Ansible 2.3 support
- Fix when clauses in various places - Update requirements.txt - Fix README.md Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
This commit is contained in:
parent
ecf9f092b5
commit
085aeb6a0a
9 changed files with 136 additions and 61 deletions
|
@ -67,9 +67,9 @@ plugins can be deployed for a given single cluster.
|
||||||
Requirements
|
Requirements
|
||||||
--------------
|
--------------
|
||||||
|
|
||||||
* **Ansible v2.2 (or newer) and python-netaddr is installed on the machine
|
* **Ansible v2.3 (or newer) and python-netaddr is installed on the machine
|
||||||
that will run Ansible commands**
|
that will run Ansible commands**
|
||||||
* **Jinja 2.8 (or newer) is required to run the Ansible Playbooks**
|
* **Jinja 2.9 (or newer) is required to run the Ansible Playbooks**
|
||||||
* The target servers must have **access to the Internet** in order to pull docker images.
|
* The target servers must have **access to the Internet** in order to pull docker images.
|
||||||
* The target servers are configured to allow **IPv4 forwarding**.
|
* The target servers are configured to allow **IPv4 forwarding**.
|
||||||
* **Your ssh key must be copied** to all the servers part of your inventory.
|
* **Your ssh key must be copied** to all the servers part of your inventory.
|
||||||
|
|
|
@ -1,14 +1,3 @@
|
||||||
ansible==2.2.1.0
|
ansible>=2.3.0
|
||||||
netaddr
|
netaddr
|
||||||
# Ansible 2.2.1 requires jinja2<2.9, see <https://github.com/ansible/ansible/blob/v2.2.1.0-1/setup.py#L25>,
|
jinja2>=2.9.6
|
||||||
# but without explicit limiting upper jinja2 version here pip ignores
|
|
||||||
# Ansible requirements and installs latest available jinja2
|
|
||||||
# (pip is not very smart here), which is incompatible with with
|
|
||||||
# Ansible 2.2.1.
|
|
||||||
# With incompatible jinja2 version "ansible-vault create" (and probably other parts)
|
|
||||||
# fails with:
|
|
||||||
# ERROR! Unexpected Exception: The 'jinja2<2.9' distribution was not found
|
|
||||||
# and is required by ansible
|
|
||||||
# This upper limit should be removed in 2.2.2 release, see:
|
|
||||||
# <https://github.com/ansible/ansible/commit/978311bf3f91dae5806ab72b665b0937adce38ad>
|
|
||||||
jinja2>=2.8,<2.9
|
|
||||||
|
|
|
@ -2,14 +2,18 @@
|
||||||
- name: downloading...
|
- name: downloading...
|
||||||
debug:
|
debug:
|
||||||
msg: "{{ download.url }}"
|
msg: "{{ download.url }}"
|
||||||
when: "{{ download.enabled|bool and not download.container|bool }}"
|
when:
|
||||||
|
- download.enabled|bool
|
||||||
|
- not download.container|bool
|
||||||
|
|
||||||
- name: Create dest directories
|
- name: Create dest directories
|
||||||
file:
|
file:
|
||||||
path: "{{local_release_dir}}/{{download.dest|dirname}}"
|
path: "{{local_release_dir}}/{{download.dest|dirname}}"
|
||||||
state: directory
|
state: directory
|
||||||
recurse: yes
|
recurse: yes
|
||||||
when: "{{ download.enabled|bool and not download.container|bool }}"
|
when:
|
||||||
|
- download.enabled|bool
|
||||||
|
- not download.container|bool
|
||||||
tags: bootstrap-os
|
tags: bootstrap-os
|
||||||
|
|
||||||
- name: Download items
|
- name: Download items
|
||||||
|
@ -23,7 +27,9 @@
|
||||||
until: "'OK' in get_url_result.msg or 'file already exists' in get_url_result.msg"
|
until: "'OK' in get_url_result.msg or 'file already exists' in get_url_result.msg"
|
||||||
retries: 4
|
retries: 4
|
||||||
delay: "{{ retry_stagger | random + 3 }}"
|
delay: "{{ retry_stagger | random + 3 }}"
|
||||||
when: "{{ download.enabled|bool and not download.container|bool }}"
|
when:
|
||||||
|
- download.enabled|bool
|
||||||
|
- not download.container|bool
|
||||||
|
|
||||||
- name: Extract archives
|
- name: Extract archives
|
||||||
unarchive:
|
unarchive:
|
||||||
|
@ -32,7 +38,11 @@
|
||||||
owner: "{{ download.owner|default(omit) }}"
|
owner: "{{ download.owner|default(omit) }}"
|
||||||
mode: "{{ download.mode|default(omit) }}"
|
mode: "{{ download.mode|default(omit) }}"
|
||||||
copy: no
|
copy: no
|
||||||
when: "{{ download.enabled|bool and not download.container|bool and download.unarchive is defined and download.unarchive == True }}"
|
when:
|
||||||
|
- download.enabled|bool
|
||||||
|
- not download.container|bool
|
||||||
|
- download.unarchive is defined
|
||||||
|
- download.unarchive == True
|
||||||
|
|
||||||
- name: Fix permissions
|
- name: Fix permissions
|
||||||
file:
|
file:
|
||||||
|
@ -40,7 +50,10 @@
|
||||||
path: "{{local_release_dir}}/{{download.dest}}"
|
path: "{{local_release_dir}}/{{download.dest}}"
|
||||||
owner: "{{ download.owner|default(omit) }}"
|
owner: "{{ download.owner|default(omit) }}"
|
||||||
mode: "{{ download.mode|default(omit) }}"
|
mode: "{{ download.mode|default(omit) }}"
|
||||||
when: "{{ download.enabled|bool and not download.container|bool and (download.unarchive is not defined or download.unarchive == False) }}"
|
when:
|
||||||
|
- download.enabled|bool
|
||||||
|
- not download.container|bool
|
||||||
|
- (download.unarchive is not defined or download.unarchive == False)
|
||||||
|
|
||||||
- set_fact:
|
- set_fact:
|
||||||
download_delegate: "{% if download_localhost %}localhost{% else %}{{groups['kube-master'][0]}}{% endif %}"
|
download_delegate: "{% if download_localhost %}localhost{% else %}{{groups['kube-master'][0]}}{% endif %}"
|
||||||
|
@ -53,13 +66,15 @@
|
||||||
recurse: yes
|
recurse: yes
|
||||||
mode: 0755
|
mode: 0755
|
||||||
owner: "{{ansible_ssh_user|default(ansible_user_id)}}"
|
owner: "{{ansible_ssh_user|default(ansible_user_id)}}"
|
||||||
when: "{{ download.enabled|bool and download.container|bool }}"
|
when:
|
||||||
|
- download.enabled|bool
|
||||||
|
- download.container|bool
|
||||||
tags: bootstrap-os
|
tags: bootstrap-os
|
||||||
|
|
||||||
# This is required for the download_localhost delegate to work smooth with Container Linux by CoreOS cluster nodes
|
# This is required for the download_localhost delegate to work smooth with Container Linux by CoreOS cluster nodes
|
||||||
- name: Hack python binary path for localhost
|
- name: Hack python binary path for localhost
|
||||||
raw: sh -c "mkdir -p /opt/bin; ln -sf /usr/bin/python /opt/bin/python"
|
raw: sh -c "mkdir -p /opt/bin; ln -sf /usr/bin/python /opt/bin/python"
|
||||||
when: "{{ download_delegate == 'localhost' }}"
|
when: download_delegate == 'localhost'
|
||||||
delegate_to: localhost
|
delegate_to: localhost
|
||||||
failed_when: false
|
failed_when: false
|
||||||
run_once: true
|
run_once: true
|
||||||
|
@ -73,12 +88,18 @@
|
||||||
delegate_to: localhost
|
delegate_to: localhost
|
||||||
become: false
|
become: false
|
||||||
run_once: true
|
run_once: true
|
||||||
when: "{{ download_run_once|bool and download.enabled|bool and download.container|bool and download_delegate == 'localhost' }}"
|
when:
|
||||||
|
- download_run_once|bool
|
||||||
|
- download.enabled|bool
|
||||||
|
- download.container|bool
|
||||||
|
- download_delegate == 'localhost'
|
||||||
tags: localhost
|
tags: localhost
|
||||||
|
|
||||||
- name: Make download decision if pull is required by tag or sha256
|
- name: Make download decision if pull is required by tag or sha256
|
||||||
include: set_docker_image_facts.yml
|
include: set_docker_image_facts.yml
|
||||||
when: "{{ download.enabled|bool and download.container|bool }}"
|
when:
|
||||||
|
- download.enabled|bool
|
||||||
|
- download.container|bool
|
||||||
delegate_to: "{{ download_delegate if download_run_once|bool else inventory_hostname }}"
|
delegate_to: "{{ download_delegate if download_run_once|bool else inventory_hostname }}"
|
||||||
run_once: "{{ download_run_once|bool }}"
|
run_once: "{{ download_run_once|bool }}"
|
||||||
tags: facts
|
tags: facts
|
||||||
|
@ -86,7 +107,9 @@
|
||||||
- name: pulling...
|
- name: pulling...
|
||||||
debug:
|
debug:
|
||||||
msg: "{{ pull_args }}"
|
msg: "{{ pull_args }}"
|
||||||
when: "{{ download.enabled|bool and download.container|bool }}"
|
when:
|
||||||
|
- download.enabled|bool
|
||||||
|
- download.container|bool
|
||||||
|
|
||||||
#NOTE(bogdando) this brings no docker-py deps for nodes
|
#NOTE(bogdando) this brings no docker-py deps for nodes
|
||||||
- name: Download containers if pull is required or told to always pull
|
- name: Download containers if pull is required or told to always pull
|
||||||
|
@ -95,7 +118,10 @@
|
||||||
until: pull_task_result|succeeded
|
until: pull_task_result|succeeded
|
||||||
retries: 4
|
retries: 4
|
||||||
delay: "{{ retry_stagger | random + 3 }}"
|
delay: "{{ retry_stagger | random + 3 }}"
|
||||||
when: "{{ download.enabled|bool and download.container|bool and pull_required|bool|default(download_always_pull) }}"
|
when:
|
||||||
|
- download.enabled|bool
|
||||||
|
- download.container|bool
|
||||||
|
- pull_required|bool|default(download_always_pull)
|
||||||
delegate_to: "{{ download_delegate if download_run_once|bool else inventory_hostname }}"
|
delegate_to: "{{ download_delegate if download_run_once|bool else inventory_hostname }}"
|
||||||
run_once: "{{ download_run_once|bool }}"
|
run_once: "{{ download_run_once|bool }}"
|
||||||
|
|
||||||
|
@ -110,7 +136,10 @@
|
||||||
- name: "Update the 'container_changed' fact"
|
- name: "Update the 'container_changed' fact"
|
||||||
set_fact:
|
set_fact:
|
||||||
container_changed: "{{ pull_required|bool|default(false) or not 'up to date' in pull_task_result.stdout }}"
|
container_changed: "{{ pull_required|bool|default(false) or not 'up to date' in pull_task_result.stdout }}"
|
||||||
when: "{{ download.enabled|bool and download.container|bool and pull_required|bool|default(download_always_pull) }}"
|
when:
|
||||||
|
- download.enabled|bool
|
||||||
|
- download.container|bool
|
||||||
|
- pull_required|bool|default(download_always_pull)
|
||||||
delegate_to: "{{ download_delegate if download_run_once|bool else inventory_hostname }}"
|
delegate_to: "{{ download_delegate if download_run_once|bool else inventory_hostname }}"
|
||||||
run_once: "{{ download_run_once|bool }}"
|
run_once: "{{ download_run_once|bool }}"
|
||||||
tags: facts
|
tags: facts
|
||||||
|
@ -120,7 +149,10 @@
|
||||||
path: "{{fname}}"
|
path: "{{fname}}"
|
||||||
register: img
|
register: img
|
||||||
changed_when: false
|
changed_when: false
|
||||||
when: "{{ download.enabled|bool and download.container|bool and download_run_once|bool }}"
|
when:
|
||||||
|
- download.enabled|bool
|
||||||
|
- download.container|bool
|
||||||
|
- download_run_once|bool
|
||||||
delegate_to: "{{ download_delegate }}"
|
delegate_to: "{{ download_delegate }}"
|
||||||
become: false
|
become: false
|
||||||
run_once: true
|
run_once: true
|
||||||
|
@ -131,7 +163,12 @@
|
||||||
delegate_to: "{{ download_delegate }}"
|
delegate_to: "{{ download_delegate }}"
|
||||||
register: saved
|
register: saved
|
||||||
run_once: true
|
run_once: true
|
||||||
when: (not ansible_os_family in ["CoreOS", "Container Linux by CoreOS"] or download_delegate == "localhost") and download_run_once|bool and download.enabled|bool and download.container|bool and (container_changed|bool or not img.stat.exists)
|
when:
|
||||||
|
- (not ansible_os_family in ["CoreOS", "Container Linux by CoreOS"] or download_delegate == "localhost")
|
||||||
|
- download_run_once|bool
|
||||||
|
- download.enabled|bool
|
||||||
|
- download.container|bool
|
||||||
|
- (container_changed|bool or not img.stat.exists)
|
||||||
|
|
||||||
- name: Download | copy container images to ansible host
|
- name: Download | copy container images to ansible host
|
||||||
synchronize:
|
synchronize:
|
||||||
|
@ -140,7 +177,14 @@
|
||||||
mode: pull
|
mode: pull
|
||||||
delegate_to: localhost
|
delegate_to: localhost
|
||||||
become: false
|
become: false
|
||||||
when: not ansible_os_family in ["CoreOS", "Container Linux by CoreOS"] and inventory_hostname == groups['kube-master'][0] and download_delegate != "localhost" and download_run_once|bool and download.enabled|bool and download.container|bool and saved.changed
|
when:
|
||||||
|
- not ansible_os_family in ["CoreOS", "Container Linux by CoreOS"]
|
||||||
|
- inventory_hostname == groups['kube-master'][0]
|
||||||
|
- download_delegate != "localhost"
|
||||||
|
- download_run_once|bool
|
||||||
|
- download.enabled|bool
|
||||||
|
- download.container|bool
|
||||||
|
- saved.changed
|
||||||
|
|
||||||
- name: Download | upload container images to nodes
|
- name: Download | upload container images to nodes
|
||||||
synchronize:
|
synchronize:
|
||||||
|
@ -153,10 +197,21 @@
|
||||||
until: get_task|succeeded
|
until: get_task|succeeded
|
||||||
retries: 4
|
retries: 4
|
||||||
delay: "{{ retry_stagger | random + 3 }}"
|
delay: "{{ retry_stagger | random + 3 }}"
|
||||||
when: (not ansible_os_family in ["CoreOS", "Container Linux by CoreOS"] and inventory_hostname != groups['kube-master'][0] or download_delegate == "localhost") and download_run_once|bool and download.enabled|bool and download.container|bool
|
when:
|
||||||
|
- (not ansible_os_family in ["CoreOS", "Container Linux by CoreOS"] and
|
||||||
|
inventory_hostname != groups['kube-master'][0] or
|
||||||
|
download_delegate == "localhost")
|
||||||
|
- download_run_once|bool
|
||||||
|
- download.enabled|bool
|
||||||
|
- download.container|bool
|
||||||
tags: [upload, upgrade]
|
tags: [upload, upgrade]
|
||||||
|
|
||||||
- name: Download | load container images
|
- name: Download | load container images
|
||||||
shell: "{{ docker_bin_dir }}/docker load < {{ fname }}"
|
shell: "{{ docker_bin_dir }}/docker load < {{ fname }}"
|
||||||
when: (not ansible_os_family in ["CoreOS", "Container Linux by CoreOS"] and inventory_hostname != groups['kube-master'][0] or download_delegate == "localhost") and download_run_once|bool and download.enabled|bool and download.container|bool
|
when:
|
||||||
|
- (not ansible_os_family in ["CoreOS", "Container Linux by CoreOS"] and
|
||||||
|
inventory_hostname != groups['kube-master'][0] or download_delegate == "localhost")
|
||||||
|
- download_run_once|bool
|
||||||
|
- download.enabled|bool
|
||||||
|
- download.container|bool
|
||||||
tags: [upload, upgrade]
|
tags: [upload, upgrade]
|
||||||
|
|
|
@ -17,7 +17,7 @@
|
||||||
|
|
||||||
- set_fact:
|
- set_fact:
|
||||||
wait_for_delegate: "{{hostvars['bastion']['ansible_ssh_host']}}"
|
wait_for_delegate: "{{hostvars['bastion']['ansible_ssh_host']}}"
|
||||||
when: "{{ 'bastion' in groups['all'] }}"
|
when: "'bastion' in groups['all']"
|
||||||
|
|
||||||
- name: wait for bastion to come back
|
- name: wait for bastion to come back
|
||||||
wait_for:
|
wait_for:
|
||||||
|
@ -27,7 +27,7 @@
|
||||||
timeout: 300
|
timeout: 300
|
||||||
become: false
|
become: false
|
||||||
delegate_to: localhost
|
delegate_to: localhost
|
||||||
when: "is_bastion"
|
when: is_bastion
|
||||||
|
|
||||||
- name: waiting for server to come back (using bastion if necessary)
|
- name: waiting for server to come back (using bastion if necessary)
|
||||||
wait_for:
|
wait_for:
|
||||||
|
@ -37,4 +37,4 @@
|
||||||
timeout: 300
|
timeout: 300
|
||||||
become: false
|
become: false
|
||||||
delegate_to: "{{ wait_for_delegate }}"
|
delegate_to: "{{ wait_for_delegate }}"
|
||||||
when: "not is_bastion"
|
when: not is_bastion
|
||||||
|
|
|
@ -17,7 +17,10 @@
|
||||||
line: "{{ loadbalancer_apiserver.address }} {{ apiserver_loadbalancer_domain_name| default('lb-apiserver.kubernetes.local') }}"
|
line: "{{ loadbalancer_apiserver.address }} {{ apiserver_loadbalancer_domain_name| default('lb-apiserver.kubernetes.local') }}"
|
||||||
state: present
|
state: present
|
||||||
backup: yes
|
backup: yes
|
||||||
when: loadbalancer_apiserver is defined and loadbalancer_apiserver.address is defined and apiserver_loadbalancer_domain_name is defined
|
when:
|
||||||
|
- loadbalancer_apiserver is defined
|
||||||
|
- loadbalancer_apiserver.address is defined
|
||||||
|
- apiserver_loadbalancer_domain_name is defined
|
||||||
|
|
||||||
- name: Hosts | localhost ipv4 in hosts file
|
- name: Hosts | localhost ipv4 in hosts file
|
||||||
lineinfile:
|
lineinfile:
|
||||||
|
|
|
@ -43,7 +43,7 @@
|
||||||
path: "{{ kube_config_dir }}"
|
path: "{{ kube_config_dir }}"
|
||||||
state: directory
|
state: directory
|
||||||
owner: kube
|
owner: kube
|
||||||
when: "{{ inventory_hostname in groups['k8s-cluster'] }}"
|
when: inventory_hostname in groups['k8s-cluster']
|
||||||
tags: [kubelet, k8s-secrets, kube-controller-manager, kube-apiserver, bootstrap-os, apps, network, master, node]
|
tags: [kubelet, k8s-secrets, kube-controller-manager, kube-apiserver, bootstrap-os, apps, network, master, node]
|
||||||
|
|
||||||
- name: Create kubernetes script directory
|
- name: Create kubernetes script directory
|
||||||
|
@ -51,7 +51,7 @@
|
||||||
path: "{{ kube_script_dir }}"
|
path: "{{ kube_script_dir }}"
|
||||||
state: directory
|
state: directory
|
||||||
owner: kube
|
owner: kube
|
||||||
when: "{{ inventory_hostname in groups['k8s-cluster'] }}"
|
when: "inventory_hostname in groups['k8s-cluster']"
|
||||||
tags: [k8s-secrets, bootstrap-os]
|
tags: [k8s-secrets, bootstrap-os]
|
||||||
|
|
||||||
- name: Create kubernetes manifests directory
|
- name: Create kubernetes manifests directory
|
||||||
|
@ -59,17 +59,21 @@
|
||||||
path: "{{ kube_manifest_dir }}"
|
path: "{{ kube_manifest_dir }}"
|
||||||
state: directory
|
state: directory
|
||||||
owner: kube
|
owner: kube
|
||||||
when: "{{ inventory_hostname in groups['k8s-cluster'] }}"
|
when: "inventory_hostname in groups['k8s-cluster']"
|
||||||
tags: [kubelet, bootstrap-os, master, node]
|
tags: [kubelet, bootstrap-os, master, node]
|
||||||
|
|
||||||
- name: check cloud_provider value
|
- name: check cloud_provider value
|
||||||
fail:
|
fail:
|
||||||
msg: "If set the 'cloud_provider' var must be set either to 'generic', 'gce', 'aws', 'azure', 'openstack' or 'vsphere'"
|
msg: "If set the 'cloud_provider' var must be set either to 'generic', 'gce', 'aws', 'azure', 'openstack' or 'vsphere'"
|
||||||
when: cloud_provider is defined and cloud_provider not in ['generic', 'gce', 'aws', 'azure', 'openstack', 'vsphere']
|
when:
|
||||||
|
- cloud_provider is defined
|
||||||
|
- cloud_provider not in ['generic', 'gce', 'aws', 'azure', 'openstack', 'vsphere']
|
||||||
tags: [cloud-provider, facts]
|
tags: [cloud-provider, facts]
|
||||||
|
|
||||||
- include: "{{ cloud_provider }}-credential-check.yml"
|
- include: "{{ cloud_provider }}-credential-check.yml"
|
||||||
when: cloud_provider is defined and cloud_provider in [ 'openstack', 'azure', 'vsphere' ]
|
when:
|
||||||
|
- cloud_provider is defined
|
||||||
|
- cloud_provider in [ 'openstack', 'azure', 'vsphere' ]
|
||||||
tags: [cloud-provider, facts]
|
tags: [cloud-provider, facts]
|
||||||
|
|
||||||
- name: Create cni directories
|
- name: Create cni directories
|
||||||
|
@ -80,7 +84,9 @@
|
||||||
with_items:
|
with_items:
|
||||||
- "/etc/cni/net.d"
|
- "/etc/cni/net.d"
|
||||||
- "/opt/cni/bin"
|
- "/opt/cni/bin"
|
||||||
when: kube_network_plugin in ["calico", "weave", "canal"] and "{{ inventory_hostname in groups['k8s-cluster'] }}"
|
when:
|
||||||
|
- kube_network_plugin in ["calico", "weave", "canal"]
|
||||||
|
- inventory_hostname in groups['k8s-cluster']
|
||||||
tags: [network, calico, weave, canal, bootstrap-os]
|
tags: [network, calico, weave, canal, bootstrap-os]
|
||||||
|
|
||||||
- name: Update package management cache (YUM)
|
- name: Update package management cache (YUM)
|
||||||
|
@ -91,7 +97,9 @@
|
||||||
until: yum_task_result|succeeded
|
until: yum_task_result|succeeded
|
||||||
retries: 4
|
retries: 4
|
||||||
delay: "{{ retry_stagger | random + 3 }}"
|
delay: "{{ retry_stagger | random + 3 }}"
|
||||||
when: ansible_pkg_mgr == 'yum' and not is_atomic
|
when:
|
||||||
|
- ansible_pkg_mgr == 'yum'
|
||||||
|
- not is_atomic
|
||||||
tags: bootstrap-os
|
tags: bootstrap-os
|
||||||
|
|
||||||
- name: Install latest version of python-apt for Debian distribs
|
- name: Install latest version of python-apt for Debian distribs
|
||||||
|
@ -109,14 +117,17 @@
|
||||||
until: dnf_task_result|succeeded
|
until: dnf_task_result|succeeded
|
||||||
retries: 4
|
retries: 4
|
||||||
delay: "{{ retry_stagger | random + 3 }}"
|
delay: "{{ retry_stagger | random + 3 }}"
|
||||||
when: ansible_distribution == "Fedora" and
|
when:
|
||||||
ansible_distribution_major_version > 21
|
- ansible_distribution == "Fedora"
|
||||||
|
- ansible_distribution_major_version > 21
|
||||||
changed_when: False
|
changed_when: False
|
||||||
tags: bootstrap-os
|
tags: bootstrap-os
|
||||||
|
|
||||||
- name: Install epel-release on RedHat/CentOS
|
- name: Install epel-release on RedHat/CentOS
|
||||||
shell: rpm -qa | grep epel-release || rpm -ivh {{ epel_rpm_download_url }}
|
shell: rpm -qa | grep epel-release || rpm -ivh {{ epel_rpm_download_url }}
|
||||||
when: ansible_distribution in ["CentOS","RedHat"] and not is_atomic
|
when:
|
||||||
|
- ansible_distribution in ["CentOS","RedHat"]
|
||||||
|
- not is_atomic
|
||||||
register: epel_task_result
|
register: epel_task_result
|
||||||
until: epel_task_result|succeeded
|
until: epel_task_result|succeeded
|
||||||
retries: 4
|
retries: 4
|
||||||
|
@ -149,7 +160,9 @@
|
||||||
selinux:
|
selinux:
|
||||||
policy: targeted
|
policy: targeted
|
||||||
state: permissive
|
state: permissive
|
||||||
when: ansible_os_family == "RedHat" and slc.stat.exists == True
|
when:
|
||||||
|
- ansible_os_family == "RedHat"
|
||||||
|
- slc.stat.exists == True
|
||||||
changed_when: False
|
changed_when: False
|
||||||
tags: bootstrap-os
|
tags: bootstrap-os
|
||||||
|
|
||||||
|
@ -159,7 +172,9 @@
|
||||||
line: "precedence ::ffff:0:0/96 100"
|
line: "precedence ::ffff:0:0/96 100"
|
||||||
state: present
|
state: present
|
||||||
backup: yes
|
backup: yes
|
||||||
when: disable_ipv6_dns and not ansible_os_family in ["CoreOS", "Container Linux by CoreOS"]
|
when:
|
||||||
|
- disable_ipv6_dns
|
||||||
|
- not ansible_os_family in ["CoreOS", "Container Linux by CoreOS"]
|
||||||
tags: bootstrap-os
|
tags: bootstrap-os
|
||||||
|
|
||||||
- name: set default sysctl file path
|
- name: set default sysctl file path
|
||||||
|
@ -176,7 +191,9 @@
|
||||||
- name: Change sysctl file path to link source if linked
|
- name: Change sysctl file path to link source if linked
|
||||||
set_fact:
|
set_fact:
|
||||||
sysctl_file_path: "{{sysctl_file_stat.stat.lnk_source}}"
|
sysctl_file_path: "{{sysctl_file_stat.stat.lnk_source}}"
|
||||||
when: sysctl_file_stat.stat.islnk is defined and sysctl_file_stat.stat.islnk
|
when:
|
||||||
|
- sysctl_file_stat.stat.islnk is defined
|
||||||
|
- sysctl_file_stat.stat.islnk
|
||||||
tags: bootstrap-os
|
tags: bootstrap-os
|
||||||
|
|
||||||
- name: Enable ip forwarding
|
- name: Enable ip forwarding
|
||||||
|
@ -193,22 +210,33 @@
|
||||||
dest: "{{ kube_config_dir }}/cloud_config"
|
dest: "{{ kube_config_dir }}/cloud_config"
|
||||||
group: "{{ kube_cert_group }}"
|
group: "{{ kube_cert_group }}"
|
||||||
mode: 0640
|
mode: 0640
|
||||||
when: inventory_hostname in groups['k8s-cluster'] and cloud_provider is defined and cloud_provider in [ 'openstack', 'azure', 'vsphere' ]
|
when:
|
||||||
|
- inventory_hostname in groups['k8s-cluster']
|
||||||
|
- cloud_provider is defined
|
||||||
|
- cloud_provider in [ 'openstack', 'azure', 'vsphere' ]
|
||||||
tags: [cloud-provider]
|
tags: [cloud-provider]
|
||||||
|
|
||||||
- include: etchosts.yml
|
- include: etchosts.yml
|
||||||
tags: [bootstrap-os, etchosts]
|
tags: [bootstrap-os, etchosts]
|
||||||
|
|
||||||
- include: resolvconf.yml
|
- include: resolvconf.yml
|
||||||
when: dns_mode != 'none' and resolvconf_mode == 'host_resolvconf'
|
when:
|
||||||
|
- dns_mode != 'none'
|
||||||
|
- resolvconf_mode == 'host_resolvconf'
|
||||||
tags: [bootstrap-os, resolvconf]
|
tags: [bootstrap-os, resolvconf]
|
||||||
|
|
||||||
- include: dhclient-hooks.yml
|
- include: dhclient-hooks.yml
|
||||||
when: dns_mode != 'none' and resolvconf_mode == 'host_resolvconf' and not ansible_os_family in ["CoreOS", "Container Linux by CoreOS"]
|
when:
|
||||||
|
- dns_mode != 'none'
|
||||||
|
- resolvconf_mode == 'host_resolvconf'
|
||||||
|
- not ansible_os_family in ["CoreOS", "Container Linux by CoreOS"]
|
||||||
tags: [bootstrap-os, resolvconf]
|
tags: [bootstrap-os, resolvconf]
|
||||||
|
|
||||||
- include: dhclient-hooks-undo.yml
|
- include: dhclient-hooks-undo.yml
|
||||||
when: dns_mode != 'none' and resolvconf_mode != 'host_resolvconf' and not ansible_os_family in ["CoreOS", "Container Linux by CoreOS"]
|
when:
|
||||||
|
- dns_mode != 'none'
|
||||||
|
- resolvconf_mode != 'host_resolvconf'
|
||||||
|
- not ansible_os_family in ["CoreOS", "Container Linux by CoreOS"]
|
||||||
tags: [bootstrap-os, resolvconf]
|
tags: [bootstrap-os, resolvconf]
|
||||||
|
|
||||||
- name: Check if we are running inside a Azure VM
|
- name: Check if we are running inside a Azure VM
|
||||||
|
@ -218,7 +246,7 @@
|
||||||
tags: bootstrap-os
|
tags: bootstrap-os
|
||||||
|
|
||||||
- include: growpart-azure-centos-7.yml
|
- include: growpart-azure-centos-7.yml
|
||||||
when: azure_check.stat.exists and
|
when:
|
||||||
ansible_distribution in ["CentOS","RedHat"]
|
- azure_check.stat.exists
|
||||||
|
- ansible_distribution in ["CentOS","RedHat"]
|
||||||
tags: bootstrap-os
|
tags: bootstrap-os
|
||||||
|
|
||||||
|
|
|
@ -6,7 +6,7 @@
|
||||||
with_items: "{{ groups['kube-master'] }}"
|
with_items: "{{ groups['kube-master'] }}"
|
||||||
|
|
||||||
- include: ../../../vault/tasks/shared/sync_file.yml
|
- include: ../../../vault/tasks/shared/sync_file.yml
|
||||||
vars:
|
vars:
|
||||||
sync_file: "{{ item }}"
|
sync_file: "{{ item }}"
|
||||||
sync_file_dir: "{{ kube_cert_dir }}"
|
sync_file_dir: "{{ kube_cert_dir }}"
|
||||||
sync_file_group: "{{ kube_cert_group }}"
|
sync_file_group: "{{ kube_cert_group }}"
|
||||||
|
@ -38,7 +38,7 @@
|
||||||
set_fact:
|
set_fact:
|
||||||
kube_api_certs_needed: "{{ item.path }}"
|
kube_api_certs_needed: "{{ item.path }}"
|
||||||
with_items: "{{ sync_file_results|d([]) }}"
|
with_items: "{{ sync_file_results|d([]) }}"
|
||||||
when: "{{ item.no_srcs }}"
|
when: item.no_srcs
|
||||||
|
|
||||||
- name: sync_kube_master_certs | Unset sync_file_results after apiserver cert
|
- name: sync_kube_master_certs | Unset sync_file_results after apiserver cert
|
||||||
set_fact:
|
set_fact:
|
||||||
|
@ -46,7 +46,7 @@
|
||||||
|
|
||||||
|
|
||||||
- include: ../../../vault/tasks/shared/sync_file.yml
|
- include: ../../../vault/tasks/shared/sync_file.yml
|
||||||
vars:
|
vars:
|
||||||
sync_file: ca.pem
|
sync_file: ca.pem
|
||||||
sync_file_dir: "{{ kube_cert_dir }}"
|
sync_file_dir: "{{ kube_cert_dir }}"
|
||||||
sync_file_group: "{{ kube_cert_group }}"
|
sync_file_group: "{{ kube_cert_group }}"
|
||||||
|
|
|
@ -56,7 +56,7 @@
|
||||||
retries: 4
|
retries: 4
|
||||||
delay: "{{ retry_stagger | random + 3 }}"
|
delay: "{{ retry_stagger | random + 3 }}"
|
||||||
changed_when: false
|
changed_when: false
|
||||||
when: "{{ overwrite_hyperkube_cni|bool }}"
|
when: overwrite_hyperkube_cni|bool
|
||||||
tags: [hyperkube, upgrade]
|
tags: [hyperkube, upgrade]
|
||||||
|
|
||||||
- name: Calico | Set cni directory permissions
|
- name: Calico | Set cni directory permissions
|
||||||
|
|
|
@ -3,7 +3,7 @@
|
||||||
- name: bootstrap/start_vault_temp | Ensure vault-temp isn't already running
|
- name: bootstrap/start_vault_temp | Ensure vault-temp isn't already running
|
||||||
shell: if docker rm -f {{ vault_temp_container_name }} 2>&1 1>/dev/null;then echo true;else echo false;fi
|
shell: if docker rm -f {{ vault_temp_container_name }} 2>&1 1>/dev/null;then echo true;else echo false;fi
|
||||||
register: vault_temp_stop_check
|
register: vault_temp_stop_check
|
||||||
changed_when: "{{ 'true' in vault_temp_stop_check.stdout }}"
|
changed_when: "'true' in vault_temp_stop_check.stdout"
|
||||||
|
|
||||||
- name: bootstrap/start_vault_temp | Start single node Vault with file backend
|
- name: bootstrap/start_vault_temp | Start single node Vault with file backend
|
||||||
command: >
|
command: >
|
||||||
|
|
Loading…
Reference in a new issue