richard
/
kubespray
mirror of https://github.com/kubernetes-sigs/kubespray.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
3431 Commits
29 Branches
80 Tags
156 MiB
Tree: 82a28d6bb3
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '82a28d6bb3'
${ noResults }
kubespray/roles/dnsmasq/tasks/main.yml

102 lines
3.0 KiB
Raw Normal View History

Initial commit
9 years ago
Preconfigure DNS stack and docker early In order to enable offline/intranet installation cases: * Move DNS/resolvconf configuration to preinstall role. Remove skip_dnsmasq_k8s var as not needed anymore. * Preconfigure DNS stack early, which may be the case when downloading artifacts from intranet repositories. Do not configure K8s DNS resolvers for hosts /etc/resolv.conf yet early (as they may be not existing). * Reconfigure K8s DNS resolvers for hosts only after kubedns/dnsmasq was set up and before K8s apps to be created. * Move docker install task to early stage as well and unbind it from the etcd role's specific install path. Fix external flannel dependency on docker role handlers. Also fix the docker restart handlers' steps ordering to match the expected sequence (the socket then the service). * Add default resolver fact, which is the cloud provider specific and remove hardcoded GCE resolver. * Reduce default ndots for hosts /etc/resolv.conf to 2. Multiple search domains combined with high ndots values lead to poor performance of DNS stack and make ansible workers to fail very often with the "Timeout (12s) waiting for privilege escalation prompt:" error. * Update docs. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
7 years ago
Initial commit
9 years ago
Preconfigure DNS stack and docker early In order to enable offline/intranet installation cases: * Move DNS/resolvconf configuration to preinstall role. Remove skip_dnsmasq_k8s var as not needed anymore. * Preconfigure DNS stack early, which may be the case when downloading artifacts from intranet repositories. Do not configure K8s DNS resolvers for hosts /etc/resolv.conf yet early (as they may be not existing). * Reconfigure K8s DNS resolvers for hosts only after kubedns/dnsmasq was set up and before K8s apps to be created. * Move docker install task to early stage as well and unbind it from the etcd role's specific install path. Fix external flannel dependency on docker role handlers. Also fix the docker restart handlers' steps ordering to match the expected sequence (the socket then the service). * Add default resolver fact, which is the cloud provider specific and remove hardcoded GCE resolver. * Reduce default ndots for hosts /etc/resolv.conf to 2. Multiple search domains combined with high ndots values lead to poor performance of DNS stack and make ansible workers to fail very often with the "Timeout (12s) waiting for privilege escalation prompt:" error. * Update docs. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
7 years ago
Also add the system nameservers to upstream servers in dnsmasq Also make no-resolv unconditional again. Otherwise, we may end up in a resolver loop. The resolver loop was the cause for the piling up parallel queries.
7 years ago
Preconfigure DNS stack and docker early In order to enable offline/intranet installation cases: * Move DNS/resolvconf configuration to preinstall role. Remove skip_dnsmasq_k8s var as not needed anymore. * Preconfigure DNS stack early, which may be the case when downloading artifacts from intranet repositories. Do not configure K8s DNS resolvers for hosts /etc/resolv.conf yet early (as they may be not existing). * Reconfigure K8s DNS resolvers for hosts only after kubedns/dnsmasq was set up and before K8s apps to be created. * Move docker install task to early stage as well and unbind it from the etcd role's specific install path. Fix external flannel dependency on docker role handlers. Also fix the docker restart handlers' steps ordering to match the expected sequence (the socket then the service). * Add default resolver fact, which is the cloud provider specific and remove hardcoded GCE resolver. * Reduce default ndots for hosts /etc/resolv.conf to 2. Multiple search domains combined with high ndots values lead to poor performance of DNS stack and make ansible workers to fail very often with the "Timeout (12s) waiting for privilege escalation prompt:" error. * Update docs. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
7 years ago
Enable reset of dnsmasq if manifest or config changes
7 years ago
Preconfigure DNS stack and docker early In order to enable offline/intranet installation cases: * Move DNS/resolvconf configuration to preinstall role. Remove skip_dnsmasq_k8s var as not needed anymore. * Preconfigure DNS stack early, which may be the case when downloading artifacts from intranet repositories. Do not configure K8s DNS resolvers for hosts /etc/resolv.conf yet early (as they may be not existing). * Reconfigure K8s DNS resolvers for hosts only after kubedns/dnsmasq was set up and before K8s apps to be created. * Move docker install task to early stage as well and unbind it from the etcd role's specific install path. Fix external flannel dependency on docker role handlers. Also fix the docker restart handlers' steps ordering to match the expected sequence (the socket then the service). * Add default resolver fact, which is the cloud provider specific and remove hardcoded GCE resolver. * Reduce default ndots for hosts /etc/resolv.conf to 2. Multiple search domains combined with high ndots values lead to poor performance of DNS stack and make ansible workers to fail very often with the "Timeout (12s) waiting for privilege escalation prompt:" error. * Update docs. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
7 years ago
Use checksum of dnsmasq config to trigger updates of dnsmasq Allows config changes made by Ansible to restart dnsmasq deployment
7 years ago
Cleanup legacy syntax, spacing, files all to yml Migrate older inline= syntax to pure yml syntax for module args as to be consistant with most of the rest of the tasks Cleanup some spacing in various files Rename some files named yaml to yml for consistancy
7 years ago
Preconfigure DNS stack and docker early In order to enable offline/intranet installation cases: * Move DNS/resolvconf configuration to preinstall role. Remove skip_dnsmasq_k8s var as not needed anymore. * Preconfigure DNS stack early, which may be the case when downloading artifacts from intranet repositories. Do not configure K8s DNS resolvers for hosts /etc/resolv.conf yet early (as they may be not existing). * Reconfigure K8s DNS resolvers for hosts only after kubedns/dnsmasq was set up and before K8s apps to be created. * Move docker install task to early stage as well and unbind it from the etcd role's specific install path. Fix external flannel dependency on docker role handlers. Also fix the docker restart handlers' steps ordering to match the expected sequence (the socket then the service). * Add default resolver fact, which is the cloud provider specific and remove hardcoded GCE resolver. * Reduce default ndots for hosts /etc/resolv.conf to 2. Multiple search domains combined with high ndots values lead to poor performance of DNS stack and make ansible workers to fail very often with the "Timeout (12s) waiting for privilege escalation prompt:" error. * Update docs. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
7 years ago
Apply ClusterRoleBinding to dnsmaq when rbac_enabled (#1592) * Add RBAC policies to dnsmasq * fix merge conflict * yamllint * use .j2 extension for dnsmasq autoscaler
7 years ago
Templates (even without actual templating inside) should have j2 extension but should not be rendered with j2 extension
6 years ago
Apply ClusterRoleBinding to dnsmaq when rbac_enabled (#1592) * Add RBAC policies to dnsmasq * fix merge conflict * yamllint * use .j2 extension for dnsmasq autoscaler
7 years ago
Preconfigure DNS stack and docker early In order to enable offline/intranet installation cases: * Move DNS/resolvconf configuration to preinstall role. Remove skip_dnsmasq_k8s var as not needed anymore. * Preconfigure DNS stack early, which may be the case when downloading artifacts from intranet repositories. Do not configure K8s DNS resolvers for hosts /etc/resolv.conf yet early (as they may be not existing). * Reconfigure K8s DNS resolvers for hosts only after kubedns/dnsmasq was set up and before K8s apps to be created. * Move docker install task to early stage as well and unbind it from the etcd role's specific install path. Fix external flannel dependency on docker role handlers. Also fix the docker restart handlers' steps ordering to match the expected sequence (the socket then the service). * Add default resolver fact, which is the cloud provider specific and remove hardcoded GCE resolver. * Reduce default ndots for hosts /etc/resolv.conf to 2. Multiple search domains combined with high ndots values lead to poor performance of DNS stack and make ansible workers to fail very often with the "Timeout (12s) waiting for privilege escalation prompt:" error. * Update docs. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
7 years ago
Cleanup legacy syntax, spacing, files all to yml Migrate older inline= syntax to pure yml syntax for module args as to be consistant with most of the rest of the tasks Cleanup some spacing in various files Rename some files named yaml to yml for consistancy
7 years ago
Templates (even without actual templating inside) should have j2 extension but should not be rendered with j2 extension
6 years ago
Cleanup legacy syntax, spacing, files all to yml Migrate older inline= syntax to pure yml syntax for module args as to be consistant with most of the rest of the tasks Cleanup some spacing in various files Rename some files named yaml to yml for consistancy
7 years ago
Preconfigure DNS stack and docker early In order to enable offline/intranet installation cases: * Move DNS/resolvconf configuration to preinstall role. Remove skip_dnsmasq_k8s var as not needed anymore. * Preconfigure DNS stack early, which may be the case when downloading artifacts from intranet repositories. Do not configure K8s DNS resolvers for hosts /etc/resolv.conf yet early (as they may be not existing). * Reconfigure K8s DNS resolvers for hosts only after kubedns/dnsmasq was set up and before K8s apps to be created. * Move docker install task to early stage as well and unbind it from the etcd role's specific install path. Fix external flannel dependency on docker role handlers. Also fix the docker restart handlers' steps ordering to match the expected sequence (the socket then the service). * Add default resolver fact, which is the cloud provider specific and remove hardcoded GCE resolver. * Reduce default ndots for hosts /etc/resolv.conf to 2. Multiple search domains combined with high ndots values lead to poor performance of DNS stack and make ansible workers to fail very often with the "Timeout (12s) waiting for privilege escalation prompt:" error. * Update docs. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
7 years ago
Add autoscalers for dnsmasq and kubedns By default kubedns and dnsmasq scale when installed. Dnsmasq is no longer a daemonset. It is now a deployment. Kubedns is no longer a replicationcluster. It is now a deployment. Minimum replicas is two (to enable rolling updates). Reduced memory erquirements for dnsmasq and kubedns
7 years ago
Templates (even without actual templating inside) should have j2 extension but should not be rendered with j2 extension
6 years ago
Preconfigure DNS stack and docker early In order to enable offline/intranet installation cases: * Move DNS/resolvconf configuration to preinstall role. Remove skip_dnsmasq_k8s var as not needed anymore. * Preconfigure DNS stack early, which may be the case when downloading artifacts from intranet repositories. Do not configure K8s DNS resolvers for hosts /etc/resolv.conf yet early (as they may be not existing). * Reconfigure K8s DNS resolvers for hosts only after kubedns/dnsmasq was set up and before K8s apps to be created. * Move docker install task to early stage as well and unbind it from the etcd role's specific install path. Fix external flannel dependency on docker role handlers. Also fix the docker restart handlers' steps ordering to match the expected sequence (the socket then the service). * Add default resolver fact, which is the cloud provider specific and remove hardcoded GCE resolver. * Reduce default ndots for hosts /etc/resolv.conf to 2. Multiple search domains combined with high ndots values lead to poor performance of DNS stack and make ansible workers to fail very often with the "Timeout (12s) waiting for privilege escalation prompt:" error. * Update docs. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
7 years ago
Fix flannel for 1.6 and apply fixes to enable containerized kubelet
7 years ago
Preconfigure DNS stack and docker early In order to enable offline/intranet installation cases: * Move DNS/resolvconf configuration to preinstall role. Remove skip_dnsmasq_k8s var as not needed anymore. * Preconfigure DNS stack early, which may be the case when downloading artifacts from intranet repositories. Do not configure K8s DNS resolvers for hosts /etc/resolv.conf yet early (as they may be not existing). * Reconfigure K8s DNS resolvers for hosts only after kubedns/dnsmasq was set up and before K8s apps to be created. * Move docker install task to early stage as well and unbind it from the etcd role's specific install path. Fix external flannel dependency on docker role handlers. Also fix the docker restart handlers' steps ordering to match the expected sequence (the socket then the service). * Add default resolver fact, which is the cloud provider specific and remove hardcoded GCE resolver. * Reduce default ndots for hosts /etc/resolv.conf to 2. Multiple search domains combined with high ndots values lead to poor performance of DNS stack and make ansible workers to fail very often with the "Timeout (12s) waiting for privilege escalation prompt:" error. * Update docs. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
7 years ago
Add autoscalers for dnsmasq and kubedns By default kubedns and dnsmasq scale when installed. Dnsmasq is no longer a daemonset. It is now a deployment. Kubedns is no longer a replicationcluster. It is now a deployment. Minimum replicas is two (to enable rolling updates). Reduced memory erquirements for dnsmasq and kubedns
7 years ago
Stop templating kube-system namespace and creating it (#2545) Kubernetes makes this namespace automatically, so there is no need for kubespray to manage it.
6 years ago
Preconfigure DNS stack and docker early In order to enable offline/intranet installation cases: * Move DNS/resolvconf configuration to preinstall role. Remove skip_dnsmasq_k8s var as not needed anymore. * Preconfigure DNS stack early, which may be the case when downloading artifacts from intranet repositories. Do not configure K8s DNS resolvers for hosts /etc/resolv.conf yet early (as they may be not existing). * Reconfigure K8s DNS resolvers for hosts only after kubedns/dnsmasq was set up and before K8s apps to be created. * Move docker install task to early stage as well and unbind it from the etcd role's specific install path. Fix external flannel dependency on docker role handlers. Also fix the docker restart handlers' steps ordering to match the expected sequence (the socket then the service). * Add default resolver fact, which is the cloud provider specific and remove hardcoded GCE resolver. * Reduce default ndots for hosts /etc/resolv.conf to 2. Multiple search domains combined with high ndots values lead to poor performance of DNS stack and make ansible workers to fail very often with the "Timeout (12s) waiting for privilege escalation prompt:" error. * Update docs. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
7 years ago
Address standalone kubelet config case Also place in global vars and do not repeat the kube_*_config_dir and kube_namespace vars for better code maintainability and UX. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
7 years ago
Fix non-rbac deployment of resources as a list (#1613) * Use kubectl apply instead of create/replace Disable checks for existing resources to speed up execution. * Fix non-rbac deployment of resources as a list * Fix autoscaler tolerations field * set all kube resources to state=latest * Update netchecker and weave
7 years ago
Preconfigure DNS stack and docker early In order to enable offline/intranet installation cases: * Move DNS/resolvconf configuration to preinstall role. Remove skip_dnsmasq_k8s var as not needed anymore. * Preconfigure DNS stack early, which may be the case when downloading artifacts from intranet repositories. Do not configure K8s DNS resolvers for hosts /etc/resolv.conf yet early (as they may be not existing). * Reconfigure K8s DNS resolvers for hosts only after kubedns/dnsmasq was set up and before K8s apps to be created. * Move docker install task to early stage as well and unbind it from the etcd role's specific install path. Fix external flannel dependency on docker role handlers. Also fix the docker restart handlers' steps ordering to match the expected sequence (the socket then the service). * Add default resolver fact, which is the cloud provider specific and remove hardcoded GCE resolver. * Reduce default ndots for hosts /etc/resolv.conf to 2. Multiple search domains combined with high ndots values lead to poor performance of DNS stack and make ansible workers to fail very often with the "Timeout (12s) waiting for privilege escalation prompt:" error. * Update docs. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
7 years ago
Fix flannel for 1.6 and apply fixes to enable containerized kubelet
7 years ago
Preconfigure DNS stack and docker early In order to enable offline/intranet installation cases: * Move DNS/resolvconf configuration to preinstall role. Remove skip_dnsmasq_k8s var as not needed anymore. * Preconfigure DNS stack early, which may be the case when downloading artifacts from intranet repositories. Do not configure K8s DNS resolvers for hosts /etc/resolv.conf yet early (as they may be not existing). * Reconfigure K8s DNS resolvers for hosts only after kubedns/dnsmasq was set up and before K8s apps to be created. * Move docker install task to early stage as well and unbind it from the etcd role's specific install path. Fix external flannel dependency on docker role handlers. Also fix the docker restart handlers' steps ordering to match the expected sequence (the socket then the service). * Add default resolver fact, which is the cloud provider specific and remove hardcoded GCE resolver. * Reduce default ndots for hosts /etc/resolv.conf to 2. Multiple search domains combined with high ndots values lead to poor performance of DNS stack and make ansible workers to fail very often with the "Timeout (12s) waiting for privilege escalation prompt:" error. * Update docs. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
7 years ago
Rename dns_server, add var for selinux. (#1572) * Rename dns_server to dnsmasq_dns_server so that it includes role prefix as the var name is generic and conflicts when integrating with existing ansible automation. * Enable selinux state to be configurable with new var preinstall_selinux_state
7 years ago
Preconfigure DNS stack and docker early In order to enable offline/intranet installation cases: * Move DNS/resolvconf configuration to preinstall role. Remove skip_dnsmasq_k8s var as not needed anymore. * Preconfigure DNS stack early, which may be the case when downloading artifacts from intranet repositories. Do not configure K8s DNS resolvers for hosts /etc/resolv.conf yet early (as they may be not existing). * Reconfigure K8s DNS resolvers for hosts only after kubedns/dnsmasq was set up and before K8s apps to be created. * Move docker install task to early stage as well and unbind it from the etcd role's specific install path. Fix external flannel dependency on docker role handlers. Also fix the docker restart handlers' steps ordering to match the expected sequence (the socket then the service). * Add default resolver fact, which is the cloud provider specific and remove hardcoded GCE resolver. * Reduce default ndots for hosts /etc/resolv.conf to 2. Multiple search domains combined with high ndots values lead to poor performance of DNS stack and make ansible workers to fail very often with the "Timeout (12s) waiting for privilege escalation prompt:" error. * Update docs. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
7 years ago
Change wait for dnsmasq to skip if there are no kube-nodes in play Also changed unnecessary delay to a max timeout (now defaulting to 1s sleep between tries) Also rename play_hosts to ansible_play_hosts
7 years ago
  1. ---
  2. - name: ensure dnsmasq.d directory exists
  3. file:
  4. path: /etc/dnsmasq.d
  5. state: directory
  7. - name: ensure dnsmasq.d-available directory exists
  8. file:
  9. path: /etc/dnsmasq.d-available
  10. state: directory
  12. - name: check system nameservers
  13. shell: awk '/^nameserver/ {print $NF}' /etc/resolv.conf
  14. changed_when: False
  15. register: system_nameservers
  17. - name: init system_and_upstream_dns_servers
  18. set_fact:
  19. system_and_upstream_dns_servers: "{{ upstream_dns_servers|default([]) }}"
  21. - name: combine upstream_dns_servers and system nameservers (only for docker_dns)
  22. set_fact:
  23. system_and_upstream_dns_servers: "{{ system_and_upstream_dns_servers | union(system_nameservers.stdout_lines) | unique }}"
  24. when: system_nameservers.stdout != "" and resolvconf_mode != 'host_resolvconf'
  26. - name: Write dnsmasq configuration
  27. template:
  28. src: 01-kube-dns.conf.j2
  29. dest: /etc/dnsmasq.d-available/01-kube-dns.conf
  30. mode: 0755
  31. backup: yes
  32. register: dnsmasq_config
  34. - name: Stat dnsmasq link
  35. stat:
  36. path: /etc/dnsmasq.d-available/01-kube-dns.conf
  37. register: dnsmasq_stat
  39. - name: Stat dnsmasq link
  40. stat:
  41. path: /etc/dnsmasq.d/01-kube-dns.conf
  42. register: sym
  44. - name: Move previous configuration
  45. command: mv /etc/dnsmasq.d/01-kube-dns.conf /etc/dnsmasq.d-available/01-kube-dns.conf.bak
  46. changed_when: False
  47. when: sym.stat.islnk is defined and sym.stat.islnk == False
  49. - name: Enable dnsmasq configuration
  50. file:
  51. src: /etc/dnsmasq.d-available/01-kube-dns.conf
  52. dest: /etc/dnsmasq.d/01-kube-dns.conf
  53. state: link
  55. - name: Create dnsmasq RBAC manifests
  56. template:
  57. src: "{{ item }}.j2"
  58. dest: "{{ kube_config_dir }}/{{ item }}"
  59. with_items:
  60. - "dnsmasq-clusterrolebinding.yml"
  61. - "dnsmasq-serviceaccount.yml"
  62. delegate_to: "{{ groups['kube-master'][0] }}"
  63. run_once: true
  65. - name: Apply dnsmasq RBAC manifests
  66. command: "{{ bin_dir }}/kubectl apply -f {{ kube_config_dir }}/{{ item }}"
  67. with_items:
  68. - "dnsmasq-clusterrolebinding.yml"
  69. - "dnsmasq-serviceaccount.yml"
  70. delegate_to: "{{ groups['kube-master'][0] }}"
  71. run_once: true
  73. - name: Create dnsmasq manifests
  74. template:
  75. src: "{{item.file}}.j2"
  76. dest: "{{kube_config_dir}}/{{item.file}}"
  77. with_items:
  78. - {name: dnsmasq, file: dnsmasq-deploy.yml, type: deployment}
  79. - {name: dnsmasq, file: dnsmasq-svc.yml, type: svc}
  80. - {name: dnsmasq-autoscaler, file: dnsmasq-autoscaler.yml, type: deployment}
  81. register: manifests
  82. delegate_to: "{{ groups['kube-master'][0] }}"
  83. run_once: true
  85. - name: Start Resources
  86. kube:
  87. name: "{{item.item.name}}"
  88. namespace: "kube-system"
  89. kubectl: "{{bin_dir}}/kubectl"
  90. resource: "{{item.item.type}}"
  91. filename: "{{kube_config_dir}}/{{item.item.file}}"
  92. state: "latest"
  93. with_items: "{{ manifests.results }}"
  94. delegate_to: "{{ groups['kube-master'][0] }}"
  95. run_once: true
  97. - name: Check for dnsmasq port (pulling image and running container)
  98. wait_for:
  99. host: "{{dnsmasq_dns_server}}"
  100. port: 53
  101. timeout: 180
  102. when: inventory_hostname == groups['kube-node'][0] and groups['kube-node'][0] in ansible_play_hosts