richard
/
kubespray
mirror of https://github.com/kubernetes-sigs/kubespray.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1768 Commits
29 Branches
81 Tags
150 MiB
Tree: 361a5eac7e
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '361a5eac7e'
${ noResults }
kubespray/roles/kubernetes/preinstall/tasks/main.yml

252 lines
6.7 KiB
Raw Normal View History

install docker on a largest number of linux distribution (based on https://github.com/marklee77/ansible-role-docker)
9 years ago
Drop non systemd OS types support Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
7 years ago
Rename CoreOS fact Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
7 years ago
ensure bin dir for coreos before anything else
8 years ago
Better fix for different CoreOS os family facts Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
7 years ago
Add tags Add tags to allow more granular tasks filtering. Add generator script for MD formatted tags found. Add docs for tags how-to. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
8 years ago
ensure bin dir for coreos before anything else
8 years ago
Fail all nodes on error
8 years ago
Add tags Add tags to allow more granular tasks filtering. Add generator script for MD formatted tags found. Add docs for tags how-to. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
8 years ago
Adjust collect-info playbook Cleanup collected artifacts, drop unrelated files/commands. Always install gitinfos script to binaries for external use. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
8 years ago
script which gives info about the deployment state fix script location
8 years ago
don't run gitinfos by default
8 years ago
Add tags Add tags to allow more granular tasks filtering. Add generator script for MD formatted tags found. Add docs for tags how-to. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
8 years ago
script which gives info about the deployment state fix script location
8 years ago
Fix set_facts visibility Move set_facts to the preinstall scope, so every role may see it. For example, network plugins to see the etcd_endpoint. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
8 years ago
Add tags Add tags to allow more granular tasks filtering. Add generator script for MD formatted tags found. Add docs for tags how-to. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
8 years ago
Fix set_facts visibility Move set_facts to the preinstall scope, so every role may see it. For example, network plugins to see the etcd_endpoint. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
8 years ago
Flannel running as pod
8 years ago
first version of CoreOS on GCE Please enter the commit message for your changes. Lines starting
8 years ago
Add tags Add tags to allow more granular tasks filtering. Add generator script for MD formatted tags found. Add docs for tags how-to. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
8 years ago
first version of CoreOS on GCE Please enter the commit message for your changes. Lines starting
8 years ago
split network plugins into distinct roles
8 years ago
Revert "Drop linux capabilities and rework users/groups"
7 years ago
Ansible 2.3 support - Fix when clauses in various places - Update requirements.txt - Fix README.md Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
7 years ago
Add tags Add tags to allow more granular tasks filtering. Add generator script for MD formatted tags found. Add docs for tags how-to. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
8 years ago
split network plugins into distinct roles
8 years ago
Revert "Drop linux capabilities and rework users/groups"
7 years ago
Ansible 2.3 support - Fix when clauses in various places - Update requirements.txt - Fix README.md Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
7 years ago
Add tags Add tags to allow more granular tasks filtering. Add generator script for MD formatted tags found. Add docs for tags how-to. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
8 years ago
split network plugins into distinct roles
8 years ago
Revert "Drop linux capabilities and rework users/groups"
7 years ago
Ansible 2.3 support - Fix when clauses in various places - Update requirements.txt - Fix README.md Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
7 years ago
Add tags Add tags to allow more granular tasks filtering. Add generator script for MD formatted tags found. Add docs for tags how-to. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
8 years ago
split network plugins into distinct roles
8 years ago
choose between gce and aws cloud providers
8 years ago
Updating vsphere cloud provider support
7 years ago
Ansible 2.3 support - Fix when clauses in various places - Update requirements.txt - Fix README.md Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
7 years ago
Add tags Add tags to allow more granular tasks filtering. Add generator script for MD formatted tags found. Add docs for tags how-to. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
8 years ago
Implemented cloud-provider integration for OpenStack. Currently kubespray does not install kubernetes in a way that allows cinder volumes to be used. This commit provides the necessary cloud configuration file and configures kubelet and kube-apiserver to use it.
8 years ago
Updating vsphere cloud provider support
7 years ago
Ansible 2.3 support - Fix when clauses in various places - Update requirements.txt - Fix README.md Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
7 years ago
Removing cloud_provider tag to fix scenario where cloud_provider is not defined
7 years ago
add basic azure support for kargo
8 years ago
split network plugins into distinct roles
8 years ago
Revert "Drop linux capabilities and rework users/groups"
7 years ago
split network plugins into distinct roles
8 years ago
Ansible 2.3 support - Fix when clauses in various places - Update requirements.txt - Fix README.md Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
7 years ago
Add tags Add tags to allow more granular tasks filtering. Add generator script for MD formatted tags found. Add docs for tags how-to. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
8 years ago
split network plugins into distinct roles
8 years ago
Need to use separate stanzas for each repo because the args are different. Sigh.
8 years ago
Cleanup legacy syntax, spacing, files all to yml Migrate older inline= syntax to pure yml syntax for module args as to be consistant with most of the rest of the tasks Cleanup some spacing in various files Rename some files named yaml to yml for consistancy
7 years ago
Retry yum/apt/rpm download commands, fix succeeded filter
7 years ago
Ansible 2.3 support - Fix when clauses in various places - Update requirements.txt - Fix README.md Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
7 years ago
Add tags Add tags to allow more granular tasks filtering. Add generator script for MD formatted tags found. Add docs for tags how-to. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
8 years ago
Use update_cache when possible
8 years ago
using apt module instead of command module to install python-apt
8 years ago
Cleanup legacy syntax, spacing, files all to yml Migrate older inline= syntax to pure yml syntax for module args as to be consistant with most of the rest of the tasks Cleanup some spacing in various files Rename some files named yaml to yml for consistancy
7 years ago
common role in order to support other linux distribs
9 years ago
Add tags Add tags to allow more granular tasks filtering. Add generator script for MD formatted tags found. Add docs for tags how-to. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
8 years ago
Flannel running as pod
8 years ago
install epel-release on RHEL7
8 years ago
Retry yum/apt/rpm download commands, fix succeeded filter
7 years ago
Ansible 2.3 support - Fix when clauses in various places - Update requirements.txt - Fix README.md Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
7 years ago
Flannel running as pod
8 years ago
Add tags Add tags to allow more granular tasks filtering. Add generator script for MD formatted tags found. Add docs for tags how-to. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
8 years ago
split role download and preinstall
9 years ago
Fix docker install on rhel7
8 years ago
Parameterize several dependency endpoints so that they can be overridden with internal mirrors. Signed-off-by: Chad Swenson <chadswen@gmail.com>
8 years ago
Ansible 2.3 support - Fix when clauses in various places - Update requirements.txt - Fix README.md Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
7 years ago
Retry yum/apt/rpm download commands, fix succeeded filter
7 years ago
use docker repository to install on CentOS
8 years ago
set "check_mode: no" for read-only "shell" steps that registers result "shell" step doesn't support check mode, which currently leads to failures, when Ansible is being run in check mode (because Ansible doesn't run command, assuming that command might have effect, and no "rc" or "output" is registered). Setting "check_mode: no" allows to run those "shell" commands in check mode (which is safe, because those shell commands doesn't have side effects).
7 years ago
Add tags Add tags to allow more granular tasks filtering. Add generator script for MD formatted tags found. Add docs for tags how-to. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
8 years ago
install epel release for rhel install required packages before common roles/kubernetes/preinstall/tasks/main.yml
8 years ago
Flannel running as pod
8 years ago
split role download and preinstall
9 years ago
Add retries for packages installation Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
8 years ago
Retry yum/apt/rpm download commands, fix succeeded filter
7 years ago
Add retries for packages installation Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
8 years ago
Add retry_stagger var for failed download/pushes. * Add the retry_stagger var to tweak push and retry time strategies. * Add large deployments related docs. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
8 years ago
first version of CoreOS on GCE Please enter the commit message for your changes. Lines starting
8 years ago
Add support for atomic host Updates based on feedback Simplify checks for file exists remove invalid char Review feedback. Use regular systemd file. Add template for docker systemd atomic
7 years ago
Add tags Add tags to allow more granular tasks filtering. Add generator script for MD formatted tags found. Add docs for tags how-to. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
8 years ago
Flannel running as pod
8 years ago
When running on CentOS7 image in AWS with selinux on, the order of the tasks fail because selinux prevents ip-forwarding setting. Moving the tasks around addresses two issues. Makes sure that the correct python tools are in place before adjusting of selinux and makes sure that ipforwarding is toggled after selinux adjustments.
7 years ago
Safe disable SELinux Sometimes, a sysadmin might outright delete the SELinux rpms and delete the configuration. This causes the selinux module to fail with ``` IOError: [Errno 2] No such file or directory: '/etc/selinux/config'\n", "module_stdout": "", "msg": "MODULE FAILURE"} ``` This simply checks that /etc/selinux/config exists before we try to set it Permissive. Update from feedback
7 years ago
When running on CentOS7 image in AWS with selinux on, the order of the tasks fail because selinux prevents ip-forwarding setting. Moving the tasks around addresses two issues. Makes sure that the correct python tools are in place before adjusting of selinux and makes sure that ipforwarding is toggled after selinux adjustments.
7 years ago
Cleanup legacy syntax, spacing, files all to yml Migrate older inline= syntax to pure yml syntax for module args as to be consistant with most of the rest of the tasks Cleanup some spacing in various files Rename some files named yaml to yml for consistancy
7 years ago
Ansible 2.3 support - Fix when clauses in various places - Update requirements.txt - Fix README.md Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
7 years ago
When running on CentOS7 image in AWS with selinux on, the order of the tasks fail because selinux prevents ip-forwarding setting. Moving the tasks around addresses two issues. Makes sure that the correct python tools are in place before adjusting of selinux and makes sure that ipforwarding is toggled after selinux adjustments.
7 years ago
Add option to disable ipv6 dns lookup New variable disable_ipv6_dns in kubernetes/preinstall.
8 years ago
Ansible 2.3 support - Fix when clauses in various places - Update requirements.txt - Fix README.md Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
7 years ago
Add tags Add tags to allow more granular tasks filtering. Add generator script for MD formatted tags found. Add docs for tags how-to. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
8 years ago
Add option to disable ipv6 dns lookup New variable disable_ipv6_dns in kubernetes/preinstall.
8 years ago
follow sysctl.conf file symlink if linked
7 years ago
Cleanup legacy syntax, spacing, files all to yml Migrate older inline= syntax to pure yml syntax for module args as to be consistant with most of the rest of the tasks Cleanup some spacing in various files Rename some files named yaml to yml for consistancy
7 years ago
follow sysctl.conf file symlink if linked
7 years ago
Ansible 2.3 support - Fix when clauses in various places - Update requirements.txt - Fix README.md Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
7 years ago
follow sysctl.conf file symlink if linked
7 years ago
When running on CentOS7 image in AWS with selinux on, the order of the tasks fail because selinux prevents ip-forwarding setting. Moving the tasks around addresses two issues. Makes sure that the correct python tools are in place before adjusting of selinux and makes sure that ipforwarding is toggled after selinux adjustments.
7 years ago
use ansible sysctl module for config ip forwarding
7 years ago
follow sysctl.conf file symlink if linked
7 years ago
use ansible sysctl module for config ip forwarding
7 years ago
When running on CentOS7 image in AWS with selinux on, the order of the tasks fail because selinux prevents ip-forwarding setting. Moving the tasks around addresses two issues. Makes sure that the correct python tools are in place before adjusting of selinux and makes sure that ipforwarding is toggled after selinux adjustments.
7 years ago
Add tags Add tags to allow more granular tasks filtering. Add generator script for MD formatted tags found. Add docs for tags how-to. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
8 years ago
common role in order to support other linux distribs
9 years ago
Updating vsphere cloud provider support
7 years ago
add basic azure support for kargo
8 years ago
Initial support for vsphere as cloud provider
8 years ago
add basic azure support for kargo
8 years ago
Ansible 2.3 support - Fix when clauses in various places - Update requirements.txt - Fix README.md Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
7 years ago
Removing cloud_provider tag to fix scenario where cloud_provider is not defined
7 years ago
add basic azure support for kargo
8 years ago
move /etc/hosts configuration in 'preinstall' role
8 years ago
Add tags Add tags to allow more granular tasks filtering. Add generator script for MD formatted tags found. Add docs for tags how-to. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
8 years ago
Preconfigure DNS stack and docker early In order to enable offline/intranet installation cases: * Move DNS/resolvconf configuration to preinstall role. Remove skip_dnsmasq_k8s var as not needed anymore. * Preconfigure DNS stack early, which may be the case when downloading artifacts from intranet repositories. Do not configure K8s DNS resolvers for hosts /etc/resolv.conf yet early (as they may be not existing). * Reconfigure K8s DNS resolvers for hosts only after kubedns/dnsmasq was set up and before K8s apps to be created. * Move docker install task to early stage as well and unbind it from the etcd role's specific install path. Fix external flannel dependency on docker role handlers. Also fix the docker restart handlers' steps ordering to match the expected sequence (the socket then the service). * Add default resolver fact, which is the cloud provider specific and remove hardcoded GCE resolver. * Reduce default ndots for hosts /etc/resolv.conf to 2. Multiple search domains combined with high ndots values lead to poor performance of DNS stack and make ansible workers to fail very often with the "Timeout (12s) waiting for privilege escalation prompt:" error. * Update docs. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
8 years ago
Ansible 2.3 support - Fix when clauses in various places - Update requirements.txt - Fix README.md Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
7 years ago
Preconfigure DNS stack and docker early In order to enable offline/intranet installation cases: * Move DNS/resolvconf configuration to preinstall role. Remove skip_dnsmasq_k8s var as not needed anymore. * Preconfigure DNS stack early, which may be the case when downloading artifacts from intranet repositories. Do not configure K8s DNS resolvers for hosts /etc/resolv.conf yet early (as they may be not existing). * Reconfigure K8s DNS resolvers for hosts only after kubedns/dnsmasq was set up and before K8s apps to be created. * Move docker install task to early stage as well and unbind it from the etcd role's specific install path. Fix external flannel dependency on docker role handlers. Also fix the docker restart handlers' steps ordering to match the expected sequence (the socket then the service). * Add default resolver fact, which is the cloud provider specific and remove hardcoded GCE resolver. * Reduce default ndots for hosts /etc/resolv.conf to 2. Multiple search domains combined with high ndots values lead to poor performance of DNS stack and make ansible workers to fail very often with the "Timeout (12s) waiting for privilege escalation prompt:" error. * Update docs. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
8 years ago
Drop non systemd OS types support Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
7 years ago
Add tasks to undo changes to hosts /etc/resolv.conf and dhclient configs
7 years ago
Ansible 2.3 support - Fix when clauses in various places - Update requirements.txt - Fix README.md Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
7 years ago
Add tasks to undo changes to hosts /etc/resolv.conf and dhclient configs
7 years ago
Ansible 2.3 support - Fix when clauses in various places - Update requirements.txt - Fix README.md Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
7 years ago
Add tasks to undo changes to hosts /etc/resolv.conf and dhclient configs
7 years ago
Make growpart only run on Azure
8 years ago
Cleanup legacy syntax, spacing, files all to yml Migrate older inline= syntax to pure yml syntax for module args as to be consistant with most of the rest of the tasks Cleanup some spacing in various files Rename some files named yaml to yml for consistancy
7 years ago
Make growpart only run on Azure
8 years ago
Ansible 2.3 support - Fix when clauses in various places - Update requirements.txt - Fix README.md Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
7 years ago
Add growpart role to allow growing the root partition on CentOS At least the OS images from Azure do not grow the root FS automatically.
8 years ago
  1. ---
  2. - include: pre-upgrade.yml
  3. tags: [upgrade, bootstrap-os]
  5. - name: Force binaries directory for Container Linux by CoreOS
  6. set_fact:
  7. bin_dir: "/opt/bin"
  8. when: ansible_os_family in ["CoreOS", "Container Linux by CoreOS"]
  9. tags: facts
  11. - name: check bin dir exists
  12. file:
  13. path: "{{bin_dir}}"
  14. state: directory
  15. owner: root
  16. become: true
  17. tags: bootstrap-os
  19. - include: gitinfos.yml
  20. when: run_gitinfos
  21. tags: facts
  23. - include: set_facts.yml
  24. tags: facts
  26. - name: gather os specific variables
  27. include_vars: "{{ item }}"
  28. with_first_found:
  29. - files:
  30. - "{{ ansible_distribution|lower }}-{{ ansible_distribution_version|lower|replace('/', '_') }}.yml"
  31. - "{{ ansible_distribution|lower }}-{{ ansible_distribution_release }}.yml"
  32. - "{{ ansible_distribution|lower }}-{{ ansible_distribution_major_version|lower|replace('/', '_') }}.yml"
  33. - "{{ ansible_distribution|lower }}.yml"
  34. - "{{ ansible_os_family|lower }}.yml"
  35. - defaults.yml
  36. paths:
  37. - ../vars
  38. skip: true
  39. tags: facts
  41. - name: Create kubernetes config directory
  42. file:
  43. path: "{{ kube_config_dir }}"
  44. state: directory
  45. owner: kube
  46. when: inventory_hostname in groups['k8s-cluster']
  47. tags: [kubelet, k8s-secrets, kube-controller-manager, kube-apiserver, bootstrap-os, apps, network, master, node]
  49. - name: Create kubernetes script directory
  50. file:
  51. path: "{{ kube_script_dir }}"
  52. state: directory
  53. owner: kube
  54. when: "inventory_hostname in groups['k8s-cluster']"
  55. tags: [k8s-secrets, bootstrap-os]
  57. - name: Create kubernetes manifests directory
  58. file:
  59. path: "{{ kube_manifest_dir }}"
  60. state: directory
  61. owner: kube
  62. when: "inventory_hostname in groups['k8s-cluster']"
  63. tags: [kubelet, bootstrap-os, master, node]
  65. - name: check cloud_provider value
  66. fail:
  67. msg: "If set the 'cloud_provider' var must be set either to 'generic', 'gce', 'aws', 'azure', 'openstack' or 'vsphere'"
  68. when:
  69. - cloud_provider is defined
  70. - cloud_provider not in ['generic', 'gce', 'aws', 'azure', 'openstack', 'vsphere']
  71. tags: [cloud-provider, facts]
  73. - include: "{{ cloud_provider }}-credential-check.yml"
  74. when:
  75. - cloud_provider is defined
  76. - cloud_provider in [ 'openstack', 'azure', 'vsphere' ]
  77. tags: [cloud-provider, facts]
  79. - name: Create cni directories
  80. file:
  81. path: "{{ item }}"
  82. state: directory
  83. owner: kube
  84. with_items:
  85. - "/etc/cni/net.d"
  86. - "/opt/cni/bin"
  87. when:
  88. - kube_network_plugin in ["calico", "weave", "canal"]
  89. - inventory_hostname in groups['k8s-cluster']
  90. tags: [network, calico, weave, canal, bootstrap-os]
  92. - name: Update package management cache (YUM)
  93. yum:
  94. update_cache: yes
  95. name: '*'
  96. register: yum_task_result
  97. until: yum_task_result|succeeded
  98. retries: 4
  99. delay: "{{ retry_stagger | random + 3 }}"
  100. when:
  101. - ansible_pkg_mgr == 'yum'
  102. - not is_atomic
  103. tags: bootstrap-os
  105. - name: Install latest version of python-apt for Debian distribs
  106. apt:
  107. name: python-apt
  108. state: latest
  109. update_cache: yes
  110. cache_valid_time: 3600
  111. when: ansible_os_family == "Debian"
  112. tags: bootstrap-os
  114. - name: Install python-dnf for latest RedHat versions
  115. command: dnf install -y python-dnf yum
  116. register: dnf_task_result
  117. until: dnf_task_result|succeeded
  118. retries: 4
  119. delay: "{{ retry_stagger | random + 3 }}"
  120. when:
  121. - ansible_distribution == "Fedora"
  122. - ansible_distribution_major_version > 21
  123. changed_when: False
  124. tags: bootstrap-os
  126. - name: Install epel-release on RedHat/CentOS
  127. shell: rpm -qa | grep epel-release || rpm -ivh {{ epel_rpm_download_url }}
  128. when:
  129. - ansible_distribution in ["CentOS","RedHat"]
  130. - not is_atomic
  131. register: epel_task_result
  132. until: epel_task_result|succeeded
  133. retries: 4
  134. delay: "{{ retry_stagger | random + 3 }}"
  135. changed_when: False
  136. check_mode: no
  137. tags: bootstrap-os
  139. - name: Install packages requirements
  140. action:
  141. module: "{{ ansible_pkg_mgr }}"
  142. name: "{{ item }}"
  143. state: latest
  144. register: pkgs_task_result
  145. until: pkgs_task_result|succeeded
  146. retries: 4
  147. delay: "{{ retry_stagger | random + 3 }}"
  148. with_items: "{{required_pkgs | default([]) | union(common_required_pkgs|default([]))}}"
  149. when: not (ansible_os_family in ["CoreOS", "Container Linux by CoreOS"] or is_atomic)
  150. tags: bootstrap-os
  152. # Todo : selinux configuration
  153. - name: Confirm selinux deployed
  154. stat:
  155. path: /etc/selinux/config
  156. when: ansible_os_family == "RedHat"
  157. register: slc
  159. - name: Set selinux policy to permissive
  160. selinux:
  161. policy: targeted
  162. state: permissive
  163. when:
  164. - ansible_os_family == "RedHat"
  165. - slc.stat.exists == True
  166. changed_when: False
  167. tags: bootstrap-os
  169. - name: Disable IPv6 DNS lookup
  170. lineinfile:
  171. dest: /etc/gai.conf
  172. line: "precedence ::ffff:0:0/96 100"
  173. state: present
  174. backup: yes
  175. when:
  176. - disable_ipv6_dns
  177. - not ansible_os_family in ["CoreOS", "Container Linux by CoreOS"]
  178. tags: bootstrap-os
  180. - name: set default sysctl file path
  181. set_fact:
  182. sysctl_file_path: "/etc/sysctl.d/99-sysctl.conf"
  183. tags: bootstrap-os
  185. - name: Stat sysctl file configuration
  186. stat:
  187. path: "{{sysctl_file_path}}"
  188. register: sysctl_file_stat
  189. tags: bootstrap-os
  191. - name: Change sysctl file path to link source if linked
  192. set_fact:
  193. sysctl_file_path: "{{sysctl_file_stat.stat.lnk_source}}"
  194. when:
  195. - sysctl_file_stat.stat.islnk is defined
  196. - sysctl_file_stat.stat.islnk
  197. tags: bootstrap-os
  199. - name: Enable ip forwarding
  200. sysctl:
  201. sysctl_file: "{{sysctl_file_path}}"
  202. name: net.ipv4.ip_forward
  203. value: 1
  204. state: present
  205. tags: bootstrap-os
  207. - name: Write cloud-config
  208. template:
  209. src: "{{ cloud_provider }}-cloud-config.j2"
  210. dest: "{{ kube_config_dir }}/cloud_config"
  211. group: "{{ kube_cert_group }}"
  212. mode: 0640
  213. when:
  214. - inventory_hostname in groups['k8s-cluster']
  215. - cloud_provider is defined
  216. - cloud_provider in [ 'openstack', 'azure', 'vsphere' ]
  217. tags: [cloud-provider]
  219. - include: etchosts.yml
  220. tags: [bootstrap-os, etchosts]
  222. - include: resolvconf.yml
  223. when:
  224. - dns_mode != 'none'
  225. - resolvconf_mode == 'host_resolvconf'
  226. tags: [bootstrap-os, resolvconf]
  228. - include: dhclient-hooks.yml
  229. when:
  230. - dns_mode != 'none'
  231. - resolvconf_mode == 'host_resolvconf'
  232. - not ansible_os_family in ["CoreOS", "Container Linux by CoreOS"]
  233. tags: [bootstrap-os, resolvconf]
  235. - include: dhclient-hooks-undo.yml
  236. when:
  237. - dns_mode != 'none'
  238. - resolvconf_mode != 'host_resolvconf'
  239. - not ansible_os_family in ["CoreOS", "Container Linux by CoreOS"]
  240. tags: [bootstrap-os, resolvconf]
  242. - name: Check if we are running inside a Azure VM
  243. stat:
  244. path: /var/lib/waagent/
  245. register: azure_check
  246. tags: bootstrap-os
  248. - include: growpart-azure-centos-7.yml
  249. when:
  250. - azure_check.stat.exists
  251. - ansible_distribution in ["CentOS","RedHat"]
  252. tags: bootstrap-os