Update dir list

roles/kubernetes/preinstall/tasks/verify-settings.yml → roles/kubernetes/preinstall/tasks/0020-verify-settings.yml

@@ -115,3 +115,15 @@
     that: inventory_hostname | match("[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$")
     msg: "Hostname must consist of lower case alphanumeric characters, '.' or '-', and must start and end with an alphanumeric character"
   ignore_errors: "{{ ignore_assert_errors }}"
+
+- name: check cloud_provider value
+  assert:
+    that: cloud_provider in ['generic', 'gce', 'aws', 'azure', 'openstack', 'vsphere', 'oci', 'external']
+    msg: "If set the 'cloud_provider' var must be set either to 'generic', 'gce', 'aws', 'azure', 'openstack', 'vsphere', or external"
+  when:
+    - cloud_provider is defined
+
+  ignore_errors: "{{ ignore_assert_errors }}"
+  tags:
+    - cloud-provider
+    - facts

roles/kubernetes/preinstall/tasks/set_resolv_facts.yml → roles/kubernetes/preinstall/tasks/0040-set_facts.yml

@@ -1,4 +1,23 @@
 ---
+- name: Force binaries directory for Container Linux by CoreOS
+  set_fact:
+    bin_dir: "/opt/bin"
+  when: ansible_os_family in ["CoreOS", "Container Linux by CoreOS"]
+  tags:
+    - facts
+
+- name: check if atomic host
+  stat:
+    path: /run/ostree-booted
+  register: ostree
+
+- set_fact:
+    is_atomic: "{{ ostree.stat.exists }}"
+
+- set_fact:
+    kube_cert_group: "kube"
+  when: is_atomic
+
 - name: check resolvconf
   shell: which resolvconf
   register: resolvconf
@@ -111,3 +130,17 @@
       nameserver {{( dnsmasq_server + nameservers|d([]) + cloud_resolver|d([])) | join(',nameserver ')}}
     supersede_nameserver:
       supersede domain-name-servers {{( dnsmasq_server + nameservers|d([]) + cloud_resolver|d([])) | join(', ') }};
+
+- name: gather os specific variables
+  include_vars: "{{ item }}"
+  with_first_found:
+    - files:
+        - "{{ ansible_distribution|lower }}-{{ ansible_distribution_version|lower|replace('/', '_') }}.yml"
+        - "{{ ansible_distribution|lower }}-{{ ansible_distribution_release }}.yml"
+        - "{{ ansible_distribution|lower }}-{{ ansible_distribution_major_version|lower|replace('/', '_') }}.yml"
+        - "{{ ansible_distribution|lower }}.yml"
+        - "{{ ansible_os_family|lower }}.yml"
+        - defaults.yml
+      paths:
+        - ../vars
+      skip: true

roles/kubernetes/preinstall/tasks/0050-create_directories.yml

@@ -0,0 +1,58 @@
+- name: Create kubernetes directories
+  file:
+    path: "{{ item }}"
+    state: directory
+    owner: kube
+  when: inventory_hostname in groups['k8s-cluster']
+  become: true
+  tags:
+    - kubelet
+    - k8s-secrets
+    - kube-controller-manager
+    - kube-apiserver
+    - bootstrap-os
+    - apps
+    - network
+    - master
+    - node
+  with_items:
+    - "{{bin_dir}}"
+    - "{{ kube_config_dir }}"
+    - "{{ kube_config_dir }}/ssl"
+    - "{{ kube_manifest_dir }}"
+    - "{{ kube_script_dir }}"
+
+- name: Create cni directories
+  file:
+    path: "{{ item }}"
+    state: directory
+    owner: kube
+  with_items:
+    - "/etc/cni/net.d"
+    - "/opt/cni/bin"
+    - "/var/lib/calico"
+  when:
+    - kube_network_plugin in ["calico", "weave", "canal", "flannel", "contiv", "cilium"]
+    - inventory_hostname in groups['k8s-cluster']
+  tags:
+    - network
+    - cilium
+    - calico
+    - weave
+    - canal
+    - contiv
+    - bootstrap-os
+
+- name: Create local volume provisioner directories
+  file:
+    path: "{{ item }}"
+    state: directory
+    owner: kube
+  with_items:
+    - "{{ local_volume_provisioner_base_dir }}"
+    - "{{ local_volume_provisioner_mount_dir }}"
+  when:
+    - inventory_hostname in groups['k8s-cluster']
+    - local_volume_provisioner_enabled
+  tags:
+    - persistent_volumes

roles/kubernetes/preinstall/tasks/0070-system-packages.yml

@@ -0,0 +1,94 @@
+- name: Update package management cache (YUM)
+  yum:
+    update_cache: yes
+    name: '*'
+  register: yum_task_result
+  until: yum_task_result|succeeded
+  retries: 4
+  delay: "{{ retry_stagger | random + 3 }}"
+  when:
+    - ansible_pkg_mgr == 'yum'
+    - ansible_distribution != 'RedHat'
+    - not is_atomic
+
+- name: Expire management cache (YUM) for Updation - Redhat
+  shell: yum clean expire-cache
+  register: expire_cache_output
+  until: expire_cache_output|succeeded
+  retries: 4
+  delay: "{{ retry_stagger | random + 3 }}"
+  when:
+    - ansible_pkg_mgr == 'yum'
+    - ansible_distribution == 'RedHat'
+    - not is_atomic
+  tags: bootstrap-os
+
+- name: Update package management cache (YUM) - Redhat
+  shell: yum makecache
+  register: make_cache_output
+  until: make_cache_output|succeeded
+  retries: 4
+  delay: "{{ retry_stagger | random + 3 }}"
+  when:
+    - ansible_pkg_mgr == 'yum'
+    - ansible_distribution == 'RedHat'
+    - expire_cache_output.rc == 0
+    - not is_atomic
+  tags: bootstrap-os
+
+- name: Update package management cache (zypper) - SUSE
+  shell: zypper -n --gpg-auto-import-keys ref
+  register: make_cache_output
+  until: make_cache_output|succeeded
+  retries: 4
+  delay: "{{ retry_stagger | random + 3 }}"
+  when:
+    - ansible_pkg_mgr == 'zypper'
+  tags: bootstrap-os
+
+- name: Update package management cache (APT)
+  apt:
+    update_cache: yes
+    cache_valid_time: 3600
+  when: ansible_os_family == "Debian"
+  tags:
+    - bootstrap-os
+
+- name: Install python-dnf for latest RedHat versions
+  command: dnf install -y python-dnf yum
+  register: dnf_task_result
+  until: dnf_task_result|succeeded
+  retries: 4
+  delay: "{{ retry_stagger | random + 3 }}"
+  when:
+    - ansible_distribution == "Fedora"
+    - ansible_distribution_major_version|int > 21
+    - not is_atomic
+  changed_when: False
+  tags:
+    - bootstrap-os
+
+- name: Install epel-release on RedHat/CentOS
+  yum:
+    name: epel-release
+    state: present
+  when:
+    - ansible_distribution in ["CentOS","RedHat"]
+    - not is_atomic
+    - epel_enabled|bool
+  tags:
+    - bootstrap-os
+
+- name: Install packages requirements
+  action:
+    module: "{{ ansible_pkg_mgr }}"
+    name: "{{ item }}"
+    state: latest
+  register: pkgs_task_result
+  until: pkgs_task_result|succeeded
+  retries: 4
+  delay: "{{ retry_stagger | random + 3 }}"
+  with_items: "{{required_pkgs | default([]) | union(common_required_pkgs|default([]))}}"
+  when: not (ansible_os_family in ["CoreOS", "Container Linux by CoreOS"] or is_atomic)
+  tags:
+    - bootstrap-os

roles/kubernetes/preinstall/tasks/0080-system-configurations.yml

@@ -0,0 +1,53 @@
+# Todo : selinux configuration
+- name: Confirm selinux deployed
+  stat:
+    path: /etc/selinux/config
+  when: ansible_os_family == "RedHat"
+  register: slc
+
+- name: Set selinux policy
+  selinux:
+    policy: targeted
+    state: "{{ preinstall_selinux_state }}"
+  when:
+    - ansible_os_family == "RedHat"
+    - slc.stat.exists == True
+  changed_when: False
+  tags:
+    - bootstrap-os
+
+- name: Disable IPv6 DNS lookup
+  lineinfile:
+    dest: /etc/gai.conf
+    line: "precedence ::ffff:0:0/96  100"
+    state: present
+    backup: yes
+  when:
+    - disable_ipv6_dns
+    - not ansible_os_family in ["CoreOS", "Container Linux by CoreOS"]
+  tags:
+    - bootstrap-os
+
+- name: Stat sysctl file configuration
+  stat:
+    path: "{{sysctl_file_path}}"
+  register: sysctl_file_stat
+  tags:
+    - bootstrap-os
+
+- name: Change sysctl file path to link source if linked
+  set_fact:
+    sysctl_file_path: "{{sysctl_file_stat.stat.lnk_source}}"
+  when:
+    - sysctl_file_stat.stat.islnk is defined
+    - sysctl_file_stat.stat.islnk
+  tags:
+    - bootstrap-os
+
+- name: Enable ip forwarding
+  sysctl:
+    sysctl_file: "{{sysctl_file_path}}"
+    name: net.ipv4.ip_forward
+    value: 1
+    state: present
+    reload: yes

roles/kubernetes/preinstall/tasks/main.yml

@@ -1,122 +1,26 @@
 ---
 # Disable swap
-- import_tasks: swapoff.yml
+- import_tasks: 0010-swapoff.yml
   when: disable_swap
 
-- import_tasks: verify-settings.yml
+- import_tasks: 0020-verify-settings.yml
   tags:
     - asserts
 
 # This is run before bin_dir is pinned because these tasks are run on localhost
-- import_tasks: pre_upgrade.yml
+- import_tasks: 0030-pre_upgrade.yml
   run_once: true
   tags:
     - upgrade
 
-- name: Force binaries directory for Container Linux by CoreOS
-  set_fact:
-    bin_dir: "/opt/bin"
-  when: ansible_os_family in ["CoreOS", "Container Linux by CoreOS"]
+- import_tasks: 0040-set_facts.yml
   tags:
+    - resolvconf
     - facts
 
-- name: check bin dir exists
-  file:
-    path: "{{bin_dir}}"
-    state: directory
-    owner: root
-  become: true
-  tags:
-    - bootstrap-os
-
-- import_tasks: set_facts.yml
-  tags:
-    - facts
-
-- name: gather os specific variables
-  include_vars: "{{ item }}"
-  with_first_found:
-    - files:
-        - "{{ ansible_distribution|lower }}-{{ ansible_distribution_version|lower|replace('/', '_') }}.yml"
-        - "{{ ansible_distribution|lower }}-{{ ansible_distribution_release }}.yml"
-        - "{{ ansible_distribution|lower }}-{{ ansible_distribution_major_version|lower|replace('/', '_') }}.yml"
-        - "{{ ansible_distribution|lower }}.yml"
-        - "{{ ansible_os_family|lower }}.yml"
-        - defaults.yml
-      paths:
-        - ../vars
-      skip: true
-  tags:
-    - facts
-
-- name: Create kubernetes directories
-  file:
-    path: "{{ item }}"
-    state: directory
-    owner: kube
-  when: inventory_hostname in groups['k8s-cluster']
-  tags:
-    - kubelet
-    - k8s-secrets
-    - kube-controller-manager
-    - kube-apiserver
-    - bootstrap-os
-    - apps
-    - network
-    - master
-    - node
-  with_items:
-    - "{{ kube_config_dir }}"
-    - "{{ kube_config_dir }}/ssl"
-    - "{{ kube_manifest_dir }}"
-    - "{{ kube_script_dir }}"
-
-- name: check cloud_provider value
-  fail:
-    msg: "If set the 'cloud_provider' var must be set either to 'generic', 'gce', 'aws', 'azure', 'openstack', 'vsphere', 'oci', or external"
-  when:
-    - cloud_provider is defined
-    - cloud_provider not in ['generic', 'gce', 'aws', 'azure', 'openstack', 'vsphere', 'oci', 'external']
-  tags:
-    - cloud-provider
-    - facts
-
-- name: Create cni directories
-  file:
-    path: "{{ item }}"
-    state: directory
-    owner: kube
-  with_items:
-    - "/etc/cni/net.d"
-    - "/opt/cni/bin"
-    - "/var/lib/calico"
-  when:
-    - kube_network_plugin in ["calico", "weave", "canal", "flannel", "contiv", "cilium"]
-    - inventory_hostname in groups['k8s-cluster']
-  tags:
-    - network
-    - cilium
-    - calico
-    - weave
-    - canal
-    - contiv
-    - bootstrap-os
-
-- name: Create local volume provisioner directories
-  file:
-    path: "{{ item }}"
-    state: directory
-    owner: kube
-  with_items:
-    - "{{ local_volume_provisioner_base_dir }}"
-    - "{{ local_volume_provisioner_mount_dir }}"
-  when:
-    - inventory_hostname in groups['k8s-cluster']
-    - local_volume_provisioner_enabled
-  tags:
-    - persistent_volumes
+- import_tasks: 0050-create_directories.yml
 
-- import_tasks: resolvconf.yml
+- import_tasks: 0060-resolvconf.yml
   when:
     - dns_mode != 'none'
     - resolvconf_mode == 'host_resolvconf'
@@ -124,164 +28,20 @@
     - bootstrap-os
     - resolvconf
 
-- name: Update package management cache (YUM)
-  yum:
-    update_cache: yes
-    name: '*'
-  register: yum_task_result
-  until: yum_task_result|succeeded
-  retries: 4
-  delay: "{{ retry_stagger | random + 3 }}"
-  when:
-    - ansible_pkg_mgr == 'yum'
-    - ansible_distribution != 'RedHat'
-    - not is_atomic
-  tags: bootstrap-os
-
-- name: Expire management cache (YUM) for Updation - Redhat
-  shell: yum clean expire-cache
-  register: expire_cache_output
-  until: expire_cache_output|succeeded
-  retries: 4
-  delay: "{{ retry_stagger | random + 3 }}"
-  when:
-    - ansible_pkg_mgr == 'yum'
-    - ansible_distribution == 'RedHat'
-    - not is_atomic
-  tags: bootstrap-os
-
-- name: Update package management cache (YUM) - Redhat
-  shell: yum makecache
-  register: make_cache_output
-  until: make_cache_output|succeeded
-  retries: 4
-  delay: "{{ retry_stagger | random + 3 }}"
-  when:
-    - ansible_pkg_mgr == 'yum'
-    - ansible_distribution == 'RedHat'
-    - expire_cache_output.rc == 0
-    - not is_atomic
-  tags: bootstrap-os
-
-- name: Update package management cache (zypper) - SUSE
-  shell: zypper -n --gpg-auto-import-keys ref
-  register: make_cache_output
-  until: make_cache_output|succeeded
-  retries: 4
-  delay: "{{ retry_stagger | random + 3 }}"
-  when:
-    - ansible_pkg_mgr == 'zypper'
-  tags: bootstrap-os
-
-- name: Update package management cache (APT)
-  apt:
-    update_cache: yes
-    cache_valid_time: 3600
-  when: ansible_os_family == "Debian"
-  tags:
-    - bootstrap-os
-
-- name: Install python-dnf for latest RedHat versions
-  command: dnf install -y python-dnf yum
-  register: dnf_task_result
-  until: dnf_task_result|succeeded
-  retries: 4
-  delay: "{{ retry_stagger | random + 3 }}"
-  when:
-    - ansible_distribution == "Fedora"
-    - ansible_distribution_major_version|int > 21
-    - not is_atomic
-  changed_when: False
-  tags:
-    - bootstrap-os
-
-- name: Install epel-release on RedHat/CentOS
-  yum:
-    name: epel-release
-    state: present
-  when:
-    - ansible_distribution in ["CentOS","RedHat"]
-    - not is_atomic
-    - epel_enabled|bool
-  tags:
-    - bootstrap-os
-
-- name: Install packages requirements
-  action:
-    module: "{{ ansible_pkg_mgr }}"
-    name: "{{ item }}"
-    state: latest
-  register: pkgs_task_result
-  until: pkgs_task_result|succeeded
-  retries: 4
-  delay: "{{ retry_stagger | random + 3 }}"
-  with_items: "{{required_pkgs | default([]) | union(common_required_pkgs|default([]))}}"
-  when: not (ansible_os_family in ["CoreOS", "Container Linux by CoreOS"] or is_atomic)
-  tags:
-    - bootstrap-os
-
-# Todo : selinux configuration
-- name: Confirm selinux deployed
-  stat:
-    path: /etc/selinux/config
-  when: ansible_os_family == "RedHat"
-  register: slc
-
-- name: Set selinux policy
-  selinux:
-    policy: targeted
-    state: "{{ preinstall_selinux_state }}"
-  when:
-    - ansible_os_family == "RedHat"
-    - slc.stat.exists == True
-  changed_when: False
-  tags:
-    - bootstrap-os
-
-- name: Disable IPv6 DNS lookup
-  lineinfile:
-    dest: /etc/gai.conf
-    line: "precedence ::ffff:0:0/96  100"
-    state: present
-    backup: yes
-  when:
-    - disable_ipv6_dns
-    - not ansible_os_family in ["CoreOS", "Container Linux by CoreOS"]
-  tags:
-    - bootstrap-os
-
-- name: Stat sysctl file configuration
-  stat:
-    path: "{{sysctl_file_path}}"
-  register: sysctl_file_stat
-  tags:
-    - bootstrap-os
-
-- name: Change sysctl file path to link source if linked
-  set_fact:
-    sysctl_file_path: "{{sysctl_file_stat.stat.lnk_source}}"
-  when:
-    - sysctl_file_stat.stat.islnk is defined
-    - sysctl_file_stat.stat.islnk
+- import_tasks: 0070-system-packages.yml
   tags:
     - bootstrap-os
 
-- name: Enable ip forwarding
-  sysctl:
-    sysctl_file: "{{sysctl_file_path}}"
-    name: net.ipv4.ip_forward
-    value: 1
-    state: present
-    reload: yes
+- import_tasks: 0080-system-configurations.yml
   tags:
     - bootstrap-os
 
-- import_tasks: etchosts.yml
+- import_tasks: 0090-etchosts.yml
   tags:
     - bootstrap-os
     - etchosts
 
-- import_tasks: dhclient-hooks.yml
+- import_tasks: 0100-dhclient-hooks.yml
   when:
     - dns_mode != 'none'
     - resolvconf_mode == 'host_resolvconf'
@@ -290,7 +50,7 @@
     - bootstrap-os
     - resolvconf
 
-- import_tasks: dhclient-hooks-undo.yml
+- import_tasks: 0110-dhclient-hooks-undo.yml
   when:
     - dns_mode != 'none'
     - resolvconf_mode != 'host_resolvconf'
@@ -306,7 +66,7 @@
   tags:
     - bootstrap-os
 
-- import_tasks: growpart-azure-centos-7.yml
+- import_tasks: 0120-growpart-azure-centos-7.yml
   when:
     - azure_check.stat.exists
     - ansible_distribution in ["CentOS","RedHat"]

roles/kubernetes/preinstall/tasks/set_facts.yml

@@ -1,17 +0,0 @@
----
-- name: check if atomic host
-  stat:
-    path: /run/ostree-booted
-  register: ostree
-
-- set_fact:
-    is_atomic: "{{ ostree.stat.exists }}"
-
-- set_fact:
-    kube_cert_group: "kube"
-  when: is_atomic
-
-- import_tasks: set_resolv_facts.yml
-  tags:
-    - resolvconf
-    - facts