C12s/c12s-kubespray
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge pull request #1046 from skyscooby/pedantic-syntax-cleanup

Browse source 
Cleanup legacy syntax, spacing, files all to yml
This commit is contained in:
Matthew Mosesohn 2017-02-21 17:03:16 +03:00 committed by GitHub
commit 0afadb9149
45 changed files with 291 additions and 109 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
reset.yml
View file

@ -9,7 +9,8 @@
pre_tasks: pre_tasks:
- name: check confirmation - name: check confirmation
fail: msg="Reset confirmation failed" fail:
msg: "Reset confirmation failed"
when: reset_confirmation != "yes" when: reset_confirmation != "yes"
roles: roles:

4
roles/adduser/tasks/main.yml
View file

@ -1,6 +1,8 @@
--- ---
- name: User | Create User Group - name: User | Create User Group
group: name={{user.group|default(user.name)}} system={{user.system|default(omit)}} group:
name: "{{user.group|default(user.name)}}"
system: "{{user.system|default(omit)}}"
- name: User | Create User - name: User | Create User
user: user:

4
roles/bastion-ssh-config/tasks/main.yml
View file

@ -15,4 +15,6 @@
- name: create ssh bastion conf - name: create ssh bastion conf
become: false become: false
template: src=ssh-bastion.conf dest="{{ playbook_dir }}/ssh-bastion.conf" template:
src: ssh-bastion.conf
dest: "{{ playbook_dir }}/ssh-bastion.conf"

3
roles/bootstrap-os/tasks/bootstrap-centos.yml
View file

@ -1,7 +1,8 @@
--- ---
- name: Check presence of fastestmirror.conf - name: Check presence of fastestmirror.conf
stat: path=/etc/yum/pluginconf.d/fastestmirror.conf stat:
path: /etc/yum/pluginconf.d/fastestmirror.conf
register: fastestmirror register: fastestmirror
# fastestmirror plugin actually slows down Ansible deployments # fastestmirror plugin actually slows down Ansible deployments

13
roles/bootstrap-os/tasks/bootstrap-coreos.yml
View file

@ -23,7 +23,9 @@
tags: facts tags: facts
- name: Bootstrap | Copy get-pip.py - name: Bootstrap | Copy get-pip.py
copy: src=get-pip.py dest=~/get-pip.py copy:
src: get-pip.py
dest: ~/get-pip.py
when: (need_pip | failed) when: (need_pip | failed)
- name: Bootstrap | Install pip - name: Bootstrap | Install pip
@ -31,11 +33,16 @@
when: (need_pip | failed) when: (need_pip | failed)
- name: Bootstrap | Remove get-pip.py - name: Bootstrap | Remove get-pip.py
file: path=~/get-pip.py state=absent file:
path: ~/get-pip.py
state: absent
when: (need_pip | failed) when: (need_pip | failed)
- name: Bootstrap | Install pip launcher - name: Bootstrap | Install pip launcher
copy: src=runner dest=/opt/bin/pip mode=0755 copy:
src: runner
dest: /opt/bin/pip
mode: 0755
when: (need_pip | failed) when: (need_pip | failed)
- name: Install required python modules - name: Install required python modules

5
roles/bootstrap-os/tasks/setup-pipelining.yml
View file

@ -2,5 +2,8 @@
# Remove requiretty to make ssh pipelining work # Remove requiretty to make ssh pipelining work
- name: Remove require tty - name: Remove require tty
lineinfile: regexp="^\w+\s+requiretty" dest=/etc/sudoers state=absent lineinfile:
regexp: '^\w+\s+requiretty'
dest: /etc/sudoers
state: absent

7
roles/dnsmasq/tasks/main.yml
View file

@ -34,7 +34,8 @@
register: dnsmasq_config register: dnsmasq_config
- name: Stat dnsmasq configuration - name: Stat dnsmasq configuration
stat: path=/etc/dnsmasq.d/01-kube-dns.conf stat:
path: /etc/dnsmasq.d/01-kube-dns.conf
register: sym register: sym
- name: Move previous configuration - name: Move previous configuration
@ -49,7 +50,9 @@
state: link state: link
- name: Create dnsmasq manifests - name: Create dnsmasq manifests
template: src={{item.file}} dest={{kube_config_dir}}/{{item.file}} template:
src: "{{item.file}}"
dest: "{{kube_config_dir}}/{{item.file}}"
with_items: with_items:
- {file: dnsmasq-ds.yml, type: ds} - {file: dnsmasq-ds.yml, type: ds}
- {file: dnsmasq-svc.yml, type: svc} - {file: dnsmasq-svc.yml, type: svc}

4
roles/docker/handlers/main.yml
View file

@ -23,7 +23,9 @@
state: restarted state: restarted
- name: Docker | pause while Docker restarts - name: Docker | pause while Docker restarts
pause: seconds=10 prompt="Waiting for docker restart" pause:
seconds: 10
prompt: "Waiting for docker restart"
- name: Docker | wait for docker - name: Docker | wait for docker
command: "{{ docker_bin_dir }}/docker images" command: "{{ docker_bin_dir }}/docker images"

9
roles/docker/tasks/set_facts_dns.yml
View file

@ -51,13 +51,16 @@
when: system_search_domains.stdout != "" when: system_search_domains.stdout != ""
- name: check number of nameservers - name: check number of nameservers
fail: msg="Too many nameservers" fail:
msg: "Too many nameservers"
when: docker_dns_servers|length > 3 when: docker_dns_servers|length > 3
- name: check number of search domains - name: check number of search domains
fail: msg="Too many search domains" fail:
msg: "Too many search domains"
when: docker_dns_search_domains|length > 6 when: docker_dns_search_domains|length > 6
- name: check length of search domains - name: check length of search domains
fail: msg="Search domains exceeded limit of 256 characters" fail:
msg: "Search domains exceeded limit of 256 characters"
when: docker_dns_search_domains|join(' ')|length > 256 when: docker_dns_search_domains|join(' ')|length > 256

4
roles/docker/tasks/systemd.yml
View file

@ -1,6 +1,8 @@
--- ---
- name: Create docker service systemd directory if it doesn't exist - name: Create docker service systemd directory if it doesn't exist
file: path=/etc/systemd/system/docker.service.d state=directory file:
path: /etc/systemd/system/docker.service.d
state: directory
- name: Write docker proxy drop-in - name: Write docker proxy drop-in
template: template:

20
roles/download/tasks/main.yml
View file

@ -5,7 +5,10 @@
when: "{{ download.enabled|bool and not download.container|bool }}" when: "{{ download.enabled|bool and not download.container|bool }}"
- name: Create dest directories - name: Create dest directories
file: path={{local_release_dir}}/{{download.dest|dirname}} state=directory recurse=yes file:
path: "{{local_release_dir}}/{{download.dest|dirname}}"
state: directory
recurse: yes
when: "{{ download.enabled|bool and not download.container|bool }}" when: "{{ download.enabled|bool and not download.container|bool }}"
tags: bootstrap-os tags: bootstrap-os
@ -44,7 +47,12 @@
tags: facts tags: facts
- name: Create dest directory for saved/loaded container images - name: Create dest directory for saved/loaded container images
file: path="{{local_release_dir}}/containers" state=directory recurse=yes mode=0755 owner={{ansible_ssh_user|default(ansible_user_id)}} file:
path: "{{local_release_dir}}/containers"
state: directory
recurse: yes
mode: 0755
owner: "{{ansible_ssh_user|default(ansible_user_id)}}"
when: "{{ download.enabled|bool and download.container|bool }}" when: "{{ download.enabled|bool and download.container|bool }}"
tags: bootstrap-os tags: bootstrap-os
@ -58,7 +66,10 @@
tags: localhost tags: localhost
- name: Download | create local directory for saved/loaded container images - name: Download | create local directory for saved/loaded container images
file: path="{{local_release_dir}}/containers" state=directory recurse=yes file:
path: "{{local_release_dir}}/containers"
state: directory
recurse: yes
delegate_to: localhost delegate_to: localhost
become: false become: false
run_once: true run_once: true
@ -105,7 +116,8 @@
tags: facts tags: facts
- name: Stat saved container image - name: Stat saved container image
stat: path="{{fname}}" stat:
path: "{{fname}}"
register: img register: img
changed_when: false changed_when: false
when: "{{ download.enabled|bool and download.container|bool and download_run_once|bool }}" when: "{{ download.enabled|bool and download.container|bool and download_run_once|bool }}"

3
roles/download/tasks/set_docker_image_facts.yml
View file

@ -15,7 +15,8 @@
check_mode: no check_mode: no
when: not download_always_pull|bool when: not download_always_pull|bool
- set_fact: docker_images="{{docker_images_raw.stdout|regex_replace('\[|\]|\\n]','')|regex_replace('\s',',')}}" - set_fact:
docker_images: "{{docker_images_raw.stdout|regex_replace('\\[|\\]|\\n]','')|regex_replace('\\s',',')}}"
when: not download_always_pull|bool when: not download_always_pull|bool
- set_fact: - set_fact:

4
roles/etcd/handlers/main.yml
View file

@ -16,7 +16,9 @@
when: is_etcd_master when: is_etcd_master
- name: wait for etcd up - name: wait for etcd up
uri: url="https://{% if is_etcd_master %}{{ etcd_address }}{% else %}127.0.0.1{% endif %}:2379/health" validate_certs=no uri:
url: "https://{% if is_etcd_master %}{{ etcd_address }}{% else %}127.0.0.1{% endif %}:2379/health"
validate_certs: no
register: result register: result
until: result.status is defined and result.status == 200 until: result.status is defined and result.status == 200
retries: 10 retries: 10

30
roles/etcd/tasks/gen_certs_script.yml
View file

@ -1,11 +1,11 @@
--- ---
- name: Gen_certs | create etcd cert dir - name: Gen_certs | create etcd cert dir
file: file:
path={{ etcd_cert_dir }} path: "{{ etcd_cert_dir }}"
group={{ etcd_cert_group }} group: "{{ etcd_cert_group }}"
state=directory state: directory
owner=root owner: root
recurse=yes recurse: yes
- name: "Gen_certs | create etcd script dir (on {{groups['etcd'][0]}})" - name: "Gen_certs | create etcd script dir (on {{groups['etcd'][0]}})"
file: file:
@ -17,11 +17,11 @@
- name: "Gen_certs | create etcd cert dir (on {{groups['etcd'][0]}})" - name: "Gen_certs | create etcd cert dir (on {{groups['etcd'][0]}})"
file: file:
path={{ etcd_cert_dir }} path: "{{ etcd_cert_dir }}"
group={{ etcd_cert_group }} group: "{{ etcd_cert_group }}"
state=directory state: directory
owner=root owner: root
recurse=yes recurse: yes
run_once: yes run_once: yes
delegate_to: "{{groups['etcd'][0]}}" delegate_to: "{{groups['etcd'][0]}}"
@ -123,11 +123,11 @@
- name: Gen_certs | check certificate permissions - name: Gen_certs | check certificate permissions
file: file:
path={{ etcd_cert_dir }} path: "{{ etcd_cert_dir }}"
group={{ etcd_cert_group }} group: "{{ etcd_cert_group }}"
state=directory state: directory
owner=kube owner: kube
recurse=yes recurse: yes
- name: Gen_certs | set permissions on keys - name: Gen_certs | set permissions on keys
shell: chmod 0600 {{ etcd_cert_dir}}/*key.pem shell: chmod 0600 {{ etcd_cert_dir}}/*key.pem

7
roles/etcd/tasks/main.yml
View file

@ -5,6 +5,7 @@
- include: check_certs.yml - include: check_certs.yml
when: cert_management == "script" when: cert_management == "script"
tags: [etcd-secrets, facts] tags: [etcd-secrets, facts]
- include: gen_certs_script.yml - include: gen_certs_script.yml
when: cert_management == "script" when: cert_management == "script"
tags: etcd-secrets tags: etcd-secrets
@ -12,9 +13,11 @@
- include: sync_etcd_master_certs.yml - include: sync_etcd_master_certs.yml
when: cert_management == "vault" and inventory_hostname in groups.etcd when: cert_management == "vault" and inventory_hostname in groups.etcd
tags: etcd-secrets tags: etcd-secrets
- include: sync_etcd_node_certs.yml - include: sync_etcd_node_certs.yml
when: cert_management == "vault" and inventory_hostname in etcd_node_cert_hosts when: cert_management == "vault" and inventory_hostname in etcd_node_cert_hosts
tags: etcd-secrets tags: etcd-secrets
- include: gen_certs_vault.yml - include: gen_certs_vault.yml
when: cert_management == "vault" and (etcd_master_certs_needed|d() or etcd_node_certs_needed|d()) when: cert_management == "vault" and (etcd_master_certs_needed|d() or etcd_node_certs_needed|d())
tags: etcd-secrets tags: etcd-secrets
@ -22,10 +25,13 @@
- include: "install_{{ etcd_deployment_type }}.yml" - include: "install_{{ etcd_deployment_type }}.yml"
when: is_etcd_master when: is_etcd_master
tags: upgrade tags: upgrade
- include: set_cluster_health.yml - include: set_cluster_health.yml
when: is_etcd_master when: is_etcd_master
- include: configure.yml - include: configure.yml
when: is_etcd_master when: is_etcd_master
- include: refresh_config.yml - include: refresh_config.yml
when: is_etcd_master when: is_etcd_master
@ -50,5 +56,6 @@
# state insted of `new`. # state insted of `new`.
- include: set_cluster_health.yml - include: set_cluster_health.yml
when: is_etcd_master when: is_etcd_master
- include: refresh_config.yml - include: refresh_config.yml
when: is_etcd_master when: is_etcd_master

9
roles/kernel-upgrade/tasks/centos-7.yml
View file

@ -1,7 +1,9 @@
--- ---
- name: install ELRepo key - name: install ELRepo key
rpm_key: state=present key='{{ elrepo_key_url }}' rpm_key:
state: present
key: '{{ elrepo_key_url }}'
- name: install elrepo repository - name: install elrepo repository
yum: yum:
@ -9,7 +11,10 @@
state: present state: present
- name: upgrade kernel - name: upgrade kernel
yum: name={{elrepo_kernel_package}} state=present enablerepo=elrepo-kernel yum:
name: "{{elrepo_kernel_package}}"
state: present
enablerepo: elrepo-kernel
register: upgrade register: upgrade
- name: change default grub entry - name: change default grub entry

16
roles/kernel-upgrade/tasks/reboot.yml
View file

@ -8,23 +8,33 @@
shell: nohup bash -c "sleep 5 && shutdown -r now 'Reboot required for updated kernel'" & shell: nohup bash -c "sleep 5 && shutdown -r now 'Reboot required for updated kernel'" &
- name: Wait for some seconds - name: Wait for some seconds
pause: seconds=10 pause:
seconds: 10
- set_fact: - set_fact:
is_bastion: "{{ inventory_hostname == 'bastion' }}" is_bastion: "{{ inventory_hostname == 'bastion' }}"
wait_for_delegate: "localhost" wait_for_delegate: "localhost"
- set_fact: - set_fact:
wait_for_delegate: "{{hostvars['bastion']['ansible_ssh_host']}}" wait_for_delegate: "{{hostvars['bastion']['ansible_ssh_host']}}"
when: "{{ 'bastion' in groups['all'] }}" when: "{{ 'bastion' in groups['all'] }}"
- name: wait for bastion to come back - name: wait for bastion to come back
wait_for: host={{ ansible_ssh_host }} port=22 delay=10 timeout=300 wait_for:
host: "{{ ansible_ssh_host }}"
port: 22
delay: 10
timeout: 300
become: false become: false
delegate_to: localhost delegate_to: localhost
when: "is_bastion" when: "is_bastion"
- name: waiting for server to come back (using bastion if necessary) - name: waiting for server to come back (using bastion if necessary)
wait_for: host={{ ansible_ssh_host }} port=22 delay=10 timeout=300 wait_for:
host: "{{ ansible_ssh_host }}"
port: 22
delay: 10
timeout: 300
become: false become: false
delegate_to: "{{ wait_for_delegate }}" delegate_to: "{{ wait_for_delegate }}"
when: "not is_bastion" when: "not is_bastion"

4
roles/kubernetes-apps/ansible/tasks/calico-policy-controller.yml
View file

@ -5,7 +5,9 @@
tags: facts tags: facts
- name: Write calico-policy-controller yaml - name: Write calico-policy-controller yaml
template: src=calico-policy-controller.yml.j2 dest={{kube_config_dir}}/calico-policy-controller.yml template:
src: calico-policy-controller.yml.j2
dest: "{{kube_config_dir}}/calico-policy-controller.yml"
when: inventory_hostname == groups['kube-master'][0] when: inventory_hostname == groups['kube-master'][0]
- name: Start of Calico policy controller - name: Start of Calico policy controller

7
roles/kubernetes-apps/ansible/tasks/main.yaml → roles/kubernetes-apps/ansible/tasks/main.yml
View file

@ -1,6 +1,7 @@
--- ---
- name: Kubernetes Apps | Wait for kube-apiserver - name: Kubernetes Apps | Wait for kube-apiserver
uri: url=http://localhost:8080/healthz uri:
url: http://localhost:8080/healthz
register: result register: result
until: result.status == 200 until: result.status == 200
retries: 10 retries: 10
@ -8,7 +9,9 @@
when: inventory_hostname == groups['kube-master'][0] when: inventory_hostname == groups['kube-master'][0]
- name: Kubernetes Apps | Lay Down KubeDNS Template - name: Kubernetes Apps | Lay Down KubeDNS Template
template: src={{item.file}} dest={{kube_config_dir}}/{{item.file}} template:
src: "{{item.file}}"
dest: "{{kube_config_dir}}/{{item.file}}"
with_items: with_items:
- {file: kubedns-rc.yml, type: rc} - {file: kubedns-rc.yml, type: rc}
- {file: kubedns-svc.yml, type: svc} - {file: kubedns-svc.yml, type: svc}

4
roles/kubernetes-apps/ansible/tasks/netchecker.yml
View file

@ -1,5 +1,7 @@
- name: Kubernetes Apps | Lay Down Netchecker Template - name: Kubernetes Apps | Lay Down Netchecker Template
template: src={{item.file}} dest={{kube_config_dir}}/{{item.file}} template:
src: "{{item.file}}"
dest: "{{kube_config_dir}}/{{item.file}}"
with_items: with_items:
- {file: netchecker-agent-ds.yml, type: ds, name: netchecker-agent} - {file: netchecker-agent-ds.yml, type: ds, name: netchecker-agent}
- {file: netchecker-agent-hostnet-ds.yml, type: ds, name: netchecker-agent-hostnet} - {file: netchecker-agent-hostnet-ds.yml, type: ds, name: netchecker-agent-hostnet}

3
roles/kubernetes-apps/helm/tasks/main.yml
View file

@ -1,2 +1,3 @@
--- ---
- debug: msg="No helm charts" - debug:
msg: "No helm charts"

0
roles/kubernetes-apps/kpm/tasks/main.yaml → roles/kubernetes-apps/kpm/tasks/main.yml
View file

0
roles/kubernetes-apps/meta/main.yaml → roles/kubernetes-apps/meta/main.yml
View file

0
roles/kubernetes-apps/network_plugin/canal/tasks/main.yaml → roles/kubernetes-apps/network_plugin/canal/tasks/main.yml
View file

9
roles/kubernetes/master/handlers/main.yml
View file

@ -22,21 +22,24 @@
state: restarted state: restarted
- name: Master | wait for kube-scheduler - name: Master | wait for kube-scheduler
uri: url=http://localhost:10251/healthz uri:
url: http://localhost:10251/healthz
register: scheduler_result register: scheduler_result
until: scheduler_result.status == 200 until: scheduler_result.status == 200
retries: 15 retries: 15
delay: 5 delay: 5
- name: Master | wait for kube-controller-manager - name: Master | wait for kube-controller-manager
uri: url=http://localhost:10252/healthz uri:
url: http://localhost:10252/healthz
register: controller_manager_result register: controller_manager_result
until: controller_manager_result.status == 200 until: controller_manager_result.status == 200
retries: 15 retries: 15
delay: 5 delay: 5
- name: Master | wait for the apiserver to be running - name: Master | wait for the apiserver to be running
uri: url=http://localhost:8080/healthz uri:
url: http://localhost:8080/healthz
register: result register: result
until: result.status == 200 until: result.status == 200
retries: 10 retries: 10

4
roles/kubernetes/master/tasks/main.yml
View file

@ -36,7 +36,9 @@
- meta: flush_handlers - meta: flush_handlers
- name: copy kube system namespace manifest - name: copy kube system namespace manifest
copy: src=namespace.yml dest={{kube_config_dir}}/{{system_namespace}}-ns.yml copy:
src: namespace.yml
dest: "{{kube_config_dir}}/{{system_namespace}}-ns.yml"
run_once: yes run_once: yes
when: inventory_hostname == groups['kube-master'][0] when: inventory_hostname == groups['kube-master'][0]
tags: apps tags: apps

3
roles/kubernetes/master/tasks/pre-upgrade.yml
View file

@ -43,7 +43,8 @@
when: (secret_changed|default(false) or etcd_secret_changed|default(false)) and kube_apiserver_manifest.stat.exists when: (secret_changed|default(false) or etcd_secret_changed|default(false)) and kube_apiserver_manifest.stat.exists
- name: "Pre-upgrade | Pause while waiting for kubelet to delete kube-apiserver pod" - name: "Pre-upgrade | Pause while waiting for kubelet to delete kube-apiserver pod"
pause: seconds=20 pause:
seconds: 20
when: (secret_changed|default(false) or etcd_secret_changed|default(false)) and kube_apiserver_manifest.stat.exists when: (secret_changed|default(false) or etcd_secret_changed|default(false)) and kube_apiserver_manifest.stat.exists
tags: kube-apiserver tags: kube-apiserver

10
roles/kubernetes/node/tasks/main.yml
View file

@ -12,12 +12,18 @@
tags: nginx tags: nginx
- name: Write kubelet config file - name: Write kubelet config file
template: src=kubelet.j2 dest={{ kube_config_dir }}/kubelet.env backup=yes template:
src: kubelet.j2
dest: "{{ kube_config_dir }}/kubelet.env"
backup: yes
notify: restart kubelet notify: restart kubelet
tags: kubelet tags: kubelet
- name: write the kubecfg (auth) file for kubelet - name: write the kubecfg (auth) file for kubelet
template: src=node-kubeconfig.yaml.j2 dest={{ kube_config_dir }}/node-kubeconfig.yaml backup=yes template:
src: node-kubeconfig.yaml.j2
dest: "{{ kube_config_dir }}/node-kubeconfig.yaml"
backup: yes
notify: restart kubelet notify: restart kubelet
tags: kubelet tags: kubelet

17
roles/kubernetes/node/tasks/nginx-proxy.yml
View file

@ -1,9 +1,20 @@
--- ---
- name: nginx-proxy | Write static pod - name: nginx-proxy | Write static pod
template: src=manifests/nginx-proxy.manifest.j2 dest={{kube_manifest_dir}}/nginx-proxy.yml template:
src: manifests/nginx-proxy.manifest.j2
dest: "{{kube_manifest_dir}}/nginx-proxy.yml"
- name: nginx-proxy | Make nginx directory - name: nginx-proxy | Make nginx directory
file: path=/etc/nginx state=directory mode=0700 owner=root file:
path: /etc/nginx
state: directory
mode: 0700
owner: root
- name: nginx-proxy | Write nginx-proxy configuration - name: nginx-proxy | Write nginx-proxy configuration
template: src=nginx.conf.j2 dest="/etc/nginx/nginx.conf" owner=root mode=0755 backup=yes template:
src: nginx.conf.j2
dest: "/etc/nginx/nginx.conf"
owner: root
mode: 0755
backup: yes

4
roles/kubernetes/preinstall/tasks/dhclient-hooks-undo.yml
View file

@ -14,7 +14,9 @@
notify: Preinstall | restart network notify: Preinstall | restart network
- name: Remove kargo specific dhclient hook - name: Remove kargo specific dhclient hook
file: path="{{ dhclienthookfile }}" state=absent file:
path: "{{ dhclienthookfile }}"
state: absent
when: dhclienthookfile is defined when: dhclienthookfile is defined
notify: Preinstall | restart network notify: Preinstall | restart network

4
roles/kubernetes/preinstall/tasks/growpart-azure-centos-7.yml
View file

@ -3,7 +3,9 @@
# Running growpart seems to be only required on Azure, as other Cloud Providers do this at boot time # Running growpart seems to be only required on Azure, as other Cloud Providers do this at boot time
- name: install growpart - name: install growpart
package: name=cloud-utils-growpart state=latest package:
name: cloud-utils-growpart
state: latest
- name: check if growpart needs to be run - name: check if growpart needs to be run
command: growpart -N /dev/sda 1 command: growpart -N /dev/sda 1

20
roles/kubernetes/preinstall/tasks/main.yml
View file

@ -88,12 +88,18 @@
tags: [network, calico, weave, canal, bootstrap-os] tags: [network, calico, weave, canal, bootstrap-os]
- name: Update package management cache (YUM) - name: Update package management cache (YUM)
yum: update_cache=yes name='*' yum:
update_cache: yes
name: '*'
when: ansible_pkg_mgr == 'yum' when: ansible_pkg_mgr == 'yum'
tags: bootstrap-os tags: bootstrap-os
- name: Install latest version of python-apt for Debian distribs - name: Install latest version of python-apt for Debian distribs
apt: name=python-apt state=latest update_cache=yes cache_valid_time=3600 apt:
name: python-apt
state: latest
update_cache: yes
cache_valid_time: 3600
when: ansible_os_family == "Debian" when: ansible_os_family == "Debian"
tags: bootstrap-os tags: bootstrap-os
@ -132,7 +138,9 @@
register: slc register: slc
- name: Set selinux policy to permissive - name: Set selinux policy to permissive
selinux: policy=targeted state=permissive selinux:
policy: targeted
state: permissive
when: ansible_os_family == "RedHat" and slc.stat.exists == True when: ansible_os_family == "RedHat" and slc.stat.exists == True
changed_when: False changed_when: False
tags: bootstrap-os tags: bootstrap-os
@ -152,7 +160,8 @@
tags: bootstrap-os tags: bootstrap-os
- name: Stat sysctl file configuration - name: Stat sysctl file configuration
stat: path={{sysctl_file_path}} stat:
path: "{{sysctl_file_path}}"
register: sysctl_file_stat register: sysctl_file_stat
tags: bootstrap-os tags: bootstrap-os
@ -204,7 +213,8 @@
tags: [bootstrap-os, resolvconf] tags: [bootstrap-os, resolvconf]
- name: Check if we are running inside a Azure VM - name: Check if we are running inside a Azure VM
stat: path=/var/lib/waagent/ stat:
path: /var/lib/waagent/
register: azure_check register: azure_check
tags: bootstrap-os tags: bootstrap-os

55
roles/kubernetes/preinstall/tasks/set_facts.yml
View file

@ -1,12 +1,23 @@
--- ---
- set_fact: kube_apiserver_count="{{ groups['kube-master'] | length }}" - set_fact:
- set_fact: kube_apiserver_address="{{ ip | default(ansible_default_ipv4['address']) }}" kube_apiserver_count: "{{ groups['kube-master'] | length }}"
- set_fact: kube_apiserver_access_address="{{ access_ip | default(kube_apiserver_address) }}"
- set_fact: is_kube_master="{{ inventory_hostname in groups['kube-master'] }}" - set_fact:
- set_fact: first_kube_master="{{ hostvars[groups['kube-master'][0]]['access_ip'] | default(hostvars[groups['kube-master'][0]]['ip'] | default(hostvars[groups['kube-master'][0]]['ansible_default_ipv4']['address'])) }}" kube_apiserver_address: "{{ ip | default(ansible_default_ipv4['address']) }}"
- set_fact:
kube_apiserver_access_address: "{{ access_ip | default(kube_apiserver_address) }}"
- set_fact:
is_kube_master: "{{ inventory_hostname in groups['kube-master'] }}"
- set_fact:
first_kube_master: "{{ hostvars[groups['kube-master'][0]]['access_ip'] | default(hostvars[groups['kube-master'][0]]['ip'] | default(hostvars[groups['kube-master'][0]]['ansible_default_ipv4']['address'])) }}"
- set_fact: - set_fact:
loadbalancer_apiserver_localhost: false loadbalancer_apiserver_localhost: false
when: loadbalancer_apiserver is defined when: loadbalancer_apiserver is defined
- set_fact: - set_fact:
kube_apiserver_endpoint: |- kube_apiserver_endpoint: |-
{% if not is_kube_master and loadbalancer_apiserver_localhost -%} {% if not is_kube_master and loadbalancer_apiserver_localhost -%}
@ -21,34 +32,54 @@
{%- endif -%} {%- endif -%}
{%- endif %} {%- endif %}
- set_fact: etcd_address="{{ ip | default(ansible_default_ipv4['address']) }}" - set_fact:
- set_fact: etcd_access_address="{{ access_ip | default(etcd_address) }}" etcd_address: "{{ ip | default(ansible_default_ipv4['address']) }}"
- set_fact: etcd_peer_url="https://{{ etcd_access_address }}:2380"
- set_fact: etcd_client_url="https://{{ etcd_access_address }}:2379" - set_fact:
- set_fact: etcd_authority="127.0.0.1:2379" etcd_access_address: "{{ access_ip | default(etcd_address) }}"
- set_fact: etcd_endpoint="https://{{ etcd_authority }}"
- set_fact:
etcd_peer_url: "https://{{ etcd_access_address }}:2380"
- set_fact:
etcd_client_url: "https://{{ etcd_access_address }}:2379"
- set_fact:
etcd_authority: "127.0.0.1:2379"
- set_fact:
etcd_endpoint: "https://{{ etcd_authority }}"
- set_fact: - set_fact:
etcd_access_addresses: |- etcd_access_addresses: |-
{% for item in groups['etcd'] -%} {% for item in groups['etcd'] -%}
https://{{ hostvars[item]['access_ip'] | default(hostvars[item]['ip'] | default(hostvars[item]['ansible_default_ipv4']['address'])) }}:2379{% if not loop.last %},{% endif %} https://{{ hostvars[item]['access_ip'] | default(hostvars[item]['ip'] | default(hostvars[item]['ansible_default_ipv4']['address'])) }}:2379{% if not loop.last %},{% endif %}
{%- endfor %} {%- endfor %}
- set_fact: etcd_access_endpoint="{% if etcd_multiaccess %}{{ etcd_access_addresses }}{% else %}{{ etcd_endpoint }}{% endif %}"
- set_fact:
etcd_access_endpoint: "{% if etcd_multiaccess %}{{ etcd_access_addresses }}{% else %}{{ etcd_endpoint }}{% endif %}"
- set_fact: - set_fact:
etcd_member_name: |- etcd_member_name: |-
{% for host in groups['etcd'] %} {% for host in groups['etcd'] %}
{% if inventory_hostname == host %}{{"etcd"+loop.index|string }}{% endif %} {% if inventory_hostname == host %}{{"etcd"+loop.index|string }}{% endif %}
{% endfor %} {% endfor %}
- set_fact: - set_fact:
etcd_peer_addresses: |- etcd_peer_addresses: |-
{% for item in groups['etcd'] -%} {% for item in groups['etcd'] -%}
{{ "etcd"+loop.index|string }}=https://{{ hostvars[item].access_ip | default(hostvars[item].ip | default(hostvars[item].ansible_default_ipv4['address'])) }}:2380{% if not loop.last %},{% endif %} {{ "etcd"+loop.index|string }}=https://{{ hostvars[item].access_ip | default(hostvars[item].ip | default(hostvars[item].ansible_default_ipv4['address'])) }}:2380{% if not loop.last %},{% endif %}
{%- endfor %} {%- endfor %}
- set_fact: - set_fact:
is_etcd_master: "{{ inventory_hostname in groups['etcd'] }}" is_etcd_master: "{{ inventory_hostname in groups['etcd'] }}"
- set_fact: - set_fact:
etcd_after_v3: etcd_version | version_compare("v3.0.0", ">=") etcd_after_v3: etcd_version | version_compare("v3.0.0", ">=")
- set_fact: - set_fact:
etcd_container_bin_dir: "{% if etcd_after_v3 %}/usr/local/bin/{% else %}/{% endif %}" etcd_container_bin_dir: "{% if etcd_after_v3 %}/usr/local/bin/{% else %}/{% endif %}"
- set_fact: - set_fact:
peer_with_calico_rr: "{{ 'calico-rr' in groups and groups['calico-rr']|length > 0 }}" peer_with_calico_rr: "{{ 'calico-rr' in groups and groups['calico-rr']|length > 0 }}"

9
roles/kubernetes/preinstall/tasks/set_resolv_facts.yml
View file

@ -39,11 +39,13 @@
when: not ansible_os_family in ["CoreOS", "Container Linux by CoreOS"] when: not ansible_os_family in ["CoreOS", "Container Linux by CoreOS"]
- name: target temporary resolvconf cloud init file (Container Linux by CoreOS) - name: target temporary resolvconf cloud init file (Container Linux by CoreOS)
set_fact: resolvconffile=/tmp/resolveconf_cloud_init_conf set_fact:
resolvconffile: /tmp/resolveconf_cloud_init_conf
when: ansible_os_family in ["CoreOS", "Container Linux by CoreOS"] when: ansible_os_family in ["CoreOS", "Container Linux by CoreOS"]
- name: check if /etc/dhclient.conf exists - name: check if /etc/dhclient.conf exists
stat: path=/etc/dhclient.conf stat:
path: /etc/dhclient.conf
register: dhclient_stat register: dhclient_stat
- name: target dhclient conf file for /etc/dhclient.conf - name: target dhclient conf file for /etc/dhclient.conf
@ -52,7 +54,8 @@
when: dhclient_stat.stat.exists when: dhclient_stat.stat.exists
- name: check if /etc/dhcp/dhclient.conf exists - name: check if /etc/dhcp/dhclient.conf exists
stat: path=/etc/dhcp/dhclient.conf stat:
path: /etc/dhcp/dhclient.conf
register: dhcp_dhclient_stat register: dhcp_dhclient_stat
- name: target dhclient conf file for /etc/dhcp/dhclient.conf - name: target dhclient conf file for /etc/dhcp/dhclient.conf

8
roles/kubernetes/secrets/tasks/gen_certs_script.yml
View file

@ -142,10 +142,10 @@
- name: Gen_certs | check certificate permissions - name: Gen_certs | check certificate permissions
file: file:
path={{ kube_cert_dir }} path: "{{ kube_cert_dir }}"
group={{ kube_cert_group }} group: "{{ kube_cert_group }}"
owner=kube owner: kube
recurse=yes recurse: yes
- name: Gen_certs | set permissions on keys - name: Gen_certs | set permissions on keys
shell: chmod 0600 {{ kube_cert_dir}}/*key.pem shell: chmod 0600 {{ kube_cert_dir}}/*key.pem

35
roles/kubernetes/secrets/tasks/main.yml
View file

@ -1,29 +1,30 @@
--- ---
- include: check-certs.yml - include: check-certs.yml
tags: [k8s-secrets, facts] tags: [k8s-secrets, facts]
- include: check-tokens.yml - include: check-tokens.yml
tags: [k8s-secrets, facts] tags: [k8s-secrets, facts]
- name: Make sure the certificate directory exits - name: Make sure the certificate directory exits
file: file:
path={{ kube_cert_dir }} path: "{{ kube_cert_dir }}"
state=directory state: directory
mode=o-rwx mode: o-rwx
group={{ kube_cert_group }} group: "{{ kube_cert_group }}"
- name: Make sure the tokens directory exits - name: Make sure the tokens directory exits
file: file:
path={{ kube_token_dir }} path: "{{ kube_token_dir }}"
state=directory state: directory
mode=o-rwx mode: o-rwx
group={{ kube_cert_group }} group: "{{ kube_cert_group }}"
- name: Make sure the users directory exits - name: Make sure the users directory exits
file: file:
path={{ kube_users_dir }} path: "{{ kube_users_dir }}"
state=directory state: directory
mode=o-rwx mode: o-rwx
group={{ kube_cert_group }} group: "{{ kube_cert_group }}"
- name: Populate users for basic auth in API - name: Populate users for basic auth in API
lineinfile: lineinfile:
@ -62,10 +63,10 @@
- name: "Get_tokens | Make sure the tokens directory exits (on {{groups['kube-master'][0]}})" - name: "Get_tokens | Make sure the tokens directory exits (on {{groups['kube-master'][0]}})"
file: file:
path={{ kube_token_dir }} path: "{{ kube_token_dir }}"
state=directory state: directory
mode=o-rwx mode: o-rwx
group={{ kube_cert_group }} group: "{{ kube_cert_group }}"
run_once: yes run_once: yes
delegate_to: "{{groups['kube-master'][0]}}" delegate_to: "{{groups['kube-master'][0]}}"
when: gen_tokens|default(false) when: gen_tokens|default(false)
@ -77,9 +78,11 @@
- include: sync_kube_master_certs.yml - include: sync_kube_master_certs.yml
when: cert_management == "vault" and inventory_hostname in groups['kube-master'] when: cert_management == "vault" and inventory_hostname in groups['kube-master']
tags: k8s-secrets tags: k8s-secrets
- include: sync_kube_node_certs.yml - include: sync_kube_node_certs.yml
when: cert_management == "vault" and inventory_hostname in groups['k8s-cluster'] when: cert_management == "vault" and inventory_hostname in groups['k8s-cluster']
tags: k8s-secrets tags: k8s-secrets
- include: gen_certs_vault.yml - include: gen_certs_vault.yml
when: cert_management == "vault" when: cert_management == "vault"
tags: k8s-secrets tags: k8s-secrets

8
roles/network_plugin/calico/rr/tasks/main.yml
View file

@ -35,11 +35,15 @@
group: root group: root
- name: Calico-rr | Write calico-rr.env for systemd init file - name: Calico-rr | Write calico-rr.env for systemd init file
template: src=calico-rr.env.j2 dest=/etc/calico/calico-rr.env template:
src: calico-rr.env.j2
dest: /etc/calico/calico-rr.env
notify: restart calico-rr notify: restart calico-rr
- name: Calico-rr | Write calico-rr systemd init file - name: Calico-rr | Write calico-rr systemd init file
template: src=calico-rr.service.j2 dest=/etc/systemd/system/calico-rr.service template:
src: calico-rr.service.j2
dest: /etc/systemd/system/calico-rr.service
notify: restart calico-rr notify: restart calico-rr
- name: Calico-rr | Configure route reflector - name: Calico-rr | Configure route reflector

16
roles/network_plugin/calico/tasks/main.yml
View file

@ -60,7 +60,9 @@
tags: [hyperkube, upgrade] tags: [hyperkube, upgrade]
- name: Calico | wait for etcd - name: Calico | wait for etcd
uri: url=https://localhost:2379/health validate_certs=no uri:
url: https://localhost:2379/health
validate_certs: no
register: result register: result
until: result.status == 200 or result.status == 401 until: result.status == 200 or result.status == 401
retries: 10 retries: 10
@ -160,17 +162,23 @@
when: legacy_calicoctl when: legacy_calicoctl
- name: Calico (old) | Write calico-node systemd init file - name: Calico (old) | Write calico-node systemd init file
template: src=calico-node.service.legacy.j2 dest=/etc/systemd/system/calico-node.service template:
src: calico-node.service.legacy.j2
dest: /etc/systemd/system/calico-node.service
when: legacy_calicoctl when: legacy_calicoctl
notify: restart calico-node notify: restart calico-node
- name: Calico | Write calico.env for systemd init file - name: Calico | Write calico.env for systemd init file
template: src=calico.env.j2 dest=/etc/calico/calico.env template:
src: calico.env.j2
dest: /etc/calico/calico.env
when: not legacy_calicoctl when: not legacy_calicoctl
notify: restart calico-node notify: restart calico-node
- name: Calico | Write calico-node systemd init file - name: Calico | Write calico-node systemd init file
template: src=calico-node.service.j2 dest=/etc/systemd/system/calico-node.service template:
src: calico-node.service.j2
dest: /etc/systemd/system/calico-node.service
when: not legacy_calicoctl when: not legacy_calicoctl
notify: restart calico-node notify: restart calico-node

4
roles/network_plugin/flannel/handlers/main.yml
View file

@ -28,7 +28,9 @@
state: restarted state: restarted
- name: Flannel | pause while Docker restarts - name: Flannel | pause while Docker restarts
pause: seconds=10 prompt="Waiting for docker restart" pause:
seconds: 10
prompt: "Waiting for docker restart"
- name: Flannel | wait for docker - name: Flannel | wait for docker
command: "{{ docker_bin_dir }}/docker images" command: "{{ docker_bin_dir }}/docker images"

12
roles/reset/tasks/main.yml
View file

@ -1,7 +1,9 @@
--- ---
- name: reset | stop services - name: reset | stop services
service: name={{ item }} state=stopped service:
name: "{{ item }}"
state: stopped
with_items: with_items:
- kubelet - kubelet
- etcd - etcd
@ -33,7 +35,9 @@
shell: "{{ docker_bin_dir }}/docker ps -aq | xargs -r docker rm -fv" shell: "{{ docker_bin_dir }}/docker ps -aq | xargs -r docker rm -fv"
- name: reset | restart docker if needed - name: reset | restart docker if needed
service: name=docker state=restarted service:
name: docker
state: restarted
when: docker_dropins_removed.changed when: docker_dropins_removed.changed
- name: reset | gather mounted kubelet dirs - name: reset | gather mounted kubelet dirs
@ -46,7 +50,9 @@
with_items: '{{ mounted_dirs.stdout_lines }}' with_items: '{{ mounted_dirs.stdout_lines }}'
- name: reset | delete some files and directories - name: reset | delete some files and directories
file: path={{ item }} state=absent file:
path: "{{ item }}"
state: absent
with_items: with_items:
- "{{kube_config_dir}}" - "{{kube_config_dir}}"
- /var/lib/kubelet - /var/lib/kubelet

5
roles/uploads/tasks/main.yml
View file

@ -1,6 +1,9 @@
--- ---
- name: Create dest directories - name: Create dest directories
file: path={{local_release_dir}}/{{item.dest|dirname}} state=directory recurse=yes file:
path: "{{local_release_dir}}/{{item.dest|dirname}}"
state: directory
recurse: yes
with_items: '{{downloads}}' with_items: '{{downloads}}'
- name: Download items - name: Download items

3
roles/vault/tasks/bootstrap/main.yml
View file

@ -2,8 +2,10 @@
- include: ../shared/check_vault.yml - include: ../shared/check_vault.yml
when: inventory_hostname in groups.vault when: inventory_hostname in groups.vault
- include: sync_secrets.yml - include: sync_secrets.yml
when: inventory_hostname in groups.vault when: inventory_hostname in groups.vault
- include: ../shared/find_leader.yml - include: ../shared/find_leader.yml
when: inventory_hostname in groups.vault and vault_cluster_is_initialized|d() when: inventory_hostname in groups.vault and vault_cluster_is_initialized|d()
@ -54,5 +56,6 @@
- include: role_auth_cert.yml - include: role_auth_cert.yml
when: vault_role_auth_method == "cert" when: vault_role_auth_method == "cert"
- include: role_auth_userpass.yml - include: role_auth_userpass.yml
when: vault_role_auth_method == "userpass" when: vault_role_auth_method == "userpass"

1
roles/vault/tasks/bootstrap/role_auth_cert.yml
View file

@ -21,5 +21,6 @@
ca_name: auth-ca ca_name: auth-ca
mount_name: auth-pki mount_name: auth-pki
when: inventory_hostname == groups.vault|first and not vault_auth_ca_cert_needed when: inventory_hostname == groups.vault|first and not vault_auth_ca_cert_needed
- include: create_etcd_role.yml - include: create_etcd_role.yml
when: inventory_hostname in groups.etcd when: inventory_hostname in groups.etcd

1
roles/vault/tasks/bootstrap/role_auth_userpass.yml
View file

@ -6,5 +6,6 @@
auth_backend_path: userpass auth_backend_path: userpass
auth_backend_type: userpass auth_backend_type: userpass
when: inventory_hostname == groups.vault|first when: inventory_hostname == groups.vault|first
- include: create_etcd_role.yml - include: create_etcd_role.yml
when: inventory_hostname in groups.etcd when: inventory_hostname in groups.etcd

9
roles/vault/tasks/cluster/main.yml
View file

@ -2,6 +2,7 @@
- include: ../shared/check_vault.yml - include: ../shared/check_vault.yml
when: inventory_hostname in groups.vault when: inventory_hostname in groups.vault
- include: ../shared/check_etcd.yml - include: ../shared/check_etcd.yml
when: inventory_hostname in groups.vault when: inventory_hostname in groups.vault
@ -9,18 +10,25 @@
- include: configure.yml - include: configure.yml
when: inventory_hostname in groups.vault when: inventory_hostname in groups.vault
- include: binary.yml - include: binary.yml
when: inventory_hostname in groups.vault and vault_deployment_type == "host" when: inventory_hostname in groups.vault and vault_deployment_type == "host"
- include: systemd.yml - include: systemd.yml
when: inventory_hostname in groups.vault when: inventory_hostname in groups.vault
- include: init.yml - include: init.yml
when: inventory_hostname in groups.vault when: inventory_hostname in groups.vault
- include: unseal.yml - include: unseal.yml
when: inventory_hostname in groups.vault when: inventory_hostname in groups.vault
- include: ../shared/find_leader.yml - include: ../shared/find_leader.yml
when: inventory_hostname in groups.vault when: inventory_hostname in groups.vault
- include: ../shared/pki_mount.yml - include: ../shared/pki_mount.yml
when: inventory_hostname == groups.vault|first when: inventory_hostname == groups.vault|first
- include: ../shared/config_ca.yml - include: ../shared/config_ca.yml
vars: vars:
ca_name: ca ca_name: ca
@ -31,5 +39,6 @@
- include: role_auth_cert.yml - include: role_auth_cert.yml
when: vault_role_auth_method == "cert" when: vault_role_auth_method == "cert"
- include: role_auth_userpass.yml - include: role_auth_userpass.yml
when: vault_role_auth_method == "userpass" when: vault_role_auth_method == "userpass"