commit
c0400e9db5
22 changed files with 61 additions and 57 deletions
|
@ -36,7 +36,7 @@ Ensure your OpenStack credentials are loaded in environment variables. This can
|
|||
$ source ~/.stackrc
|
||||
```
|
||||
|
||||
You will need two networks before installing, an internal network and
|
||||
You will need two networks before installing, an internal network and
|
||||
an external (floating IP Pool) network. The internet network can be shared as
|
||||
we use security groups to provide network segregation. Due to the many
|
||||
differences between OpenStack installs the Terraform does not attempt to create
|
||||
|
@ -97,7 +97,7 @@ gfs_volume_size_in_gb = "50"
|
|||
ssh_user_gfs = "ubuntu"
|
||||
```
|
||||
|
||||
If these variables are provided, this will give rise to a new ansible group called `gfs-cluster`, for which we have added ansible roles to execute in the ansible provisioning step. If you are using CoreOS, these GlusterFS VM necessarily need to be either Debian or RedHat based VMs, CoreOS cannot serve GlusterFS, but can connect to it through binaries available on hyperkube v1.4.3_coreos.0 or higher.
|
||||
If these variables are provided, this will give rise to a new ansible group called `gfs-cluster`, for which we have added ansible roles to execute in the ansible provisioning step. If you are using Container Linux by CoreOS, these GlusterFS VM necessarily need to be either Debian or RedHat based VMs, Container Linux by CoreOS cannot serve GlusterFS, but can connect to it through binaries available on hyperkube v1.4.3_coreos.0 or higher.
|
||||
|
||||
|
||||
# Provision a Kubernetes Cluster on OpenStack
|
||||
|
@ -133,20 +133,20 @@ Make sure you can connect to the hosts:
|
|||
```
|
||||
$ ansible -i contrib/terraform/openstack/hosts -m ping all
|
||||
example-k8s_node-1 | SUCCESS => {
|
||||
"changed": false,
|
||||
"changed": false,
|
||||
"ping": "pong"
|
||||
}
|
||||
example-etcd-1 | SUCCESS => {
|
||||
"changed": false,
|
||||
"changed": false,
|
||||
"ping": "pong"
|
||||
}
|
||||
example-k8s-master-1 | SUCCESS => {
|
||||
"changed": false,
|
||||
"changed": false,
|
||||
"ping": "pong"
|
||||
}
|
||||
```
|
||||
|
||||
if you are deploying a system that needs bootstrapping, like CoreOS, these might have a state `FAILED` due to CoreOS not having python. As long as the state is not `UNREACHABLE`, this is fine.
|
||||
if you are deploying a system that needs bootstrapping, like Container Linux by CoreOS, these might have a state `FAILED` due to Container Linux by CoreOS not having python. As long as the state is not `UNREACHABLE`, this is fine.
|
||||
|
||||
if it fails try to connect manually via SSH ... it could be somthing as simple as a stale host key.
|
||||
|
||||
|
|
|
@ -10,7 +10,7 @@ local_release_dir: "/tmp/releases"
|
|||
# Random shifts for retrying failed ops like pushing/downloading
|
||||
retry_stagger: 5
|
||||
|
||||
# Uncomment this line for CoreOS only.
|
||||
# Uncomment this line for Container Linux by CoreOS only.
|
||||
# Directory where python binary is installed
|
||||
# ansible_python_interpreter: "/opt/bin/python"
|
||||
|
||||
|
|
|
@ -15,7 +15,7 @@
|
|||
service:
|
||||
name: docker.socket
|
||||
state: restarted
|
||||
when: ansible_os_family == 'CoreOS'
|
||||
when: ansible_os_family == 'Container Linux by CoreOS'
|
||||
|
||||
- name: Docker | reload docker
|
||||
service:
|
||||
|
|
|
@ -20,7 +20,7 @@
|
|||
docker requires a minimum kernel version of
|
||||
{{ docker_kernel_min_version }} on
|
||||
{{ ansible_distribution }}-{{ ansible_distribution_version }}
|
||||
when: (ansible_os_family != "CoreOS") and (ansible_kernel|version_compare(docker_kernel_min_version, "<"))
|
||||
when: (ansible_os_family != "Container Linux by CoreOS") and (ansible_kernel|version_compare(docker_kernel_min_version, "<"))
|
||||
tags: facts
|
||||
|
||||
- name: ensure docker repository public key is installed
|
||||
|
@ -34,7 +34,7 @@
|
|||
retries: 4
|
||||
delay: "{{ retry_stagger | random + 3 }}"
|
||||
with_items: "{{ docker_repo_key_info.repo_keys }}"
|
||||
when: ansible_os_family != "CoreOS"
|
||||
when: ansible_os_family != "Container Linux by CoreOS"
|
||||
|
||||
- name: ensure docker repository is enabled
|
||||
action: "{{ docker_repo_info.pkg_repo }}"
|
||||
|
@ -42,7 +42,7 @@
|
|||
repo: "{{item}}"
|
||||
state: present
|
||||
with_items: "{{ docker_repo_info.repos }}"
|
||||
when: (ansible_os_family != "CoreOS") and (docker_repo_info.repos|length > 0)
|
||||
when: (ansible_os_family != "Container Linux by CoreOS") and (docker_repo_info.repos|length > 0)
|
||||
|
||||
- name: Configure docker repository on RedHat/CentOS
|
||||
copy:
|
||||
|
@ -61,7 +61,7 @@
|
|||
retries: 4
|
||||
delay: "{{ retry_stagger | random + 3 }}"
|
||||
with_items: "{{ docker_package_info.pkgs }}"
|
||||
when: (ansible_os_family != "CoreOS") and (docker_package_info.pkgs|length > 0)
|
||||
when: (ansible_os_family != "Container Linux by CoreOS") and (docker_package_info.pkgs|length > 0)
|
||||
|
||||
- name: Set docker systemd config
|
||||
include: systemd.yml
|
||||
|
|
|
@ -13,7 +13,7 @@
|
|||
src: docker.service.j2
|
||||
dest: /etc/systemd/system/docker.service
|
||||
register: docker_service_file
|
||||
when: ansible_os_family != "CoreOS"
|
||||
when: ansible_os_family != "Container Linux by CoreOS"
|
||||
|
||||
- name: Write docker options systemd drop-in
|
||||
template:
|
||||
|
|
|
@ -2,14 +2,14 @@
|
|||
local_release_dir: /tmp
|
||||
|
||||
# if this is set to true will only download files once. Doesn't work
|
||||
# on CoreOS unless the download_localhost is true and localhost
|
||||
# on Container Linux by CoreOS unless the download_localhost is true and localhost
|
||||
# is running another OS type. Default compress level is 9 (best).
|
||||
download_run_once: False
|
||||
download_compress: 9
|
||||
|
||||
# if this is set to true, uses the localhost for download_run_once mode
|
||||
# (requires docker and sudo to access docker). You may want this option for
|
||||
# local caching of docker images or for CoreOS cluster nodes.
|
||||
# local caching of docker images or for Container Linux by CoreOS cluster nodes.
|
||||
# Otherwise, uses the first node in the kube-master group to store images
|
||||
# in the download_run_once mode.
|
||||
download_localhost: False
|
||||
|
|
|
@ -48,7 +48,7 @@
|
|||
when: "{{ download.enabled|bool and download.container|bool }}"
|
||||
tags: bootstrap-os
|
||||
|
||||
# This is required for the download_localhost delegate to work smooth with CoreOS cluster nodes
|
||||
# This is required for the download_localhost delegate to work smooth with Container Linux by CoreOS cluster nodes
|
||||
- name: Hack python binary path for localhost
|
||||
raw: sh -c "mkdir -p /opt/bin; ln -sf /usr/bin/python /opt/bin/python"
|
||||
when: "{{ download_delegate == 'localhost' }}"
|
||||
|
@ -119,7 +119,7 @@
|
|||
delegate_to: "{{ download_delegate }}"
|
||||
register: saved
|
||||
run_once: true
|
||||
when: (ansible_os_family != "CoreOS" or download_delegate == "localhost") and download_run_once|bool and download.enabled|bool and download.container|bool and (container_changed|bool or not img.stat.exists)
|
||||
when: (ansible_os_family != "Container Linux by CoreOS" or download_delegate == "localhost") and download_run_once|bool and download.enabled|bool and download.container|bool and (container_changed|bool or not img.stat.exists)
|
||||
|
||||
- name: Download | copy container images to ansible host
|
||||
synchronize:
|
||||
|
@ -128,7 +128,7 @@
|
|||
mode: pull
|
||||
delegate_to: localhost
|
||||
become: false
|
||||
when: ansible_os_family != "CoreOS" and inventory_hostname == groups['kube-master'][0] and download_delegate != "localhost" and download_run_once|bool and download.enabled|bool and download.container|bool and saved.changed
|
||||
when: ansible_os_family != "Container Linux by CoreOS" and inventory_hostname == groups['kube-master'][0] and download_delegate != "localhost" and download_run_once|bool and download.enabled|bool and download.container|bool and saved.changed
|
||||
|
||||
- name: Download | upload container images to nodes
|
||||
synchronize:
|
||||
|
@ -141,10 +141,10 @@
|
|||
until: get_task|success
|
||||
retries: 4
|
||||
delay: "{{ retry_stagger | random + 3 }}"
|
||||
when: (ansible_os_family != "CoreOS" and inventory_hostname != groups['kube-master'][0] or download_delegate == "localhost") and download_run_once|bool and download.enabled|bool and download.container|bool
|
||||
when: (ansible_os_family != "Container Linux by CoreOS" and inventory_hostname != groups['kube-master'][0] or download_delegate == "localhost") and download_run_once|bool and download.enabled|bool and download.container|bool
|
||||
tags: [upload, upgrade]
|
||||
|
||||
- name: Download | load container images
|
||||
shell: "{{ docker_bin_dir }}/docker load < {{ fname }}"
|
||||
when: (ansible_os_family != "CoreOS" and inventory_hostname != groups['kube-master'][0] or download_delegate == "localhost") and download_run_once|bool and download.enabled|bool and download.container|bool
|
||||
when: (ansible_os_family != "Container Linux by CoreOS" and inventory_hostname != groups['kube-master'][0] or download_delegate == "localhost") and download_run_once|bool and download.enabled|bool and download.container|bool
|
||||
tags: [upload, upgrade]
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
dependencies:
|
||||
- role: adduser
|
||||
user: "{{ addusers.etcd }}"
|
||||
when: ansible_os_family != 'CoreOS'
|
||||
when: ansible_os_family != 'Container Linux by CoreOS'
|
||||
- role: download
|
||||
file: "{{ downloads.etcd }}"
|
||||
tags: download
|
||||
|
|
|
@ -129,7 +129,7 @@
|
|||
/usr/local/share/ca-certificates/etcd-ca.crt
|
||||
{%- elif ansible_os_family == "RedHat" -%}
|
||||
/etc/pki/ca-trust/source/anchors/etcd-ca.crt
|
||||
{%- elif ansible_os_family == "CoreOS" -%}
|
||||
{%- elif ansible_os_family == "Container Linux by CoreOS" -%}
|
||||
/etc/ssl/certs/etcd-ca.pem
|
||||
{%- endif %}
|
||||
tags: facts
|
||||
|
@ -141,9 +141,9 @@
|
|||
remote_src: true
|
||||
register: etcd_ca_cert
|
||||
|
||||
- name: Gen_certs | update ca-certificates (Debian/Ubuntu/CoreOS)
|
||||
- name: Gen_certs | update ca-certificates (Debian/Ubuntu/Container Linux by CoreOS)
|
||||
command: update-ca-certificates
|
||||
when: etcd_ca_cert.changed and ansible_os_family in ["Debian", "CoreOS"]
|
||||
when: etcd_ca_cert.changed and ansible_os_family in ["Debian", "Container Linux by CoreOS"]
|
||||
|
||||
- name: Gen_certs | update ca-certificates (RedHat)
|
||||
command: update-ca-trust extract
|
||||
|
|
|
@ -29,6 +29,6 @@ openstack_tenant_id: "{{ lookup('env','OS_TENANT_ID') }}"
|
|||
# All clients access each node individually, instead of using a load balancer.
|
||||
etcd_multiaccess: true
|
||||
|
||||
# CoreOS cloud init config file to define /etc/resolv.conf content
|
||||
# Container Linux by CoreOS cloud init config file to define /etc/resolv.conf content
|
||||
# for hostnet pods and infra needs
|
||||
resolveconf_cloud_init_conf: /etc/resolveconf_cloud_init.conf
|
||||
|
|
|
@ -3,7 +3,7 @@
|
|||
notify:
|
||||
- Preinstall | reload network
|
||||
- Preinstall | reload kubelet
|
||||
when: ansible_os_family != "CoreOS"
|
||||
when: ansible_os_family != "Container Linux by CoreOS"
|
||||
|
||||
# FIXME(bogdando) https://github.com/projectcalico/felix/issues/1185
|
||||
- name: Preinstall | reload network
|
||||
|
@ -15,18 +15,18 @@
|
|||
networking
|
||||
{%- endif %}
|
||||
state: restarted
|
||||
when: ansible_os_family != "CoreOS" and kube_network_plugin not in ['canal', 'calico']
|
||||
when: ansible_os_family != "Container Linux by CoreOS" and kube_network_plugin not in ['canal', 'calico']
|
||||
|
||||
- name: Preinstall | update resolvconf for CoreOS
|
||||
- name: Preinstall | update resolvconf for Container Linux by CoreOS
|
||||
command: /bin/true
|
||||
notify:
|
||||
- Preinstall | apply resolvconf cloud-init
|
||||
- Preinstall | reload kubelet
|
||||
when: ansible_os_family == "CoreOS"
|
||||
when: ansible_os_family == "Container Linux by CoreOS"
|
||||
|
||||
- name: Preinstall | apply resolvconf cloud-init
|
||||
command: /usr/bin/coreos-cloudinit --from-file {{ resolveconf_cloud_init_conf }}
|
||||
when: ansible_os_family == "CoreOS"
|
||||
when: ansible_os_family == "Container Linux by CoreOS"
|
||||
|
||||
- name: Preinstall | reload kubelet
|
||||
service:
|
||||
|
|
|
@ -2,10 +2,10 @@
|
|||
- include: pre-upgrade.yml
|
||||
tags: [upgrade, bootstrap-os]
|
||||
|
||||
- name: Force binaries directory for CoreOS
|
||||
- name: Force binaries directory for Container Linux by CoreOS
|
||||
set_fact:
|
||||
bin_dir: "/opt/bin"
|
||||
when: ansible_os_family == "CoreOS"
|
||||
when: ansible_os_family == "Container Linux by CoreOS"
|
||||
tags: facts
|
||||
|
||||
- name: check bin dir exists
|
||||
|
@ -131,7 +131,7 @@
|
|||
retries: 4
|
||||
delay: "{{ retry_stagger | random + 3 }}"
|
||||
with_items: "{{required_pkgs | default([]) | union(common_required_pkgs|default([]))}}"
|
||||
when: ansible_os_family != "CoreOS"
|
||||
when: ansible_os_family != "Container Linux by CoreOS"
|
||||
tags: bootstrap-os
|
||||
|
||||
- name: Disable IPv6 DNS lookup
|
||||
|
@ -140,7 +140,7 @@
|
|||
line: "precedence ::ffff:0:0/96 100"
|
||||
state: present
|
||||
backup: yes
|
||||
when: disable_ipv6_dns and ansible_os_family != "CoreOS"
|
||||
when: disable_ipv6_dns and ansible_os_family != "Container Linux by CoreOS"
|
||||
tags: bootstrap-os
|
||||
|
||||
# Todo : selinux configuration
|
||||
|
|
|
@ -2,3 +2,7 @@
|
|||
- name: Stop if non systemd OS type
|
||||
assert:
|
||||
that: ansible_service_mgr == "systemd"
|
||||
|
||||
- name: Stop if obsolete CoreOS family fact value
|
||||
assert:
|
||||
that: ansible_os_family != "CoreOS"
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
---
|
||||
- name: create temporary resolveconf cloud init file
|
||||
command: cp -f /etc/resolv.conf "{{ resolvconffile }}"
|
||||
when: ansible_os_family == "CoreOS"
|
||||
when: ansible_os_family == "Container Linux by CoreOS"
|
||||
|
||||
- name: Remove search/domain/nameserver options
|
||||
lineinfile:
|
||||
|
@ -48,7 +48,7 @@
|
|||
- name: get temporary resolveconf cloud init file content
|
||||
command: cat {{ resolvconffile }}
|
||||
register: cloud_config
|
||||
when: ansible_os_family == "CoreOS"
|
||||
when: ansible_os_family == "Container Linux by CoreOS"
|
||||
|
||||
- name: persist resolvconf cloud init file
|
||||
template:
|
||||
|
@ -56,9 +56,9 @@
|
|||
src: resolvconf.j2
|
||||
owner: root
|
||||
mode: 0644
|
||||
notify: Preinstall | update resolvconf for CoreOS
|
||||
when: ansible_os_family == "CoreOS"
|
||||
notify: Preinstall | update resolvconf for Container Linux by CoreOS
|
||||
when: ansible_os_family == "Container Linux by CoreOS"
|
||||
|
||||
- include: dhclient-hooks.yml
|
||||
when: ansible_os_family != "CoreOS"
|
||||
when: ansible_os_family != "Container Linux by CoreOS"
|
||||
tags: [bootstrap-os, resolvconf]
|
||||
|
|
|
@ -35,11 +35,11 @@
|
|||
{%- if resolvconf|bool -%}/etc/resolvconf/resolv.conf.d/base{%- endif -%}
|
||||
head: >-
|
||||
{%- if resolvconf|bool -%}/etc/resolvconf/resolv.conf.d/head{%- endif -%}
|
||||
when: ansible_os_family != "CoreOS"
|
||||
when: ansible_os_family != "Container Linux by CoreOS"
|
||||
|
||||
- name: target temporary resolvconf cloud init file (CoreOS)
|
||||
- name: target temporary resolvconf cloud init file (Container Linux by CoreOS)
|
||||
set_fact: resolvconffile=/tmp/resolveconf_cloud_init_conf
|
||||
when: ansible_os_family == "CoreOS"
|
||||
when: ansible_os_family == "Container Linux by CoreOS"
|
||||
|
||||
- name: target dhclient conf/hook files for Red Hat family
|
||||
set_fact:
|
||||
|
|
|
@ -74,7 +74,7 @@
|
|||
/usr/local/share/ca-certificates/kube-ca.crt
|
||||
{%- elif ansible_os_family == "RedHat" -%}
|
||||
/etc/pki/ca-trust/source/anchors/kube-ca.crt
|
||||
{%- elif ansible_os_family == "CoreOS" -%}
|
||||
{%- elif ansible_os_family == "Container Linux by CoreOS" -%}
|
||||
/etc/ssl/certs/kube-ca.pem
|
||||
{%- endif %}
|
||||
tags: facts
|
||||
|
@ -86,9 +86,9 @@
|
|||
remote_src: true
|
||||
register: kube_ca_cert
|
||||
|
||||
- name: Gen_certs | update ca-certificates (Debian/Ubuntu/CoreOS)
|
||||
- name: Gen_certs | update ca-certificates (Debian/Ubuntu/Container Linux by CoreOS)
|
||||
command: update-ca-certificates
|
||||
when: kube_ca_cert.changed and ansible_os_family in ["Debian", "CoreOS"]
|
||||
when: kube_ca_cert.changed and ansible_os_family in ["Debian", "Container Linux by CoreOS"]
|
||||
|
||||
- name: Gen_certs | update ca-certificates (RedHat)
|
||||
command: update-ca-trust extract
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
dependencies:
|
||||
- role: etcd
|
||||
- role: docker
|
||||
when: ansible_os_family != "CoreOS"
|
||||
when: ansible_os_family != "Container Linux by CoreOS"
|
||||
- role: download
|
||||
file: "{{ downloads.calico_rr }}"
|
||||
|
|
|
@ -20,7 +20,7 @@
|
|||
service:
|
||||
name: docker.socket
|
||||
state: restarted
|
||||
when: ansible_os_family == 'CoreOS'
|
||||
when: ansible_os_family == 'Container Linux by CoreOS'
|
||||
|
||||
- name: Flannel | reload docker
|
||||
service:
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
[Service]
|
||||
{% if ansible_os_family == "CoreOS" %}
|
||||
{% if ansible_os_family == "Container Linux by CoreOS" %}
|
||||
Environment="DOCKER_OPT_BIP=--bip={{ flannel_subnet }} --mtu={{ flannel_mtu }}"
|
||||
{% else %}
|
||||
Environment="DOCKER_NETWORK_OPTIONS=--bip={{ flannel_subnet }} --mtu={{ flannel_mtu }}"
|
||||
|
|
|
@ -7,14 +7,14 @@
|
|||
|
||||
tasks:
|
||||
|
||||
- name: Force binaries directory for CoreOS
|
||||
- name: Force binaries directory for Container Linux by CoreOS
|
||||
set_fact:
|
||||
bin_dir: "/opt/bin"
|
||||
when: ansible_os_family == "CoreOS"
|
||||
when: ansible_os_family == "Container Linux by CoreOS"
|
||||
|
||||
- set_fact:
|
||||
bin_dir: "/usr/local/bin"
|
||||
when: ansible_os_family != "CoreOS"
|
||||
when: ansible_os_family != "Container Linux by CoreOS"
|
||||
|
||||
- name: Run a replica controller composed of 2 pods
|
||||
shell: "{{bin_dir}}/kubectl run test --image={{test_image_repo}}:{{test_image_tag}} --replicas=2 --command -- tail -f /dev/null"
|
||||
|
|
|
@ -3,14 +3,14 @@
|
|||
|
||||
tasks:
|
||||
|
||||
- name: Force binaries directory for CoreOS
|
||||
- name: Force binaries directory for Container Linux by CoreOS
|
||||
set_fact:
|
||||
bin_dir: "/opt/bin"
|
||||
when: ansible_os_family == "CoreOS"
|
||||
when: ansible_os_family == "Container Linux by CoreOS"
|
||||
|
||||
- set_fact:
|
||||
bin_dir: "/usr/local/bin"
|
||||
when: ansible_os_family != "CoreOS"
|
||||
when: ansible_os_family != "Container Linux by CoreOS"
|
||||
|
||||
- name: Get pod names
|
||||
shell: "{{bin_dir}}/kubectl get pods -o json"
|
||||
|
|
|
@ -12,14 +12,14 @@
|
|||
netchecker_port: 31081
|
||||
|
||||
tasks:
|
||||
- name: Force binaries directory for CoreOS
|
||||
- name: Force binaries directory for Container Linux by CoreOS
|
||||
set_fact:
|
||||
bin_dir: "/opt/bin"
|
||||
when: ansible_os_family == "CoreOS"
|
||||
when: ansible_os_family == "Container Linux by CoreOS"
|
||||
|
||||
- set_fact:
|
||||
bin_dir: "/usr/local/bin"
|
||||
when: ansible_os_family != "CoreOS"
|
||||
when: ansible_os_family != "Container Linux by CoreOS"
|
||||
|
||||
- name: Wait for netchecker server
|
||||
shell: "{{ bin_dir }}/kubectl get pods --namespace {{netcheck_namespace}} | grep ^netchecker-server"
|
||||
|
|
Loading…
Reference in a new issue