salt: fix unsafe approach for etcd `initial-cluster-state

Initially, we set etcd cluster state to new when the member list from the pillars is empty. This approach is not optimal since if for what ever reason we are not able to retrieve the list. Now, we raise an error when setting the cluster state to `existing` if we are unable to obtain a list of members. Also, we only set to `new` state only during a bootstrap.
scality · Jan 21, 2020 · ac5a990 · ac5a990
1 parent 33eafc2
commit ac5a990
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 10 deletions.
diff --git a/salt/metalk8s/kubernetes/etcd/installed.sls b/salt/metalk8s/kubernetes/etcd/installed.sls
@@ -12,18 +12,24 @@ include:
 {#- Get the list of existing etcd member. #}
 {%- set etcd_members = pillar.metalk8s.etcd.members %}
 
-{#- Compute the initial state according to the existing list of node. #}
-{%- set state = "existing" if etcd_members else "new" %}
+{%- if pillar.get('is_bootstrap') and not etcd_members %}
+  {%- set state = 'new' %}
+  {%- set etcd_endpoints = {node_name: endpoint} %}
+{%- else %}
+  {%- set state = 'existing' %}
 
-{%- set etcd_endpoints = {} %}
-{#- NOTE: Filter out members with empty name as they are not started yet. #}
-{%- for member in etcd_members | selectattr('name') %}
-  {#- NOTE: Only take first peer_urls for endpoint. #}
-  {%- do etcd_endpoints.update({member['name']: member['peer_urls'][0]}) %}
-{%- endfor %}
+  {%- set etcd_endpoints = {} %}
+  {#- NOTE: Filter out members with empty name as they are not started yet. #}
+  {%- for member in etcd_members | selectattr('name') %}
+    {#- NOTE: Only take first peer_urls for endpoint. #}
+    {%- do etcd_endpoints.update({member['name']: member['peer_urls'][0]}) %}
+  {%- else %}
+    {{ raise('List of active etcd members is empty, cannot reference the existing cluster state.') }}
+  {%- endfor %}
 
-{#- Add ourselves to the endpoints. #}
-{%- do etcd_endpoints.update({node_name: endpoint}) %}
+  {#- Add ourselves to the endpoints. #}
+  {%- do etcd_endpoints.update({node_name: endpoint}) %}
+{%- endif %}
 
 {%- set etcd_initial_cluster = [] %}
 {%- for name, ep in etcd_endpoints.items() %}

diff --git a/salt/metalk8s/orchestrate/bootstrap/init.sls b/salt/metalk8s/orchestrate/bootstrap/init.sls
@@ -30,6 +30,7 @@
 
 {%- set pillar_data = {
         'bootstrap_id': pillar.bootstrap_id,
+        'is_bootstrap': True,
         'metalk8s': {
             'nodes': {
                 pillar.bootstrap_id: {