Enable ClearLinux as a distro in kubespray (#3855)
Signed-off-by: Ganesh Maharaj Mahalingam <ganesh.mahalingam@intel.com>
This commit is contained in:
parent
30a9149b52
commit
73aee004ac
13 changed files with 95 additions and 12 deletions
14
roles/bootstrap-os/tasks/bootstrap-clearlinux.yml
Normal file
14
roles/bootstrap-os/tasks/bootstrap-clearlinux.yml
Normal file
|
@ -0,0 +1,14 @@
|
||||||
|
---
|
||||||
|
- name: Install basic packages to run containers
|
||||||
|
package:
|
||||||
|
name: "{{ item }}"
|
||||||
|
state: present
|
||||||
|
with_items:
|
||||||
|
- containers-basic
|
||||||
|
|
||||||
|
- name: Make sure docker service is enabled
|
||||||
|
systemd:
|
||||||
|
name: docker
|
||||||
|
enabled: yes
|
||||||
|
daemon_reload: yes
|
||||||
|
state: started
|
|
@ -20,6 +20,8 @@
|
||||||
centos
|
centos
|
||||||
{%- elif 'OpenSUSE' in os_release.stdout -%}
|
{%- elif 'OpenSUSE' in os_release.stdout -%}
|
||||||
opensuse
|
opensuse
|
||||||
|
{%- elif 'Clear Linux OS' in os_release.stdout -%}
|
||||||
|
clearlinux
|
||||||
{%- endif -%}
|
{%- endif -%}
|
||||||
|
|
||||||
- include_tasks: bootstrap-ubuntu.yml
|
- include_tasks: bootstrap-ubuntu.yml
|
||||||
|
@ -40,6 +42,9 @@
|
||||||
- include_tasks: bootstrap-opensuse.yml
|
- include_tasks: bootstrap-opensuse.yml
|
||||||
when: os_family == "opensuse"
|
when: os_family == "opensuse"
|
||||||
|
|
||||||
|
- include_tasks: bootstrap-clearlinux.yml
|
||||||
|
when: os_family == "clearlinux"
|
||||||
|
|
||||||
- import_tasks: setup-pipelining.yml
|
- import_tasks: setup-pipelining.yml
|
||||||
|
|
||||||
- name: Create remote_tmp for it is used by another module
|
- name: Create remote_tmp for it is used by another module
|
||||||
|
@ -58,14 +63,14 @@
|
||||||
name: "{{inventory_hostname}}"
|
name: "{{inventory_hostname}}"
|
||||||
when:
|
when:
|
||||||
- override_system_hostname
|
- override_system_hostname
|
||||||
- ansible_os_family not in ['Suse', 'CoreOS', 'Container Linux by CoreOS']
|
- ansible_os_family not in ['Suse', 'CoreOS', 'Container Linux by CoreOS', 'ClearLinux']
|
||||||
|
|
||||||
- name: Assign inventory name to unconfigured hostnames (CoreOS and Tumbleweed only)
|
- name: Assign inventory name to unconfigured hostnames (CoreOS and Tumbleweed only)
|
||||||
command: "hostnamectl set-hostname {{inventory_hostname}}"
|
command: "hostnamectl set-hostname {{inventory_hostname}}"
|
||||||
register: hostname_changed
|
register: hostname_changed
|
||||||
when:
|
when:
|
||||||
- override_system_hostname
|
- override_system_hostname
|
||||||
- ansible_os_family in ['Suse', 'CoreOS', 'Container Linux by CoreOS']
|
- ansible_os_family in ['Suse', 'CoreOS', 'Container Linux by CoreOS', 'ClearLinux']
|
||||||
|
|
||||||
- name: Update hostname fact (CoreOS and Tumbleweed only)
|
- name: Update hostname fact (CoreOS and Tumbleweed only)
|
||||||
setup:
|
setup:
|
||||||
|
|
|
@ -24,6 +24,14 @@
|
||||||
gpgcheck: no
|
gpgcheck: no
|
||||||
when: ansible_distribution in ["CentOS","RedHat"] and not is_atomic
|
when: ansible_distribution in ["CentOS","RedHat"] and not is_atomic
|
||||||
|
|
||||||
|
- name: Make sure needed folders exist in the system
|
||||||
|
with_items:
|
||||||
|
- /etc/crio
|
||||||
|
- /etc/containers
|
||||||
|
file:
|
||||||
|
path: "{{ item }}"
|
||||||
|
state: directory
|
||||||
|
|
||||||
- name: Install cri-o packages
|
- name: Install cri-o packages
|
||||||
package:
|
package:
|
||||||
name: "{{ item }}"
|
name: "{{ item }}"
|
||||||
|
|
|
@ -107,7 +107,11 @@ selinux = {{ (preinstall_selinux_state == 'enforcing')|lower }}
|
||||||
|
|
||||||
# seccomp_profile is the seccomp json profile path which is used as the
|
# seccomp_profile is the seccomp json profile path which is used as the
|
||||||
# default for the runtime.
|
# default for the runtime.
|
||||||
|
{% if ansible_os_family == "ClearLinux" %}
|
||||||
|
seccomp_profile = "/usr/share/defaults/crio/seccomp.json"
|
||||||
|
{% else %}
|
||||||
seccomp_profile = "/etc/crio/seccomp.json"
|
seccomp_profile = "/etc/crio/seccomp.json"
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
# apparmor_profile is the apparmor profile name which is used as the
|
# apparmor_profile is the apparmor profile name which is used as the
|
||||||
# default for the runtime.
|
# default for the runtime.
|
||||||
|
@ -199,7 +203,11 @@ pause_command = "/pause"
|
||||||
# use when deciding whether or not to trust an image that we've pulled.
|
# use when deciding whether or not to trust an image that we've pulled.
|
||||||
# Outside of testing situations, it is strongly advised that this be left
|
# Outside of testing situations, it is strongly advised that this be left
|
||||||
# unspecified so that the default system-wide policy will be used.
|
# unspecified so that the default system-wide policy will be used.
|
||||||
|
{% if ansible_os_family == "ClearLinux" %}
|
||||||
|
signature_policy = "/usr/share/defaults/crio/policy.json"
|
||||||
|
{% else %}
|
||||||
signature_policy = ""
|
signature_policy = ""
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
# image_volumes controls how image volumes are handled.
|
# image_volumes controls how image volumes are handled.
|
||||||
# The valid values are mkdir and ignore.
|
# The valid values are mkdir and ignore.
|
||||||
|
|
5
roles/container-engine/cri-o/vars/clearlinux.yml
Normal file
5
roles/container-engine/cri-o/vars/clearlinux.yml
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
---
|
||||||
|
crio_packages:
|
||||||
|
- containers-basic
|
||||||
|
|
||||||
|
crio_service: crio
|
|
@ -45,7 +45,7 @@
|
||||||
docker requires a minimum kernel version of
|
docker requires a minimum kernel version of
|
||||||
{{ docker_kernel_min_version }} on
|
{{ docker_kernel_min_version }} on
|
||||||
{{ ansible_distribution }}-{{ ansible_distribution_version }}
|
{{ ansible_distribution }}-{{ ansible_distribution_version }}
|
||||||
when: (not ansible_os_family in ["CoreOS", "Container Linux by CoreOS"]) and (ansible_kernel is version(docker_kernel_min_version, "<"))
|
when: (not ansible_os_family in ["CoreOS", "Container Linux by CoreOS", "ClearLinux"]) and (ansible_kernel is version(docker_kernel_min_version, "<"))
|
||||||
tags:
|
tags:
|
||||||
- facts
|
- facts
|
||||||
|
|
||||||
|
@ -62,7 +62,7 @@
|
||||||
retries: 4
|
retries: 4
|
||||||
delay: "{{ retry_stagger | d(3) }}"
|
delay: "{{ retry_stagger | d(3) }}"
|
||||||
with_items: "{{ docker_repo_key_info.repo_keys }}"
|
with_items: "{{ docker_repo_key_info.repo_keys }}"
|
||||||
when: not (ansible_os_family in ["CoreOS", "Container Linux by CoreOS", "RedHat", "Suse"] or is_atomic)
|
when: not (ansible_os_family in ["CoreOS", "Container Linux by CoreOS", "RedHat", "Suse", "ClearLinux"] or is_atomic)
|
||||||
|
|
||||||
- name: ensure docker-ce repository is enabled
|
- name: ensure docker-ce repository is enabled
|
||||||
action: "{{ docker_repo_info.pkg_repo }}"
|
action: "{{ docker_repo_info.pkg_repo }}"
|
||||||
|
@ -70,7 +70,7 @@
|
||||||
repo: "{{item}}"
|
repo: "{{item}}"
|
||||||
state: present
|
state: present
|
||||||
with_items: "{{ docker_repo_info.repos }}"
|
with_items: "{{ docker_repo_info.repos }}"
|
||||||
when: not (ansible_os_family in ["CoreOS", "Container Linux by CoreOS", "RedHat", "Suse"] or is_atomic) and (docker_repo_info.repos|length > 0)
|
when: not (ansible_os_family in ["CoreOS", "Container Linux by CoreOS", "RedHat", "Suse", "ClearLinux"] or is_atomic) and (docker_repo_info.repos|length > 0)
|
||||||
|
|
||||||
- name: ensure docker-engine repository public key is installed
|
- name: ensure docker-engine repository public key is installed
|
||||||
action: "{{ dockerproject_repo_key_info.pkg_key }}"
|
action: "{{ dockerproject_repo_key_info.pkg_key }}"
|
||||||
|
@ -84,7 +84,7 @@
|
||||||
delay: "{{ retry_stagger | d(3) }}"
|
delay: "{{ retry_stagger | d(3) }}"
|
||||||
with_items: "{{ dockerproject_repo_key_info.repo_keys }}"
|
with_items: "{{ dockerproject_repo_key_info.repo_keys }}"
|
||||||
when:
|
when:
|
||||||
- not (ansible_os_family in ["CoreOS", "Container Linux by CoreOS", "RedHat", "Suse"] or is_atomic)
|
- not (ansible_os_family in ["CoreOS", "Container Linux by CoreOS", "RedHat", "Suse", "ClearLinux"] or is_atomic)
|
||||||
- use_docker_engine is defined and use_docker_engine
|
- use_docker_engine is defined and use_docker_engine
|
||||||
|
|
||||||
- name: ensure docker-engine repository is enabled
|
- name: ensure docker-engine repository is enabled
|
||||||
|
@ -95,7 +95,7 @@
|
||||||
with_items: "{{ dockerproject_repo_info.repos }}"
|
with_items: "{{ dockerproject_repo_info.repos }}"
|
||||||
when:
|
when:
|
||||||
- use_docker_engine is defined and use_docker_engine
|
- use_docker_engine is defined and use_docker_engine
|
||||||
- not (ansible_os_family in ["CoreOS", "Container Linux by CoreOS", "RedHat", "Suse"] or is_atomic) and (dockerproject_repo_info.repos|length > 0)
|
- not (ansible_os_family in ["CoreOS", "Container Linux by CoreOS", "RedHat", "Suse", "ClearLinux"] or is_atomic) and (dockerproject_repo_info.repos|length > 0)
|
||||||
|
|
||||||
- name: Configure docker repository on Fedora
|
- name: Configure docker repository on Fedora
|
||||||
template:
|
template:
|
||||||
|
@ -138,9 +138,23 @@
|
||||||
delay: "{{ retry_stagger | d(3) }}"
|
delay: "{{ retry_stagger | d(3) }}"
|
||||||
with_items: "{{ docker_package_info.pkgs }}"
|
with_items: "{{ docker_package_info.pkgs }}"
|
||||||
notify: restart docker
|
notify: restart docker
|
||||||
when: not (ansible_os_family in ["CoreOS", "Container Linux by CoreOS"] or is_atomic) and (docker_package_info.pkgs|length > 0)
|
when: not (ansible_os_family in ["CoreOS", "Container Linux by CoreOS", "ClearLinux"] or is_atomic) and (docker_package_info.pkgs|length > 0)
|
||||||
ignore_errors: true
|
ignore_errors: true
|
||||||
|
|
||||||
|
- name: Ensure docker packages are installed
|
||||||
|
action: "{{ docker_package_info.pkg_mgr }}"
|
||||||
|
args:
|
||||||
|
name: "{{ item.name }}"
|
||||||
|
state: present
|
||||||
|
with_items: "{{ docker_package_info.pkgs }}"
|
||||||
|
register: docker_task_result
|
||||||
|
until: docker_task_result is succeeded
|
||||||
|
retries: 4
|
||||||
|
delay: "{{ retry_stagger | d(3) }}"
|
||||||
|
notify: restart docker
|
||||||
|
ignore_errors: true
|
||||||
|
when: ansible_os_family in ["ClearLinux"]
|
||||||
|
|
||||||
- name: get available packages on Ubuntu
|
- name: get available packages on Ubuntu
|
||||||
command: apt-cache policy docker-ce
|
command: apt-cache policy docker-ce
|
||||||
when:
|
when:
|
||||||
|
@ -162,7 +176,7 @@
|
||||||
dest: "/etc/apt/preferences.d/docker"
|
dest: "/etc/apt/preferences.d/docker"
|
||||||
owner: "root"
|
owner: "root"
|
||||||
mode: 0644
|
mode: 0644
|
||||||
when: not (ansible_os_family in ["CoreOS", "Container Linux by CoreOS", "RedHat", "Suse"] or is_atomic)
|
when: not (ansible_os_family in ["CoreOS", "Container Linux by CoreOS", "ClearLinux", "RedHat", "Suse"] or is_atomic)
|
||||||
|
|
||||||
- name: ensure service is started if docker packages are already present
|
- name: ensure service is started if docker packages are already present
|
||||||
service:
|
service:
|
||||||
|
|
5
roles/container-engine/docker/vars/clearlinux.yml
Normal file
5
roles/container-engine/docker/vars/clearlinux.yml
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
---
|
||||||
|
docker_package_info:
|
||||||
|
pkg_mgr: swupd
|
||||||
|
pkgs:
|
||||||
|
- name: "containers-basic"
|
|
@ -2,4 +2,4 @@
|
||||||
dependencies:
|
dependencies:
|
||||||
- role: adduser
|
- role: adduser
|
||||||
user: "{{ addusers.etcd }}"
|
user: "{{ addusers.etcd }}"
|
||||||
when: not (ansible_os_family in ['CoreOS', 'Container Linux by CoreOS'] or is_atomic)
|
when: not (ansible_os_family in ['CoreOS', 'Container Linux by CoreOS', "ClearLinux"] or is_atomic)
|
||||||
|
|
|
@ -10,6 +10,8 @@
|
||||||
/etc/ssl/certs/etcd-ca.pem
|
/etc/ssl/certs/etcd-ca.pem
|
||||||
{%- elif ansible_os_family == "Suse" -%}
|
{%- elif ansible_os_family == "Suse" -%}
|
||||||
/etc/pki/trust/anchors/etcd-ca.pem
|
/etc/pki/trust/anchors/etcd-ca.pem
|
||||||
|
{%- elif ansible_os_family == "ClearLinux" -%}
|
||||||
|
/usr/share/ca-certs/etcd-ca.pem
|
||||||
{%- endif %}
|
{%- endif %}
|
||||||
tags:
|
tags:
|
||||||
- facts
|
- facts
|
||||||
|
@ -28,3 +30,7 @@
|
||||||
- name: Gen_certs | update ca-certificates (RedHat)
|
- name: Gen_certs | update ca-certificates (RedHat)
|
||||||
command: update-ca-trust extract
|
command: update-ca-trust extract
|
||||||
when: etcd_ca_cert.changed and ansible_os_family == "RedHat"
|
when: etcd_ca_cert.changed and ansible_os_family == "RedHat"
|
||||||
|
|
||||||
|
- name: Gen_certs | update ca-certificates (ClearLinux)
|
||||||
|
command: clrtrust add "{{ ca_cert_path }}"
|
||||||
|
when: etcd_ca_cert.changed and ansible_os_family == "ClearLinux"
|
||||||
|
|
|
@ -59,6 +59,11 @@
|
||||||
failed_when: modinfo_br_netfilter.rc not in [0, 1]
|
failed_when: modinfo_br_netfilter.rc not in [0, 1]
|
||||||
changed_when: false
|
changed_when: false
|
||||||
|
|
||||||
|
- name: Verify br_netfilter module path exists
|
||||||
|
file:
|
||||||
|
path: /etc/modules-load.d
|
||||||
|
state: directory
|
||||||
|
|
||||||
- name: Enable br_netfilter module
|
- name: Enable br_netfilter module
|
||||||
modprobe:
|
modprobe:
|
||||||
name: br_netfilter
|
name: br_netfilter
|
||||||
|
|
|
@ -21,7 +21,7 @@
|
||||||
|
|
||||||
- name: Stop if unknown OS
|
- name: Stop if unknown OS
|
||||||
assert:
|
assert:
|
||||||
that: ansible_distribution in ['RedHat', 'CentOS', 'Fedora', 'Ubuntu', 'Debian', 'CoreOS', 'Container Linux by CoreOS', 'openSUSE Leap', 'openSUSE Tumbleweed']
|
that: ansible_os_family in ['RedHat', 'CentOS', 'Fedora', 'Ubuntu', 'Debian', 'CoreOS', 'Container Linux by CoreOS', 'openSUSE Leap', 'openSUSE Tumbleweed', 'ClearLinux']
|
||||||
ignore_errors: "{{ ignore_assert_errors }}"
|
ignore_errors: "{{ ignore_assert_errors }}"
|
||||||
|
|
||||||
- name: Stop if unknown network plugin
|
- name: Stop if unknown network plugin
|
||||||
|
|
|
@ -95,6 +95,14 @@
|
||||||
retries: 4
|
retries: 4
|
||||||
delay: "{{ retry_stagger | random + 3 }}"
|
delay: "{{ retry_stagger | random + 3 }}"
|
||||||
with_items: "{{required_pkgs | default([]) | union(common_required_pkgs|default([]))}}"
|
with_items: "{{required_pkgs | default([]) | union(common_required_pkgs|default([]))}}"
|
||||||
when: not (ansible_os_family in ["CoreOS", "Container Linux by CoreOS"] or is_atomic)
|
when: not (ansible_os_family in ["CoreOS", "Container Linux by CoreOS", "ClearLinux"] or is_atomic)
|
||||||
tags:
|
tags:
|
||||||
- bootstrap-os
|
- bootstrap-os
|
||||||
|
|
||||||
|
- name: Install ipvsadm for ClearLinux
|
||||||
|
swupd:
|
||||||
|
name: ipvsadm
|
||||||
|
state: present
|
||||||
|
when:
|
||||||
|
- ansible_os_family in ["ClearLinux"]
|
||||||
|
- kube_proxy_mode == 'ipvs'
|
||||||
|
|
|
@ -45,6 +45,11 @@
|
||||||
tags:
|
tags:
|
||||||
- bootstrap-os
|
- bootstrap-os
|
||||||
|
|
||||||
|
- name: Make sure sysctl file path folder exists
|
||||||
|
file:
|
||||||
|
name: "{{ sysctl_file_path | dirname }}"
|
||||||
|
state: directory
|
||||||
|
|
||||||
- name: Enable ip forwarding
|
- name: Enable ip forwarding
|
||||||
sysctl:
|
sysctl:
|
||||||
sysctl_file: "{{sysctl_file_path}}"
|
sysctl_file: "{{sysctl_file_path}}"
|
||||||
|
|
Loading…
Reference in a new issue