richard
/
kubespray
mirror of https://github.com/kubernetes-sigs/kubespray.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2464 Commits
29 Branches
81 Tags
149 MiB
Tree: f7d52564aa
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'f7d52564aa'
${ noResults }
kubespray/roles/kubernetes/preinstall/tasks/main.yml

314 lines
7.5 KiB
Raw Normal View History

install docker on a largest number of linux distribution (based on https://github.com/marklee77/ansible-role-docker)
9 years ago
Use include/import tasks (#2192) import_tasks will consume far less memory, so it should be used whenever it is compatible.
6 years ago
Normalize tags in all places to prepare for tag fixing in future (#1739)
7 years ago
Drop non systemd OS types support Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
7 years ago
Rename CoreOS fact Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
7 years ago
ensure bin dir for coreos before anything else
8 years ago
Better fix for different CoreOS os family facts Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
7 years ago
Normalize tags in all places to prepare for tag fixing in future (#1739)
7 years ago
ensure bin dir for coreos before anything else
8 years ago
Fail all nodes on error
8 years ago
Normalize tags in all places to prepare for tag fixing in future (#1739)
7 years ago
Adjust collect-info playbook Cleanup collected artifacts, drop unrelated files/commands. Always install gitinfos script to binaries for external use. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
8 years ago
Use include/import tasks (#2192) import_tasks will consume far less memory, so it should be used whenever it is compatible.
6 years ago
Normalize tags in all places to prepare for tag fixing in future (#1739)
7 years ago
Fix set_facts visibility Move set_facts to the preinstall scope, so every role may see it. For example, network plugins to see the etcd_endpoint. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
8 years ago
Flannel running as pod
8 years ago
Adding yamllinter to ci steps (#1556) * Adding yaml linter to ci check * Minor linting fixes from yamllint * Changing CI to install python pkgs from requirements.txt - adding in a secondary requirements.txt for tests - moving yamllint to tests requirements
7 years ago
Flannel running as pod
8 years ago
Adding yamllinter to ci steps (#1556) * Adding yaml linter to ci check * Minor linting fixes from yamllint * Changing CI to install python pkgs from requirements.txt - adding in a secondary requirements.txt for tests - moving yamllint to tests requirements
7 years ago
first version of CoreOS on GCE Please enter the commit message for your changes. Lines starting
8 years ago
Normalize tags in all places to prepare for tag fixing in future (#1739)
7 years ago
first version of CoreOS on GCE Please enter the commit message for your changes. Lines starting
8 years ago
kubeadm support (#1631) * kubeadm support * move k8s master to a subtask * disable k8s secrets when using kubeadm * fix etcd cert serial var * move simple auth users to master role * make a kubeadm-specific env file for kubelet * add non-ha CI job * change ci boolean vars to json format * fixup * Update create-gce.yml * Update create-gce.yml * Update create-gce.yml
7 years ago
split network plugins into distinct roles
8 years ago
kubeadm support (#1631) * kubeadm support * move k8s master to a subtask * disable k8s secrets when using kubeadm * fix etcd cert serial var * move simple auth users to master role * make a kubeadm-specific env file for kubelet * add non-ha CI job * change ci boolean vars to json format * fixup * Update create-gce.yml * Update create-gce.yml * Update create-gce.yml
7 years ago
split network plugins into distinct roles
8 years ago
Revert "Drop linux capabilities and rework users/groups"
7 years ago
Ansible 2.3 support - Fix when clauses in various places - Update requirements.txt - Fix README.md Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
7 years ago
Normalize tags in all places to prepare for tag fixing in future (#1739)
7 years ago
kubeadm support (#1631) * kubeadm support * move k8s master to a subtask * disable k8s secrets when using kubeadm * fix etcd cert serial var * move simple auth users to master role * make a kubeadm-specific env file for kubelet * add non-ha CI job * change ci boolean vars to json format * fixup * Update create-gce.yml * Update create-gce.yml * Update create-gce.yml
7 years ago
Fix local volume provisioner mount point for rkt
7 years ago
split network plugins into distinct roles
8 years ago
choose between gce and aws cloud providers
8 years ago
add minimal keepalived-cloud-provider support
7 years ago
Ansible 2.3 support - Fix when clauses in various places - Update requirements.txt - Fix README.md Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
7 years ago
add minimal keepalived-cloud-provider support
7 years ago
Normalize tags in all places to prepare for tag fixing in future (#1739)
7 years ago
Implemented cloud-provider integration for OpenStack. Currently kubespray does not install kubernetes in a way that allows cinder volumes to be used. This commit provides the necessary cloud configuration file and configures kubelet and kube-apiserver to use it.
8 years ago
Use include/import tasks (#2192) import_tasks will consume far less memory, so it should be used whenever it is compatible.
6 years ago
Ansible 2.3 support - Fix when clauses in various places - Update requirements.txt - Fix README.md Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
7 years ago
Normalize tags in all places to prepare for tag fixing in future (#1739)
7 years ago
add basic azure support for kargo
8 years ago
split network plugins into distinct roles
8 years ago
Revert "Drop linux capabilities and rework users/groups"
7 years ago
split network plugins into distinct roles
8 years ago
Ansible 2.3 support - Fix when clauses in various places - Update requirements.txt - Fix README.md Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
7 years ago
contiv network support (#1914) * Add Contiv support Contiv is a network plugin for Kubernetes and Docker. It supports vlan/vxlan/BGP/Cisco ACI technologies. It support firewall policies, multiple networks and bridging pods onto physical networks. * Update contiv version to 1.1.4 Update contiv version to 1.1.4 and added SVC_SUBNET in contiv-config. * Load openvswitch module to workaround on CentOS7.4 * Set contiv cni version to 0.1.0 Correct contiv CNI version to 0.1.0. * Use kube_apiserver_endpoint for K8S_API_SERVER Use kube_apiserver_endpoint as K8S_API_SERVER to make contiv talks to a available endpoint no matter if there's a loadbalancer or not. * Make contiv use its own etcd Before this commit, contiv is using a etcd proxy mode to k8s etcd, this work fine when the etcd hosts are co-located with contiv etcd proxy, however the k8s peering certs are only in etcd group, as a result the etcd-proxy is not able to peering with the k8s etcd on etcd group, plus the netplugin is always trying to find the etcd endpoint on localhost, this will cause problem for all netplugins not runnign on etcd group nodes. This commit make contiv uses its own etcd, separate from k8s one. on kube-master nodes (where net-master runs), it will run as leader mode and on all rest nodes it will run as proxy mode. * Use cp instead of rsync to copy cni binaries Since rsync has been removed from hyperkube, this commit changes it to use cp instead. * Make contiv-etcd able to run on master nodes * Add rbac_enabled flag for contiv pods * Add contiv into CNI network plugin lists * migrate contiv test to tests/files Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> * Add required rules for contiv netplugin * Better handling json return of fwdMode * Make contiv etcd port configurable * Use default var instead of templating * roles/download/defaults/main.yml: use contiv 1.1.7 Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com>
7 years ago
Ansible 2.3 support - Fix when clauses in various places - Update requirements.txt - Fix README.md Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
7 years ago
Normalize tags in all places to prepare for tag fixing in future (#1739)
7 years ago
contiv network support (#1914) * Add Contiv support Contiv is a network plugin for Kubernetes and Docker. It supports vlan/vxlan/BGP/Cisco ACI technologies. It support firewall policies, multiple networks and bridging pods onto physical networks. * Update contiv version to 1.1.4 Update contiv version to 1.1.4 and added SVC_SUBNET in contiv-config. * Load openvswitch module to workaround on CentOS7.4 * Set contiv cni version to 0.1.0 Correct contiv CNI version to 0.1.0. * Use kube_apiserver_endpoint for K8S_API_SERVER Use kube_apiserver_endpoint as K8S_API_SERVER to make contiv talks to a available endpoint no matter if there's a loadbalancer or not. * Make contiv use its own etcd Before this commit, contiv is using a etcd proxy mode to k8s etcd, this work fine when the etcd hosts are co-located with contiv etcd proxy, however the k8s peering certs are only in etcd group, as a result the etcd-proxy is not able to peering with the k8s etcd on etcd group, plus the netplugin is always trying to find the etcd endpoint on localhost, this will cause problem for all netplugins not runnign on etcd group nodes. This commit make contiv uses its own etcd, separate from k8s one. on kube-master nodes (where net-master runs), it will run as leader mode and on all rest nodes it will run as proxy mode. * Use cp instead of rsync to copy cni binaries Since rsync has been removed from hyperkube, this commit changes it to use cp instead. * Make contiv-etcd able to run on master nodes * Add rbac_enabled flag for contiv pods * Add contiv into CNI network plugin lists * migrate contiv test to tests/files Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> * Add required rules for contiv netplugin * Better handling json return of fwdMode * Make contiv etcd port configurable * Use default var instead of templating * roles/download/defaults/main.yml: use contiv 1.1.7 Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com>
7 years ago
Normalize tags in all places to prepare for tag fixing in future (#1739)
7 years ago
split network plugins into distinct roles
8 years ago
Use include/import tasks (#2192) import_tasks will consume far less memory, so it should be used whenever it is compatible.
6 years ago
Update main.yml (#1822) * Update main.yml Needs to set up resolv.conf before updating Yum cache otherwise no name resolution available (resolv.conf empty). * Update main.yml Removing trailing spaces
7 years ago
Need to use separate stanzas for each repo because the args are different. Sigh.
8 years ago
Cleanup legacy syntax, spacing, files all to yml Migrate older inline= syntax to pure yml syntax for module args as to be consistant with most of the rest of the tasks Cleanup some spacing in various files Rename some files named yaml to yml for consistancy
7 years ago
Retry yum/apt/rpm download commands, fix succeeded filter
7 years ago
Ansible 2.3 support - Fix when clauses in various places - Update requirements.txt - Fix README.md Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
7 years ago
Adding changes to handle updation of yum Management cache in rhel. (#2026) * Adding changes to handle updation of yum cache in rhel. * Removed the redundant spaces
7 years ago
Ansible 2.3 support - Fix when clauses in various places - Update requirements.txt - Fix README.md Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
7 years ago
Adding changes to handle updation of yum Management cache in rhel. (#2026) * Adding changes to handle updation of yum cache in rhel. * Removed the redundant spaces
7 years ago
Use update_cache when possible
8 years ago
using apt module instead of command module to install python-apt
8 years ago
Cleanup legacy syntax, spacing, files all to yml Migrate older inline= syntax to pure yml syntax for module args as to be consistant with most of the rest of the tasks Cleanup some spacing in various files Rename some files named yaml to yml for consistancy
7 years ago
common role in order to support other linux distribs
9 years ago
Normalize tags in all places to prepare for tag fixing in future (#1739)
7 years ago
Flannel running as pod
8 years ago
install epel-release on RHEL7
8 years ago
Retry yum/apt/rpm download commands, fix succeeded filter
7 years ago
Ansible 2.3 support - Fix when clauses in various places - Update requirements.txt - Fix README.md Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
7 years ago
Add support for fedora atomic host (#1779) * don't try to install this rpm on fedora atomic * add docker 1.13.1 for fedora * built-in docker unit file is sufficient, as tested on both fedora and centos atomic
7 years ago
Flannel running as pod
8 years ago
Normalize tags in all places to prepare for tag fixing in future (#1739)
7 years ago
split role download and preinstall
9 years ago
Fix docker install on rhel7
8 years ago
Parameterize several dependency endpoints so that they can be overridden with internal mirrors. Signed-off-by: Chad Swenson <chadswen@gmail.com>
8 years ago
Retry yum/apt/rpm download commands, fix succeeded filter
7 years ago
use docker repository to install on CentOS
8 years ago
Improve proxy (#1771) * Set no_proxy to all local ips * Use proxy settings on all necessary tasks
7 years ago
set "check_mode: no" for read-only "shell" steps that registers result "shell" step doesn't support check mode, which currently leads to failures, when Ansible is being run in check mode (because Ansible doesn't run command, assuming that command might have effect, and no "rc" or "output" is registered). Setting "check_mode: no" allows to run those "shell" commands in check mode (which is safe, because those shell commands doesn't have side effects).
7 years ago
Normalize tags in all places to prepare for tag fixing in future (#1739)
7 years ago
install epel release for rhel install required packages before common roles/kubernetes/preinstall/tasks/main.yml
8 years ago
Flannel running as pod
8 years ago
split role download and preinstall
9 years ago
Add retries for packages installation Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
8 years ago
Retry yum/apt/rpm download commands, fix succeeded filter
7 years ago
Add retries for packages installation Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
8 years ago
Add retry_stagger var for failed download/pushes. * Add the retry_stagger var to tweak push and retry time strategies. * Add large deployments related docs. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
8 years ago
first version of CoreOS on GCE Please enter the commit message for your changes. Lines starting
8 years ago
Add support for atomic host Updates based on feedback Simplify checks for file exists remove invalid char Review feedback. Use regular systemd file. Add template for docker systemd atomic
7 years ago
Normalize tags in all places to prepare for tag fixing in future (#1739)
7 years ago
Flannel running as pod
8 years ago
When running on CentOS7 image in AWS with selinux on, the order of the tasks fail because selinux prevents ip-forwarding setting. Moving the tasks around addresses two issues. Makes sure that the correct python tools are in place before adjusting of selinux and makes sure that ipforwarding is toggled after selinux adjustments.
7 years ago
Safe disable SELinux Sometimes, a sysadmin might outright delete the SELinux rpms and delete the configuration. This causes the selinux module to fail with ``` IOError: [Errno 2] No such file or directory: '/etc/selinux/config'\n", "module_stdout": "", "msg": "MODULE FAILURE"} ``` This simply checks that /etc/selinux/config exists before we try to set it Permissive. Update from feedback
7 years ago
Rename dns_server, add var for selinux. (#1572) * Rename dns_server to dnsmasq_dns_server so that it includes role prefix as the var name is generic and conflicts when integrating with existing ansible automation. * Enable selinux state to be configurable with new var preinstall_selinux_state
7 years ago
Cleanup legacy syntax, spacing, files all to yml Migrate older inline= syntax to pure yml syntax for module args as to be consistant with most of the rest of the tasks Cleanup some spacing in various files Rename some files named yaml to yml for consistancy
7 years ago
Rename dns_server, add var for selinux. (#1572) * Rename dns_server to dnsmasq_dns_server so that it includes role prefix as the var name is generic and conflicts when integrating with existing ansible automation. * Enable selinux state to be configurable with new var preinstall_selinux_state
7 years ago
Ansible 2.3 support - Fix when clauses in various places - Update requirements.txt - Fix README.md Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
7 years ago
When running on CentOS7 image in AWS with selinux on, the order of the tasks fail because selinux prevents ip-forwarding setting. Moving the tasks around addresses two issues. Makes sure that the correct python tools are in place before adjusting of selinux and makes sure that ipforwarding is toggled after selinux adjustments.
7 years ago
Normalize tags in all places to prepare for tag fixing in future (#1739)
7 years ago
When running on CentOS7 image in AWS with selinux on, the order of the tasks fail because selinux prevents ip-forwarding setting. Moving the tasks around addresses two issues. Makes sure that the correct python tools are in place before adjusting of selinux and makes sure that ipforwarding is toggled after selinux adjustments.
7 years ago
Add option to disable ipv6 dns lookup New variable disable_ipv6_dns in kubernetes/preinstall.
8 years ago
Ansible 2.3 support - Fix when clauses in various places - Update requirements.txt - Fix README.md Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
7 years ago
Normalize tags in all places to prepare for tag fixing in future (#1739)
7 years ago
Add option to disable ipv6 dns lookup New variable disable_ipv6_dns in kubernetes/preinstall.
8 years ago
follow sysctl.conf file symlink if linked
7 years ago
Normalize tags in all places to prepare for tag fixing in future (#1739)
7 years ago
follow sysctl.conf file symlink if linked
7 years ago
Cleanup legacy syntax, spacing, files all to yml Migrate older inline= syntax to pure yml syntax for module args as to be consistant with most of the rest of the tasks Cleanup some spacing in various files Rename some files named yaml to yml for consistancy
7 years ago
follow sysctl.conf file symlink if linked
7 years ago
Normalize tags in all places to prepare for tag fixing in future (#1739)
7 years ago
follow sysctl.conf file symlink if linked
7 years ago
Ansible 2.3 support - Fix when clauses in various places - Update requirements.txt - Fix README.md Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
7 years ago
Normalize tags in all places to prepare for tag fixing in future (#1739)
7 years ago
follow sysctl.conf file symlink if linked
7 years ago
When running on CentOS7 image in AWS with selinux on, the order of the tasks fail because selinux prevents ip-forwarding setting. Moving the tasks around addresses two issues. Makes sure that the correct python tools are in place before adjusting of selinux and makes sure that ipforwarding is toggled after selinux adjustments.
7 years ago
use ansible sysctl module for config ip forwarding
7 years ago
follow sysctl.conf file symlink if linked
7 years ago
use ansible sysctl module for config ip forwarding
7 years ago
When running on CentOS7 image in AWS with selinux on, the order of the tasks fail because selinux prevents ip-forwarding setting. Moving the tasks around addresses two issues. Makes sure that the correct python tools are in place before adjusting of selinux and makes sure that ipforwarding is toggled after selinux adjustments.
7 years ago
Sysctl reload if needed after IP forward enabling Add reload yes to reload sysctl if the value of net.ipv4.ip_forward changes. - name: Enable ip forwarding sysctl: sysctl_file: "{{sysctl_file_path}}" name: net.ipv4.ip_forward value: 1 state: present reload: yes tags: - bootstrap-os
7 years ago
Normalize tags in all places to prepare for tag fixing in future (#1739)
7 years ago
common role in order to support other linux distribs
9 years ago
Updating vsphere cloud provider support
7 years ago
add basic azure support for kargo
8 years ago
Initial support for vsphere as cloud provider
8 years ago
add basic azure support for kargo
8 years ago
Ansible 2.3 support - Fix when clauses in various places - Update requirements.txt - Fix README.md Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
7 years ago
Normalize tags in all places to prepare for tag fixing in future (#1739)
7 years ago
add basic azure support for kargo
8 years ago
Use include/import tasks (#2192) import_tasks will consume far less memory, so it should be used whenever it is compatible.
6 years ago
Normalize tags in all places to prepare for tag fixing in future (#1739)
7 years ago
Preconfigure DNS stack and docker early In order to enable offline/intranet installation cases: * Move DNS/resolvconf configuration to preinstall role. Remove skip_dnsmasq_k8s var as not needed anymore. * Preconfigure DNS stack early, which may be the case when downloading artifacts from intranet repositories. Do not configure K8s DNS resolvers for hosts /etc/resolv.conf yet early (as they may be not existing). * Reconfigure K8s DNS resolvers for hosts only after kubedns/dnsmasq was set up and before K8s apps to be created. * Move docker install task to early stage as well and unbind it from the etcd role's specific install path. Fix external flannel dependency on docker role handlers. Also fix the docker restart handlers' steps ordering to match the expected sequence (the socket then the service). * Add default resolver fact, which is the cloud provider specific and remove hardcoded GCE resolver. * Reduce default ndots for hosts /etc/resolv.conf to 2. Multiple search domains combined with high ndots values lead to poor performance of DNS stack and make ansible workers to fail very often with the "Timeout (12s) waiting for privilege escalation prompt:" error. * Update docs. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
8 years ago
Use include/import tasks (#2192) import_tasks will consume far less memory, so it should be used whenever it is compatible.
6 years ago
Ansible 2.3 support - Fix when clauses in various places - Update requirements.txt - Fix README.md Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
7 years ago
Normalize tags in all places to prepare for tag fixing in future (#1739)
7 years ago
Add tasks to undo changes to hosts /etc/resolv.conf and dhclient configs
7 years ago
Use include/import tasks (#2192) import_tasks will consume far less memory, so it should be used whenever it is compatible.
6 years ago
Ansible 2.3 support - Fix when clauses in various places - Update requirements.txt - Fix README.md Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
7 years ago
Normalize tags in all places to prepare for tag fixing in future (#1739)
7 years ago
Add tasks to undo changes to hosts /etc/resolv.conf and dhclient configs
7 years ago
Make growpart only run on Azure
8 years ago
Cleanup legacy syntax, spacing, files all to yml Migrate older inline= syntax to pure yml syntax for module args as to be consistant with most of the rest of the tasks Cleanup some spacing in various files Rename some files named yaml to yml for consistancy
7 years ago
Make growpart only run on Azure
8 years ago
Normalize tags in all places to prepare for tag fixing in future (#1739)
7 years ago
Make growpart only run on Azure
8 years ago
Use include/import tasks (#2192) import_tasks will consume far less memory, so it should be used whenever it is compatible.
6 years ago
Ansible 2.3 support - Fix when clauses in various places - Update requirements.txt - Fix README.md Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
7 years ago
Normalize tags in all places to prepare for tag fixing in future (#1739)
7 years ago
  1. ---
  2. - import_tasks: verify-settings.yml
  3. tags:
  4. - asserts
  6. - name: Force binaries directory for Container Linux by CoreOS
  7. set_fact:
  8. bin_dir: "/opt/bin"
  9. when: ansible_os_family in ["CoreOS", "Container Linux by CoreOS"]
  10. tags:
  11. - facts
  13. - name: check bin dir exists
  14. file:
  15. path: "{{bin_dir}}"
  16. state: directory
  17. owner: root
  18. become: true
  19. tags:
  20. - bootstrap-os
  22. - import_tasks: set_facts.yml
  23. tags:
  24. - facts
  26. - name: gather os specific variables
  27. include_vars: "{{ item }}"
  28. with_first_found:
  29. - files:
  30. - "{{ ansible_distribution|lower }}-{{ ansible_distribution_version|lower|replace('/', '_') }}.yml"
  31. - "{{ ansible_distribution|lower }}-{{ ansible_distribution_release }}.yml"
  32. - "{{ ansible_distribution|lower }}-{{ ansible_distribution_major_version|lower|replace('/', '_') }}.yml"
  33. - "{{ ansible_distribution|lower }}.yml"
  34. - "{{ ansible_os_family|lower }}.yml"
  35. - defaults.yml
  36. paths:
  37. - ../vars
  38. skip: true
  39. tags:
  40. - facts
  42. - name: Create kubernetes directories
  43. file:
  44. path: "{{ item }}"
  45. state: directory
  46. owner: kube
  47. when: inventory_hostname in groups['k8s-cluster']
  48. tags:
  49. - kubelet
  50. - k8s-secrets
  51. - kube-controller-manager
  52. - kube-apiserver
  53. - bootstrap-os
  54. - apps
  55. - network
  56. - master
  57. - node
  58. with_items:
  59. - "{{ kube_config_dir }}"
  60. - "{{ kube_config_dir }}/ssl"
  61. - "{{ kube_manifest_dir }}"
  62. - "{{ kube_script_dir }}"
  63. - "{{ local_volume_base_dir }}"
  65. - name: check cloud_provider value
  66. fail:
  67. msg: "If set the 'cloud_provider' var must be set either to 'generic', 'gce', 'aws', 'azure', 'openstack', 'vsphere', or external"
  68. when:
  69. - cloud_provider is defined
  70. - cloud_provider not in ['generic', 'gce', 'aws', 'azure', 'openstack', 'vsphere', 'external']
  71. tags:
  72. - cloud-provider
  73. - facts
  75. - include_tasks: "{{ cloud_provider }}-credential-check.yml"
  76. when:
  77. - cloud_provider is defined
  78. - cloud_provider in [ 'openstack', 'azure', 'vsphere' ]
  79. tags:
  80. - cloud-provider
  81. - facts
  83. - name: Create cni directories
  84. file:
  85. path: "{{ item }}"
  86. state: directory
  87. owner: kube
  88. with_items:
  89. - "/etc/cni/net.d"
  90. - "/opt/cni/bin"
  91. when:
  92. - kube_network_plugin in ["calico", "weave", "canal", "flannel", "contiv"]
  93. - inventory_hostname in groups['k8s-cluster']
  94. tags:
  95. - network
  96. - calico
  97. - weave
  98. - canal
  99. - contiv
  100. - bootstrap-os
  102. - import_tasks: resolvconf.yml
  103. when:
  104. - dns_mode != 'none'
  105. - resolvconf_mode == 'host_resolvconf'
  106. tags:
  107. - bootstrap-os
  108. - resolvconf
  110. - name: Update package management cache (YUM)
  111. yum:
  112. update_cache: yes
  113. name: '*'
  114. register: yum_task_result
  115. until: yum_task_result|succeeded
  116. retries: 4
  117. delay: "{{ retry_stagger | random + 3 }}"
  118. when:
  119. - ansible_pkg_mgr == 'yum'
  120. - ansible_distribution != 'RedHat'
  121. - not is_atomic
  122. tags: bootstrap-os
  124. - name: Expire management cache (YUM) for Updation - Redhat
  125. shell: yum clean expire-cache
  126. register: expire_cache_output
  127. until: expire_cache_output|succeeded
  128. retries: 4
  129. delay: "{{ retry_stagger | random + 3 }}"
  130. when:
  131. - ansible_pkg_mgr == 'yum'
  132. - ansible_distribution == 'RedHat'
  133. - not is_atomic
  134. tags: bootstrap-os
  136. - name: Update package management cache (YUM) - Redhat
  137. shell: yum makecache
  138. register: make_cache_output
  139. until: make_cache_output|succeeded
  140. retries: 4
  141. delay: "{{ retry_stagger | random + 3 }}"
  142. when:
  143. - ansible_pkg_mgr == 'yum'
  144. - ansible_distribution == 'RedHat'
  145. - expire_cache_output.rc == 0
  146. - not is_atomic
  147. tags: bootstrap-os
  150. - name: Install latest version of python-apt for Debian distribs
  151. apt:
  152. name: python-apt
  153. state: latest
  154. update_cache: yes
  155. cache_valid_time: 3600
  156. when: ansible_os_family == "Debian"
  157. tags:
  158. - bootstrap-os
  160. - name: Install python-dnf for latest RedHat versions
  161. command: dnf install -y python-dnf yum
  162. register: dnf_task_result
  163. until: dnf_task_result|succeeded
  164. retries: 4
  165. delay: "{{ retry_stagger | random + 3 }}"
  166. when:
  167. - ansible_distribution == "Fedora"
  168. - ansible_distribution_major_version > 21
  169. - not is_atomic
  170. changed_when: False
  171. tags:
  172. - bootstrap-os
  174. - name: Install epel-release on RedHat/CentOS
  175. shell: rpm -qa | grep epel-release || rpm -ivh {{ epel_rpm_download_url }}
  176. register: epel_task_result
  177. until: epel_task_result|succeeded
  178. retries: 4
  179. delay: "{{ retry_stagger | random + 3 }}"
  180. changed_when: False
  181. when:
  182. - ansible_distribution in ["CentOS","RedHat"]
  183. - not is_atomic
  184. - epel_rpm_download_url != ''
  185. - epel_enabled|bool
  186. check_mode: no
  187. tags:
  188. - bootstrap-os
  190. - name: Install packages requirements
  191. action:
  192. module: "{{ ansible_pkg_mgr }}"
  193. name: "{{ item }}"
  194. state: latest
  195. register: pkgs_task_result
  196. until: pkgs_task_result|succeeded
  197. retries: 4
  198. delay: "{{ retry_stagger | random + 3 }}"
  199. with_items: "{{required_pkgs | default([]) | union(common_required_pkgs|default([]))}}"
  200. when: not (ansible_os_family in ["CoreOS", "Container Linux by CoreOS"] or is_atomic)
  201. tags:
  202. - bootstrap-os
  204. # Todo : selinux configuration
  205. - name: Confirm selinux deployed
  206. stat:
  207. path: /etc/selinux/config
  208. when: ansible_os_family == "RedHat"
  209. register: slc
  211. - name: Set selinux policy
  212. selinux:
  213. policy: targeted
  214. state: "{{ preinstall_selinux_state }}"
  215. when:
  216. - ansible_os_family == "RedHat"
  217. - slc.stat.exists == True
  218. changed_when: False
  219. tags:
  220. - bootstrap-os
  222. - name: Disable IPv6 DNS lookup
  223. lineinfile:
  224. dest: /etc/gai.conf
  225. line: "precedence ::ffff:0:0/96 100"
  226. state: present
  227. backup: yes
  228. when:
  229. - disable_ipv6_dns
  230. - not ansible_os_family in ["CoreOS", "Container Linux by CoreOS"]
  231. tags:
  232. - bootstrap-os
  234. - name: set default sysctl file path
  235. set_fact:
  236. sysctl_file_path: "/etc/sysctl.d/99-sysctl.conf"
  237. tags:
  238. - bootstrap-os
  240. - name: Stat sysctl file configuration
  241. stat:
  242. path: "{{sysctl_file_path}}"
  243. register: sysctl_file_stat
  244. tags:
  245. - bootstrap-os
  247. - name: Change sysctl file path to link source if linked
  248. set_fact:
  249. sysctl_file_path: "{{sysctl_file_stat.stat.lnk_source}}"
  250. when:
  251. - sysctl_file_stat.stat.islnk is defined
  252. - sysctl_file_stat.stat.islnk
  253. tags:
  254. - bootstrap-os
  256. - name: Enable ip forwarding
  257. sysctl:
  258. sysctl_file: "{{sysctl_file_path}}"
  259. name: net.ipv4.ip_forward
  260. value: 1
  261. state: present
  262. reload: yes
  263. tags:
  264. - bootstrap-os
  266. - name: Write cloud-config
  267. template:
  268. src: "{{ cloud_provider }}-cloud-config.j2"
  269. dest: "{{ kube_config_dir }}/cloud_config"
  270. group: "{{ kube_cert_group }}"
  271. mode: 0640
  272. when:
  273. - inventory_hostname in groups['k8s-cluster']
  274. - cloud_provider is defined
  275. - cloud_provider in [ 'openstack', 'azure', 'vsphere' ]
  276. tags:
  277. - cloud-provider
  279. - import_tasks: etchosts.yml
  280. tags:
  281. - bootstrap-os
  282. - etchosts
  284. - import_tasks: dhclient-hooks.yml
  285. when:
  286. - dns_mode != 'none'
  287. - resolvconf_mode == 'host_resolvconf'
  288. - not ansible_os_family in ["CoreOS", "Container Linux by CoreOS"]
  289. tags:
  290. - bootstrap-os
  291. - resolvconf
  293. - import_tasks: dhclient-hooks-undo.yml
  294. when:
  295. - dns_mode != 'none'
  296. - resolvconf_mode != 'host_resolvconf'
  297. - not ansible_os_family in ["CoreOS", "Container Linux by CoreOS"]
  298. tags:
  299. - bootstrap-os
  300. - resolvconf
  302. - name: Check if we are running inside a Azure VM
  303. stat:
  304. path: /var/lib/waagent/
  305. register: azure_check
  306. tags:
  307. - bootstrap-os
  309. - import_tasks: growpart-azure-centos-7.yml
  310. when:
  311. - azure_check.stat.exists
  312. - ansible_distribution in ["CentOS","RedHat"]
  313. tags:
  314. - bootstrap-os