ansible-lint: add spaces around variables [E206] (#4699)

This commit is contained in:
MarkusTeufelberger 2019-05-02 23:24:21 +02:00 committed by Kubernetes Prow Robot
parent 560f50d3cd
commit e67f848abc
88 changed files with 363 additions and 353 deletions

View file

@ -5,7 +5,6 @@ skip_list:
# The following rules throw errors.
# These either still need to be corrected in the repository and the rules re-enabled or they are skipped on purpose.
- '204'
- '206'
- '301'
- '305'
- '306'

View file

@ -34,7 +34,7 @@
pre_tasks:
- name: gather facts from all instances
setup:
delegate_to: "{{item}}"
delegate_to: "{{ item }}"
delegate_facts: true
with_items: "{{ groups['k8s-cluster'] + groups['etcd'] + groups['calico-rr']|default([]) }}"
run_once: true
@ -46,7 +46,7 @@
- { role: kubernetes/preinstall, tags: preinstall }
- { role: "container-engine", tags: "container-engine", when: deploy_container_engine|default(true) }
- { role: download, tags: download, when: "not skip_downloads" }
environment: "{{proxy_env}}"
environment: "{{ proxy_env }}"
- hosts: etcd
any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
@ -65,7 +65,7 @@
roles:
- { role: kubespray-defaults}
- { role: kubernetes/node, tags: node }
environment: "{{proxy_env}}"
environment: "{{ proxy_env }}"
- hosts: kube-master
any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
@ -109,7 +109,7 @@
roles:
- { role: kubespray-defaults}
- { role: kubernetes-apps, tags: apps }
environment: "{{proxy_env}}"
environment: "{{ proxy_env }}"
- hosts: k8s-cluster
any_errors_fatal: "{{ any_errors_fatal | default(true) }}"

View file

@ -8,4 +8,6 @@
vm_list: "{{ vm_list_cmd.stdout }}"
- name: Generate inventory
template: src=inventory.j2 dest="{{playbook_dir}}/inventory"
template:
src: inventory.j2
dest: "{{ playbook_dir }}/inventory"

View file

@ -13,4 +13,6 @@
vm_roles_list: "{{ vm_list_cmd.stdout }}"
- name: Generate inventory
template: src=inventory.j2 dest="{{playbook_dir}}/inventory"
template:
src: inventory.j2
dest: "{{ playbook_dir }}/inventory"

View file

@ -1,10 +1,15 @@
---
- set_fact:
base_dir: "{{playbook_dir}}/.generated/"
base_dir: "{{ playbook_dir }}/.generated/"
- file: path={{base_dir}} state=directory recurse=true
- file:
path: "{{ base_dir }}"
state: directory
recurse: true
- template: src={{item}} dest="{{base_dir}}/{{item}}"
- template:
src: "{{ item }}"
dest: "{{ base_dir }}/{{ item }}"
with_items:
- network.json
- storage.json

View file

@ -12,7 +12,7 @@
- name: Null-ify some linux tools to ease DIND
file:
src: "/bin/true"
dest: "{{item}}"
dest: "{{ item }}"
state: link
force: yes
with_items:
@ -52,7 +52,7 @@
- rsyslog
- "{{ distro_ssh_service }}"
- name: Create distro user "{{distro_user}}"
- name: Create distro user "{{ distro_user }}"
user:
name: "{{ distro_user }}"
uid: 1000

View file

@ -28,7 +28,7 @@
- /lib/modules:/lib/modules
- "{{ item }}:/dind/docker"
register: containers
with_items: "{{groups.containers}}"
with_items: "{{ groups.containers }}"
tags:
- addresses

View file

@ -9,7 +9,7 @@
- name: "Kubernetes Apps | Install and configure MetalLB"
kube:
name: "MetalLB"
kubectl: "{{bin_dir}}/kubectl"
kubectl: "{{ bin_dir }}/kubectl"
filename: "{{ kube_config_dir }}/{{ item.item }}"
state: "{{ item.changed | ternary('latest','present') }}"
become: true

View file

@ -1,6 +1,8 @@
---
- name: Kubernetes Apps | Lay Down k8s GlusterFS Endpoint and PV
template: src={{item.file}} dest={{kube_config_dir}}/{{item.dest}}
template:
src: "{{ item.file }}"
dest: "{{ kube_config_dir }}/{{ item.dest }}"
with_items:
- { file: glusterfs-kubernetes-endpoint.json.j2, type: ep, dest: glusterfs-kubernetes-endpoint.json}
- { file: glusterfs-kubernetes-pv.yml.j2, type: pv, dest: glusterfs-kubernetes-pv.yml}
@ -12,9 +14,9 @@
kube:
name: glusterfs
namespace: default
kubectl: "{{bin_dir}}/kubectl"
resource: "{{item.item.type}}"
filename: "{{kube_config_dir}}/{{item.item.dest}}"
state: "{{item.changed | ternary('latest','present') }}"
kubectl: "{{ bin_dir }}/kubectl"
resource: "{{ item.item.type }}"
filename: "{{ kube_config_dir }}/{{ item.item.dest }}"
state: "{{ item.changed | ternary('latest','present') }}"
with_items: "{{ gluster_pv.results }}"
when: inventory_hostname == groups['kube-master'][0] and groups['gfs-cluster'] is defined

View file

@ -6,7 +6,7 @@
- name: "Kubernetes Apps | Install and configure Heketi Bootstrap"
kube:
name: "GlusterFS"
kubectl: "{{bin_dir}}/kubectl"
kubectl: "{{ bin_dir }}/kubectl"
filename: "{{ kube_config_dir }}/heketi-bootstrap.json"
state: "{{ rendering.changed | ternary('latest', 'present') }}"
- name: "Wait for heketi bootstrap to complete."

View file

@ -6,7 +6,7 @@
- name: "Create heketi storage."
kube:
name: "GlusterFS"
kubectl: "{{bin_dir}}/kubectl"
kubectl: "{{ bin_dir }}/kubectl"
filename: "{{ kube_config_dir }}/heketi-storage-bootstrap.json"
state: "present"
vars:

View file

@ -6,7 +6,7 @@
- name: "Kubernetes Apps | Install and configure GlusterFS daemonset"
kube:
name: "GlusterFS"
kubectl: "{{bin_dir}}/kubectl"
kubectl: "{{ bin_dir }}/kubectl"
filename: "{{ kube_config_dir }}/glusterfs-daemonset.json"
state: "{{ rendering.changed | ternary('latest', 'present') }}"
- name: "Kubernetes Apps | Label GlusterFS nodes"
@ -33,6 +33,6 @@
- name: "Kubernetes Apps | Install and configure Heketi Service Account"
kube:
name: "GlusterFS"
kubectl: "{{bin_dir}}/kubectl"
kubectl: "{{ bin_dir }}/kubectl"
filename: "{{ kube_config_dir }}/heketi-service-account.json"
state: "{{ rendering.changed | ternary('latest', 'present') }}"

View file

@ -6,7 +6,7 @@
- name: "Kubernetes Apps | Install and configure Heketi"
kube:
name: "GlusterFS"
kubectl: "{{bin_dir}}/kubectl"
kubectl: "{{ bin_dir }}/kubectl"
filename: "{{ kube_config_dir }}/heketi-deployment.json"
state: "{{ rendering.changed | ternary('latest', 'present') }}"
- name: "Ensure heketi is up and running."

View file

@ -7,7 +7,7 @@
- name: "Kubernetes Apps | Test Heketi"
register: "heketi_service_state"
command: "{{bin_dir}}/kubectl get service heketi-storage-endpoints -o=name --ignore-not-found=true"
command: "{{ bin_dir }}/kubectl get service heketi-storage-endpoints -o=name --ignore-not-found=true"
changed_when: false
- name: "Kubernetes Apps | Bootstrap Heketi"

View file

@ -1,19 +1,19 @@
---
- register: "clusterrolebinding_state"
command: "{{bin_dir}}/kubectl get clusterrolebinding heketi-gluster-admin -o=name --ignore-not-found=true"
command: "{{ bin_dir }}/kubectl get clusterrolebinding heketi-gluster-admin -o=name --ignore-not-found=true"
changed_when: false
- name: "Kubernetes Apps | Deploy cluster role binding."
when: "clusterrolebinding_state.stdout == \"\""
command: "{{bin_dir}}/kubectl create clusterrolebinding heketi-gluster-admin --clusterrole=edit --serviceaccount=default:heketi-service-account"
command: "{{ bin_dir }}/kubectl create clusterrolebinding heketi-gluster-admin --clusterrole=edit --serviceaccount=default:heketi-service-account"
- register: "clusterrolebinding_state"
command: "{{bin_dir}}/kubectl get clusterrolebinding heketi-gluster-admin -o=name --ignore-not-found=true"
command: "{{ bin_dir }}/kubectl get clusterrolebinding heketi-gluster-admin -o=name --ignore-not-found=true"
changed_when: false
- assert:
that: "clusterrolebinding_state.stdout != \"\""
msg: "Cluster role binding is not present."
- register: "secret_state"
command: "{{bin_dir}}/kubectl get secret heketi-config-secret -o=name --ignore-not-found=true"
command: "{{ bin_dir }}/kubectl get secret heketi-config-secret -o=name --ignore-not-found=true"
changed_when: false
- name: "Render Heketi secret configuration."
become: true
@ -22,9 +22,9 @@
dest: "{{ kube_config_dir }}/heketi.json"
- name: "Deploy Heketi config secret"
when: "secret_state.stdout == \"\""
command: "{{bin_dir}}/kubectl create secret generic heketi-config-secret --from-file={{ kube_config_dir }}/heketi.json"
command: "{{ bin_dir }}/kubectl create secret generic heketi-config-secret --from-file={{ kube_config_dir }}/heketi.json"
- register: "secret_state"
command: "{{bin_dir}}/kubectl get secret heketi-config-secret -o=name --ignore-not-found=true"
command: "{{ bin_dir }}/kubectl get secret heketi-config-secret -o=name --ignore-not-found=true"
changed_when: false
- assert:
that: "secret_state.stdout != \"\""

View file

@ -7,6 +7,6 @@
- name: "Kubernetes Apps | Install and configure Heketi Storage"
kube:
name: "GlusterFS"
kubectl: "{{bin_dir}}/kubectl"
kubectl: "{{ bin_dir }}/kubectl"
filename: "{{ kube_config_dir }}/heketi-storage.json"
state: "{{ rendering.changed | ternary('latest', 'present') }}"

View file

@ -20,6 +20,6 @@
- name: "Kubernetes Apps | Install and configure Storace Class"
kube:
name: "GlusterFS"
kubectl: "{{bin_dir}}/kubectl"
kubectl: "{{ bin_dir }}/kubectl"
filename: "{{ kube_config_dir }}/storageclass.yml"
state: "{{ rendering.changed | ternary('latest', 'present') }}"

View file

@ -11,7 +11,7 @@
until: vault_etcd_health_check.status == 200 or vault_etcd_health_check.status == 401
retries: 3
delay: 2
delegate_to: "{{groups['etcd'][0]}}"
delegate_to: "{{ groups['etcd'][0] }}"
run_once: true
failed_when: false
register: vault_etcd_health_check

View file

@ -3,29 +3,29 @@
strategy: linear
vars:
mitogen_version: master
mitogen_url: https://github.com/dw/mitogen/archive/{{mitogen_version}}.zip
mitogen_url: https://github.com/dw/mitogen/archive/{{ mitogen_version }}.zip
tasks:
- name: Create mitogen plugin dir
file:
path: "{{item}}"
path: "{{ item }}"
state: directory
become: false
loop:
- "{{playbook_dir}}/plugins/mitogen"
- "{{playbook_dir}}/dist"
- "{{ playbook_dir }}/plugins/mitogen"
- "{{ playbook_dir }}/dist"
- name: download mitogen release
get_url:
url: "{{mitogen_url}}"
dest: "{{playbook_dir}}/dist/mitogen_{{mitogen_version}}.zip"
url: "{{ mitogen_url }}"
dest: "{{ playbook_dir }}/dist/mitogen_{{ mitogen_version }}.zip"
validate_certs: true
- name: extract zip
unarchive:
src: "{{playbook_dir}}/dist/mitogen_{{mitogen_version}}.zip"
dest: "{{playbook_dir}}/dist/"
src: "{{ playbook_dir }}/dist/mitogen_{{ mitogen_version }}.zip"
dest: "{{ playbook_dir }}/dist/"
- name: copy plugin
synchronize:
src: "{{playbook_dir}}/dist/mitogen-{{mitogen_version}}/"
dest: "{{playbook_dir}}/plugins/mitogen"
src: "{{ playbook_dir }}/dist/mitogen-{{ mitogen_version }}/"
dest: "{{ playbook_dir }}/plugins/mitogen"

View file

@ -1,15 +1,15 @@
---
- name: User | Create User Group
group:
name: "{{user.group|default(user.name)}}"
system: "{{user.system|default(omit)}}"
name: "{{ user.group|default(user.name) }}"
system: "{{ user.system|default(omit) }}"
- name: User | Create User
user:
comment: "{{user.comment|default(omit)}}"
createhome: "{{user.createhome|default(omit)}}"
group: "{{user.group|default(user.name)}}"
home: "{{user.home|default(omit)}}"
shell: "{{user.shell|default(omit)}}"
name: "{{user.name}}"
system: "{{user.system|default(omit)}}"
comment: "{{ user.comment|default(omit) }}"
createhome: "{{ user.createhome|default(omit) }}"
group: "{{ user.group|default(user.name) }}"
home: "{{ user.home|default(omit) }}"
shell: "{{ user.shell|default(omit) }}"
name: "{{ user.name }}"
system: "{{ user.system|default(omit) }}"

View file

@ -54,8 +54,8 @@
- name: ensure docker-ce repository public key is installed
action: "{{ docker_repo_key_info.pkg_key }}"
args:
id: "{{item}}"
url: "{{docker_repo_key_info.url}}"
id: "{{ item }}"
url: "{{ docker_repo_key_info.url }}"
state: present
register: keyserver_task_result
until: keyserver_task_result is succeeded
@ -67,7 +67,7 @@
- name: ensure docker-ce repository is enabled
action: "{{ docker_repo_info.pkg_repo }}"
args:
repo: "{{item}}"
repo: "{{ item }}"
state: present
with_items: "{{ docker_repo_info.repos }}"
when: not (ansible_os_family in ["CoreOS", "Container Linux by CoreOS", "RedHat", "Suse", "ClearLinux"] or is_atomic) and (docker_repo_info.repos|length > 0)
@ -75,8 +75,8 @@
- name: ensure docker-engine repository public key is installed
action: "{{ dockerproject_repo_key_info.pkg_key }}"
args:
id: "{{item}}"
url: "{{dockerproject_repo_key_info.url}}"
id: "{{ item }}"
url: "{{ dockerproject_repo_key_info.url }}"
state: present
register: keyserver_task_result
until: keyserver_task_result is succeeded
@ -90,7 +90,7 @@
- name: ensure docker-engine repository is enabled
action: "{{ dockerproject_repo_info.pkg_repo }}"
args:
repo: "{{item}}"
repo: "{{ item }}"
state: present
with_items: "{{ dockerproject_repo_info.repos }}"
when:
@ -123,7 +123,7 @@
baseurl: "{{ extras_rh_repo_base_url }}"
file: "extras"
gpgcheck: yes
gpgkey: "{{extras_rh_repo_gpgkey}}"
gpgkey: "{{ extras_rh_repo_gpgkey }}"
keepcache: "{{ docker_rpm_keepcache | default('1') }}"
proxy: " {{ http_proxy | default('_none_') }}"
when:
@ -148,10 +148,10 @@
- name: ensure docker packages are installed
action: "{{ docker_package_info.pkg_mgr }}"
args:
pkg: "{{item.name}}"
force: "{{item.force|default(omit)}}"
conf_file: "{{item.yum_conf|default(omit)}}"
state: "{{item.state | default('present')}}"
pkg: "{{ item.name }}"
force: "{{ item.force|default(omit) }}"
conf_file: "{{ item.yum_conf|default(omit) }}"
state: "{{ item.state | default('present') }}"
update_cache: "{{ omit if ansible_distribution == 'Fedora' else True }}"
register: docker_task_result
until: docker_task_result is succeeded
@ -166,7 +166,7 @@
action: "{{ docker_package_info.pkg_mgr }}"
args:
name: "{{ item.name }}"
state: "{{item.state | default('present')}}"
state: "{{ item.state | default('present') }}"
with_items: "{{ docker_package_info.pkgs }}"
register: docker_task_result
until: docker_task_result is succeeded
@ -185,7 +185,7 @@
- name: show available packages on ubuntu
fail:
msg: "{{available_packages}}"
msg: "{{ available_packages }}"
when:
- docker_task_result is failed
- ansible_distribution == 'Ubuntu'

View file

@ -2,11 +2,11 @@
- name: set dns server for docker
set_fact:
docker_dns_servers: "{{dns_servers}}"
docker_dns_servers: "{{ dns_servers }}"
- name: show docker_dns_servers
debug:
msg: "{{docker_dns_servers}}"
msg: "{{ docker_dns_servers }}"
- name: set base docker dns facts
set_fact:

View file

@ -29,7 +29,7 @@ download_always_pull: False
download_validate_certs: True
# Use the first kube-master if download_localhost is not set
download_delegate: "{% if download_localhost %}localhost{% else %}{{groups['kube-master'][0]}}{% endif %}"
download_delegate: "{% if download_localhost %}localhost{% else %}{{ groups['kube-master'][0] }}{% endif %}"
# Arch of Docker images and needed packages
image_arch: "{{host_architecture | default('amd64')}}"

View file

@ -7,7 +7,7 @@
- name: file_download | Create dest directory
file:
path: "{{download.dest|dirname}}"
path: "{{ download.dest | dirname }}"
state: directory
recurse: yes
when:
@ -20,9 +20,9 @@
# to one task in the future.
- name: file_download | Download item (delegate)
get_url:
url: "{{download.url}}"
dest: "{{download.dest}}"
sha256sum: "{{download.sha256 | default(omit)}}"
url: "{{ download.url }}"
dest: "{{ download.dest }}"
sha256sum: "{{ download.sha256|default(omit) }}"
owner: "{{ download.owner|default(omit) }}"
mode: "{{ download.mode|default(omit) }}"
validate_certs: "{{ download_validate_certs }}"
@ -43,9 +43,9 @@
- name: file_download | Download item (all)
get_url:
url: "{{download.url}}"
dest: "{{download.dest}}"
sha256sum: "{{download.sha256 | default(omit)}}"
url: "{{ download.url }}"
dest: "{{ download.dest }}"
sha256sum: "{{ download.sha256|default(omit) }}"
owner: "{{ download.owner|default(omit) }}"
mode: "{{ download.mode|default(omit) }}"
validate_certs: "{{ download_validate_certs }}"
@ -64,8 +64,8 @@
- name: file_download | Extract archives
unarchive:
src: "{{download.dest}}"
dest: "{{download.dest|dirname}}"
src: "{{ download.dest }}"
dest: "{{ download.dest |dirname }}"
owner: "{{ download.owner|default(omit) }}"
mode: "{{ download.mode|default(omit) }}"
copy: no

View file

@ -11,16 +11,16 @@
- name: container_download | Create dest directory for saved/loaded container images
file:
path: "{{local_release_dir}}/containers"
path: "{{ local_release_dir }}/containers"
state: directory
recurse: yes
mode: 0755
owner: "{{ansible_ssh_user|default(ansible_user_id)}}"
owner: "{{ ansible_ssh_user|default(ansible_user_id) }}"
when: download_container
- name: container_download | create local directory for saved/loaded container images
file:
path: "{{local_release_dir}}/containers"
path: "{{ local_release_dir }}/containers"
state: directory
recurse: yes
delegate_to: localhost

View file

@ -5,7 +5,7 @@
- set_fact:
pull_args: >-
{%- if pull_by_digest %}{{download.repo}}@sha256:{{download.sha256}}{%- else -%}{{download.repo}}:{{download.tag}}{%- endif -%}
{%- if pull_by_digest %}{{ download.repo }}@sha256:{{ download.sha256 }}{%- else -%}{{ download.repo }}:{{ download.tag }}{%- endif -%}
- name: Register docker images info
shell: >-
@ -33,7 +33,7 @@
- name: Check the local digest sha256 corresponds to the given image tag
assert:
that: "{{download.repo}}:{{download.tag}} in docker_images.stdout.split(',')"
that: "{{ download.repo }}:{{ download.tag }} in docker_images.stdout.split(',')"
when:
- not download_always_pull
- not pull_required

View file

@ -8,7 +8,7 @@
- facts
- set_fact:
fname: "{{local_release_dir}}/containers/{{download.repo|regex_replace('/|\0|:', '_')}}:{{download.tag|default(download.sha256)|regex_replace('/|\0|:', '_')}}.tar"
fname: "{{ local_release_dir }}/containers/{{ download.repo|regex_replace('/|\0|:', '_') }}:{{ download.tag|default(download.sha256)|regex_replace('/|\0|:', '_') }}.tar"
run_once: true
when:
- download.enabled
@ -20,7 +20,7 @@
- name: "container_download | Set default value for 'container_changed' to false"
set_fact:
container_changed: "{{pull_required|default(false)}}"
container_changed: "{{ pull_required|default(false) }}"
when:
- download.enabled
- download.container

View file

@ -1,7 +1,7 @@
---
- name: file_download | create local download destination directory
file:
path: "{{download.dest|dirname}}"
path: "{{ download.dest|dirname }}"
state: directory
recurse: yes
mode: 0755

View file

@ -4,7 +4,7 @@
paths: "{{ etcd_cert_dir }}"
patterns: "ca.pem,node*.pem"
get_checksum: true
delegate_to: "{{groups['etcd'][0]}}"
delegate_to: "{{ groups['etcd'][0] }}"
register: etcdcert_master
run_once: true
@ -30,10 +30,10 @@
with_items: "{{ expected_files }}"
vars:
expected_files: >-
['{{etcd_cert_dir}}/ca.pem',
['{{ etcd_cert_dir }}/ca.pem',
{% set all_etcd_hosts = groups['k8s-cluster']|union(groups['etcd'])|union(groups['calico-rr']|default([]))|unique|sort %}
{% for host in all_etcd_hosts %}
'{{etcd_cert_dir}}/node-{{ host }}-key.pem'
'{{ etcd_cert_dir }}/node-{{ host }}-key.pem'
{% if not loop.last %}{{','}}{% endif %}
{% endfor %}]

View file

@ -8,7 +8,7 @@
mode: 0700
recurse: yes
- name: "Gen_certs | create etcd script dir (on {{groups['etcd'][0]}})"
- name: "Gen_certs | create etcd script dir (on {{ groups['etcd'][0] }})"
file:
path: "{{ etcd_script_dir }}"
state: directory
@ -16,9 +16,9 @@
mode: 0700
run_once: yes
when: inventory_hostname == groups['etcd'][0]
delegate_to: "{{groups['etcd'][0]}}"
delegate_to: "{{ groups['etcd'][0] }}"
- name: "Gen_certs | create etcd cert dir (on {{groups['etcd'][0]}})"
- name: "Gen_certs | create etcd cert dir (on {{ groups['etcd'][0] }})"
file:
path: "{{ etcd_cert_dir }}"
group: "{{ etcd_cert_group }}"
@ -28,14 +28,14 @@
mode: 0700
run_once: yes
when: inventory_hostname == groups['etcd'][0]
delegate_to: "{{groups['etcd'][0]}}"
delegate_to: "{{ groups['etcd'][0] }}"
- name: Gen_certs | write openssl config
template:
src: "openssl.conf.j2"
dest: "{{ etcd_config_dir }}/openssl.conf"
run_once: yes
delegate_to: "{{groups['etcd'][0]}}"
delegate_to: "{{ groups['etcd'][0] }}"
when:
- gen_certs|default(false)
- inventory_hostname == groups['etcd'][0]
@ -46,7 +46,7 @@
dest: "{{ etcd_script_dir }}/make-ssl-etcd.sh"
mode: 0700
run_once: yes
delegate_to: "{{groups['etcd'][0]}}"
delegate_to: "{{ groups['etcd'][0] }}"
when:
- gen_certs|default(false)
- inventory_hostname == groups['etcd'][0]
@ -65,7 +65,7 @@
{% endif %}
{% endfor %}"
run_once: yes
delegate_to: "{{groups['etcd'][0]}}"
delegate_to: "{{ groups['etcd'][0] }}"
when:
- gen_certs|default(false)
notify: set etcd_secret_changed
@ -87,7 +87,7 @@
'{{ etcd_cert_dir }}/node-{{ node }}.pem',
'{{ etcd_cert_dir }}/node-{{ node }}-key.pem',
{% endfor %}]"
delegate_to: "{{groups['etcd'][0]}}"
delegate_to: "{{ groups['etcd'][0] }}"
when:
- inventory_hostname in groups['etcd']
- sync_certs|default(false)
@ -133,13 +133,13 @@
no_log: true
register: etcd_node_certs
check_mode: no
delegate_to: "{{groups['etcd'][0]}}"
delegate_to: "{{ groups['etcd'][0] }}"
when: (('calico-rr' in groups and inventory_hostname in groups['calico-rr']) or
inventory_hostname in groups['k8s-cluster']) and
sync_certs|default(false) and inventory_hostname not in groups['etcd']
- name: Gen_certs | Copy certs on nodes
shell: "base64 -d <<< '{{etcd_node_certs.stdout|quote}}' | tar xz -C {{ etcd_cert_dir }}"
shell: "base64 -d <<< '{{ etcd_node_certs.stdout|quote }}' | tar xz -C {{ etcd_cert_dir }}"
args:
executable: /bin/bash
no_log: true

View file

@ -8,9 +8,9 @@
set_fact:
host_architecture: >-
{%- if ansible_architecture in architecture_groups -%}
{{architecture_groups[ansible_architecture]}}
{{ architecture_groups[ansible_architecture] }}
{%- else -%}
{{ansible_architecture}}
{{ ansible_architecture }}
{% endif %}
- include_tasks: check_certs.yml

View file

@ -13,7 +13,7 @@
name: "netchecker-server"
namespace: "{{ netcheck_namespace }}"
filename: "{{ netchecker_server_manifest.stat.path }}"
kubectl: "{{bin_dir}}/kubectl"
kubectl: "{{ bin_dir }}/kubectl"
resource: "deploy"
state: latest
when: inventory_hostname == groups['kube-master'][0] and netchecker_server_manifest.stat.exists
@ -39,13 +39,13 @@
- name: Kubernetes Apps | Append extra templates to Netchecker Templates list for PodSecurityPolicy
set_fact:
netchecker_templates: "{{ netchecker_templates_for_psp + netchecker_templates}}"
netchecker_templates: "{{ netchecker_templates_for_psp + netchecker_templates }}"
when: podsecuritypolicy_enabled
- name: Kubernetes Apps | Lay Down Netchecker Template
template:
src: "{{item.file}}.j2"
dest: "{{kube_config_dir}}/{{item.file}}"
src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/{{ item.file }}"
with_items: "{{ netchecker_templates }}"
register: manifests
when:
@ -53,11 +53,11 @@
- name: Kubernetes Apps | Start Netchecker Resources
kube:
name: "{{item.item.name}}"
namespace: "{{netcheck_namespace}}"
kubectl: "{{bin_dir}}/kubectl"
resource: "{{item.item.type}}"
filename: "{{kube_config_dir}}/{{item.item.file}}"
name: "{{ item.item.name }}"
namespace: "{{ netcheck_namespace }}"
kubectl: "{{ bin_dir }}/kubectl"
resource: "{{ item.item.type }}"
filename: "{{ kube_config_dir }}/{{ item.item.file }}"
state: "latest"
with_items: "{{ manifests.results }}"
when: inventory_hostname == groups['kube-master'][0] and not item is skipped

View file

@ -41,10 +41,10 @@
- name: Kubernetes Apps | Add policies, roles, bindings for PodSecurityPolicy
kube:
name: "{{item.item.name}}"
kubectl: "{{bin_dir}}/kubectl"
resource: "{{item.item.type}}"
filename: "{{kube_config_dir}}/{{item.item.file}}"
name: "{{ item.item.name }}"
kubectl: "{{ bin_dir }}/kubectl"
resource: "{{ item.item.type }}"
filename: "{{ kube_config_dir }}/{{ item.item.file }}"
state: "latest"
register: result
until: result is succeeded
@ -69,7 +69,7 @@
- name: Apply workaround to allow all nodes with cert O=system:nodes to register
kube:
name: "kubespray:system:node"
kubectl: "{{bin_dir}}/kubectl"
kubectl: "{{ bin_dir }}/kubectl"
resource: "clusterrolebinding"
filename: "{{ kube_config_dir }}/node-crb.yml"
state: latest
@ -96,7 +96,7 @@
- name: Apply webhook ClusterRole
kube:
name: "system:node-webhook"
kubectl: "{{bin_dir}}/kubectl"
kubectl: "{{ bin_dir }}/kubectl"
resource: "clusterrole"
filename: "{{ kube_config_dir }}/node-webhook-cr.yml"
state: latest
@ -121,7 +121,7 @@
- name: Grant system:nodes the webhook ClusterRole
kube:
name: "system:node-webhook"
kubectl: "{{bin_dir}}/kubectl"
kubectl: "{{ bin_dir }}/kubectl"
resource: "clusterrolebinding"
filename: "{{ kube_config_dir }}/node-webhook-crb.yml"
state: latest
@ -164,7 +164,7 @@
- name: Apply vsphere-cloud-provider ClusterRole
kube:
name: "system:vsphere-cloud-provider"
kubectl: "{{bin_dir}}/kubectl"
kubectl: "{{ bin_dir }}/kubectl"
resource: "clusterrolebinding"
filename: "{{ kube_config_dir }}/vsphere-rbac.yml"
state: latest
@ -194,7 +194,7 @@
- name: PriorityClass | Create k8s-cluster-critical
kube:
name: k8s-cluster-critical
kubectl: "{{bin_dir}}/kubectl"
kubectl: "{{ bin_dir }}/kubectl"
resource: "PriorityClass"
filename: "{{ kube_config_dir }}/k8s-cluster-critical-pc.yml"
state: latest

View file

@ -10,7 +10,7 @@
- name: Apply OCI RBAC
kube:
kubectl: "{{bin_dir}}/kubectl"
kubectl: "{{ bin_dir }}/kubectl"
filename: "{{ kube_config_dir }}/oci-rbac.yml"
when:
- cloud_provider is defined

View file

@ -13,12 +13,12 @@
- name: Container Engine Acceleration Nvidia GPU | Set fact of download url Tesla
set_fact:
nvidia_driver_download_url_default: "{{nvidia_gpu_tesla_base_url}}{{nvidia_url_end}}"
nvidia_driver_download_url_default: "{{ nvidia_gpu_tesla_base_url }}{{ nvidia_url_end }}"
when: nvidia_gpu_flavor|lower == "tesla"
- name: Container Engine Acceleration Nvidia GPU | Set fact of download url GTX
set_fact:
nvidia_driver_download_url_default: "{{nvidia_gpu_gtx_base_url}}{{nvidia_url_end}}"
nvidia_driver_download_url_default: "{{ nvidia_gpu_gtx_base_url }}{{ nvidia_url_end }}"
when: nvidia_gpu_flavor|lower == "gtx"
- name: Container Engine Acceleration Nvidia GPU | Create addon dir
@ -49,6 +49,6 @@
filename: "{{ kube_config_dir }}/addons/container_engine_accelerator/{{ item.item.file }}"
state: "latest"
with_items:
- "{{container_engine_accelerator_manifests.results}}"
- "{{ container_engine_accelerator_manifests.results }}"
when:
- inventory_hostname == groups['kube-master'][0] and nvidia_driver_install_container and nvidia_driver_install_supported

View file

@ -9,7 +9,7 @@
delegate_to: "{{ item[0] }}"
with_nested:
- "{{ groups['k8s-cluster'] }}"
- "{{ local_volume_provisioner_storage_classes.keys() | list}}"
- "{{ local_volume_provisioner_storage_classes.keys() | list }}"
- name: Local Volume Provisioner | Create addon dir
file:

View file

@ -1,15 +1,15 @@
---
- name: "Gen_helm_tiller_certs | Create helm config directory (on {{groups['kube-master'][0]}})"
- name: "Gen_helm_tiller_certs | Create helm config directory (on {{ groups['kube-master'][0] }})"
run_once: yes
delegate_to: "{{groups['kube-master'][0]}}"
delegate_to: "{{ groups['kube-master'][0] }}"
file:
path: "{{ helm_config_dir }}"
state: directory
owner: kube
- name: "Gen_helm_tiller_certs | Create helm script directory (on {{groups['kube-master'][0]}})"
- name: "Gen_helm_tiller_certs | Create helm script directory (on {{ groups['kube-master'][0] }})"
run_once: yes
delegate_to: "{{groups['kube-master'][0]}}"
delegate_to: "{{ groups['kube-master'][0] }}"
file:
path: "{{ helm_script_dir }}"
state: directory
@ -17,24 +17,24 @@
- name: Gen_helm_tiller_certs | Copy certs generation script
run_once: yes
delegate_to: "{{groups['kube-master'][0]}}"
delegate_to: "{{ groups['kube-master'][0] }}"
template:
src: "helm-make-ssl.sh.j2"
dest: "{{ helm_script_dir }}/helm-make-ssl.sh"
mode: 0700
- name: "Check_helm_certs | check if helm client certs have already been generated on first master (on {{groups['kube-master'][0]}})"
- name: "Check_helm_certs | check if helm client certs have already been generated on first master (on {{ groups['kube-master'][0] }})"
find:
paths: "{{ helm_home_dir }}"
patterns: "*.pem"
get_checksum: true
delegate_to: "{{groups['kube-master'][0]}}"
delegate_to: "{{ groups['kube-master'][0] }}"
register: helmcert_master
run_once: true
- name: Gen_helm_tiller_certs | run cert generation script
run_once: yes
delegate_to: "{{groups['kube-master'][0]}}"
delegate_to: "{{ groups['kube-master'][0] }}"
command: "{{ helm_script_dir }}/helm-make-ssl.sh -e {{ helm_home_dir }} -d {{ helm_tiller_cert_dir }}"
- set_fact:
@ -64,7 +64,7 @@
no_log: true
register: helm_client_cert_data
check_mode: no
delegate_to: "{{groups['kube-master'][0]}}"
delegate_to: "{{ groups['kube-master'][0] }}"
when: sync_helm_certs|default(false) and inventory_hostname != groups['kube-master'][0]
- name: Gen_helm_tiller_certs | Use tempfile for unpacking certs on masters
@ -78,8 +78,8 @@
- name: Gen_helm_tiller_certs | Write helm client certs to tempfile
copy:
content: "{{helm_client_cert_data.stdout}}"
dest: "{{helm_cert_tempfile.path}}"
content: "{{ helm_client_cert_data.stdout }}"
dest: "{{ helm_cert_tempfile.path }}"
owner: root
mode: "0600"
when: sync_helm_certs|default(false) and inventory_hostname != groups['kube-master'][0]
@ -93,7 +93,7 @@
- name: Gen_helm_tiller_certs | Cleanup tempfile on masters
file:
path: "{{helm_cert_tempfile.path}}"
path: "{{ helm_cert_tempfile.path }}"
state: absent
when: sync_helm_certs|default(false) and inventory_hostname != groups['kube-master'][0]

View file

@ -7,8 +7,8 @@
- name: Helm | Lay Down Helm Manifests (RBAC)
template:
src: "{{item.file}}.j2"
dest: "{{kube_config_dir}}/{{item.file}}"
src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/{{ item.file }}"
with_items:
- {name: tiller, file: tiller-namespace.yml, type: namespace}
- {name: tiller, file: tiller-sa.yml, type: sa}
@ -20,11 +20,11 @@
- name: Helm | Apply Helm Manifests (RBAC)
kube:
name: "{{item.item.name}}"
name: "{{ item.item.name }}"
namespace: "{{ tiller_namespace }}"
kubectl: "{{bin_dir}}/kubectl"
resource: "{{item.item.type}}"
filename: "{{kube_config_dir}}/{{item.item.file}}"
kubectl: "{{ bin_dir }}/kubectl"
resource: "{{ item.item.type }}"
filename: "{{ kube_config_dir }}/{{ item.item.file }}"
state: "latest"
with_items: "{{ manifests.results }}"
when:
@ -56,7 +56,7 @@
{% endif %}
register: install_helm
changed_when: false
environment: "{{proxy_env}}"
environment: "{{ proxy_env }}"
# FIXME: https://github.com/helm/helm/issues/4063
- name: Helm | Force apply tiller overrides if necessary
@ -73,12 +73,12 @@
{% if tiller_secure_release_info %} --override 'spec.template.spec.containers[0].command'='{/tiller,--storage=secret}' {% endif %}
{% if tiller_wait %} --wait{% endif %}
--output yaml
| {{bin_dir}}/kubectl apply -f -
| {{ bin_dir }}/kubectl apply -f -
changed_when: false
when:
- (tiller_override is defined and tiller_override) or (kube_version is version('v1.11.1', '>='))
- inventory_hostname == groups['kube-master'][0]
environment: "{{proxy_env}}"
environment: "{{ proxy_env }}"
- name: Make sure bash_completion.d folder exists
file:

View file

@ -1,11 +1,11 @@
---
- name: Start Calico resources
kube:
name: "{{item.item.name}}"
name: "{{ item.item.name }}"
namespace: "kube-system"
kubectl: "{{bin_dir}}/kubectl"
resource: "{{item.item.type}}"
filename: "{{kube_config_dir}}/{{item.item.file}}"
kubectl: "{{ bin_dir }}/kubectl"
resource: "{{ item.item.type }}"
filename: "{{ kube_config_dir }}/{{ item.item.file }}"
state: "latest"
with_items:
- "{{ calico_node_manifests.results }}"

View file

@ -1,11 +1,11 @@
---
- name: Canal | Start Resources
kube:
name: "{{item.item.name}}"
name: "{{ item.item.name }}"
namespace: "kube-system"
kubectl: "{{bin_dir}}/kubectl"
resource: "{{item.item.type}}"
filename: "{{kube_config_dir}}/{{item.item.file}}"
kubectl: "{{ bin_dir }}/kubectl"
resource: "{{ item.item.type }}"
filename: "{{ kube_config_dir }}/{{ item.item.file }}"
state: "latest"
with_items: "{{ canal_manifests.results }}"
when: inventory_hostname == groups['kube-master'][0] and not item is skipped

View file

@ -1,17 +1,17 @@
---
- name: Cilium | Start Resources
kube:
name: "{{item.item.name}}"
name: "{{ item.item.name }}"
namespace: "kube-system"
kubectl: "{{bin_dir}}/kubectl"
resource: "{{item.item.type}}"
filename: "{{kube_config_dir}}/{{item.item.file}}"
kubectl: "{{ bin_dir }}/kubectl"
resource: "{{ item.item.type }}"
filename: "{{ kube_config_dir }}/{{ item.item.file }}"
state: "latest"
with_items: "{{ cilium_node_manifests.results }}"
when: inventory_hostname == groups['kube-master'][0] and not item is skipped
- name: Cilium | Wait for pods to run
command: "{{bin_dir}}/kubectl -n kube-system get pods -l k8s-app=cilium -o jsonpath='{.items[?(@.status.containerStatuses[0].ready==false)].metadata.name}'" # noqa 601
command: "{{ bin_dir }}/kubectl -n kube-system get pods -l k8s-app=cilium -o jsonpath='{.items[?(@.status.containerStatuses[0].ready==false)].metadata.name}'" # noqa 601
register: pods_not_ready
until: pods_not_ready.stdout.find("cilium")==-1
retries: 30

View file

@ -1,11 +1,11 @@
---
- name: Flannel | Start Resources
kube:
name: "{{item.item.name}}"
name: "{{ item.item.name }}"
namespace: "kube-system"
kubectl: "{{bin_dir}}/kubectl"
resource: "{{item.item.type}}"
filename: "{{kube_config_dir}}/{{item.item.file}}"
kubectl: "{{ bin_dir }}/kubectl"
resource: "{{ item.item.type }}"
filename: "{{ kube_config_dir }}/{{ item.item.file }}"
state: "latest"
with_items: "{{ flannel_node_manifests.results }}"
when: inventory_hostname == groups['kube-master'][0] and not item is skipped

View file

@ -12,7 +12,7 @@
- inventory_hostname == groups['kube-master'][0]
- name: kube-router | Wait for kube-router pods to be ready
command: "{{bin_dir}}/kubectl -n kube-system get pods -l k8s-app=kube-router -o jsonpath='{.items[?(@.status.containerStatuses[0].ready==false)].metadata.name}'" # noqa 601
command: "{{ bin_dir }}/kubectl -n kube-system get pods -l k8s-app=kube-router -o jsonpath='{.items[?(@.status.containerStatuses[0].ready==false)].metadata.name}'" # noqa 601
register: pods_not_ready
until: pods_not_ready.stdout.find("kube-router")==-1
retries: 30

View file

@ -1,11 +1,11 @@
---
- name: Multus | Start resources
kube:
name: "{{item.item.name}}"
name: "{{ item.item.name }}"
namespace: "kube-system"
kubectl: "{{bin_dir}}/kubectl"
resource: "{{item.item.type}}"
filename: "{{kube_config_dir}}/{{item.item.file}}"
kubectl: "{{ bin_dir }}/kubectl"
resource: "{{ item.item.type }}"
filename: "{{ kube_config_dir }}/{{ item.item.file }}"
state: "latest"
with_items: "{{ multus_manifest_1.results }} + {{multus_manifest_2.results }}"
with_items: "{{ multus_manifest_1.results }} + {{ multus_manifest_2.results }}"
when: inventory_hostname == groups['kube-master'][0] and not item|skipped

View file

@ -2,7 +2,7 @@
- name: Kubernetes Persistent Volumes | Lay down OpenStack Cinder Storage Class template
template:
src: "openstack-storage-class.yml.j2"
dest: "{{kube_config_dir}}/openstack-storage-class.yml"
dest: "{{ kube_config_dir }}/openstack-storage-class.yml"
register: manifests
when:
- inventory_hostname == groups['kube-master'][0]
@ -10,9 +10,9 @@
- name: Kubernetes Persistent Volumes | Add OpenStack Cinder Storage Class
kube:
name: storage-class
kubectl: "{{bin_dir}}/kubectl"
kubectl: "{{ bin_dir }}/kubectl"
resource: StorageClass
filename: "{{kube_config_dir}}/openstack-storage-class.yml"
filename: "{{ kube_config_dir }}/openstack-storage-class.yml"
state: "latest"
when:
- inventory_hostname == groups['kube-master'][0]

View file

@ -10,8 +10,8 @@
- name: Create calico-kube-controllers manifests
template:
src: "{{item.file}}.j2"
dest: "{{kube_config_dir}}/{{item.file}}"
src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/{{ item.file }}"
with_items:
- {name: calico-kube-controllers, file: calico-kube-controllers.yml, type: deployment}
- {name: calico-kube-controllers, file: calico-kube-sa.yml, type: sa}
@ -24,11 +24,11 @@
- name: Start of Calico kube controllers
kube:
name: "{{item.item.name}}"
name: "{{ item.item.name }}"
namespace: "kube-system"
kubectl: "{{bin_dir}}/kubectl"
resource: "{{item.item.type}}"
filename: "{{kube_config_dir}}/{{item.item.file}}"
kubectl: "{{ bin_dir }}/kubectl"
resource: "{{ item.item.type }}"
filename: "{{ kube_config_dir }}/{{ item.item.file }}"
state: "latest"
with_items:
- "{{ calico_kube_manifests.results }}"

View file

@ -77,7 +77,7 @@
- name: Join to cluster
command: >-
{{ bin_dir }}/kubeadm join
--config {{ kube_config_dir}}/kubeadm-client.conf
--config {{ kube_config_dir }}/kubeadm-client.conf
--ignore-preflight-errors=DirAvailable--etc-kubernetes-manifests
register: kubeadm_join
async: 120
@ -88,7 +88,7 @@
- name: Join to cluster with ignores
command: >-
{{ bin_dir }}/kubeadm join
--config {{ kube_config_dir}}/kubeadm-client.conf
--config {{ kube_config_dir }}/kubeadm-client.conf
--ignore-preflight-errors=all
register: kubeadm_join
async: 60

View file

@ -12,12 +12,12 @@
- name: Base 64 Decode slurped secrets_encryption.yaml file
set_fact:
secret_file_decoded: "{{secret_file_encoded['content'] | b64decode | from_yaml}}"
secret_file_decoded: "{{ secret_file_encoded['content'] | b64decode | from_yaml }}"
when: secrets_encryption_file.stat.exists
- name: Extract secret value from secrets_encryption.yaml
set_fact:
kube_encrypt_token_extracted: "{{ secret_file_decoded | json_query(secrets_encryption_query) | first | b64decode}}"
kube_encrypt_token_extracted: "{{ secret_file_decoded | json_query(secrets_encryption_query) | first | b64decode }}"
when: secrets_encryption_file.stat.exists
- name: Set kube_encrypt_token across master nodes

View file

@ -5,7 +5,7 @@
{%- if "127.0.0.1" in kube_apiserver_endpoint or "localhost" in kube_apiserver_endpoint -%}
{{ first_kube_master }}:{{ kube_apiserver_port }}
{%- else -%}
{{ kube_apiserver_endpoint | regex_replace('https://', '')}}
{{ kube_apiserver_endpoint | regex_replace('https://', '') }}
{%- endif %}
tags:
- facts
@ -21,15 +21,15 @@
- name: Wait for k8s apiserver
wait_for:
host: "{{kubeadm_discovery_address.split(':')[0]}}"
port: "{{kubeadm_discovery_address.split(':')[1]}}"
host: "{{ kubeadm_discovery_address.split(':')[0] }}"
port: "{{ kubeadm_discovery_address.split(':')[1] }}"
timeout: 180
- name: Upload certificates so they are fresh and not expired
command: >-
{{ bin_dir }}/kubeadm init phase
--config {{ kube_config_dir}}/kubeadm-config.yaml
--config {{ kube_config_dir }}/kubeadm-config.yaml
upload-certs --experimental-upload-certs
{% if kubeadm_certificate_key is defined %}
--certificate-key={{ kubeadm_certificate_key }}
@ -46,7 +46,7 @@
- name: Joining control plane node to the cluster.
command: >-
{{ bin_dir }}/kubeadm join
--config {{ kube_config_dir}}/kubeadm-controlplane.yaml
--config {{ kube_config_dir }}/kubeadm-controlplane.yaml
--ignore-preflight-errors=all
{% if kubeadm_certificate_key is defined %}
--certificate-key={{ kubeadm_certificate_key }}

View file

@ -3,7 +3,7 @@
stat:
path: "{{ kube_cert_dir }}/apiserver.pem"
register: old_apiserver_cert
delegate_to: "{{groups['kube-master']|first}}"
delegate_to: "{{ groups['kube-master'] | first }}"
run_once: true
- name: kubeadm | Migrate old certs if necessary
@ -41,14 +41,14 @@
- name: kubeadm | Delete old static pods
file:
path: "{{ kube_config_dir }}/manifests/{{item}}.manifest"
path: "{{ kube_config_dir }}/manifests/{{ item }}.manifest"
state: absent
with_items: ["kube-apiserver", "kube-controller-manager", "kube-scheduler", "kube-proxy"]
when:
- old_apiserver_cert.stat.exists
- name: kubeadm | Forcefully delete old static pods
shell: "docker ps -f name=k8s_{{item}} -q | xargs --no-run-if-empty docker rm -f"
shell: "docker ps -f name=k8s_{{ item }} -q | xargs --no-run-if-empty docker rm -f"
with_items: ["kube-apiserver", "kube-controller-manager", "kube-scheduler"]
when:
- old_apiserver_cert.stat.exists
@ -147,7 +147,7 @@
retries: 5
delay: 5
until: temp_token is succeeded
delegate_to: "{{groups['kube-master']|first}}"
delegate_to: "{{ groups['kube-master'] | first }}"
when: kubeadm_token is not defined
tags:
- kubeadm_token
@ -190,6 +190,6 @@
# FIXME(mattymo): from docs: If you don't want to taint your control-plane node, set this field to an empty slice, i.e. `taints: {}` in the YAML file.
- name: kubeadm | Remove taint for master with node role
command: "{{ bin_dir }}/kubectl --kubeconfig {{ kube_config_dir }}/admin.conf taint node {{ inventory_hostname }} node-role.kubernetes.io/master:NoSchedule-"
delegate_to: "{{groups['kube-master']|first}}"
delegate_to: "{{ groups['kube-master'] | first }}"
when: inventory_hostname in groups['kube-node']
failed_when: false

View file

@ -1,7 +1,7 @@
---
- name: "Pre-upgrade | Delete master manifests if etcd secrets changed"
file:
path: "/etc/kubernetes/manifests/{{item}}.manifest"
path: "/etc/kubernetes/manifests/{{ item }}.manifest"
state: absent
with_items:
- ["kube-apiserver", "kube-controller-manager", "kube-scheduler"]
@ -9,7 +9,7 @@
when: etcd_secret_changed|default(false)
- name: "Pre-upgrade | Delete master containers forcefully"
shell: "docker ps -af name=k8s_{{item}}* -q | xargs --no-run-if-empty docker rm -f"
shell: "docker ps -af name=k8s_{{ item }}* -q | xargs --no-run-if-empty docker rm -f"
with_items:
- ["kube-apiserver", "kube-controller-manager", "kube-scheduler"]
when: kube_apiserver_manifest_replaced.changed

View file

@ -56,7 +56,7 @@
- name: check azure_loadbalancer_sku value
fail:
msg: "azure_loadbalancer_sku has an invalid value '{{azure_loadbalancer_sku}}'. Supported values are 'basic', 'standard'"
msg: "azure_loadbalancer_sku has an invalid value '{{ azure_loadbalancer_sku }}'. Supported values are 'basic', 'standard'"
when: azure_loadbalancer_sku not in ["basic", "standard"]
- name: "check azure_exclude_master_from_standard_lb is a bool"

View file

@ -65,7 +65,7 @@
- name: Verify if br_netfilter module exists
shell: "modinfo br_netfilter"
environment:
PATH: "{{ ansible_env.PATH}}:/sbin" # Make sure we can workaround RH's conservative path management
PATH: "{{ ansible_env.PATH }}:/sbin" # Make sure we can workaround RH's conservative path management
register: modinfo_br_netfilter
failed_when: modinfo_br_netfilter.rc not in [0, 1]
changed_when: false

View file

@ -6,7 +6,7 @@ Wants=docker.socket
[Service]
User=root
EnvironmentFile=-{{kube_config_dir}}/kubelet.env
EnvironmentFile=-{{ kube_config_dir }}/kubelet.env
ExecStartPre=-/bin/mkdir -p {{ kubelet_flexvolumes_plugins_dir }}
ExecStart={{ bin_dir }}/kubelet \
$KUBE_LOGTOSTDERR \

View file

@ -35,7 +35,7 @@
- name: "Stop if known booleans are set as strings (Use JSON format on CLI: -e \"{'key': true }\")"
assert:
that: item.value|type_debug == 'bool'
msg: "{{item.value}} isn't a bool"
msg: "{{ item.value }} isn't a bool"
run_once: yes
with_items:
- { name: download_run_once, value: "{{ download_run_once }}" }

View file

@ -8,9 +8,9 @@
set_fact:
host_architecture: >-
{%- if ansible_architecture in architecture_groups -%}
{{architecture_groups[ansible_architecture]}}
{{ architecture_groups[ansible_architecture] }}
{%- else -%}
{{ansible_architecture}}
{{ ansible_architecture }}
{% endif %}
- name: Force binaries directory for Container Linux by CoreOS
@ -46,7 +46,7 @@
- set_fact:
bogus_domains: |-
{% for d in [ 'default.svc.' + dns_domain, 'svc.' + dns_domain ] + searchdomains|default([]) -%}
{{dns_domain}}.{{d}}./{{d}}.{{d}}./com.{{d}}./
{{ dns_domain }}.{{ d }}./{{ d }}.{{ d }}./com.{{ d }}./
{%- endfor %}
cloud_resolver: >-
{%- if cloud_provider is defined and cloud_provider == 'gce' -%}
@ -139,9 +139,9 @@
- name: generate nameservers to resolvconf
set_fact:
nameserverentries:
nameserver {{( coredns_server + nameservers|d([]) + cloud_resolver|d([])) | join(',nameserver ')}}
nameserver {{ ( coredns_server + nameservers|d([]) + cloud_resolver|d([])) | join(',nameserver ') }}
supersede_nameserver:
supersede domain-name-servers {{( coredns_server + nameservers|d([]) + cloud_resolver|d([])) | join(', ') }};
supersede domain-name-servers {{ ( coredns_server + nameservers|d([]) + cloud_resolver|d([])) | join(', ') }};
- name: gather os specific variables
include_vars: "{{ item }}"

View file

@ -17,7 +17,7 @@
- master
- node
with_items:
- "{{bin_dir}}"
- "{{ bin_dir }}"
- "{{ kube_config_dir }}"
- "{{ kube_cert_dir }}"
- "{{ kube_manifest_dir }}"

View file

@ -5,7 +5,7 @@
- name: Add domain/search/nameservers/options to resolv.conf
blockinfile:
path: "{{resolvconffile}}"
path: "{{ resolvconffile }}"
block: |-
{% for item in [domainentry] + [searchentries] + nameserverentries.split(',') -%}
{{ item }}
@ -22,7 +22,7 @@
- name: Remove search/domain/nameserver options before block
replace:
dest: "{{item[0]}}"
dest: "{{ item[0] }}"
regexp: '^{{ item[1] }}[^#]*(?=# Ansible entries BEGIN)'
backup: yes
follow: yes
@ -33,7 +33,7 @@
- name: Remove search/domain/nameserver options after block
replace:
dest: "{{item[0]}}"
dest: "{{ item[0] }}"
regexp: '(# Ansible entries END\n(?:(?!^{{ item[1] }}).*\n)*)(?:^{{ item[1] }}.*\n?)+'
replace: '\1'
backup: yes
@ -51,7 +51,7 @@
- name: persist resolvconf cloud init file
template:
dest: "{{resolveconf_cloud_init_conf}}"
dest: "{{ resolveconf_cloud_init_conf }}"
src: resolvconf.j2
owner: root
mode: 0644

View file

@ -31,14 +31,14 @@
- name: Stat sysctl file configuration
stat:
path: "{{sysctl_file_path}}"
path: "{{ sysctl_file_path }}"
register: sysctl_file_stat
tags:
- bootstrap-os
- name: Change sysctl file path to link source if linked
set_fact:
sysctl_file_path: "{{sysctl_file_stat.stat.lnk_source}}"
sysctl_file_path: "{{ sysctl_file_stat.stat.lnk_source }}"
when:
- sysctl_file_stat.stat.islnk is defined
- sysctl_file_stat.stat.islnk
@ -52,7 +52,7 @@
- name: Enable ip forwarding
sysctl:
sysctl_file: "{{sysctl_file_path}}"
sysctl_file: "{{ sysctl_file_path }}"
name: net.ipv4.ip_forward
value: 1
state: present

View file

@ -5,7 +5,7 @@
block: |-
{% for item in (groups['k8s-cluster'] + groups['etcd'] + groups['calico-rr']|default([]))|unique -%}
{% if 'access_ip' in hostvars[item] or 'ip' in hostvars[item] or fallback_ips[item] != "skip" -%}
{{ hostvars[item]['access_ip'] | default(hostvars[item]['ip'] | default(fallback_ips[item]))}}
{{ hostvars[item]['access_ip'] | default(hostvars[item]['ip'] | default(fallback_ips[item])) }}
{%- if ('ansible_hostname' in hostvars[item] and item != hostvars[item]['ansible_hostname']) %} {{ hostvars[item]['ansible_hostname'] }}.{{ dns_domain }} {{ hostvars[item]['ansible_hostname'] }}{% endif %} {{ item }} {{ item }}.{{ dns_domain }}
{% endif %}
{% endfor %}

View file

@ -5,7 +5,7 @@
{% for item in [ supersede_domain, supersede_search, supersede_nameserver ] -%}
{{ item }}
{% endfor %}
path: "{{dhclientconffile}}"
path: "{{ dhclientconffile }}"
create: yes
state: present
insertbefore: BOF

View file

@ -5,7 +5,7 @@
- name: Remove kubespray specific config from dhclient config
blockinfile:
path: "{{dhclientconffile}}"
path: "{{ dhclientconffile }}"
state: absent
backup: yes
marker: "# Ansible entries {mark}"

View file

@ -2,7 +2,7 @@
- name: "Check_tokens | check if the tokens have already been generated on first master"
stat:
path: "{{ kube_token_dir }}/known_tokens.csv"
delegate_to: "{{groups['kube-master'][0]}}"
delegate_to: "{{ groups['kube-master'][0] }}"
register: known_tokens_master
run_once: true

View file

@ -5,7 +5,7 @@
dest: "{{ kube_script_dir }}/kube-gen-token.sh"
mode: 0700
run_once: yes
delegate_to: "{{groups['kube-master'][0]}}"
delegate_to: "{{ groups['kube-master'][0] }}"
when: gen_tokens|default(false)
- name: Gen_tokens | generate tokens for master components
@ -18,7 +18,7 @@
register: gentoken_master
changed_when: "'Added' in gentoken_master.stdout"
run_once: yes
delegate_to: "{{groups['kube-master'][0]}}"
delegate_to: "{{ groups['kube-master'][0] }}"
when: gen_tokens|default(false)
- name: Gen_tokens | generate tokens for node components
@ -31,14 +31,14 @@
register: gentoken_node
changed_when: "'Added' in gentoken_node.stdout"
run_once: yes
delegate_to: "{{groups['kube-master'][0]}}"
delegate_to: "{{ groups['kube-master'][0] }}"
when: gen_tokens|default(false)
- name: Gen_tokens | Get list of tokens from first master
shell: "(find {{ kube_token_dir }} -maxdepth 1 -type f)"
register: tokens_list
check_mode: no
delegate_to: "{{groups['kube-master'][0]}}"
delegate_to: "{{ groups['kube-master'][0] }}"
run_once: true
when: sync_tokens|default(false)
@ -48,7 +48,7 @@
warn: false
register: tokens_data
check_mode: no
delegate_to: "{{groups['kube-master'][0]}}"
delegate_to: "{{ groups['kube-master'][0] }}"
run_once: true
when: sync_tokens|default(false)

View file

@ -376,7 +376,7 @@ contiv_global_neighbor_as: "500"
fallback_ips_base: |
---
{% for item in groups['k8s-cluster'] + groups['etcd'] + groups['calico-rr']|default([])|unique %}
{{item}}: "{{ hostvars[item].get('ansible_default_ipv4', {'address': '127.0.0.1'})['address'] }}"
{{ item }}: "{{ hostvars[item].get('ansible_default_ipv4', {'address': '127.0.0.1'})['address'] }}"
{% endfor %}
fallback_ips: "{{ fallback_ips_base | from_yaml }}"

View file

@ -61,7 +61,7 @@
ETCDCTL_KEY: "{{ etcd_cert_dir }}/admin-{{ groups['etcd'][0] }}-key.pem"
retries: 4
delay: "{{ retry_stagger | random + 3 }}"
delegate_to: "{{groups['etcd'][0]}}"
delegate_to: "{{ groups['etcd'][0] }}"
when:
- calico_version is version("v3.0.0", ">=")
@ -79,7 +79,7 @@
ETCDCTL_KEY_FILE: "{{ etcd_cert_dir }}/admin-{{ groups['etcd'][0] }}-key.pem"
retries: 4
delay: "{{ retry_stagger | random + 3 }}"
delegate_to: "{{groups['etcd'][0]}}"
delegate_to: "{{ groups['etcd'][0] }}"
when:
- calico_version is version("v3.0.0", "<")

View file

@ -155,7 +155,7 @@
- calico_version is version('v3.0.0', '>=')
- name: Calico | Set global as_num (legacy)
command: "{{ bin_dir}}/calicoctl.sh config set asNumber {{ global_as_num }}"
command: "{{ bin_dir }}/calicoctl.sh config set asNumber {{ global_as_num }}"
run_once: true
when:
- calico_version is version('v3.0.0', '<')
@ -301,7 +301,7 @@
"name": "{{ inventory_hostname }}-{{ hostvars[item]["calico_rr_ip"]|default(hostvars[item]["ip"])|default(fallback_ips[item]) }}"
},
"spec": {
"asNumber": "{{ local_as | default(global_as_num)}}",
"asNumber": "{{ local_as | default(global_as_num) }}",
"node": "{{ inventory_hostname }}",
"peerIP": "{{ hostvars[item]["calico_rr_ip"]|default(hostvars[item]["ip"])|default(fallback_ips[item]) }}"
}}' | {{ bin_dir }}/calicoctl.sh create --skip-exists -f -
@ -319,7 +319,7 @@
shell: >
echo '{
"kind": "bgpPeer",
"spec": {"asNumber": "{{ local_as | default(global_as_num)}}"},
"spec": {"asNumber": "{{ local_as | default(global_as_num) }}"},
"apiVersion": "v1",
"metadata": {"node": "{{ inventory_hostname }}",
"scope": "node",
@ -338,8 +338,8 @@
- name: Calico | Create calico manifests
template:
src: "{{item.file}}.j2"
dest: "{{kube_config_dir}}/{{item.file}}"
src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/{{ item.file }}"
with_items:
- {name: calico-config, file: calico-config.yml, type: cm}
- {name: calico-node, file: calico-node.yml, type: ds}
@ -353,8 +353,8 @@
- name: Calico | Create calico manifests for kdd
template:
src: "{{item.file}}.j2"
dest: "{{kube_config_dir}}/{{item.file}}"
src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/{{ item.file }}"
with_items:
- {name: calico, file: kdd-crds.yml, type: kdd}
register: calico_node_kdd_manifest
@ -364,8 +364,8 @@
- name: Calico | Create calico manifests for typha
template:
src: "{{item.file}}.j2"
dest: "{{kube_config_dir}}/{{item.file}}"
src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/{{ item.file }}"
with_items:
- {name: calico, file: calico-typha.yml, type: typha}
register: calico_node_typha_manifest

View file

@ -7,7 +7,7 @@
owner: root
group: root
force: yes
environment: "{{proxy_env}}"
environment: "{{ proxy_env }}"
- name: "Create etcdv2 and etcdv3 calicoApiConfig"
template:
src: "{{ item }}-store.yml.j2"

View file

@ -31,7 +31,7 @@
'{ "Network": "{{ kube_pods_subnet }}", "SubnetLen": {{ kube_network_node_prefix }}, "Backend": { "Type": "{{ flannel_backend_type }}" } }'
retries: 4
delay: "{{ retry_stagger | random + 3 }}"
delegate_to: "{{groups['etcd'][0]}}"
delegate_to: "{{ groups['etcd'][0] }}"
changed_when: false
run_once: true
environment:
@ -40,8 +40,8 @@
- name: Canal | Create canal node manifests
template:
src: "{{item.file}}.j2"
dest: "{{kube_config_dir}}/{{item.file}}"
src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/{{ item.file }}"
with_items:
- {name: canal-config, file: canal-config.yaml, type: cm}
- {name: canal-node, file: canal-node.yaml, type: ds}

View file

@ -27,8 +27,8 @@
- name: Cilium | Create Cilium node manifests
template:
src: "{{item.file}}.j2"
dest: "{{kube_config_dir}}/{{item.file}}"
src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/{{ item.file }}"
with_items:
- {name: cilium, file: cilium-config.yml, type: cm}
- {name: cilium, file: cilium-crb.yml, type: clusterrolebinding}

View file

@ -1,8 +1,8 @@
---
- name: Flannel | Create Flannel manifests
template:
src: "{{item.file}}.j2"
dest: "{{kube_config_dir}}/{{item.file}}"
src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/{{ item.file }}"
with_items:
- {name: flannel, file: cni-flannel-rbac.yml, type: sa}
- {name: kube-flannel, file: cni-flannel.yml, type: ds}

View file

@ -1,21 +1,21 @@
---
- name: kube-router | Add annotations on kube-master
command: "{{bin_dir}}/kubectl annotate --overwrite node {{ ansible_hostname }} {{ item }}"
command: "{{ bin_dir }}/kubectl annotate --overwrite node {{ ansible_hostname }} {{ item }}"
with_items:
- "{{ kube_router_annotations_master }}"
delegate_to: "{{groups['kube-master'][0]}}"
delegate_to: "{{ groups['kube-master'][0] }}"
when: kube_router_annotations_master is defined and inventory_hostname in groups['kube-master']
- name: kube-router | Add annotations on kube-node
command: "{{bin_dir}}/kubectl annotate --overwrite node {{ ansible_hostname }} {{ item }}"
command: "{{ bin_dir }}/kubectl annotate --overwrite node {{ ansible_hostname }} {{ item }}"
with_items:
- "{{ kube_router_annotations_node }}"
delegate_to: "{{groups['kube-master'][0]}}"
delegate_to: "{{ groups['kube-master'][0] }}"
when: kube_router_annotations_node is defined and inventory_hostname in groups['kube-node']
- name: kube-router | Add common annotations on all servers
command: "{{bin_dir}}/kubectl annotate --overwrite node {{ ansible_hostname }} {{ item }}"
command: "{{ bin_dir }}/kubectl annotate --overwrite node {{ ansible_hostname }} {{ item }}"
with_items:
- "{{ kube_router_annotations_all }}"
delegate_to: "{{groups['kube-master'][0]}}"
delegate_to: "{{ groups['kube-master'][0] }}"
when: kube_router_annotations_all is defined and inventory_hostname in groups['all']

View file

@ -32,7 +32,7 @@
- old_etcd_members is defined
- name: Remove old cluster members
shell: "{{ bin_dir}}/etcdctl --endpoints={{ etcd_access_addresses }} member remove {{ item[1].replace(' ','').split(',')[0] }}"
shell: "{{ bin_dir }}/etcdctl --endpoints={{ etcd_access_addresses }} member remove {{ item[1].replace(' ','').split(',')[0] }}"
environment:
- ETCDCTL_API: 3
- ETCDCTL_CA_FILE: /etc/ssl/etcd/ssl/ca.pem

View file

@ -1,7 +1,7 @@
---
- name: Delete node
command: "{{ bin_dir}}/kubectl delete node {{ item }}"
command: "{{ bin_dir }}/kubectl delete node {{ item }}"
with_items:
- "{{ node.split(',') | default(groups['kube-node']) }}"
delegate_to: "{{ groups['kube-master']|first }}"

View file

@ -118,7 +118,7 @@
- mounts
- name: reset | unmount kubelet dirs
command: umount -f {{item}}
command: umount -f {{ item }}
with_items: '{{ mounted_dirs.stdout_lines }}'
register: umount_dir
retries: 4
@ -170,7 +170,7 @@
path: "{{ item }}"
state: absent
with_items:
- "{{kube_config_dir}}"
- "{{ kube_config_dir }}"
- /var/lib/kubelet
- /root/.kube
- /root/.helm

View file

@ -16,11 +16,11 @@
# Due to https://github.com/kubernetes/kubernetes/issues/58212 we cannot rely on exit code for "kubectl patch"
- name: Check current nodeselector for kube-proxy daemonset
shell: "{{bin_dir}}/kubectl --kubeconfig {{ kube_config_dir }}/admin.conf get ds kube-proxy --namespace=kube-system -o jsonpath='{.spec.template.spec.nodeSelector.beta.kubernetes.io/os}'"
shell: "{{ bin_dir }}/kubectl --kubeconfig {{ kube_config_dir }}/admin.conf get ds kube-proxy --namespace=kube-system -o jsonpath='{.spec.template.spec.nodeSelector.beta.kubernetes.io/os}'"
register: current_kube_proxy_state
- name: Apply nodeselector patch for kube-proxy daemonset
shell: "{{bin_dir}}/kubectl --kubeconfig {{ kube_config_dir }}/admin.conf patch ds kube-proxy --namespace=kube-system --type=strategic -p \"$(cat nodeselector-os-linux-patch.json)\""
shell: "{{ bin_dir }}/kubectl --kubeconfig {{ kube_config_dir }}/admin.conf patch ds kube-proxy --namespace=kube-system --type=strategic -p \"$(cat nodeselector-os-linux-patch.json)\""
args:
chdir: "{{ kubernetes_user_manifests_path }}"
register: patch_kube_proxy_state

View file

@ -53,4 +53,4 @@
- { role: kubernetes/node, tags: node }
- { role: kubernetes/kubeadm, tags: kubeadm }
- { role: network_plugin, tags: network }
environment: "{{proxy_env}}"
environment: "{{ proxy_env }}"

View file

@ -32,13 +32,13 @@
- name: etcd_info
cmd: "{{ bin_dir }}/etcdctl --peers={{ etcd_access_addresses | default('http://127.0.0.1:2379') }} cluster-health"
- name: calico_info
cmd: "{{bin_dir}}/calicoctl node status"
cmd: "{{ bin_dir }}/calicoctl node status"
when: '{{ kube_network_plugin == "calico" }}'
- name: calico_workload_info
cmd: "{{bin_dir}}/calicoctl get workloadEndpoint -o wide"
cmd: "{{ bin_dir }}/calicoctl get workloadEndpoint -o wide"
when: '{{ kube_network_plugin == "calico" }}'
- name: calico_pool_info
cmd: "{{bin_dir}}/calicoctl get ippool -o wide"
cmd: "{{ bin_dir }}/calicoctl get ippool -o wide"
when: '{{ kube_network_plugin == "calico" }}'
- name: weave_info
cmd: weave report
@ -111,19 +111,19 @@
- name: Storing commands output
shell: "{{ item.cmd }} 2>&1 | tee {{ item.name }}"
failed_when: false
with_items: "{{commands}}"
with_items: "{{ commands }}"
when: item.when | default(True)
no_log: True
- name: Fetch results
fetch: src={{ item.name }} dest=/tmp/{{ archive_dirname }}/commands
with_items: "{{commands}}"
with_items: "{{ commands }}"
when: item.when | default(True)
failed_when: false
- name: Fetch logs
fetch: src={{ item }} dest=/tmp/{{ archive_dirname }}/logs
with_items: "{{logs}}"
with_items: "{{ logs }}"
failed_when: false
- name: Pack results and logs
@ -137,4 +137,4 @@
- name: Clean up collected command outputs
file: path={{ item.name }} state=absent
with_items: "{{commands}}"
with_items: "{{ commands }}"

View file

@ -40,7 +40,7 @@
dest: "{{ images_dir }}/Dockerfile"
- name: Create docker images for each OS
command: docker build -t {{registry}}/vm-{{ item.key }} --build-arg cloud_image="{{ item.key }}.qcow2" {{ images_dir }}
command: docker build -t {{ registry }}/vm-{{ item.key }} --build-arg cloud_image="{{ item.key }}.qcow2" {{ images_dir }}
with_dict:
- "{{ images }}"

View file

@ -10,8 +10,8 @@
aws_access_key: "{{ aws.access_key }}"
aws_secret_key: "{{ aws.secret_key }}"
region: "{{ aws.region }}"
group_id: "{{ aws.group}}"
instance_type: "{{ aws.instance_type}}"
group_id: "{{ aws.group }}"
instance_type: "{{ aws.instance_type }}"
image: "{{ aws.ami_id }}"
wait: true
count: "{{ aws.count }}"
@ -30,4 +30,4 @@
timeout: 300
state: started
delegate_to: localhost
with_items: "{{ec2.instances}}"
with_items: "{{ ec2.instances }}"

View file

@ -52,20 +52,20 @@
tasks:
- name: replace_test_id
set_fact:
test_name: "{{test_id |regex_replace('\\.', '-')}}"
test_name: "{{ test_id |regex_replace('\\.', '-') }}"
- name: show vars
debug: msg="{{cloud_region}}, {{cloud_image}}"
debug: msg="{{ cloud_region }}, {{ cloud_image }}"
- set_fact:
instance_names: >-
{%- if mode in ['separate', 'ha'] -%}
["k8s-{{test_name}}-1", "k8s-{{test_name}}-2", "k8s-{{test_name}}-3"]
["k8s-{{ test_name }}-1", "k8s-{{ test_name }}-2", "k8s-{{ test_name }}-3"]
{%- else -%}
["k8s-{{test_name}}-1", "k8s-{{test_name}}-2"]
["k8s-{{ test_name }}-1", "k8s-{{ test_name }}-2"]
{%- endif -%}
- name: Manage DO instances | {{state}}
- name: Manage DO instances | {{ state }}
digital_ocean:
unique_name: yes
api_token: "{{ lookup('env','DO_API_TOKEN') }}"
@ -73,16 +73,16 @@
image_id: "{{ cloud_image }}"
name: "{{ item }}"
private_networking: no
region_id: "{{cloud_region}}"
size_id: "{{cloud_machine_type}}"
ssh_key_ids: "{{ssh_key_id}}"
state: "{{state}}"
region_id: "{{ cloud_region }}"
size_id: "{{ cloud_machine_type }}"
ssh_key_ids: "{{ ssh_key_id }}"
state: "{{ state }}"
wait: yes
register: droplets
with_items: "{{instance_names}}"
with_items: "{{ instance_names }}"
- debug:
msg: "{{droplets}}, {{inventory_path}}"
msg: "{{ droplets }}, {{ inventory_path }}"
when: state == 'present'
- name: Template the inventory
@ -92,6 +92,6 @@
when: state == 'present'
- name: Wait for SSH to come up
wait_for: host={{item.droplet.ip_address}} port=22 delay=10 timeout=180 state=started
with_items: "{{droplets.results}}"
wait_for: host={{ item.droplet.ip_address }} port=22 delay=10 timeout=180 state=started
with_items: "{{ droplets.results }}"
when: state == 'present'

View file

@ -14,39 +14,39 @@
- name: replace_test_id
set_fact:
test_name: "{{test_id |regex_replace('\\.', '-')}}"
test_name: "{{ test_id |regex_replace('\\.', '-') }}"
- set_fact:
instance_names: >-
{%- if mode in ['separate', 'separate-scale', 'ha', 'ha-scale'] -%}
k8s-{{test_name}}-1,k8s-{{test_name}}-2,k8s-{{test_name}}-3
k8s-{{ test_name }}-1,k8s-{{ test_name }}-2,k8s-{{ test_name }}-3
{%- elif mode == 'aio' -%}
k8s-{{test_name}}-1
k8s-{{ test_name }}-1
{%- else -%}
k8s-{{test_name}}-1,k8s-{{test_name}}-2
k8s-{{ test_name }}-1,k8s-{{ test_name }}-2
{%- endif -%}
- name: Create gce instances
gce:
instance_names: "{{instance_names}}"
instance_names: "{{ instance_names }}"
machine_type: "{{ cloud_machine_type }}"
image: "{{ cloud_image | default(omit) }}"
image_family: "{{ cloud_image_family | default(omit) }}"
preemptible: "{{ preemptible }}"
service_account_email: "{{ gce_service_account_email }}"
pem_file: "{{ gce_pem_file | default(omit)}}"
credentials_file: "{{gce_credentials_file | default(omit)}}"
pem_file: "{{ gce_pem_file | default(omit) }}"
credentials_file: "{{ gce_credentials_file | default(omit) }}"
project_id: "{{ gce_project_id }}"
zone: "{{cloud_region}}"
metadata: '{"test_id": "{{test_id}}", "network": "{{kube_network_plugin}}", "startup-script": "{{startup_script|default("")}}"}'
tags: "build-{{test_name}},{{kube_network_plugin}}"
zone: "{{ cloud_region }}"
metadata: '{"test_id": "{{ test_id }}", "network": "{{ kube_network_plugin }}", "startup-script": "{{ startup_script|default("") }}"}'
tags: "build-{{ test_name }},{{ kube_network_plugin }}"
ip_forward: yes
service_account_permissions: ['compute-rw']
register: gce
- name: Add instances to host group
add_host: hostname={{item.public_ip}} groupname="waitfor_hosts"
with_items: '{{gce.instance_data}}'
add_host: hostname={{ item.public_ip }} groupname="waitfor_hosts"
with_items: '{{ gce.instance_data }}'
- name: Template the inventory
template:

View file

@ -8,25 +8,25 @@
tasks:
- name: replace_test_id
set_fact:
test_name: "{{test_id |regex_replace('\\.', '-')}}"
test_name: "{{ test_id |regex_replace('\\.', '-') }}"
- set_fact:
instance_names: >-
{%- if mode in ['separate', 'ha'] -%}
k8s-{{test_name}}-1,k8s-{{test_name}}-2,k8s-{{test_name}}-3
k8s-{{ test_name }}-1,k8s-{{ test_name }}-2,k8s-{{ test_name }}-3
{%- else -%}
k8s-{{test_name}}-1,k8s-{{test_name}}-2
k8s-{{ test_name }}-1,k8s-{{ test_name }}-2
{%- endif -%}
- name: stop gce instances
gce:
instance_names: "{{instance_names}}"
instance_names: "{{ instance_names }}"
image: "{{ cloud_image | default(omit) }}"
service_account_email: "{{ gce_service_account_email }}"
pem_file: "{{ gce_pem_file | default(omit)}}"
credentials_file: "{{gce_credentials_file | default(omit)}}"
pem_file: "{{ gce_pem_file | default(omit) }}"
credentials_file: "{{ gce_credentials_file | default(omit) }}"
project_id: "{{ gce_project_id }}"
zone: "{{cloud_region | default('europe-west1-b')}}"
zone: "{{ cloud_region | default('europe-west1-b') }}"
state: 'stopped'
async: 120
poll: 3
@ -35,13 +35,13 @@
- name: delete gce instances
gce:
instance_names: "{{instance_names}}"
instance_names: "{{ instance_names }}"
image: "{{ cloud_image | default(omit) }}"
service_account_email: "{{ gce_service_account_email }}"
pem_file: "{{ gce_pem_file | default(omit)}}"
credentials_file: "{{gce_credentials_file | default(omit)}}"
pem_file: "{{ gce_pem_file | default(omit) }}"
credentials_file: "{{ gce_credentials_file | default(omit) }}"
project_id: "{{ gce_project_id }}"
zone: "{{cloud_region | default('europe-west1-b')}}"
zone: "{{ cloud_region | default('europe-west1-b') }}"
state: 'absent'
async: 120
poll: 3

View file

@ -16,7 +16,7 @@
test_name: "kargo-ci-{{ out.stdout_lines[0] }}"
- set_fact:
file_name: "{{ostype}}-{{kube_network_plugin}}-{{commit}}-logs.tar.gz"
file_name: "{{ ostype }}-{{ kube_network_plugin }}-{{ commit }}-logs.tar.gz"
- name: Create a bucket
gc_storage:
@ -30,31 +30,31 @@
- name: Create a lifecycle template for the bucket
template:
src: gcs_life.json.j2
dest: "{{dir}}/gcs_life.json"
dest: "{{ dir }}/gcs_life.json"
- name: Create a boto config to access GCS
template:
src: boto.j2
dest: "{{dir}}/.boto"
dest: "{{ dir }}/.boto"
no_log: True
- name: Download gsutil cp installer
get_url:
url: https://dl.google.com/dl/cloudsdk/channels/rapid/install_google_cloud_sdk.bash
dest: "{{dir}}/gcp-installer.sh"
dest: "{{ dir }}/gcp-installer.sh"
- name: Get gsutil tool
script: "{{dir}}/gcp-installer.sh"
script: "{{ dir }}/gcp-installer.sh"
environment:
CLOUDSDK_CORE_DISABLE_PROMPTS: 1
CLOUDSDK_INSTALL_DIR: "{{dir}}"
CLOUDSDK_INSTALL_DIR: "{{ dir }}"
no_log: True
failed_when: false
- name: Apply the lifecycle rules
command: "{{dir}}/google-cloud-sdk/bin/gsutil lifecycle set {{dir}}/gcs_life.json gs://{{test_name}}"
command: "{{ dir }}/google-cloud-sdk/bin/gsutil lifecycle set {{ dir }}/gcs_life.json gs://{{ test_name }}"
environment:
BOTO_CONFIG: "{{dir}}/.boto"
BOTO_CONFIG: "{{ dir }}/.boto"
no_log: True
- name: Upload collected diagnostic info
@ -63,13 +63,13 @@
mode: put
permission: public-read
object: "{{ file_name }}"
src: "{{dir}}/logs.tar.gz"
src: "{{ dir }}/logs.tar.gz"
headers: '{"Content-Encoding": "x-gzip"}'
gs_access_key: "{{ gs_key }}"
gs_secret_key: "{{ gs_skey }}"
expiration: "{{expire_days * 36000|int}}"
expiration: "{{ expire_days * 36000|int }}"
failed_when: false
no_log: True
- debug:
msg: "A public url https://storage.googleapis.com/{{test_name}}/{{file_name}}"
msg: "A public url https://storage.googleapis.com/{{ test_name }}/{{ file_name }}"

View file

@ -12,14 +12,14 @@
when: not ansible_os_family in ["CoreOS", "Container Linux by CoreOS"]
- name: Check kubectl output
shell: "{{bin_dir}}/kubectl get pods --all-namespaces -owide"
shell: "{{ bin_dir }}/kubectl get pods --all-namespaces -owide"
register: get_pods
no_log: true
- debug: msg="{{get_pods.stdout.split('\n')}}"
- debug: msg="{{ get_pods.stdout.split('\n') }}"
- name: Check that all pods are running and ready
shell: "{{bin_dir}}/kubectl get pods --all-namespaces --no-headers -o yaml"
shell: "{{ bin_dir }}/kubectl get pods --all-namespaces --no-headers -o yaml"
register: run_pods_log
until:
# Check that all pods are running
@ -32,9 +32,9 @@
no_log: true
- name: Check kubectl output
shell: "{{bin_dir}}/kubectl get pods --all-namespaces -owide"
shell: "{{ bin_dir }}/kubectl get pods --all-namespaces -owide"
register: get_pods
no_log: true
- debug: msg="{{get_pods.stdout.split('\n')}}"
- debug: msg="{{ get_pods.stdout.split('\n') }}"
failed_when: not run_pods_log is success

View file

@ -15,13 +15,13 @@
when: not ansible_os_family in ["CoreOS", "Container Linux by CoreOS"]
- name: Create test namespace
shell: "{{bin_dir}}/kubectl create namespace test"
shell: "{{ bin_dir }}/kubectl create namespace test"
- name: Run a replica controller composed of 2 pods in test ns
shell: "{{bin_dir}}/kubectl run test --image={{test_image_repo}}:{{test_image_tag}} --namespace test --replicas=2 --command -- tail -f /dev/null"
shell: "{{ bin_dir }}/kubectl run test --image={{ test_image_repo }}:{{ test_image_tag }} --namespace test --replicas=2 --command -- tail -f /dev/null"
- name: Check that all pods are running and ready
shell: "{{bin_dir}}/kubectl get pods --namespace test --no-headers -o yaml"
shell: "{{ bin_dir }}/kubectl get pods --namespace test --no-headers -o yaml"
register: run_pods_log
until:
# Check that all pods are running
@ -34,31 +34,31 @@
no_log: true
- name: Get pod names
shell: "{{bin_dir}}/kubectl get pods -n test -o json"
shell: "{{ bin_dir }}/kubectl get pods -n test -o json"
register: pods
no_log: true
- debug: msg="{{pods.stdout.split('\n')}}"
- debug: msg="{{ pods.stdout.split('\n') }}"
failed_when: not run_pods_log is success
- name: Get hostnet pods
command: "{{bin_dir}}/kubectl get pods -n test -o
command: "{{ bin_dir }}/kubectl get pods -n test -o
jsonpath='{range .items[?(.spec.hostNetwork)]}{.metadata.name} {.status.podIP} {.status.containerStatuses} {end}'"
register: hostnet_pods
no_log: true
- name: Get running pods
command: "{{bin_dir}}/kubectl get pods -n test -o
command: "{{ bin_dir }}/kubectl get pods -n test -o
jsonpath='{range .items[?(.status.phase==\"Running\")]}{.metadata.name} {.status.podIP} {.status.containerStatuses} {end}'"
register: running_pods
no_log: true
- name: Check kubectl output
shell: "{{bin_dir}}/kubectl get pods --all-namespaces -owide"
shell: "{{ bin_dir }}/kubectl get pods --all-namespaces -owide"
register: get_pods
no_log: true
- debug: msg="{{get_pods.stdout.split('\n')}}"
- debug: msg="{{ get_pods.stdout.split('\n') }}"
- set_fact:
kube_pods_subnet: 10.233.64.0/18
@ -66,30 +66,30 @@
pod_ips: "{{ (pods.stdout | from_json)['items'] | selectattr('status.podIP', 'defined') | map(attribute = 'status.podIP') | list }}"
pods_hostnet: |
{% set list = hostnet_pods.stdout.split(" ") %}
{{list}}
{{ list }}
pods_running: |
{% set list = running_pods.stdout.split(" ") %}
{{list}}
{{ list }}
- name: Check pods IP are in correct network
assert:
that: item | ipaddr(kube_pods_subnet)
when: not item in pods_hostnet and item in pods_running
with_items: "{{pod_ips}}"
with_items: "{{ pod_ips }}"
- name: Ping between pods is working
shell: "{{bin_dir}}/kubectl -n test exec {{item[0]}} -- ping -c 4 {{ item[1] }}"
shell: "{{ bin_dir }}/kubectl -n test exec {{ item[0] }} -- ping -c 4 {{ item[1] }}"
when: not item[0] in pods_hostnet and not item[1] in pods_hostnet
with_nested:
- "{{pod_names}}"
- "{{pod_ips}}"
- "{{ pod_names }}"
- "{{ pod_ips }}"
- name: Ping between hostnet pods is working
shell: "{{bin_dir}}/kubectl -n test exec {{item[0]}} -- ping -c 4 {{ item[1] }}"
shell: "{{ bin_dir }}/kubectl -n test exec {{ item[0] }} -- ping -c 4 {{ item[1] }}"
when: item[0] in pods_hostnet and item[1] in pods_hostnet
with_nested:
- "{{pod_names}}"
- "{{pod_ips}}"
- "{{ pod_names }}"
- "{{ pod_ips }}"
- name: Delete test namespace
shell: "{{bin_dir}}/kubectl delete namespace test"
shell: "{{ bin_dir }}/kubectl delete namespace test"

View file

@ -24,8 +24,8 @@
when: not ansible_os_family in ["CoreOS", "Container Linux by CoreOS"]
- name: Wait for netchecker server
shell: "{{ bin_dir }}/kubectl get pods -o wide --namespace {{netcheck_namespace}} | grep ^netchecker-server"
delegate_to: "{{groups['kube-master'][0]}}"
shell: "{{ bin_dir }}/kubectl get pods -o wide --namespace {{ netcheck_namespace }} | grep ^netchecker-server"
delegate_to: "{{ groups['kube-master'][0] }}"
run_once: true
register: ncs_pod
until: ncs_pod.stdout.find('Running') != -1
@ -33,18 +33,18 @@
delay: 10
- name: Wait for netchecker agents
shell: "{{ bin_dir }}/kubectl get pods -o wide --namespace {{netcheck_namespace}} | grep '^netchecker-agent-.*Running'"
shell: "{{ bin_dir }}/kubectl get pods -o wide --namespace {{ netcheck_namespace }} | grep '^netchecker-agent-.*Running'"
run_once: true
delegate_to: "{{groups['kube-master'][0]}}"
delegate_to: "{{ groups['kube-master'][0] }}"
register: nca_pod
until: nca_pod.stdout_lines|length >= groups['k8s-cluster']|intersect(ansible_play_hosts)|length * 2
retries: 3
delay: 10
failed_when: false
- command: "{{ bin_dir }}/kubectl -n {{netcheck_namespace}} describe pod -l app={{ item }}"
- command: "{{ bin_dir }}/kubectl -n {{ netcheck_namespace }} describe pod -l app={{ item }}"
run_once: true
delegate_to: "{{groups['kube-master'][0]}}"
delegate_to: "{{ groups['kube-master'][0] }}"
no_log: false
with_items:
- netchecker-agent
@ -56,9 +56,9 @@
run_once: true
- name: Get netchecker agents
uri: url=http://{{ ansible_default_ipv4.address }}:{{netchecker_port}}/api/v1/agents/ return_content=yes
uri: url=http://{{ ansible_default_ipv4.address }}:{{ netchecker_port }}/api/v1/agents/ return_content=yes
run_once: true
delegate_to: "{{groups['kube-master'][0]}}"
delegate_to: "{{ groups['kube-master'][0] }}"
register: agents
retries: 18
delay: "{{ agent_report_interval }}"
@ -77,8 +77,8 @@
- agents.content[0] == '{'
- name: Check netchecker status
uri: url=http://{{ ansible_default_ipv4.address }}:{{netchecker_port}}/api/v1/connectivity_check status_code=200 return_content=yes
delegate_to: "{{groups['kube-master'][0]}}"
uri: url=http://{{ ansible_default_ipv4.address }}:{{ netchecker_port }}/api/v1/connectivity_check status_code=200 return_content=yes
delegate_to: "{{ groups['kube-master'][0] }}"
run_once: true
register: result
retries: 3
@ -97,13 +97,13 @@
- command: "{{ bin_dir }}/kubectl -n kube-system logs -l k8s-app=kube-proxy"
run_once: true
when: not result is success
delegate_to: "{{groups['kube-master'][0]}}"
delegate_to: "{{ groups['kube-master'][0] }}"
no_log: false
- command: "{{ bin_dir }}/kubectl -n kube-system logs -l k8s-app={{item}} --all-containers"
- command: "{{ bin_dir }}/kubectl -n kube-system logs -l k8s-app={{ item }} --all-containers"
run_once: true
when: not result is success
delegate_to: "{{groups['kube-master'][0]}}"
delegate_to: "{{ groups['kube-master'][0] }}"
no_log: false
with_items:
- kube-router

View file

@ -38,7 +38,7 @@
pre_tasks:
- name: gather facts from all instances
setup:
delegate_to: "{{item}}"
delegate_to: "{{ item }}"
delegate_facts: True
with_items: "{{ groups['k8s-cluster'] + groups['etcd'] + groups['calico-rr']|default([]) }}"
@ -50,7 +50,7 @@
- { role: kubernetes/preinstall, tags: preinstall }
- { role: container-engine, tags: "container-engine", when: deploy_container_engine|default(true) }
- { role: download, tags: download, when: "not skip_downloads" }
environment: "{{proxy_env}}"
environment: "{{ proxy_env }}"
- hosts: etcd
any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
@ -76,7 +76,7 @@
- { role: kubernetes/client, tags: client }
- { role: kubernetes-apps/cluster_roles, tags: cluster-roles }
- { role: upgrade/post-upgrade, tags: post-upgrade }
environment: "{{proxy_env}}"
environment: "{{ proxy_env }}"
- name: Upgrade calico on all masters and nodes
hosts: kube-master:kube-node
@ -98,7 +98,7 @@
- { role: kubernetes/node, tags: node }
- { role: kubernetes/kubeadm, tags: kubeadm }
- { role: upgrade/post-upgrade, tags: post-upgrade }
environment: "{{proxy_env}}"
environment: "{{ proxy_env }}"
- hosts: kube-master[0]
any_errors_fatal: true
@ -112,14 +112,14 @@
roles:
- { role: kubespray-defaults}
- { role: network_plugin/calico/rr, tags: network }
environment: "{{proxy_env}}"
environment: "{{ proxy_env }}"
- hosts: kube-master
any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
roles:
- { role: kubespray-defaults}
- { role: kubernetes-apps, tags: apps }
environment: "{{proxy_env}}"
environment: "{{ proxy_env }}"
- hosts: k8s-cluster
any_errors_fatal: "{{ any_errors_fatal | default(true) }}"