Fedora CoreOS support (#5657)
* fedora coreos support - bootstrap and new fact for * fedora coreos support - fix bootstrap condition * fedora coreos support - allow customize packages for fedora coreos bootstrap * fedora coreos support - prevent install ptyhon3 and epel via dnf for fedora coreos * fedora coreos support - handle all ostree like os in same way * fedora coreos support - handle all ostree like os in same way for crio * fedora coreos support - add fcos documentations
This commit is contained in:
parent
974902af31
commit
876d4de6be
17 changed files with 222 additions and 48 deletions
|
@ -83,6 +83,7 @@ vagrant up
|
||||||
- [Network plugins](#network-plugins)
|
- [Network plugins](#network-plugins)
|
||||||
- [Vagrant install](docs/vagrant.md)
|
- [Vagrant install](docs/vagrant.md)
|
||||||
- [CoreOS bootstrap](docs/coreos.md)
|
- [CoreOS bootstrap](docs/coreos.md)
|
||||||
|
- [Fedora CoreOS bootstrap](docs/fcos.md)
|
||||||
- [Debian Jessie setup](docs/debian.md)
|
- [Debian Jessie setup](docs/debian.md)
|
||||||
- [openSUSE setup](docs/opensuse.md)
|
- [openSUSE setup](docs/opensuse.md)
|
||||||
- [Downloaded artifacts](docs/downloads.md)
|
- [Downloaded artifacts](docs/downloads.md)
|
||||||
|
@ -105,6 +106,7 @@ vagrant up
|
||||||
- **CentOS/RHEL** 7
|
- **CentOS/RHEL** 7
|
||||||
- **Fedora** 28
|
- **Fedora** 28
|
||||||
- **Fedora/CentOS** Atomic
|
- **Fedora/CentOS** Atomic
|
||||||
|
- **Fedora CoreOS** (experimental: see [fcos Note](docs/fcos.md)
|
||||||
- **openSUSE** Leap 42.3/Tumbleweed
|
- **openSUSE** Leap 42.3/Tumbleweed
|
||||||
- **Oracle Linux** 7
|
- **Oracle Linux** 7
|
||||||
|
|
||||||
|
|
76
docs/fcos.md
Normal file
76
docs/fcos.md
Normal file
|
@ -0,0 +1,76 @@
|
||||||
|
# Fedora CoreOS
|
||||||
|
|
||||||
|
Tested with stable version 31.20200223.3.0
|
||||||
|
Because package installation with `rpm-ostree` requires a reboot, playbook may fail while bootstrap.
|
||||||
|
Restart playbook again.
|
||||||
|
|
||||||
|
## Containers
|
||||||
|
|
||||||
|
Tested with
|
||||||
|
|
||||||
|
- docker
|
||||||
|
- crio
|
||||||
|
|
||||||
|
### docker
|
||||||
|
|
||||||
|
OS base packages contains docker.
|
||||||
|
|
||||||
|
### cri-o
|
||||||
|
|
||||||
|
To use `cri-o` disable docker service with ignition:
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
#workaround, see https://github.com/coreos/fedora-coreos-tracker/issues/229
|
||||||
|
systemd:
|
||||||
|
units:
|
||||||
|
- name: docker.service
|
||||||
|
enabled: false
|
||||||
|
contents: |
|
||||||
|
[Unit]
|
||||||
|
Description=disable docker
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
||||||
|
```
|
||||||
|
|
||||||
|
## libvirt setup
|
||||||
|
|
||||||
|
### Prepare
|
||||||
|
|
||||||
|
Prepare ignition and serve via http (a.e. python -m SimpleHTTPServer )
|
||||||
|
|
||||||
|
```json
|
||||||
|
{
|
||||||
|
"ignition": {
|
||||||
|
"version": "3.0.0"
|
||||||
|
},
|
||||||
|
|
||||||
|
"passwd": {
|
||||||
|
"users": [
|
||||||
|
{
|
||||||
|
"name": "adi",
|
||||||
|
"passwordHash": "$1$.RGu8J4x$U7uxcOg/eotTEIRxhk62I0",
|
||||||
|
"sshAuthorizedKeys": [
|
||||||
|
"ssh-rsa ..fillyouruser"
|
||||||
|
],
|
||||||
|
"groups": [ "wheel" ]
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
### create guest
|
||||||
|
|
||||||
|
```shell script
|
||||||
|
fcos_version=31.20200223.3.0
|
||||||
|
kernel=https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/${fcos_version}/x86_64/fedora-coreos-${fcos_version}-live-kernel-x86_64
|
||||||
|
initrd=https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/${fcos_version}/x86_64/fedora-coreos-${fcos_version}-live-initramfs.x86_64.img
|
||||||
|
ignition_url=http://mywebserver/fcos.ign
|
||||||
|
kernel_args="ip=dhcp rd.neednet=1 console=tty0 coreos.liveiso=/ console=ttyS0 coreos.inst.install_dev=/dev/sda coreos.inst.stream=stable coreos.inst.ignition_url=${ignition_url}"
|
||||||
|
sudo virt-install --name ${machine_name} --ram 4048 --graphics=none --vcpus 2 --disk size=20 \
|
||||||
|
--network bridge=virbr0 \
|
||||||
|
--install kernel=${kernel},initrd=${initrd},kernel_args_overwrite=yes,kernel_args="${kernel_args}"
|
||||||
|
```
|
|
@ -13,6 +13,13 @@ coreos_locksmithd_disable: false
|
||||||
# Install public repo on Oracle Linux
|
# Install public repo on Oracle Linux
|
||||||
use_oracle_public_repo: true
|
use_oracle_public_repo: true
|
||||||
|
|
||||||
|
fedora_coreos_packages:
|
||||||
|
- python
|
||||||
|
- libselinux-python3
|
||||||
|
- dbus-tools # because of networkManager reload bug (https://bugzilla.redhat.com/show_bug.cgi?id=1745659)
|
||||||
|
- ethtool # required in kubeadm preflight phase for verifying the environment
|
||||||
|
- ipset # required in kubeadm preflight phase for verifying the environment
|
||||||
|
|
||||||
## General
|
## General
|
||||||
# Set the hostname to inventory_hostname
|
# Set the hostname to inventory_hostname
|
||||||
override_system_hostname: true
|
override_system_hostname: true
|
||||||
|
|
35
roles/bootstrap-os/tasks/bootstrap-fedora-coreos.yml
Normal file
35
roles/bootstrap-os/tasks/bootstrap-fedora-coreos.yml
Normal file
|
@ -0,0 +1,35 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
- name: Check if bootstrap is needed
|
||||||
|
raw: which python
|
||||||
|
register: need_bootstrap
|
||||||
|
failed_when: false
|
||||||
|
changed_when: false
|
||||||
|
tags:
|
||||||
|
- facts
|
||||||
|
|
||||||
|
- name: Install required packages on fedora coreos
|
||||||
|
raw: "export http_proxy={{ http_proxy | default('') }};rpm-ostree install {{ fedora_coreos_packages|join(' ') }}"
|
||||||
|
become: true
|
||||||
|
when: need_bootstrap.rc != 0
|
||||||
|
|
||||||
|
# playbook fails because connection lost
|
||||||
|
- name: Reboot immediately for updated ostree, please run playbook again if failed first time.
|
||||||
|
raw: "nohup bash -c 'sleep 5s && shutdown -r now'"
|
||||||
|
become: true
|
||||||
|
ignore_errors: yes
|
||||||
|
when: need_bootstrap.rc != 0
|
||||||
|
|
||||||
|
- name: Wait for the reboot to complete
|
||||||
|
wait_for_connection:
|
||||||
|
timeout: 240
|
||||||
|
connect_timeout: 20
|
||||||
|
delay: 5
|
||||||
|
sleep: 5
|
||||||
|
when: need_bootstrap.rc != 0
|
||||||
|
|
||||||
|
- name: Store the fact if this is an fedora core os host
|
||||||
|
set_fact:
|
||||||
|
is_fedora_coreos: True
|
||||||
|
tags:
|
||||||
|
- facts
|
|
@ -13,14 +13,21 @@
|
||||||
- include_tasks: bootstrap-clearlinux.yml
|
- include_tasks: bootstrap-clearlinux.yml
|
||||||
when: '"Clear Linux OS" in os_release.stdout'
|
when: '"Clear Linux OS" in os_release.stdout'
|
||||||
|
|
||||||
|
- include_tasks: bootstrap-fedora-coreos.yml
|
||||||
|
when: '"ID=fedora" in os_release.stdout and "VARIANT_ID=coreos" in os_release.stdout'
|
||||||
|
|
||||||
- include_tasks: bootstrap-coreos.yml
|
- include_tasks: bootstrap-coreos.yml
|
||||||
when: '"CoreOS" in os_release.stdout or "Flatcar" in os_release.stdout'
|
when:
|
||||||
|
- '"CoreOS" in os_release.stdout or "Flatcar" in os_release.stdout'
|
||||||
|
- '"ID=fedora" not in os_release.stdout'
|
||||||
|
|
||||||
- include_tasks: bootstrap-debian.yml
|
- include_tasks: bootstrap-debian.yml
|
||||||
when: '"Debian" in os_release.stdout or "Ubuntu" in os_release.stdout'
|
when: '"Debian" in os_release.stdout or "Ubuntu" in os_release.stdout'
|
||||||
|
|
||||||
- include_tasks: bootstrap-fedora.yml
|
- include_tasks: bootstrap-fedora.yml
|
||||||
when: '"Fedora" in os_release.stdout'
|
when:
|
||||||
|
- '"Fedora" in os_release.stdout'
|
||||||
|
- '"VARIANT_ID=coreos" not in os_release.stdout'
|
||||||
|
|
||||||
- include_tasks: bootstrap-opensuse.yml
|
- include_tasks: bootstrap-opensuse.yml
|
||||||
when: '"openSUSE" in os_release.stdout'
|
when: '"openSUSE" in os_release.stdout'
|
||||||
|
@ -43,7 +50,7 @@
|
||||||
name: "{{ inventory_hostname }}"
|
name: "{{ inventory_hostname }}"
|
||||||
when:
|
when:
|
||||||
- override_system_hostname
|
- override_system_hostname
|
||||||
- ansible_os_family not in ['Suse', 'Container Linux by CoreOS', 'Flatcar Container Linux by Kinvolk', 'ClearLinux']
|
- ansible_os_family not in ['Suse', 'Container Linux by CoreOS', 'Flatcar Container Linux by Kinvolk', 'ClearLinux'] and not is_fedora_coreos
|
||||||
|
|
||||||
# (2/3)
|
# (2/3)
|
||||||
- name: Assign inventory name to unconfigured hostnames (CoreOS, non-Flatcar, Suse and ClearLinux only)
|
- name: Assign inventory name to unconfigured hostnames (CoreOS, non-Flatcar, Suse and ClearLinux only)
|
||||||
|
@ -52,7 +59,7 @@
|
||||||
changed_when: false
|
changed_when: false
|
||||||
when:
|
when:
|
||||||
- override_system_hostname
|
- override_system_hostname
|
||||||
- ansible_os_family in ['Suse', 'Container Linux by CoreOS', 'Flatcar Container Linux by Kinvolk', 'ClearLinux']
|
- ansible_os_family in ['Suse', 'Container Linux by CoreOS', 'Flatcar Container Linux by Kinvolk', 'ClearLinux'] or is_fedora_coreos
|
||||||
|
|
||||||
# (3/3)
|
# (3/3)
|
||||||
- name: Update hostname fact (CoreOS, Flatcar, Suse and ClearLinux only)
|
- name: Update hostname fact (CoreOS, Flatcar, Suse and ClearLinux only)
|
||||||
|
@ -61,7 +68,7 @@
|
||||||
filter: ansible_hostname
|
filter: ansible_hostname
|
||||||
when:
|
when:
|
||||||
- override_system_hostname
|
- override_system_hostname
|
||||||
- ansible_os_family in ['Suse', 'Flatcar Container Linux by Kinvolk', 'Container Linux by CoreOS', 'ClearLinux']
|
- ansible_os_family in ['Suse', 'Flatcar Container Linux by Kinvolk', 'Container Linux by CoreOS', 'ClearLinux'] or is_fedora_coreos
|
||||||
|
|
||||||
- name: "Install ceph-commmon package"
|
- name: "Install ceph-commmon package"
|
||||||
package:
|
package:
|
||||||
|
|
|
@ -1,4 +1,15 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
|
- name: check if atomic host or fedora coreos
|
||||||
|
stat:
|
||||||
|
path: /run/ostree-booted
|
||||||
|
register: ostree
|
||||||
|
|
||||||
|
- name: set is_ostree
|
||||||
|
set_fact:
|
||||||
|
is_ostree: "{{ ostree.stat.exists }}"
|
||||||
|
|
||||||
|
|
||||||
- name: gather os specific variables
|
- name: gather os specific variables
|
||||||
include_vars: "{{ item }}"
|
include_vars: "{{ item }}"
|
||||||
with_first_found:
|
with_first_found:
|
||||||
|
@ -22,7 +33,7 @@
|
||||||
description: OpenShift Origin Repo
|
description: OpenShift Origin Repo
|
||||||
baseurl: "{{ crio_rhel_repo_base_url }}"
|
baseurl: "{{ crio_rhel_repo_base_url }}"
|
||||||
gpgcheck: no
|
gpgcheck: no
|
||||||
when: ansible_distribution in ["CentOS","RedHat","OracleLinux"] and not is_atomic
|
when: ansible_distribution in ["CentOS","RedHat","OracleLinux"] and not is_ostree
|
||||||
|
|
||||||
- name: Add CRI-O PPA
|
- name: Add CRI-O PPA
|
||||||
apt_repository:
|
apt_repository:
|
||||||
|
@ -51,8 +62,25 @@
|
||||||
package:
|
package:
|
||||||
name: "{{ item }}"
|
name: "{{ item }}"
|
||||||
state: present
|
state: present
|
||||||
|
when: not is_ostree
|
||||||
with_items: "{{ crio_packages }}"
|
with_items: "{{ crio_packages }}"
|
||||||
|
|
||||||
|
- name: Check if already installed
|
||||||
|
stat:
|
||||||
|
path: "/bin/crio"
|
||||||
|
register: need_bootstrap_crio
|
||||||
|
when: is_ostree
|
||||||
|
|
||||||
|
- name: Install cri-o packages with osttree
|
||||||
|
raw: "export http_proxy={{ http_proxy | default('') }} && rpm-ostree install {{ crio_packages|join(' ') }}"
|
||||||
|
when: is_ostree and not need_bootstrap_crio.stat.exists
|
||||||
|
become: true
|
||||||
|
|
||||||
|
- name: Reboot immediately for updated ostree
|
||||||
|
reboot:
|
||||||
|
become: true
|
||||||
|
when: is_ostree and not need_bootstrap_crio.stat.exists
|
||||||
|
|
||||||
- name: Install cri-o config
|
- name: Install cri-o config
|
||||||
template:
|
template:
|
||||||
src: crio.conf.j2
|
src: crio.conf.j2
|
||||||
|
|
|
@ -104,7 +104,7 @@ selinux = {{ (preinstall_selinux_state == 'enforcing')|lower }}
|
||||||
# for the runtime.
|
# for the runtime.
|
||||||
{% if ansible_os_family == "ClearLinux" %}
|
{% if ansible_os_family == "ClearLinux" %}
|
||||||
seccomp_profile = "/usr/share/defaults/crio/seccomp.json"
|
seccomp_profile = "/usr/share/defaults/crio/seccomp.json"
|
||||||
{% elif ansible_distribution == "Ubuntu" %}
|
{% elif ansible_distribution == "Ubuntu" or is_fedora_coreos %}
|
||||||
seccomp_profile = ""
|
seccomp_profile = ""
|
||||||
{% else %}
|
{% else %}
|
||||||
seccomp_profile = "/etc/crio/seccomp.json"
|
seccomp_profile = "/etc/crio/seccomp.json"
|
||||||
|
@ -121,17 +121,17 @@ cgroup_manager = "cgroupfs"
|
||||||
# only the capabilities defined in the containers json file by the user/kube
|
# only the capabilities defined in the containers json file by the user/kube
|
||||||
# will be added.
|
# will be added.
|
||||||
default_capabilities = [
|
default_capabilities = [
|
||||||
"CHOWN",
|
"CHOWN",
|
||||||
"DAC_OVERRIDE",
|
"DAC_OVERRIDE",
|
||||||
"FSETID",
|
"FSETID",
|
||||||
"FOWNER",
|
"FOWNER",
|
||||||
"NET_RAW",
|
"NET_RAW",
|
||||||
"SETGID",
|
"SETGID",
|
||||||
"SETUID",
|
"SETUID",
|
||||||
"SETPCAP",
|
"SETPCAP",
|
||||||
"NET_BIND_SERVICE",
|
"NET_BIND_SERVICE",
|
||||||
"SYS_CHROOT",
|
"SYS_CHROOT",
|
||||||
"KILL",
|
"KILL",
|
||||||
]
|
]
|
||||||
|
|
||||||
# List of default sysctls. If it is empty or commented out, only the sysctls
|
# List of default sysctls. If it is empty or commented out, only the sysctls
|
||||||
|
@ -154,7 +154,7 @@ hooks_dir = [
|
||||||
# be removed in future versions in favor of default_mounts_file.
|
# be removed in future versions in favor of default_mounts_file.
|
||||||
default_mounts = [
|
default_mounts = [
|
||||||
{% if ansible_os_family == "RedHat" %}
|
{% if ansible_os_family == "RedHat" %}
|
||||||
"/usr/share/rhel/secrets:/run/secrets",
|
"/usr/share/rhel/secrets:/run/secrets",
|
||||||
{% endif %}
|
{% endif %}
|
||||||
]
|
]
|
||||||
|
|
||||||
|
@ -216,7 +216,7 @@ ctr_stop_timeout = 0
|
||||||
# The runtime to use is picked based on the runtime_handler provided by the CRI.
|
# The runtime to use is picked based on the runtime_handler provided by the CRI.
|
||||||
# If no runtime_handler is provided, the runtime will be picked based on the level
|
# If no runtime_handler is provided, the runtime will be picked based on the level
|
||||||
# of trust of the workload.
|
# of trust of the workload.
|
||||||
|
|
||||||
[crio.runtime.runtimes.runc]
|
[crio.runtime.runtimes.runc]
|
||||||
{% if ansible_os_family == "ClearLinux" or ansible_os_family == "RedHat" %}
|
{% if ansible_os_family == "ClearLinux" or ansible_os_family == "RedHat" %}
|
||||||
runtime_path = "/usr/bin/runc"
|
runtime_path = "/usr/bin/runc"
|
||||||
|
@ -226,7 +226,7 @@ ctr_stop_timeout = 0
|
||||||
runtime_path = "/usr/sbin/runc"
|
runtime_path = "/usr/sbin/runc"
|
||||||
{% endif %}
|
{% endif %}
|
||||||
runtime_type = "oci"
|
runtime_type = "oci"
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
# The crio.image table contains settings pertaining to the management of OCI images.
|
# The crio.image table contains settings pertaining to the management of OCI images.
|
||||||
|
@ -242,7 +242,7 @@ ctr_stop_timeout = 0
|
||||||
default_transport = "docker://"
|
default_transport = "docker://"
|
||||||
|
|
||||||
# The image used to instantiate infra containers.
|
# The image used to instantiate infra containers.
|
||||||
pause_image = "docker://k8s.gcr.io/pause:3.1"
|
pause_image = "docker://{{kube_image_repo}}/pause:3.1"
|
||||||
|
|
||||||
# If not empty, the path to a docker/config.json-like file containing credentials
|
# If not empty, the path to a docker/config.json-like file containing credentials
|
||||||
# necessary for pulling the image specified by pause_image above.
|
# necessary for pulling the image specified by pause_image above.
|
||||||
|
|
|
@ -15,7 +15,7 @@
|
||||||
service:
|
service:
|
||||||
name: docker.socket
|
name: docker.socket
|
||||||
state: restarted
|
state: restarted
|
||||||
when: ansible_os_family in ['Coreos', 'CoreOS', 'Container Linux by CoreOS', 'Flatcar', 'Flatcar Container Linux by Kinvolk']
|
when: ansible_os_family in ['Coreos', 'CoreOS', 'Container Linux by CoreOS', 'Flatcar', 'Flatcar Container Linux by Kinvolk'] or is_fedora_coreos
|
||||||
|
|
||||||
- name: Docker | reload docker
|
- name: Docker | reload docker
|
||||||
service:
|
service:
|
||||||
|
|
|
@ -1,12 +1,12 @@
|
||||||
---
|
---
|
||||||
- name: check if atomic host
|
- name: check if atomic host or fedora coreos
|
||||||
stat:
|
stat:
|
||||||
path: /run/ostree-booted
|
path: /run/ostree-booted
|
||||||
register: ostree
|
register: ostree
|
||||||
|
|
||||||
- name: set is_atomic
|
- name: set is_ostree
|
||||||
set_fact:
|
set_fact:
|
||||||
is_atomic: "{{ ostree.stat.exists }}"
|
is_ostree: "{{ ostree.stat.exists }}"
|
||||||
|
|
||||||
- name: gather os specific variables
|
- name: gather os specific variables
|
||||||
include_vars: "{{ item }}"
|
include_vars: "{{ item }}"
|
||||||
|
@ -60,7 +60,7 @@
|
||||||
retries: 4
|
retries: 4
|
||||||
delay: "{{ retry_stagger | d(3) }}"
|
delay: "{{ retry_stagger | d(3) }}"
|
||||||
with_items: "{{ docker_repo_key_info.repo_keys }}"
|
with_items: "{{ docker_repo_key_info.repo_keys }}"
|
||||||
when: not (ansible_os_family in ["CoreOS", "Coreos", "Container Linux by CoreOS", "Flatcar", "Flatcar Container Linux by Kinvolk", "RedHat", "Suse", "ClearLinux"] or is_atomic)
|
when: not (ansible_os_family in ["CoreOS", "Coreos", "Container Linux by CoreOS", "Flatcar", "Flatcar Container Linux by Kinvolk", "RedHat", "Suse", "ClearLinux"] or is_ostree)
|
||||||
|
|
||||||
- name: ensure docker-ce repository is enabled
|
- name: ensure docker-ce repository is enabled
|
||||||
action: "{{ docker_repo_info.pkg_repo }}"
|
action: "{{ docker_repo_info.pkg_repo }}"
|
||||||
|
@ -68,7 +68,7 @@
|
||||||
repo: "{{ item }}"
|
repo: "{{ item }}"
|
||||||
state: present
|
state: present
|
||||||
with_items: "{{ docker_repo_info.repos }}"
|
with_items: "{{ docker_repo_info.repos }}"
|
||||||
when: not (ansible_os_family in ["CoreOS", "Coreos", "Container Linux by CoreOS", "Flatcar", "Flatcar Container Linux by Kinvolk", "RedHat", "Suse", "ClearLinux"] or is_atomic) and (docker_repo_info.repos|length > 0)
|
when: not (ansible_os_family in ["CoreOS", "Coreos", "Container Linux by CoreOS", "Flatcar", "Flatcar Container Linux by Kinvolk", "RedHat", "Suse", "ClearLinux"] or is_ostree) and (docker_repo_info.repos|length > 0)
|
||||||
|
|
||||||
- name: ensure docker-engine repository public key is installed
|
- name: ensure docker-engine repository public key is installed
|
||||||
action: "{{ dockerproject_repo_key_info.pkg_key }}"
|
action: "{{ dockerproject_repo_key_info.pkg_key }}"
|
||||||
|
@ -82,7 +82,7 @@
|
||||||
delay: "{{ retry_stagger | d(3) }}"
|
delay: "{{ retry_stagger | d(3) }}"
|
||||||
with_items: "{{ dockerproject_repo_key_info.repo_keys }}"
|
with_items: "{{ dockerproject_repo_key_info.repo_keys }}"
|
||||||
when:
|
when:
|
||||||
- not (ansible_os_family in ["CoreOS", "Coreos", "Container Linux by CoreOS", "Flatcar", "Flatcar Container Linux by Kinvolk", "RedHat", "Suse", "ClearLinux"] or is_atomic)
|
- not (ansible_os_family in ["CoreOS", "Coreos", "Container Linux by CoreOS", "Flatcar", "Flatcar Container Linux by Kinvolk", "RedHat", "Suse", "ClearLinux"] or is_ostree)
|
||||||
- use_docker_engine is defined and use_docker_engine
|
- use_docker_engine is defined and use_docker_engine
|
||||||
|
|
||||||
- name: ensure docker-engine repository is enabled
|
- name: ensure docker-engine repository is enabled
|
||||||
|
@ -93,13 +93,13 @@
|
||||||
with_items: "{{ dockerproject_repo_info.repos }}"
|
with_items: "{{ dockerproject_repo_info.repos }}"
|
||||||
when:
|
when:
|
||||||
- use_docker_engine is defined and use_docker_engine
|
- use_docker_engine is defined and use_docker_engine
|
||||||
- not (ansible_os_family in ["CoreOS", "Coreos", "Container Linux by CoreOS", "Flatcar", "Flatcar Container Linux by Kinvolk", "RedHat", "Suse", "ClearLinux"] or is_atomic) and (dockerproject_repo_info.repos|length > 0)
|
- not (ansible_os_family in ["CoreOS", "Coreos", "Container Linux by CoreOS", "Flatcar", "Flatcar Container Linux by Kinvolk", "RedHat", "Suse", "ClearLinux"] or is_ostree) and (dockerproject_repo_info.repos|length > 0)
|
||||||
|
|
||||||
- name: Configure docker repository on Fedora
|
- name: Configure docker repository on Fedora
|
||||||
template:
|
template:
|
||||||
src: "fedora_docker.repo.j2"
|
src: "fedora_docker.repo.j2"
|
||||||
dest: "{{ yum_repo_dir }}/docker.repo"
|
dest: "{{ yum_repo_dir }}/docker.repo"
|
||||||
when: ansible_distribution == "Fedora" and not is_atomic
|
when: ansible_distribution == "Fedora" and not is_ostree
|
||||||
|
|
||||||
- name: Configure docker repository on RedHat/CentOS/Oracle Linux
|
- name: Configure docker repository on RedHat/CentOS/Oracle Linux
|
||||||
yum_repository:
|
yum_repository:
|
||||||
|
@ -110,13 +110,13 @@
|
||||||
gpgkey: "{{ docker_rh_repo_gpgkey }}"
|
gpgkey: "{{ docker_rh_repo_gpgkey }}"
|
||||||
keepcache: "{{ docker_rpm_keepcache | default('1') }}"
|
keepcache: "{{ docker_rpm_keepcache | default('1') }}"
|
||||||
proxy: " {{ http_proxy | default('_none_') }}"
|
proxy: " {{ http_proxy | default('_none_') }}"
|
||||||
when: ansible_distribution in ["CentOS","RedHat","OracleLinux"] and not is_atomic
|
when: ansible_distribution in ["CentOS","RedHat","OracleLinux"] and not is_ostree
|
||||||
|
|
||||||
- name: check if container-selinux is available
|
- name: check if container-selinux is available
|
||||||
yum:
|
yum:
|
||||||
list: "container-selinux"
|
list: "container-selinux"
|
||||||
register: yum_result
|
register: yum_result
|
||||||
when: ansible_distribution in ["CentOS","RedHat"] and not is_atomic
|
when: ansible_distribution in ["CentOS","RedHat"] and not is_ostree
|
||||||
|
|
||||||
- name: Configure extras repository on RedHat/CentOS if container-selinux is not available in current repos
|
- name: Configure extras repository on RedHat/CentOS if container-selinux is not available in current repos
|
||||||
yum_repository:
|
yum_repository:
|
||||||
|
@ -130,7 +130,7 @@
|
||||||
keepcache: "{{ docker_rpm_keepcache | default('1') }}"
|
keepcache: "{{ docker_rpm_keepcache | default('1') }}"
|
||||||
proxy: " {{ http_proxy | default('_none_') }}"
|
proxy: " {{ http_proxy | default('_none_') }}"
|
||||||
when:
|
when:
|
||||||
- ansible_distribution in ["CentOS","RedHat"] and not is_atomic
|
- ansible_distribution in ["CentOS","RedHat"] and not is_ostree
|
||||||
- yum_result.results | length == 0
|
- yum_result.results | length == 0
|
||||||
|
|
||||||
- name: Copy yum.conf for editing
|
- name: Copy yum.conf for editing
|
||||||
|
@ -138,7 +138,7 @@
|
||||||
src: "{{ yum_conf }}"
|
src: "{{ yum_conf }}"
|
||||||
dest: "{{ docker_yum_conf }}"
|
dest: "{{ docker_yum_conf }}"
|
||||||
remote_src: yes
|
remote_src: yes
|
||||||
when: ansible_distribution in ["CentOS","RedHat","OracleLinux"] and not is_atomic
|
when: ansible_distribution in ["CentOS","RedHat","OracleLinux"] and not is_ostree
|
||||||
|
|
||||||
- name: Edit copy of yum.conf to set obsoletes=0
|
- name: Edit copy of yum.conf to set obsoletes=0
|
||||||
lineinfile:
|
lineinfile:
|
||||||
|
@ -146,7 +146,7 @@
|
||||||
state: present
|
state: present
|
||||||
regexp: '^obsoletes='
|
regexp: '^obsoletes='
|
||||||
line: 'obsoletes=0'
|
line: 'obsoletes=0'
|
||||||
when: ansible_distribution in ["CentOS","RedHat","OracleLinux"] and not is_atomic
|
when: ansible_distribution in ["CentOS","RedHat","OracleLinux"] and not is_ostree
|
||||||
|
|
||||||
- name: ensure docker packages are installed
|
- name: ensure docker packages are installed
|
||||||
action: "{{ docker_package_info.pkg_mgr }}"
|
action: "{{ docker_package_info.pkg_mgr }}"
|
||||||
|
@ -162,7 +162,7 @@
|
||||||
delay: "{{ retry_stagger | d(3) }}"
|
delay: "{{ retry_stagger | d(3) }}"
|
||||||
with_items: "{{ docker_package_info.pkgs }}"
|
with_items: "{{ docker_package_info.pkgs }}"
|
||||||
notify: restart docker
|
notify: restart docker
|
||||||
when: not (ansible_os_family in ["CoreOS", "Coreos", "Container Linux by CoreOS", "Flatcar", "Flatcar Container Linux by Kinvolk", "ClearLinux"] or is_atomic) and (docker_package_info.pkgs|length > 0)
|
when: not (ansible_os_family in ["CoreOS", "Coreos", "Container Linux by CoreOS", "Flatcar", "Flatcar Container Linux by Kinvolk", "ClearLinux"] or is_ostree) and (docker_package_info.pkgs|length > 0)
|
||||||
ignore_errors: true
|
ignore_errors: true
|
||||||
|
|
||||||
- name: Ensure docker packages are installed
|
- name: Ensure docker packages are installed
|
||||||
|
|
|
@ -5,7 +5,7 @@
|
||||||
state: absent
|
state: absent
|
||||||
when:
|
when:
|
||||||
- ansible_distribution in ["CentOS","RedHat","OracleLinux"]
|
- ansible_distribution in ["CentOS","RedHat","OracleLinux"]
|
||||||
- not is_atomic
|
- not is_ostree
|
||||||
|
|
||||||
- name: Ensure old versions of Docker are not installed. | Debian
|
- name: Ensure old versions of Docker are not installed. | Debian
|
||||||
apt:
|
apt:
|
||||||
|
@ -22,4 +22,4 @@
|
||||||
when:
|
when:
|
||||||
- ansible_os_family == 'RedHat'
|
- ansible_os_family == 'RedHat'
|
||||||
- (docker_versioned_pkg[docker_version | string] is search('docker-ce'))
|
- (docker_versioned_pkg[docker_version | string] is search('docker-ce'))
|
||||||
- not is_atomic
|
- not is_ostree
|
||||||
|
|
|
@ -15,7 +15,7 @@
|
||||||
# noqa 303 - systemctl is called intentionally here
|
# noqa 303 - systemctl is called intentionally here
|
||||||
shell: systemctl --version | head -n 1 | cut -d " " -f 2
|
shell: systemctl --version | head -n 1 | cut -d " " -f 2
|
||||||
register: systemd_version
|
register: systemd_version
|
||||||
when: not is_atomic
|
when: not is_ostree
|
||||||
changed_when: false
|
changed_when: false
|
||||||
|
|
||||||
- name: Write docker.service systemd file
|
- name: Write docker.service systemd file
|
||||||
|
@ -24,7 +24,7 @@
|
||||||
dest: /etc/systemd/system/docker.service
|
dest: /etc/systemd/system/docker.service
|
||||||
register: docker_service_file
|
register: docker_service_file
|
||||||
notify: restart docker
|
notify: restart docker
|
||||||
when: not (ansible_os_family in ["CoreOS", "Coreos", "Container Linux by CoreOS", "Flatcar", "Flatcar Container Linux by Kinvolk"] or is_atomic)
|
when: not (ansible_os_family in ["CoreOS", "Coreos", "Container Linux by CoreOS", "Flatcar", "Flatcar Container Linux by Kinvolk"] or is_ostree)
|
||||||
|
|
||||||
- name: Write docker options systemd drop-in
|
- name: Write docker options systemd drop-in
|
||||||
template:
|
template:
|
||||||
|
|
|
@ -32,7 +32,7 @@ ExecStart={{ docker_bin_dir }}/docker{% if installed_docker_version.stdout is ve
|
||||||
$DOCKER_NETWORK_OPTIONS \
|
$DOCKER_NETWORK_OPTIONS \
|
||||||
$DOCKER_DNS_OPTIONS \
|
$DOCKER_DNS_OPTIONS \
|
||||||
$INSECURE_REGISTRY
|
$INSECURE_REGISTRY
|
||||||
{% if not is_atomic and systemd_version.stdout|int >= 226 %}
|
{% if not is_ostree and systemd_version.stdout|int >= 226 %}
|
||||||
TasksMax=infinity
|
TasksMax=infinity
|
||||||
{% endif %}
|
{% endif %}
|
||||||
LimitNOFILE=1048576
|
LimitNOFILE=1048576
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
dependencies:
|
dependencies:
|
||||||
- role: adduser
|
- role: adduser
|
||||||
user: "{{ addusers.etcd }}"
|
user: "{{ addusers.etcd }}"
|
||||||
when: not (ansible_os_family in ["CoreOS", "Coreos", "Container Linux by CoreOS", "Flatcar", "Flatcar Container Linux by Kinvolk", "ClearLinux"] or is_atomic)
|
when: not (ansible_os_family in ["CoreOS", "Coreos", "Container Linux by CoreOS", "Flatcar", "Flatcar Container Linux by Kinvolk", "ClearLinux"] or is_atomic or is_fedora_coreos)
|
||||||
- role: adduser
|
- role: adduser
|
||||||
user: "{{ addusers.kube }}"
|
user: "{{ addusers.kube }}"
|
||||||
when: not (ansible_os_family in ["CoreOS", "Coreos", "Container Linux by CoreOS", "Flatcar", "Flatcar Container Linux by Kinvolk", "ClearLinux"] or is_atomic)
|
when: not (ansible_os_family in ["CoreOS", "Coreos", "Container Linux by CoreOS", "Flatcar", "Flatcar Container Linux by Kinvolk", "ClearLinux"] or is_atomic or is_fedora_coreos)
|
||||||
|
|
|
@ -2,6 +2,8 @@
|
||||||
dependencies:
|
dependencies:
|
||||||
- role: adduser
|
- role: adduser
|
||||||
user: "{{ addusers.kube }}"
|
user: "{{ addusers.kube }}"
|
||||||
when: not is_atomic
|
when:
|
||||||
|
- not is_atomic
|
||||||
|
- not is_fedora_coreos
|
||||||
tags:
|
tags:
|
||||||
- kubelet
|
- kubelet
|
||||||
|
|
|
@ -27,9 +27,21 @@
|
||||||
path: /run/ostree-booted
|
path: /run/ostree-booted
|
||||||
register: ostree
|
register: ostree
|
||||||
|
|
||||||
|
- name: set is_fedora_coreos
|
||||||
|
lineinfile:
|
||||||
|
path: /etc/os-release
|
||||||
|
line: "VARIANT_ID=coreos"
|
||||||
|
state: present
|
||||||
|
check_mode: yes
|
||||||
|
register: os_variant_coreos
|
||||||
|
|
||||||
|
- name: set is_fedora_coreos
|
||||||
|
set_fact:
|
||||||
|
is_fedora_coreos: "{{ ostree.stat.exists and os_variant_coreos is not changed }}"
|
||||||
|
|
||||||
- name: set is_atomic
|
- name: set is_atomic
|
||||||
set_fact:
|
set_fact:
|
||||||
is_atomic: "{{ ostree.stat.exists }}"
|
is_atomic: "{{ ostree.stat.exists and not is_fedora_coreos }}"
|
||||||
|
|
||||||
- name: set kube_cert_group on atomic hosts
|
- name: set kube_cert_group on atomic hosts
|
||||||
set_fact:
|
set_fact:
|
||||||
|
|
|
@ -24,6 +24,7 @@
|
||||||
when:
|
when:
|
||||||
- ansible_distribution in ["CentOS","RedHat","OracleLinux"]
|
- ansible_distribution in ["CentOS","RedHat","OracleLinux"]
|
||||||
- not is_atomic
|
- not is_atomic
|
||||||
|
- not is_fedora_coreos
|
||||||
|
|
||||||
- name: Install python-dnf for latest RedHat versions
|
- name: Install python-dnf for latest RedHat versions
|
||||||
command: dnf install -y python-dnf yum
|
command: dnf install -y python-dnf yum
|
||||||
|
@ -36,6 +37,7 @@
|
||||||
- ansible_distribution_major_version|int > 21
|
- ansible_distribution_major_version|int > 21
|
||||||
- ansible_distribution_major_version|int <= 29
|
- ansible_distribution_major_version|int <= 29
|
||||||
- not is_atomic
|
- not is_atomic
|
||||||
|
- not is_fedora_coreos
|
||||||
changed_when: False
|
changed_when: False
|
||||||
tags:
|
tags:
|
||||||
- bootstrap-os
|
- bootstrap-os
|
||||||
|
@ -50,6 +52,7 @@
|
||||||
- ansible_distribution == "Fedora"
|
- ansible_distribution == "Fedora"
|
||||||
- ansible_distribution_major_version|int >= 30
|
- ansible_distribution_major_version|int >= 30
|
||||||
- not is_atomic
|
- not is_atomic
|
||||||
|
- not is_fedora_coreos
|
||||||
changed_when: False
|
changed_when: False
|
||||||
tags:
|
tags:
|
||||||
- bootstrap-os
|
- bootstrap-os
|
||||||
|
@ -61,6 +64,7 @@
|
||||||
when:
|
when:
|
||||||
- ansible_distribution in ["CentOS","RedHat"]
|
- ansible_distribution in ["CentOS","RedHat"]
|
||||||
- not is_atomic
|
- not is_atomic
|
||||||
|
- not is_fedora_coreos
|
||||||
- epel_enabled|bool
|
- epel_enabled|bool
|
||||||
tags:
|
tags:
|
||||||
- bootstrap-os
|
- bootstrap-os
|
||||||
|
@ -79,7 +83,7 @@
|
||||||
until: pkgs_task_result is succeeded
|
until: pkgs_task_result is succeeded
|
||||||
retries: 4
|
retries: 4
|
||||||
delay: "{{ retry_stagger | random + 3 }}"
|
delay: "{{ retry_stagger | random + 3 }}"
|
||||||
when: not (ansible_os_family in ["CoreOS", "Coreos", "Container Linux by CoreOS", "Flatcar", "Flatcar Container Linux by Kinvolk", "ClearLinux"] or is_atomic)
|
when: not (ansible_os_family in ["CoreOS", "Coreos", "Container Linux by CoreOS", "Flatcar", "Flatcar Container Linux by Kinvolk", "ClearLinux"] or is_atomic or is_fedora_coreos)
|
||||||
tags:
|
tags:
|
||||||
- bootstrap-os
|
- bootstrap-os
|
||||||
|
|
||||||
|
|
|
@ -10,6 +10,7 @@ kube_api_anonymous_auth: true
|
||||||
|
|
||||||
# Default value, but will be set to true automatically if detected
|
# Default value, but will be set to true automatically if detected
|
||||||
is_atomic: false
|
is_atomic: false
|
||||||
|
is_fedora_coreos: false
|
||||||
|
|
||||||
# optional disable the swap
|
# optional disable the swap
|
||||||
disable_swap: true
|
disable_swap: true
|
||||||
|
|
Loading…
Reference in a new issue