Updates to many roles, including main user role to allow setting an alternate home directory

db/etcd/files/etcd-3.3-debian11-original/etcd

@@ -0,0 +1,392 @@
+## etcd(1) daemon options
+## See "/usr/share/doc/etcd-server/op-guide/configuration.md.gz"
+
+### Member flags
+
+##### --name
+## Human-readable name for this member.
+## This value is referenced as this node's own entries listed in the
+## `--initial-cluster` flag (e.g., `default=http://localhost:2380`). This
+## needs to match the key used in the flag if using static bootstrapping. When
+## using discovery, each member must have a unique name. `Hostname` or
+## `machine-id` can be a good choice.
+## default: "default"
+# ETCD_NAME="default"
+
+##### --data-dir
+## Path to the data directory.
+## default: "${name}.etcd"
+# ETCD_DATA_DIR="/var/lib/etcd/default"
+
+##### --wal-dir
+## Path to the dedicated wal directory. If this flag is set, etcd will write
+## the WAL files to the walDir rather than the dataDir. This allows a
+## dedicated disk to be used, and helps avoid io competition between logging
+## and other IO operations.
+## default: ""
+# ETCD_WAL_DIR
+
+##### --snapshot-count
+## Number of committed transactions to trigger a snapshot to disk.
+## default: "100000"
+# ETCD_SNAPSHOT_COUNT="100000"
+
+##### --heartbeat-interval
+## Time (in milliseconds) of a heartbeat interval.
+## default: "100"
+# ETCD_HEARTBEAT_INTERVAL="100"
+
+##### --election-timeout
+## Time (in milliseconds) for an election to timeout. See
+## /usr/share/doc/etcd-server/tuning.md.gz for details.
+## default: "1000"
+# ETCD_ELECTION_TIMEOUT="1000"
+
+##### --listen-peer-urls
+## List of URLs to listen on for peer traffic. This flag tells the etcd to
+## accept incoming requests from its peers on the specified scheme://IP:port
+## combinations. Scheme can be either http or https.If 0.0.0.0 is specified as
+## the IP, etcd listens to the given port on all interfaces. If an IP address is
+## given as well as a port, etcd will listen on the given port and interface.
+## Multiple URLs may be used to specify a number of addresses and ports to listen
+## on. The etcd will respond to requests from any of the listed addresses and
+## ports.
+## default: "http://localhost:2380"
+## example: "http://10.0.0.1:2380"
+## invalid example: "http://example.com:2380" (domain name is invalid for binding)
+# ETCD_LISTEN_PEER_URLS="http://localhost:2380"
+
+##### --listen-client-urls
+## List of URLs to listen on for client traffic. This flag tells the etcd to
+## accept incoming requests from the clients on the specified scheme://IP:port
+## combinations. Scheme can be either http or https. If 0.0.0.0 is specified as
+## the IP, etcd listens to the given port on all interfaces. If an IP address is
+## given as well as a port, etcd will listen on the given port and interface.
+## Multiple URLs may be used to specify a number of addresses and ports to listen
+## on. The etcd will respond to requests from any of the listed addresses and
+## ports.
+## default: "http://localhost:2379"
+## example: "http://10.0.0.1:2379"
+## invalid example: "http://example.com:2379" (domain name is invalid for binding)
+# ETCD_LISTEN_CLIENT_URLS="http://localhost:2379"
+
+##### --max-snapshots
+## Maximum number of snapshot files to retain (0 is unlimited)
+## The default for users on Windows is unlimited, and manual purging down to 5
+## (or some preference for safety) is recommended.
+## default: 5
+# ETCD_MAX_SNAPSHOTS="5"
+
+##### --max-wals
+## Maximum number of wal files to retain (0 is unlimited)
+## The default for users on Windows is unlimited, and manual purging down to 5
+## (or some preference for safety) is recommended.
+## default: 5
+# ETCD_MAX_WALS="5"
+
+##### --cors
+## Comma-separated white list of origins for CORS (cross-origin resource
+## sharing).
+## default: none
+# ETCD_CORS
+
+#### --quota-backend-bytes
+## Raise alarms when backend size exceeds the given quota (0 defaults to low
+## space quota).
+## default: 0
+# ETCD_QUOTA_BACKEND_BYTES="0"
+
+#### --backend-batch-limit
+## BackendBatchLimit is the maximum operations before commit the backend
+## transaction.
+## default: 0
+# ETCD_BACKEND_BATCH_LIMIT="0"
+
+#### --backend-batch-interval
+## BackendBatchInterval is the maximum time before commit the backend
+## transaction.
+## default: 0
+# ETCD_BACKEND_BATCH_INTERVAL="0"
+
+#### --max-txn-ops
+## Maximum number of operations permitted in a transaction.
+## default: 128
+# ETCD_MAX_TXN_OPS="128"
+
+#### --max-request-bytes
+## Maximum client request size in bytes the server will accept.
+## default: 1572864
+# ETCD_MAX_REQUEST_BYTES="1572864"
+
+#### --grpc-keepalive-min-time
+## Minimum duration interval that a client should wait before pinging server.
+## default: 5s
+# ETCD_GRPC_KEEPALIVE_MIN_TIME="5"
+
+#### --grpc-keepalive-interval
+## Frequency duration of server-to-client ping to check if a connection is
+## alive (0 to disable).
+## default: 2h
+# ETCD_GRPC_KEEPALIVE_INTERVAL="2h"
+
+#### --grpc-keepalive-timeout
+## Additional duration of wait before closing a non-responsive connection
+## (0 to disable).
+## default: 20s
+# ETCD_GRPC_KEEPALIVE_TIMEOUT="20s"
+
+
+### Clustering flags
+
+# `--initial` prefix flags are used in bootstrapping (static bootstrap,
+# discovery-service bootstrap or runtime reconfiguration) a new member, and
+# ignored when restarting an existing member.
+
+# `--discovery` prefix flags need to be set when using discovery service.
+
+##### --initial-advertise-peer-urls
+
+## List of this member's peer URLs to advertise to the rest of the cluster.
+## These addresses are used for communicating etcd data around the cluster. At
+## least one must be routable to all cluster members. These URLs can contain
+## domain names.
+## default: "http://localhost:2380"
+## example: "http://example.com:2380, http://10.0.0.1:2380"
+# ETCD_INITIAL_ADVERTISE_PEER_URLS="http://localhost:2380"
+
+##### --initial-cluster
+## Initial cluster configuration for bootstrapping.
+## The key is the value of the `--name` flag for each node provided. The
+## default uses `default` for the key because this is the default for the
+## `--name` flag.
+## default: "default=http://localhost:2380"
+# ETCD_INITIAL_CLUSTER="default=http://localhost:2380"
+
+##### --initial-cluster-state
+## Initial cluster state ("new" or "existing"). Set to `new` for all members
+## present during initial static or DNS bootstrapping. If this option is set to
+## `existing`, etcd will attempt to join the existing cluster. If the wrong value
+## is set, etcd will attempt to start but fail safely.
+## default: "new"
+# ETCD_INITIAL_CLUSTER_STATE="new"
+
+##### --initial-cluster-token
+## Initial cluster token for the etcd cluster during bootstrap.
+## default: "etcd-cluster"
+# ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster"
+
+##### --advertise-client-urls
+## List of this member's client URLs to advertise to the rest of the cluster.
+## These URLs can contain domain names.
+## Be careful if advertising URLs such as http://localhost:2379 from a cluster
+## member and are using the proxy feature of etcd. This will cause loops, because
+## the proxy will be forwarding requests to itself until its resources (memory,
+## file descriptors) are eventually depleted.
+## default: "http://localhost:2379"
+## example: "http://example.com:2379, http://10.0.0.1:2379"
+# ETCD_ADVERTISE_CLIENT_URLS="http://localhost:2379"
+
+##### --discovery
+## Discovery URL used to bootstrap the cluster.
+## default: none
+# ETCD_DISCOVERY
+
+##### --discovery-srv
+## DNS srv domain used to bootstrap the cluster.
+## default: none
+# ETCD_DISCOVERY_SRV
+
+##### --discovery-fallback
+## Expected behavior ("exit" or "proxy") when discovery services fails. "proxy"
+## supports v2 API only.
+## default: "proxy"
+# ETCD_DISCOVERY_FALLBACK="proxy"
+
+##### --discovery-proxy
+## HTTP proxy to use for traffic to discovery service.
+## default: none
+# ETCD_DISCOVERY_PROXY
+
+##### --strict-reconfig-check
+## Reject reconfiguration requests that would cause quorum loss.
+## default: false
+# ETCD_STRICT_RECONFIG_CHECK
+
+##### --auto-compaction-retention
+## Auto compaction retention for mvcc key value store in hour. 0 means disable
+## auto compaction.
+## default: 0
+# ETCD_AUTO_COMPACTION_RETENTION="0"
+
+##### --enable-v2
+## Accept etcd V2 client requests
+## default: true
+# ETCD_ENABLE_V2="true"
+
+
+### Proxy flags
+
+# `--proxy` prefix flags configures etcd to run in proxy mode. "proxy" supports
+# v2 API only.
+
+##### --proxy
+## Proxy mode setting ("off", "readonly" or "on").
+## default: "off"
+# ETCD_PROXY="off"
+
+##### --proxy-failure-wait
+## Time (in milliseconds) an endpoint will be held in a failed state before
+## being reconsidered for proxied requests.
+## default: 5000
+# ETCD_PROXY_FAILURE_WAIT="5000"
+
+##### --proxy-refresh-interval
+## Time (in milliseconds) of the endpoints refresh interval.
+## default: 30000
+# ETCD_PROXY_REFRESH_INTERVAL="30000"
+
+##### --proxy-dial-timeout
+## Time (in milliseconds) for a dial to timeout or 0 to disable the timeout
+## default: 1000
+# ETCD_PROXY_DIAL_TIMEOUT="1000"
+
+##### --proxy-write-timeout
+## Time (in milliseconds) for a write to timeout or 0 to disable the timeout.
+## default: 5000
+# ETCD_PROXY_WRITE_TIMEOUT="5000"
+
+##### --proxy-read-timeout
+## Time (in milliseconds) for a read to timeout or 0 to disable the timeout.
+## Don't change this value if using watches because use long polling requests.
+## default: 0
+# ETCD_PROXY_READ_TIMEOUT="0"
+
+
+### Security flags
+
+# The security flags help to build a secure etcd cluster.
+
+##### --ca-file (**DEPRECATED**)
+## Path to the client server TLS CA file. `--ca-file ca.crt` could be replaced
+## by `--trusted-ca-file ca.crt --client-cert-auth` and etcd will perform the
+## same.
+## default: none
+# ETCD_CA_FILE
+
+##### --cert-file
+## Path to the client server TLS cert file.
+## default: none
+# ETCD_CERT_FILE
+
+##### --key-file
+## Path to the client server TLS key file.
+## default: none
+# ETCD_KEY_FILE
+
+##### --client-cert-auth
+## Enable client cert authentication.
+## CN authentication is not supported by gRPC-gateway.
+## default: false
+# ETCD_CLIENT_CERT_AUTH
+
+#### --client-crl-file
+## Path to the client certificate revocation list file.
+## default: ""
+# ETCD_CLIENT_CRL_FILE
+
+##### --trusted-ca-file
+## Path to the client server TLS trusted CA key file.
+## default: none
+# ETCD_TRUSTED_CA_FILE
+
+##### --auto-tls
+## Client TLS using generated certificates
+## default: false
+# ETCD_AUTO_TLS
+
+##### --peer-ca-file (**DEPRECATED**)
+## Path to the peer server TLS CA file. `--peer-ca-file ca.crt` could be
+## replaced by `--peer-trusted-ca-file ca.crt --peer-client-cert-auth` and etcd
+## will perform the same.
+## default: none
+# ETCD_PEER_CA_FILE
+
+##### --peer-cert-file
+## Path to the peer server TLS cert file.
+## default: none
+# ETCD_PEER_CERT_FILE
+
+##### --peer-key-file
+## Path to the peer server TLS key file.
+## default: none
+# ETCD_PEER_KEY_FILE
+
+##### --peer-client-cert-auth
+## Enable peer client cert authentication.
+## default: false
+# ETCD_PEER_CLIENT_CERT_AUTH
+
+#### --peer-crl-file
+## Path to the peer certificate revocation list file.
+## default: ""
+# ETCD_PEER_CRL_FILE
+
+##### --peer-trusted-ca-file
+## Path to the peer server TLS trusted CA file.
+## default: none
+# ETCD_PEER_TRUSTED_CA_FILE
+
+##### --peer-auto-tls
+## Peer TLS using generated certificates
+## default: false
+# ETCD_PEER_AUTO_TLS
+
+#### --peer-cert-allowed-cn
+## Allowed CommonName for inter peer authentication.
+## default: none
+# ETCD_PEER_CERT_ALLOWED_CN
+
+#### --cipher-suites
+## Comma-separated list of supported TLS cipher suites between server/client and
+## peers.
+## default: ""
+# ETCD_CIPHER_SUITES
+
+#### --experimental-peer-skip-client-san-verification
+## Skip verification of SAN field in client certificate for peer connections.
+## default: false
+#+ ETCD_EXPERIMENTAL_PEER_SKIP_CLIENT_SAN_VERIFICATION
+
+
+### Logging flags
+
+#### --log-outputs
+## Specify 'stdout' or 'stderr' to skip journald logging even when running
+## under systemd, or list of comma separated output targets.
+## default: default
+# ETCD_LOG_OUTPUTS
+
+##### --debug
+## Drop the default log level to DEBUG for all subpackages.
+## default: false (INFO for all packages)
+# ETCD_DEBUG
+
+##### --log-package-levels
+## Set individual etcd subpackages to specific log levels. An example being
+## `etcdserver=WARNING,security=DEBUG`
+## default: none (INFO for all packages)
+# ETCD_LOG_PACKAGE_LEVELS
+
+
+### Unsafe flags
+
+# Please be CAUTIOUS when using unsafe flags because it will break the guarantees given by the consensus protocol.
+# For example, it may panic if other members in the cluster are still alive.
+# Follow the instructions when using these flags.
+
+##### --force-new-cluster
+## Force to create a new one-member cluster. It commits configuration changes
+## forcing to remove all existing members in the cluster and add itself. It needs
+## to be set to restore a backup.
+## default: false
+# ETCD_FORCE_NEW_CLUSTER

db/etcd/tasks/install-debian.yml

@@ -0,0 +1,9 @@
+---
+
+# Install etcd
+- name: Installing etcd
+  apt:
+    update_cache: yes
+    state: present
+    name:
+      - etcd

db/etcd/tasks/main.yml

@@ -0,0 +1,3 @@
+---
+- include_tasks: install-debian.yml
+  when: ansible_os_family == "Debian"