Enable ClearLinux as a distro in kubespray (#3855)
Signed-off-by: Ganesh Maharaj Mahalingam <ganesh.mahalingam@intel.com>
This commit is contained in:
parent
30a9149b52
commit
73aee004ac
13 changed files with 95 additions and 12 deletions
14
roles/bootstrap-os/tasks/bootstrap-clearlinux.yml
Normal file
14
roles/bootstrap-os/tasks/bootstrap-clearlinux.yml
Normal file
|
@ -0,0 +1,14 @@
|
|||
---
|
||||
- name: Install basic packages to run containers
|
||||
package:
|
||||
name: "{{ item }}"
|
||||
state: present
|
||||
with_items:
|
||||
- containers-basic
|
||||
|
||||
- name: Make sure docker service is enabled
|
||||
systemd:
|
||||
name: docker
|
||||
enabled: yes
|
||||
daemon_reload: yes
|
||||
state: started
|
|
@ -20,6 +20,8 @@
|
|||
centos
|
||||
{%- elif 'OpenSUSE' in os_release.stdout -%}
|
||||
opensuse
|
||||
{%- elif 'Clear Linux OS' in os_release.stdout -%}
|
||||
clearlinux
|
||||
{%- endif -%}
|
||||
|
||||
- include_tasks: bootstrap-ubuntu.yml
|
||||
|
@ -40,6 +42,9 @@
|
|||
- include_tasks: bootstrap-opensuse.yml
|
||||
when: os_family == "opensuse"
|
||||
|
||||
- include_tasks: bootstrap-clearlinux.yml
|
||||
when: os_family == "clearlinux"
|
||||
|
||||
- import_tasks: setup-pipelining.yml
|
||||
|
||||
- name: Create remote_tmp for it is used by another module
|
||||
|
@ -58,14 +63,14 @@
|
|||
name: "{{inventory_hostname}}"
|
||||
when:
|
||||
- override_system_hostname
|
||||
- ansible_os_family not in ['Suse', 'CoreOS', 'Container Linux by CoreOS']
|
||||
- ansible_os_family not in ['Suse', 'CoreOS', 'Container Linux by CoreOS', 'ClearLinux']
|
||||
|
||||
- name: Assign inventory name to unconfigured hostnames (CoreOS and Tumbleweed only)
|
||||
command: "hostnamectl set-hostname {{inventory_hostname}}"
|
||||
register: hostname_changed
|
||||
when:
|
||||
- override_system_hostname
|
||||
- ansible_os_family in ['Suse', 'CoreOS', 'Container Linux by CoreOS']
|
||||
- ansible_os_family in ['Suse', 'CoreOS', 'Container Linux by CoreOS', 'ClearLinux']
|
||||
|
||||
- name: Update hostname fact (CoreOS and Tumbleweed only)
|
||||
setup:
|
||||
|
|
|
@ -24,6 +24,14 @@
|
|||
gpgcheck: no
|
||||
when: ansible_distribution in ["CentOS","RedHat"] and not is_atomic
|
||||
|
||||
- name: Make sure needed folders exist in the system
|
||||
with_items:
|
||||
- /etc/crio
|
||||
- /etc/containers
|
||||
file:
|
||||
path: "{{ item }}"
|
||||
state: directory
|
||||
|
||||
- name: Install cri-o packages
|
||||
package:
|
||||
name: "{{ item }}"
|
||||
|
|
|
@ -107,7 +107,11 @@ selinux = {{ (preinstall_selinux_state == 'enforcing')|lower }}
|
|||
|
||||
# seccomp_profile is the seccomp json profile path which is used as the
|
||||
# default for the runtime.
|
||||
{% if ansible_os_family == "ClearLinux" %}
|
||||
seccomp_profile = "/usr/share/defaults/crio/seccomp.json"
|
||||
{% else %}
|
||||
seccomp_profile = "/etc/crio/seccomp.json"
|
||||
{% endif %}
|
||||
|
||||
# apparmor_profile is the apparmor profile name which is used as the
|
||||
# default for the runtime.
|
||||
|
@ -199,7 +203,11 @@ pause_command = "/pause"
|
|||
# use when deciding whether or not to trust an image that we've pulled.
|
||||
# Outside of testing situations, it is strongly advised that this be left
|
||||
# unspecified so that the default system-wide policy will be used.
|
||||
{% if ansible_os_family == "ClearLinux" %}
|
||||
signature_policy = "/usr/share/defaults/crio/policy.json"
|
||||
{% else %}
|
||||
signature_policy = ""
|
||||
{% endif %}
|
||||
|
||||
# image_volumes controls how image volumes are handled.
|
||||
# The valid values are mkdir and ignore.
|
||||
|
|
5
roles/container-engine/cri-o/vars/clearlinux.yml
Normal file
5
roles/container-engine/cri-o/vars/clearlinux.yml
Normal file
|
@ -0,0 +1,5 @@
|
|||
---
|
||||
crio_packages:
|
||||
- containers-basic
|
||||
|
||||
crio_service: crio
|
|
@ -45,7 +45,7 @@
|
|||
docker requires a minimum kernel version of
|
||||
{{ docker_kernel_min_version }} on
|
||||
{{ ansible_distribution }}-{{ ansible_distribution_version }}
|
||||
when: (not ansible_os_family in ["CoreOS", "Container Linux by CoreOS"]) and (ansible_kernel is version(docker_kernel_min_version, "<"))
|
||||
when: (not ansible_os_family in ["CoreOS", "Container Linux by CoreOS", "ClearLinux"]) and (ansible_kernel is version(docker_kernel_min_version, "<"))
|
||||
tags:
|
||||
- facts
|
||||
|
||||
|
@ -62,7 +62,7 @@
|
|||
retries: 4
|
||||
delay: "{{ retry_stagger | d(3) }}"
|
||||
with_items: "{{ docker_repo_key_info.repo_keys }}"
|
||||
when: not (ansible_os_family in ["CoreOS", "Container Linux by CoreOS", "RedHat", "Suse"] or is_atomic)
|
||||
when: not (ansible_os_family in ["CoreOS", "Container Linux by CoreOS", "RedHat", "Suse", "ClearLinux"] or is_atomic)
|
||||
|
||||
- name: ensure docker-ce repository is enabled
|
||||
action: "{{ docker_repo_info.pkg_repo }}"
|
||||
|
@ -70,7 +70,7 @@
|
|||
repo: "{{item}}"
|
||||
state: present
|
||||
with_items: "{{ docker_repo_info.repos }}"
|
||||
when: not (ansible_os_family in ["CoreOS", "Container Linux by CoreOS", "RedHat", "Suse"] or is_atomic) and (docker_repo_info.repos|length > 0)
|
||||
when: not (ansible_os_family in ["CoreOS", "Container Linux by CoreOS", "RedHat", "Suse", "ClearLinux"] or is_atomic) and (docker_repo_info.repos|length > 0)
|
||||
|
||||
- name: ensure docker-engine repository public key is installed
|
||||
action: "{{ dockerproject_repo_key_info.pkg_key }}"
|
||||
|
@ -84,7 +84,7 @@
|
|||
delay: "{{ retry_stagger | d(3) }}"
|
||||
with_items: "{{ dockerproject_repo_key_info.repo_keys }}"
|
||||
when:
|
||||
- not (ansible_os_family in ["CoreOS", "Container Linux by CoreOS", "RedHat", "Suse"] or is_atomic)
|
||||
- not (ansible_os_family in ["CoreOS", "Container Linux by CoreOS", "RedHat", "Suse", "ClearLinux"] or is_atomic)
|
||||
- use_docker_engine is defined and use_docker_engine
|
||||
|
||||
- name: ensure docker-engine repository is enabled
|
||||
|
@ -95,7 +95,7 @@
|
|||
with_items: "{{ dockerproject_repo_info.repos }}"
|
||||
when:
|
||||
- use_docker_engine is defined and use_docker_engine
|
||||
- not (ansible_os_family in ["CoreOS", "Container Linux by CoreOS", "RedHat", "Suse"] or is_atomic) and (dockerproject_repo_info.repos|length > 0)
|
||||
- not (ansible_os_family in ["CoreOS", "Container Linux by CoreOS", "RedHat", "Suse", "ClearLinux"] or is_atomic) and (dockerproject_repo_info.repos|length > 0)
|
||||
|
||||
- name: Configure docker repository on Fedora
|
||||
template:
|
||||
|
@ -138,9 +138,23 @@
|
|||
delay: "{{ retry_stagger | d(3) }}"
|
||||
with_items: "{{ docker_package_info.pkgs }}"
|
||||
notify: restart docker
|
||||
when: not (ansible_os_family in ["CoreOS", "Container Linux by CoreOS"] or is_atomic) and (docker_package_info.pkgs|length > 0)
|
||||
when: not (ansible_os_family in ["CoreOS", "Container Linux by CoreOS", "ClearLinux"] or is_atomic) and (docker_package_info.pkgs|length > 0)
|
||||
ignore_errors: true
|
||||
|
||||
- name: Ensure docker packages are installed
|
||||
action: "{{ docker_package_info.pkg_mgr }}"
|
||||
args:
|
||||
name: "{{ item.name }}"
|
||||
state: present
|
||||
with_items: "{{ docker_package_info.pkgs }}"
|
||||
register: docker_task_result
|
||||
until: docker_task_result is succeeded
|
||||
retries: 4
|
||||
delay: "{{ retry_stagger | d(3) }}"
|
||||
notify: restart docker
|
||||
ignore_errors: true
|
||||
when: ansible_os_family in ["ClearLinux"]
|
||||
|
||||
- name: get available packages on Ubuntu
|
||||
command: apt-cache policy docker-ce
|
||||
when:
|
||||
|
@ -162,7 +176,7 @@
|
|||
dest: "/etc/apt/preferences.d/docker"
|
||||
owner: "root"
|
||||
mode: 0644
|
||||
when: not (ansible_os_family in ["CoreOS", "Container Linux by CoreOS", "RedHat", "Suse"] or is_atomic)
|
||||
when: not (ansible_os_family in ["CoreOS", "Container Linux by CoreOS", "ClearLinux", "RedHat", "Suse"] or is_atomic)
|
||||
|
||||
- name: ensure service is started if docker packages are already present
|
||||
service:
|
||||
|
|
5
roles/container-engine/docker/vars/clearlinux.yml
Normal file
5
roles/container-engine/docker/vars/clearlinux.yml
Normal file
|
@ -0,0 +1,5 @@
|
|||
---
|
||||
docker_package_info:
|
||||
pkg_mgr: swupd
|
||||
pkgs:
|
||||
- name: "containers-basic"
|
|
@ -2,4 +2,4 @@
|
|||
dependencies:
|
||||
- role: adduser
|
||||
user: "{{ addusers.etcd }}"
|
||||
when: not (ansible_os_family in ['CoreOS', 'Container Linux by CoreOS'] or is_atomic)
|
||||
when: not (ansible_os_family in ['CoreOS', 'Container Linux by CoreOS', "ClearLinux"] or is_atomic)
|
||||
|
|
|
@ -10,6 +10,8 @@
|
|||
/etc/ssl/certs/etcd-ca.pem
|
||||
{%- elif ansible_os_family == "Suse" -%}
|
||||
/etc/pki/trust/anchors/etcd-ca.pem
|
||||
{%- elif ansible_os_family == "ClearLinux" -%}
|
||||
/usr/share/ca-certs/etcd-ca.pem
|
||||
{%- endif %}
|
||||
tags:
|
||||
- facts
|
||||
|
@ -28,3 +30,7 @@
|
|||
- name: Gen_certs | update ca-certificates (RedHat)
|
||||
command: update-ca-trust extract
|
||||
when: etcd_ca_cert.changed and ansible_os_family == "RedHat"
|
||||
|
||||
- name: Gen_certs | update ca-certificates (ClearLinux)
|
||||
command: clrtrust add "{{ ca_cert_path }}"
|
||||
when: etcd_ca_cert.changed and ansible_os_family == "ClearLinux"
|
||||
|
|
|
@ -59,6 +59,11 @@
|
|||
failed_when: modinfo_br_netfilter.rc not in [0, 1]
|
||||
changed_when: false
|
||||
|
||||
- name: Verify br_netfilter module path exists
|
||||
file:
|
||||
path: /etc/modules-load.d
|
||||
state: directory
|
||||
|
||||
- name: Enable br_netfilter module
|
||||
modprobe:
|
||||
name: br_netfilter
|
||||
|
|
|
@ -21,7 +21,7 @@
|
|||
|
||||
- name: Stop if unknown OS
|
||||
assert:
|
||||
that: ansible_distribution in ['RedHat', 'CentOS', 'Fedora', 'Ubuntu', 'Debian', 'CoreOS', 'Container Linux by CoreOS', 'openSUSE Leap', 'openSUSE Tumbleweed']
|
||||
that: ansible_os_family in ['RedHat', 'CentOS', 'Fedora', 'Ubuntu', 'Debian', 'CoreOS', 'Container Linux by CoreOS', 'openSUSE Leap', 'openSUSE Tumbleweed', 'ClearLinux']
|
||||
ignore_errors: "{{ ignore_assert_errors }}"
|
||||
|
||||
- name: Stop if unknown network plugin
|
||||
|
|
|
@ -95,6 +95,14 @@
|
|||
retries: 4
|
||||
delay: "{{ retry_stagger | random + 3 }}"
|
||||
with_items: "{{required_pkgs | default([]) | union(common_required_pkgs|default([]))}}"
|
||||
when: not (ansible_os_family in ["CoreOS", "Container Linux by CoreOS"] or is_atomic)
|
||||
when: not (ansible_os_family in ["CoreOS", "Container Linux by CoreOS", "ClearLinux"] or is_atomic)
|
||||
tags:
|
||||
- bootstrap-os
|
||||
|
||||
- name: Install ipvsadm for ClearLinux
|
||||
swupd:
|
||||
name: ipvsadm
|
||||
state: present
|
||||
when:
|
||||
- ansible_os_family in ["ClearLinux"]
|
||||
- kube_proxy_mode == 'ipvs'
|
||||
|
|
|
@ -45,6 +45,11 @@
|
|||
tags:
|
||||
- bootstrap-os
|
||||
|
||||
- name: Make sure sysctl file path folder exists
|
||||
file:
|
||||
name: "{{ sysctl_file_path | dirname }}"
|
||||
state: directory
|
||||
|
||||
- name: Enable ip forwarding
|
||||
sysctl:
|
||||
sysctl_file: "{{sysctl_file_path}}"
|
||||
|
|
Loading…
Reference in a new issue