Enable ClearLinux as a distro in kubespray (#3855)

Signed-off-by: Ganesh Maharaj Mahalingam <ganesh.mahalingam@intel.com>
This commit is contained in:
Ganesh Maharaj Mahalingam 2018-12-18 01:39:25 -08:00 committed by Kubernetes Prow Robot
parent 30a9149b52
commit 73aee004ac
13 changed files with 95 additions and 12 deletions

View file

@ -0,0 +1,14 @@
---
- name: Install basic packages to run containers
package:
name: "{{ item }}"
state: present
with_items:
- containers-basic
- name: Make sure docker service is enabled
systemd:
name: docker
enabled: yes
daemon_reload: yes
state: started

View file

@ -20,6 +20,8 @@
centos centos
{%- elif 'OpenSUSE' in os_release.stdout -%} {%- elif 'OpenSUSE' in os_release.stdout -%}
opensuse opensuse
{%- elif 'Clear Linux OS' in os_release.stdout -%}
clearlinux
{%- endif -%} {%- endif -%}
- include_tasks: bootstrap-ubuntu.yml - include_tasks: bootstrap-ubuntu.yml
@ -40,6 +42,9 @@
- include_tasks: bootstrap-opensuse.yml - include_tasks: bootstrap-opensuse.yml
when: os_family == "opensuse" when: os_family == "opensuse"
- include_tasks: bootstrap-clearlinux.yml
when: os_family == "clearlinux"
- import_tasks: setup-pipelining.yml - import_tasks: setup-pipelining.yml
- name: Create remote_tmp for it is used by another module - name: Create remote_tmp for it is used by another module
@ -58,14 +63,14 @@
name: "{{inventory_hostname}}" name: "{{inventory_hostname}}"
when: when:
- override_system_hostname - override_system_hostname
- ansible_os_family not in ['Suse', 'CoreOS', 'Container Linux by CoreOS'] - ansible_os_family not in ['Suse', 'CoreOS', 'Container Linux by CoreOS', 'ClearLinux']
- name: Assign inventory name to unconfigured hostnames (CoreOS and Tumbleweed only) - name: Assign inventory name to unconfigured hostnames (CoreOS and Tumbleweed only)
command: "hostnamectl set-hostname {{inventory_hostname}}" command: "hostnamectl set-hostname {{inventory_hostname}}"
register: hostname_changed register: hostname_changed
when: when:
- override_system_hostname - override_system_hostname
- ansible_os_family in ['Suse', 'CoreOS', 'Container Linux by CoreOS'] - ansible_os_family in ['Suse', 'CoreOS', 'Container Linux by CoreOS', 'ClearLinux']
- name: Update hostname fact (CoreOS and Tumbleweed only) - name: Update hostname fact (CoreOS and Tumbleweed only)
setup: setup:

View file

@ -24,6 +24,14 @@
gpgcheck: no gpgcheck: no
when: ansible_distribution in ["CentOS","RedHat"] and not is_atomic when: ansible_distribution in ["CentOS","RedHat"] and not is_atomic
- name: Make sure needed folders exist in the system
with_items:
- /etc/crio
- /etc/containers
file:
path: "{{ item }}"
state: directory
- name: Install cri-o packages - name: Install cri-o packages
package: package:
name: "{{ item }}" name: "{{ item }}"

View file

@ -107,7 +107,11 @@ selinux = {{ (preinstall_selinux_state == 'enforcing')|lower }}
# seccomp_profile is the seccomp json profile path which is used as the # seccomp_profile is the seccomp json profile path which is used as the
# default for the runtime. # default for the runtime.
{% if ansible_os_family == "ClearLinux" %}
seccomp_profile = "/usr/share/defaults/crio/seccomp.json"
{% else %}
seccomp_profile = "/etc/crio/seccomp.json" seccomp_profile = "/etc/crio/seccomp.json"
{% endif %}
# apparmor_profile is the apparmor profile name which is used as the # apparmor_profile is the apparmor profile name which is used as the
# default for the runtime. # default for the runtime.
@ -199,7 +203,11 @@ pause_command = "/pause"
# use when deciding whether or not to trust an image that we've pulled. # use when deciding whether or not to trust an image that we've pulled.
# Outside of testing situations, it is strongly advised that this be left # Outside of testing situations, it is strongly advised that this be left
# unspecified so that the default system-wide policy will be used. # unspecified so that the default system-wide policy will be used.
{% if ansible_os_family == "ClearLinux" %}
signature_policy = "/usr/share/defaults/crio/policy.json"
{% else %}
signature_policy = "" signature_policy = ""
{% endif %}
# image_volumes controls how image volumes are handled. # image_volumes controls how image volumes are handled.
# The valid values are mkdir and ignore. # The valid values are mkdir and ignore.

View file

@ -0,0 +1,5 @@
---
crio_packages:
- containers-basic
crio_service: crio

View file

@ -45,7 +45,7 @@
docker requires a minimum kernel version of docker requires a minimum kernel version of
{{ docker_kernel_min_version }} on {{ docker_kernel_min_version }} on
{{ ansible_distribution }}-{{ ansible_distribution_version }} {{ ansible_distribution }}-{{ ansible_distribution_version }}
when: (not ansible_os_family in ["CoreOS", "Container Linux by CoreOS"]) and (ansible_kernel is version(docker_kernel_min_version, "<")) when: (not ansible_os_family in ["CoreOS", "Container Linux by CoreOS", "ClearLinux"]) and (ansible_kernel is version(docker_kernel_min_version, "<"))
tags: tags:
- facts - facts
@ -62,7 +62,7 @@
retries: 4 retries: 4
delay: "{{ retry_stagger | d(3) }}" delay: "{{ retry_stagger | d(3) }}"
with_items: "{{ docker_repo_key_info.repo_keys }}" with_items: "{{ docker_repo_key_info.repo_keys }}"
when: not (ansible_os_family in ["CoreOS", "Container Linux by CoreOS", "RedHat", "Suse"] or is_atomic) when: not (ansible_os_family in ["CoreOS", "Container Linux by CoreOS", "RedHat", "Suse", "ClearLinux"] or is_atomic)
- name: ensure docker-ce repository is enabled - name: ensure docker-ce repository is enabled
action: "{{ docker_repo_info.pkg_repo }}" action: "{{ docker_repo_info.pkg_repo }}"
@ -70,7 +70,7 @@
repo: "{{item}}" repo: "{{item}}"
state: present state: present
with_items: "{{ docker_repo_info.repos }}" with_items: "{{ docker_repo_info.repos }}"
when: not (ansible_os_family in ["CoreOS", "Container Linux by CoreOS", "RedHat", "Suse"] or is_atomic) and (docker_repo_info.repos|length > 0) when: not (ansible_os_family in ["CoreOS", "Container Linux by CoreOS", "RedHat", "Suse", "ClearLinux"] or is_atomic) and (docker_repo_info.repos|length > 0)
- name: ensure docker-engine repository public key is installed - name: ensure docker-engine repository public key is installed
action: "{{ dockerproject_repo_key_info.pkg_key }}" action: "{{ dockerproject_repo_key_info.pkg_key }}"
@ -84,7 +84,7 @@
delay: "{{ retry_stagger | d(3) }}" delay: "{{ retry_stagger | d(3) }}"
with_items: "{{ dockerproject_repo_key_info.repo_keys }}" with_items: "{{ dockerproject_repo_key_info.repo_keys }}"
when: when:
- not (ansible_os_family in ["CoreOS", "Container Linux by CoreOS", "RedHat", "Suse"] or is_atomic) - not (ansible_os_family in ["CoreOS", "Container Linux by CoreOS", "RedHat", "Suse", "ClearLinux"] or is_atomic)
- use_docker_engine is defined and use_docker_engine - use_docker_engine is defined and use_docker_engine
- name: ensure docker-engine repository is enabled - name: ensure docker-engine repository is enabled
@ -95,7 +95,7 @@
with_items: "{{ dockerproject_repo_info.repos }}" with_items: "{{ dockerproject_repo_info.repos }}"
when: when:
- use_docker_engine is defined and use_docker_engine - use_docker_engine is defined and use_docker_engine
- not (ansible_os_family in ["CoreOS", "Container Linux by CoreOS", "RedHat", "Suse"] or is_atomic) and (dockerproject_repo_info.repos|length > 0) - not (ansible_os_family in ["CoreOS", "Container Linux by CoreOS", "RedHat", "Suse", "ClearLinux"] or is_atomic) and (dockerproject_repo_info.repos|length > 0)
- name: Configure docker repository on Fedora - name: Configure docker repository on Fedora
template: template:
@ -138,9 +138,23 @@
delay: "{{ retry_stagger | d(3) }}" delay: "{{ retry_stagger | d(3) }}"
with_items: "{{ docker_package_info.pkgs }}" with_items: "{{ docker_package_info.pkgs }}"
notify: restart docker notify: restart docker
when: not (ansible_os_family in ["CoreOS", "Container Linux by CoreOS"] or is_atomic) and (docker_package_info.pkgs|length > 0) when: not (ansible_os_family in ["CoreOS", "Container Linux by CoreOS", "ClearLinux"] or is_atomic) and (docker_package_info.pkgs|length > 0)
ignore_errors: true ignore_errors: true
- name: Ensure docker packages are installed
action: "{{ docker_package_info.pkg_mgr }}"
args:
name: "{{ item.name }}"
state: present
with_items: "{{ docker_package_info.pkgs }}"
register: docker_task_result
until: docker_task_result is succeeded
retries: 4
delay: "{{ retry_stagger | d(3) }}"
notify: restart docker
ignore_errors: true
when: ansible_os_family in ["ClearLinux"]
- name: get available packages on Ubuntu - name: get available packages on Ubuntu
command: apt-cache policy docker-ce command: apt-cache policy docker-ce
when: when:
@ -162,7 +176,7 @@
dest: "/etc/apt/preferences.d/docker" dest: "/etc/apt/preferences.d/docker"
owner: "root" owner: "root"
mode: 0644 mode: 0644
when: not (ansible_os_family in ["CoreOS", "Container Linux by CoreOS", "RedHat", "Suse"] or is_atomic) when: not (ansible_os_family in ["CoreOS", "Container Linux by CoreOS", "ClearLinux", "RedHat", "Suse"] or is_atomic)
- name: ensure service is started if docker packages are already present - name: ensure service is started if docker packages are already present
service: service:

View file

@ -0,0 +1,5 @@
---
docker_package_info:
pkg_mgr: swupd
pkgs:
- name: "containers-basic"

View file

@ -2,4 +2,4 @@
dependencies: dependencies:
- role: adduser - role: adduser
user: "{{ addusers.etcd }}" user: "{{ addusers.etcd }}"
when: not (ansible_os_family in ['CoreOS', 'Container Linux by CoreOS'] or is_atomic) when: not (ansible_os_family in ['CoreOS', 'Container Linux by CoreOS', "ClearLinux"] or is_atomic)

View file

@ -10,6 +10,8 @@
/etc/ssl/certs/etcd-ca.pem /etc/ssl/certs/etcd-ca.pem
{%- elif ansible_os_family == "Suse" -%} {%- elif ansible_os_family == "Suse" -%}
/etc/pki/trust/anchors/etcd-ca.pem /etc/pki/trust/anchors/etcd-ca.pem
{%- elif ansible_os_family == "ClearLinux" -%}
/usr/share/ca-certs/etcd-ca.pem
{%- endif %} {%- endif %}
tags: tags:
- facts - facts
@ -28,3 +30,7 @@
- name: Gen_certs | update ca-certificates (RedHat) - name: Gen_certs | update ca-certificates (RedHat)
command: update-ca-trust extract command: update-ca-trust extract
when: etcd_ca_cert.changed and ansible_os_family == "RedHat" when: etcd_ca_cert.changed and ansible_os_family == "RedHat"
- name: Gen_certs | update ca-certificates (ClearLinux)
command: clrtrust add "{{ ca_cert_path }}"
when: etcd_ca_cert.changed and ansible_os_family == "ClearLinux"

View file

@ -59,6 +59,11 @@
failed_when: modinfo_br_netfilter.rc not in [0, 1] failed_when: modinfo_br_netfilter.rc not in [0, 1]
changed_when: false changed_when: false
- name: Verify br_netfilter module path exists
file:
path: /etc/modules-load.d
state: directory
- name: Enable br_netfilter module - name: Enable br_netfilter module
modprobe: modprobe:
name: br_netfilter name: br_netfilter

View file

@ -21,7 +21,7 @@
- name: Stop if unknown OS - name: Stop if unknown OS
assert: assert:
that: ansible_distribution in ['RedHat', 'CentOS', 'Fedora', 'Ubuntu', 'Debian', 'CoreOS', 'Container Linux by CoreOS', 'openSUSE Leap', 'openSUSE Tumbleweed'] that: ansible_os_family in ['RedHat', 'CentOS', 'Fedora', 'Ubuntu', 'Debian', 'CoreOS', 'Container Linux by CoreOS', 'openSUSE Leap', 'openSUSE Tumbleweed', 'ClearLinux']
ignore_errors: "{{ ignore_assert_errors }}" ignore_errors: "{{ ignore_assert_errors }}"
- name: Stop if unknown network plugin - name: Stop if unknown network plugin

View file

@ -95,6 +95,14 @@
retries: 4 retries: 4
delay: "{{ retry_stagger | random + 3 }}" delay: "{{ retry_stagger | random + 3 }}"
with_items: "{{required_pkgs | default([]) | union(common_required_pkgs|default([]))}}" with_items: "{{required_pkgs | default([]) | union(common_required_pkgs|default([]))}}"
when: not (ansible_os_family in ["CoreOS", "Container Linux by CoreOS"] or is_atomic) when: not (ansible_os_family in ["CoreOS", "Container Linux by CoreOS", "ClearLinux"] or is_atomic)
tags: tags:
- bootstrap-os - bootstrap-os
- name: Install ipvsadm for ClearLinux
swupd:
name: ipvsadm
state: present
when:
- ansible_os_family in ["ClearLinux"]
- kube_proxy_mode == 'ipvs'

View file

@ -45,6 +45,11 @@
tags: tags:
- bootstrap-os - bootstrap-os
- name: Make sure sysctl file path folder exists
file:
name: "{{ sysctl_file_path | dirname }}"
state: directory
- name: Enable ip forwarding - name: Enable ip forwarding
sysctl: sysctl:
sysctl_file: "{{sysctl_file_path}}" sysctl_file: "{{sysctl_file_path}}"