kubespray/roles/network_plugin/calico/tasks/main.yml

---
- name: Calico | Set docker daemon options
  template:
    src: docker
    dest: "/etc/default/docker"
    owner: root
    group: root
    mode: 0644
  notify:
    - restart docker
  when: ansible_os_family != "CoreOS"

- meta: flush_handlers

- name: Calico | Install calicoctl container script
  template:
    src: calicoctl-container.j2
    dest: "{{ bin_dir }}/calicoctl"
    mode: 0755
    owner: root
    group: root
  changed_when: false
  notify: restart calico-node

- name: Calico | Install calico cni bin
  command: rsync -piu "{{ local_release_dir }}/calico/bin/calico" "/opt/cni/bin/calico"
  changed_when: false

- name: Calico | Install calico-ipam cni bin
  command: rsync -piu "{{ local_release_dir }}/calico/bin/calico" "/opt/cni/bin/calico-ipam"
  changed_when: false

- name: Calico | wait for etcd
  uri: url=http://localhost:2379/health
  register: result
  until: result.status == 200
  retries: 10
  delay: 5
  when: inventory_hostname in groups['kube-master']

- name: Calico | Check if calico network pool has already been configured
  uri:
    url: "{{ etcd_endpoint }}/v2/keys/calico/v1/ipam/v4/pool"
    return_content: yes
    status_code: 200,404
  register: calico_conf
  run_once: true

- name: Calico | Define ipip pool argument
  run_once: true
  set_fact:
    ipip_arg: "--ipip"
  when: cloud_provider is defined or ipip|default(false)

- name: Calico | Define nat-outgoing pool argument
  run_once: true
  set_fact:
    nat_arg: "--nat-outgoing"
  when: nat_outgoing|default(false) and not peer_with_router|default(false)

- name: Calico | Define calico pool task name
  run_once: true
  set_fact:
    pool_task_name: "with options {{ ipip_arg|default('') }} {{ nat_arg|default('') }}"
  when: ipip_arg|default(false) or nat_arg|default(false)

- name: Calico | Configure calico network pool {{ pool_task_name|default('') }}
  command: "{{ bin_dir}}/calicoctl pool add {{ kube_pods_subnet }} {{ ipip_arg|default('') }} {{ nat_arg|default('') }}"
  run_once: true
  when: calico_conf.status == 404

- name: Calico | Get calico configuration from etcd
  uri:
    url: "{{ etcd_endpoint }}/v2/keys/calico/v1/ipam/v4/pool"
    return_content: yes
  register: calico_pools
  run_once: true

- name: Calico | Check if calico pool is properly configured
  fail:
    msg: 'Only one network pool must be configured and it must be the subnet {{ kube_pods_subnet }}.
    Please erase calico configuration and run the playbook again ("etcdctl rm --recursive /calico/v1/ipam/v4/pool")'
  when: ( calico_pools.json['node']['nodes'] | length > 1 ) or
        ( not calico_pools.json['node']['nodes'][0]['key'] | search(".*{{ kube_pods_subnet | ipaddr('network') }}.*") )
  run_once: true

- name: Calico | Write /etc/network-environment
  template: src=network-environment.j2 dest=/etc/network-environment
  when: ansible_service_mgr in ["sysvinit","upstart"]

- name: Calico | Write calico-node systemd init file
  template: src=calico-node.service.j2 dest=/etc/systemd/system/calico-node.service
  when: ansible_service_mgr == "systemd"
  notify: restart calico-node

- name: Calico | Write calico-node initd script
  template: src=deb-calico.initd.j2 dest=/etc/init.d/calico-node owner=root mode=0755
  when: ansible_service_mgr in ["sysvinit","upstart"] and ansible_os_family == "Debian"
  notify: restart calico-node

- name: Calico | Write calico-node initd script
  template: src=rh-calico.initd.j2 dest=/etc/init.d/calico-node owner=root mode=0755
  when: ansible_service_mgr in ["sysvinit","upstart"] and ansible_os_family == "RedHat"
  notify: restart calico-node

- meta: flush_handlers

- name: Calico | Enable calico-node
  service:
    name: calico-node
    state: started
    enabled: yes

- name: Calico | Disable node mesh
  shell: "{{ bin_dir }}/calicoctl bgp node-mesh off"
  when: peer_with_router|default(false) and inventory_hostname in groups['kube-node']

- name: Calico | Configure peering with router(s)
  shell: "{{ bin_dir }}/calicoctl node bgp peer add {{ item.router_id }} as {{ item.as }}"
  with_items: peers
  when: peer_with_router|default(false) and inventory_hostname in groups['kube-node']