richard
/
kubespray
mirror of https://github.com/kubernetes-sigs/kubespray.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Add KVM hypervisor playbook to contrib 

Optional Ansible playbook for preparing a host for running Kargo.
This includes creation of a user account, some basic packages,
and sysctl values required to allow CNI networking on a libvirt network.
pull/1163/head
Matthew Mosesohn 7 years ago
parent
f7ef452d8a
commit
3889c2e01c
7 changed files with 164 additions and 2 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 11
      contrib/kvm-setup/README.md
  2. 3
      contrib/kvm-setup/group_vars/all
  3. 8
      contrib/kvm-setup/kvm-setup.yml
  4. 46
      contrib/kvm-setup/roles/kvm-setup/tasks/main.yml
  5. 46
      contrib/kvm-setup/roles/kvm-setup/tasks/sysctl.yml
  6. 46
      contrib/kvm-setup/roles/kvm-setup/tasks/user.yml
  7. 6
      tests/cloud_playbooks/delete-gce.yml

11
contrib/kvm-setup/README.md
View File

@ -0,0 +1,11 @@
# Kargo on KVM Virtual Machines hypervisor preparation
A simple playbook to ensure your system has the right settings to enable Kargo
deployment on VMs.
This playbook does not create Virtual Machines, nor does it run Kargo itself.
### User creation
If you want to create a user for running Kargo deployment, you should specify
both `k8s_deployment_user` and `k8s_deployment_user_pkey_path`.

3
contrib/kvm-setup/group_vars/all
View File

@ -0,0 +1,3 @@
#k8s_deployment_user: kargo
#k8s_deployment_user_pkey_path: /tmp/ssh_rsa

8
contrib/kvm-setup/kvm-setup.yml
View File

@ -0,0 +1,8 @@
---
- hosts: localhost
gather_facts: False
become: yes
vars:
- bootstrap_os: none
roles:
- kvm-setup

46
contrib/kvm-setup/roles/kvm-setup/tasks/main.yml
View File

@ -0,0 +1,46 @@
---
- name: Upgrade all packages to the latest version (yum)
yum:
name: '*'
state: latest
when: ansible_os_family == "RedHat"
- name: Install required packages
yum:
name: "{{ item }}"
state: latest
with_items:
- bind-utils
- ntp
when: ansible_os_family == "RedHat"
- name: Install required packages
apt:
upgrade: yes
update_cache: yes
cache_valid_time: 3600
name: "{{ item }}"
state: latest
install_recommends: no
with_items:
- dnsutils
- ntp
when: ansible_os_family == "Debian"
- name: Upgrade all packages to the latest version (apt)
shell: apt-get -o \
Dpkg::Options::=--force-confdef -o \
Dpkg::Options::=--force-confold -q -y \
dist-upgrade
environment:
DEBIAN_FRONTEND: noninteractive
when: ansible_os_family == "Debian"
# Create deployment user if required
- include: user.yml
when: k8s_deployment_user is defined
# Set proper sysctl values
- include: sysctl.yml

46
contrib/kvm-setup/roles/kvm-setup/tasks/sysctl.yml
View File

@ -0,0 +1,46 @@
---
- name: Load br_netfilter module
modprobe:
name: br_netfilter
state: present
register: br_netfilter
- name: Add br_netfilter into /etc/modules
lineinfile:
dest: /etc/modules
state: present
line: 'br_netfilter'
when: br_netfilter is defined and ansible_os_family == 'Debian'
- name: Add br_netfilter into /etc/modules-load.d/kargo.conf
copy:
dest: /etc/modules-load.d/kargo.conf
content: |-
### This file is managed by Ansible
br-netfilter
owner: root
group: root
mode: 0644
when: br_netfilter is defined
- name: Enable net.ipv4.ip_forward in sysctl
sysctl:
name: net.ipv4.ip_forward
value: 1
sysctl_file: /etc/sysctl.d/ipv4-ip_forward.conf
state: present
reload: yes
- name: Set bridge-nf-call-{arptables,iptables} to 0
sysctl:
name: "{{ item }}"
state: present
value: 0
sysctl_file: /etc/sysctl.d/bridge-nf-call.conf
reload: yes
with_items:
- net.bridge.bridge-nf-call-arptables
- net.bridge.bridge-nf-call-ip6tables
- net.bridge.bridge-nf-call-iptables
when: br_netfilter is defined

46
contrib/kvm-setup/roles/kvm-setup/tasks/user.yml
View File

@ -0,0 +1,46 @@
---
- name: Create user {{ k8s_deployment_user }}
user:
name: "{{ k8s_deployment_user }}"
groups: adm
shell: /bin/bash
- name: Ensure that .ssh exists
file:
path: "/home/{{ k8s_deployment_user }}/.ssh"
state: directory
owner: "{{ k8s_deployment_user }}"
group: "{{ k8s_deployment_user }}"
- name: Configure sudo for deployment user
copy:
content: |
%{{ k8s_deployment_user }} ALL=(ALL) NOPASSWD: ALL
dest: "/etc/sudoers.d/55-k8s-deployment"
owner: root
group: root
mode: 0644
- name: Write private SSH key
copy:
src: "{{ k8s_deployment_user_pkey_path }}"
dest: "/home/{{ k8s_deployment_user }}/.ssh/id_rsa"
mode: 0400
owner: "{{ k8s_deployment_user }}"
group: "{{ k8s_deployment_user }}"
when: k8s_deployment_user_pkey_path is defined
- name: Write public SSH key
shell: "ssh-keygen -y -f /home/{{ k8s_deployment_user }}/.ssh/id_rsa \
> /home/{{ k8s_deployment_user }}/.ssh/authorized_keys"
args:
creates: "/home/{{ k8s_deployment_user }}/.ssh/authorized_keys"
when: k8s_deployment_user_pkey_path is defined
- name: Fix ssh-pub-key permissions
file:
path: "/home/{{ k8s_deployment_user }}/.ssh/authorized_keys"
mode: 0600
owner: "{{ k8s_deployment_user }}"
group: "{{ k8s_deployment_user }}"
when: k8s_deployment_user_pkey_path is defined

6
tests/cloud_playbooks/delete-gce.yml
View File

@ -21,12 +21,14 @@
- name: delete gce instances
gce:
instance_names: "{{instance_names}}"
image: "{{ cloud_image }}"
image: "{{ cloud_image | default(omit) }}"
service_account_email: "{{ gce_service_account_email }}"
pem_file: "{{ gce_pem_file | default(omit)}}"
credentials_file: "{{gce_credentials_file | default(omit)}}"
project_id: "{{ gce_project_id }}"
zone: "{{cloud_region | default('europe-west1-b')}}"
metadata: '{"test_id": "{{test_id}}", "network": "{{kube_network_plugin}}"}'
state: 'absent'
async: 120
poll: 3
retries: 3
register: gce
Write Preview
Loading…
Cancel
Save