fix ansible password authentication (#6907)

* copying ssh key no longer required, works with password auth
* use copy module instead of synchronize (which requires sshpass)
* less tasks and always changed tasks
This commit is contained in:
Hans Feldt 2020-12-01 00:12:50 +01:00 committed by GitHub
parent cc5303e1c8
commit 80eb1ad936
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
6 changed files with 18 additions and 66 deletions

View file

@ -148,7 +148,6 @@ Note: The list of validated [docker versions](https://kubernetes.io/docs/setup/p
- **Ansible v2.9+, Jinja 2.11+ and python-netaddr is installed on the machine that will run Ansible commands** - **Ansible v2.9+, Jinja 2.11+ and python-netaddr is installed on the machine that will run Ansible commands**
- The target servers must have **access to the Internet** in order to pull docker images. Otherwise, additional configuration is required (See [Offline Environment](docs/offline-environment.md)) - The target servers must have **access to the Internet** in order to pull docker images. Otherwise, additional configuration is required (See [Offline Environment](docs/offline-environment.md))
- The target servers are configured to allow **IPv4 forwarding**. - The target servers are configured to allow **IPv4 forwarding**.
- **Your ssh key must be copied** to all the servers part of your inventory.
- The **firewalls are not managed**, you'll need to implement your own rules the way you used to. - The **firewalls are not managed**, you'll need to implement your own rules the way you used to.
in order to avoid any issue during deployment you should disable your firewall. in order to avoid any issue during deployment you should disable your firewall.
- If kubespray is ran from non-root user account, correct privilege escalation method - If kubespray is ran from non-root user account, correct privilege escalation method

View file

@ -12,14 +12,11 @@
mode: 0644 mode: 0644
- name: Copy crictl binary from download dir - name: Copy crictl binary from download dir
synchronize: copy:
src: "{{ local_release_dir }}/crictl" src: "{{ local_release_dir }}/crictl"
dest: "{{ bin_dir }}/crictl" dest: "{{ bin_dir }}/crictl"
compress: no mode: 0755
perms: yes remote_src: true
owner: no
group: no
delegate_to: "{{ inventory_hostname }}"
- name: Get crictl completion - name: Get crictl completion
command: "{{ bin_dir }}/crictl completion" command: "{{ bin_dir }}/crictl completion"

View file

@ -12,14 +12,11 @@
mode: 0644 mode: 0644
- name: Copy crictl binary from download dir - name: Copy crictl binary from download dir
synchronize: copy:
src: "{{ local_release_dir }}/crictl" src: "{{ local_release_dir }}/crictl"
dest: "{{ bin_dir }}/crictl" dest: "{{ bin_dir }}/crictl"
compress: no mode: 0755
perms: yes remote_src: true
owner: no
group: no
delegate_to: "{{ inventory_hostname }}"
- name: Get crictl completion - name: Get crictl completion
command: "{{ bin_dir }}/crictl completion" command: "{{ bin_dir }}/crictl completion"

View file

@ -22,14 +22,11 @@
- not skip_kubeadm_images|default(false) - not skip_kubeadm_images|default(false)
- name: prep_kubeadm_images | Copy kubeadm binary from download dir to system path - name: prep_kubeadm_images | Copy kubeadm binary from download dir to system path
synchronize: copy:
src: "{{ local_release_dir }}/kubeadm-{{ kubeadm_version }}-{{ image_arch }}" src: "{{ local_release_dir }}/kubeadm-{{ kubeadm_version }}-{{ image_arch }}"
dest: "{{ bin_dir }}/kubeadm" dest: "{{ bin_dir }}/kubeadm"
compress: no mode: 0755
perms: yes remote_src: true
owner: no
group: no
delegate_to: "{{ inventory_hostname }}"
- name: prep_kubeadm_images | Set kubeadm binary permissions - name: prep_kubeadm_images | Set kubeadm binary permissions
file: file:

View file

@ -20,24 +20,11 @@
- kube_encrypt_secret_data - kube_encrypt_secret_data
- name: Install | Copy kubectl binary from download dir - name: Install | Copy kubectl binary from download dir
synchronize: copy:
src: "{{ local_release_dir }}/kubectl-{{ kube_version }}-{{ image_arch }}" src: "{{ local_release_dir }}/kubectl-{{ kube_version }}-{{ image_arch }}"
dest: "{{ bin_dir }}/kubectl" dest: "{{ bin_dir }}/kubectl"
compress: no mode: 0755
perms: yes remote_src: true
owner: no
group: no
changed_when: false
delegate_to: "{{ inventory_hostname }}"
tags:
- kubectl
- upgrade
- name: install | Set kubectl binary permissions
file:
path: "{{ bin_dir }}/kubectl"
mode: "0755"
state: file
tags: tags:
- kubectl - kubectl
- upgrade - upgrade

View file

@ -1,51 +1,26 @@
--- ---
- name: install | Copy kubeadm binary from download dir - name: install | Copy kubeadm binary from download dir
synchronize: copy:
src: "{{ local_release_dir }}/kubeadm-{{ kubeadm_version }}-{{ image_arch }}" src: "{{ local_release_dir }}/kubeadm-{{ kubeadm_version }}-{{ image_arch }}"
dest: "{{ bin_dir }}/kubeadm" dest: "{{ bin_dir }}/kubeadm"
compress: no mode: 0755
perms: yes remote_src: true
owner: no
group: no
delegate_to: "{{ inventory_hostname }}"
tags:
- kubeadm
when:
- not inventory_hostname in groups['kube-master']
- name: install | Set kubeadm binary permissions
file:
path: "{{ bin_dir }}/kubeadm"
mode: "0755"
state: file
tags: tags:
- kubeadm - kubeadm
when: when:
- not inventory_hostname in groups['kube-master'] - not inventory_hostname in groups['kube-master']
- name: install | Copy kubelet binary from download dir - name: install | Copy kubelet binary from download dir
synchronize: copy:
src: "{{ local_release_dir }}/kubelet-{{ kube_version }}-{{ image_arch }}" src: "{{ local_release_dir }}/kubelet-{{ kube_version }}-{{ image_arch }}"
dest: "{{ bin_dir }}/kubelet" dest: "{{ bin_dir }}/kubelet"
compress: no mode: 0755
perms: yes remote_src: true
owner: no
group: no
delegate_to: "{{ inventory_hostname }}"
tags: tags:
- kubelet - kubelet
- upgrade - upgrade
notify: Node | restart kubelet notify: Node | restart kubelet
- name: install | Set kubelet binary permissions
file:
path: "{{ bin_dir }}/kubelet"
mode: "0755"
state: file
tags:
- kubelet
- upgrade
- name: install | Copy socat wrapper for Container Linux - name: install | Copy socat wrapper for Container Linux
command: "{{ docker_bin_dir }}/docker run --rm -v {{ bin_dir }}:/opt/bin {{ install_socat_image_repo }}:{{ install_socat_image_tag }}" command: "{{ docker_bin_dir }}/docker run --rm -v {{ bin_dir }}:/opt/bin {{ install_socat_image_repo }}:{{ install_socat_image_tag }}"
args: args: