kubespray/roles/etcd/tasks/main.yml

---
- include: pre_upgrade.yml
  when: etcd_cluster_setup
  tags: etcd-pre-upgrade

- include: check_certs.yml
  when: cert_management == "script"
  tags: [etcd-secrets, facts]

- include: "gen_certs_{{ cert_management }}.yml"
  tags: etcd-secrets

- include: upd_ca_trust.yml
  tags: etcd-secrets

- name: "Gen_certs | Get etcd certificate serials"
  shell: "openssl x509 -in {{ etcd_cert_dir }}/node-{{ inventory_hostname }}.pem -noout -serial | cut -d= -f2"
  register: "node-{{ inventory_hostname }}_serial"
  when: inventory_hostname in groups['k8s-cluster']|union(groups['etcd'])|union(groups['calico-rr']|default([]))|unique|sort

- include: "install_{{ etcd_deployment_type }}.yml"
  when: is_etcd_master
  tags: upgrade

- include: set_cluster_health.yml
  when: is_etcd_master and etcd_cluster_setup

- include: configure.yml
  when: is_etcd_master and etcd_cluster_setup

- include: refresh_config.yml
  when: is_etcd_master and etcd_cluster_setup

- name: Restart etcd if certs changed
  command: /bin/true
  notify: restart etcd
  when: is_etcd_master and etcd_secret_changed|default(false)

# reload-systemd
- meta: flush_handlers

- name: Ensure etcd is running
  service:
    name: etcd
    state: started
    enabled: yes
  when: is_etcd_master and etcd_cluster_setup

# After etcd cluster is assembled, make sure that
# initial state of the cluster is in `existing`
# state insted of `new`.
- include: set_cluster_health.yml
  when: is_etcd_master and etcd_cluster_setup

- include: refresh_config.yml
  when: is_etcd_master and etcd_cluster_setup