turn adduser/download roles into meta roles

This should make things a little more composable, by making these roles meta roles that perform no actions by default we allow each role to own its own resources.
9 years ago · 7de87d958e
11 changed files with 104 additions and 60 deletions
--- a/cluster.yml
+++ b/cluster.yml
@ -1,8 +1,6 @@
 ---
 - hosts: k8s-cluster
  roles:
-    - { role: adduser, tags: adduser }
-    - { role: download, tags: download }
    - { role: kubernetes/preinstall, tags: preinstall }
    - { role: etcd, tags: etcd }
    - { role: docker, tags: docker, when: ansible_os_family != "CoreOS" }
--- a/roles/adduser/defaults/main.yml
+++ b/roles/adduser/defaults/main.yml
@ -0,0 +1,24 @@
+---
+addusers:
+  etcd:
+    name: etcd
+    comment: "Etcd user"
+    createhome: yes
+    home: "/var/lib/etcd"
+    system: yes
+    shell: /bin/nologin
+  kube:
+    name: kube
+    comment: "Kubernetes user"
+    shell: /sbin/nologin
+    system: yes
+    group: "{{ kube_cert_group }}"
+    createhome: no
+
+adduser:
+  name: "{{ user.name }}"
+  group: "{{ user.name|default(None) }}"
+  comment: "{{ user.comment|default(None) }}"
+  shell: "{{ user.shell|default(None) }}"
+  system: "{{ user.system|default(None) }}"
+  createhome: "{{ user.createhome|default(None) }}"
--- a/roles/adduser/tasks/main.yml
+++ b/roles/adduser/tasks/main.yml
@ -1,28 +1,13 @@
 ---
- name: gather os specific variables
-  include_vars: "{{ item }}"
-  with_first_found:
-    - files:
-      - "{{ ansible_distribution|lower }}-{{ ansible_distribution_version|lower|replace('/', '_') }}.yml"
-      - "{{ ansible_distribution|lower }}-{{ ansible_distribution_release }}.yml"
-      - "{{ ansible_distribution|lower }}-{{ ansible_distribution_major_version|lower|replace('/', '_') }}.yml"
-      - "{{ ansible_distribution|lower }}.yml"
-      - "{{ ansible_os_family|lower }}.yml"
-      - defaults.yml
-      paths:
-      - ../vars
-      skip: true
-
 - name: User | Create User Group
-  group: name={{item.group|default(item.name)}} system={{item.system|default(omit)}}
-  with_items: "{{ addusers }}"
+  group: name={{user.group|default(user.name)}} system={{user.system|default(omit)}}

 - name: User | Create User
  user:
-    comment: "{{item.comment|default(omit)}}"
-    createhome: "{{item.create_home|default(omit)}}"
-    group: "{{item.group|default(item.name)}}"
-    home: "{{item.home|default(omit)}}"
-    name: "{{item.name}}"
-    system: "{{item.system|default(omit)}}"
-  with_items: "{{ addusers }}"
+    comment: "{{user.comment|default(omit)}}"
+    createhome: "{{user.create_home|default(omit)}}"
+    group: "{{user.group|default(user.name)}}"
+    home: "{{user.home|default(omit)}}"
+    shell: "{{user.shell|default(omit)}}"
+    name: "{{user.name}}"
+    system: "{{user.system|default(omit)}}"
--- a/roles/download/defaults/main.yml
+++ b/roles/download/defaults/main.yml
@ -33,7 +33,7 @@ kubelet_checksum: "4adaf40592248eef6fd4fa126464915ea41e624a70dc77178089760ed235e
 kube_apiserver_checksum: "6ac99b36b02968459e026fcfc234207c66064b5e11816b69dd8fc234b2ffec1e"

 downloads:
-  - name: calico
+  calico:
    dest: calico/bin/calicoctl
    version: "{{calico_version}}"
    sha256: "{{ calico_checksum }}"
@ -41,8 +41,7 @@ downloads:
    url: "{{ calico_download_url }}"
    owner: "root"
    mode: "0755"
-
-  - name: calico-cni-plugin
+  calico_cni_plugin:
    dest: calico/bin/calico
    version: "{{calico_cni_version}}"
    sha256: "{{ calico_cni_checksum }}"
@ -50,8 +49,7 @@ downloads:
    url: "{{ calico_cni_download_url }}"
    owner: "root"
    mode: "0755"
-
-  - name: calico-cni-plugin-ipam
+  calico_cni_plugin_ipam:
    dest: calico/bin/calico-ipam
    version: "{{calico_cni_version}}"
    sha256: "{{ calico_cni_ipam_checksum }}"
@ -59,8 +57,7 @@ downloads:
    url: "{{ calico_cni_ipam_download_url }}"
    owner: "root"
    mode: "0755"
-
-  - name: weave
+  weave:
    dest: weave/bin/weave
    version: "{{weave_version}}"
    source_url: "{{weave_download_url}}"
@ -68,8 +65,7 @@ downloads:
    sha256: "{{ weave_checksum }}"
    owner: "root"
    mode: "0755"
-
-  - name: etcd
+  etcd:
    version: "{{etcd_version}}"
    dest: "etcd/etcd-{{ etcd_version }}-linux-amd64.tar.gz"
    sha256: "{{ etcd_checksum }}"
@ -78,8 +74,7 @@ downloads:
    unarchive: true
    owner: "etcd"
    mode: "0755"
-
-  - name: kubernetes-kubelet
+  kubernetes_kubelet:
    version: "{{kube_version}}"
    dest: kubernetes/bin/kubelet
    sha256: "{{kubelet_checksum}}"
@ -87,8 +82,7 @@ downloads:
    url: "{{ kubelet_download_url }}"
    owner: "kube"
    mode: "0755"
-
-  - name: kubernetes-kubectl
+  kubernetes_kubectl:
    dest: kubernetes/bin/kubectl
    version: "{{kube_version}}"
    sha256: "{{kubectl_checksum}}"
@ -96,8 +90,7 @@ downloads:
    url: "{{ kubectl_download_url }}"
    owner: "kube"
    mode: "0755"
-
-  - name: kubernetes-apiserver
+  kubernetes_apiserver:
    dest: kubernetes/bin/kube-apiserver
    version: "{{kube_version}}"
    sha256: "{{kube_apiserver_checksum}}"
@ -105,3 +98,14 @@ downloads:
    url: "{{ apiserver_download_url }}"
    owner: "kube"
    mode: "0755"
+
+download:
+  enabled: "{{ file.enabled|default('true') }}"
+  dest: "{{ file.dest|default(None) }}"
+  version: "{{ file.version|default(None) }}"
+  sha256: "{{ file.sha256|default(None) }}"
+  source_url: "{{ file.source_url|default(None) }}"
+  url: "{{ file.url|default(None) }}"
+  unarchive: "{{ file.unarchive|default('false') }}"
+  owner: "{{ file.owner|default('kube') }}"
+  mode: "{{ file.mode|default(None) }}"
--- a/roles/download/tasks/main.yml
+++ b/roles/download/tasks/main.yml
@ -1,36 +1,39 @@
 ---
+- name: downloading...
+  debug:
+    msg: "{{ download.url }}"
+  when: "{{ download.enabled|bool }}"
+
 - name: Create dest directories
-  file: path={{local_release_dir}}/{{item.dest|dirname}} state=directory recurse=yes
-  with_items: "{{ downloads }}"
+  file: path={{local_release_dir}}/{{download.dest|dirname}} state=directory recurse=yes
+  when: "{{ download.enabled|bool }}"
  run_once: "{{ download_run_once|bool }}"

 - name: Download items
  get_url:
-    url: "{{item.url}}"
-    dest: "{{local_release_dir}}/{{item.dest}}"
-    sha256sum: "{{item.sha256 | default(omit)}}"
-    owner: "{{ item.owner|default(omit) }}"
-    mode: "{{ item.mode|default(omit) }}"
-  with_items: "{{ downloads }}"
+    url: "{{download.url}}"
+    dest: "{{local_release_dir}}/{{download.dest}}"
+    sha256sum: "{{download.sha256 | default(omit)}}"
+    owner: "{{ download.owner|default(omit) }}"
+    mode: "{{ download.mode|default(omit) }}"
+  when: "{{ download.enabled|bool }}"
  run_once: "{{ download_run_once|bool }}"

 - name: Extract archives
  unarchive:
-    src: "{{ local_release_dir }}/{{item.dest}}"
-    dest: "{{ local_release_dir }}/{{item.dest|dirname}}"
-    owner: "{{ item.owner|default(omit) }}"
-    mode: "{{ item.mode|default(omit) }}"
+    src: "{{ local_release_dir }}/{{download.dest}}"
+    dest: "{{ local_release_dir }}/{{download.dest|dirname}}"
+    owner: "{{ download.owner|default(omit) }}"
+    mode: "{{ download.mode|default(omit) }}"
    copy: no
-  when: "{{item.unarchive is defined and item.unarchive == True}}"
-  with_items: "{{ downloads }}"
+  when: "{{ download.enabled|bool }} and ({{download.unarchive is defined and download.unarchive == True}})"
  run_once: "{{ download_run_once|bool }}"

 - name: Fix permissions
  file:
    state: file
-    path: "{{local_release_dir}}/{{item.dest}}"
-    owner: "{{ item.owner|default(omit) }}"
-    mode: "{{ item.mode|default(omit) }}"
-  when: "{{item.unarchive is not defined or item.unarchive == False}}"
-  with_items: "{{ downloads }}"
+    path: "{{local_release_dir}}/{{download.dest}}"
+    owner: "{{ download.owner|default(omit) }}"
+    mode: "{{ download.mode|default(omit) }}"
+  when: "{{ download.enabled|bool }} and ({{download.unarchive is not defined or download.unarchive == False}})"
  run_once: "{{ download_run_once|bool }}"
--- a/roles/etcd/meta/main.yml
+++ b/roles/etcd/meta/main.yml
@ -0,0 +1,7 @@
+---
+dependencies:
+  - role: adduser
+    user: "{{ addusers.etcd }}"
+    when: ansible_os_family != 'CoreOS'
+  - role: download
+    file: "{{ downloads.etcd }}"
--- a/roles/kubernetes/master/meta/main.yml
+++ b/roles/kubernetes/master/meta/main.yml
@ -1,4 +1,8 @@
 ---
 dependencies:
+  - role: download
+    file: "{{ downloads.kubernetes_kubectl }}"
+  - role: download
+    file: "{{ downloads.kubernetes_apiserver }}"
  - { role: etcd }
  - { role: kubernetes/node }
--- a/roles/kubernetes/node/meta/main.yml
+++ b/roles/kubernetes/node/meta/main.yml
@ -1,3 +1,5 @@
 ---
 dependencies:
- - role: kubernetes/secrets
+  - role: download
+    file: "{{ downloads.kubernetes_kubelet }}"
+  - role: kubernetes/secrets
--- a/roles/kubernetes/preinstall/meta/main.yml
+++ b/roles/kubernetes/preinstall/meta/main.yml
@ -0,0 +1,5 @@
+---
+dependencies:
+  - role: adduser
+    user: "{{ addusers.kube }}"
+    when: ansible_os_family != 'CoreOS'
--- a/roles/network_plugin/calico/meta/main.yml
+++ b/roles/network_plugin/calico/meta/main.yml
@ -0,0 +1,8 @@
+---
+dependencies:
+  - role: download
+    file: "{{ downloads.calico }}"
+  - role: download
+    file: "{{ downloads.calico_cni_plugin }}"
+  - role: download
+    file: "{{ downloads.calico_cni_plugin_ipam }}"
--- a/roles/network_plugin/weave/meta/main.yml
+++ b/roles/network_plugin/weave/meta/main.yml
@ -0,0 +1,4 @@
+---
+dependencies:
+  - role: download
+    file: "{{ downloads.weave }}"