fix ansible password authentication (#6907)
* copying ssh key no longer required, works with password auth * use copy module instead of synchronize (which requires sshpass) * less tasks and always changed tasks
This commit is contained in:
parent
cc5303e1c8
commit
80eb1ad936
6 changed files with 18 additions and 66 deletions
|
@ -148,7 +148,6 @@ Note: The list of validated [docker versions](https://kubernetes.io/docs/setup/p
|
||||||
- **Ansible v2.9+, Jinja 2.11+ and python-netaddr is installed on the machine that will run Ansible commands**
|
- **Ansible v2.9+, Jinja 2.11+ and python-netaddr is installed on the machine that will run Ansible commands**
|
||||||
- The target servers must have **access to the Internet** in order to pull docker images. Otherwise, additional configuration is required (See [Offline Environment](docs/offline-environment.md))
|
- The target servers must have **access to the Internet** in order to pull docker images. Otherwise, additional configuration is required (See [Offline Environment](docs/offline-environment.md))
|
||||||
- The target servers are configured to allow **IPv4 forwarding**.
|
- The target servers are configured to allow **IPv4 forwarding**.
|
||||||
- **Your ssh key must be copied** to all the servers part of your inventory.
|
|
||||||
- The **firewalls are not managed**, you'll need to implement your own rules the way you used to.
|
- The **firewalls are not managed**, you'll need to implement your own rules the way you used to.
|
||||||
in order to avoid any issue during deployment you should disable your firewall.
|
in order to avoid any issue during deployment you should disable your firewall.
|
||||||
- If kubespray is ran from non-root user account, correct privilege escalation method
|
- If kubespray is ran from non-root user account, correct privilege escalation method
|
||||||
|
|
|
@ -12,14 +12,11 @@
|
||||||
mode: 0644
|
mode: 0644
|
||||||
|
|
||||||
- name: Copy crictl binary from download dir
|
- name: Copy crictl binary from download dir
|
||||||
synchronize:
|
copy:
|
||||||
src: "{{ local_release_dir }}/crictl"
|
src: "{{ local_release_dir }}/crictl"
|
||||||
dest: "{{ bin_dir }}/crictl"
|
dest: "{{ bin_dir }}/crictl"
|
||||||
compress: no
|
mode: 0755
|
||||||
perms: yes
|
remote_src: true
|
||||||
owner: no
|
|
||||||
group: no
|
|
||||||
delegate_to: "{{ inventory_hostname }}"
|
|
||||||
|
|
||||||
- name: Get crictl completion
|
- name: Get crictl completion
|
||||||
command: "{{ bin_dir }}/crictl completion"
|
command: "{{ bin_dir }}/crictl completion"
|
||||||
|
|
|
@ -12,14 +12,11 @@
|
||||||
mode: 0644
|
mode: 0644
|
||||||
|
|
||||||
- name: Copy crictl binary from download dir
|
- name: Copy crictl binary from download dir
|
||||||
synchronize:
|
copy:
|
||||||
src: "{{ local_release_dir }}/crictl"
|
src: "{{ local_release_dir }}/crictl"
|
||||||
dest: "{{ bin_dir }}/crictl"
|
dest: "{{ bin_dir }}/crictl"
|
||||||
compress: no
|
mode: 0755
|
||||||
perms: yes
|
remote_src: true
|
||||||
owner: no
|
|
||||||
group: no
|
|
||||||
delegate_to: "{{ inventory_hostname }}"
|
|
||||||
|
|
||||||
- name: Get crictl completion
|
- name: Get crictl completion
|
||||||
command: "{{ bin_dir }}/crictl completion"
|
command: "{{ bin_dir }}/crictl completion"
|
||||||
|
|
|
@ -22,14 +22,11 @@
|
||||||
- not skip_kubeadm_images|default(false)
|
- not skip_kubeadm_images|default(false)
|
||||||
|
|
||||||
- name: prep_kubeadm_images | Copy kubeadm binary from download dir to system path
|
- name: prep_kubeadm_images | Copy kubeadm binary from download dir to system path
|
||||||
synchronize:
|
copy:
|
||||||
src: "{{ local_release_dir }}/kubeadm-{{ kubeadm_version }}-{{ image_arch }}"
|
src: "{{ local_release_dir }}/kubeadm-{{ kubeadm_version }}-{{ image_arch }}"
|
||||||
dest: "{{ bin_dir }}/kubeadm"
|
dest: "{{ bin_dir }}/kubeadm"
|
||||||
compress: no
|
mode: 0755
|
||||||
perms: yes
|
remote_src: true
|
||||||
owner: no
|
|
||||||
group: no
|
|
||||||
delegate_to: "{{ inventory_hostname }}"
|
|
||||||
|
|
||||||
- name: prep_kubeadm_images | Set kubeadm binary permissions
|
- name: prep_kubeadm_images | Set kubeadm binary permissions
|
||||||
file:
|
file:
|
||||||
|
|
|
@ -20,24 +20,11 @@
|
||||||
- kube_encrypt_secret_data
|
- kube_encrypt_secret_data
|
||||||
|
|
||||||
- name: Install | Copy kubectl binary from download dir
|
- name: Install | Copy kubectl binary from download dir
|
||||||
synchronize:
|
copy:
|
||||||
src: "{{ local_release_dir }}/kubectl-{{ kube_version }}-{{ image_arch }}"
|
src: "{{ local_release_dir }}/kubectl-{{ kube_version }}-{{ image_arch }}"
|
||||||
dest: "{{ bin_dir }}/kubectl"
|
dest: "{{ bin_dir }}/kubectl"
|
||||||
compress: no
|
mode: 0755
|
||||||
perms: yes
|
remote_src: true
|
||||||
owner: no
|
|
||||||
group: no
|
|
||||||
changed_when: false
|
|
||||||
delegate_to: "{{ inventory_hostname }}"
|
|
||||||
tags:
|
|
||||||
- kubectl
|
|
||||||
- upgrade
|
|
||||||
|
|
||||||
- name: install | Set kubectl binary permissions
|
|
||||||
file:
|
|
||||||
path: "{{ bin_dir }}/kubectl"
|
|
||||||
mode: "0755"
|
|
||||||
state: file
|
|
||||||
tags:
|
tags:
|
||||||
- kubectl
|
- kubectl
|
||||||
- upgrade
|
- upgrade
|
||||||
|
|
|
@ -1,51 +1,26 @@
|
||||||
---
|
---
|
||||||
- name: install | Copy kubeadm binary from download dir
|
- name: install | Copy kubeadm binary from download dir
|
||||||
synchronize:
|
copy:
|
||||||
src: "{{ local_release_dir }}/kubeadm-{{ kubeadm_version }}-{{ image_arch }}"
|
src: "{{ local_release_dir }}/kubeadm-{{ kubeadm_version }}-{{ image_arch }}"
|
||||||
dest: "{{ bin_dir }}/kubeadm"
|
dest: "{{ bin_dir }}/kubeadm"
|
||||||
compress: no
|
mode: 0755
|
||||||
perms: yes
|
remote_src: true
|
||||||
owner: no
|
|
||||||
group: no
|
|
||||||
delegate_to: "{{ inventory_hostname }}"
|
|
||||||
tags:
|
|
||||||
- kubeadm
|
|
||||||
when:
|
|
||||||
- not inventory_hostname in groups['kube-master']
|
|
||||||
|
|
||||||
- name: install | Set kubeadm binary permissions
|
|
||||||
file:
|
|
||||||
path: "{{ bin_dir }}/kubeadm"
|
|
||||||
mode: "0755"
|
|
||||||
state: file
|
|
||||||
tags:
|
tags:
|
||||||
- kubeadm
|
- kubeadm
|
||||||
when:
|
when:
|
||||||
- not inventory_hostname in groups['kube-master']
|
- not inventory_hostname in groups['kube-master']
|
||||||
|
|
||||||
- name: install | Copy kubelet binary from download dir
|
- name: install | Copy kubelet binary from download dir
|
||||||
synchronize:
|
copy:
|
||||||
src: "{{ local_release_dir }}/kubelet-{{ kube_version }}-{{ image_arch }}"
|
src: "{{ local_release_dir }}/kubelet-{{ kube_version }}-{{ image_arch }}"
|
||||||
dest: "{{ bin_dir }}/kubelet"
|
dest: "{{ bin_dir }}/kubelet"
|
||||||
compress: no
|
mode: 0755
|
||||||
perms: yes
|
remote_src: true
|
||||||
owner: no
|
|
||||||
group: no
|
|
||||||
delegate_to: "{{ inventory_hostname }}"
|
|
||||||
tags:
|
tags:
|
||||||
- kubelet
|
- kubelet
|
||||||
- upgrade
|
- upgrade
|
||||||
notify: Node | restart kubelet
|
notify: Node | restart kubelet
|
||||||
|
|
||||||
- name: install | Set kubelet binary permissions
|
|
||||||
file:
|
|
||||||
path: "{{ bin_dir }}/kubelet"
|
|
||||||
mode: "0755"
|
|
||||||
state: file
|
|
||||||
tags:
|
|
||||||
- kubelet
|
|
||||||
- upgrade
|
|
||||||
|
|
||||||
- name: install | Copy socat wrapper for Container Linux
|
- name: install | Copy socat wrapper for Container Linux
|
||||||
command: "{{ docker_bin_dir }}/docker run --rm -v {{ bin_dir }}:/opt/bin {{ install_socat_image_repo }}:{{ install_socat_image_tag }}"
|
command: "{{ docker_bin_dir }}/docker run --rm -v {{ bin_dir }}:/opt/bin {{ install_socat_image_repo }}:{{ install_socat_image_tag }}"
|
||||||
args:
|
args:
|
||||||
|
|
Loading…
Reference in a new issue