From 417a931f7838f3a4a6b309edb96afcdfc90a635c Mon Sep 17 00:00:00 2001 From: Bogdan Dobrelya Date: Thu, 24 Nov 2016 16:33:45 +0100 Subject: [PATCH] Fix download dnsmasq image dependency on docker When download_run_once with download_localhost is used, docker is expected to be running on the delegate localhost. That may be not the case for a non localhost delegate, which is the kube-master otherwise. Then the dnsmasq role, had it been invoked early before deployment starts, would fail because of the missing docker dependency. * Fix that dependency on docker and do not pre download dnsmasq image for the dnsmasq role, if download_localhost is disabled. * Remove become: false for docker CLI invocation because that's not the common pattern to allow users access docker CLI w/o sudo. * Fix opt bin path hack for localhost delegate to ignore errors when it fails with "sudo password required" otherwise. * Describe download_run_once with download_localhost use case in docs as well. Signed-off-by: Bogdan Dobrelya --- docs/large-deployments.md | 10 ++++++++-- roles/dnsmasq/meta/main.yml | 2 +- roles/download/tasks/main.yml | 2 +- 3 files changed, 10 insertions(+), 4 deletions(-) diff --git a/docs/large-deployments.md b/docs/large-deployments.md index 2a36c3ebc..3d37fae57 100644 --- a/docs/large-deployments.md +++ b/docs/large-deployments.md @@ -8,8 +8,14 @@ For a large scaled deployments, consider the following configuration changes: * Override containers' `foo_image_repo` vars to point to intranet registry. -* Override the ``download_run_once: true`` to download binaries and container - images only once then push to nodes in batches. +* Override the ``download_run_once: true`` to download container images only once + then push to cluster nodes in batches. The default delegate node + for pushing images is the first kube-master. Note, if you have passwordless sudo + and docker enabled on the separate admin node, you may want to define the + ``download_localhost: true``, which makes that node a delegate for pushing images + while running the deployment with ansible. This maybe the case if cluster nodes + cannot access each over via ssh or you want to use local docker images as a cache + for multiple clusters. * Adjust the `retry_stagger` global var as appropriate. It should provide sane load on a delegate (the first K8s master node) then retrying failed diff --git a/roles/dnsmasq/meta/main.yml b/roles/dnsmasq/meta/main.yml index 41c3b9736..7a1c8ca17 100644 --- a/roles/dnsmasq/meta/main.yml +++ b/roles/dnsmasq/meta/main.yml @@ -2,4 +2,4 @@ dependencies: - role: download file: "{{ downloads.dnsmasq }}" - when: not skip_dnsmasq|default(false) + when: not skip_dnsmasq|default(false) and download_localhost|default(false) diff --git a/roles/download/tasks/main.yml b/roles/download/tasks/main.yml index 273e6817c..0dc2d5daa 100644 --- a/roles/download/tasks/main.yml +++ b/roles/download/tasks/main.yml @@ -55,6 +55,7 @@ raw: sh -c "mkdir -p /opt/bin; ln -sf /usr/bin/python /opt/bin/python" when: "{{ download_delegate == 'localhost' }}" delegate_to: localhost + ignore_errors: true run_once: true - name: Download | create local directory for saved/loaded container images @@ -103,7 +104,6 @@ delegate_to: "{{ download_delegate }}" register: saved run_once: true - become: false when: (ansible_os_family != "CoreOS" or download_delegate == "localhost") and download_run_once|bool and download.enabled|bool and download.container|bool and (container_changed|bool or not img.stat.exists) - name: Download | copy container images to ansible host