Add tags to allow more granular tasks filtering.
Add generator script for MD formatted tags found.
Add docs for tags how-to.

Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
This commit is contained in:
Bogdan Dobrelya 2016-12-08 14:36:00 +01:00
parent aee21136ce
commit 0b1ce03167
35 changed files with 205 additions and 10 deletions

View file

@ -48,3 +48,63 @@ etcd
Group vars Group vars
-------------- --------------
The main variables to change are located in the directory ```inventory/group_vars/all.yml```. The main variables to change are located in the directory ```inventory/group_vars/all.yml```.
Ansible tags
------------
The following tags are defined in playbooks:
| Tag name | Used for
|--------------------------|---------
| apps | K8s apps definitions
| azure | Cloud-provider Azure
| bootstrap-os | Anything related to host OS configuration
| calico | Network plugin Calico
| canal | Network plugin Canal
| cloud-provider | Cloud-provider related tasks
| dnsmasq | Configuring DNS stack for hosts and K8s apps
| download | Fetching container images
| etcd | Configuring etcd cluster
| etcd-pre-upgrade | Upgrading etcd cluster
| etcd-secrets | Configuring etcd certs/keys
| etchosts | Configuring /etc/hosts entries for hosts
| facts | Gathering facts and misc check results
| flannel | Network plugin flannel
| gce | Cloud-provider GCP
| hyperkube | Manipulations with K8s hyperkube image
| k8s-pre-upgrade | Upgrading K8s cluster
| k8s-secrets | Configuring K8s certs/keys
| kpm | Installing K8s apps definitions with KPM
| kube-apiserver | Configuring self-hosted kube-apiserver
| kube-controller-manager | Configuring self-hosted kube-controller-manager
| kubectl | Installing kubectl and bash completion
| kubelet | Configuring kubelet service
| kube-proxy | Configuring self-hosted kube-proxy
| kube-scheduler | Configuring self-hosted kube-scheduler
| master | Configuring K8s master node role
| netchecker | Installing netchecker K8s app
| network | Configuring networking plugins for K8s
| nginx | Configuring LB for kube-apiserver instances
| node | Configuring K8s minion (compute) node role
| openstack | Cloud-provider OpenStack
| preinstall | Preliminary configuration steps
| resolvconf | Configuring /etc/resolv.conf for hosts/apps
| upgrade | Upgrading, f.e. container images/binaries
| weave | Network plugin Weave
Note: Use the ``bash scripts/gen_tags.sh`` command to generate a list of all
tags found in the codebase. New tags will be listed with the empty "Used for"
field.
Example command to filter and apply only DNS configuration tasks and skip
everything else related to host OS configuration and downloading images of containers:
```
ansible-playbook -i inventory/inventory.ini cluster.yml --tags preinstall,dnsmasq,facts --skip-tags=download,bootstrap-os
```
And this play only removes the K8s cluster DNS resolver IP from hosts' /etc/resolv.conf files:
```
ansible-playbook -i inventory/inventory.ini -e dns_server='' cluster.yml --tags resolvconf
```
Note: use `--tags` and `--skip-tags` wise and only if you're 100% sure what you're doing.

View file

@ -3,7 +3,7 @@
raw: stat /opt/bin/.bootstrapped raw: stat /opt/bin/.bootstrapped
register: need_bootstrap register: need_bootstrap
ignore_errors: True ignore_errors: True
tags: facts
- name: Bootstrap | Run bootstrap.sh - name: Bootstrap | Run bootstrap.sh
script: bootstrap.sh script: bootstrap.sh
@ -11,6 +11,7 @@
- set_fact: - set_fact:
ansible_python_interpreter: "/opt/bin/python" ansible_python_interpreter: "/opt/bin/python"
tags: facts
- name: Bootstrap | Check if we need to install pip - name: Bootstrap | Check if we need to install pip
shell: "{{ansible_python_interpreter}} -m pip --version" shell: "{{ansible_python_interpreter}} -m pip --version"
@ -18,6 +19,7 @@
ignore_errors: True ignore_errors: True
changed_when: false changed_when: false
when: (need_bootstrap | failed) when: (need_bootstrap | failed)
tags: facts
- name: Bootstrap | Copy get-pip.py - name: Bootstrap | Copy get-pip.py
copy: src=get-pip.py dest=~/get-pip.py copy: src=get-pip.py dest=~/get-pip.py

View file

@ -5,6 +5,7 @@
raw: which python raw: which python
register: need_bootstrap register: need_bootstrap
ignore_errors: True ignore_errors: True
tags: facts
- name: Bootstrap | Install python 2.x - name: Bootstrap | Install python 2.x
raw: apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y python-minimal raw: apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y python-minimal
@ -12,3 +13,4 @@
- set_fact: - set_fact:
ansible_python_interpreter: "/usr/bin/python" ansible_python_interpreter: "/usr/bin/python"
tags: facts

View file

@ -3,3 +3,4 @@ dependencies:
- role: download - role: download
file: "{{ downloads.dnsmasq }}" file: "{{ downloads.dnsmasq }}"
when: not skip_dnsmasq|default(false) and download_localhost|default(false) when: not skip_dnsmasq|default(false) and download_localhost|default(false)
tags: [download, dnsmasq]

View file

@ -1,5 +1,7 @@
--- ---
- include: dnsmasq.yml - include: dnsmasq.yml
when: "{{ not skip_dnsmasq_k8s|bool }}" when: "{{ not skip_dnsmasq_k8s|bool }}"
tags: dnsmasq
- include: resolvconf.yml - include: resolvconf.yml
tags: resolvconf

View file

@ -12,6 +12,7 @@
paths: paths:
- ../vars - ../vars
skip: true skip: true
tags: facts
- name: check for minimum kernel version - name: check for minimum kernel version
fail: fail:
@ -20,6 +21,7 @@
{{ docker_kernel_min_version }} on {{ docker_kernel_min_version }} on
{{ ansible_distribution }}-{{ ansible_distribution_version }} {{ ansible_distribution }}-{{ ansible_distribution_version }}
when: (ansible_os_family != "CoreOS") and (ansible_kernel|version_compare(docker_kernel_min_version, "<")) when: (ansible_os_family != "CoreOS") and (ansible_kernel|version_compare(docker_kernel_min_version, "<"))
tags: facts
- name: ensure docker repository public key is installed - name: ensure docker repository public key is installed
action: "{{ docker_repo_key_info.pkg_key }}" action: "{{ docker_repo_key_info.pkg_key }}"

View file

@ -4,19 +4,23 @@
set_fact: set_fact:
docker_options_file: >- docker_options_file: >-
{%- if ansible_os_family == "Debian" -%}/etc/default/docker{%- elif ansible_os_family == "RedHat" -%}/etc/sysconfig/docker{%- endif -%} {%- if ansible_os_family == "Debian" -%}/etc/default/docker{%- elif ansible_os_family == "RedHat" -%}/etc/sysconfig/docker{%- endif -%}
tags: facts
- name: Set docker options config variable name - name: Set docker options config variable name
set_fact: set_fact:
docker_options_name: >- docker_options_name: >-
{%- if ansible_os_family == "Debian" -%}DOCKER_OPTS{%- elif ansible_os_family == "RedHat" -%}other_args{%- endif -%} {%- if ansible_os_family == "Debian" -%}DOCKER_OPTS{%- elif ansible_os_family == "RedHat" -%}other_args{%- endif -%}
tags: facts
- name: Set docker options config value to be written - name: Set docker options config value to be written
set_fact: set_fact:
docker_options_value: '"{{ docker_options }} $DOCKER_NETWORK_OPTIONS $DOCKER_STORAGE_OPTIONS $INSECURE_REGISTRY"' docker_options_value: '"{{ docker_options }} $DOCKER_NETWORK_OPTIONS $DOCKER_STORAGE_OPTIONS $INSECURE_REGISTRY"'
tags: facts
- name: Set docker options config line to be written - name: Set docker options config line to be written
set_fact: set_fact:
docker_options_line: "{{ docker_options_name }}={{ docker_options_value }}" docker_options_line: "{{ docker_options_name }}={{ docker_options_value }}"
tags: facts
- name: Set docker proxy lines to be written - name: Set docker proxy lines to be written
set_fact: set_fact:
@ -24,6 +28,7 @@
- { name: "HTTP_PROXY", value: '"{{ http_proxy }}"' } - { name: "HTTP_PROXY", value: '"{{ http_proxy }}"' }
- { name: "HTTPS_PROXY", value: '"{{ https_proxy }}"' } - { name: "HTTPS_PROXY", value: '"{{ https_proxy }}"' }
- { name: "NO_PROXY", value: '"{{ no_proxy }}"' } - { name: "NO_PROXY", value: '"{{ no_proxy }}"' }
tags: facts
- name: Remove docker daemon proxy config lines that don't match desired lines - name: Remove docker daemon proxy config lines that don't match desired lines
lineinfile: lineinfile:

View file

@ -45,6 +45,7 @@
- set_fact: - set_fact:
download_delegate: "{% if download_localhost %}localhost{% else %}{{groups['kube-master'][0]}}{% endif %}" download_delegate: "{% if download_localhost %}localhost{% else %}{{groups['kube-master'][0]}}{% endif %}"
tags: facts
- name: Create dest directory for saved/loaded container images - name: Create dest directory for saved/loaded container images
file: path="{{local_release_dir}}/containers" state=directory recurse=yes mode=0755 owner={{ansible_ssh_user|default(ansible_user_id)}} file: path="{{local_release_dir}}/containers" state=directory recurse=yes mode=0755 owner={{ansible_ssh_user|default(ansible_user_id)}}
@ -78,6 +79,7 @@
- set_fact: - set_fact:
fname: "{{local_release_dir}}/containers/{{download.repo|regex_replace('/|\0|:', '_')}}:{{download.tag|regex_replace('/|\0|:', '_')}}.tar" fname: "{{local_release_dir}}/containers/{{download.repo|regex_replace('/|\0|:', '_')}}:{{download.tag|regex_replace('/|\0|:', '_')}}.tar"
tags: facts
- name: "Set default value for 'container_changed' to false" - name: "Set default value for 'container_changed' to false"
set_fact: set_fact:
@ -89,6 +91,7 @@
when: "{{ download.enabled|bool and download.container|bool }}" when: "{{ download.enabled|bool and download.container|bool }}"
delegate_to: "{{ download_delegate if download_run_once|bool else inventory_hostname }}" delegate_to: "{{ download_delegate if download_run_once|bool else inventory_hostname }}"
run_once: "{{ download_run_once|bool }}" run_once: "{{ download_run_once|bool }}"
tags: facts
- name: Stat saved container image - name: Stat saved container image
stat: path="{{fname}}" stat: path="{{fname}}"

View file

@ -7,3 +7,4 @@ dependencies:
when: (ansible_os_family != "CoreOS" and etcd_deployment_type == "docker" or inventory_hostname in groups['k8s-cluster']) when: (ansible_os_family != "CoreOS" and etcd_deployment_type == "docker" or inventory_hostname in groups['k8s-cluster'])
- role: download - role: download
file: "{{ downloads.etcd }}" file: "{{ downloads.etcd }}"
tags: download

View file

@ -5,6 +5,7 @@
ignore_errors: true ignore_errors: true
changed_when: false changed_when: false
when: is_etcd_master when: is_etcd_master
tags: facts
- name: Configure | Add member to the cluster if it is not there - name: Configure | Add member to the cluster if it is not there
when: is_etcd_master and etcd_member_in_cluster.rc != 0 and etcd_cluster_is_healthy.rc == 0 when: is_etcd_master and etcd_member_in_cluster.rc != 0 and etcd_cluster_is_healthy.rc == 0

View file

@ -42,6 +42,7 @@
- set_fact: - set_fact:
master_certs: ['ca-key.pem', 'admin.pem', 'admin-key.pem', 'member.pem', 'member-key.pem'] master_certs: ['ca-key.pem', 'admin.pem', 'admin-key.pem', 'member.pem', 'member-key.pem']
node_certs: ['ca.pem', 'node.pem', 'node-key.pem'] node_certs: ['ca.pem', 'node.pem', 'node-key.pem']
tags: facts
- name: Gen_certs | Gather etcd master certs - name: Gen_certs | Gather etcd master certs
shell: "tar cfz - -C {{ etcd_cert_dir }} {{ master_certs|join(' ') }} {{ node_certs|join(' ') }}| base64 --wrap=0" shell: "tar cfz - -C {{ etcd_cert_dir }} {{ master_certs|join(' ') }} {{ node_certs|join(' ') }}| base64 --wrap=0"
@ -78,6 +79,7 @@
state=directory state=directory
owner=kube owner=kube
recurse=yes recurse=yes
tags: facts
- name: Gen_certs | set permissions on keys - name: Gen_certs | set permissions on keys
shell: chmod 0600 {{ etcd_cert_dir}}/*key.pem shell: chmod 0600 {{ etcd_cert_dir}}/*key.pem
@ -94,6 +96,7 @@
{%- elif ansible_os_family == "CoreOS" -%} {%- elif ansible_os_family == "CoreOS" -%}
/etc/ssl/certs/etcd-ca.pem /etc/ssl/certs/etcd-ca.pem
{%- endif %} {%- endif %}
tags: facts
- name: Gen_certs | add CA to trusted CA dir - name: Gen_certs | add CA to trusted CA dir
copy: copy:

View file

@ -1,9 +1,13 @@
--- ---
- include: pre_upgrade.yml - include: pre_upgrade.yml
tags: etcd-pre-upgrade
- include: check_certs.yml - include: check_certs.yml
tags: [etcd-secrets, facts]
- include: gen_certs.yml - include: gen_certs.yml
tags: etcd-secrets
- include: install.yml - include: install.yml
when: is_etcd_master when: is_etcd_master
tags: upgrade
- include: set_cluster_health.yml - include: set_cluster_health.yml
when: is_etcd_master when: is_etcd_master
- include: configure.yml - include: configure.yml

View file

@ -2,11 +2,13 @@
stat: stat:
path: /etc/systemd/system/etcd-proxy.service path: /etc/systemd/system/etcd-proxy.service
register: kube_apiserver_service_file register: kube_apiserver_service_file
tags: facts
- name: "Pre-upgrade | check for etcd-proxy init script" - name: "Pre-upgrade | check for etcd-proxy init script"
stat: stat:
path: /etc/init.d/etcd-proxy path: /etc/init.d/etcd-proxy
register: kube_apiserver_init_script register: kube_apiserver_init_script
tags: facts
- name: "Pre-upgrade | stop etcd-proxy if service defined" - name: "Pre-upgrade | stop etcd-proxy if service defined"
service: service:

View file

@ -5,3 +5,4 @@
ignore_errors: true ignore_errors: true
changed_when: false changed_when: false
when: is_etcd_master when: is_etcd_master
tags: facts

View file

@ -6,6 +6,7 @@
- {file: kubedns-svc.yml, type: svc} - {file: kubedns-svc.yml, type: svc}
register: manifests register: manifests
when: inventory_hostname == groups['kube-master'][0] when: inventory_hostname == groups['kube-master'][0]
tags: dnsmasq
- name: Kubernetes Apps | Start Resources - name: Kubernetes Apps | Start Resources
kube: kube:
@ -17,11 +18,14 @@
state: "{{item.changed | ternary('latest','present') }}" state: "{{item.changed | ternary('latest','present') }}"
with_items: "{{ manifests.results }}" with_items: "{{ manifests.results }}"
when: inventory_hostname == groups['kube-master'][0] when: inventory_hostname == groups['kube-master'][0]
tags: dnsmasq
- include: tasks/calico-policy-controller.yml - include: tasks/calico-policy-controller.yml
when: ( enable_network_policy is defined and enable_network_policy == True ) or when: ( enable_network_policy is defined and enable_network_policy == True ) or
( kube_network_plugin == 'canal' ) ( kube_network_plugin == 'canal' )
tags: [network, canal]
- name: Kubernetes Apps | Netchecker - name: Kubernetes Apps | Netchecker
include: tasks/netchecker.yml include: tasks/netchecker.yml
when: deploy_netchecker when: deploy_netchecker
tags: netchecker

View file

@ -2,3 +2,4 @@
dependencies: dependencies:
- role: kubernetes-apps/network_plugin/canal - role: kubernetes-apps/network_plugin/canal
when: kube_network_plugin == 'canal' when: kube_network_plugin == 'canal'
tags: canal

View file

@ -2,3 +2,4 @@
dependencies: dependencies:
- role: download - role: download
file: "{{ downloads.hyperkube }}" file: "{{ downloads.hyperkube }}"
tags: [download, hyperkube]

View file

@ -1,6 +1,6 @@
--- ---
- include: pre-upgrade.yml - include: pre-upgrade.yml
tags: k8s-pre-upgrade
- name: Copy kubectl from hyperkube container - name: Copy kubectl from hyperkube container
command: "/usr/bin/docker run --rm -v {{ bin_dir }}:/systembindir {{ hyperkube_image_repo }}:{{ hyperkube_image_tag }} /bin/cp /hyperkube /systembindir/kubectl" command: "/usr/bin/docker run --rm -v {{ bin_dir }}:/systembindir {{ hyperkube_image_repo }}:{{ hyperkube_image_tag }} /bin/cp /hyperkube /systembindir/kubectl"
@ -9,12 +9,14 @@
retries: 4 retries: 4
delay: "{{ retry_stagger | random + 3 }}" delay: "{{ retry_stagger | random + 3 }}"
changed_when: false changed_when: false
tags: [hyperkube, kubectl, upgrade]
- name: Gather kubectl bash completion - name: Gather kubectl bash completion
command: "{{ bin_dir }}/kubectl completion bash" command: "{{ bin_dir }}/kubectl completion bash"
no_log: true no_log: true
register: kubectl_bash_completion register: kubectl_bash_completion
when: ansible_os_family in ["Debian","RedHat"] when: ansible_os_family in ["Debian","RedHat"]
tags: kubectl
- name: Write kubectl bash completion - name: Write kubectl bash completion
copy: copy:
@ -24,12 +26,14 @@
group: root group: root
mode: 0755 mode: 0755
when: ansible_os_family in ["Debian","RedHat"] and kubectl_bash_completion.changed when: ansible_os_family in ["Debian","RedHat"] and kubectl_bash_completion.changed
tags: [kubectl, upgrade]
- name: Write kube-apiserver manifest - name: Write kube-apiserver manifest
template: template:
src: manifests/kube-apiserver.manifest.j2 src: manifests/kube-apiserver.manifest.j2
dest: "{{ kube_manifest_dir }}/kube-apiserver.manifest" dest: "{{ kube_manifest_dir }}/kube-apiserver.manifest"
notify: Master | wait for the apiserver to be running notify: Master | wait for the apiserver to be running
tags: kube-apiserver
- meta: flush_handlers - meta: flush_handlers
# Create kube-system namespace # Create kube-system namespace
@ -37,6 +41,7 @@
copy: src=namespace.yml dest=/etc/kubernetes/kube-system-ns.yml copy: src=namespace.yml dest=/etc/kubernetes/kube-system-ns.yml
run_once: yes run_once: yes
when: inventory_hostname == groups['kube-master'][0] when: inventory_hostname == groups['kube-master'][0]
tags: apps
- name: Check if kube-system exists - name: Check if kube-system exists
command: "{{ bin_dir }}/kubectl get ns kube-system" command: "{{ bin_dir }}/kubectl get ns kube-system"
@ -44,11 +49,13 @@
changed_when: False changed_when: False
failed_when: False failed_when: False
run_once: yes run_once: yes
tags: apps
- name: Create 'kube-system' namespace - name: Create 'kube-system' namespace
command: "{{ bin_dir }}/kubectl create -f /etc/kubernetes/kube-system-ns.yml" command: "{{ bin_dir }}/kubectl create -f /etc/kubernetes/kube-system-ns.yml"
changed_when: False changed_when: False
when: kubesystem|failed and inventory_hostname == groups['kube-master'][0] when: kubesystem|failed and inventory_hostname == groups['kube-master'][0]
tags: apps
# Write other manifests # Write other manifests
- name: Write kube-controller-manager manifest - name: Write kube-controller-manager manifest
@ -56,9 +63,11 @@
src: manifests/kube-controller-manager.manifest.j2 src: manifests/kube-controller-manager.manifest.j2
dest: "{{ kube_manifest_dir }}/kube-controller-manager.manifest" dest: "{{ kube_manifest_dir }}/kube-controller-manager.manifest"
notify: Master | wait for kube-controller-manager notify: Master | wait for kube-controller-manager
tags: kube-controller-manager
- name: Write kube-scheduler manifest - name: Write kube-scheduler manifest
template: template:
src: manifests/kube-scheduler.manifest.j2 src: manifests/kube-scheduler.manifest.j2
dest: "{{ kube_manifest_dir }}/kube-scheduler.manifest" dest: "{{ kube_manifest_dir }}/kube-scheduler.manifest"
notify: Master | wait for kube-scheduler notify: Master | wait for kube-scheduler
tags: kube-scheduler

View file

@ -3,17 +3,20 @@
stat: stat:
path: /etc/systemd/system/kube-apiserver.service path: /etc/systemd/system/kube-apiserver.service
register: kube_apiserver_service_file register: kube_apiserver_service_file
tags: [facts, kube-apiserver]
- name: "Pre-upgrade | check for kube-apiserver init script" - name: "Pre-upgrade | check for kube-apiserver init script"
stat: stat:
path: /etc/init.d/kube-apiserver path: /etc/init.d/kube-apiserver
register: kube_apiserver_init_script register: kube_apiserver_init_script
tags: [facts, kube-apiserver]
- name: "Pre-upgrade | stop kube-apiserver if service defined" - name: "Pre-upgrade | stop kube-apiserver if service defined"
service: service:
name: kube-apiserver name: kube-apiserver
state: stopped state: stopped
when: (kube_apiserver_service_file.stat.exists|default(False) or kube_apiserver_init_script.stat.exists|default(False)) when: (kube_apiserver_service_file.stat.exists|default(False) or kube_apiserver_init_script.stat.exists|default(False))
tags: kube-apiserver
- name: "Pre-upgrade | remove kube-apiserver service definition" - name: "Pre-upgrade | remove kube-apiserver service definition"
file: file:
@ -23,3 +26,4 @@
with_items: with_items:
- /etc/systemd/system/kube-apiserver.service - /etc/systemd/system/kube-apiserver.service
- /etc/init.d/kube-apiserver - /etc/init.d/kube-apiserver
tags: kube-apiserver

View file

@ -2,28 +2,39 @@
dependencies: dependencies:
- role: download - role: download
file: "{{ downloads.hyperkube }}" file: "{{ downloads.hyperkube }}"
tags: [download, hyperkube, kubelet, network, canal, calico, weave, kube-controller-manager, kube-scheduler, kube-apiserver, kube-proxy, kubectl]
- role: download - role: download
file: "{{ downloads.pod_infra }}" file: "{{ downloads.pod_infra }}"
tags: [download, kubelet]
- role: kubernetes/secrets - role: kubernetes/secrets
tags: k8s-secrets
- role: download - role: download
file: "{{ downloads.nginx }}" file: "{{ downloads.nginx }}"
tags: [download, nginx]
- role: download - role: download
file: "{{ downloads.testbox }}" file: "{{ downloads.testbox }}"
tags: download
- role: download - role: download
file: "{{ downloads.netcheck_server }}" file: "{{ downloads.netcheck_server }}"
when: deploy_netchecker when: deploy_netchecker
tags: [download, netchecker]
- role: download - role: download
file: "{{ downloads.netcheck_agent }}" file: "{{ downloads.netcheck_agent }}"
when: deploy_netchecker when: deploy_netchecker
tags: [download, netchecker]
- role: download - role: download
file: "{{ downloads.netcheck_kubectl }}" file: "{{ downloads.netcheck_kubectl }}"
when: deploy_netchecker when: deploy_netchecker
tags: [download, netchecker]
- role: download - role: download
file: "{{ downloads.kubednsmasq }}" file: "{{ downloads.kubednsmasq }}"
when: not skip_dnsmasq_k8s|default(false) when: not skip_dnsmasq_k8s|default(false)
tags: [download, dnsmasq]
- role: download - role: download
file: "{{ downloads.kubedns }}" file: "{{ downloads.kubedns }}"
when: not skip_dnsmasq_k8s|default(false) when: not skip_dnsmasq_k8s|default(false)
tags: [download, dnsmasq]
- role: download - role: download
file: "{{ downloads.exechealthz }}" file: "{{ downloads.exechealthz }}"
when: not skip_dnsmasq_k8s|default(false) when: not skip_dnsmasq_k8s|default(false)
tags: [download, dnsmasq]

View file

@ -1,23 +1,26 @@
--- ---
- include: install.yml - include: install.yml
tags: kubelet
- include: nginx-proxy.yml - include: nginx-proxy.yml
when: is_kube_master == false and loadbalancer_apiserver_localhost|default(false) when: is_kube_master == false and loadbalancer_apiserver_localhost|default(false)
tags: nginx
- name: Write kubelet config file - name: Write kubelet config file
template: src=kubelet.j2 dest={{ kube_config_dir }}/kubelet.env backup=yes template: src=kubelet.j2 dest={{ kube_config_dir }}/kubelet.env backup=yes
notify: notify: restart kubelet
- restart kubelet tags: kubelet
- name: write the kubecfg (auth) file for kubelet - name: write the kubecfg (auth) file for kubelet
template: src=node-kubeconfig.yaml.j2 dest={{ kube_config_dir }}/node-kubeconfig.yaml backup=yes template: src=node-kubeconfig.yaml.j2 dest={{ kube_config_dir }}/node-kubeconfig.yaml backup=yes
notify: notify: restart kubelet
- restart kubelet tags: kubelet
- name: Write proxy manifest - name: Write proxy manifest
template: template:
src: manifests/kube-proxy.manifest.j2 src: manifests/kube-proxy.manifest.j2
dest: "{{ kube_manifest_dir }}/kube-proxy.manifest" dest: "{{ kube_manifest_dir }}/kube-proxy.manifest"
tags: kube-proxy
# reload-systemd # reload-systemd
- meta: flush_handlers - meta: flush_handlers
@ -27,3 +30,4 @@
name: kubelet name: kubelet
enabled: yes enabled: yes
state: started state: started
tags: kubelet

View file

@ -2,3 +2,4 @@
dependencies: dependencies:
- role: adduser - role: adduser
user: "{{ addusers.kube }}" user: "{{ addusers.kube }}"
tags: kubelet

View file

@ -3,6 +3,7 @@
set_fact: set_fact:
bin_dir: "/opt/bin" bin_dir: "/opt/bin"
when: ansible_os_family == "CoreOS" when: ansible_os_family == "CoreOS"
tags: facts
- name: check bin dir exists - name: check bin dir exists
file: file:
@ -10,11 +11,14 @@
state: directory state: directory
owner: root owner: root
become: true become: true
tags: bootstrap-os
- include: gitinfos.yml - include: gitinfos.yml
when: run_gitinfos when: run_gitinfos
tags: facts
- include: set_facts.yml - include: set_facts.yml
tags: facts
- name: gather os specific variables - name: gather os specific variables
include_vars: "{{ item }}" include_vars: "{{ item }}"
@ -29,6 +33,7 @@
paths: paths:
- ../vars - ../vars
skip: true skip: true
tags: facts
- name: Create kubernetes config directory - name: Create kubernetes config directory
file: file:
@ -36,6 +41,7 @@
state: directory state: directory
owner: kube owner: kube
when: "{{ inventory_hostname in groups['k8s-cluster'] }}" when: "{{ inventory_hostname in groups['k8s-cluster'] }}"
tags: [kubelet, k8s-secrets, kube-controller-manager, kube-apiserver, bootstrap-os, apps, network, master, node]
- name: Create kubernetes script directory - name: Create kubernetes script directory
file: file:
@ -43,6 +49,7 @@
state: directory state: directory
owner: kube owner: kube
when: "{{ inventory_hostname in groups['k8s-cluster'] }}" when: "{{ inventory_hostname in groups['k8s-cluster'] }}"
tags: [k8s-secrets, bootstrap-os]
- name: Create kubernetes manifests directory - name: Create kubernetes manifests directory
file: file:
@ -50,6 +57,7 @@
state: directory state: directory
owner: kube owner: kube
when: "{{ inventory_hostname in groups['k8s-cluster'] }}" when: "{{ inventory_hostname in groups['k8s-cluster'] }}"
tags: [kubelet, bootstrap-os, master, node]
- name: Create kubernetes logs directory - name: Create kubernetes logs directory
file: file:
@ -57,17 +65,21 @@
state: directory state: directory
owner: kube owner: kube
when: ansible_service_mgr in ["sysvinit","upstart"] and "{{ inventory_hostname in groups['k8s-cluster'] }}" when: ansible_service_mgr in ["sysvinit","upstart"] and "{{ inventory_hostname in groups['k8s-cluster'] }}"
tags: [bootstrap-os, master, node]
- name: check cloud_provider value - name: check cloud_provider value
fail: fail:
msg: "If set the 'cloud_provider' var must be set either to 'generic', 'gce', 'aws', 'azure' or 'openstack'" msg: "If set the 'cloud_provider' var must be set either to 'generic', 'gce', 'aws', 'azure' or 'openstack'"
when: cloud_provider is defined and cloud_provider not in ['generic', 'gce', 'aws', 'openstack', 'azure'] when: cloud_provider is defined and cloud_provider not in ['generic', 'gce', 'aws', 'openstack', 'azure']
tags: [cloud-provider, facts]
- include: openstack-credential-check.yml - include: openstack-credential-check.yml
when: cloud_provider is defined and cloud_provider == 'openstack' when: cloud_provider is defined and cloud_provider == 'openstack'
tags: [cloud-provider, openstack, facts]
- include: azure-credential-check.yml - include: azure-credential-check.yml
when: cloud_provider is defined and cloud_provider == 'azure' when: cloud_provider is defined and cloud_provider == 'azure'
tags: [cloud-provider, azure, facts]
- name: Fix ipv4 forward rule in GCE security policy - name: Fix ipv4 forward rule in GCE security policy
lineinfile: lineinfile:
@ -79,6 +91,7 @@
backup: yes backup: yes
validate: 'sysctl -f %s' validate: 'sysctl -f %s'
when: cloud_provider is defined and cloud_provider == 'gce' when: cloud_provider is defined and cloud_provider == 'gce'
tags: [cloud-provider, gce, bootstrap-os]
- name: Create cni directories - name: Create cni directories
file: file:
@ -89,26 +102,31 @@
- "/etc/cni/net.d" - "/etc/cni/net.d"
- "/opt/cni/bin" - "/opt/cni/bin"
when: kube_network_plugin in ["calico", "weave", "canal"] and "{{ inventory_hostname in groups['k8s-cluster'] }}" when: kube_network_plugin in ["calico", "weave", "canal"] and "{{ inventory_hostname in groups['k8s-cluster'] }}"
tags: [network, calico, weave, canal, bootstrap-os]
- name: Update package management cache (YUM) - name: Update package management cache (YUM)
yum: update_cache=yes name='*' yum: update_cache=yes name='*'
when: ansible_pkg_mgr == 'yum' when: ansible_pkg_mgr == 'yum'
tags: bootstrap-os
- name: Install latest version of python-apt for Debian distribs - name: Install latest version of python-apt for Debian distribs
apt: name=python-apt state=latest update_cache=yes cache_valid_time=3600 apt: name=python-apt state=latest update_cache=yes cache_valid_time=3600
when: ansible_os_family == "Debian" when: ansible_os_family == "Debian"
tags: bootstrap-os
- name: Install python-dnf for latest RedHat versions - name: Install python-dnf for latest RedHat versions
command: dnf install -y python-dnf yum command: dnf install -y python-dnf yum
when: ansible_distribution == "Fedora" and when: ansible_distribution == "Fedora" and
ansible_distribution_major_version > 21 ansible_distribution_major_version > 21
changed_when: False changed_when: False
tags: bootstrap-os
- name: Install epel-release on RedHat/CentOS - name: Install epel-release on RedHat/CentOS
shell: rpm -qa | grep epel-release || rpm -ivh {{ epel_rpm_download_url }} shell: rpm -qa | grep epel-release || rpm -ivh {{ epel_rpm_download_url }}
when: ansible_distribution in ["CentOS","RedHat"] and when: ansible_distribution in ["CentOS","RedHat"] and
ansible_distribution_major_version >= 7 ansible_distribution_major_version >= 7
changed_when: False changed_when: False
tags: bootstrap-os
- name: Install packages requirements - name: Install packages requirements
action: action:
@ -121,6 +139,7 @@
delay: "{{ retry_stagger | random + 3 }}" delay: "{{ retry_stagger | random + 3 }}"
with_items: "{{required_pkgs | default([]) | union(common_required_pkgs|default([]))}}" with_items: "{{required_pkgs | default([]) | union(common_required_pkgs|default([]))}}"
when: ansible_os_family != "CoreOS" when: ansible_os_family != "CoreOS"
tags: bootstrap-os
- name: Disable IPv6 DNS lookup - name: Disable IPv6 DNS lookup
lineinfile: lineinfile:
@ -129,12 +148,14 @@
state: present state: present
backup: yes backup: yes
when: disable_ipv6_dns and ansible_os_family != "CoreOS" when: disable_ipv6_dns and ansible_os_family != "CoreOS"
tags: bootstrap-os
# Todo : selinux configuration # Todo : selinux configuration
- name: Set selinux policy to permissive - name: Set selinux policy to permissive
selinux: policy=targeted state=permissive selinux: policy=targeted state=permissive
when: ansible_os_family == "RedHat" when: ansible_os_family == "RedHat"
changed_when: False changed_when: False
tags: bootstrap-os
- name: Write openstack cloud-config - name: Write openstack cloud-config
template: template:
@ -143,6 +164,7 @@
group: "{{ kube_cert_group }}" group: "{{ kube_cert_group }}"
mode: 0640 mode: 0640
when: cloud_provider is defined and cloud_provider == "openstack" when: cloud_provider is defined and cloud_provider == "openstack"
tags: [cloud-provider, openstack]
- name: Write azure cloud-config - name: Write azure cloud-config
template: template:
@ -151,5 +173,7 @@
group: "{{ kube_cert_group }}" group: "{{ kube_cert_group }}"
mode: 0640 mode: 0640
when: cloud_provider is defined and cloud_provider == "azure" when: cloud_provider is defined and cloud_provider == "azure"
tags: [cloud-provider, azure]
- include: etchosts.yml - include: etchosts.yml
tags: [bootstrap-os, etchosts]

View file

@ -26,6 +26,7 @@
- set_fact: - set_fact:
master_certs: ['ca-key.pem', 'admin.pem', 'admin-key.pem', 'apiserver-key.pem', 'apiserver.pem'] master_certs: ['ca-key.pem', 'admin.pem', 'admin-key.pem', 'apiserver-key.pem', 'apiserver.pem']
node_certs: ['ca.pem', 'node.pem', 'node-key.pem'] node_certs: ['ca.pem', 'node.pem', 'node-key.pem']
tags: facts
- name: Gen_certs | Gather master certs - name: Gen_certs | Gather master certs
shell: "tar cfz - -C {{ kube_cert_dir }} {{ master_certs|join(' ') }} {{ node_certs|join(' ') }} | base64 --wrap=0" shell: "tar cfz - -C {{ kube_cert_dir }} {{ master_certs|join(' ') }} {{ node_certs|join(' ') }} | base64 --wrap=0"
@ -75,6 +76,7 @@
{%- elif ansible_os_family == "CoreOS" -%} {%- elif ansible_os_family == "CoreOS" -%}
/etc/ssl/certs/kube-ca.pem /etc/ssl/certs/kube-ca.pem
{%- endif %} {%- endif %}
tags: facts
- name: Gen_certs | add CA to trusted CA dir - name: Gen_certs | add CA to trusted CA dir
copy: copy:

View file

@ -1,6 +1,8 @@
--- ---
- include: check-certs.yml - include: check-certs.yml
tags: [k8s-secrets, facts]
- include: check-tokens.yml - include: check-tokens.yml
tags: [k8s-secrets, facts]
- name: Make sure the certificate directory exits - name: Make sure the certificate directory exits
file: file:
@ -34,5 +36,6 @@
notify: set secret_changed notify: set secret_changed
- include: gen_certs.yml - include: gen_certs.yml
tags: k8s-secrets
- include: gen_tokens.yml - include: gen_tokens.yml
tags: k8s-secrets

View file

@ -2,9 +2,13 @@
dependencies: dependencies:
- role: download - role: download
file: "{{ downloads.calico_cni }}" file: "{{ downloads.calico_cni }}"
tags: download
- role: download - role: download
file: "{{ downloads.calico_node }}" file: "{{ downloads.calico_node }}"
tags: download
- role: download - role: download
file: "{{ downloads.calicoctl }}" file: "{{ downloads.calicoctl }}"
tags: download
- role: download - role: download
file: "{{ downloads.hyperkube }}" file: "{{ downloads.hyperkube }}"
tags: download

View file

@ -3,6 +3,7 @@
run_once: true run_once: true
set_fact: set_fact:
legacy_calicoctl: "{{ calicoctl_image_tag | version_compare('v1.0.0', '<') }}" legacy_calicoctl: "{{ calicoctl_image_tag | version_compare('v1.0.0', '<') }}"
tags: facts
- name: Calico | Write Calico cni config - name: Calico | Write Calico cni config
template: template:
@ -46,6 +47,7 @@
retries: 4 retries: 4
delay: "{{ retry_stagger | random + 3 }}" delay: "{{ retry_stagger | random + 3 }}"
changed_when: false changed_when: false
tags: [hyperkube, upgrade]
- name: Calico | Copy cni plugins from calico/cni container - name: Calico | Copy cni plugins from calico/cni container
command: "/usr/bin/docker run --rm -v /opt/cni/bin:/cnibindir {{ calico_cni_image_repo }}:{{ calico_cni_image_tag }} sh -c 'cp -a /opt/cni/bin/* /cnibindir/'" command: "/usr/bin/docker run --rm -v /opt/cni/bin:/cnibindir {{ calico_cni_image_repo }}:{{ calico_cni_image_tag }} sh -c 'cp -a /opt/cni/bin/* /cnibindir/'"
@ -55,6 +57,7 @@
delay: "{{ retry_stagger | random + 3 }}" delay: "{{ retry_stagger | random + 3 }}"
changed_when: false changed_when: false
when: "{{ overwrite_hyperkube_cni|bool }}" when: "{{ overwrite_hyperkube_cni|bool }}"
tags: [hyperkube, upgrade]
- name: Calico | wait for etcd - name: Calico | wait for etcd
uri: url=https://localhost:2379/health validate_certs=no uri: url=https://localhost:2379/health validate_certs=no
@ -75,6 +78,7 @@
register: calico_conf register: calico_conf
delegate_to: "{{groups['etcd'][0]}}" delegate_to: "{{groups['etcd'][0]}}"
run_once: true run_once: true
tags: facts
- name: Calico | Configure calico network pool - name: Calico | Configure calico network pool
shell: > shell: >
@ -98,6 +102,7 @@
ipip_arg: "--ipip" ipip_arg: "--ipip"
when: (legacy_calicoctl and when: (legacy_calicoctl and
cloud_provider is defined or ipip) cloud_provider is defined or ipip)
tags: facts
- name: Calico (old) | Define nat-outgoing pool argument - name: Calico (old) | Define nat-outgoing pool argument
run_once: true run_once: true
@ -105,12 +110,14 @@
nat_arg: "--nat-outgoing" nat_arg: "--nat-outgoing"
when: (legacy_calicoctl and when: (legacy_calicoctl and
nat_outgoing|default(false) and not peer_with_router|default(false)) nat_outgoing|default(false) and not peer_with_router|default(false))
tags: facts
- name: Calico (old) | Define calico pool task name - name: Calico (old) | Define calico pool task name
run_once: true run_once: true
set_fact: set_fact:
pool_task_name: "with options {{ ipip_arg|default('') }} {{ nat_arg|default('') }}" pool_task_name: "with options {{ ipip_arg|default('') }} {{ nat_arg|default('') }}"
when: (legacy_calicoctl and ipip_arg|default(false) or nat_arg|default(false)) when: (legacy_calicoctl and ipip_arg|default(false) or nat_arg|default(false))
tags: facts
- name: Calico (old) | Configure calico network pool {{ pool_task_name|default('') }} - name: Calico (old) | Configure calico network pool {{ pool_task_name|default('') }}
command: "{{ bin_dir}}/calicoctl pool add {{ kube_pods_subnet }} {{ ipip_arg|default('') }} {{ nat_arg|default('') }}" command: "{{ bin_dir}}/calicoctl pool add {{ kube_pods_subnet }} {{ ipip_arg|default('') }} {{ nat_arg|default('') }}"
@ -134,6 +141,7 @@
- set_fact: - set_fact:
calico_pools: "{{ calico_pools_raw.stdout | from_json }}" calico_pools: "{{ calico_pools_raw.stdout | from_json }}"
run_once: true run_once: true
tags: facts
- name: Calico | Check if calico pool is properly configured - name: Calico | Check if calico pool is properly configured
fail: fail:
@ -142,6 +150,7 @@
when: ( calico_pools['node']['nodes'] | length > 1 ) or when: ( calico_pools['node']['nodes'] | length > 1 ) or
( not calico_pools['node']['nodes'][0]['key'] | search(".*{{ kube_pods_subnet | ipaddr('network') }}.*") ) ( not calico_pools['node']['nodes'][0]['key'] | search(".*{{ kube_pods_subnet | ipaddr('network') }}.*") )
run_once: true run_once: true
tags: facts
- name: Calico | Write /etc/network-environment - name: Calico | Write /etc/network-environment
template: src=network-environment.j2 dest=/etc/network-environment template: src=network-environment.j2 dest=/etc/network-environment

View file

@ -2,11 +2,16 @@
dependencies: dependencies:
- role: download - role: download
file: "{{ downloads.flannel }}" file: "{{ downloads.flannel }}"
tags: download
- role: download - role: download
file: "{{ downloads.calico_node }}" file: "{{ downloads.calico_node }}"
tags: download
- role: download - role: download
file: "{{ downloads.calicoctl }}" file: "{{ downloads.calicoctl }}"
tags: download
- role: download - role: download
file: "{{ downloads.calico_cni }}" file: "{{ downloads.calico_cni }}"
tags: download
- role: download - role: download
file: "{{ downloads.calico_policy }}" file: "{{ downloads.calico_policy }}"
tags: download

View file

@ -49,6 +49,7 @@
retries: 4 retries: 4
delay: "{{ retry_stagger | random + 3 }}" delay: "{{ retry_stagger | random + 3 }}"
changed_when: false changed_when: false
tags: [hyperkube, upgrade]
- name: Canal | Copy cni plugins from calico/cni - name: Canal | Copy cni plugins from calico/cni
command: "/usr/bin/docker run --rm -v /opt/cni/bin:/cnibindir {{ calico_cni_image_repo }}:{{ calico_cni_image_tag }} sh -c 'cp -a /opt/cni/bin/* /cnibindir/'" command: "/usr/bin/docker run --rm -v /opt/cni/bin:/cnibindir {{ calico_cni_image_repo }}:{{ calico_cni_image_tag }} sh -c 'cp -a /opt/cni/bin/* /cnibindir/'"
@ -57,3 +58,4 @@
retries: 4 retries: 4
delay: "{{ retry_stagger | random + 3 }}" delay: "{{ retry_stagger | random + 3 }}"
changed_when: false changed_when: false
tags: [hyperkube, upgrade]

View file

@ -2,3 +2,4 @@
dependencies: dependencies:
- role: download - role: download
file: "{{ downloads.flannel }}" file: "{{ downloads.flannel }}"
tags: download

View file

@ -26,6 +26,7 @@
- set_fact: - set_fact:
flannel_subnet: "{{ flannel_subnet_output.stdout }}" flannel_subnet: "{{ flannel_subnet_output.stdout }}"
tags: facts
- name: Flannel | Get flannel_mtu from subnet.env - name: Flannel | Get flannel_mtu from subnet.env
shell: cat /run/flannel/subnet.env | awk -F'=' '$1 == "FLANNEL_MTU" {print $2}' shell: cat /run/flannel/subnet.env | awk -F'=' '$1 == "FLANNEL_MTU" {print $2}'
@ -34,17 +35,21 @@
- set_fact: - set_fact:
flannel_mtu: "{{ flannel_mtu_output.stdout }}" flannel_mtu: "{{ flannel_mtu_output.stdout }}"
tags: facts
- set_fact: - set_fact:
docker_options_file: >- docker_options_file: >-
{%- if ansible_os_family == "Debian" -%}/etc/default/docker{%- elif ansible_os_family == "RedHat" -%}/etc/sysconfig/docker{%- endif -%} {%- if ansible_os_family == "Debian" -%}/etc/default/docker{%- elif ansible_os_family == "RedHat" -%}/etc/sysconfig/docker{%- endif -%}
tags: facts
- set_fact: - set_fact:
docker_options_name: >- docker_options_name: >-
{%- if ansible_os_family == "Debian" -%}DOCKER_OPTS{%- elif ansible_os_family == "RedHat" -%}other_args{%- endif -%} {%- if ansible_os_family == "Debian" -%}DOCKER_OPTS{%- elif ansible_os_family == "RedHat" -%}other_args{%- endif -%}
tags: facts
- set_fact: - set_fact:
docker_network_options: '"--bip={{ flannel_subnet }} --mtu={{ flannel_mtu }}"' docker_network_options: '"--bip={{ flannel_subnet }} --mtu={{ flannel_mtu }}"'
tags: facts
- name: Flannel | Remove non-systemd docker daemon network options that don't match desired line - name: Flannel | Remove non-systemd docker daemon network options that don't match desired line
lineinfile: lineinfile:

View file

@ -2,9 +2,13 @@
dependencies: dependencies:
- role: network_plugin/calico - role: network_plugin/calico
when: kube_network_plugin == 'calico' when: kube_network_plugin == 'calico'
tags: calico
- role: network_plugin/flannel - role: network_plugin/flannel
when: kube_network_plugin == 'flannel' when: kube_network_plugin == 'flannel'
tags: flannel
- role: network_plugin/weave - role: network_plugin/weave
when: kube_network_plugin == 'weave' when: kube_network_plugin == 'weave'
tags: weave
- role: network_plugin/canal - role: network_plugin/canal
when: kube_network_plugin == 'canal' when: kube_network_plugin == 'canal'
tags: canal

View file

@ -2,3 +2,4 @@
dependencies: dependencies:
- role: download - role: download
file: "{{ downloads.weave }}" file: "{{ downloads.weave }}"
tags: download

View file

@ -6,6 +6,7 @@
retries: 4 retries: 4
delay: "{{ retry_stagger | random + 3 }}" delay: "{{ retry_stagger | random + 3 }}"
changed_when: false changed_when: false
tags: [hyperkube, upgrade]
- name: Weave | Install weave - name: Weave | Install weave
command: rsync -piu "{{ local_release_dir }}/weave/bin/weave" "{{ bin_dir }}/weave" command: rsync -piu "{{ local_release_dir }}/weave/bin/weave" "{{ bin_dir }}/weave"

10
scripts/gen_tags.sh Normal file
View file

@ -0,0 +1,10 @@
#!/bin/sh -eo pipefail
#Generate MD formatted tags from roles and cluster yaml files
printf "|%25s |%9s\n" "Tag name" "Used for"
echo "|--------------------------|---------"
tags=$(grep -r tags: . | perl -ne '/tags:\s\[?(([\w\-_]+,?\s?)+)/ && printf "%s ", "$1"'|\
perl -ne 'print join "\n", split /\s|,/' | sort -u)
for tag in $tags; do
match=$(cat docs/ansible.md | perl -ne "/^\|\s+${tag}\s\|\s+((\S+\s?)+)/ && printf \$1")
printf "|%25s |%s\n" "${tag}" " ${match}"
done