k8s-sig-cluster-lifecycleawskubesprayhigh-availabilityansiblekubernetes-clustergcekubernetesbare-metal
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
309 lines
7.3 KiB
309 lines
7.3 KiB
---
|
|
- import_tasks: verify-settings.yml
|
|
tags:
|
|
- asserts
|
|
|
|
- name: Force binaries directory for Container Linux by CoreOS
|
|
set_fact:
|
|
bin_dir: "/opt/bin"
|
|
when: ansible_os_family in ["CoreOS", "Container Linux by CoreOS"]
|
|
tags:
|
|
- facts
|
|
|
|
- name: check bin dir exists
|
|
file:
|
|
path: "{{bin_dir}}"
|
|
state: directory
|
|
owner: root
|
|
become: true
|
|
tags:
|
|
- bootstrap-os
|
|
|
|
- import_tasks: set_facts.yml
|
|
tags:
|
|
- facts
|
|
|
|
- name: gather os specific variables
|
|
include_vars: "{{ item }}"
|
|
with_first_found:
|
|
- files:
|
|
- "{{ ansible_distribution|lower }}-{{ ansible_distribution_version|lower|replace('/', '_') }}.yml"
|
|
- "{{ ansible_distribution|lower }}-{{ ansible_distribution_release }}.yml"
|
|
- "{{ ansible_distribution|lower }}-{{ ansible_distribution_major_version|lower|replace('/', '_') }}.yml"
|
|
- "{{ ansible_distribution|lower }}.yml"
|
|
- "{{ ansible_os_family|lower }}.yml"
|
|
- defaults.yml
|
|
paths:
|
|
- ../vars
|
|
skip: true
|
|
tags:
|
|
- facts
|
|
|
|
- name: Create kubernetes directories
|
|
file:
|
|
path: "{{ item }}"
|
|
state: directory
|
|
owner: kube
|
|
when: inventory_hostname in groups['k8s-cluster']
|
|
tags:
|
|
- kubelet
|
|
- k8s-secrets
|
|
- kube-controller-manager
|
|
- kube-apiserver
|
|
- bootstrap-os
|
|
- apps
|
|
- network
|
|
- master
|
|
- node
|
|
with_items:
|
|
- "{{ kube_config_dir }}"
|
|
- "{{ kube_config_dir }}/ssl"
|
|
- "{{ kube_manifest_dir }}"
|
|
- "{{ kube_script_dir }}"
|
|
- "{{ local_volume_base_dir }}"
|
|
|
|
- name: check cloud_provider value
|
|
fail:
|
|
msg: "If set the 'cloud_provider' var must be set either to 'generic', 'gce', 'aws', 'azure', 'openstack', 'vsphere', or external"
|
|
when:
|
|
- cloud_provider is defined
|
|
- cloud_provider not in ['generic', 'gce', 'aws', 'azure', 'openstack', 'vsphere', 'external']
|
|
tags:
|
|
- cloud-provider
|
|
- facts
|
|
|
|
- include_tasks: "{{ cloud_provider }}-credential-check.yml"
|
|
when:
|
|
- cloud_provider is defined
|
|
- cloud_provider in [ 'openstack', 'azure', 'vsphere' ]
|
|
tags:
|
|
- cloud-provider
|
|
- facts
|
|
|
|
- name: Create cni directories
|
|
file:
|
|
path: "{{ item }}"
|
|
state: directory
|
|
owner: kube
|
|
with_items:
|
|
- "/etc/cni/net.d"
|
|
- "/opt/cni/bin"
|
|
when:
|
|
- kube_network_plugin in ["calico", "weave", "canal", "flannel", "contiv"]
|
|
- inventory_hostname in groups['k8s-cluster']
|
|
tags:
|
|
- network
|
|
- calico
|
|
- weave
|
|
- canal
|
|
- contiv
|
|
- bootstrap-os
|
|
|
|
- import_tasks: resolvconf.yml
|
|
when:
|
|
- dns_mode != 'none'
|
|
- resolvconf_mode == 'host_resolvconf'
|
|
tags:
|
|
- bootstrap-os
|
|
- resolvconf
|
|
|
|
- name: Update package management cache (YUM)
|
|
yum:
|
|
update_cache: yes
|
|
name: '*'
|
|
register: yum_task_result
|
|
until: yum_task_result|succeeded
|
|
retries: 4
|
|
delay: "{{ retry_stagger | random + 3 }}"
|
|
when:
|
|
- ansible_pkg_mgr == 'yum'
|
|
- ansible_distribution != 'RedHat'
|
|
- not is_atomic
|
|
tags: bootstrap-os
|
|
|
|
- name: Expire management cache (YUM) for Updation - Redhat
|
|
shell: yum clean expire-cache
|
|
register: expire_cache_output
|
|
until: expire_cache_output|succeeded
|
|
retries: 4
|
|
delay: "{{ retry_stagger | random + 3 }}"
|
|
when:
|
|
- ansible_pkg_mgr == 'yum'
|
|
- ansible_distribution == 'RedHat'
|
|
- not is_atomic
|
|
tags: bootstrap-os
|
|
|
|
- name: Update package management cache (YUM) - Redhat
|
|
shell: yum makecache
|
|
register: make_cache_output
|
|
until: make_cache_output|succeeded
|
|
retries: 4
|
|
delay: "{{ retry_stagger | random + 3 }}"
|
|
when:
|
|
- ansible_pkg_mgr == 'yum'
|
|
- ansible_distribution == 'RedHat'
|
|
- expire_cache_output.rc == 0
|
|
- not is_atomic
|
|
tags: bootstrap-os
|
|
|
|
|
|
- name: Install latest version of python-apt for Debian distribs
|
|
apt:
|
|
name: python-apt
|
|
state: latest
|
|
update_cache: yes
|
|
cache_valid_time: 3600
|
|
when: ansible_os_family == "Debian"
|
|
tags:
|
|
- bootstrap-os
|
|
|
|
- name: Install python-dnf for latest RedHat versions
|
|
command: dnf install -y python-dnf yum
|
|
register: dnf_task_result
|
|
until: dnf_task_result|succeeded
|
|
retries: 4
|
|
delay: "{{ retry_stagger | random + 3 }}"
|
|
when:
|
|
- ansible_distribution == "Fedora"
|
|
- ansible_distribution_major_version > 21
|
|
- not is_atomic
|
|
changed_when: False
|
|
tags:
|
|
- bootstrap-os
|
|
|
|
- name: Install epel-release on RedHat/CentOS
|
|
yum:
|
|
name: epel-release
|
|
state: present
|
|
when:
|
|
- ansible_distribution in ["CentOS","RedHat"]
|
|
- not is_atomic
|
|
- epel_enabled|bool
|
|
tags:
|
|
- bootstrap-os
|
|
|
|
- name: Install packages requirements
|
|
action:
|
|
module: "{{ ansible_pkg_mgr }}"
|
|
name: "{{ item }}"
|
|
state: latest
|
|
register: pkgs_task_result
|
|
until: pkgs_task_result|succeeded
|
|
retries: 4
|
|
delay: "{{ retry_stagger | random + 3 }}"
|
|
with_items: "{{required_pkgs | default([]) | union(common_required_pkgs|default([]))}}"
|
|
when: not (ansible_os_family in ["CoreOS", "Container Linux by CoreOS"] or is_atomic)
|
|
tags:
|
|
- bootstrap-os
|
|
|
|
# Todo : selinux configuration
|
|
- name: Confirm selinux deployed
|
|
stat:
|
|
path: /etc/selinux/config
|
|
when: ansible_os_family == "RedHat"
|
|
register: slc
|
|
|
|
- name: Set selinux policy
|
|
selinux:
|
|
policy: targeted
|
|
state: "{{ preinstall_selinux_state }}"
|
|
when:
|
|
- ansible_os_family == "RedHat"
|
|
- slc.stat.exists == True
|
|
changed_when: False
|
|
tags:
|
|
- bootstrap-os
|
|
|
|
- name: Disable IPv6 DNS lookup
|
|
lineinfile:
|
|
dest: /etc/gai.conf
|
|
line: "precedence ::ffff:0:0/96 100"
|
|
state: present
|
|
backup: yes
|
|
when:
|
|
- disable_ipv6_dns
|
|
- not ansible_os_family in ["CoreOS", "Container Linux by CoreOS"]
|
|
tags:
|
|
- bootstrap-os
|
|
|
|
- name: set default sysctl file path
|
|
set_fact:
|
|
sysctl_file_path: "/etc/sysctl.d/99-sysctl.conf"
|
|
tags:
|
|
- bootstrap-os
|
|
|
|
- name: Stat sysctl file configuration
|
|
stat:
|
|
path: "{{sysctl_file_path}}"
|
|
register: sysctl_file_stat
|
|
tags:
|
|
- bootstrap-os
|
|
|
|
- name: Change sysctl file path to link source if linked
|
|
set_fact:
|
|
sysctl_file_path: "{{sysctl_file_stat.stat.lnk_source}}"
|
|
when:
|
|
- sysctl_file_stat.stat.islnk is defined
|
|
- sysctl_file_stat.stat.islnk
|
|
tags:
|
|
- bootstrap-os
|
|
|
|
- name: Enable ip forwarding
|
|
sysctl:
|
|
sysctl_file: "{{sysctl_file_path}}"
|
|
name: net.ipv4.ip_forward
|
|
value: 1
|
|
state: present
|
|
reload: yes
|
|
tags:
|
|
- bootstrap-os
|
|
|
|
- name: Write cloud-config
|
|
template:
|
|
src: "{{ cloud_provider }}-cloud-config.j2"
|
|
dest: "{{ kube_config_dir }}/cloud_config"
|
|
group: "{{ kube_cert_group }}"
|
|
mode: 0640
|
|
when:
|
|
- inventory_hostname in groups['k8s-cluster']
|
|
- cloud_provider is defined
|
|
- cloud_provider in [ 'openstack', 'azure', 'vsphere' ]
|
|
tags:
|
|
- cloud-provider
|
|
|
|
- import_tasks: etchosts.yml
|
|
tags:
|
|
- bootstrap-os
|
|
- etchosts
|
|
|
|
- import_tasks: dhclient-hooks.yml
|
|
when:
|
|
- dns_mode != 'none'
|
|
- resolvconf_mode == 'host_resolvconf'
|
|
- not ansible_os_family in ["CoreOS", "Container Linux by CoreOS"]
|
|
tags:
|
|
- bootstrap-os
|
|
- resolvconf
|
|
|
|
- import_tasks: dhclient-hooks-undo.yml
|
|
when:
|
|
- dns_mode != 'none'
|
|
- resolvconf_mode != 'host_resolvconf'
|
|
- not ansible_os_family in ["CoreOS", "Container Linux by CoreOS"]
|
|
tags:
|
|
- bootstrap-os
|
|
- resolvconf
|
|
|
|
- name: Check if we are running inside a Azure VM
|
|
stat:
|
|
path: /var/lib/waagent/
|
|
register: azure_check
|
|
tags:
|
|
- bootstrap-os
|
|
|
|
- import_tasks: growpart-azure-centos-7.yml
|
|
when:
|
|
- azure_check.stat.exists
|
|
- ansible_distribution in ["CentOS","RedHat"]
|
|
tags:
|
|
- bootstrap-os
|