C12s/c12s-kubespray
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Add support for atomic host

Browse source 
Updates based on feedback

Simplify checks for file exists

remove invalid char

Review feedback. Use regular systemd file.

Add template for docker systemd atomic
This commit is contained in:
Vijay Katam 2017-02-24 13:41:27 -08:00
parent 77e5171679
commit a0b1eda1d0
15 changed files with 107 additions and 15 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
Vagrantfile vendored
View file

@ -23,6 +23,7 @@ $etcd_instances = $num_instances
$kube_master_instances = $num_instances == 1 ? $num_instances : ($num_instances - 1) $kube_master_instances = $num_instances == 1 ? $num_instances : ($num_instances - 1)
# All nodes are kube nodes # All nodes are kube nodes
$kube_node_instances = $num_instances $kube_node_instances = $num_instances
$local_release_dir = "/vagrant/temp"
host_vars = {} host_vars = {}
@ -97,7 +98,7 @@ Vagrant.configure("2") do |config|
"ip": ip, "ip": ip,
"flannel_interface": ip, "flannel_interface": ip,
"flannel_backend_type": "host-gw", "flannel_backend_type": "host-gw",
"local_release_dir": "/vagrant/temp", "local_release_dir" => $local_release_dir,
"download_run_once": "False", "download_run_once": "False",
# Override the default 'calico' with flannel. # Override the default 'calico' with flannel.
# inventory/group_vars/k8s-cluster.yml # inventory/group_vars/k8s-cluster.yml

22
docs/atomic.md Normal file
View file

@ -0,0 +1,22 @@
Atomic host bootstrap
=====================
Atomic host testing has been done with the network plugin flannel. Change the inventory var `kube_network_plugin: flannel`.
Note: Flannel is the only plugin that has currently been tested with atomic
### Vagrant
* For bootstrapping with Vagrant, use box centos/atomic-host
* Update VagrantFile variable `local_release_dir` to `/var/vagrant/temp`.
* Update `vm_memory = 2048` and `vm_cpus = 2`
* Networking on vagrant hosts has to be brought up manually once they are booted.
```
vagrant ssh
sudo /sbin/ifup enp0s8
```
* For users of vagrant-libvirt download qcow2 format from https://wiki.centos.org/SpecialInterestGroup/Atomic/Download/
Then you can proceed to [cluster deployment](#run-deployment)

1
docs/vars.md
View file

@ -102,4 +102,3 @@ Stack](https://github.com/kubernetes-incubator/kargo/blob/master/docs/dns-stack.
Kargo sets up two Kubernetes accounts by default: ``root`` and ``kube``. Their Kargo sets up two Kubernetes accounts by default: ``root`` and ``kube``. Their
passwords default to changeme. You can set this by changing ``kube_api_pwd``. passwords default to changeme. You can set this by changing ``kube_api_pwd``.

10
roles/bootstrap-os/tasks/main.yml
View file

@ -8,4 +8,12 @@
- include: bootstrap-centos.yml - include: bootstrap-centos.yml
when: bootstrap_os == "centos" when: bootstrap_os == "centos"
- include: setup-pipelining.yml - include: setup-pipelining.yml
- name: check if atomic host
stat:
path: /run/ostree-booted
register: ostree
- set_fact:
is_atomic: "{{ ostree.stat.exists }}"

8
roles/docker/tasks/main.yml
View file

@ -38,7 +38,7 @@
retries: 4 retries: 4
delay: "{{ retry_stagger | random + 3 }}" delay: "{{ retry_stagger | random + 3 }}"
with_items: "{{ docker_repo_key_info.repo_keys }}" with_items: "{{ docker_repo_key_info.repo_keys }}"
when: not ansible_os_family in ["CoreOS", "Container Linux by CoreOS"] when: not (ansible_os_family in ["CoreOS", "Container Linux by CoreOS"] or is_atomic)
- name: ensure docker repository is enabled - name: ensure docker repository is enabled
action: "{{ docker_repo_info.pkg_repo }}" action: "{{ docker_repo_info.pkg_repo }}"
@ -46,13 +46,13 @@
repo: "{{item}}" repo: "{{item}}"
state: present state: present
with_items: "{{ docker_repo_info.repos }}" with_items: "{{ docker_repo_info.repos }}"
when: (not ansible_os_family in ["CoreOS", "Container Linux by CoreOS"]) and (docker_repo_info.repos|length > 0) when: not (ansible_os_family in ["CoreOS", "Container Linux by CoreOS"] or is_atomic) and (docker_repo_info.repos|length > 0)
- name: Configure docker repository on RedHat/CentOS - name: Configure docker repository on RedHat/CentOS
template: template:
src: "rh_docker.repo.j2" src: "rh_docker.repo.j2"
dest: "/etc/yum.repos.d/docker.repo" dest: "/etc/yum.repos.d/docker.repo"
when: ansible_distribution in ["CentOS","RedHat"] when: ansible_distribution in ["CentOS","RedHat"] and not is_atomic
- name: ensure docker packages are installed - name: ensure docker packages are installed
action: "{{ docker_package_info.pkg_mgr }}" action: "{{ docker_package_info.pkg_mgr }}"
@ -66,7 +66,7 @@
delay: "{{ retry_stagger | random + 3 }}" delay: "{{ retry_stagger | random + 3 }}"
with_items: "{{ docker_package_info.pkgs }}" with_items: "{{ docker_package_info.pkgs }}"
notify: restart docker notify: restart docker
when: (not ansible_os_family in ["CoreOS", "Container Linux by CoreOS"]) and (docker_package_info.pkgs|length > 0) when: not (ansible_os_family in ["CoreOS", "Container Linux by CoreOS"] or is_atomic) and (docker_package_info.pkgs|length > 0)
- name: check minimum docker version for docker_dns mode. You need at least docker version >= 1.12 for resolvconf_mode=docker_dns - name: check minimum docker version for docker_dns mode. You need at least docker version >= 1.12 for resolvconf_mode=docker_dns
command: "docker version -f '{{ '{{' }}.Client.Version{{ '}}' }}'" command: "docker version -f '{{ '{{' }}.Client.Version{{ '}}' }}'"

9
roles/docker/tasks/systemd.yml
View file

@ -15,7 +15,14 @@
src: docker.service.j2 src: docker.service.j2
dest: /etc/systemd/system/docker.service dest: /etc/systemd/system/docker.service
register: docker_service_file register: docker_service_file
when: not ansible_os_family in ["CoreOS", "Container Linux by CoreOS"] when: not (ansible_os_family in ["CoreOS", "Container Linux by CoreOS"] or is_atomic)
- name: Write docker.service systemd file for atomic
template:
src: docker_atomic.service.j2
dest: /etc/systemd/system/docker.service
notify: restart docker
when: is_atomic
- name: Write docker options systemd drop-in - name: Write docker options systemd drop-in
template: template:

2
roles/docker/templates/docker-dns.conf.j2
View file

@ -3,4 +3,4 @@ Environment="DOCKER_DNS_OPTIONS=\
{% for d in docker_dns_servers %}--dns {{ d }} {% endfor %} \ {% for d in docker_dns_servers %}--dns {{ d }} {% endfor %} \
{% for d in docker_dns_search_domains %}--dns-search {{ d }} {% endfor %} \ {% for d in docker_dns_search_domains %}--dns-search {{ d }} {% endfor %} \
{% for o in docker_dns_options %}--dns-opt {{ o }} {% endfor %} \ {% for o in docker_dns_options %}--dns-opt {{ o }} {% endfor %} \
" "

2
roles/docker/templates/docker-options.conf.j2
View file

@ -1,2 +1,2 @@
[Service] [Service]
Environment="DOCKER_OPTS={% if docker_options is defined %}{{ docker_options }}{% endif %}" Environment="DOCKER_OPTS={% if docker_options is defined %}{{ docker_options }}{% endif %}"

38
roles/docker/templates/docker_atomic.service.j2 Normal file
View file

@ -0,0 +1,38 @@
[Unit]
Description=Docker Application Container Engine
Documentation=http://docs.docker.com
After=network.target
Wants=docker-storage-setup.service
[Service]
Type=notify
NotifyAccess=all
EnvironmentFile=-/etc/sysconfig/docker
EnvironmentFile=-/etc/sysconfig/docker-storage
EnvironmentFile=-/etc/sysconfig/docker-network
Environment=GOTRACEBACK=crash
Environment=DOCKER_HTTP_HOST_COMPAT=1
Environment=PATH=/usr/libexec/docker:/usr/bin:/usr/sbin
ExecReload=/bin/kill -s HUP $MAINPID
Delegate=yes
KillMode=process
ExecStart=/usr/bin/dockerd-current \
--add-runtime docker-runc=/usr/libexec/docker/docker-runc-current \
--default-runtime=docker-runc \
--exec-opt native.cgroupdriver=systemd \
--userland-proxy-path=/usr/libexec/docker/docker-proxy-current \
$DOCKER_OPTS \
$DOCKER_STORAGE_OPTIONS \
$DOCKER_NETWORK_OPTIONS \
$DOCKER_DNS_OPTIONS \
$ADD_REGISTRY \
$BLOCK_REGISTRY \
$INSECURE_REGISTRY
LimitNOFILE=1048576
LimitNPROC=1048576
LimitCORE=infinity
TimeoutStartSec=1min
Restart=on-abnormal
[Install]
WantedBy=multi-user.target

2
roles/etcd/meta/main.yml
View file

@ -2,7 +2,7 @@
dependencies: dependencies:
- role: adduser - role: adduser
user: "{{ addusers.etcd }}" user: "{{ addusers.etcd }}"
when: not ansible_os_family in ['CoreOS', 'Container Linux by CoreOS'] when: not (ansible_os_family in ['CoreOS', 'Container Linux by CoreOS'] or is_atomic)
- role: download - role: download
file: "{{ downloads.etcd }}" file: "{{ downloads.etcd }}"
tags: download tags: download

2
roles/kernel-upgrade/tasks/main.yml
View file

@ -2,4 +2,4 @@
- include: centos-7.yml - include: centos-7.yml
when: ansible_distribution in ["CentOS","RedHat"] and when: ansible_distribution in ["CentOS","RedHat"] and
ansible_distribution_major_version >= 7 ansible_distribution_major_version >= 7 and not is_atomic

4
roles/kubernetes/node/templates/manifests/kube-proxy.manifest.j2
View file

@ -50,7 +50,11 @@ spec:
volumes: volumes:
- name: ssl-certs-host - name: ssl-certs-host
hostPath: hostPath:
{% if ansible_os_family == 'RedHat' %}
path: /etc/pki/tls
{% else %}
path: /usr/share/ca-certificates path: /usr/share/ca-certificates
{% endif %}
- name: "kubeconfig" - name: "kubeconfig"
hostPath: hostPath:
path: "{{kube_config_dir}}/node-kubeconfig.yaml" path: "{{kube_config_dir}}/node-kubeconfig.yaml"

1
roles/kubernetes/preinstall/meta/main.yml
View file

@ -3,3 +3,4 @@ dependencies:
- role: adduser - role: adduser
user: "{{ addusers.kube }}" user: "{{ addusers.kube }}"
tags: kubelet tags: kubelet
when: not is_atomic

6
roles/kubernetes/preinstall/tasks/main.yml
View file

@ -91,7 +91,7 @@
yum: yum:
update_cache: yes update_cache: yes
name: '*' name: '*'
when: ansible_pkg_mgr == 'yum' when: ansible_pkg_mgr == 'yum' and not is_atomic
tags: bootstrap-os tags: bootstrap-os
- name: Install latest version of python-apt for Debian distribs - name: Install latest version of python-apt for Debian distribs
@ -112,7 +112,7 @@
- name: Install epel-release on RedHat/CentOS - name: Install epel-release on RedHat/CentOS
shell: rpm -qa | grep epel-release || rpm -ivh {{ epel_rpm_download_url }} shell: rpm -qa | grep epel-release || rpm -ivh {{ epel_rpm_download_url }}
when: ansible_distribution in ["CentOS","RedHat"] when: ansible_distribution in ["CentOS","RedHat"] and not is_atomic
changed_when: False changed_when: False
check_mode: no check_mode: no
tags: bootstrap-os tags: bootstrap-os
@ -127,7 +127,7 @@
retries: 4 retries: 4
delay: "{{ retry_stagger | random + 3 }}" delay: "{{ retry_stagger | random + 3 }}"
with_items: "{{required_pkgs | default([]) | union(common_required_pkgs|default([]))}}" with_items: "{{required_pkgs | default([]) | union(common_required_pkgs|default([]))}}"
when: not ansible_os_family in ["CoreOS", "Container Linux by CoreOS"] when: not (ansible_os_family in ["CoreOS", "Container Linux by CoreOS"] or is_atomic)
tags: bootstrap-os tags: bootstrap-os
# Todo : selinux configuration # Todo : selinux configuration

12
roles/kubernetes/preinstall/tasks/set_facts.yml
View file

@ -83,5 +83,17 @@
- set_fact: - set_fact:
peer_with_calico_rr: "{{ 'calico-rr' in groups and groups['calico-rr']|length > 0 }}" peer_with_calico_rr: "{{ 'calico-rr' in groups and groups['calico-rr']|length > 0 }}"
- name: check if atomic host
stat:
path: /run/ostree-booted
register: ostree
- set_fact:
is_atomic: "{{ ostree.stat.exists }}"
- set_fact:
kube_cert_group: "kube"
when: is_atomic
- include: set_resolv_facts.yml - include: set_resolv_facts.yml
tags: [bootstrap-os, resolvconf, facts] tags: [bootstrap-os, resolvconf, facts]