commit
e36781132f
22 changed files with 61 additions and 57 deletions
|
@ -36,7 +36,7 @@ Ensure your OpenStack credentials are loaded in environment variables. This can
|
||||||
$ source ~/.stackrc
|
$ source ~/.stackrc
|
||||||
```
|
```
|
||||||
|
|
||||||
You will need two networks before installing, an internal network and
|
You will need two networks before installing, an internal network and
|
||||||
an external (floating IP Pool) network. The internet network can be shared as
|
an external (floating IP Pool) network. The internet network can be shared as
|
||||||
we use security groups to provide network segregation. Due to the many
|
we use security groups to provide network segregation. Due to the many
|
||||||
differences between OpenStack installs the Terraform does not attempt to create
|
differences between OpenStack installs the Terraform does not attempt to create
|
||||||
|
@ -97,7 +97,7 @@ gfs_volume_size_in_gb = "50"
|
||||||
ssh_user_gfs = "ubuntu"
|
ssh_user_gfs = "ubuntu"
|
||||||
```
|
```
|
||||||
|
|
||||||
If these variables are provided, this will give rise to a new ansible group called `gfs-cluster`, for which we have added ansible roles to execute in the ansible provisioning step. If you are using CoreOS, these GlusterFS VM necessarily need to be either Debian or RedHat based VMs, CoreOS cannot serve GlusterFS, but can connect to it through binaries available on hyperkube v1.4.3_coreos.0 or higher.
|
If these variables are provided, this will give rise to a new ansible group called `gfs-cluster`, for which we have added ansible roles to execute in the ansible provisioning step. If you are using Container Linux by CoreOS, these GlusterFS VM necessarily need to be either Debian or RedHat based VMs, Container Linux by CoreOS cannot serve GlusterFS, but can connect to it through binaries available on hyperkube v1.4.3_coreos.0 or higher.
|
||||||
|
|
||||||
|
|
||||||
# Provision a Kubernetes Cluster on OpenStack
|
# Provision a Kubernetes Cluster on OpenStack
|
||||||
|
@ -133,20 +133,20 @@ Make sure you can connect to the hosts:
|
||||||
```
|
```
|
||||||
$ ansible -i contrib/terraform/openstack/hosts -m ping all
|
$ ansible -i contrib/terraform/openstack/hosts -m ping all
|
||||||
example-k8s_node-1 | SUCCESS => {
|
example-k8s_node-1 | SUCCESS => {
|
||||||
"changed": false,
|
"changed": false,
|
||||||
"ping": "pong"
|
"ping": "pong"
|
||||||
}
|
}
|
||||||
example-etcd-1 | SUCCESS => {
|
example-etcd-1 | SUCCESS => {
|
||||||
"changed": false,
|
"changed": false,
|
||||||
"ping": "pong"
|
"ping": "pong"
|
||||||
}
|
}
|
||||||
example-k8s-master-1 | SUCCESS => {
|
example-k8s-master-1 | SUCCESS => {
|
||||||
"changed": false,
|
"changed": false,
|
||||||
"ping": "pong"
|
"ping": "pong"
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|
||||||
if you are deploying a system that needs bootstrapping, like CoreOS, these might have a state `FAILED` due to CoreOS not having python. As long as the state is not `UNREACHABLE`, this is fine.
|
if you are deploying a system that needs bootstrapping, like Container Linux by CoreOS, these might have a state `FAILED` due to Container Linux by CoreOS not having python. As long as the state is not `UNREACHABLE`, this is fine.
|
||||||
|
|
||||||
if it fails try to connect manually via SSH ... it could be somthing as simple as a stale host key.
|
if it fails try to connect manually via SSH ... it could be somthing as simple as a stale host key.
|
||||||
|
|
||||||
|
|
|
@ -10,7 +10,7 @@ local_release_dir: "/tmp/releases"
|
||||||
# Random shifts for retrying failed ops like pushing/downloading
|
# Random shifts for retrying failed ops like pushing/downloading
|
||||||
retry_stagger: 5
|
retry_stagger: 5
|
||||||
|
|
||||||
# Uncomment this line for CoreOS only.
|
# Uncomment this line for Container Linux by CoreOS only.
|
||||||
# Directory where python binary is installed
|
# Directory where python binary is installed
|
||||||
# ansible_python_interpreter: "/opt/bin/python"
|
# ansible_python_interpreter: "/opt/bin/python"
|
||||||
|
|
||||||
|
|
|
@ -15,7 +15,7 @@
|
||||||
service:
|
service:
|
||||||
name: docker.socket
|
name: docker.socket
|
||||||
state: restarted
|
state: restarted
|
||||||
when: ansible_os_family == 'CoreOS'
|
when: ansible_os_family == 'Container Linux by CoreOS'
|
||||||
|
|
||||||
- name: Docker | reload docker
|
- name: Docker | reload docker
|
||||||
service:
|
service:
|
||||||
|
|
|
@ -20,7 +20,7 @@
|
||||||
docker requires a minimum kernel version of
|
docker requires a minimum kernel version of
|
||||||
{{ docker_kernel_min_version }} on
|
{{ docker_kernel_min_version }} on
|
||||||
{{ ansible_distribution }}-{{ ansible_distribution_version }}
|
{{ ansible_distribution }}-{{ ansible_distribution_version }}
|
||||||
when: (ansible_os_family != "CoreOS") and (ansible_kernel|version_compare(docker_kernel_min_version, "<"))
|
when: (ansible_os_family != "Container Linux by CoreOS") and (ansible_kernel|version_compare(docker_kernel_min_version, "<"))
|
||||||
tags: facts
|
tags: facts
|
||||||
|
|
||||||
- name: ensure docker repository public key is installed
|
- name: ensure docker repository public key is installed
|
||||||
|
@ -34,7 +34,7 @@
|
||||||
retries: 4
|
retries: 4
|
||||||
delay: "{{ retry_stagger | random + 3 }}"
|
delay: "{{ retry_stagger | random + 3 }}"
|
||||||
with_items: "{{ docker_repo_key_info.repo_keys }}"
|
with_items: "{{ docker_repo_key_info.repo_keys }}"
|
||||||
when: ansible_os_family != "CoreOS"
|
when: ansible_os_family != "Container Linux by CoreOS"
|
||||||
|
|
||||||
- name: ensure docker repository is enabled
|
- name: ensure docker repository is enabled
|
||||||
action: "{{ docker_repo_info.pkg_repo }}"
|
action: "{{ docker_repo_info.pkg_repo }}"
|
||||||
|
@ -42,7 +42,7 @@
|
||||||
repo: "{{item}}"
|
repo: "{{item}}"
|
||||||
state: present
|
state: present
|
||||||
with_items: "{{ docker_repo_info.repos }}"
|
with_items: "{{ docker_repo_info.repos }}"
|
||||||
when: (ansible_os_family != "CoreOS") and (docker_repo_info.repos|length > 0)
|
when: (ansible_os_family != "Container Linux by CoreOS") and (docker_repo_info.repos|length > 0)
|
||||||
|
|
||||||
- name: Configure docker repository on RedHat/CentOS
|
- name: Configure docker repository on RedHat/CentOS
|
||||||
copy:
|
copy:
|
||||||
|
@ -61,7 +61,7 @@
|
||||||
retries: 4
|
retries: 4
|
||||||
delay: "{{ retry_stagger | random + 3 }}"
|
delay: "{{ retry_stagger | random + 3 }}"
|
||||||
with_items: "{{ docker_package_info.pkgs }}"
|
with_items: "{{ docker_package_info.pkgs }}"
|
||||||
when: (ansible_os_family != "CoreOS") and (docker_package_info.pkgs|length > 0)
|
when: (ansible_os_family != "Container Linux by CoreOS") and (docker_package_info.pkgs|length > 0)
|
||||||
|
|
||||||
- name: Set docker systemd config
|
- name: Set docker systemd config
|
||||||
include: systemd.yml
|
include: systemd.yml
|
||||||
|
|
|
@ -13,7 +13,7 @@
|
||||||
src: docker.service.j2
|
src: docker.service.j2
|
||||||
dest: /etc/systemd/system/docker.service
|
dest: /etc/systemd/system/docker.service
|
||||||
register: docker_service_file
|
register: docker_service_file
|
||||||
when: ansible_os_family != "CoreOS"
|
when: ansible_os_family != "Container Linux by CoreOS"
|
||||||
|
|
||||||
- name: Write docker options systemd drop-in
|
- name: Write docker options systemd drop-in
|
||||||
template:
|
template:
|
||||||
|
|
|
@ -2,14 +2,14 @@
|
||||||
local_release_dir: /tmp
|
local_release_dir: /tmp
|
||||||
|
|
||||||
# if this is set to true will only download files once. Doesn't work
|
# if this is set to true will only download files once. Doesn't work
|
||||||
# on CoreOS unless the download_localhost is true and localhost
|
# on Container Linux by CoreOS unless the download_localhost is true and localhost
|
||||||
# is running another OS type. Default compress level is 9 (best).
|
# is running another OS type. Default compress level is 9 (best).
|
||||||
download_run_once: False
|
download_run_once: False
|
||||||
download_compress: 9
|
download_compress: 9
|
||||||
|
|
||||||
# if this is set to true, uses the localhost for download_run_once mode
|
# if this is set to true, uses the localhost for download_run_once mode
|
||||||
# (requires docker and sudo to access docker). You may want this option for
|
# (requires docker and sudo to access docker). You may want this option for
|
||||||
# local caching of docker images or for CoreOS cluster nodes.
|
# local caching of docker images or for Container Linux by CoreOS cluster nodes.
|
||||||
# Otherwise, uses the first node in the kube-master group to store images
|
# Otherwise, uses the first node in the kube-master group to store images
|
||||||
# in the download_run_once mode.
|
# in the download_run_once mode.
|
||||||
download_localhost: False
|
download_localhost: False
|
||||||
|
|
|
@ -48,7 +48,7 @@
|
||||||
when: "{{ download.enabled|bool and download.container|bool }}"
|
when: "{{ download.enabled|bool and download.container|bool }}"
|
||||||
tags: bootstrap-os
|
tags: bootstrap-os
|
||||||
|
|
||||||
# This is required for the download_localhost delegate to work smooth with CoreOS cluster nodes
|
# This is required for the download_localhost delegate to work smooth with Container Linux by CoreOS cluster nodes
|
||||||
- name: Hack python binary path for localhost
|
- name: Hack python binary path for localhost
|
||||||
raw: sh -c "mkdir -p /opt/bin; ln -sf /usr/bin/python /opt/bin/python"
|
raw: sh -c "mkdir -p /opt/bin; ln -sf /usr/bin/python /opt/bin/python"
|
||||||
when: "{{ download_delegate == 'localhost' }}"
|
when: "{{ download_delegate == 'localhost' }}"
|
||||||
|
@ -119,7 +119,7 @@
|
||||||
delegate_to: "{{ download_delegate }}"
|
delegate_to: "{{ download_delegate }}"
|
||||||
register: saved
|
register: saved
|
||||||
run_once: true
|
run_once: true
|
||||||
when: (ansible_os_family != "CoreOS" or download_delegate == "localhost") and download_run_once|bool and download.enabled|bool and download.container|bool and (container_changed|bool or not img.stat.exists)
|
when: (ansible_os_family != "Container Linux by CoreOS" or download_delegate == "localhost") and download_run_once|bool and download.enabled|bool and download.container|bool and (container_changed|bool or not img.stat.exists)
|
||||||
|
|
||||||
- name: Download | copy container images to ansible host
|
- name: Download | copy container images to ansible host
|
||||||
synchronize:
|
synchronize:
|
||||||
|
@ -128,7 +128,7 @@
|
||||||
mode: pull
|
mode: pull
|
||||||
delegate_to: localhost
|
delegate_to: localhost
|
||||||
become: false
|
become: false
|
||||||
when: ansible_os_family != "CoreOS" and inventory_hostname == groups['kube-master'][0] and download_delegate != "localhost" and download_run_once|bool and download.enabled|bool and download.container|bool and saved.changed
|
when: ansible_os_family != "Container Linux by CoreOS" and inventory_hostname == groups['kube-master'][0] and download_delegate != "localhost" and download_run_once|bool and download.enabled|bool and download.container|bool and saved.changed
|
||||||
|
|
||||||
- name: Download | upload container images to nodes
|
- name: Download | upload container images to nodes
|
||||||
synchronize:
|
synchronize:
|
||||||
|
@ -141,10 +141,10 @@
|
||||||
until: get_task|success
|
until: get_task|success
|
||||||
retries: 4
|
retries: 4
|
||||||
delay: "{{ retry_stagger | random + 3 }}"
|
delay: "{{ retry_stagger | random + 3 }}"
|
||||||
when: (ansible_os_family != "CoreOS" and inventory_hostname != groups['kube-master'][0] or download_delegate == "localhost") and download_run_once|bool and download.enabled|bool and download.container|bool
|
when: (ansible_os_family != "Container Linux by CoreOS" and inventory_hostname != groups['kube-master'][0] or download_delegate == "localhost") and download_run_once|bool and download.enabled|bool and download.container|bool
|
||||||
tags: [upload, upgrade]
|
tags: [upload, upgrade]
|
||||||
|
|
||||||
- name: Download | load container images
|
- name: Download | load container images
|
||||||
shell: "{{ docker_bin_dir }}/docker load < {{ fname }}"
|
shell: "{{ docker_bin_dir }}/docker load < {{ fname }}"
|
||||||
when: (ansible_os_family != "CoreOS" and inventory_hostname != groups['kube-master'][0] or download_delegate == "localhost") and download_run_once|bool and download.enabled|bool and download.container|bool
|
when: (ansible_os_family != "Container Linux by CoreOS" and inventory_hostname != groups['kube-master'][0] or download_delegate == "localhost") and download_run_once|bool and download.enabled|bool and download.container|bool
|
||||||
tags: [upload, upgrade]
|
tags: [upload, upgrade]
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
dependencies:
|
dependencies:
|
||||||
- role: adduser
|
- role: adduser
|
||||||
user: "{{ addusers.etcd }}"
|
user: "{{ addusers.etcd }}"
|
||||||
when: ansible_os_family != 'CoreOS'
|
when: ansible_os_family != 'Container Linux by CoreOS'
|
||||||
- role: download
|
- role: download
|
||||||
file: "{{ downloads.etcd }}"
|
file: "{{ downloads.etcd }}"
|
||||||
tags: download
|
tags: download
|
||||||
|
|
|
@ -129,7 +129,7 @@
|
||||||
/usr/local/share/ca-certificates/etcd-ca.crt
|
/usr/local/share/ca-certificates/etcd-ca.crt
|
||||||
{%- elif ansible_os_family == "RedHat" -%}
|
{%- elif ansible_os_family == "RedHat" -%}
|
||||||
/etc/pki/ca-trust/source/anchors/etcd-ca.crt
|
/etc/pki/ca-trust/source/anchors/etcd-ca.crt
|
||||||
{%- elif ansible_os_family == "CoreOS" -%}
|
{%- elif ansible_os_family == "Container Linux by CoreOS" -%}
|
||||||
/etc/ssl/certs/etcd-ca.pem
|
/etc/ssl/certs/etcd-ca.pem
|
||||||
{%- endif %}
|
{%- endif %}
|
||||||
tags: facts
|
tags: facts
|
||||||
|
@ -141,9 +141,9 @@
|
||||||
remote_src: true
|
remote_src: true
|
||||||
register: etcd_ca_cert
|
register: etcd_ca_cert
|
||||||
|
|
||||||
- name: Gen_certs | update ca-certificates (Debian/Ubuntu/CoreOS)
|
- name: Gen_certs | update ca-certificates (Debian/Ubuntu/Container Linux by CoreOS)
|
||||||
command: update-ca-certificates
|
command: update-ca-certificates
|
||||||
when: etcd_ca_cert.changed and ansible_os_family in ["Debian", "CoreOS"]
|
when: etcd_ca_cert.changed and ansible_os_family in ["Debian", "Container Linux by CoreOS"]
|
||||||
|
|
||||||
- name: Gen_certs | update ca-certificates (RedHat)
|
- name: Gen_certs | update ca-certificates (RedHat)
|
||||||
command: update-ca-trust extract
|
command: update-ca-trust extract
|
||||||
|
|
|
@ -29,6 +29,6 @@ openstack_tenant_id: "{{ lookup('env','OS_TENANT_ID') }}"
|
||||||
# All clients access each node individually, instead of using a load balancer.
|
# All clients access each node individually, instead of using a load balancer.
|
||||||
etcd_multiaccess: true
|
etcd_multiaccess: true
|
||||||
|
|
||||||
# CoreOS cloud init config file to define /etc/resolv.conf content
|
# Container Linux by CoreOS cloud init config file to define /etc/resolv.conf content
|
||||||
# for hostnet pods and infra needs
|
# for hostnet pods and infra needs
|
||||||
resolveconf_cloud_init_conf: /etc/resolveconf_cloud_init.conf
|
resolveconf_cloud_init_conf: /etc/resolveconf_cloud_init.conf
|
||||||
|
|
|
@ -3,7 +3,7 @@
|
||||||
notify:
|
notify:
|
||||||
- Preinstall | reload network
|
- Preinstall | reload network
|
||||||
- Preinstall | reload kubelet
|
- Preinstall | reload kubelet
|
||||||
when: ansible_os_family != "CoreOS"
|
when: ansible_os_family != "Container Linux by CoreOS"
|
||||||
|
|
||||||
# FIXME(bogdando) https://github.com/projectcalico/felix/issues/1185
|
# FIXME(bogdando) https://github.com/projectcalico/felix/issues/1185
|
||||||
- name: Preinstall | reload network
|
- name: Preinstall | reload network
|
||||||
|
@ -15,18 +15,18 @@
|
||||||
networking
|
networking
|
||||||
{%- endif %}
|
{%- endif %}
|
||||||
state: restarted
|
state: restarted
|
||||||
when: ansible_os_family != "CoreOS" and kube_network_plugin not in ['canal', 'calico']
|
when: ansible_os_family != "Container Linux by CoreOS" and kube_network_plugin not in ['canal', 'calico']
|
||||||
|
|
||||||
- name: Preinstall | update resolvconf for CoreOS
|
- name: Preinstall | update resolvconf for Container Linux by CoreOS
|
||||||
command: /bin/true
|
command: /bin/true
|
||||||
notify:
|
notify:
|
||||||
- Preinstall | apply resolvconf cloud-init
|
- Preinstall | apply resolvconf cloud-init
|
||||||
- Preinstall | reload kubelet
|
- Preinstall | reload kubelet
|
||||||
when: ansible_os_family == "CoreOS"
|
when: ansible_os_family == "Container Linux by CoreOS"
|
||||||
|
|
||||||
- name: Preinstall | apply resolvconf cloud-init
|
- name: Preinstall | apply resolvconf cloud-init
|
||||||
command: /usr/bin/coreos-cloudinit --from-file {{ resolveconf_cloud_init_conf }}
|
command: /usr/bin/coreos-cloudinit --from-file {{ resolveconf_cloud_init_conf }}
|
||||||
when: ansible_os_family == "CoreOS"
|
when: ansible_os_family == "Container Linux by CoreOS"
|
||||||
|
|
||||||
- name: Preinstall | reload kubelet
|
- name: Preinstall | reload kubelet
|
||||||
service:
|
service:
|
||||||
|
|
|
@ -2,10 +2,10 @@
|
||||||
- include: pre-upgrade.yml
|
- include: pre-upgrade.yml
|
||||||
tags: [upgrade, bootstrap-os]
|
tags: [upgrade, bootstrap-os]
|
||||||
|
|
||||||
- name: Force binaries directory for CoreOS
|
- name: Force binaries directory for Container Linux by CoreOS
|
||||||
set_fact:
|
set_fact:
|
||||||
bin_dir: "/opt/bin"
|
bin_dir: "/opt/bin"
|
||||||
when: ansible_os_family == "CoreOS"
|
when: ansible_os_family == "Container Linux by CoreOS"
|
||||||
tags: facts
|
tags: facts
|
||||||
|
|
||||||
- name: check bin dir exists
|
- name: check bin dir exists
|
||||||
|
@ -131,7 +131,7 @@
|
||||||
retries: 4
|
retries: 4
|
||||||
delay: "{{ retry_stagger | random + 3 }}"
|
delay: "{{ retry_stagger | random + 3 }}"
|
||||||
with_items: "{{required_pkgs | default([]) | union(common_required_pkgs|default([]))}}"
|
with_items: "{{required_pkgs | default([]) | union(common_required_pkgs|default([]))}}"
|
||||||
when: ansible_os_family != "CoreOS"
|
when: ansible_os_family != "Container Linux by CoreOS"
|
||||||
tags: bootstrap-os
|
tags: bootstrap-os
|
||||||
|
|
||||||
- name: Disable IPv6 DNS lookup
|
- name: Disable IPv6 DNS lookup
|
||||||
|
@ -140,7 +140,7 @@
|
||||||
line: "precedence ::ffff:0:0/96 100"
|
line: "precedence ::ffff:0:0/96 100"
|
||||||
state: present
|
state: present
|
||||||
backup: yes
|
backup: yes
|
||||||
when: disable_ipv6_dns and ansible_os_family != "CoreOS"
|
when: disable_ipv6_dns and ansible_os_family != "Container Linux by CoreOS"
|
||||||
tags: bootstrap-os
|
tags: bootstrap-os
|
||||||
|
|
||||||
# Todo : selinux configuration
|
# Todo : selinux configuration
|
||||||
|
|
|
@ -2,3 +2,7 @@
|
||||||
- name: Stop if non systemd OS type
|
- name: Stop if non systemd OS type
|
||||||
assert:
|
assert:
|
||||||
that: ansible_service_mgr == "systemd"
|
that: ansible_service_mgr == "systemd"
|
||||||
|
|
||||||
|
- name: Stop if obsolete CoreOS family fact value
|
||||||
|
assert:
|
||||||
|
that: ansible_os_family != "CoreOS"
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
---
|
---
|
||||||
- name: create temporary resolveconf cloud init file
|
- name: create temporary resolveconf cloud init file
|
||||||
command: cp -f /etc/resolv.conf "{{ resolvconffile }}"
|
command: cp -f /etc/resolv.conf "{{ resolvconffile }}"
|
||||||
when: ansible_os_family == "CoreOS"
|
when: ansible_os_family == "Container Linux by CoreOS"
|
||||||
|
|
||||||
- name: Remove search/domain/nameserver options
|
- name: Remove search/domain/nameserver options
|
||||||
lineinfile:
|
lineinfile:
|
||||||
|
@ -48,7 +48,7 @@
|
||||||
- name: get temporary resolveconf cloud init file content
|
- name: get temporary resolveconf cloud init file content
|
||||||
command: cat {{ resolvconffile }}
|
command: cat {{ resolvconffile }}
|
||||||
register: cloud_config
|
register: cloud_config
|
||||||
when: ansible_os_family == "CoreOS"
|
when: ansible_os_family == "Container Linux by CoreOS"
|
||||||
|
|
||||||
- name: persist resolvconf cloud init file
|
- name: persist resolvconf cloud init file
|
||||||
template:
|
template:
|
||||||
|
@ -56,9 +56,9 @@
|
||||||
src: resolvconf.j2
|
src: resolvconf.j2
|
||||||
owner: root
|
owner: root
|
||||||
mode: 0644
|
mode: 0644
|
||||||
notify: Preinstall | update resolvconf for CoreOS
|
notify: Preinstall | update resolvconf for Container Linux by CoreOS
|
||||||
when: ansible_os_family == "CoreOS"
|
when: ansible_os_family == "Container Linux by CoreOS"
|
||||||
|
|
||||||
- include: dhclient-hooks.yml
|
- include: dhclient-hooks.yml
|
||||||
when: ansible_os_family != "CoreOS"
|
when: ansible_os_family != "Container Linux by CoreOS"
|
||||||
tags: [bootstrap-os, resolvconf]
|
tags: [bootstrap-os, resolvconf]
|
||||||
|
|
|
@ -35,11 +35,11 @@
|
||||||
{%- if resolvconf|bool -%}/etc/resolvconf/resolv.conf.d/base{%- endif -%}
|
{%- if resolvconf|bool -%}/etc/resolvconf/resolv.conf.d/base{%- endif -%}
|
||||||
head: >-
|
head: >-
|
||||||
{%- if resolvconf|bool -%}/etc/resolvconf/resolv.conf.d/head{%- endif -%}
|
{%- if resolvconf|bool -%}/etc/resolvconf/resolv.conf.d/head{%- endif -%}
|
||||||
when: ansible_os_family != "CoreOS"
|
when: ansible_os_family != "Container Linux by CoreOS"
|
||||||
|
|
||||||
- name: target temporary resolvconf cloud init file (CoreOS)
|
- name: target temporary resolvconf cloud init file (Container Linux by CoreOS)
|
||||||
set_fact: resolvconffile=/tmp/resolveconf_cloud_init_conf
|
set_fact: resolvconffile=/tmp/resolveconf_cloud_init_conf
|
||||||
when: ansible_os_family == "CoreOS"
|
when: ansible_os_family == "Container Linux by CoreOS"
|
||||||
|
|
||||||
- name: target dhclient conf/hook files for Red Hat family
|
- name: target dhclient conf/hook files for Red Hat family
|
||||||
set_fact:
|
set_fact:
|
||||||
|
|
|
@ -74,7 +74,7 @@
|
||||||
/usr/local/share/ca-certificates/kube-ca.crt
|
/usr/local/share/ca-certificates/kube-ca.crt
|
||||||
{%- elif ansible_os_family == "RedHat" -%}
|
{%- elif ansible_os_family == "RedHat" -%}
|
||||||
/etc/pki/ca-trust/source/anchors/kube-ca.crt
|
/etc/pki/ca-trust/source/anchors/kube-ca.crt
|
||||||
{%- elif ansible_os_family == "CoreOS" -%}
|
{%- elif ansible_os_family == "Container Linux by CoreOS" -%}
|
||||||
/etc/ssl/certs/kube-ca.pem
|
/etc/ssl/certs/kube-ca.pem
|
||||||
{%- endif %}
|
{%- endif %}
|
||||||
tags: facts
|
tags: facts
|
||||||
|
@ -86,9 +86,9 @@
|
||||||
remote_src: true
|
remote_src: true
|
||||||
register: kube_ca_cert
|
register: kube_ca_cert
|
||||||
|
|
||||||
- name: Gen_certs | update ca-certificates (Debian/Ubuntu/CoreOS)
|
- name: Gen_certs | update ca-certificates (Debian/Ubuntu/Container Linux by CoreOS)
|
||||||
command: update-ca-certificates
|
command: update-ca-certificates
|
||||||
when: kube_ca_cert.changed and ansible_os_family in ["Debian", "CoreOS"]
|
when: kube_ca_cert.changed and ansible_os_family in ["Debian", "Container Linux by CoreOS"]
|
||||||
|
|
||||||
- name: Gen_certs | update ca-certificates (RedHat)
|
- name: Gen_certs | update ca-certificates (RedHat)
|
||||||
command: update-ca-trust extract
|
command: update-ca-trust extract
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
dependencies:
|
dependencies:
|
||||||
- role: etcd
|
- role: etcd
|
||||||
- role: docker
|
- role: docker
|
||||||
when: ansible_os_family != "CoreOS"
|
when: ansible_os_family != "Container Linux by CoreOS"
|
||||||
- role: download
|
- role: download
|
||||||
file: "{{ downloads.calico_rr }}"
|
file: "{{ downloads.calico_rr }}"
|
||||||
|
|
|
@ -20,7 +20,7 @@
|
||||||
service:
|
service:
|
||||||
name: docker.socket
|
name: docker.socket
|
||||||
state: restarted
|
state: restarted
|
||||||
when: ansible_os_family == 'CoreOS'
|
when: ansible_os_family == 'Container Linux by CoreOS'
|
||||||
|
|
||||||
- name: Flannel | reload docker
|
- name: Flannel | reload docker
|
||||||
service:
|
service:
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
[Service]
|
[Service]
|
||||||
{% if ansible_os_family == "CoreOS" %}
|
{% if ansible_os_family == "Container Linux by CoreOS" %}
|
||||||
Environment="DOCKER_OPT_BIP=--bip={{ flannel_subnet }} --mtu={{ flannel_mtu }}"
|
Environment="DOCKER_OPT_BIP=--bip={{ flannel_subnet }} --mtu={{ flannel_mtu }}"
|
||||||
{% else %}
|
{% else %}
|
||||||
Environment="DOCKER_NETWORK_OPTIONS=--bip={{ flannel_subnet }} --mtu={{ flannel_mtu }}"
|
Environment="DOCKER_NETWORK_OPTIONS=--bip={{ flannel_subnet }} --mtu={{ flannel_mtu }}"
|
||||||
|
|
|
@ -7,14 +7,14 @@
|
||||||
|
|
||||||
tasks:
|
tasks:
|
||||||
|
|
||||||
- name: Force binaries directory for CoreOS
|
- name: Force binaries directory for Container Linux by CoreOS
|
||||||
set_fact:
|
set_fact:
|
||||||
bin_dir: "/opt/bin"
|
bin_dir: "/opt/bin"
|
||||||
when: ansible_os_family == "CoreOS"
|
when: ansible_os_family == "Container Linux by CoreOS"
|
||||||
|
|
||||||
- set_fact:
|
- set_fact:
|
||||||
bin_dir: "/usr/local/bin"
|
bin_dir: "/usr/local/bin"
|
||||||
when: ansible_os_family != "CoreOS"
|
when: ansible_os_family != "Container Linux by CoreOS"
|
||||||
|
|
||||||
- name: Run a replica controller composed of 2 pods
|
- name: Run a replica controller composed of 2 pods
|
||||||
shell: "{{bin_dir}}/kubectl run test --image={{test_image_repo}}:{{test_image_tag}} --replicas=2 --command -- tail -f /dev/null"
|
shell: "{{bin_dir}}/kubectl run test --image={{test_image_repo}}:{{test_image_tag}} --replicas=2 --command -- tail -f /dev/null"
|
||||||
|
|
|
@ -3,14 +3,14 @@
|
||||||
|
|
||||||
tasks:
|
tasks:
|
||||||
|
|
||||||
- name: Force binaries directory for CoreOS
|
- name: Force binaries directory for Container Linux by CoreOS
|
||||||
set_fact:
|
set_fact:
|
||||||
bin_dir: "/opt/bin"
|
bin_dir: "/opt/bin"
|
||||||
when: ansible_os_family == "CoreOS"
|
when: ansible_os_family == "Container Linux by CoreOS"
|
||||||
|
|
||||||
- set_fact:
|
- set_fact:
|
||||||
bin_dir: "/usr/local/bin"
|
bin_dir: "/usr/local/bin"
|
||||||
when: ansible_os_family != "CoreOS"
|
when: ansible_os_family != "Container Linux by CoreOS"
|
||||||
|
|
||||||
- name: Get pod names
|
- name: Get pod names
|
||||||
shell: "{{bin_dir}}/kubectl get pods -o json"
|
shell: "{{bin_dir}}/kubectl get pods -o json"
|
||||||
|
|
|
@ -12,14 +12,14 @@
|
||||||
netchecker_port: 31081
|
netchecker_port: 31081
|
||||||
|
|
||||||
tasks:
|
tasks:
|
||||||
- name: Force binaries directory for CoreOS
|
- name: Force binaries directory for Container Linux by CoreOS
|
||||||
set_fact:
|
set_fact:
|
||||||
bin_dir: "/opt/bin"
|
bin_dir: "/opt/bin"
|
||||||
when: ansible_os_family == "CoreOS"
|
when: ansible_os_family == "Container Linux by CoreOS"
|
||||||
|
|
||||||
- set_fact:
|
- set_fact:
|
||||||
bin_dir: "/usr/local/bin"
|
bin_dir: "/usr/local/bin"
|
||||||
when: ansible_os_family != "CoreOS"
|
when: ansible_os_family != "Container Linux by CoreOS"
|
||||||
|
|
||||||
- name: Wait for netchecker server
|
- name: Wait for netchecker server
|
||||||
shell: "{{ bin_dir }}/kubectl get pods --namespace {{netcheck_namespace}} | grep ^netchecker-server"
|
shell: "{{ bin_dir }}/kubectl get pods --namespace {{netcheck_namespace}} | grep ^netchecker-server"
|
||||||
|
|
Loading…
Reference in a new issue