2015-12-30 16:11:33 +00:00
|
|
|
---
|
2017-09-27 13:47:47 +00:00
|
|
|
- include: verify-settings.yml
|
|
|
|
tags: asserts
|
2017-01-02 11:14:03 +00:00
|
|
|
|
2017-01-05 10:35:16 +00:00
|
|
|
- name: Force binaries directory for Container Linux by CoreOS
|
2016-08-26 17:24:47 +00:00
|
|
|
set_fact:
|
|
|
|
bin_dir: "/opt/bin"
|
2017-01-05 15:32:08 +00:00
|
|
|
when: ansible_os_family in ["CoreOS", "Container Linux by CoreOS"]
|
2016-12-08 13:36:00 +00:00
|
|
|
tags: facts
|
2016-08-26 17:24:47 +00:00
|
|
|
|
2016-12-02 11:37:22 +00:00
|
|
|
- name: check bin dir exists
|
|
|
|
file:
|
|
|
|
path: "{{bin_dir}}"
|
|
|
|
state: directory
|
|
|
|
owner: root
|
|
|
|
become: true
|
2016-12-08 13:36:00 +00:00
|
|
|
tags: bootstrap-os
|
2016-08-22 12:45:42 +00:00
|
|
|
|
2016-07-20 09:35:06 +00:00
|
|
|
- include: set_facts.yml
|
2016-12-08 13:36:00 +00:00
|
|
|
tags: facts
|
2016-07-20 09:35:06 +00:00
|
|
|
|
2016-01-09 09:45:50 +00:00
|
|
|
- name: gather os specific variables
|
|
|
|
include_vars: "{{ item }}"
|
|
|
|
with_first_found:
|
|
|
|
- files:
|
2017-08-24 09:09:52 +00:00
|
|
|
- "{{ ansible_distribution|lower }}-{{ ansible_distribution_version|lower|replace('/', '_') }}.yml"
|
|
|
|
- "{{ ansible_distribution|lower }}-{{ ansible_distribution_release }}.yml"
|
|
|
|
- "{{ ansible_distribution|lower }}-{{ ansible_distribution_major_version|lower|replace('/', '_') }}.yml"
|
|
|
|
- "{{ ansible_distribution|lower }}.yml"
|
|
|
|
- "{{ ansible_os_family|lower }}.yml"
|
|
|
|
- defaults.yml
|
2016-01-09 09:45:50 +00:00
|
|
|
paths:
|
2017-08-24 09:09:52 +00:00
|
|
|
- ../vars
|
2016-02-19 17:48:53 +00:00
|
|
|
skip: true
|
2016-12-08 13:36:00 +00:00
|
|
|
tags: facts
|
2016-02-19 17:48:53 +00:00
|
|
|
|
2017-09-13 18:00:51 +00:00
|
|
|
- name: Create kubernetes directories
|
2016-01-30 15:04:47 +00:00
|
|
|
file:
|
2017-09-13 18:00:51 +00:00
|
|
|
path: "{{ item }}"
|
2016-01-30 15:04:47 +00:00
|
|
|
state: directory
|
2017-02-06 12:58:54 +00:00
|
|
|
owner: kube
|
2017-04-26 12:11:13 +00:00
|
|
|
when: inventory_hostname in groups['k8s-cluster']
|
2016-12-08 13:36:00 +00:00
|
|
|
tags: [kubelet, k8s-secrets, kube-controller-manager, kube-apiserver, bootstrap-os, apps, network, master, node]
|
2017-09-13 18:00:51 +00:00
|
|
|
with_items:
|
|
|
|
- "{{ kube_config_dir }}"
|
|
|
|
- "{{ kube_config_dir }}/ssl"
|
|
|
|
- "{{ kube_manifest_dir }}"
|
|
|
|
- "{{ kube_script_dir }}"
|
2016-01-30 15:04:47 +00:00
|
|
|
|
2016-03-23 16:27:06 +00:00
|
|
|
- name: check cloud_provider value
|
|
|
|
fail:
|
2017-02-17 03:59:40 +00:00
|
|
|
msg: "If set the 'cloud_provider' var must be set either to 'generic', 'gce', 'aws', 'azure', 'openstack' or 'vsphere'"
|
2017-04-26 12:11:13 +00:00
|
|
|
when:
|
|
|
|
- cloud_provider is defined
|
|
|
|
- cloud_provider not in ['generic', 'gce', 'aws', 'azure', 'openstack', 'vsphere']
|
2016-12-08 13:36:00 +00:00
|
|
|
tags: [cloud-provider, facts]
|
2016-03-29 12:50:22 +00:00
|
|
|
|
2017-02-17 03:59:40 +00:00
|
|
|
- include: "{{ cloud_provider }}-credential-check.yml"
|
2017-04-26 12:11:13 +00:00
|
|
|
when:
|
|
|
|
- cloud_provider is defined
|
|
|
|
- cloud_provider in [ 'openstack', 'azure', 'vsphere' ]
|
2017-03-06 16:51:38 +00:00
|
|
|
tags: [cloud-provider, facts]
|
2016-11-29 09:20:28 +00:00
|
|
|
|
2016-01-30 15:04:47 +00:00
|
|
|
- name: Create cni directories
|
|
|
|
file:
|
|
|
|
path: "{{ item }}"
|
|
|
|
state: directory
|
2017-02-06 12:58:54 +00:00
|
|
|
owner: kube
|
2016-01-30 15:04:47 +00:00
|
|
|
with_items:
|
|
|
|
- "/etc/cni/net.d"
|
|
|
|
- "/opt/cni/bin"
|
2017-04-26 12:11:13 +00:00
|
|
|
when:
|
2017-08-28 18:11:01 +00:00
|
|
|
- kube_network_plugin in ["calico", "weave", "canal", "flannel"]
|
2017-04-26 12:11:13 +00:00
|
|
|
- inventory_hostname in groups['k8s-cluster']
|
2016-12-08 13:36:00 +00:00
|
|
|
tags: [network, calico, weave, canal, bootstrap-os]
|
2016-01-30 15:04:47 +00:00
|
|
|
|
2016-01-25 17:16:56 +00:00
|
|
|
- name: Update package management cache (YUM)
|
2017-02-17 21:22:34 +00:00
|
|
|
yum:
|
|
|
|
update_cache: yes
|
|
|
|
name: '*'
|
2017-03-17 09:55:17 +00:00
|
|
|
register: yum_task_result
|
|
|
|
until: yum_task_result|succeeded
|
|
|
|
retries: 4
|
|
|
|
delay: "{{ retry_stagger | random + 3 }}"
|
2017-04-26 12:11:13 +00:00
|
|
|
when:
|
|
|
|
- ansible_pkg_mgr == 'yum'
|
|
|
|
- not is_atomic
|
2016-12-08 13:36:00 +00:00
|
|
|
tags: bootstrap-os
|
2016-01-25 01:06:34 +00:00
|
|
|
|
2016-03-30 08:27:29 +00:00
|
|
|
- name: Install latest version of python-apt for Debian distribs
|
2017-02-17 21:22:34 +00:00
|
|
|
apt:
|
|
|
|
name: python-apt
|
|
|
|
state: latest
|
|
|
|
update_cache: yes
|
|
|
|
cache_valid_time: 3600
|
2015-12-30 21:15:18 +00:00
|
|
|
when: ansible_os_family == "Debian"
|
2016-12-08 13:36:00 +00:00
|
|
|
tags: bootstrap-os
|
2016-01-09 09:45:50 +00:00
|
|
|
|
|
|
|
- name: Install python-dnf for latest RedHat versions
|
2016-02-13 10:59:46 +00:00
|
|
|
command: dnf install -y python-dnf yum
|
2017-03-17 09:55:17 +00:00
|
|
|
register: dnf_task_result
|
|
|
|
until: dnf_task_result|succeeded
|
|
|
|
retries: 4
|
|
|
|
delay: "{{ retry_stagger | random + 3 }}"
|
2017-04-26 12:11:13 +00:00
|
|
|
when:
|
|
|
|
- ansible_distribution == "Fedora"
|
|
|
|
- ansible_distribution_major_version > 21
|
2016-01-09 09:45:50 +00:00
|
|
|
changed_when: False
|
2016-12-08 13:36:00 +00:00
|
|
|
tags: bootstrap-os
|
2015-12-31 13:07:02 +00:00
|
|
|
|
2016-04-10 20:08:13 +00:00
|
|
|
- name: Install epel-release on RedHat/CentOS
|
2016-10-14 21:46:44 +00:00
|
|
|
shell: rpm -qa | grep epel-release || rpm -ivh {{ epel_rpm_download_url }}
|
2017-04-26 12:11:13 +00:00
|
|
|
when:
|
|
|
|
- ansible_distribution in ["CentOS","RedHat"]
|
|
|
|
- not is_atomic
|
2017-08-20 11:03:10 +00:00
|
|
|
- epel_rpm_download_url != ''
|
2017-09-29 12:44:29 +00:00
|
|
|
- epel_enabled|bool
|
2017-03-17 09:55:17 +00:00
|
|
|
register: epel_task_result
|
|
|
|
until: epel_task_result|succeeded
|
|
|
|
retries: 4
|
|
|
|
delay: "{{ retry_stagger | random + 3 }}"
|
2016-04-11 07:33:08 +00:00
|
|
|
changed_when: False
|
2017-02-06 18:13:21 +00:00
|
|
|
check_mode: no
|
2016-12-08 13:36:00 +00:00
|
|
|
tags: bootstrap-os
|
2016-01-31 20:05:49 +00:00
|
|
|
|
2016-01-09 09:45:50 +00:00
|
|
|
- name: Install packages requirements
|
2015-12-31 13:07:02 +00:00
|
|
|
action:
|
|
|
|
module: "{{ ansible_pkg_mgr }}"
|
|
|
|
name: "{{ item }}"
|
|
|
|
state: latest
|
2016-09-13 13:29:22 +00:00
|
|
|
register: pkgs_task_result
|
2017-03-17 09:55:17 +00:00
|
|
|
until: pkgs_task_result|succeeded
|
2016-09-13 13:29:22 +00:00
|
|
|
retries: 4
|
2016-09-15 09:23:27 +00:00
|
|
|
delay: "{{ retry_stagger | random + 3 }}"
|
2016-02-19 17:48:53 +00:00
|
|
|
with_items: "{{required_pkgs | default([]) | union(common_required_pkgs|default([]))}}"
|
2017-02-24 21:41:27 +00:00
|
|
|
when: not (ansible_os_family in ["CoreOS", "Container Linux by CoreOS"] or is_atomic)
|
2016-12-08 13:36:00 +00:00
|
|
|
tags: bootstrap-os
|
2016-01-09 09:45:50 +00:00
|
|
|
|
2017-01-12 16:07:28 +00:00
|
|
|
# Todo : selinux configuration
|
2017-02-18 01:13:12 +00:00
|
|
|
- name: Confirm selinux deployed
|
|
|
|
stat:
|
|
|
|
path: /etc/selinux/config
|
|
|
|
when: ansible_os_family == "RedHat"
|
|
|
|
register: slc
|
|
|
|
|
2017-01-12 16:07:28 +00:00
|
|
|
- name: Set selinux policy to permissive
|
2017-02-17 21:22:34 +00:00
|
|
|
selinux:
|
|
|
|
policy: targeted
|
|
|
|
state: permissive
|
2017-04-26 12:11:13 +00:00
|
|
|
when:
|
|
|
|
- ansible_os_family == "RedHat"
|
|
|
|
- slc.stat.exists == True
|
2017-01-12 16:07:28 +00:00
|
|
|
changed_when: False
|
|
|
|
tags: bootstrap-os
|
|
|
|
|
2016-08-08 10:59:20 +00:00
|
|
|
- name: Disable IPv6 DNS lookup
|
|
|
|
lineinfile:
|
|
|
|
dest: /etc/gai.conf
|
|
|
|
line: "precedence ::ffff:0:0/96 100"
|
|
|
|
state: present
|
|
|
|
backup: yes
|
2017-04-26 12:11:13 +00:00
|
|
|
when:
|
|
|
|
- disable_ipv6_dns
|
|
|
|
- not ansible_os_family in ["CoreOS", "Container Linux by CoreOS"]
|
2016-12-08 13:36:00 +00:00
|
|
|
tags: bootstrap-os
|
2016-08-08 10:59:20 +00:00
|
|
|
|
2017-02-09 09:16:52 +00:00
|
|
|
- name: set default sysctl file path
|
|
|
|
set_fact:
|
|
|
|
sysctl_file_path: "/etc/sysctl.d/99-sysctl.conf"
|
|
|
|
tags: bootstrap-os
|
|
|
|
|
|
|
|
- name: Stat sysctl file configuration
|
2017-02-17 21:22:34 +00:00
|
|
|
stat:
|
|
|
|
path: "{{sysctl_file_path}}"
|
2017-02-09 09:16:52 +00:00
|
|
|
register: sysctl_file_stat
|
|
|
|
tags: bootstrap-os
|
|
|
|
|
|
|
|
- name: Change sysctl file path to link source if linked
|
|
|
|
set_fact:
|
|
|
|
sysctl_file_path: "{{sysctl_file_stat.stat.lnk_source}}"
|
2017-04-26 12:11:13 +00:00
|
|
|
when:
|
|
|
|
- sysctl_file_stat.stat.islnk is defined
|
|
|
|
- sysctl_file_stat.stat.islnk
|
2017-02-09 09:16:52 +00:00
|
|
|
tags: bootstrap-os
|
|
|
|
|
2017-01-12 16:07:28 +00:00
|
|
|
- name: Enable ip forwarding
|
2017-02-09 08:28:44 +00:00
|
|
|
sysctl:
|
2017-02-09 09:16:52 +00:00
|
|
|
sysctl_file: "{{sysctl_file_path}}"
|
2017-02-09 08:28:44 +00:00
|
|
|
name: net.ipv4.ip_forward
|
|
|
|
value: 1
|
2017-01-12 16:07:28 +00:00
|
|
|
state: present
|
2016-12-08 13:36:00 +00:00
|
|
|
tags: bootstrap-os
|
2015-12-30 21:15:18 +00:00
|
|
|
|
2017-02-17 03:59:40 +00:00
|
|
|
- name: Write cloud-config
|
2016-11-29 09:20:28 +00:00
|
|
|
template:
|
2016-11-07 11:11:16 +00:00
|
|
|
src: "{{ cloud_provider }}-cloud-config.j2"
|
2016-11-29 09:20:28 +00:00
|
|
|
dest: "{{ kube_config_dir }}/cloud_config"
|
|
|
|
group: "{{ kube_cert_group }}"
|
|
|
|
mode: 0640
|
2017-04-26 12:11:13 +00:00
|
|
|
when:
|
|
|
|
- inventory_hostname in groups['k8s-cluster']
|
|
|
|
- cloud_provider is defined
|
|
|
|
- cloud_provider in [ 'openstack', 'azure', 'vsphere' ]
|
2017-03-06 16:51:38 +00:00
|
|
|
tags: [cloud-provider]
|
2016-11-29 09:20:28 +00:00
|
|
|
|
2016-01-20 16:37:23 +00:00
|
|
|
- include: etchosts.yml
|
2016-12-08 13:36:00 +00:00
|
|
|
tags: [bootstrap-os, etchosts]
|
2016-12-07 15:57:05 +00:00
|
|
|
|
|
|
|
- include: resolvconf.yml
|
2017-04-26 12:11:13 +00:00
|
|
|
when:
|
|
|
|
- dns_mode != 'none'
|
|
|
|
- resolvconf_mode == 'host_resolvconf'
|
2016-12-07 15:57:05 +00:00
|
|
|
tags: [bootstrap-os, resolvconf]
|
2017-01-02 11:14:03 +00:00
|
|
|
|
2017-01-11 14:08:24 +00:00
|
|
|
- include: dhclient-hooks.yml
|
2017-04-26 12:11:13 +00:00
|
|
|
when:
|
|
|
|
- dns_mode != 'none'
|
|
|
|
- resolvconf_mode == 'host_resolvconf'
|
|
|
|
- not ansible_os_family in ["CoreOS", "Container Linux by CoreOS"]
|
2017-01-11 14:08:24 +00:00
|
|
|
tags: [bootstrap-os, resolvconf]
|
|
|
|
|
|
|
|
- include: dhclient-hooks-undo.yml
|
2017-04-26 12:11:13 +00:00
|
|
|
when:
|
|
|
|
- dns_mode != 'none'
|
|
|
|
- resolvconf_mode != 'host_resolvconf'
|
|
|
|
- not ansible_os_family in ["CoreOS", "Container Linux by CoreOS"]
|
2017-01-11 14:08:24 +00:00
|
|
|
tags: [bootstrap-os, resolvconf]
|
|
|
|
|
2016-12-12 13:14:22 +00:00
|
|
|
- name: Check if we are running inside a Azure VM
|
2017-02-17 21:22:34 +00:00
|
|
|
stat:
|
|
|
|
path: /var/lib/waagent/
|
2016-12-12 13:14:22 +00:00
|
|
|
register: azure_check
|
|
|
|
tags: bootstrap-os
|
|
|
|
|
|
|
|
- include: growpart-azure-centos-7.yml
|
2017-04-26 12:11:13 +00:00
|
|
|
when:
|
|
|
|
- azure_check.stat.exists
|
|
|
|
- ansible_distribution in ["CentOS","RedHat"]
|
2016-12-09 12:27:50 +00:00
|
|
|
tags: bootstrap-os
|