Move set_facts to kubespray-defaults defaults

These facts can be generated in defaults with a performance
boost.

Also cleaned up duplicate etcd var names.
This commit is contained in:
Matthew Mosesohn 2017-10-04 13:27:55 +01:00
parent da61b8e7c9
commit a56738324a
15 changed files with 57 additions and 103 deletions

View file

@ -2,7 +2,7 @@
- name: Install | Copy etcdctl binary from docker container - name: Install | Copy etcdctl binary from docker container
command: sh -c "{{ docker_bin_dir }}/docker rm -f etcdctl-binarycopy; command: sh -c "{{ docker_bin_dir }}/docker rm -f etcdctl-binarycopy;
{{ docker_bin_dir }}/docker create --name etcdctl-binarycopy {{ etcd_image_repo }}:{{ etcd_image_tag }} && {{ docker_bin_dir }}/docker create --name etcdctl-binarycopy {{ etcd_image_repo }}:{{ etcd_image_tag }} &&
{{ docker_bin_dir }}/docker cp etcdctl-binarycopy:{{ etcd_container_bin_dir }}etcdctl {{ bin_dir }}/etcdctl && {{ docker_bin_dir }}/docker cp etcdctl-binarycopy:/usr/local/bin/etcdctl {{ bin_dir }}/etcdctl &&
{{ docker_bin_dir }}/docker rm -f etcdctl-binarycopy" {{ docker_bin_dir }}/docker rm -f etcdctl-binarycopy"
when: etcd_deployment_type == "docker" when: etcd_deployment_type == "docker"
register: etcd_task_result register: etcd_task_result

View file

@ -18,7 +18,7 @@
--mount=volume=bin-dir,target=/host/bin --mount=volume=bin-dir,target=/host/bin
{{ etcd_image_repo }}:{{ etcd_image_tag }} {{ etcd_image_repo }}:{{ etcd_image_tag }}
--name=etcdctl-binarycopy --name=etcdctl-binarycopy
--exec=/bin/cp -- {{ etcd_container_bin_dir }}/etcdctl /host/bin/etcdctl --exec=/bin/cp -- /usr/local/bin/etcdctl /host/bin/etcdctl
register: etcd_task_result register: etcd_task_result
until: etcd_task_result.rc == 0 until: etcd_task_result.rc == 0
retries: 4 retries: 4

View file

@ -17,7 +17,5 @@
{% endif %} {% endif %}
--name={{ etcd_member_name | default("etcd") }} \ --name={{ etcd_member_name | default("etcd") }} \
{{ etcd_image_repo }}:{{ etcd_image_tag }} \ {{ etcd_image_repo }}:{{ etcd_image_tag }} \
{% if etcd_after_v3 %} /usr/local/bin/etcd \
{{ etcd_container_bin_dir }}etcd \
{% endif %}
"$@" "$@"

View file

@ -40,7 +40,7 @@ spec:
memory: {{ calico_policy_controller_memory_requests }} memory: {{ calico_policy_controller_memory_requests }}
env: env:
- name: ETCD_ENDPOINTS - name: ETCD_ENDPOINTS
value: "{{ etcd_access_endpoint }}" value: "{{ etcd_access_addresses }}"
- name: ETCD_CA_CERT_FILE - name: ETCD_CA_CERT_FILE
value: "{{ calico_cert_dir }}/ca_cert.crt" value: "{{ calico_cert_dir }}/ca_cert.crt"
- name: ETCD_CERT_FILE - name: ETCD_CERT_FILE

View file

@ -5,7 +5,7 @@ api:
bindPort: {{ kube_apiserver_port }} bindPort: {{ kube_apiserver_port }}
etcd: etcd:
endpoints: endpoints:
{% for endpoint in etcd_access_endpoint.split(',') %} {% for endpoint in etcd_access_addresses.split(',') %}
- {{ endpoint }} - {{ endpoint }}
{% endfor %} {% endfor %}
caFile: {{ kube_config_dir }}/ssl/etcd/ca.pem caFile: {{ kube_config_dir }}/ssl/etcd/ca.pem

View file

@ -29,7 +29,7 @@ spec:
- /hyperkube - /hyperkube
- apiserver - apiserver
- --advertise-address={{ ip | default(ansible_default_ipv4.address) }} - --advertise-address={{ ip | default(ansible_default_ipv4.address) }}
- --etcd-servers={{ etcd_access_endpoint }} - --etcd-servers={{ etcd_access_addresses }}
- --etcd-quorum-read=true - --etcd-quorum-read=true
- --etcd-cafile={{ etcd_cert_dir }}/ca.pem - --etcd-cafile={{ etcd_cert_dir }}/ca.pem
- --etcd-certfile={{ etcd_cert_dir }}/node-{{ inventory_hostname }}.pem - --etcd-certfile={{ etcd_cert_dir }}/node-{{ inventory_hostname }}.pem

View file

@ -1,92 +1,4 @@
--- ---
- set_fact:
kube_apiserver_count: "{{ groups['kube-master'] | length }}"
- set_fact:
kube_apiserver_address: "{{ ip | default(ansible_default_ipv4['address']) }}"
- set_fact:
kube_apiserver_access_address: "{{ access_ip | default(kube_apiserver_address) }}"
- set_fact:
is_kube_master: "{{ inventory_hostname in groups['kube-master'] }}"
- set_fact:
first_kube_master: "{{ hostvars[groups['kube-master'][0]]['access_ip'] | default(hostvars[groups['kube-master'][0]]['ip'] | default(hostvars[groups['kube-master'][0]]['ansible_default_ipv4']['address'])) }}"
- set_fact:
loadbalancer_apiserver_localhost: false
when: loadbalancer_apiserver is defined
- set_fact:
kube_apiserver_endpoint: |-
{% if not is_kube_master and loadbalancer_apiserver_localhost|default(true) -%}
https://localhost:{{ nginx_kube_apiserver_port|default(kube_apiserver_port) }}
{%- elif is_kube_master -%}
https://127.0.0.1:{{ kube_apiserver_port }}
{%- else -%}
{%- if loadbalancer_apiserver is defined and loadbalancer_apiserver.port is defined -%}
https://{{ apiserver_loadbalancer_domain_name|default('lb-apiserver.kubernetes.local') }}:{{ loadbalancer_apiserver.port|default(kube_apiserver_port) }}
{%- else -%}
https://{{ first_kube_master }}:{{ kube_apiserver_port }}
{%- endif -%}
{%- endif %}
- set_fact:
kube_apiserver_insecure_endpoint: >-
http://{{ kube_apiserver_insecure_bind_address | regex_replace('0\.0\.0\.0','127.0.0.1') }}:{{ kube_apiserver_insecure_port }}
- set_fact:
etcd_address: "{{ ip | default(ansible_default_ipv4['address']) }}"
- set_fact:
etcd_access_address: "{{ access_ip | default(etcd_address) }}"
- set_fact:
etcd_peer_url: "https://{{ etcd_access_address }}:2380"
- set_fact:
etcd_client_url: "https://{{ etcd_access_address }}:2379"
- set_fact:
etcd_authority: "127.0.0.1:2379"
- set_fact:
etcd_endpoint: "https://{{ etcd_authority }}"
- set_fact:
etcd_access_addresses: |-
{% for item in groups['etcd'] -%}
https://{{ hostvars[item]['access_ip'] | default(hostvars[item]['ip'] | default(hostvars[item]['ansible_default_ipv4']['address'])) }}:2379{% if not loop.last %},{% endif %}
{%- endfor %}
- set_fact:
etcd_access_endpoint: "{% if etcd_multiaccess|default(true) %}{{ etcd_access_addresses }}{% else %}{{ etcd_endpoint }}{% endif %}"
- set_fact:
etcd_member_name: |-
{% for host in groups['etcd'] %}
{% if inventory_hostname == host %}{{"etcd"+loop.index|string }}{% endif %}
{% endfor %}
- set_fact:
etcd_peer_addresses: |-
{% for item in groups['etcd'] -%}
{{ "etcd"+loop.index|string }}=https://{{ hostvars[item].access_ip | default(hostvars[item].ip | default(hostvars[item].ansible_default_ipv4['address'])) }}:2380{% if not loop.last %},{% endif %}
{%- endfor %}
- set_fact:
is_etcd_master: "{{ inventory_hostname in groups['etcd'] }}"
- set_fact:
etcd_after_v3: etcd_version | version_compare("v3.0.0", ">=")
- set_fact:
etcd_container_bin_dir: "{% if etcd_after_v3 %}/usr/local/bin/{% else %}/{% endif %}"
- set_fact:
peer_with_calico_rr: "{{ 'calico-rr' in groups and groups['calico-rr']|length > 0 }}"
- name: check if atomic host - name: check if atomic host
stat: stat:
path: /run/ostree-booted path: /run/ostree-booted

View file

@ -77,6 +77,9 @@ kube_users:
# Can also be set to 'cloud', which lets the cloud provider setup appropriate routing # Can also be set to 'cloud', which lets the cloud provider setup appropriate routing
kube_network_plugin: calico kube_network_plugin: calico
# Determines if calico-rr group exists
peer_with_calico_rr: "{{ 'calico-rr' in groups and groups['calico-rr']|length > 0 }}"
# Kubernetes internal network for services, unused block of space. # Kubernetes internal network for services, unused block of space.
kube_service_addresses: 10.233.0.0/18 kube_service_addresses: 10.233.0.0/18
@ -158,3 +161,44 @@ vault_cert_dir: "{{ vault_base_dir }}/ssl"
vault_config_dir: "{{ vault_base_dir }}/config" vault_config_dir: "{{ vault_base_dir }}/config"
vault_roles_dir: "{{ vault_base_dir }}/roles" vault_roles_dir: "{{ vault_base_dir }}/roles"
vault_secrets_dir: "{{ vault_base_dir }}/secrets" vault_secrets_dir: "{{ vault_base_dir }}/secrets"
# Vars for pointing to kubernetes api endpoints
is_kube_master: "{{ inventory_hostname in groups['kube-master'] }}"
kube_apiserver_count: "{{ groups['kube-master'] | length }}"
kube_apiserver_address: "{{ ip | default(ansible_default_ipv4['address']) }}"
kube_apiserver_access_address: "{{ access_ip | default(kube_apiserver_address) }}"
first_kube_master: "{{ hostvars[groups['kube-master'][0]]['access_ip'] | default(hostvars[groups['kube-master'][0]]['ip'] | default(hostvars[groups['kube-master'][0]]['ansible_default_ipv4']['address'])) }}"
loadbalancer_apiserver_localhost: "{{ loadbalancer_apiserver is not defined }}"
kube_apiserver_endpoint: |-
{% if not is_kube_master and loadbalancer_apiserver_localhost|default(true) -%}
https://localhost:{{ nginx_kube_apiserver_port|default(kube_apiserver_port) }}
{%- elif is_kube_master -%}
https://127.0.0.1:{{ kube_apiserver_port }}
{%- else -%}
{%- if loadbalancer_apiserver is defined and loadbalancer_apiserver.port is defined -%}
https://{{ apiserver_loadbalancer_domain_name|default('lb-apiserver.kubernetes.local') }}:{{ loadbalancer_apiserver.port|default(kube_apiserver_port) }}
{%- else -%}
https://{{ first_kube_master }}:{{ kube_apiserver_port }}
{%- endif -%}
{%- endif %}
kube_apiserver_insecure_endpoint: >-
http://{{ kube_apiserver_insecure_bind_address | regex_replace('0\.0\.0\.0','127.0.0.1') }}:{{ kube_apiserver_insecure_port }}
# Vars for pointing to etcd endpoints
is_etcd_master: "{{ inventory_hostname in groups['etcd'] }}"
etcd_address: "{{ ip | default(ansible_default_ipv4['address']) }}"
etcd_access_address: "{{ access_ip | default(etcd_address) }}"
etcd_peer_url: "https://{{ etcd_access_address }}:2380"
etcd_client_url: "https://{{ etcd_access_address }}:2379"
etcd_access_addresses: |-
{% for item in groups['etcd'] -%}
https://{{ hostvars[item]['access_ip'] | default(hostvars[item]['ip'] | default(hostvars[item]['ansible_default_ipv4']['address'])) }}:2379{% if not loop.last %},{% endif %}
{%- endfor %}
etcd_member_name: |-
{% for host in groups['etcd'] %}
{% if inventory_hostname == host %}{{"etcd"+loop.index|string }}{% endif %}
{% endfor %}
etcd_peer_addresses: |-
{% for item in groups['etcd'] -%}
{{ "etcd"+loop.index|string }}=https://{{ hostvars[item].access_ip | default(hostvars[item].ip | default(hostvars[item].ansible_default_ipv4['address'])) }}:2380{% if not loop.last %},{% endif %}
{%- endfor %}

View file

@ -1,4 +1,4 @@
ETCD_ENDPOINTS="{{ etcd_access_endpoint }}" ETCD_ENDPOINTS="{{ etcd_access_addresses }}"
ETCD_CA_CERT_FILE="{{ calico_cert_dir }}/ca_cert.crt" ETCD_CA_CERT_FILE="{{ calico_cert_dir }}/ca_cert.crt"
ETCD_CERT_FILE="{{ calico_cert_dir }}/cert.crt" ETCD_CERT_FILE="{{ calico_cert_dir }}/cert.crt"
ETCD_KEY_FILE="{{ calico_cert_dir }}/key.pem" ETCD_KEY_FILE="{{ calico_cert_dir }}/key.pem"

View file

@ -4,7 +4,7 @@ metadata:
name: calico-config name: calico-config
namespace: {{ system_namespace }} namespace: {{ system_namespace }}
data: data:
etcd_endpoints: "{{ etcd_access_endpoint }}" etcd_endpoints: "{{ etcd_access_addresses }}"
etcd_ca: "/calico-secrets/ca_cert.crt" etcd_ca: "/calico-secrets/ca_cert.crt"
etcd_cert: "/calico-secrets/cert.crt" etcd_cert: "/calico-secrets/cert.crt"
etcd_key: "/calico-secrets/key.pem" etcd_key: "/calico-secrets/key.pem"

View file

@ -1,7 +1,7 @@
#!/bin/bash #!/bin/bash
{{ docker_bin_dir }}/docker run -i --privileged --rm \ {{ docker_bin_dir }}/docker run -i --privileged --rm \
--net=host --pid=host \ --net=host --pid=host \
-e ETCD_ENDPOINTS={{ etcd_access_endpoint }} \ -e ETCD_ENDPOINTS={{ etcd_access_addresses }} \
-e ETCD_CA_CERT_FILE={{ calico_cert_dir }}/ca_cert.crt \ -e ETCD_CA_CERT_FILE={{ calico_cert_dir }}/ca_cert.crt \
-e ETCD_CERT_FILE={{ calico_cert_dir }}/cert.crt \ -e ETCD_CERT_FILE={{ calico_cert_dir }}/cert.crt \
-e ETCD_KEY_FILE={{ calico_cert_dir }}/key.pem \ -e ETCD_KEY_FILE={{ calico_cert_dir }}/key.pem \

View file

@ -6,7 +6,7 @@
"nodename": "{{ ansible_hostname }}", "nodename": "{{ ansible_hostname }}",
{% endif %} {% endif %}
"type": "calico", "type": "calico",
"etcd_endpoints": "{{ etcd_access_endpoint }}", "etcd_endpoints": "{{ etcd_access_addresses }}",
"etcd_cert_file": "{{ etcd_cert_dir }}/node-{{ inventory_hostname }}.pem", "etcd_cert_file": "{{ etcd_cert_dir }}/node-{{ inventory_hostname }}.pem",
"etcd_key_file": "{{ etcd_cert_dir }}/node-{{ inventory_hostname }}-key.pem", "etcd_key_file": "{{ etcd_cert_dir }}/node-{{ inventory_hostname }}-key.pem",
"etcd_ca_cert_file": "{{ etcd_cert_dir }}/ca.pem", "etcd_ca_cert_file": "{{ etcd_cert_dir }}/ca.pem",

View file

@ -1,7 +1,7 @@
#!/bin/bash #!/bin/bash
{{ docker_bin_dir }}/docker run -i --privileged --rm \ {{ docker_bin_dir }}/docker run -i --privileged --rm \
--net=host --pid=host \ --net=host --pid=host \
-e ETCD_ENDPOINTS={{ etcd_access_endpoint }} \ -e ETCD_ENDPOINTS={{ etcd_access_addresses }} \
-e ETCD_CA_CERT_FILE={{ canal_cert_dir }}/ca_cert.crt \ -e ETCD_CA_CERT_FILE={{ canal_cert_dir }}/ca_cert.crt \
-e ETCD_CERT_FILE={{ canal_cert_dir }}/cert.crt \ -e ETCD_CERT_FILE={{ canal_cert_dir }}/cert.crt \
-e ETCD_KEY_FILE={{ canal_cert_dir }}/key.pem \ -e ETCD_KEY_FILE={{ canal_cert_dir }}/key.pem \

View file

@ -7,7 +7,7 @@ metadata:
name: canal-config name: canal-config
data: data:
# Configure this with the location of your etcd cluster. # Configure this with the location of your etcd cluster.
etcd_endpoints: "{{ etcd_access_endpoint }}" etcd_endpoints: "{{ etcd_access_addresses }}"
# The interface used by canal for host <-> host communication. # The interface used by canal for host <-> host communication.
# If left blank, then the interface is chosing using the node's # If left blank, then the interface is chosing using the node's

View file

@ -3,7 +3,7 @@
"type": "flannel", "type": "flannel",
"delegate": { "delegate": {
"type": "calico", "type": "calico",
"etcd_endpoints": "{{ etcd_access_endpoint }}", "etcd_endpoints": "{{ etcd_access_addresses }}",
"log_level": "info", "log_level": "info",
"policy": { "policy": {
"type": "k8s" "type": "k8s"