turn adduser/download roles into meta roles
This should make things a little more composable, by making these roles meta roles that perform no actions by default we allow each role to own its own resources.
This commit is contained in:
parent
094f4d02b8
commit
7de87d958e
11 changed files with 104 additions and 60 deletions
|
@ -1,8 +1,6 @@
|
||||||
---
|
---
|
||||||
- hosts: k8s-cluster
|
- hosts: k8s-cluster
|
||||||
roles:
|
roles:
|
||||||
- { role: adduser, tags: adduser }
|
|
||||||
- { role: download, tags: download }
|
|
||||||
- { role: kubernetes/preinstall, tags: preinstall }
|
- { role: kubernetes/preinstall, tags: preinstall }
|
||||||
- { role: etcd, tags: etcd }
|
- { role: etcd, tags: etcd }
|
||||||
- { role: docker, tags: docker, when: ansible_os_family != "CoreOS" }
|
- { role: docker, tags: docker, when: ansible_os_family != "CoreOS" }
|
||||||
|
|
24
roles/adduser/defaults/main.yml
Normal file
24
roles/adduser/defaults/main.yml
Normal file
|
@ -0,0 +1,24 @@
|
||||||
|
---
|
||||||
|
addusers:
|
||||||
|
etcd:
|
||||||
|
name: etcd
|
||||||
|
comment: "Etcd user"
|
||||||
|
createhome: yes
|
||||||
|
home: "/var/lib/etcd"
|
||||||
|
system: yes
|
||||||
|
shell: /bin/nologin
|
||||||
|
kube:
|
||||||
|
name: kube
|
||||||
|
comment: "Kubernetes user"
|
||||||
|
shell: /sbin/nologin
|
||||||
|
system: yes
|
||||||
|
group: "{{ kube_cert_group }}"
|
||||||
|
createhome: no
|
||||||
|
|
||||||
|
adduser:
|
||||||
|
name: "{{ user.name }}"
|
||||||
|
group: "{{ user.name|default(None) }}"
|
||||||
|
comment: "{{ user.comment|default(None) }}"
|
||||||
|
shell: "{{ user.shell|default(None) }}"
|
||||||
|
system: "{{ user.system|default(None) }}"
|
||||||
|
createhome: "{{ user.createhome|default(None) }}"
|
|
@ -1,28 +1,13 @@
|
||||||
---
|
---
|
||||||
- name: gather os specific variables
|
|
||||||
include_vars: "{{ item }}"
|
|
||||||
with_first_found:
|
|
||||||
- files:
|
|
||||||
- "{{ ansible_distribution|lower }}-{{ ansible_distribution_version|lower|replace('/', '_') }}.yml"
|
|
||||||
- "{{ ansible_distribution|lower }}-{{ ansible_distribution_release }}.yml"
|
|
||||||
- "{{ ansible_distribution|lower }}-{{ ansible_distribution_major_version|lower|replace('/', '_') }}.yml"
|
|
||||||
- "{{ ansible_distribution|lower }}.yml"
|
|
||||||
- "{{ ansible_os_family|lower }}.yml"
|
|
||||||
- defaults.yml
|
|
||||||
paths:
|
|
||||||
- ../vars
|
|
||||||
skip: true
|
|
||||||
|
|
||||||
- name: User | Create User Group
|
- name: User | Create User Group
|
||||||
group: name={{item.group|default(item.name)}} system={{item.system|default(omit)}}
|
group: name={{user.group|default(user.name)}} system={{user.system|default(omit)}}
|
||||||
with_items: "{{ addusers }}"
|
|
||||||
|
|
||||||
- name: User | Create User
|
- name: User | Create User
|
||||||
user:
|
user:
|
||||||
comment: "{{item.comment|default(omit)}}"
|
comment: "{{user.comment|default(omit)}}"
|
||||||
createhome: "{{item.create_home|default(omit)}}"
|
createhome: "{{user.create_home|default(omit)}}"
|
||||||
group: "{{item.group|default(item.name)}}"
|
group: "{{user.group|default(user.name)}}"
|
||||||
home: "{{item.home|default(omit)}}"
|
home: "{{user.home|default(omit)}}"
|
||||||
name: "{{item.name}}"
|
shell: "{{user.shell|default(omit)}}"
|
||||||
system: "{{item.system|default(omit)}}"
|
name: "{{user.name}}"
|
||||||
with_items: "{{ addusers }}"
|
system: "{{user.system|default(omit)}}"
|
||||||
|
|
|
@ -33,7 +33,7 @@ kubelet_checksum: "4adaf40592248eef6fd4fa126464915ea41e624a70dc77178089760ed235e
|
||||||
kube_apiserver_checksum: "6ac99b36b02968459e026fcfc234207c66064b5e11816b69dd8fc234b2ffec1e"
|
kube_apiserver_checksum: "6ac99b36b02968459e026fcfc234207c66064b5e11816b69dd8fc234b2ffec1e"
|
||||||
|
|
||||||
downloads:
|
downloads:
|
||||||
- name: calico
|
calico:
|
||||||
dest: calico/bin/calicoctl
|
dest: calico/bin/calicoctl
|
||||||
version: "{{calico_version}}"
|
version: "{{calico_version}}"
|
||||||
sha256: "{{ calico_checksum }}"
|
sha256: "{{ calico_checksum }}"
|
||||||
|
@ -41,8 +41,7 @@ downloads:
|
||||||
url: "{{ calico_download_url }}"
|
url: "{{ calico_download_url }}"
|
||||||
owner: "root"
|
owner: "root"
|
||||||
mode: "0755"
|
mode: "0755"
|
||||||
|
calico_cni_plugin:
|
||||||
- name: calico-cni-plugin
|
|
||||||
dest: calico/bin/calico
|
dest: calico/bin/calico
|
||||||
version: "{{calico_cni_version}}"
|
version: "{{calico_cni_version}}"
|
||||||
sha256: "{{ calico_cni_checksum }}"
|
sha256: "{{ calico_cni_checksum }}"
|
||||||
|
@ -50,8 +49,7 @@ downloads:
|
||||||
url: "{{ calico_cni_download_url }}"
|
url: "{{ calico_cni_download_url }}"
|
||||||
owner: "root"
|
owner: "root"
|
||||||
mode: "0755"
|
mode: "0755"
|
||||||
|
calico_cni_plugin_ipam:
|
||||||
- name: calico-cni-plugin-ipam
|
|
||||||
dest: calico/bin/calico-ipam
|
dest: calico/bin/calico-ipam
|
||||||
version: "{{calico_cni_version}}"
|
version: "{{calico_cni_version}}"
|
||||||
sha256: "{{ calico_cni_ipam_checksum }}"
|
sha256: "{{ calico_cni_ipam_checksum }}"
|
||||||
|
@ -59,8 +57,7 @@ downloads:
|
||||||
url: "{{ calico_cni_ipam_download_url }}"
|
url: "{{ calico_cni_ipam_download_url }}"
|
||||||
owner: "root"
|
owner: "root"
|
||||||
mode: "0755"
|
mode: "0755"
|
||||||
|
weave:
|
||||||
- name: weave
|
|
||||||
dest: weave/bin/weave
|
dest: weave/bin/weave
|
||||||
version: "{{weave_version}}"
|
version: "{{weave_version}}"
|
||||||
source_url: "{{weave_download_url}}"
|
source_url: "{{weave_download_url}}"
|
||||||
|
@ -68,8 +65,7 @@ downloads:
|
||||||
sha256: "{{ weave_checksum }}"
|
sha256: "{{ weave_checksum }}"
|
||||||
owner: "root"
|
owner: "root"
|
||||||
mode: "0755"
|
mode: "0755"
|
||||||
|
etcd:
|
||||||
- name: etcd
|
|
||||||
version: "{{etcd_version}}"
|
version: "{{etcd_version}}"
|
||||||
dest: "etcd/etcd-{{ etcd_version }}-linux-amd64.tar.gz"
|
dest: "etcd/etcd-{{ etcd_version }}-linux-amd64.tar.gz"
|
||||||
sha256: "{{ etcd_checksum }}"
|
sha256: "{{ etcd_checksum }}"
|
||||||
|
@ -78,8 +74,7 @@ downloads:
|
||||||
unarchive: true
|
unarchive: true
|
||||||
owner: "etcd"
|
owner: "etcd"
|
||||||
mode: "0755"
|
mode: "0755"
|
||||||
|
kubernetes_kubelet:
|
||||||
- name: kubernetes-kubelet
|
|
||||||
version: "{{kube_version}}"
|
version: "{{kube_version}}"
|
||||||
dest: kubernetes/bin/kubelet
|
dest: kubernetes/bin/kubelet
|
||||||
sha256: "{{kubelet_checksum}}"
|
sha256: "{{kubelet_checksum}}"
|
||||||
|
@ -87,8 +82,7 @@ downloads:
|
||||||
url: "{{ kubelet_download_url }}"
|
url: "{{ kubelet_download_url }}"
|
||||||
owner: "kube"
|
owner: "kube"
|
||||||
mode: "0755"
|
mode: "0755"
|
||||||
|
kubernetes_kubectl:
|
||||||
- name: kubernetes-kubectl
|
|
||||||
dest: kubernetes/bin/kubectl
|
dest: kubernetes/bin/kubectl
|
||||||
version: "{{kube_version}}"
|
version: "{{kube_version}}"
|
||||||
sha256: "{{kubectl_checksum}}"
|
sha256: "{{kubectl_checksum}}"
|
||||||
|
@ -96,8 +90,7 @@ downloads:
|
||||||
url: "{{ kubectl_download_url }}"
|
url: "{{ kubectl_download_url }}"
|
||||||
owner: "kube"
|
owner: "kube"
|
||||||
mode: "0755"
|
mode: "0755"
|
||||||
|
kubernetes_apiserver:
|
||||||
- name: kubernetes-apiserver
|
|
||||||
dest: kubernetes/bin/kube-apiserver
|
dest: kubernetes/bin/kube-apiserver
|
||||||
version: "{{kube_version}}"
|
version: "{{kube_version}}"
|
||||||
sha256: "{{kube_apiserver_checksum}}"
|
sha256: "{{kube_apiserver_checksum}}"
|
||||||
|
@ -105,3 +98,14 @@ downloads:
|
||||||
url: "{{ apiserver_download_url }}"
|
url: "{{ apiserver_download_url }}"
|
||||||
owner: "kube"
|
owner: "kube"
|
||||||
mode: "0755"
|
mode: "0755"
|
||||||
|
|
||||||
|
download:
|
||||||
|
enabled: "{{ file.enabled|default('true') }}"
|
||||||
|
dest: "{{ file.dest|default(None) }}"
|
||||||
|
version: "{{ file.version|default(None) }}"
|
||||||
|
sha256: "{{ file.sha256|default(None) }}"
|
||||||
|
source_url: "{{ file.source_url|default(None) }}"
|
||||||
|
url: "{{ file.url|default(None) }}"
|
||||||
|
unarchive: "{{ file.unarchive|default('false') }}"
|
||||||
|
owner: "{{ file.owner|default('kube') }}"
|
||||||
|
mode: "{{ file.mode|default(None) }}"
|
||||||
|
|
|
@ -1,36 +1,39 @@
|
||||||
---
|
---
|
||||||
|
- name: downloading...
|
||||||
|
debug:
|
||||||
|
msg: "{{ download.url }}"
|
||||||
|
when: "{{ download.enabled|bool }}"
|
||||||
|
|
||||||
- name: Create dest directories
|
- name: Create dest directories
|
||||||
file: path={{local_release_dir}}/{{item.dest|dirname}} state=directory recurse=yes
|
file: path={{local_release_dir}}/{{download.dest|dirname}} state=directory recurse=yes
|
||||||
with_items: "{{ downloads }}"
|
when: "{{ download.enabled|bool }}"
|
||||||
run_once: "{{ download_run_once|bool }}"
|
run_once: "{{ download_run_once|bool }}"
|
||||||
|
|
||||||
- name: Download items
|
- name: Download items
|
||||||
get_url:
|
get_url:
|
||||||
url: "{{item.url}}"
|
url: "{{download.url}}"
|
||||||
dest: "{{local_release_dir}}/{{item.dest}}"
|
dest: "{{local_release_dir}}/{{download.dest}}"
|
||||||
sha256sum: "{{item.sha256 | default(omit)}}"
|
sha256sum: "{{download.sha256 | default(omit)}}"
|
||||||
owner: "{{ item.owner|default(omit) }}"
|
owner: "{{ download.owner|default(omit) }}"
|
||||||
mode: "{{ item.mode|default(omit) }}"
|
mode: "{{ download.mode|default(omit) }}"
|
||||||
with_items: "{{ downloads }}"
|
when: "{{ download.enabled|bool }}"
|
||||||
run_once: "{{ download_run_once|bool }}"
|
run_once: "{{ download_run_once|bool }}"
|
||||||
|
|
||||||
- name: Extract archives
|
- name: Extract archives
|
||||||
unarchive:
|
unarchive:
|
||||||
src: "{{ local_release_dir }}/{{item.dest}}"
|
src: "{{ local_release_dir }}/{{download.dest}}"
|
||||||
dest: "{{ local_release_dir }}/{{item.dest|dirname}}"
|
dest: "{{ local_release_dir }}/{{download.dest|dirname}}"
|
||||||
owner: "{{ item.owner|default(omit) }}"
|
owner: "{{ download.owner|default(omit) }}"
|
||||||
mode: "{{ item.mode|default(omit) }}"
|
mode: "{{ download.mode|default(omit) }}"
|
||||||
copy: no
|
copy: no
|
||||||
when: "{{item.unarchive is defined and item.unarchive == True}}"
|
when: "{{ download.enabled|bool }} and ({{download.unarchive is defined and download.unarchive == True}})"
|
||||||
with_items: "{{ downloads }}"
|
|
||||||
run_once: "{{ download_run_once|bool }}"
|
run_once: "{{ download_run_once|bool }}"
|
||||||
|
|
||||||
- name: Fix permissions
|
- name: Fix permissions
|
||||||
file:
|
file:
|
||||||
state: file
|
state: file
|
||||||
path: "{{local_release_dir}}/{{item.dest}}"
|
path: "{{local_release_dir}}/{{download.dest}}"
|
||||||
owner: "{{ item.owner|default(omit) }}"
|
owner: "{{ download.owner|default(omit) }}"
|
||||||
mode: "{{ item.mode|default(omit) }}"
|
mode: "{{ download.mode|default(omit) }}"
|
||||||
when: "{{item.unarchive is not defined or item.unarchive == False}}"
|
when: "{{ download.enabled|bool }} and ({{download.unarchive is not defined or download.unarchive == False}})"
|
||||||
with_items: "{{ downloads }}"
|
|
||||||
run_once: "{{ download_run_once|bool }}"
|
run_once: "{{ download_run_once|bool }}"
|
||||||
|
|
7
roles/etcd/meta/main.yml
Normal file
7
roles/etcd/meta/main.yml
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
---
|
||||||
|
dependencies:
|
||||||
|
- role: adduser
|
||||||
|
user: "{{ addusers.etcd }}"
|
||||||
|
when: ansible_os_family != 'CoreOS'
|
||||||
|
- role: download
|
||||||
|
file: "{{ downloads.etcd }}"
|
|
@ -1,4 +1,8 @@
|
||||||
---
|
---
|
||||||
dependencies:
|
dependencies:
|
||||||
|
- role: download
|
||||||
|
file: "{{ downloads.kubernetes_kubectl }}"
|
||||||
|
- role: download
|
||||||
|
file: "{{ downloads.kubernetes_apiserver }}"
|
||||||
- { role: etcd }
|
- { role: etcd }
|
||||||
- { role: kubernetes/node }
|
- { role: kubernetes/node }
|
||||||
|
|
|
@ -1,3 +1,5 @@
|
||||||
---
|
---
|
||||||
dependencies:
|
dependencies:
|
||||||
- role: kubernetes/secrets
|
- role: download
|
||||||
|
file: "{{ downloads.kubernetes_kubelet }}"
|
||||||
|
- role: kubernetes/secrets
|
||||||
|
|
5
roles/kubernetes/preinstall/meta/main.yml
Normal file
5
roles/kubernetes/preinstall/meta/main.yml
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
---
|
||||||
|
dependencies:
|
||||||
|
- role: adduser
|
||||||
|
user: "{{ addusers.kube }}"
|
||||||
|
when: ansible_os_family != 'CoreOS'
|
8
roles/network_plugin/calico/meta/main.yml
Normal file
8
roles/network_plugin/calico/meta/main.yml
Normal file
|
@ -0,0 +1,8 @@
|
||||||
|
---
|
||||||
|
dependencies:
|
||||||
|
- role: download
|
||||||
|
file: "{{ downloads.calico }}"
|
||||||
|
- role: download
|
||||||
|
file: "{{ downloads.calico_cni_plugin }}"
|
||||||
|
- role: download
|
||||||
|
file: "{{ downloads.calico_cni_plugin_ipam }}"
|
4
roles/network_plugin/weave/meta/main.yml
Normal file
4
roles/network_plugin/weave/meta/main.yml
Normal file
|
@ -0,0 +1,4 @@
|
||||||
|
---
|
||||||
|
dependencies:
|
||||||
|
- role: download
|
||||||
|
file: "{{ downloads.weave }}"
|
Loading…
Reference in a new issue