From 8cc84e132ad1fec3dcf43420e30349f079e53b71 Mon Sep 17 00:00:00 2001 From: Bogdan Dobrelya Date: Thu, 8 Dec 2016 14:36:00 +0100 Subject: [PATCH] Add tags Add tags to allow more granular tasks filtering. Add generator script for MD formatted tags found. Add docs for tags how-to. Signed-off-by: Bogdan Dobrelya --- docs/ansible.md | 60 +++++++++++++++++++ roles/bootstrap-os/tasks/bootstrap-coreos.yml | 4 +- roles/bootstrap-os/tasks/bootstrap-ubuntu.yml | 2 + roles/dnsmasq/meta/main.yml | 1 + roles/dnsmasq/tasks/main.yml | 2 + roles/docker/tasks/main.yml | 4 +- roles/docker/tasks/non-systemd.yml | 7 ++- roles/download/tasks/main.yml | 3 + roles/etcd/meta/main.yml | 1 + roles/etcd/tasks/configure.yml | 1 + roles/etcd/tasks/gen_certs.yml | 3 + roles/etcd/tasks/main.yml | 4 ++ roles/etcd/tasks/pre_upgrade.yml | 2 + roles/etcd/tasks/set_cluster_health.yml | 1 + roles/kubernetes-apps/ansible/tasks/main.yaml | 4 ++ .../network_plugin/meta/main.yml | 1 + roles/kubernetes/master/meta/main.yml | 1 + roles/kubernetes/master/tasks/main.yml | 11 +++- roles/kubernetes/master/tasks/pre-upgrade.yml | 4 ++ roles/kubernetes/node/meta/main.yml | 11 ++++ roles/kubernetes/node/tasks/main.yml | 12 ++-- roles/kubernetes/preinstall/meta/main.yml | 1 + roles/kubernetes/preinstall/tasks/main.yml | 24 ++++++++ roles/kubernetes/secrets/tasks/gen_certs.yml | 2 + roles/kubernetes/secrets/tasks/main.yml | 5 +- roles/network_plugin/calico/meta/main.yml | 4 ++ roles/network_plugin/calico/tasks/main.yml | 9 +++ roles/network_plugin/canal/meta/main.yml | 5 ++ roles/network_plugin/canal/tasks/main.yml | 2 + roles/network_plugin/flannel/meta/main.yml | 1 + roles/network_plugin/flannel/tasks/main.yml | 7 ++- roles/network_plugin/meta/main.yml | 4 ++ roles/network_plugin/weave/meta/main.yml | 1 + roles/network_plugin/weave/tasks/main.yml | 1 + scripts/gen_tags.sh | 10 ++++ 35 files changed, 205 insertions(+), 10 deletions(-) create mode 100644 scripts/gen_tags.sh diff --git a/docs/ansible.md b/docs/ansible.md index 101c0a075..513ed0dce 100644 --- a/docs/ansible.md +++ b/docs/ansible.md @@ -48,3 +48,63 @@ etcd Group vars -------------- The main variables to change are located in the directory ```inventory/group_vars/all.yml```. + +Ansible tags +------------ + +The following tags are defined in playbooks: + +| Tag name | Used for +|--------------------------|--------- +| apps | K8s apps definitions +| azure | Cloud-provider Azure +| bootstrap-os | Anything related to host OS configuration +| calico | Network plugin Calico +| canal | Network plugin Canal +| cloud-provider | Cloud-provider related tasks +| dnsmasq | Configuring DNS stack for hosts and K8s apps +| download | Fetching container images +| etcd | Configuring etcd cluster +| etcd-pre-upgrade | Upgrading etcd cluster +| etcd-secrets | Configuring etcd certs/keys +| etchosts | Configuring /etc/hosts entries for hosts +| facts | Gathering facts and misc check results +| flannel | Network plugin flannel +| gce | Cloud-provider GCP +| hyperkube | Manipulations with K8s hyperkube image +| k8s-pre-upgrade | Upgrading K8s cluster +| k8s-secrets | Configuring K8s certs/keys +| kpm | Installing K8s apps definitions with KPM +| kube-apiserver | Configuring self-hosted kube-apiserver +| kube-controller-manager | Configuring self-hosted kube-controller-manager +| kubectl | Installing kubectl and bash completion +| kubelet | Configuring kubelet service +| kube-proxy | Configuring self-hosted kube-proxy +| kube-scheduler | Configuring self-hosted kube-scheduler +| master | Configuring K8s master node role +| netchecker | Installing netchecker K8s app +| network | Configuring networking plugins for K8s +| nginx | Configuring LB for kube-apiserver instances +| node | Configuring K8s minion (compute) node role +| openstack | Cloud-provider OpenStack +| preinstall | Preliminary configuration steps +| resolvconf | Configuring /etc/resolv.conf for hosts/apps +| upgrade | Upgrading, f.e. container images/binaries +| weave | Network plugin Weave + +Note: Use the ``bash scripts/gen_tags.sh`` command to generate a list of all +tags found in the codebase. New tags will be listed with the empty "Used for" +field. + +Example command to filter and apply only DNS configuration tasks and skip +everything else related to host OS configuration and downloading images of containers: + +``` +ansible-playbook -i inventory/inventory.ini cluster.yml --tags preinstall,dnsmasq,facts --skip-tags=download,bootstrap-os +``` +And this play only removes the K8s cluster DNS resolver IP from hosts' /etc/resolv.conf files: +``` +ansible-playbook -i inventory/inventory.ini -e dns_server='' cluster.yml --tags resolvconf +``` + +Note: use `--tags` and `--skip-tags` wise and only if you're 100% sure what you're doing. diff --git a/roles/bootstrap-os/tasks/bootstrap-coreos.yml b/roles/bootstrap-os/tasks/bootstrap-coreos.yml index a638ad82b..a1a21dad6 100644 --- a/roles/bootstrap-os/tasks/bootstrap-coreos.yml +++ b/roles/bootstrap-os/tasks/bootstrap-coreos.yml @@ -3,7 +3,7 @@ raw: stat /opt/bin/.bootstrapped register: need_bootstrap ignore_errors: True - + tags: facts - name: Bootstrap | Run bootstrap.sh script: bootstrap.sh @@ -11,6 +11,7 @@ - set_fact: ansible_python_interpreter: "/opt/bin/python" + tags: facts - name: Bootstrap | Check if we need to install pip shell: "{{ansible_python_interpreter}} -m pip --version" @@ -18,6 +19,7 @@ ignore_errors: True changed_when: false when: (need_bootstrap | failed) + tags: facts - name: Bootstrap | Copy get-pip.py copy: src=get-pip.py dest=~/get-pip.py diff --git a/roles/bootstrap-os/tasks/bootstrap-ubuntu.yml b/roles/bootstrap-os/tasks/bootstrap-ubuntu.yml index efd7a768a..19b258790 100644 --- a/roles/bootstrap-os/tasks/bootstrap-ubuntu.yml +++ b/roles/bootstrap-os/tasks/bootstrap-ubuntu.yml @@ -5,6 +5,7 @@ raw: which python register: need_bootstrap ignore_errors: True + tags: facts - name: Bootstrap | Install python 2.x raw: apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y python-minimal @@ -12,3 +13,4 @@ - set_fact: ansible_python_interpreter: "/usr/bin/python" + tags: facts diff --git a/roles/dnsmasq/meta/main.yml b/roles/dnsmasq/meta/main.yml index 7a1c8ca17..240fbab9e 100644 --- a/roles/dnsmasq/meta/main.yml +++ b/roles/dnsmasq/meta/main.yml @@ -3,3 +3,4 @@ dependencies: - role: download file: "{{ downloads.dnsmasq }}" when: not skip_dnsmasq|default(false) and download_localhost|default(false) + tags: [download, dnsmasq] diff --git a/roles/dnsmasq/tasks/main.yml b/roles/dnsmasq/tasks/main.yml index 6b271a1e2..c82e83218 100644 --- a/roles/dnsmasq/tasks/main.yml +++ b/roles/dnsmasq/tasks/main.yml @@ -1,5 +1,7 @@ --- - include: dnsmasq.yml when: "{{ not skip_dnsmasq_k8s|bool }}" + tags: dnsmasq - include: resolvconf.yml + tags: resolvconf diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml index c3bd842f3..b7485c3d6 100644 --- a/roles/docker/tasks/main.yml +++ b/roles/docker/tasks/main.yml @@ -12,6 +12,7 @@ paths: - ../vars skip: true + tags: facts - name: check for minimum kernel version fail: @@ -20,6 +21,7 @@ {{ docker_kernel_min_version }} on {{ ansible_distribution }}-{{ ansible_distribution_version }} when: (ansible_os_family != "CoreOS") and (ansible_kernel|version_compare(docker_kernel_min_version, "<")) + tags: facts - name: ensure docker repository public key is installed action: "{{ docker_repo_key_info.pkg_key }}" @@ -76,4 +78,4 @@ enabled: yes state: started with_items: - - docker \ No newline at end of file + - docker diff --git a/roles/docker/tasks/non-systemd.yml b/roles/docker/tasks/non-systemd.yml index 48139e625..ea8c8e97a 100644 --- a/roles/docker/tasks/non-systemd.yml +++ b/roles/docker/tasks/non-systemd.yml @@ -4,19 +4,23 @@ set_fact: docker_options_file: >- {%- if ansible_os_family == "Debian" -%}/etc/default/docker{%- elif ansible_os_family == "RedHat" -%}/etc/sysconfig/docker{%- endif -%} + tags: facts - name: Set docker options config variable name set_fact: docker_options_name: >- {%- if ansible_os_family == "Debian" -%}DOCKER_OPTS{%- elif ansible_os_family == "RedHat" -%}other_args{%- endif -%} + tags: facts - name: Set docker options config value to be written set_fact: docker_options_value: '"{{ docker_options }} $DOCKER_NETWORK_OPTIONS $DOCKER_STORAGE_OPTIONS $INSECURE_REGISTRY"' + tags: facts - name: Set docker options config line to be written set_fact: docker_options_line: "{{ docker_options_name }}={{ docker_options_value }}" + tags: facts - name: Set docker proxy lines to be written set_fact: @@ -24,6 +28,7 @@ - { name: "HTTP_PROXY", value: '"{{ http_proxy }}"' } - { name: "HTTPS_PROXY", value: '"{{ https_proxy }}"' } - { name: "NO_PROXY", value: '"{{ no_proxy }}"' } + tags: facts - name: Remove docker daemon proxy config lines that don't match desired lines lineinfile: @@ -58,4 +63,4 @@ mode: 0644 notify: restart docker -- meta: flush_handlers \ No newline at end of file +- meta: flush_handlers diff --git a/roles/download/tasks/main.yml b/roles/download/tasks/main.yml index 0dc2d5daa..a7e8c7201 100644 --- a/roles/download/tasks/main.yml +++ b/roles/download/tasks/main.yml @@ -45,6 +45,7 @@ - set_fact: download_delegate: "{% if download_localhost %}localhost{% else %}{{groups['kube-master'][0]}}{% endif %}" + tags: facts - name: Create dest directory for saved/loaded container images file: path="{{local_release_dir}}/containers" state=directory recurse=yes mode=0755 owner={{ansible_ssh_user|default(ansible_user_id)}} @@ -78,6 +79,7 @@ - set_fact: fname: "{{local_release_dir}}/containers/{{download.repo|regex_replace('/|\0|:', '_')}}:{{download.tag|regex_replace('/|\0|:', '_')}}.tar" + tags: facts - name: "Set default value for 'container_changed' to false" set_fact: @@ -89,6 +91,7 @@ when: "{{ download.enabled|bool and download.container|bool }}" delegate_to: "{{ download_delegate if download_run_once|bool else inventory_hostname }}" run_once: "{{ download_run_once|bool }}" + tags: facts - name: Stat saved container image stat: path="{{fname}}" diff --git a/roles/etcd/meta/main.yml b/roles/etcd/meta/main.yml index b55966a99..c8a1c8c34 100644 --- a/roles/etcd/meta/main.yml +++ b/roles/etcd/meta/main.yml @@ -7,3 +7,4 @@ dependencies: when: (ansible_os_family != "CoreOS" and etcd_deployment_type == "docker" or inventory_hostname in groups['k8s-cluster']) - role: download file: "{{ downloads.etcd }}" + tags: download diff --git a/roles/etcd/tasks/configure.yml b/roles/etcd/tasks/configure.yml index a2ef38f2c..21141c8b4 100644 --- a/roles/etcd/tasks/configure.yml +++ b/roles/etcd/tasks/configure.yml @@ -5,6 +5,7 @@ ignore_errors: true changed_when: false when: is_etcd_master + tags: facts - name: Configure | Add member to the cluster if it is not there when: is_etcd_master and etcd_member_in_cluster.rc != 0 and etcd_cluster_is_healthy.rc == 0 diff --git a/roles/etcd/tasks/gen_certs.yml b/roles/etcd/tasks/gen_certs.yml index 8d1d34b74..a12c63ac8 100644 --- a/roles/etcd/tasks/gen_certs.yml +++ b/roles/etcd/tasks/gen_certs.yml @@ -42,6 +42,7 @@ - set_fact: master_certs: ['ca-key.pem', 'admin.pem', 'admin-key.pem', 'member.pem', 'member-key.pem'] node_certs: ['ca.pem', 'node.pem', 'node-key.pem'] + tags: facts - name: Gen_certs | Gather etcd master certs shell: "tar cfz - -C {{ etcd_cert_dir }} {{ master_certs|join(' ') }} {{ node_certs|join(' ') }}| base64 --wrap=0" @@ -78,6 +79,7 @@ state=directory owner=kube recurse=yes + tags: facts - name: Gen_certs | set permissions on keys shell: chmod 0600 {{ etcd_cert_dir}}/*key.pem @@ -94,6 +96,7 @@ {%- elif ansible_os_family == "CoreOS" -%} /etc/ssl/certs/etcd-ca.pem {%- endif %} + tags: facts - name: Gen_certs | add CA to trusted CA dir copy: diff --git a/roles/etcd/tasks/main.yml b/roles/etcd/tasks/main.yml index 15be1a769..5b25a8392 100644 --- a/roles/etcd/tasks/main.yml +++ b/roles/etcd/tasks/main.yml @@ -1,9 +1,13 @@ --- - include: pre_upgrade.yml + tags: etcd-pre-upgrade - include: check_certs.yml + tags: [etcd-secrets, facts] - include: gen_certs.yml + tags: etcd-secrets - include: install.yml when: is_etcd_master + tags: upgrade - include: set_cluster_health.yml when: is_etcd_master - include: configure.yml diff --git a/roles/etcd/tasks/pre_upgrade.yml b/roles/etcd/tasks/pre_upgrade.yml index d1962ea92..adaff581f 100644 --- a/roles/etcd/tasks/pre_upgrade.yml +++ b/roles/etcd/tasks/pre_upgrade.yml @@ -2,11 +2,13 @@ stat: path: /etc/systemd/system/etcd-proxy.service register: kube_apiserver_service_file + tags: facts - name: "Pre-upgrade | check for etcd-proxy init script" stat: path: /etc/init.d/etcd-proxy register: kube_apiserver_init_script + tags: facts - name: "Pre-upgrade | stop etcd-proxy if service defined" service: diff --git a/roles/etcd/tasks/set_cluster_health.yml b/roles/etcd/tasks/set_cluster_health.yml index 1a27e4dcf..8ea7ae9fa 100644 --- a/roles/etcd/tasks/set_cluster_health.yml +++ b/roles/etcd/tasks/set_cluster_health.yml @@ -5,3 +5,4 @@ ignore_errors: true changed_when: false when: is_etcd_master + tags: facts diff --git a/roles/kubernetes-apps/ansible/tasks/main.yaml b/roles/kubernetes-apps/ansible/tasks/main.yaml index a65b6b527..2977772c3 100644 --- a/roles/kubernetes-apps/ansible/tasks/main.yaml +++ b/roles/kubernetes-apps/ansible/tasks/main.yaml @@ -6,6 +6,7 @@ - {file: kubedns-svc.yml, type: svc} register: manifests when: inventory_hostname == groups['kube-master'][0] + tags: dnsmasq - name: Kubernetes Apps | Start Resources kube: @@ -17,11 +18,14 @@ state: "{{item.changed | ternary('latest','present') }}" with_items: "{{ manifests.results }}" when: inventory_hostname == groups['kube-master'][0] + tags: dnsmasq - include: tasks/calico-policy-controller.yml when: ( enable_network_policy is defined and enable_network_policy == True ) or ( kube_network_plugin == 'canal' ) + tags: [network, canal] - name: Kubernetes Apps | Netchecker include: tasks/netchecker.yml when: deploy_netchecker + tags: netchecker diff --git a/roles/kubernetes-apps/network_plugin/meta/main.yml b/roles/kubernetes-apps/network_plugin/meta/main.yml index 14a59e5c5..1024e63a8 100644 --- a/roles/kubernetes-apps/network_plugin/meta/main.yml +++ b/roles/kubernetes-apps/network_plugin/meta/main.yml @@ -2,3 +2,4 @@ dependencies: - role: kubernetes-apps/network_plugin/canal when: kube_network_plugin == 'canal' + tags: canal diff --git a/roles/kubernetes/master/meta/main.yml b/roles/kubernetes/master/meta/main.yml index f4da42e39..3ce338939 100644 --- a/roles/kubernetes/master/meta/main.yml +++ b/roles/kubernetes/master/meta/main.yml @@ -2,3 +2,4 @@ dependencies: - role: download file: "{{ downloads.hyperkube }}" + tags: [download, hyperkube] diff --git a/roles/kubernetes/master/tasks/main.yml b/roles/kubernetes/master/tasks/main.yml index 4dd748bcd..8e3353a21 100644 --- a/roles/kubernetes/master/tasks/main.yml +++ b/roles/kubernetes/master/tasks/main.yml @@ -1,6 +1,6 @@ --- - include: pre-upgrade.yml - + tags: k8s-pre-upgrade - name: Copy kubectl from hyperkube container command: "/usr/bin/docker run --rm -v {{ bin_dir }}:/systembindir {{ hyperkube_image_repo }}:{{ hyperkube_image_tag }} /bin/cp /hyperkube /systembindir/kubectl" @@ -9,12 +9,14 @@ retries: 4 delay: "{{ retry_stagger | random + 3 }}" changed_when: false + tags: [hyperkube, kubectl, upgrade] - name: Gather kubectl bash completion command: "{{ bin_dir }}/kubectl completion bash" no_log: true register: kubectl_bash_completion when: ansible_os_family in ["Debian","RedHat"] + tags: kubectl - name: Write kubectl bash completion copy: @@ -24,12 +26,14 @@ group: root mode: 0755 when: ansible_os_family in ["Debian","RedHat"] and kubectl_bash_completion.changed + tags: [kubectl, upgrade] - name: Write kube-apiserver manifest template: src: manifests/kube-apiserver.manifest.j2 dest: "{{ kube_manifest_dir }}/kube-apiserver.manifest" notify: Master | wait for the apiserver to be running + tags: kube-apiserver - meta: flush_handlers # Create kube-system namespace @@ -37,6 +41,7 @@ copy: src=namespace.yml dest=/etc/kubernetes/kube-system-ns.yml run_once: yes when: inventory_hostname == groups['kube-master'][0] + tags: apps - name: Check if kube-system exists command: "{{ bin_dir }}/kubectl get ns kube-system" @@ -44,11 +49,13 @@ changed_when: False failed_when: False run_once: yes + tags: apps - name: Create 'kube-system' namespace command: "{{ bin_dir }}/kubectl create -f /etc/kubernetes/kube-system-ns.yml" changed_when: False when: kubesystem|failed and inventory_hostname == groups['kube-master'][0] + tags: apps # Write other manifests - name: Write kube-controller-manager manifest @@ -56,9 +63,11 @@ src: manifests/kube-controller-manager.manifest.j2 dest: "{{ kube_manifest_dir }}/kube-controller-manager.manifest" notify: Master | wait for kube-controller-manager + tags: kube-controller-manager - name: Write kube-scheduler manifest template: src: manifests/kube-scheduler.manifest.j2 dest: "{{ kube_manifest_dir }}/kube-scheduler.manifest" notify: Master | wait for kube-scheduler + tags: kube-scheduler diff --git a/roles/kubernetes/master/tasks/pre-upgrade.yml b/roles/kubernetes/master/tasks/pre-upgrade.yml index 3b9f26de1..cf7d2bea9 100644 --- a/roles/kubernetes/master/tasks/pre-upgrade.yml +++ b/roles/kubernetes/master/tasks/pre-upgrade.yml @@ -3,17 +3,20 @@ stat: path: /etc/systemd/system/kube-apiserver.service register: kube_apiserver_service_file + tags: [facts, kube-apiserver] - name: "Pre-upgrade | check for kube-apiserver init script" stat: path: /etc/init.d/kube-apiserver register: kube_apiserver_init_script + tags: [facts, kube-apiserver] - name: "Pre-upgrade | stop kube-apiserver if service defined" service: name: kube-apiserver state: stopped when: (kube_apiserver_service_file.stat.exists|default(False) or kube_apiserver_init_script.stat.exists|default(False)) + tags: kube-apiserver - name: "Pre-upgrade | remove kube-apiserver service definition" file: @@ -23,3 +26,4 @@ with_items: - /etc/systemd/system/kube-apiserver.service - /etc/init.d/kube-apiserver + tags: kube-apiserver diff --git a/roles/kubernetes/node/meta/main.yml b/roles/kubernetes/node/meta/main.yml index a65501113..8959ebe20 100644 --- a/roles/kubernetes/node/meta/main.yml +++ b/roles/kubernetes/node/meta/main.yml @@ -2,28 +2,39 @@ dependencies: - role: download file: "{{ downloads.hyperkube }}" + tags: [download, hyperkube, kubelet, network, canal, calico, weave, kube-controller-manager, kube-scheduler, kube-apiserver, kube-proxy, kubectl] - role: download file: "{{ downloads.pod_infra }}" + tags: [download, kubelet] - role: kubernetes/secrets + tags: k8s-secrets - role: download file: "{{ downloads.nginx }}" + tags: [download, nginx] - role: download file: "{{ downloads.testbox }}" + tags: download - role: download file: "{{ downloads.netcheck_server }}" when: deploy_netchecker + tags: [download, netchecker] - role: download file: "{{ downloads.netcheck_agent }}" when: deploy_netchecker + tags: [download, netchecker] - role: download file: "{{ downloads.netcheck_kubectl }}" when: deploy_netchecker + tags: [download, netchecker] - role: download file: "{{ downloads.kubednsmasq }}" when: not skip_dnsmasq_k8s|default(false) + tags: [download, dnsmasq] - role: download file: "{{ downloads.kubedns }}" when: not skip_dnsmasq_k8s|default(false) + tags: [download, dnsmasq] - role: download file: "{{ downloads.exechealthz }}" when: not skip_dnsmasq_k8s|default(false) + tags: [download, dnsmasq] diff --git a/roles/kubernetes/node/tasks/main.yml b/roles/kubernetes/node/tasks/main.yml index 0680798d3..67cc4ca86 100644 --- a/roles/kubernetes/node/tasks/main.yml +++ b/roles/kubernetes/node/tasks/main.yml @@ -1,23 +1,26 @@ --- - include: install.yml + tags: kubelet - include: nginx-proxy.yml when: is_kube_master == false and loadbalancer_apiserver_localhost|default(false) + tags: nginx - name: Write kubelet config file template: src=kubelet.j2 dest={{ kube_config_dir }}/kubelet.env backup=yes - notify: - - restart kubelet + notify: restart kubelet + tags: kubelet - name: write the kubecfg (auth) file for kubelet template: src=node-kubeconfig.yaml.j2 dest={{ kube_config_dir }}/node-kubeconfig.yaml backup=yes - notify: - - restart kubelet + notify: restart kubelet + tags: kubelet - name: Write proxy manifest template: src: manifests/kube-proxy.manifest.j2 dest: "{{ kube_manifest_dir }}/kube-proxy.manifest" + tags: kube-proxy # reload-systemd - meta: flush_handlers @@ -27,3 +30,4 @@ name: kubelet enabled: yes state: started + tags: kubelet diff --git a/roles/kubernetes/preinstall/meta/main.yml b/roles/kubernetes/preinstall/meta/main.yml index a98862cf6..cf440f5e2 100644 --- a/roles/kubernetes/preinstall/meta/main.yml +++ b/roles/kubernetes/preinstall/meta/main.yml @@ -2,3 +2,4 @@ dependencies: - role: adduser user: "{{ addusers.kube }}" + tags: kubelet diff --git a/roles/kubernetes/preinstall/tasks/main.yml b/roles/kubernetes/preinstall/tasks/main.yml index 901544ac2..07dc53fec 100644 --- a/roles/kubernetes/preinstall/tasks/main.yml +++ b/roles/kubernetes/preinstall/tasks/main.yml @@ -3,6 +3,7 @@ set_fact: bin_dir: "/opt/bin" when: ansible_os_family == "CoreOS" + tags: facts - name: check bin dir exists file: @@ -10,11 +11,14 @@ state: directory owner: root become: true + tags: bootstrap-os - include: gitinfos.yml when: run_gitinfos + tags: facts - include: set_facts.yml + tags: facts - name: gather os specific variables include_vars: "{{ item }}" @@ -29,6 +33,7 @@ paths: - ../vars skip: true + tags: facts - name: Create kubernetes config directory file: @@ -36,6 +41,7 @@ state: directory owner: kube when: "{{ inventory_hostname in groups['k8s-cluster'] }}" + tags: [kubelet, k8s-secrets, kube-controller-manager, kube-apiserver, bootstrap-os, apps, network, master, node] - name: Create kubernetes script directory file: @@ -43,6 +49,7 @@ state: directory owner: kube when: "{{ inventory_hostname in groups['k8s-cluster'] }}" + tags: [k8s-secrets, bootstrap-os] - name: Create kubernetes manifests directory file: @@ -50,6 +57,7 @@ state: directory owner: kube when: "{{ inventory_hostname in groups['k8s-cluster'] }}" + tags: [kubelet, bootstrap-os, master, node] - name: Create kubernetes logs directory file: @@ -57,17 +65,21 @@ state: directory owner: kube when: ansible_service_mgr in ["sysvinit","upstart"] and "{{ inventory_hostname in groups['k8s-cluster'] }}" + tags: [bootstrap-os, master, node] - name: check cloud_provider value fail: msg: "If set the 'cloud_provider' var must be set either to 'generic', 'gce', 'aws', 'azure' or 'openstack'" when: cloud_provider is defined and cloud_provider not in ['generic', 'gce', 'aws', 'openstack', 'azure'] + tags: [cloud-provider, facts] - include: openstack-credential-check.yml when: cloud_provider is defined and cloud_provider == 'openstack' + tags: [cloud-provider, openstack, facts] - include: azure-credential-check.yml when: cloud_provider is defined and cloud_provider == 'azure' + tags: [cloud-provider, azure, facts] - name: Fix ipv4 forward rule in GCE security policy lineinfile: @@ -79,6 +91,7 @@ backup: yes validate: 'sysctl -f %s' when: cloud_provider is defined and cloud_provider == 'gce' + tags: [cloud-provider, gce, bootstrap-os] - name: Create cni directories file: @@ -89,26 +102,31 @@ - "/etc/cni/net.d" - "/opt/cni/bin" when: kube_network_plugin in ["calico", "weave", "canal"] and "{{ inventory_hostname in groups['k8s-cluster'] }}" + tags: [network, calico, weave, canal, bootstrap-os] - name: Update package management cache (YUM) yum: update_cache=yes name='*' when: ansible_pkg_mgr == 'yum' + tags: bootstrap-os - name: Install latest version of python-apt for Debian distribs apt: name=python-apt state=latest update_cache=yes cache_valid_time=3600 when: ansible_os_family == "Debian" + tags: bootstrap-os - name: Install python-dnf for latest RedHat versions command: dnf install -y python-dnf yum when: ansible_distribution == "Fedora" and ansible_distribution_major_version > 21 changed_when: False + tags: bootstrap-os - name: Install epel-release on RedHat/CentOS shell: rpm -qa | grep epel-release || rpm -ivh {{ epel_rpm_download_url }} when: ansible_distribution in ["CentOS","RedHat"] and ansible_distribution_major_version >= 7 changed_when: False + tags: bootstrap-os - name: Install packages requirements action: @@ -121,6 +139,7 @@ delay: "{{ retry_stagger | random + 3 }}" with_items: "{{required_pkgs | default([]) | union(common_required_pkgs|default([]))}}" when: ansible_os_family != "CoreOS" + tags: bootstrap-os - name: Disable IPv6 DNS lookup lineinfile: @@ -129,12 +148,14 @@ state: present backup: yes when: disable_ipv6_dns and ansible_os_family != "CoreOS" + tags: bootstrap-os # Todo : selinux configuration - name: Set selinux policy to permissive selinux: policy=targeted state=permissive when: ansible_os_family == "RedHat" changed_when: False + tags: bootstrap-os - name: Write openstack cloud-config template: @@ -143,6 +164,7 @@ group: "{{ kube_cert_group }}" mode: 0640 when: cloud_provider is defined and cloud_provider == "openstack" + tags: [cloud-provider, openstack] - name: Write azure cloud-config template: @@ -151,5 +173,7 @@ group: "{{ kube_cert_group }}" mode: 0640 when: cloud_provider is defined and cloud_provider == "azure" + tags: [cloud-provider, azure] - include: etchosts.yml + tags: [bootstrap-os, etchosts] diff --git a/roles/kubernetes/secrets/tasks/gen_certs.yml b/roles/kubernetes/secrets/tasks/gen_certs.yml index 28ae04892..ace2a3ba4 100644 --- a/roles/kubernetes/secrets/tasks/gen_certs.yml +++ b/roles/kubernetes/secrets/tasks/gen_certs.yml @@ -26,6 +26,7 @@ - set_fact: master_certs: ['ca-key.pem', 'admin.pem', 'admin-key.pem', 'apiserver-key.pem', 'apiserver.pem'] node_certs: ['ca.pem', 'node.pem', 'node-key.pem'] + tags: facts - name: Gen_certs | Gather master certs shell: "tar cfz - -C {{ kube_cert_dir }} {{ master_certs|join(' ') }} {{ node_certs|join(' ') }} | base64 --wrap=0" @@ -75,6 +76,7 @@ {%- elif ansible_os_family == "CoreOS" -%} /etc/ssl/certs/kube-ca.pem {%- endif %} + tags: facts - name: Gen_certs | add CA to trusted CA dir copy: diff --git a/roles/kubernetes/secrets/tasks/main.yml b/roles/kubernetes/secrets/tasks/main.yml index 6837f4853..4dc6f8c30 100644 --- a/roles/kubernetes/secrets/tasks/main.yml +++ b/roles/kubernetes/secrets/tasks/main.yml @@ -1,6 +1,8 @@ --- - include: check-certs.yml + tags: [k8s-secrets, facts] - include: check-tokens.yml + tags: [k8s-secrets, facts] - name: Make sure the certificate directory exits file: @@ -34,5 +36,6 @@ notify: set secret_changed - include: gen_certs.yml - + tags: k8s-secrets - include: gen_tokens.yml + tags: k8s-secrets diff --git a/roles/network_plugin/calico/meta/main.yml b/roles/network_plugin/calico/meta/main.yml index 37d659c9e..fdd4e8483 100644 --- a/roles/network_plugin/calico/meta/main.yml +++ b/roles/network_plugin/calico/meta/main.yml @@ -2,9 +2,13 @@ dependencies: - role: download file: "{{ downloads.calico_cni }}" + tags: download - role: download file: "{{ downloads.calico_node }}" + tags: download - role: download file: "{{ downloads.calicoctl }}" + tags: download - role: download file: "{{ downloads.hyperkube }}" + tags: download diff --git a/roles/network_plugin/calico/tasks/main.yml b/roles/network_plugin/calico/tasks/main.yml index 46c7f703b..0480354e8 100644 --- a/roles/network_plugin/calico/tasks/main.yml +++ b/roles/network_plugin/calico/tasks/main.yml @@ -3,6 +3,7 @@ run_once: true set_fact: legacy_calicoctl: "{{ calicoctl_image_tag | version_compare('v1.0.0', '<') }}" + tags: facts - name: Calico | Write Calico cni config template: @@ -46,6 +47,7 @@ retries: 4 delay: "{{ retry_stagger | random + 3 }}" changed_when: false + tags: [hyperkube, upgrade] - name: Calico | Copy cni plugins from calico/cni container command: "/usr/bin/docker run --rm -v /opt/cni/bin:/cnibindir {{ calico_cni_image_repo }}:{{ calico_cni_image_tag }} sh -c 'cp -a /opt/cni/bin/* /cnibindir/'" @@ -55,6 +57,7 @@ delay: "{{ retry_stagger | random + 3 }}" changed_when: false when: "{{ overwrite_hyperkube_cni|bool }}" + tags: [hyperkube, upgrade] - name: Calico | wait for etcd uri: url=https://localhost:2379/health validate_certs=no @@ -75,6 +78,7 @@ register: calico_conf delegate_to: "{{groups['etcd'][0]}}" run_once: true + tags: facts - name: Calico | Configure calico network pool shell: > @@ -98,6 +102,7 @@ ipip_arg: "--ipip" when: (legacy_calicoctl and cloud_provider is defined or ipip) + tags: facts - name: Calico (old) | Define nat-outgoing pool argument run_once: true @@ -105,12 +110,14 @@ nat_arg: "--nat-outgoing" when: (legacy_calicoctl and nat_outgoing|default(false) and not peer_with_router|default(false)) + tags: facts - name: Calico (old) | Define calico pool task name run_once: true set_fact: pool_task_name: "with options {{ ipip_arg|default('') }} {{ nat_arg|default('') }}" when: (legacy_calicoctl and ipip_arg|default(false) or nat_arg|default(false)) + tags: facts - name: Calico (old) | Configure calico network pool {{ pool_task_name|default('') }} command: "{{ bin_dir}}/calicoctl pool add {{ kube_pods_subnet }} {{ ipip_arg|default('') }} {{ nat_arg|default('') }}" @@ -134,6 +141,7 @@ - set_fact: calico_pools: "{{ calico_pools_raw.stdout | from_json }}" run_once: true + tags: facts - name: Calico | Check if calico pool is properly configured fail: @@ -142,6 +150,7 @@ when: ( calico_pools['node']['nodes'] | length > 1 ) or ( not calico_pools['node']['nodes'][0]['key'] | search(".*{{ kube_pods_subnet | ipaddr('network') }}.*") ) run_once: true + tags: facts - name: Calico | Write /etc/network-environment template: src=network-environment.j2 dest=/etc/network-environment diff --git a/roles/network_plugin/canal/meta/main.yml b/roles/network_plugin/canal/meta/main.yml index d7bac0bc9..3d67dad5c 100644 --- a/roles/network_plugin/canal/meta/main.yml +++ b/roles/network_plugin/canal/meta/main.yml @@ -2,11 +2,16 @@ dependencies: - role: download file: "{{ downloads.flannel }}" + tags: download - role: download file: "{{ downloads.calico_node }}" + tags: download - role: download file: "{{ downloads.calicoctl }}" + tags: download - role: download file: "{{ downloads.calico_cni }}" + tags: download - role: download file: "{{ downloads.calico_policy }}" + tags: download diff --git a/roles/network_plugin/canal/tasks/main.yml b/roles/network_plugin/canal/tasks/main.yml index 83f398a54..15ce2f657 100644 --- a/roles/network_plugin/canal/tasks/main.yml +++ b/roles/network_plugin/canal/tasks/main.yml @@ -49,6 +49,7 @@ retries: 4 delay: "{{ retry_stagger | random + 3 }}" changed_when: false + tags: [hyperkube, upgrade] - name: Canal | Copy cni plugins from calico/cni command: "/usr/bin/docker run --rm -v /opt/cni/bin:/cnibindir {{ calico_cni_image_repo }}:{{ calico_cni_image_tag }} sh -c 'cp -a /opt/cni/bin/* /cnibindir/'" @@ -57,3 +58,4 @@ retries: 4 delay: "{{ retry_stagger | random + 3 }}" changed_when: false + tags: [hyperkube, upgrade] diff --git a/roles/network_plugin/flannel/meta/main.yml b/roles/network_plugin/flannel/meta/main.yml index 0edfe9aec..4a2caef72 100644 --- a/roles/network_plugin/flannel/meta/main.yml +++ b/roles/network_plugin/flannel/meta/main.yml @@ -2,3 +2,4 @@ dependencies: - role: download file: "{{ downloads.flannel }}" + tags: download diff --git a/roles/network_plugin/flannel/tasks/main.yml b/roles/network_plugin/flannel/tasks/main.yml index ebb2b693d..3e5eff8e8 100644 --- a/roles/network_plugin/flannel/tasks/main.yml +++ b/roles/network_plugin/flannel/tasks/main.yml @@ -26,6 +26,7 @@ - set_fact: flannel_subnet: "{{ flannel_subnet_output.stdout }}" + tags: facts - name: Flannel | Get flannel_mtu from subnet.env shell: cat /run/flannel/subnet.env | awk -F'=' '$1 == "FLANNEL_MTU" {print $2}' @@ -34,17 +35,21 @@ - set_fact: flannel_mtu: "{{ flannel_mtu_output.stdout }}" + tags: facts - set_fact: docker_options_file: >- {%- if ansible_os_family == "Debian" -%}/etc/default/docker{%- elif ansible_os_family == "RedHat" -%}/etc/sysconfig/docker{%- endif -%} + tags: facts - set_fact: docker_options_name: >- {%- if ansible_os_family == "Debian" -%}DOCKER_OPTS{%- elif ansible_os_family == "RedHat" -%}other_args{%- endif -%} + tags: facts - set_fact: docker_network_options: '"--bip={{ flannel_subnet }} --mtu={{ flannel_mtu }}"' + tags: facts - name: Flannel | Remove non-systemd docker daemon network options that don't match desired line lineinfile: @@ -73,4 +78,4 @@ - restart docker when: ansible_service_mgr == "systemd" -- meta: flush_handlers \ No newline at end of file +- meta: flush_handlers diff --git a/roles/network_plugin/meta/main.yml b/roles/network_plugin/meta/main.yml index 8596c9d70..a964a4cba 100644 --- a/roles/network_plugin/meta/main.yml +++ b/roles/network_plugin/meta/main.yml @@ -2,9 +2,13 @@ dependencies: - role: network_plugin/calico when: kube_network_plugin == 'calico' + tags: calico - role: network_plugin/flannel when: kube_network_plugin == 'flannel' + tags: flannel - role: network_plugin/weave when: kube_network_plugin == 'weave' + tags: weave - role: network_plugin/canal when: kube_network_plugin == 'canal' + tags: canal diff --git a/roles/network_plugin/weave/meta/main.yml b/roles/network_plugin/weave/meta/main.yml index 88346d304..a4e7c6fb7 100644 --- a/roles/network_plugin/weave/meta/main.yml +++ b/roles/network_plugin/weave/meta/main.yml @@ -2,3 +2,4 @@ dependencies: - role: download file: "{{ downloads.weave }}" + tags: download diff --git a/roles/network_plugin/weave/tasks/main.yml b/roles/network_plugin/weave/tasks/main.yml index b9c00cd33..e74c1c334 100644 --- a/roles/network_plugin/weave/tasks/main.yml +++ b/roles/network_plugin/weave/tasks/main.yml @@ -6,6 +6,7 @@ retries: 4 delay: "{{ retry_stagger | random + 3 }}" changed_when: false + tags: [hyperkube, upgrade] - name: Weave | Install weave command: rsync -piu "{{ local_release_dir }}/weave/bin/weave" "{{ bin_dir }}/weave" diff --git a/scripts/gen_tags.sh b/scripts/gen_tags.sh new file mode 100644 index 000000000..9b8ec31fa --- /dev/null +++ b/scripts/gen_tags.sh @@ -0,0 +1,10 @@ +#!/bin/sh -eo pipefail +#Generate MD formatted tags from roles and cluster yaml files +printf "|%25s |%9s\n" "Tag name" "Used for" +echo "|--------------------------|---------" +tags=$(grep -r tags: . | perl -ne '/tags:\s\[?(([\w\-_]+,?\s?)+)/ && printf "%s ", "$1"'|\ + perl -ne 'print join "\n", split /\s|,/' | sort -u) +for tag in $tags; do + match=$(cat docs/ansible.md | perl -ne "/^\|\s+${tag}\s\|\s+((\S+\s?)+)/ && printf \$1") + printf "|%25s |%s\n" "${tag}" " ${match}" +done