diff --git a/README.md b/README.md index 8b3856da0..edd01e508 100644 --- a/README.md +++ b/README.md @@ -36,9 +36,6 @@ These defaults are good for tests purposes. Edit the inventory according to the number of servers ``` -[downloader] -localhost ansible_connection=local ansible_python_interpreter=python2 - [kube-master] 10.115.99.31 @@ -77,9 +74,6 @@ In node-mesh mode the nodes peers with all the nodes in order to exchange routes ``` -[downloader] -localhost ansible_connection=local ansible_python_interpreter=python2 - [kube-master] node1 ansible_ssh_host=10.99.0.26 node2 ansible_ssh_host=10.99.0.27 diff --git a/cluster.yml b/cluster.yml index d68bf8ab3..faf0fea18 100644 --- a/cluster.yml +++ b/cluster.yml @@ -1,10 +1,7 @@ --- -- hosts: downloader - roles: - - { role: download, tags: download } - - hosts: k8s-cluster roles: + - { role: download, tags: download } - { role: kubernetes/preinstall, tags: preinstall } - { role: docker, tags: docker } - { role: kubernetes/node, tags: node } diff --git a/inventory/inventory.example b/inventory/inventory.example index ab0d1fca1..90bc3d5ac 100644 --- a/inventory/inventory.example +++ b/inventory/inventory.example @@ -1,6 +1,3 @@ -[downloader] -localhost ansible_connection=local ansible_python_interpreter=python2 - [kube-master] node1 ansible_ssh_host=10.99.0.26 node2 ansible_ssh_host=10.99.0.27 diff --git a/inventory/local-tests.cfg b/inventory/local-tests.cfg index 06fd3977b..425ad23ef 100644 --- a/inventory/local-tests.cfg +++ b/inventory/local-tests.cfg @@ -1,8 +1,5 @@ node1 ansible_connection=local local_release_dir={{ansible_env.HOME}}/releases -[downloader] -node1 - [kube-master] node1 diff --git a/roles/apps/k8s-kubedns b/roles/apps/k8s-kubedns index d6df09a89..b5015aed8 160000 --- a/roles/apps/k8s-kubedns +++ b/roles/apps/k8s-kubedns @@ -1 +1 @@ -Subproject commit d6df09a89721d98e2969a8abf29b4eb5e787fca6 +Subproject commit b5015aed8ff5eed9c325911205cfbb23ad0e57be diff --git a/roles/download/defaults/main.yml b/roles/download/defaults/main.yml index 684c75bbb..89f878aa0 100644 --- a/roles/download/defaults/main.yml +++ b/roles/download/defaults/main.yml @@ -1,6 +1,10 @@ --- local_release_dir: /tmp +# This is the group that the cert creation scripts chgrp the +# cert files to. Not really changable... +kube_cert_group: kube-cert + # Versions kube_version: v1.1.4 etcd_version: v2.2.4 @@ -25,24 +29,34 @@ downloads: dest: calico/bin/calicoctl sha256: "{{ calico_checksum }}" url: "{{ calico_download_url }}" + owner: "root" + mode: "0755" - name: calico-plugin dest: calico/bin/calico sha256: "{{ calico_plugin_checksum }}" url: "{{ calico_plugin_download_url }}" + owner: "root" + mode: "0755" - name: etcd dest: "etcd/etcd-{{ etcd_version }}-linux-amd64.tar.gz" sha256: "{{ etcd_checksum }}" url: "{{ etcd_download_url }}" unarchive: true + owner: "etcd" + mode: "0755" - name: kubernetes-kubelet dest: kubernetes/bin/kubelet sha256: "{{kubelet_checksum}}" url: "{{ kube_download_url }}/kubelet" + owner: "kube" + mode: "0755" - name: kubernetes-kubectl dest: kubernetes/bin/kubectl sha256: "{{kubectl_checksum}}" url: "{{ kube_download_url }}/kubectl" + owner: "kube" + mode: "0755" diff --git a/roles/download/tasks/main.yml b/roles/download/tasks/main.yml index 0d881acfc..d83470bed 100644 --- a/roles/download/tasks/main.yml +++ b/roles/download/tasks/main.yml @@ -1,4 +1,22 @@ --- +- name: certs | create system kube-cert groups + group: name={{ kube_cert_group }} state=present system=yes + +- name: Create system kube user + user: + name=kube + comment="Kubernetes user" + shell=/sbin/nologin + state=present + system=yes + groups={{ kube_cert_group }} + +- name: Create etcd user + user: + name: etcd + shell: /bin/nologin + home: /var/lib/etcd + - name: Create dest directories file: path={{local_release_dir}}/{{item.dest|dirname}} state=directory recurse=yes with_items: downloads @@ -8,6 +26,8 @@ url: "{{item.url}}" dest: "{{local_release_dir}}/{{item.dest}}" sha256sum: "{{item.sha256 | default(omit)}}" + owner: "{{ item.owner|default(omit) }}" + mode: "{{ item.mode|default(omit) }}" with_items: downloads - name: Extract archives diff --git a/roles/etcd/tasks/configure.yml b/roles/etcd/tasks/configure.yml index 6f11a743b..ab3a5052d 100644 --- a/roles/etcd/tasks/configure.yml +++ b/roles/etcd/tasks/configure.yml @@ -1,5 +1,5 @@ --- -- name: Copy etcd.service systemd file +- name: Configure | Copy etcd.service systemd file template: src: etcd.service.j2 dest: /lib/systemd/system/etcd.service @@ -8,7 +8,7 @@ notify: - restart systemd-etcd -- name: Write calico-node initd script +- name: Configure | Write calico-node initd script template: src: deb-etcd.initd.j2 dest: /etc/init.d/etcd @@ -17,11 +17,11 @@ when: init_system == "sysvinit" and ansible_os_family == "Debian" notify: restart etcd -- name: Create etcd environment vars file +- name: Configure | Create etcd environment vars file template: src: etcd.j2 dest: /etc/etcd.env notify: restart etcd -- name: Ensure etcd is running +- name: Configure | Ensure etcd is running service: name=etcd state=started enabled=yes diff --git a/roles/etcd/tasks/install.yml b/roles/etcd/tasks/install.yml index f594ae9bc..679b98077 100644 --- a/roles/etcd/tasks/install.yml +++ b/roles/etcd/tasks/install.yml @@ -1,17 +1,8 @@ --- -- name: Create etcd user - user: name=etcd shell=/bin/nologin home=/var/lib/etcd - -- name: Install etcd binaries - synchronize: - src: "{{ etcd_bin_dir }}/{{ item }}" - dest: "{{ bin_dir }}" - times: yes - archive: no - set_remote_user: false - delegate_to: "{{ groups['downloader'][0] }}" +- name: INSTALL | Copy etcd binaries + command: cp -pf "{{ etcd_bin_dir }}/{{ item }}" "{{ bin_dir }}" with_items: - etcdctl - etcd + changed_when: false notify: restart etcd - diff --git a/roles/kubernetes/master/tasks/main.yml b/roles/kubernetes/master/tasks/main.yml index 9e50200f6..3543ded91 100644 --- a/roles/kubernetes/master/tasks/main.yml +++ b/roles/kubernetes/master/tasks/main.yml @@ -5,17 +5,9 @@ dest: /etc/bash_completion.d/kubectl.sh - name: Install kubectl binary - synchronize: - src: "{{ local_release_dir }}/kubernetes/bin/kubectl" - dest: "{{ bin_dir }}/kubectl" - archive: no - checksum: yes - times: yes - set_remote_user: false - delegate_to: "{{ groups['downloader'][0] }}" - -- name: Perms kubectl binary - file: path={{ bin_dir }}/kubectl owner=kube mode=0755 state=file + command: cp -pf "{{ local_release_dir }}/kubernetes/bin/kubectl" "{{ bin_dir }}/kubectl" + changed_when: false + notify: restart kubelet - name: populate users for basic auth in API lineinfile: @@ -46,8 +38,7 @@ template: src: manifests/kube-apiserver.manifest.j2 dest: "{{ kube_manifest_dir }}/kube-apisever.manifest" - notify: - - restart kubelet + notify: restart kubelet - meta: flush_handlers diff --git a/roles/kubernetes/node/tasks/install.yml b/roles/kubernetes/node/tasks/install.yml index 9fa4398f5..9017003b2 100644 --- a/roles/kubernetes/node/tasks/install.yml +++ b/roles/kubernetes/node/tasks/install.yml @@ -18,34 +18,16 @@ notify: restart kubelet - name: install | Install kubelet binary - synchronize: - src: "{{ local_release_dir }}/kubernetes/bin/kubelet" - dest: "{{ bin_dir }}/kubelet" - times: yes - archive: no - set_remote_user: false - delegate_to: "{{ groups['downloader'][0] }}" - notify: - - restart kubelet - -- name: install | Perms kubelet binary - file: path={{ bin_dir }}/kubelet owner=kube mode=0755 state=file + command: cp -pf "{{ local_release_dir }}/kubernetes/bin/kubelet" "{{ bin_dir }}/kubelet" + changed_when: false + notify: restart kubelet - name: install | Calico-plugin | Directory file: path=/usr/libexec/kubernetes/kubelet-plugins/net/exec/calico/ state=directory when: kube_network_plugin == "calico" - name: install | Calico-plugin | Binary - synchronize: - src: "{{ local_release_dir }}/calico/bin/calico" - dest: "/usr/libexec/kubernetes/kubelet-plugins/net/exec/calico/calico" - times: yes - archive: no - set_remote_user: false - delegate_to: "{{ groups['downloader'][0] }}" + command: cp -pf "{{ local_release_dir }}/calico/bin/calico" "/usr/libexec/kubernetes/kubelet-plugins/net/exec/calico/calico" when: kube_network_plugin == "calico" + changed_when: false notify: restart kubelet - -- name: install | Perms calico plugin binary - file: path=/usr/libexec/kubernetes/kubelet-plugins/net/exec/calico/calico owner=kube mode=0755 state=file - when: kube_network_plugin == "calico" diff --git a/roles/kubernetes/node/tasks/main.yml b/roles/kubernetes/node/tasks/main.yml index 68d4f7579..387f5bf72 100644 --- a/roles/kubernetes/node/tasks/main.yml +++ b/roles/kubernetes/node/tasks/main.yml @@ -12,15 +12,6 @@ - name: certs | create system kube-cert groups group: name={{ kube_cert_group }} state=present system=yes -- name: create system kube user - user: - name=kube - comment="Kubernetes user" - shell=/sbin/nologin - state=present - system=yes - groups={{ kube_cert_group }} - - include: secrets.yml tags: - secrets diff --git a/roles/kubernetes/preinstall/tasks/main.yml b/roles/kubernetes/preinstall/tasks/main.yml index ef6578e37..a498e6445 100644 --- a/roles/kubernetes/preinstall/tasks/main.yml +++ b/roles/kubernetes/preinstall/tasks/main.yml @@ -17,7 +17,7 @@ - name: "Identify init system" shell: > - $(pgrep systemd > /dev/null && systemctl status network > /dev/null); + $(pgrep systemd > /dev/null && systemctl status network.target > /dev/null); if [ $? -eq 0 ] ; then echo systemd; else diff --git a/roles/network_plugin/tasks/calico.yml b/roles/network_plugin/tasks/calico.yml index 790642399..b1dd11a37 100644 --- a/roles/network_plugin/tasks/calico.yml +++ b/roles/network_plugin/tasks/calico.yml @@ -1,12 +1,7 @@ --- - name: Calico | Install calicoctl bin - synchronize: - src: "{{ local_release_dir }}/calico/bin/calicoctl" - dest: "{{ bin_dir }}/calicoctl" - archive: no - times: yes - set_remote_user: false - delegate_to: "{{ groups['downloader'][0] }}" + command: cp -pf "{{ local_release_dir }}/calico/bin/calicoctl" "{{ bin_dir }}/calicoctl" + changed_when: false notify: restart calico-node - name: Calico | install calicoctl