diff --git a/cluster.yml b/cluster.yml index 832afbb84..66850a3e5 100644 --- a/cluster.yml +++ b/cluster.yml @@ -1,8 +1,6 @@ --- - hosts: k8s-cluster roles: - - { role: adduser, tags: adduser } - - { role: download, tags: download } - { role: kubernetes/preinstall, tags: preinstall } - { role: etcd, tags: etcd } - { role: docker, tags: docker, when: ansible_os_family != "CoreOS" } diff --git a/roles/adduser/defaults/main.yml b/roles/adduser/defaults/main.yml new file mode 100644 index 000000000..b3a69229c --- /dev/null +++ b/roles/adduser/defaults/main.yml @@ -0,0 +1,24 @@ +--- +addusers: + etcd: + name: etcd + comment: "Etcd user" + createhome: yes + home: "/var/lib/etcd" + system: yes + shell: /bin/nologin + kube: + name: kube + comment: "Kubernetes user" + shell: /sbin/nologin + system: yes + group: "{{ kube_cert_group }}" + createhome: no + +adduser: + name: "{{ user.name }}" + group: "{{ user.name|default(None) }}" + comment: "{{ user.comment|default(None) }}" + shell: "{{ user.shell|default(None) }}" + system: "{{ user.system|default(None) }}" + createhome: "{{ user.createhome|default(None) }}" diff --git a/roles/adduser/tasks/main.yml b/roles/adduser/tasks/main.yml index 58e5ce49e..394ff9294 100644 --- a/roles/adduser/tasks/main.yml +++ b/roles/adduser/tasks/main.yml @@ -1,28 +1,13 @@ --- -- name: gather os specific variables - include_vars: "{{ item }}" - with_first_found: - - files: - - "{{ ansible_distribution|lower }}-{{ ansible_distribution_version|lower|replace('/', '_') }}.yml" - - "{{ ansible_distribution|lower }}-{{ ansible_distribution_release }}.yml" - - "{{ ansible_distribution|lower }}-{{ ansible_distribution_major_version|lower|replace('/', '_') }}.yml" - - "{{ ansible_distribution|lower }}.yml" - - "{{ ansible_os_family|lower }}.yml" - - defaults.yml - paths: - - ../vars - skip: true - - name: User | Create User Group - group: name={{item.group|default(item.name)}} system={{item.system|default(omit)}} - with_items: "{{ addusers }}" + group: name={{user.group|default(user.name)}} system={{user.system|default(omit)}} - name: User | Create User user: - comment: "{{item.comment|default(omit)}}" - createhome: "{{item.create_home|default(omit)}}" - group: "{{item.group|default(item.name)}}" - home: "{{item.home|default(omit)}}" - name: "{{item.name}}" - system: "{{item.system|default(omit)}}" - with_items: "{{ addusers }}" + comment: "{{user.comment|default(omit)}}" + createhome: "{{user.create_home|default(omit)}}" + group: "{{user.group|default(user.name)}}" + home: "{{user.home|default(omit)}}" + shell: "{{user.shell|default(omit)}}" + name: "{{user.name}}" + system: "{{user.system|default(omit)}}" diff --git a/roles/download/defaults/main.yml b/roles/download/defaults/main.yml index 72ae6e2e3..55b437f53 100644 --- a/roles/download/defaults/main.yml +++ b/roles/download/defaults/main.yml @@ -33,7 +33,7 @@ kubelet_checksum: "4adaf40592248eef6fd4fa126464915ea41e624a70dc77178089760ed235e kube_apiserver_checksum: "6ac99b36b02968459e026fcfc234207c66064b5e11816b69dd8fc234b2ffec1e" downloads: - - name: calico + calico: dest: calico/bin/calicoctl version: "{{calico_version}}" sha256: "{{ calico_checksum }}" @@ -41,8 +41,7 @@ downloads: url: "{{ calico_download_url }}" owner: "root" mode: "0755" - - - name: calico-cni-plugin + calico_cni_plugin: dest: calico/bin/calico version: "{{calico_cni_version}}" sha256: "{{ calico_cni_checksum }}" @@ -50,8 +49,7 @@ downloads: url: "{{ calico_cni_download_url }}" owner: "root" mode: "0755" - - - name: calico-cni-plugin-ipam + calico_cni_plugin_ipam: dest: calico/bin/calico-ipam version: "{{calico_cni_version}}" sha256: "{{ calico_cni_ipam_checksum }}" @@ -59,8 +57,7 @@ downloads: url: "{{ calico_cni_ipam_download_url }}" owner: "root" mode: "0755" - - - name: weave + weave: dest: weave/bin/weave version: "{{weave_version}}" source_url: "{{weave_download_url}}" @@ -68,8 +65,7 @@ downloads: sha256: "{{ weave_checksum }}" owner: "root" mode: "0755" - - - name: etcd + etcd: version: "{{etcd_version}}" dest: "etcd/etcd-{{ etcd_version }}-linux-amd64.tar.gz" sha256: "{{ etcd_checksum }}" @@ -78,8 +74,7 @@ downloads: unarchive: true owner: "etcd" mode: "0755" - - - name: kubernetes-kubelet + kubernetes_kubelet: version: "{{kube_version}}" dest: kubernetes/bin/kubelet sha256: "{{kubelet_checksum}}" @@ -87,8 +82,7 @@ downloads: url: "{{ kubelet_download_url }}" owner: "kube" mode: "0755" - - - name: kubernetes-kubectl + kubernetes_kubectl: dest: kubernetes/bin/kubectl version: "{{kube_version}}" sha256: "{{kubectl_checksum}}" @@ -96,8 +90,7 @@ downloads: url: "{{ kubectl_download_url }}" owner: "kube" mode: "0755" - - - name: kubernetes-apiserver + kubernetes_apiserver: dest: kubernetes/bin/kube-apiserver version: "{{kube_version}}" sha256: "{{kube_apiserver_checksum}}" @@ -105,3 +98,14 @@ downloads: url: "{{ apiserver_download_url }}" owner: "kube" mode: "0755" + +download: + enabled: "{{ file.enabled|default('true') }}" + dest: "{{ file.dest|default(None) }}" + version: "{{ file.version|default(None) }}" + sha256: "{{ file.sha256|default(None) }}" + source_url: "{{ file.source_url|default(None) }}" + url: "{{ file.url|default(None) }}" + unarchive: "{{ file.unarchive|default('false') }}" + owner: "{{ file.owner|default('kube') }}" + mode: "{{ file.mode|default(None) }}" diff --git a/roles/download/tasks/main.yml b/roles/download/tasks/main.yml index df9b652b1..40bd3c902 100644 --- a/roles/download/tasks/main.yml +++ b/roles/download/tasks/main.yml @@ -1,36 +1,39 @@ --- +- name: downloading... + debug: + msg: "{{ download.url }}" + when: "{{ download.enabled|bool }}" + - name: Create dest directories - file: path={{local_release_dir}}/{{item.dest|dirname}} state=directory recurse=yes - with_items: "{{ downloads }}" + file: path={{local_release_dir}}/{{download.dest|dirname}} state=directory recurse=yes + when: "{{ download.enabled|bool }}" run_once: "{{ download_run_once|bool }}" - name: Download items get_url: - url: "{{item.url}}" - dest: "{{local_release_dir}}/{{item.dest}}" - sha256sum: "{{item.sha256 | default(omit)}}" - owner: "{{ item.owner|default(omit) }}" - mode: "{{ item.mode|default(omit) }}" - with_items: "{{ downloads }}" + url: "{{download.url}}" + dest: "{{local_release_dir}}/{{download.dest}}" + sha256sum: "{{download.sha256 | default(omit)}}" + owner: "{{ download.owner|default(omit) }}" + mode: "{{ download.mode|default(omit) }}" + when: "{{ download.enabled|bool }}" run_once: "{{ download_run_once|bool }}" - name: Extract archives unarchive: - src: "{{ local_release_dir }}/{{item.dest}}" - dest: "{{ local_release_dir }}/{{item.dest|dirname}}" - owner: "{{ item.owner|default(omit) }}" - mode: "{{ item.mode|default(omit) }}" + src: "{{ local_release_dir }}/{{download.dest}}" + dest: "{{ local_release_dir }}/{{download.dest|dirname}}" + owner: "{{ download.owner|default(omit) }}" + mode: "{{ download.mode|default(omit) }}" copy: no - when: "{{item.unarchive is defined and item.unarchive == True}}" - with_items: "{{ downloads }}" + when: "{{ download.enabled|bool }} and ({{download.unarchive is defined and download.unarchive == True}})" run_once: "{{ download_run_once|bool }}" - name: Fix permissions file: state: file - path: "{{local_release_dir}}/{{item.dest}}" - owner: "{{ item.owner|default(omit) }}" - mode: "{{ item.mode|default(omit) }}" - when: "{{item.unarchive is not defined or item.unarchive == False}}" - with_items: "{{ downloads }}" + path: "{{local_release_dir}}/{{download.dest}}" + owner: "{{ download.owner|default(omit) }}" + mode: "{{ download.mode|default(omit) }}" + when: "{{ download.enabled|bool }} and ({{download.unarchive is not defined or download.unarchive == False}})" run_once: "{{ download_run_once|bool }}" diff --git a/roles/etcd/meta/main.yml b/roles/etcd/meta/main.yml new file mode 100644 index 000000000..5ea32c371 --- /dev/null +++ b/roles/etcd/meta/main.yml @@ -0,0 +1,7 @@ +--- +dependencies: + - role: adduser + user: "{{ addusers.etcd }}" + when: ansible_os_family != 'CoreOS' + - role: download + file: "{{ downloads.etcd }}" diff --git a/roles/kubernetes/master/meta/main.yml b/roles/kubernetes/master/meta/main.yml index 53dd04017..11f02f99d 100644 --- a/roles/kubernetes/master/meta/main.yml +++ b/roles/kubernetes/master/meta/main.yml @@ -1,4 +1,8 @@ --- dependencies: + - role: download + file: "{{ downloads.kubernetes_kubectl }}" + - role: download + file: "{{ downloads.kubernetes_apiserver }}" - { role: etcd } - { role: kubernetes/node } diff --git a/roles/kubernetes/node/meta/main.yml b/roles/kubernetes/node/meta/main.yml index 811a29787..a277c7d8a 100644 --- a/roles/kubernetes/node/meta/main.yml +++ b/roles/kubernetes/node/meta/main.yml @@ -1,3 +1,5 @@ --- dependencies: - - role: kubernetes/secrets + - role: download + file: "{{ downloads.kubernetes_kubelet }}" + - role: kubernetes/secrets diff --git a/roles/kubernetes/preinstall/meta/main.yml b/roles/kubernetes/preinstall/meta/main.yml new file mode 100644 index 000000000..3d0d62446 --- /dev/null +++ b/roles/kubernetes/preinstall/meta/main.yml @@ -0,0 +1,5 @@ +--- +dependencies: + - role: adduser + user: "{{ addusers.kube }}" + when: ansible_os_family != 'CoreOS' diff --git a/roles/network_plugin/calico/meta/main.yml b/roles/network_plugin/calico/meta/main.yml new file mode 100644 index 000000000..dd9379a44 --- /dev/null +++ b/roles/network_plugin/calico/meta/main.yml @@ -0,0 +1,8 @@ +--- +dependencies: + - role: download + file: "{{ downloads.calico }}" + - role: download + file: "{{ downloads.calico_cni_plugin }}" + - role: download + file: "{{ downloads.calico_cni_plugin_ipam }}" diff --git a/roles/network_plugin/weave/meta/main.yml b/roles/network_plugin/weave/meta/main.yml new file mode 100644 index 000000000..88346d304 --- /dev/null +++ b/roles/network_plugin/weave/meta/main.yml @@ -0,0 +1,4 @@ +--- +dependencies: + - role: download + file: "{{ downloads.weave }}"