diff --git a/roles/download/defaults/main.yml b/roles/download/defaults/main.yml index d4f5af875..f35c1a2a0 100644 --- a/roles/download/defaults/main.yml +++ b/roles/download/defaults/main.yml @@ -13,11 +13,13 @@ etcd_download_url: "https://github.com/coreos/etcd/releases/download/{{ etcd_ver calico_download_url: "https://github.com/Metaswitch/calico-docker/releases/download/{{calico_version}}/calicoctl" calico_cni_download_url: "https://github.com/projectcalico/calico-cni/releases/download/{{calico_cni_version}}/calico" calico_cni_ipam_download_url: "https://github.com/projectcalico/calico-cni/releases/download/{{calico_cni_version}}/calico-ipam" +weave_download_url: "http://git.io/weave" # Checksums calico_checksum: "cfbbcad4b3b7d79be9a25bcdc153ec1d139eecd54840914a363b0710eebc5c51" calico_cni_checksum: "cfbb95d4416cb65845a188f3bd991fff232bd5ce3463b2919d586ab77967aecd" calico_cni_ipam_checksum: "93ebf8756b26314e1e3f612f1e824418cbb0a8df2942664422e697bcb109fbb2" +weave_checksum: "152942c330f87ab475d87d9311b91674b90f25ea685bd4e04e0495d5fe09a957" etcd_checksum: "6c4e5cdeaaac1a70b8f06b5dd6b82c37ff19993c9bca81248975610e555c4b9b" kubectl_checksum: "873ba19926d17a3287dc8639ea1434fe3cd0cb4e61d82101ba754922cfc7a633" kubelet_checksum: "f2d1eae3fa6e304f6cbc9b2621e4b86fc3bcb4e74a15d35f58bf00e45c706e0a" @@ -45,6 +47,13 @@ downloads: owner: "root" mode: "0755" + - name: weave + dest: weave/bin/weave + url: "{{weave_download_url}}" + sha256: "{{ weave_checksum }}" + owner: "root" + mode: "0755" + - name: etcd dest: "etcd/etcd-{{ etcd_version }}-linux-amd64.tar.gz" sha256: "{{ etcd_checksum }}" diff --git a/roles/kubernetes/node/templates/kubelet.j2 b/roles/kubernetes/node/templates/kubelet.j2 index 55842874e..73e7fe604 100644 --- a/roles/kubernetes/node/templates/kubelet.j2 +++ b/roles/kubernetes/node/templates/kubelet.j2 @@ -25,10 +25,12 @@ KUBELET_ARGS="--kubeconfig={{ kube_config_dir}}/kubelet.kubeconfig --config={{ k {% endif %} {% if kube_network_plugin is defined and kube_network_plugin == "calico" %} KUBELET_NETWORK_PLUGIN="--network_plugin=cni --network-plugin-dir=/etc/cni/net.d" +{% elif kube_network_plugin is defined and kube_network_plugin == "weave" %} +DOCKER_SOCKET="--docker-endpoint=unix:/var/run/weave/weave.sock" {% endif %} # Should this cluster be allowed to run privileged docker containers KUBE_ALLOW_PRIV="--allow_privileged=true" {% if init_system == "sysvinit" %} DAEMON_ARGS="$KUBE_LOGGING $KUBE_LOG_LEVEL $KUBE_ALLOW_PRIV $KUBELET_API_SERVER $KUBELET_ADDRESS \ -$KUBELET_HOSTNAME $KUBELET_REGISTER_NODE $KUBELET_ARGS $KUBELET_ARGS $KUBELET_NETWORK_PLUGIN" +$KUBELET_HOSTNAME $KUBELET_REGISTER_NODE $KUBELET_ARGS $DOCKER_SOCKET $KUBELET_ARGS $KUBELET_NETWORK_PLUGIN" {% endif %} diff --git a/roles/kubernetes/node/templates/kubelet.service.j2 b/roles/kubernetes/node/templates/kubelet.service.j2 index 13e9c6506..6ffa07309 100644 --- a/roles/kubernetes/node/templates/kubelet.service.j2 +++ b/roles/kubernetes/node/templates/kubelet.service.j2 @@ -10,16 +10,17 @@ After=docker.service [Service] EnvironmentFile=/etc/kubernetes/kubelet.env ExecStart={{ bin_dir }}/kubelet \ - $KUBE_LOGTOSTDERR \ - $KUBE_LOG_LEVEL \ - $KUBELET_API_SERVER \ - $KUBELET_ADDRESS \ - $KUBELET_PORT \ - $KUBELET_HOSTNAME \ - $KUBE_ALLOW_PRIV \ - $KUBELET_ARGS \ - $KUBELET_REGISTER_NODE \ - $KUBELET_NETWORK_PLUGIN + $KUBE_LOGTOSTDERR \ + $KUBE_LOG_LEVEL \ + $KUBELET_API_SERVER \ + $KUBELET_ADDRESS \ + $KUBELET_PORT \ + $KUBELET_HOSTNAME \ + $KUBE_ALLOW_PRIV \ + $KUBELET_ARGS \ + $DOCKER_SOCKET \ + $KUBELET_REGISTER_NODE \ + $KUBELET_NETWORK_PLUGIN Restart=on-failure [Install] diff --git a/roles/network_plugin/meta/main.yml b/roles/network_plugin/meta/main.yml index 6d9e8fbd7..736262ab0 100644 --- a/roles/network_plugin/meta/main.yml +++ b/roles/network_plugin/meta/main.yml @@ -4,3 +4,5 @@ dependencies: when: kube_network_plugin == 'calico' - role: network_plugin/flannel when: kube_network_plugin == 'flannel' + - role: network_plugin/weave + when: kube_network_plugin == 'weave' diff --git a/roles/network_plugin/weave/defaults/main.yml b/roles/network_plugin/weave/defaults/main.yml new file mode 100644 index 000000000..e648133bc --- /dev/null +++ b/roles/network_plugin/weave/defaults/main.yml @@ -0,0 +1,11 @@ +--- + +# Flannel public IP +# The address that flannel should advertise as how to access the system +flannel_public_ip: "{{ access_ip|default(ip|default(ansible_default_ipv4.address)) }}" + +## interface that should be used for flannel operations +## This is actually an inventory node-level item +# flannel_interface: + +# cloud_provider: no \ No newline at end of file diff --git a/roles/network_plugin/weave/handlers/main.yml b/roles/network_plugin/weave/handlers/main.yml new file mode 100644 index 000000000..959db16c7 --- /dev/null +++ b/roles/network_plugin/weave/handlers/main.yml @@ -0,0 +1,48 @@ +--- +- name: restart docker + command: /bin/true + notify: + - reload systemd + - reload docker + +- name : reload systemd + shell: systemctl daemon-reload + when: init_system == "systemd" + +- name: restart weave + command: /bin/true + notify: + - reload systemd + - reload weave + +- name: restart weaveproxy + command: /bin/true + notify: + - reload systemd + - reload weaveproxy + +- name: restart weaveexpose + command: /bin/true + notify: + - reload systemd + - reload weaveexpose + +- name: reload docker + service: + name: docker + state: restarted + +- name: reload weave + service: + name: weave + state: restarted + +- name: reload weaveproxy + service: + name: weaveproxy + state: restarted + +- name: reload weaveexpose + service: + name: weaveexpose + state: restarted diff --git a/roles/network_plugin/weave/tasks/main.yml b/roles/network_plugin/weave/tasks/main.yml new file mode 100644 index 000000000..0fbbbc35d --- /dev/null +++ b/roles/network_plugin/weave/tasks/main.yml @@ -0,0 +1,64 @@ +--- +- name: Set docker daemon options + template: + src: docker + dest: "/etc/default/docker" + owner: root + group: root + mode: 0644 + notify: + - restart docker + +- name: Write docker.service systemd file + template: + src: systemd-docker.service + dest: /lib/systemd/system/docker.service + notify: restart docker + when: init_system == "systemd" + +- meta: flush_handlers + +- name: Weave | Install weave + command: rsync -piu "{{ local_release_dir }}/weave/bin/weave" "{{ bin_dir }}/weave" + changed_when: false + +- name: Weave | pull weave images + shell: "{{ bin_dir }}/weave setup" + changed_when: false + +- name: Weave | set perms + file: path="{{ bin_dir }}/weave" mode=0755 state=file + +- name: Weave | Set options + template: + src: weave.j2 + dest: "/etc/weave.env" + owner: root + group: root + mode: 0644 + notify: + - restart systemd-weave + +- name: Weave | Write weave systemd init file + template: src=weave.service.j2 dest=/etc/systemd/system/weave.service + when: init_system == "systemd" + notify: restart systemd-weave + +- name: Weave | Write weaveproxy systemd init file + template: src=weaveproxy.service.j2 dest=/etc/systemd/system/weaveproxy.service + when: init_system == "systemd" + notify: restart systemd-weaveproxy + +- name: Weave | Write weaveexpose systemd init file + template: src=weaveexpose.service.j2 dest=/etc/systemd/system/weaveexpose.service + when: init_system == "systemd" + notify: restart systemd-weaveexpose + +- name: Weave | Enable weave + service: name=weave enabled=yes state=started + +- name: Weave | Enable weaveproxy + service: name=weaveproxy enabled=yes state=started + +- name: Weave | Enable weaveexpose + service: name=weaveexpose enabled=yes state=started diff --git a/roles/network_plugin/weave/templates/docker b/roles/network_plugin/weave/templates/docker new file mode 100644 index 000000000..eefd150e1 --- /dev/null +++ b/roles/network_plugin/weave/templates/docker @@ -0,0 +1,6 @@ +# Deployed by Ansible +{% if init_system == "sysvinit" and kube_network_plugin == "flannel" and ansible_os_family == "Debian" %} +DOCKER_OPTS="--bip={{ flannel_subnet }} --mtu={{ flannel_mtu }}" +{% elif kube_network_plugin == "flannel" %} +OPTIONS="--bip={{ flannel_subnet }} --mtu={{ flannel_mtu }}" +{% endif %} diff --git a/roles/network_plugin/weave/templates/systemd-docker.service b/roles/network_plugin/weave/templates/systemd-docker.service new file mode 100644 index 000000000..3275c6e24 --- /dev/null +++ b/roles/network_plugin/weave/templates/systemd-docker.service @@ -0,0 +1,28 @@ +[Unit] +Description=Docker Application Container Engine +Documentation=http://docs.docker.com +{% if ansible_os_family == "RedHat" %} +After=network.target +Wants=docker-storage-setup.service +{% elif ansible_os_family == "Debian" %} +After=network.target docker.socket +Requires=docker.socket +{% endif %} + +[Service] +Type=notify +EnvironmentFile=-/etc/default/docker +Environment=GOTRACEBACK=crash +ExecStart=/usr/bin/docker daemon \ + $OPTIONS \ + $DOCKER_STORAGE_OPTIONS \ + $DOCKER_NETWORK_OPTIONS \ + $INSECURE_REGISTRY +LimitNOFILE=1048576 +LimitNPROC=1048576 +LimitCORE=infinity +MountFlags=slave +TimeoutStartSec=1min + +[Install] +WantedBy=multi-user.target diff --git a/roles/network_plugin/weave/templates/weave b/roles/network_plugin/weave/templates/weave new file mode 100644 index 000000000..2390bc472 --- /dev/null +++ b/roles/network_plugin/weave/templates/weave @@ -0,0 +1,4 @@ +PEERS="{% for host in groups['k8s-cluster'] %}{{ hostvars[host]['ip'] | default( hostvars[host]['ansible_default_ipv4']['address']) }}{% if not loop.last %} {% endif %}{% endfor %}" +{% if weave_password is defined %} +WEAVE_PASSWORD="{{ weave_password }}" +{% endif %} diff --git a/roles/network_plugin/weave/templates/weave.j2 b/roles/network_plugin/weave/templates/weave.j2 new file mode 100644 index 000000000..87c4b91b7 --- /dev/null +++ b/roles/network_plugin/weave/templates/weave.j2 @@ -0,0 +1,6 @@ +WEAVE_PEERS="{% for host in groups['k8s-cluster'] %}{{ hostvars[host]['ip'] | default( hostvars[host]['ansible_default_ipv4']['address']) }}{% if not loop.last %} {% endif %}{% endfor %}" +WEAVEPROXY_ARGS="--rewrite-inspect --without-dns" +WEAVE_SUBNET="--ipalloc-range {{ kube_pods_subnet }}" +{% if weave_password is defined %} +WEAVE_PASSWORD="{{ weave_password }}" +{% endif %} diff --git a/roles/network_plugin/weave/templates/weave.service.j2 b/roles/network_plugin/weave/templates/weave.service.j2 new file mode 100644 index 000000000..a4e9e8d8e --- /dev/null +++ b/roles/network_plugin/weave/templates/weave.service.j2 @@ -0,0 +1,16 @@ +[Unit] +Description=Weave Network +Documentation=http://docs.weave.works/weave/latest_release/ +Requires=docker.service +After=docker.service + +[Service] +EnvironmentFile=-/etc/weave.env +ExecStartPre={{ bin_dir }}/weave launch-router \ + $WEAVE_SUBNET \ + $WEAVE_PEERS +ExecStart=/usr/bin/docker attach weave +ExecStop={{ bin_dir }}/weave stop-router + +[Install] +WantedBy=multi-user.target diff --git a/roles/network_plugin/weave/templates/weaveexpose.service.j2 b/roles/network_plugin/weave/templates/weaveexpose.service.j2 new file mode 100644 index 000000000..03446ee0f --- /dev/null +++ b/roles/network_plugin/weave/templates/weaveexpose.service.j2 @@ -0,0 +1,18 @@ +[Unit] +Documentation=http://docs.weave.works/ +Requires=docker.service +Requires=weave.service +After=weave.service +After=docker.service + +[Service] +Type=oneshot +RemainAfterExit=yes +TimeoutStartSec=0 +EnvironmentFile=-/etc/weave.%H.env +EnvironmentFile=-/etc/weave.env +ExecStart={{ bin_dir }}/weave expose +ExecStop={{ bin_dir }}/weave hide + +[Install] +WantedBy=weave-network.target diff --git a/roles/network_plugin/weave/templates/weaveproxy.service.j2 b/roles/network_plugin/weave/templates/weaveproxy.service.j2 new file mode 100644 index 000000000..fe5032893 --- /dev/null +++ b/roles/network_plugin/weave/templates/weaveproxy.service.j2 @@ -0,0 +1,16 @@ +[Unit] +Description=Weave proxy for Docker API +Documentation=http://docs.weave.works/ +Requires=docker.service +After=docker.service + +[Service] +EnvironmentFile=-/etc/weave.%H.env +EnvironmentFile=-/etc/weave.env +ExecStartPre={{ bin_dir }}/weave launch-proxy $WEAVEPROXY_ARGS +ExecStart=/usr/bin/docker attach weaveproxy +Restart=on-failure +ExecStop=/opt/bin/weave stop-proxy + +[Install] +WantedBy=weave-network.target