_hosts.port }} {% endfor %} {% if patroni_etcd_username | default("") | length > 0 %} From d66e209b9451095879142905f8d3105d1fd376db Mon Sep 17 00:00:00 2001 From: Sergey Lavrinenko Date: Tue, 26 Sep 2023 12:31:11 +0300 Subject: [PATCH 10/10] Apply suggestions from code review Co-authored-by: Vitaliy Kukharik <37010174+vitabaks@users.noreply.github.com> --- roles/confd/templates/confd.toml.j2 | 8 ++++---- roles/confd/templates/haproxy.toml.j2 | 2 +- roles/patroni/templates/patroni.yml.j2 | 10 +++++----- roles/vip-manager/templates/vip-manager.yml.j2 | 4 ++-- 4 files changed, 12 insertions(+), 12 deletions(-) diff --git a/roles/confd/templates/confd.toml.j2 b/roles/confd/templates/confd.toml.j2 index 6208de75a..961a180a8 100644 --- a/roles/confd/templates/confd.toml.j2 +++ b/roles/confd/templates/confd.toml.j2 @@ -9,15 +9,15 @@ nodes = [ {% endif %} {% if dcs_exists|bool and dcs_type == 'etcd' %} {% for etcd_hosts in patroni_etcd_hosts %} - "{{ patroni_etcd_protocol | default('') or 'http' }}://{{etcd_hosts.host}}:{{etcd_hosts.port}}", + "{{ patroni_etcd_protocol | default('http', true) }}://{{etcd_hosts.host}}:{{etcd_hosts.port}}", {% endfor %} {% endif %} ] {% if dcs_exists|bool and dcs_type == 'etcd' %} -{% if patroni_etcd_username | default("") | length > 0 %} -username = "{{ patroni_etcd_username | default("") }}" +{% if patroni_etcd_username | default('') | length > 0 %} +username = "{{ patroni_etcd_username | default('') }}" {% endif %} -{% if patroni_etcd_password | default("") | length > 0 %} +{% if patroni_etcd_password | default('') | length > 0 %} password = "{{ patroni_etcd_password }}" {% endif %} {% endif %} \ No newline at end of file diff --git a/roles/confd/templates/haproxy.toml.j2 b/roles/confd/templates/haproxy.toml.j2 index 9d7c21962..f63106ca2 100644 --- a/roles/confd/templates/haproxy.toml.j2 +++ b/roles/confd/templates/haproxy.toml.j2 @@ -1,5 +1,5 @@ [template] -prefix = "/{{ patroni_etcd_namespace | default("service") }}/{{ patroni_cluster_name }}" +prefix = "/{{ patroni_etcd_namespace | default('service') }}/{{ patroni_cluster_name }}" src = "haproxy.tmpl" dest = "/etc/haproxy/haproxy.cfg" {% if haproxy_installation_method == "src" %} diff --git a/roles/patroni/templates/patroni.yml.j2 b/roles/patroni/templates/patroni.yml.j2 index 0dc585345..295a6032b 100644 --- a/roles/patroni/templates/patroni.yml.j2 +++ b/roles/patroni/templates/patroni.yml.j2 @@ -3,7 +3,7 @@ scope: {{ patroni_cluster_name }} name: {{ ansible_hostname }} -namespace: /{{ patroni_etcd_namespace | default("service") }} +namespace: /{{ patroni_etcd_namespace | default('service') }} {% if patroni_log_destination == 'logfile' %} log: @@ -36,13 +36,13 @@ etcd3: {% if dcs_exists|bool and dcs_type == 'etcd' %} etcd3: hosts: {% for etcd_hosts in patroni_etcd_hosts %}{{etcd_hosts.host}}:{{etcd_hosts.port}}{% if not loop.last %},{% endif %}{% endfor +%} - {% if patroni_etcd_username | default("") | length > 0 %} - username: {{ patroni_etcd_username | default("") }} + {% if patroni_etcd_username | default('') | length > 0 %} + username: {{ patroni_etcd_username | default('') }} {% endif %} - {% if patroni_etcd_password | default("") | length > 0 %} + {% if patroni_etcd_password | default('') | length > 0 %} password: {{ patroni_etcd_password }} {% endif %} - {% if patroni_etcd_protocol | default("") | length > 0 %} + {% if patroni_etcd_protocol | default('') | length > 0 %} protocol: {{ patroni_etcd_protocol }} {% endif %} {% endif %} diff --git a/roles/vip-manager/templates/vip-manager.yml.j2 b/roles/vip-manager/templates/vip-manager.yml.j2 index 3fb357380..a71f6f262 100644 --- a/roles/vip-manager/templates/vip-manager.yml.j2 +++ b/roles/vip-manager/templates/vip-manager.yml.j2 @@ -4,7 +4,7 @@ interval: {{ vip_manager_interval }} # the etcd or consul key which vip-manager will regularly poll. -trigger-key: "/{{ patroni_etcd_namespace | default("service") }}/{{ patroni_cluster_name }}/leader" +trigger-key: "/{{ patroni_etcd_namespace | default('service') }}/{{ patroni_cluster_name }}/leader" # if the value of the above key matches the trigger-value (often the hostname of this host), vip-manager will try to add the virtual ip address to the interface specified in Iface trigger-value: "{{ ansible_hostname }}" @@ -26,7 +26,7 @@ dcs-endpoints: {% if dcs_exists|bool and dcs_type == 'etcd' %} dcs-endpoints: {% for etcd_hosts in patroni_etcd_hosts %} - - {{ patroni_etcd_protocol | default('') or 'http' }}://{{ etcd_hosts.host }}:{{ etcd_hosts.port }} + - {{ patroni_etcd_protocol | default('http', true) }}://{{ etcd_hosts.host }}:{{ etcd_hosts.port }} {% endfor %} {% if patroni_etcd_username | default("") | length > 0 %}