Merge pull request #3140 from kubernetes-incubator/preinstall-tasks_num

Add support for etcd arm64

.gitlab-ci.yml

@@ -343,7 +343,7 @@ gce_ubuntu18-flannel-aio:
   variables:
     <<: *ubuntu18_flannel_aio_variables
     <<: *gce_variables
-  when: on_success
+  when: manual
   except: ['triggers']
   only: [/^pr-.*$/]
 

roles/dnsmasq/defaults/main.yml

@@ -33,6 +33,3 @@ dnsmasq_min_replicas: 1
 
 # Custom name servers
 dnsmasq_upstream_dns_servers: []
-
-# Arch of Docker images and needed packages
-image_arch: amd64

roles/docker/tasks/main.yml

@@ -4,10 +4,12 @@
   with_first_found:
     - files:
         - "{{ ansible_distribution|lower }}-{{ ansible_distribution_version|lower|replace('/', '_') }}.yml"
-        - "{{ ansible_distribution|lower }}-{{ ansible_distribution_release }}.yml"
+        - "{{ ansible_distribution|lower }}-{{ ansible_distribution_release|lower }}-{{ host_architecture }}.yml"
+        - "{{ ansible_distribution|lower }}-{{ ansible_distribution_release|lower }}.yml"
         - "{{ ansible_distribution|lower }}-{{ ansible_distribution_major_version|lower|replace('/', '_') }}.yml"
+        - "{{ ansible_distribution|lower }}-{{ host_architecture }}.yml"
         - "{{ ansible_distribution|lower }}.yml"
-        - "{{ ansible_os_family|lower }}-{{ ansible_architecture }}.yml"
+        - "{{ ansible_os_family|lower }}-{{ host_architecture }}.yml"
         - "{{ ansible_os_family|lower }}.yml"
         - defaults.yml
       paths:

roles/docker/vars/ubuntu-arm64.yml

@@ -0,0 +1,43 @@
+---
+docker_kernel_min_version: '3.10'
+docker_version: 17.09
+# https://download.docker.com/linux/ubuntu/
+docker_versioned_pkg:
+  'latest': docker-ce
+  '17.09': docker-ce=17.09.1~ce-0~ubuntu
+  'stable': docker-ce=17.09.1~ce-0~ubuntu
+  'edge': docker-ce=17.12.1~ce-0~ubuntu
+
+docker_package_info:
+  pkg_mgr: apt
+  pkgs:
+    - name: "{{ docker_versioned_pkg[docker_version | string] }}"
+      force: yes
+
+docker_repo_key_info:
+  pkg_key: apt_key
+  url: '{{ docker_ubuntu_repo_gpgkey }}'
+  repo_keys:
+    - 9DC858229FC7DD38854AE2D88D81803C0EBFCD88
+
+docker_repo_info:
+  pkg_repo: apt_repository
+  repos:
+    - >
+       deb {{ docker_ubuntu_repo_base_url }}
+       {{ ansible_distribution_release|lower }}
+       stable
+
+dockerproject_repo_key_info:
+  pkg_key: apt_key
+  url: '{{ dockerproject_apt_repo_gpgkey }}'
+  repo_keys:
+    - 58118E89F3A912897C070ADBF76221572C52609D
+
+dockerproject_repo_info:
+  pkg_repo: apt_repository
+  repos:
+    - >
+       deb {{ dockerproject_apt_repo_base_url }}
+       {{ ansible_distribution|lower }}-{{ ansible_distribution_release|lower }}
+       main

roles/download/defaults/main.yml

@@ -27,7 +27,7 @@ download_always_pull: False
 download_delegate: "{% if download_localhost %}localhost{% else %}{{groups['kube-master'][0]}}{% endif %}"
 
 # Arch of Docker images and needed packages
-image_arch: amd64
+image_arch: "{{host_architecture | default('amd64')}}"
 
 # Versions
 kube_version: v1.11.2
@@ -35,10 +35,10 @@ kubeadm_version: "{{ kube_version }}"
 etcd_version: v3.2.18
 # TODO(mattymo): Move calico versions to roles/network_plugins/calico/defaults
 # after migration to container download
-calico_version: "v3.1.3"
-calico_ctl_version: "v3.1.3"
-calico_cni_version: "v3.1.3"
-calico_policy_version: "v3.1.3"
+calico_version: "v3.2.0"
+calico_ctl_version: "v3.2.0"
+calico_cni_version: "v3.2.0"
+calico_policy_version: "v3.2.0"
 calico_rr_version: "v0.6.1"
 flannel_version: "v0.10.0"
 flannel_cni_version: "v0.3.0"
@@ -62,19 +62,19 @@ vault_binary_checksum: 3c4d70ba71619a43229e65c67830e30e050eab7a81ac6b28325ff707e
 
 # Containers
 etcd_image_repo: "quay.io/coreos/etcd"
-etcd_image_tag: "{{ etcd_version }}"
+etcd_image_tag: "{{ etcd_version }}{%- if image_arch != 'amd64' -%}-{{ image_arch }}{%- endif -%}"
 flannel_image_repo: "quay.io/coreos/flannel"
 flannel_image_tag: "{{ flannel_version }}"
 flannel_cni_image_repo: "quay.io/coreos/flannel-cni"
 flannel_cni_image_tag: "{{ flannel_cni_version }}"
 calicoctl_image_repo: "quay.io/calico/ctl"
-calicoctl_image_tag: "{{ calico_ctl_version }}"
+calicoctl_image_tag: "{{ calico_ctl_version }}-{{ image_arch }}"
 calico_node_image_repo: "quay.io/calico/node"
-calico_node_image_tag: "{{ calico_version }}"
+calico_node_image_tag: "{{ calico_version }}-{{ image_arch }}"
 calico_cni_image_repo: "quay.io/calico/cni"
-calico_cni_image_tag: "{{ calico_cni_version }}"
+calico_cni_image_tag: "{{ calico_cni_version }}-{{ image_arch }}"
 calico_policy_image_repo: "quay.io/calico/kube-controllers"
-calico_policy_image_tag: "{{ calico_policy_version }}"
+calico_policy_image_tag: "{{ calico_policy_version }}-{{ image_arch }}"
 calico_rr_image_repo: "quay.io/calico/routereflector"
 calico_rr_image_tag: "{{ calico_rr_version }}"
 hyperkube_image_repo: "gcr.io/google-containers/hyperkube-{{ image_arch }}"
@@ -108,9 +108,12 @@ dnsmasq_image_tag: "{{ dnsmasq_version }}"
 kubedns_version: 1.14.10
 kubedns_image_repo: "gcr.io/google_containers/k8s-dns-kube-dns-{{ image_arch }}"
 kubedns_image_tag: "{{ kubedns_version }}"
-coredns_version: 1.2.0
-coredns_image_repo: "docker.io/coredns/coredns"
-coredns_image_tag: "{{ coredns_version }}"
+
+coredns_version: "{%- if image_arch != 'amd64' -%}1.1.3{%- else -%}1.2.0{%- endif -%}"
+coredns_image_repo: "gcr.io/google-containers/coredns"
+coredns_image_tag: "{{ coredns_version }}{%- if image_arch != 'amd64' -%}__{{ image_arch}}_linux{%- endif -%}"
+
+
 dnsmasq_nanny_image_repo: "gcr.io/google_containers/k8s-dns-dnsmasq-nanny-{{ image_arch }}"
 dnsmasq_nanny_image_tag: "{{ kubedns_version }}"
 dnsmasq_sidecar_image_repo: "gcr.io/google_containers/k8s-dns-sidecar-{{ image_arch }}"

roles/etcd/templates/etcd-events.env.j2

@@ -30,3 +30,7 @@ ETCD_PEER_TRUSTED_CA_FILE={{ etcd_cert_dir }}/ca.pem
 ETCD_PEER_CERT_FILE={{ etcd_cert_dir }}/member-{{ inventory_hostname }}.pem
 ETCD_PEER_KEY_FILE={{ etcd_cert_dir }}/member-{{ inventory_hostname }}-key.pem
 ETCD_PEER_CLIENT_CERT_AUTH={{ etcd_peer_client_auth }}
+
+{% if host_architecture != "amd64" -%}
+ETCD_UNSUPPORTED_ARCH={{host_architecture}}
+{%- endif %}

roles/etcd/templates/etcd.env.j2

@@ -35,3 +35,7 @@ ETCD_PEER_CLIENT_CERT_AUTH={{ etcd_peer_client_auth }}
 {% for key, value in etcd_extra_vars.items() %}
 {{ key }}={{ value }}
 {% endfor %}
+
+{% if host_architecture != "amd64" -%}
+ETCD_UNSUPPORTED_ARCH={{host_architecture}}
+{%- endif %}

roles/kubernetes-apps/ansible/defaults/main.yml

@@ -14,7 +14,8 @@ kubedns_nodes_per_replica: 10
 coredns_replicas: 2
 
 # Images
-image_arch: amd64
+image_arch: "{{host_architecture}}"
+
 kubedns_image_repo: "gcr.io/google_containers/k8s-dns-kube-dns-{{ image_arch }}"
 kubedns_image_tag: "{{ kubedns_version }}"
 dnsmasq_nanny_image_repo: "gcr.io/google_containers/k8s-dns-dnsmasq-nanny-{{ image_arch }}"

roles/kubernetes/preinstall/tasks/verify-settings.yml → roles/kubernetes/preinstall/tasks/0020-verify-settings.yml

@@ -68,7 +68,7 @@
 # NOTICE: the check blatantly ignores the inet6-case
 - name: Guarantee that enough network address space is available for all pods
   assert:
-    that: "{{ kubelet_max_pods <= (2 ** (32 - kube_network_node_prefix)) - 2 }}"
+    that: "{{ kubelet_max_pods | default(110) <= (2 ** (32 - kube_network_node_prefix)) - 2 }}"
     msg: "Do not schedule more pods on a node than inet addresses are available."
   ignore_errors: "{{ ignore_assert_errors }}"
   when:
@@ -115,3 +115,15 @@
     that: inventory_hostname | match("[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$")
     msg: "Hostname must consist of lower case alphanumeric characters, '.' or '-', and must start and end with an alphanumeric character"
   ignore_errors: "{{ ignore_assert_errors }}"
+
+- name: check cloud_provider value
+  assert:
+    that: cloud_provider in ['generic', 'gce', 'aws', 'azure', 'openstack', 'vsphere', 'oci', 'external']
+    msg: "If set the 'cloud_provider' var must be set either to 'generic', 'gce', 'aws', 'azure', 'openstack', 'vsphere', or external"
+  when:
+    - cloud_provider is defined
+
+  ignore_errors: "{{ ignore_assert_errors }}"
+  tags:
+    - cloud-provider
+    - facts

roles/kubernetes/preinstall/tasks/set_resolv_facts.yml → roles/kubernetes/preinstall/tasks/0040-set_facts.yml

@@ -1,4 +1,37 @@
 ---
+- set_fact:
+    architecture_groups:
+      x86_64: amd64
+      aarch64: arm64
+
+- name: ansible_architecture_rename
+  set_fact:
+    host_architecture: >-
+      {%- if ansible_architecture in architecture_groups -%}
+      {{architecture_groups[ansible_architecture]}}
+      {%- else -%}
+       {{ansible_architecture}}
+      {% endif %}
+
+- name: Force binaries directory for Container Linux by CoreOS
+  set_fact:
+    bin_dir: "/opt/bin"
+  when: ansible_os_family in ["CoreOS", "Container Linux by CoreOS"]
+  tags:
+    - facts
+
+- name: check if atomic host
+  stat:
+    path: /run/ostree-booted
+  register: ostree
+
+- set_fact:
+    is_atomic: "{{ ostree.stat.exists }}"
+
+- set_fact:
+    kube_cert_group: "kube"
+  when: is_atomic
+
 - name: check resolvconf
   shell: which resolvconf
   register: resolvconf
@@ -111,3 +144,17 @@
       nameserver {{( dnsmasq_server + nameservers|d([]) + cloud_resolver|d([])) | join(',nameserver ')}}
     supersede_nameserver:
       supersede domain-name-servers {{( dnsmasq_server + nameservers|d([]) + cloud_resolver|d([])) | join(', ') }};
+
+- name: gather os specific variables
+  include_vars: "{{ item }}"
+  with_first_found:
+    - files:
+        - "{{ ansible_distribution|lower }}-{{ ansible_distribution_version|lower|replace('/', '_') }}.yml"
+        - "{{ ansible_distribution|lower }}-{{ ansible_distribution_release }}.yml"
+        - "{{ ansible_distribution|lower }}-{{ ansible_distribution_major_version|lower|replace('/', '_') }}.yml"
+        - "{{ ansible_distribution|lower }}.yml"
+        - "{{ ansible_os_family|lower }}.yml"
+        - defaults.yml
+      paths:
+        - ../vars
+      skip: true

roles/kubernetes/preinstall/tasks/0050-create_directories.yml

@@ -0,0 +1,58 @@
+- name: Create kubernetes directories
+  file:
+    path: "{{ item }}"
+    state: directory
+    owner: kube
+  when: inventory_hostname in groups['k8s-cluster']
+  become: true
+  tags:
+    - kubelet
+    - k8s-secrets
+    - kube-controller-manager
+    - kube-apiserver
+    - bootstrap-os
+    - apps
+    - network
+    - master
+    - node
+  with_items:
+    - "{{bin_dir}}"
+    - "{{ kube_config_dir }}"
+    - "{{ kube_config_dir }}/ssl"
+    - "{{ kube_manifest_dir }}"
+    - "{{ kube_script_dir }}"
+
+- name: Create cni directories
+  file:
+    path: "{{ item }}"
+    state: directory
+    owner: kube
+  with_items:
+    - "/etc/cni/net.d"
+    - "/opt/cni/bin"
+    - "/var/lib/calico"
+  when:
+    - kube_network_plugin in ["calico", "weave", "canal", "flannel", "contiv", "cilium"]
+    - inventory_hostname in groups['k8s-cluster']
+  tags:
+    - network
+    - cilium
+    - calico
+    - weave
+    - canal
+    - contiv
+    - bootstrap-os
+
+- name: Create local volume provisioner directories
+  file:
+    path: "{{ item }}"
+    state: directory
+    owner: kube
+  with_items:
+    - "{{ local_volume_provisioner_base_dir }}"
+    - "{{ local_volume_provisioner_mount_dir }}"
+  when:
+    - inventory_hostname in groups['k8s-cluster']
+    - local_volume_provisioner_enabled
+  tags:
+    - persistent_volumes

roles/kubernetes/preinstall/tasks/0070-system-packages.yml

@@ -0,0 +1,94 @@
+- name: Update package management cache (YUM)
+  yum:
+    update_cache: yes
+    name: '*'
+  register: yum_task_result
+  until: yum_task_result|succeeded
+  retries: 4
+  delay: "{{ retry_stagger | random + 3 }}"
+  when:
+    - ansible_pkg_mgr == 'yum'
+    - ansible_distribution != 'RedHat'
+    - not is_atomic
+
+- name: Expire management cache (YUM) for Updation - Redhat
+  shell: yum clean expire-cache
+  register: expire_cache_output
+  until: expire_cache_output|succeeded
+  retries: 4
+  delay: "{{ retry_stagger | random + 3 }}"
+  when:
+    - ansible_pkg_mgr == 'yum'
+    - ansible_distribution == 'RedHat'
+    - not is_atomic
+  tags: bootstrap-os
+
+- name: Update package management cache (YUM) - Redhat
+  shell: yum makecache
+  register: make_cache_output
+  until: make_cache_output|succeeded
+  retries: 4
+  delay: "{{ retry_stagger | random + 3 }}"
+  when:
+    - ansible_pkg_mgr == 'yum'
+    - ansible_distribution == 'RedHat'
+    - expire_cache_output.rc == 0
+    - not is_atomic
+  tags: bootstrap-os
+
+- name: Update package management cache (zypper) - SUSE
+  shell: zypper -n --gpg-auto-import-keys ref
+  register: make_cache_output
+  until: make_cache_output|succeeded
+  retries: 4
+  delay: "{{ retry_stagger | random + 3 }}"
+  when:
+    - ansible_pkg_mgr == 'zypper'
+  tags: bootstrap-os
+
+- name: Update package management cache (APT)
+  apt:
+    update_cache: yes
+    cache_valid_time: 3600
+  when: ansible_os_family == "Debian"
+  tags:
+    - bootstrap-os
+
+- name: Install python-dnf for latest RedHat versions
+  command: dnf install -y python-dnf yum
+  register: dnf_task_result
+  until: dnf_task_result|succeeded
+  retries: 4
+  delay: "{{ retry_stagger | random + 3 }}"
+  when:
+    - ansible_distribution == "Fedora"
+    - ansible_distribution_major_version|int > 21
+    - not is_atomic
+  changed_when: False
+  tags:
+    - bootstrap-os
+
+- name: Install epel-release on RedHat/CentOS
+  yum:
+    name: epel-release
+    state: present
+  when:
+    - ansible_distribution in ["CentOS","RedHat"]
+    - not is_atomic
+    - epel_enabled|bool
+  tags:
+    - bootstrap-os
+
+- name: Install packages requirements
+  action:
+    module: "{{ ansible_pkg_mgr }}"
+    name: "{{ item }}"
+    state: latest
+  register: pkgs_task_result
+  until: pkgs_task_result|succeeded
+  retries: 4
+  delay: "{{ retry_stagger | random + 3 }}"
+  with_items: "{{required_pkgs | default([]) | union(common_required_pkgs|default([]))}}"
+  when: not (ansible_os_family in ["CoreOS", "Container Linux by CoreOS"] or is_atomic)
+  tags:
+    - bootstrap-os

roles/kubernetes/preinstall/tasks/0080-system-configurations.yml

@@ -0,0 +1,53 @@
+# Todo : selinux configuration
+- name: Confirm selinux deployed
+  stat:
+    path: /etc/selinux/config
+  when: ansible_os_family == "RedHat"
+  register: slc
+
+- name: Set selinux policy
+  selinux:
+    policy: targeted
+    state: "{{ preinstall_selinux_state }}"
+  when:
+    - ansible_os_family == "RedHat"
+    - slc.stat.exists == True
+  changed_when: False
+  tags:
+    - bootstrap-os
+
+- name: Disable IPv6 DNS lookup
+  lineinfile:
+    dest: /etc/gai.conf
+    line: "precedence ::ffff:0:0/96  100"
+    state: present
+    backup: yes
+  when:
+    - disable_ipv6_dns
+    - not ansible_os_family in ["CoreOS", "Container Linux by CoreOS"]
+  tags:
+    - bootstrap-os
+
+- name: Stat sysctl file configuration
+  stat:
+    path: "{{sysctl_file_path}}"
+  register: sysctl_file_stat
+  tags:
+    - bootstrap-os
+
+- name: Change sysctl file path to link source if linked
+  set_fact:
+    sysctl_file_path: "{{sysctl_file_stat.stat.lnk_source}}"
+  when:
+    - sysctl_file_stat.stat.islnk is defined
+    - sysctl_file_stat.stat.islnk
+  tags:
+    - bootstrap-os
+
+- name: Enable ip forwarding
+  sysctl:
+    sysctl_file: "{{sysctl_file_path}}"
+    name: net.ipv4.ip_forward
+    value: 1
+    state: present
+    reload: yes

roles/kubernetes/preinstall/tasks/main.yml

@@ -1,122 +1,26 @@
 ---
 # Disable swap
-- import_tasks: swapoff.yml
+- import_tasks: 0010-swapoff.yml
   when: disable_swap
 
-- import_tasks: verify-settings.yml
+- import_tasks: 0020-verify-settings.yml
   tags:
     - asserts
 
 # This is run before bin_dir is pinned because these tasks are run on localhost
-- import_tasks: pre_upgrade.yml
+- import_tasks: 0030-pre_upgrade.yml
   run_once: true
   tags:
     - upgrade
 
-- name: Force binaries directory for Container Linux by CoreOS
-  set_fact:
-    bin_dir: "/opt/bin"
-  when: ansible_os_family in ["CoreOS", "Container Linux by CoreOS"]
+- import_tasks: 0040-set_facts.yml
   tags:
+    - resolvconf
     - facts
 
-- name: check bin dir exists
-  file:
-    path: "{{bin_dir}}"
-    state: directory
-    owner: root
-  become: true
-  tags:
-    - bootstrap-os
-
-- import_tasks: set_facts.yml
-  tags:
-    - facts
-
-- name: gather os specific variables
-  include_vars: "{{ item }}"
-  with_first_found:
-    - files:
-        - "{{ ansible_distribution|lower }}-{{ ansible_distribution_version|lower|replace('/', '_') }}.yml"
-        - "{{ ansible_distribution|lower }}-{{ ansible_distribution_release }}.yml"
-        - "{{ ansible_distribution|lower }}-{{ ansible_distribution_major_version|lower|replace('/', '_') }}.yml"
-        - "{{ ansible_distribution|lower }}.yml"
-        - "{{ ansible_os_family|lower }}.yml"
-        - defaults.yml
-      paths:
-        - ../vars
-      skip: true
-  tags:
-    - facts
-
-- name: Create kubernetes directories
-  file:
-    path: "{{ item }}"
-    state: directory
-    owner: kube
-  when: inventory_hostname in groups['k8s-cluster']
-  tags:
-    - kubelet
-    - k8s-secrets
-    - kube-controller-manager
-    - kube-apiserver
-    - bootstrap-os
-    - apps
-    - network
-    - master
-    - node
-  with_items:
-    - "{{ kube_config_dir }}"
-    - "{{ kube_config_dir }}/ssl"
-    - "{{ kube_manifest_dir }}"
-    - "{{ kube_script_dir }}"
-
-- name: check cloud_provider value
-  fail:
-    msg: "If set the 'cloud_provider' var must be set either to 'generic', 'gce', 'aws', 'azure', 'openstack', 'vsphere', 'oci', or external"
-  when:
-    - cloud_provider is defined
-    - cloud_provider not in ['generic', 'gce', 'aws', 'azure', 'openstack', 'vsphere', 'oci', 'external']
-  tags:
-    - cloud-provider
-    - facts
-
-- name: Create cni directories
-  file:
-    path: "{{ item }}"
-    state: directory
-    owner: kube
-  with_items:
-    - "/etc/cni/net.d"
-    - "/opt/cni/bin"
-    - "/var/lib/calico"
-  when:
-    - kube_network_plugin in ["calico", "weave", "canal", "flannel", "contiv", "cilium"]
-    - inventory_hostname in groups['k8s-cluster']
-  tags:
-    - network
-    - cilium
-    - calico
-    - weave
-    - canal
-    - contiv
-    - bootstrap-os
-
-- name: Create local volume provisioner directories
-  file:
-    path: "{{ item }}"
-    state: directory
-    owner: kube
-  with_items:
-    - "{{ local_volume_provisioner_base_dir }}"
-    - "{{ local_volume_provisioner_mount_dir }}"
-  when:
-    - inventory_hostname in groups['k8s-cluster']
-    - local_volume_provisioner_enabled
-  tags:
-    - persistent_volumes
+- import_tasks: 0050-create_directories.yml
 
-- import_tasks: resolvconf.yml
+- import_tasks: 0060-resolvconf.yml
   when:
     - dns_mode != 'none'
     - resolvconf_mode == 'host_resolvconf'
@@ -124,164 +28,20 @@
     - bootstrap-os
     - resolvconf
 
-- name: Update package management cache (YUM)
-  yum:
-    update_cache: yes
-    name: '*'
-  register: yum_task_result
-  until: yum_task_result|succeeded
-  retries: 4
-  delay: "{{ retry_stagger | random + 3 }}"
-  when:
-    - ansible_pkg_mgr == 'yum'
-    - ansible_distribution != 'RedHat'
-    - not is_atomic
-  tags: bootstrap-os
-
-- name: Expire management cache (YUM) for Updation - Redhat
-  shell: yum clean expire-cache
-  register: expire_cache_output
-  until: expire_cache_output|succeeded
-  retries: 4
-  delay: "{{ retry_stagger | random + 3 }}"
-  when:
-    - ansible_pkg_mgr == 'yum'
-    - ansible_distribution == 'RedHat'
-    - not is_atomic
-  tags: bootstrap-os
-
-- name: Update package management cache (YUM) - Redhat
-  shell: yum makecache
-  register: make_cache_output
-  until: make_cache_output|succeeded
-  retries: 4
-  delay: "{{ retry_stagger | random + 3 }}"
-  when:
-    - ansible_pkg_mgr == 'yum'
-    - ansible_distribution == 'RedHat'
-    - expire_cache_output.rc == 0
-    - not is_atomic
-  tags: bootstrap-os
-
-- name: Update package management cache (zypper) - SUSE
-  shell: zypper -n --gpg-auto-import-keys ref
-  register: make_cache_output
-  until: make_cache_output|succeeded
-  retries: 4
-  delay: "{{ retry_stagger | random + 3 }}"
-  when:
-    - ansible_pkg_mgr == 'zypper'
-  tags: bootstrap-os
-
-- name: Update package management cache (APT)
-  apt:
-    update_cache: yes
-    cache_valid_time: 3600
-  when: ansible_os_family == "Debian"
-  tags:
-    - bootstrap-os
-
-- name: Install python-dnf for latest RedHat versions
-  command: dnf install -y python-dnf yum
-  register: dnf_task_result
-  until: dnf_task_result|succeeded
-  retries: 4
-  delay: "{{ retry_stagger | random + 3 }}"
-  when:
-    - ansible_distribution == "Fedora"
-    - ansible_distribution_major_version|int > 21
-    - not is_atomic
-  changed_when: False
-  tags:
-    - bootstrap-os
-
-- name: Install epel-release on RedHat/CentOS
-  yum:
-    name: epel-release
-    state: present
-  when:
-    - ansible_distribution in ["CentOS","RedHat"]
-    - not is_atomic
-    - epel_enabled|bool
-  tags:
-    - bootstrap-os
-
-- name: Install packages requirements
-  action:
-    module: "{{ ansible_pkg_mgr }}"
-    name: "{{ item }}"
-    state: latest
-  register: pkgs_task_result
-  until: pkgs_task_result|succeeded
-  retries: 4
-  delay: "{{ retry_stagger | random + 3 }}"
-  with_items: "{{required_pkgs | default([]) | union(common_required_pkgs|default([]))}}"
-  when: not (ansible_os_family in ["CoreOS", "Container Linux by CoreOS"] or is_atomic)
-  tags:
-    - bootstrap-os
-
-# Todo : selinux configuration
-- name: Confirm selinux deployed
-  stat:
-    path: /etc/selinux/config
-  when: ansible_os_family == "RedHat"
-  register: slc
-
-- name: Set selinux policy
-  selinux:
-    policy: targeted
-    state: "{{ preinstall_selinux_state }}"
-  when:
-    - ansible_os_family == "RedHat"
-    - slc.stat.exists == True
-  changed_when: False
-  tags:
-    - bootstrap-os
-
-- name: Disable IPv6 DNS lookup
-  lineinfile:
-    dest: /etc/gai.conf
-    line: "precedence ::ffff:0:0/96  100"
-    state: present
-    backup: yes
-  when:
-    - disable_ipv6_dns
-    - not ansible_os_family in ["CoreOS", "Container Linux by CoreOS"]
-  tags:
-    - bootstrap-os
-
-- name: Stat sysctl file configuration
-  stat:
-    path: "{{sysctl_file_path}}"
-  register: sysctl_file_stat
-  tags:
-    - bootstrap-os
-
-- name: Change sysctl file path to link source if linked
-  set_fact:
-    sysctl_file_path: "{{sysctl_file_stat.stat.lnk_source}}"
-  when:
-    - sysctl_file_stat.stat.islnk is defined
-    - sysctl_file_stat.stat.islnk
+- import_tasks: 0070-system-packages.yml
   tags:
     - bootstrap-os
 
-- name: Enable ip forwarding
-  sysctl:
-    sysctl_file: "{{sysctl_file_path}}"
-    name: net.ipv4.ip_forward
-    value: 1
-    state: present
-    reload: yes
+- import_tasks: 0080-system-configurations.yml
   tags:
     - bootstrap-os
 
-- import_tasks: etchosts.yml
+- import_tasks: 0090-etchosts.yml
   tags:
     - bootstrap-os
     - etchosts
 
-- import_tasks: dhclient-hooks.yml
+- import_tasks: 0100-dhclient-hooks.yml
   when:
     - dns_mode != 'none'
     - resolvconf_mode == 'host_resolvconf'
@@ -290,7 +50,7 @@
     - bootstrap-os
     - resolvconf
 
-- import_tasks: dhclient-hooks-undo.yml
+- import_tasks: 0110-dhclient-hooks-undo.yml
   when:
     - dns_mode != 'none'
     - resolvconf_mode != 'host_resolvconf'
@@ -306,7 +66,7 @@
   tags:
     - bootstrap-os
 
-- import_tasks: growpart-azure-centos-7.yml
+- import_tasks: 0120-growpart-azure-centos-7.yml
   when:
     - azure_check.stat.exists
     - ansible_distribution in ["CentOS","RedHat"]

roles/kubernetes/preinstall/tasks/set_facts.yml

@@ -1,17 +0,0 @@
----
-- name: check if atomic host
-  stat:
-    path: /run/ostree-booted
-  register: ostree
-
-- set_fact:
-    is_atomic: "{{ ostree.stat.exists }}"
-
-- set_fact:
-    kube_cert_group: "kube"
-  when: is_atomic
-
-- import_tasks: set_resolv_facts.yml
-  tags:
-    - resolvconf
-    - facts

roles/network_plugin/calico/tasks/check.yml

@@ -34,4 +34,4 @@
     - 'calico_version_on_server.stdout is defined'
     - 'calico_version_on_server.stdout != ""'
     - inventory_hostname == groups['kube-master'][0]
-  run_once: yes
+  run_once: yes

roles/vault/defaults/main.yml

@@ -24,7 +24,7 @@ vault_binary_checksum: 66f0f1b0b221d664dd5913f8697409d7401df4bb2a19c7277e8fbad15
 vault_download_url: "https://releases.hashicorp.com/vault/{{ vault_version }}/vault_{{ vault_version }}_linux_{{ image_arch }}.zip"
 
 # Arch of Docker images and needed packages
-image_arch: amd64
+image_arch: "{{host_architecture}}"
 
 vault_download_vars:
   container: "{{ vault_deployment_type != 'host' }}"