ansible-lint: add spaces around variables [E206] (#4699)
This commit is contained in:
parent
560f50d3cd
commit
e67f848abc
88 changed files with 363 additions and 353 deletions
|
@ -5,7 +5,6 @@ skip_list:
|
|||
# The following rules throw errors.
|
||||
# These either still need to be corrected in the repository and the rules re-enabled or they are skipped on purpose.
|
||||
- '204'
|
||||
- '206'
|
||||
- '301'
|
||||
- '305'
|
||||
- '306'
|
||||
|
|
|
@ -34,7 +34,7 @@
|
|||
pre_tasks:
|
||||
- name: gather facts from all instances
|
||||
setup:
|
||||
delegate_to: "{{item}}"
|
||||
delegate_to: "{{ item }}"
|
||||
delegate_facts: true
|
||||
with_items: "{{ groups['k8s-cluster'] + groups['etcd'] + groups['calico-rr']|default([]) }}"
|
||||
run_once: true
|
||||
|
@ -46,7 +46,7 @@
|
|||
- { role: kubernetes/preinstall, tags: preinstall }
|
||||
- { role: "container-engine", tags: "container-engine", when: deploy_container_engine|default(true) }
|
||||
- { role: download, tags: download, when: "not skip_downloads" }
|
||||
environment: "{{proxy_env}}"
|
||||
environment: "{{ proxy_env }}"
|
||||
|
||||
- hosts: etcd
|
||||
any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
|
||||
|
@ -65,7 +65,7 @@
|
|||
roles:
|
||||
- { role: kubespray-defaults}
|
||||
- { role: kubernetes/node, tags: node }
|
||||
environment: "{{proxy_env}}"
|
||||
environment: "{{ proxy_env }}"
|
||||
|
||||
- hosts: kube-master
|
||||
any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
|
||||
|
@ -109,7 +109,7 @@
|
|||
roles:
|
||||
- { role: kubespray-defaults}
|
||||
- { role: kubernetes-apps, tags: apps }
|
||||
environment: "{{proxy_env}}"
|
||||
environment: "{{ proxy_env }}"
|
||||
|
||||
- hosts: k8s-cluster
|
||||
any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
|
||||
|
|
|
@ -8,4 +8,6 @@
|
|||
vm_list: "{{ vm_list_cmd.stdout }}"
|
||||
|
||||
- name: Generate inventory
|
||||
template: src=inventory.j2 dest="{{playbook_dir}}/inventory"
|
||||
template:
|
||||
src: inventory.j2
|
||||
dest: "{{ playbook_dir }}/inventory"
|
||||
|
|
|
@ -13,4 +13,6 @@
|
|||
vm_roles_list: "{{ vm_list_cmd.stdout }}"
|
||||
|
||||
- name: Generate inventory
|
||||
template: src=inventory.j2 dest="{{playbook_dir}}/inventory"
|
||||
template:
|
||||
src: inventory.j2
|
||||
dest: "{{ playbook_dir }}/inventory"
|
||||
|
|
|
@ -1,10 +1,15 @@
|
|||
---
|
||||
- set_fact:
|
||||
base_dir: "{{playbook_dir}}/.generated/"
|
||||
base_dir: "{{ playbook_dir }}/.generated/"
|
||||
|
||||
- file: path={{base_dir}} state=directory recurse=true
|
||||
- file:
|
||||
path: "{{ base_dir }}"
|
||||
state: directory
|
||||
recurse: true
|
||||
|
||||
- template: src={{item}} dest="{{base_dir}}/{{item}}"
|
||||
- template:
|
||||
src: "{{ item }}"
|
||||
dest: "{{ base_dir }}/{{ item }}"
|
||||
with_items:
|
||||
- network.json
|
||||
- storage.json
|
||||
|
|
|
@ -12,7 +12,7 @@
|
|||
- name: Null-ify some linux tools to ease DIND
|
||||
file:
|
||||
src: "/bin/true"
|
||||
dest: "{{item}}"
|
||||
dest: "{{ item }}"
|
||||
state: link
|
||||
force: yes
|
||||
with_items:
|
||||
|
@ -52,7 +52,7 @@
|
|||
- rsyslog
|
||||
- "{{ distro_ssh_service }}"
|
||||
|
||||
- name: Create distro user "{{distro_user}}"
|
||||
- name: Create distro user "{{ distro_user }}"
|
||||
user:
|
||||
name: "{{ distro_user }}"
|
||||
uid: 1000
|
||||
|
|
|
@ -28,7 +28,7 @@
|
|||
- /lib/modules:/lib/modules
|
||||
- "{{ item }}:/dind/docker"
|
||||
register: containers
|
||||
with_items: "{{groups.containers}}"
|
||||
with_items: "{{ groups.containers }}"
|
||||
tags:
|
||||
- addresses
|
||||
|
||||
|
|
|
@ -9,7 +9,7 @@
|
|||
- name: "Kubernetes Apps | Install and configure MetalLB"
|
||||
kube:
|
||||
name: "MetalLB"
|
||||
kubectl: "{{bin_dir}}/kubectl"
|
||||
kubectl: "{{ bin_dir }}/kubectl"
|
||||
filename: "{{ kube_config_dir }}/{{ item.item }}"
|
||||
state: "{{ item.changed | ternary('latest','present') }}"
|
||||
become: true
|
||||
|
|
|
@ -1,6 +1,8 @@
|
|||
---
|
||||
- name: Kubernetes Apps | Lay Down k8s GlusterFS Endpoint and PV
|
||||
template: src={{item.file}} dest={{kube_config_dir}}/{{item.dest}}
|
||||
template:
|
||||
src: "{{ item.file }}"
|
||||
dest: "{{ kube_config_dir }}/{{ item.dest }}"
|
||||
with_items:
|
||||
- { file: glusterfs-kubernetes-endpoint.json.j2, type: ep, dest: glusterfs-kubernetes-endpoint.json}
|
||||
- { file: glusterfs-kubernetes-pv.yml.j2, type: pv, dest: glusterfs-kubernetes-pv.yml}
|
||||
|
@ -12,9 +14,9 @@
|
|||
kube:
|
||||
name: glusterfs
|
||||
namespace: default
|
||||
kubectl: "{{bin_dir}}/kubectl"
|
||||
resource: "{{item.item.type}}"
|
||||
filename: "{{kube_config_dir}}/{{item.item.dest}}"
|
||||
state: "{{item.changed | ternary('latest','present') }}"
|
||||
kubectl: "{{ bin_dir }}/kubectl"
|
||||
resource: "{{ item.item.type }}"
|
||||
filename: "{{ kube_config_dir }}/{{ item.item.dest }}"
|
||||
state: "{{ item.changed | ternary('latest','present') }}"
|
||||
with_items: "{{ gluster_pv.results }}"
|
||||
when: inventory_hostname == groups['kube-master'][0] and groups['gfs-cluster'] is defined
|
||||
|
|
|
@ -6,7 +6,7 @@
|
|||
- name: "Kubernetes Apps | Install and configure Heketi Bootstrap"
|
||||
kube:
|
||||
name: "GlusterFS"
|
||||
kubectl: "{{bin_dir}}/kubectl"
|
||||
kubectl: "{{ bin_dir }}/kubectl"
|
||||
filename: "{{ kube_config_dir }}/heketi-bootstrap.json"
|
||||
state: "{{ rendering.changed | ternary('latest', 'present') }}"
|
||||
- name: "Wait for heketi bootstrap to complete."
|
||||
|
|
|
@ -6,7 +6,7 @@
|
|||
- name: "Create heketi storage."
|
||||
kube:
|
||||
name: "GlusterFS"
|
||||
kubectl: "{{bin_dir}}/kubectl"
|
||||
kubectl: "{{ bin_dir }}/kubectl"
|
||||
filename: "{{ kube_config_dir }}/heketi-storage-bootstrap.json"
|
||||
state: "present"
|
||||
vars:
|
||||
|
|
|
@ -6,7 +6,7 @@
|
|||
- name: "Kubernetes Apps | Install and configure GlusterFS daemonset"
|
||||
kube:
|
||||
name: "GlusterFS"
|
||||
kubectl: "{{bin_dir}}/kubectl"
|
||||
kubectl: "{{ bin_dir }}/kubectl"
|
||||
filename: "{{ kube_config_dir }}/glusterfs-daemonset.json"
|
||||
state: "{{ rendering.changed | ternary('latest', 'present') }}"
|
||||
- name: "Kubernetes Apps | Label GlusterFS nodes"
|
||||
|
@ -33,6 +33,6 @@
|
|||
- name: "Kubernetes Apps | Install and configure Heketi Service Account"
|
||||
kube:
|
||||
name: "GlusterFS"
|
||||
kubectl: "{{bin_dir}}/kubectl"
|
||||
kubectl: "{{ bin_dir }}/kubectl"
|
||||
filename: "{{ kube_config_dir }}/heketi-service-account.json"
|
||||
state: "{{ rendering.changed | ternary('latest', 'present') }}"
|
||||
|
|
|
@ -6,7 +6,7 @@
|
|||
- name: "Kubernetes Apps | Install and configure Heketi"
|
||||
kube:
|
||||
name: "GlusterFS"
|
||||
kubectl: "{{bin_dir}}/kubectl"
|
||||
kubectl: "{{ bin_dir }}/kubectl"
|
||||
filename: "{{ kube_config_dir }}/heketi-deployment.json"
|
||||
state: "{{ rendering.changed | ternary('latest', 'present') }}"
|
||||
- name: "Ensure heketi is up and running."
|
||||
|
|
|
@ -7,7 +7,7 @@
|
|||
|
||||
- name: "Kubernetes Apps | Test Heketi"
|
||||
register: "heketi_service_state"
|
||||
command: "{{bin_dir}}/kubectl get service heketi-storage-endpoints -o=name --ignore-not-found=true"
|
||||
command: "{{ bin_dir }}/kubectl get service heketi-storage-endpoints -o=name --ignore-not-found=true"
|
||||
changed_when: false
|
||||
|
||||
- name: "Kubernetes Apps | Bootstrap Heketi"
|
||||
|
|
|
@ -1,19 +1,19 @@
|
|||
---
|
||||
- register: "clusterrolebinding_state"
|
||||
command: "{{bin_dir}}/kubectl get clusterrolebinding heketi-gluster-admin -o=name --ignore-not-found=true"
|
||||
command: "{{ bin_dir }}/kubectl get clusterrolebinding heketi-gluster-admin -o=name --ignore-not-found=true"
|
||||
changed_when: false
|
||||
- name: "Kubernetes Apps | Deploy cluster role binding."
|
||||
when: "clusterrolebinding_state.stdout == \"\""
|
||||
command: "{{bin_dir}}/kubectl create clusterrolebinding heketi-gluster-admin --clusterrole=edit --serviceaccount=default:heketi-service-account"
|
||||
command: "{{ bin_dir }}/kubectl create clusterrolebinding heketi-gluster-admin --clusterrole=edit --serviceaccount=default:heketi-service-account"
|
||||
- register: "clusterrolebinding_state"
|
||||
command: "{{bin_dir}}/kubectl get clusterrolebinding heketi-gluster-admin -o=name --ignore-not-found=true"
|
||||
command: "{{ bin_dir }}/kubectl get clusterrolebinding heketi-gluster-admin -o=name --ignore-not-found=true"
|
||||
changed_when: false
|
||||
- assert:
|
||||
that: "clusterrolebinding_state.stdout != \"\""
|
||||
msg: "Cluster role binding is not present."
|
||||
|
||||
- register: "secret_state"
|
||||
command: "{{bin_dir}}/kubectl get secret heketi-config-secret -o=name --ignore-not-found=true"
|
||||
command: "{{ bin_dir }}/kubectl get secret heketi-config-secret -o=name --ignore-not-found=true"
|
||||
changed_when: false
|
||||
- name: "Render Heketi secret configuration."
|
||||
become: true
|
||||
|
@ -22,9 +22,9 @@
|
|||
dest: "{{ kube_config_dir }}/heketi.json"
|
||||
- name: "Deploy Heketi config secret"
|
||||
when: "secret_state.stdout == \"\""
|
||||
command: "{{bin_dir}}/kubectl create secret generic heketi-config-secret --from-file={{ kube_config_dir }}/heketi.json"
|
||||
command: "{{ bin_dir }}/kubectl create secret generic heketi-config-secret --from-file={{ kube_config_dir }}/heketi.json"
|
||||
- register: "secret_state"
|
||||
command: "{{bin_dir}}/kubectl get secret heketi-config-secret -o=name --ignore-not-found=true"
|
||||
command: "{{ bin_dir }}/kubectl get secret heketi-config-secret -o=name --ignore-not-found=true"
|
||||
changed_when: false
|
||||
- assert:
|
||||
that: "secret_state.stdout != \"\""
|
||||
|
|
|
@ -7,6 +7,6 @@
|
|||
- name: "Kubernetes Apps | Install and configure Heketi Storage"
|
||||
kube:
|
||||
name: "GlusterFS"
|
||||
kubectl: "{{bin_dir}}/kubectl"
|
||||
kubectl: "{{ bin_dir }}/kubectl"
|
||||
filename: "{{ kube_config_dir }}/heketi-storage.json"
|
||||
state: "{{ rendering.changed | ternary('latest', 'present') }}"
|
||||
|
|
|
@ -20,6 +20,6 @@
|
|||
- name: "Kubernetes Apps | Install and configure Storace Class"
|
||||
kube:
|
||||
name: "GlusterFS"
|
||||
kubectl: "{{bin_dir}}/kubectl"
|
||||
kubectl: "{{ bin_dir }}/kubectl"
|
||||
filename: "{{ kube_config_dir }}/storageclass.yml"
|
||||
state: "{{ rendering.changed | ternary('latest', 'present') }}"
|
||||
|
|
|
@ -11,7 +11,7 @@
|
|||
until: vault_etcd_health_check.status == 200 or vault_etcd_health_check.status == 401
|
||||
retries: 3
|
||||
delay: 2
|
||||
delegate_to: "{{groups['etcd'][0]}}"
|
||||
delegate_to: "{{ groups['etcd'][0] }}"
|
||||
run_once: true
|
||||
failed_when: false
|
||||
register: vault_etcd_health_check
|
||||
|
|
20
mitogen.yaml
20
mitogen.yaml
|
@ -3,29 +3,29 @@
|
|||
strategy: linear
|
||||
vars:
|
||||
mitogen_version: master
|
||||
mitogen_url: https://github.com/dw/mitogen/archive/{{mitogen_version}}.zip
|
||||
mitogen_url: https://github.com/dw/mitogen/archive/{{ mitogen_version }}.zip
|
||||
tasks:
|
||||
- name: Create mitogen plugin dir
|
||||
file:
|
||||
path: "{{item}}"
|
||||
path: "{{ item }}"
|
||||
state: directory
|
||||
become: false
|
||||
loop:
|
||||
- "{{playbook_dir}}/plugins/mitogen"
|
||||
- "{{playbook_dir}}/dist"
|
||||
- "{{ playbook_dir }}/plugins/mitogen"
|
||||
- "{{ playbook_dir }}/dist"
|
||||
|
||||
- name: download mitogen release
|
||||
get_url:
|
||||
url: "{{mitogen_url}}"
|
||||
dest: "{{playbook_dir}}/dist/mitogen_{{mitogen_version}}.zip"
|
||||
url: "{{ mitogen_url }}"
|
||||
dest: "{{ playbook_dir }}/dist/mitogen_{{ mitogen_version }}.zip"
|
||||
validate_certs: true
|
||||
|
||||
- name: extract zip
|
||||
unarchive:
|
||||
src: "{{playbook_dir}}/dist/mitogen_{{mitogen_version}}.zip"
|
||||
dest: "{{playbook_dir}}/dist/"
|
||||
src: "{{ playbook_dir }}/dist/mitogen_{{ mitogen_version }}.zip"
|
||||
dest: "{{ playbook_dir }}/dist/"
|
||||
|
||||
- name: copy plugin
|
||||
synchronize:
|
||||
src: "{{playbook_dir}}/dist/mitogen-{{mitogen_version}}/"
|
||||
dest: "{{playbook_dir}}/plugins/mitogen"
|
||||
src: "{{ playbook_dir }}/dist/mitogen-{{ mitogen_version }}/"
|
||||
dest: "{{ playbook_dir }}/plugins/mitogen"
|
||||
|
|
|
@ -1,15 +1,15 @@
|
|||
---
|
||||
- name: User | Create User Group
|
||||
group:
|
||||
name: "{{user.group|default(user.name)}}"
|
||||
system: "{{user.system|default(omit)}}"
|
||||
name: "{{ user.group|default(user.name) }}"
|
||||
system: "{{ user.system|default(omit) }}"
|
||||
|
||||
- name: User | Create User
|
||||
user:
|
||||
comment: "{{user.comment|default(omit)}}"
|
||||
createhome: "{{user.createhome|default(omit)}}"
|
||||
group: "{{user.group|default(user.name)}}"
|
||||
home: "{{user.home|default(omit)}}"
|
||||
shell: "{{user.shell|default(omit)}}"
|
||||
name: "{{user.name}}"
|
||||
system: "{{user.system|default(omit)}}"
|
||||
comment: "{{ user.comment|default(omit) }}"
|
||||
createhome: "{{ user.createhome|default(omit) }}"
|
||||
group: "{{ user.group|default(user.name) }}"
|
||||
home: "{{ user.home|default(omit) }}"
|
||||
shell: "{{ user.shell|default(omit) }}"
|
||||
name: "{{ user.name }}"
|
||||
system: "{{ user.system|default(omit) }}"
|
||||
|
|
|
@ -54,8 +54,8 @@
|
|||
- name: ensure docker-ce repository public key is installed
|
||||
action: "{{ docker_repo_key_info.pkg_key }}"
|
||||
args:
|
||||
id: "{{item}}"
|
||||
url: "{{docker_repo_key_info.url}}"
|
||||
id: "{{ item }}"
|
||||
url: "{{ docker_repo_key_info.url }}"
|
||||
state: present
|
||||
register: keyserver_task_result
|
||||
until: keyserver_task_result is succeeded
|
||||
|
@ -67,7 +67,7 @@
|
|||
- name: ensure docker-ce repository is enabled
|
||||
action: "{{ docker_repo_info.pkg_repo }}"
|
||||
args:
|
||||
repo: "{{item}}"
|
||||
repo: "{{ item }}"
|
||||
state: present
|
||||
with_items: "{{ docker_repo_info.repos }}"
|
||||
when: not (ansible_os_family in ["CoreOS", "Container Linux by CoreOS", "RedHat", "Suse", "ClearLinux"] or is_atomic) and (docker_repo_info.repos|length > 0)
|
||||
|
@ -75,8 +75,8 @@
|
|||
- name: ensure docker-engine repository public key is installed
|
||||
action: "{{ dockerproject_repo_key_info.pkg_key }}"
|
||||
args:
|
||||
id: "{{item}}"
|
||||
url: "{{dockerproject_repo_key_info.url}}"
|
||||
id: "{{ item }}"
|
||||
url: "{{ dockerproject_repo_key_info.url }}"
|
||||
state: present
|
||||
register: keyserver_task_result
|
||||
until: keyserver_task_result is succeeded
|
||||
|
@ -90,7 +90,7 @@
|
|||
- name: ensure docker-engine repository is enabled
|
||||
action: "{{ dockerproject_repo_info.pkg_repo }}"
|
||||
args:
|
||||
repo: "{{item}}"
|
||||
repo: "{{ item }}"
|
||||
state: present
|
||||
with_items: "{{ dockerproject_repo_info.repos }}"
|
||||
when:
|
||||
|
@ -123,7 +123,7 @@
|
|||
baseurl: "{{ extras_rh_repo_base_url }}"
|
||||
file: "extras"
|
||||
gpgcheck: yes
|
||||
gpgkey: "{{extras_rh_repo_gpgkey}}"
|
||||
gpgkey: "{{ extras_rh_repo_gpgkey }}"
|
||||
keepcache: "{{ docker_rpm_keepcache | default('1') }}"
|
||||
proxy: " {{ http_proxy | default('_none_') }}"
|
||||
when:
|
||||
|
@ -148,10 +148,10 @@
|
|||
- name: ensure docker packages are installed
|
||||
action: "{{ docker_package_info.pkg_mgr }}"
|
||||
args:
|
||||
pkg: "{{item.name}}"
|
||||
force: "{{item.force|default(omit)}}"
|
||||
conf_file: "{{item.yum_conf|default(omit)}}"
|
||||
state: "{{item.state | default('present')}}"
|
||||
pkg: "{{ item.name }}"
|
||||
force: "{{ item.force|default(omit) }}"
|
||||
conf_file: "{{ item.yum_conf|default(omit) }}"
|
||||
state: "{{ item.state | default('present') }}"
|
||||
update_cache: "{{ omit if ansible_distribution == 'Fedora' else True }}"
|
||||
register: docker_task_result
|
||||
until: docker_task_result is succeeded
|
||||
|
@ -166,7 +166,7 @@
|
|||
action: "{{ docker_package_info.pkg_mgr }}"
|
||||
args:
|
||||
name: "{{ item.name }}"
|
||||
state: "{{item.state | default('present')}}"
|
||||
state: "{{ item.state | default('present') }}"
|
||||
with_items: "{{ docker_package_info.pkgs }}"
|
||||
register: docker_task_result
|
||||
until: docker_task_result is succeeded
|
||||
|
@ -185,7 +185,7 @@
|
|||
|
||||
- name: show available packages on ubuntu
|
||||
fail:
|
||||
msg: "{{available_packages}}"
|
||||
msg: "{{ available_packages }}"
|
||||
when:
|
||||
- docker_task_result is failed
|
||||
- ansible_distribution == 'Ubuntu'
|
||||
|
|
|
@ -2,11 +2,11 @@
|
|||
|
||||
- name: set dns server for docker
|
||||
set_fact:
|
||||
docker_dns_servers: "{{dns_servers}}"
|
||||
docker_dns_servers: "{{ dns_servers }}"
|
||||
|
||||
- name: show docker_dns_servers
|
||||
debug:
|
||||
msg: "{{docker_dns_servers}}"
|
||||
msg: "{{ docker_dns_servers }}"
|
||||
|
||||
- name: set base docker dns facts
|
||||
set_fact:
|
||||
|
|
|
@ -29,7 +29,7 @@ download_always_pull: False
|
|||
download_validate_certs: True
|
||||
|
||||
# Use the first kube-master if download_localhost is not set
|
||||
download_delegate: "{% if download_localhost %}localhost{% else %}{{groups['kube-master'][0]}}{% endif %}"
|
||||
download_delegate: "{% if download_localhost %}localhost{% else %}{{ groups['kube-master'][0] }}{% endif %}"
|
||||
|
||||
# Arch of Docker images and needed packages
|
||||
image_arch: "{{host_architecture | default('amd64')}}"
|
||||
|
|
|
@ -7,7 +7,7 @@
|
|||
|
||||
- name: file_download | Create dest directory
|
||||
file:
|
||||
path: "{{download.dest|dirname}}"
|
||||
path: "{{ download.dest | dirname }}"
|
||||
state: directory
|
||||
recurse: yes
|
||||
when:
|
||||
|
@ -20,9 +20,9 @@
|
|||
# to one task in the future.
|
||||
- name: file_download | Download item (delegate)
|
||||
get_url:
|
||||
url: "{{download.url}}"
|
||||
dest: "{{download.dest}}"
|
||||
sha256sum: "{{download.sha256 | default(omit)}}"
|
||||
url: "{{ download.url }}"
|
||||
dest: "{{ download.dest }}"
|
||||
sha256sum: "{{ download.sha256|default(omit) }}"
|
||||
owner: "{{ download.owner|default(omit) }}"
|
||||
mode: "{{ download.mode|default(omit) }}"
|
||||
validate_certs: "{{ download_validate_certs }}"
|
||||
|
@ -43,9 +43,9 @@
|
|||
|
||||
- name: file_download | Download item (all)
|
||||
get_url:
|
||||
url: "{{download.url}}"
|
||||
dest: "{{download.dest}}"
|
||||
sha256sum: "{{download.sha256 | default(omit)}}"
|
||||
url: "{{ download.url }}"
|
||||
dest: "{{ download.dest }}"
|
||||
sha256sum: "{{ download.sha256|default(omit) }}"
|
||||
owner: "{{ download.owner|default(omit) }}"
|
||||
mode: "{{ download.mode|default(omit) }}"
|
||||
validate_certs: "{{ download_validate_certs }}"
|
||||
|
@ -64,8 +64,8 @@
|
|||
|
||||
- name: file_download | Extract archives
|
||||
unarchive:
|
||||
src: "{{download.dest}}"
|
||||
dest: "{{download.dest|dirname}}"
|
||||
src: "{{ download.dest }}"
|
||||
dest: "{{ download.dest |dirname }}"
|
||||
owner: "{{ download.owner|default(omit) }}"
|
||||
mode: "{{ download.mode|default(omit) }}"
|
||||
copy: no
|
||||
|
|
|
@ -11,16 +11,16 @@
|
|||
|
||||
- name: container_download | Create dest directory for saved/loaded container images
|
||||
file:
|
||||
path: "{{local_release_dir}}/containers"
|
||||
path: "{{ local_release_dir }}/containers"
|
||||
state: directory
|
||||
recurse: yes
|
||||
mode: 0755
|
||||
owner: "{{ansible_ssh_user|default(ansible_user_id)}}"
|
||||
owner: "{{ ansible_ssh_user|default(ansible_user_id) }}"
|
||||
when: download_container
|
||||
|
||||
- name: container_download | create local directory for saved/loaded container images
|
||||
file:
|
||||
path: "{{local_release_dir}}/containers"
|
||||
path: "{{ local_release_dir }}/containers"
|
||||
state: directory
|
||||
recurse: yes
|
||||
delegate_to: localhost
|
||||
|
|
|
@ -5,7 +5,7 @@
|
|||
|
||||
- set_fact:
|
||||
pull_args: >-
|
||||
{%- if pull_by_digest %}{{download.repo}}@sha256:{{download.sha256}}{%- else -%}{{download.repo}}:{{download.tag}}{%- endif -%}
|
||||
{%- if pull_by_digest %}{{ download.repo }}@sha256:{{ download.sha256 }}{%- else -%}{{ download.repo }}:{{ download.tag }}{%- endif -%}
|
||||
|
||||
- name: Register docker images info
|
||||
shell: >-
|
||||
|
@ -33,7 +33,7 @@
|
|||
|
||||
- name: Check the local digest sha256 corresponds to the given image tag
|
||||
assert:
|
||||
that: "{{download.repo}}:{{download.tag}} in docker_images.stdout.split(',')"
|
||||
that: "{{ download.repo }}:{{ download.tag }} in docker_images.stdout.split(',')"
|
||||
when:
|
||||
- not download_always_pull
|
||||
- not pull_required
|
||||
|
|
|
@ -8,7 +8,7 @@
|
|||
- facts
|
||||
|
||||
- set_fact:
|
||||
fname: "{{local_release_dir}}/containers/{{download.repo|regex_replace('/|\0|:', '_')}}:{{download.tag|default(download.sha256)|regex_replace('/|\0|:', '_')}}.tar"
|
||||
fname: "{{ local_release_dir }}/containers/{{ download.repo|regex_replace('/|\0|:', '_') }}:{{ download.tag|default(download.sha256)|regex_replace('/|\0|:', '_') }}.tar"
|
||||
run_once: true
|
||||
when:
|
||||
- download.enabled
|
||||
|
@ -20,7 +20,7 @@
|
|||
|
||||
- name: "container_download | Set default value for 'container_changed' to false"
|
||||
set_fact:
|
||||
container_changed: "{{pull_required|default(false)}}"
|
||||
container_changed: "{{ pull_required|default(false) }}"
|
||||
when:
|
||||
- download.enabled
|
||||
- download.container
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
---
|
||||
- name: file_download | create local download destination directory
|
||||
file:
|
||||
path: "{{download.dest|dirname}}"
|
||||
path: "{{ download.dest|dirname }}"
|
||||
state: directory
|
||||
recurse: yes
|
||||
mode: 0755
|
||||
|
|
|
@ -4,7 +4,7 @@
|
|||
paths: "{{ etcd_cert_dir }}"
|
||||
patterns: "ca.pem,node*.pem"
|
||||
get_checksum: true
|
||||
delegate_to: "{{groups['etcd'][0]}}"
|
||||
delegate_to: "{{ groups['etcd'][0] }}"
|
||||
register: etcdcert_master
|
||||
run_once: true
|
||||
|
||||
|
@ -30,10 +30,10 @@
|
|||
with_items: "{{ expected_files }}"
|
||||
vars:
|
||||
expected_files: >-
|
||||
['{{etcd_cert_dir}}/ca.pem',
|
||||
['{{ etcd_cert_dir }}/ca.pem',
|
||||
{% set all_etcd_hosts = groups['k8s-cluster']|union(groups['etcd'])|union(groups['calico-rr']|default([]))|unique|sort %}
|
||||
{% for host in all_etcd_hosts %}
|
||||
'{{etcd_cert_dir}}/node-{{ host }}-key.pem'
|
||||
'{{ etcd_cert_dir }}/node-{{ host }}-key.pem'
|
||||
{% if not loop.last %}{{','}}{% endif %}
|
||||
{% endfor %}]
|
||||
|
||||
|
|
|
@ -8,7 +8,7 @@
|
|||
mode: 0700
|
||||
recurse: yes
|
||||
|
||||
- name: "Gen_certs | create etcd script dir (on {{groups['etcd'][0]}})"
|
||||
- name: "Gen_certs | create etcd script dir (on {{ groups['etcd'][0] }})"
|
||||
file:
|
||||
path: "{{ etcd_script_dir }}"
|
||||
state: directory
|
||||
|
@ -16,9 +16,9 @@
|
|||
mode: 0700
|
||||
run_once: yes
|
||||
when: inventory_hostname == groups['etcd'][0]
|
||||
delegate_to: "{{groups['etcd'][0]}}"
|
||||
delegate_to: "{{ groups['etcd'][0] }}"
|
||||
|
||||
- name: "Gen_certs | create etcd cert dir (on {{groups['etcd'][0]}})"
|
||||
- name: "Gen_certs | create etcd cert dir (on {{ groups['etcd'][0] }})"
|
||||
file:
|
||||
path: "{{ etcd_cert_dir }}"
|
||||
group: "{{ etcd_cert_group }}"
|
||||
|
@ -28,14 +28,14 @@
|
|||
mode: 0700
|
||||
run_once: yes
|
||||
when: inventory_hostname == groups['etcd'][0]
|
||||
delegate_to: "{{groups['etcd'][0]}}"
|
||||
delegate_to: "{{ groups['etcd'][0] }}"
|
||||
|
||||
- name: Gen_certs | write openssl config
|
||||
template:
|
||||
src: "openssl.conf.j2"
|
||||
dest: "{{ etcd_config_dir }}/openssl.conf"
|
||||
run_once: yes
|
||||
delegate_to: "{{groups['etcd'][0]}}"
|
||||
delegate_to: "{{ groups['etcd'][0] }}"
|
||||
when:
|
||||
- gen_certs|default(false)
|
||||
- inventory_hostname == groups['etcd'][0]
|
||||
|
@ -46,7 +46,7 @@
|
|||
dest: "{{ etcd_script_dir }}/make-ssl-etcd.sh"
|
||||
mode: 0700
|
||||
run_once: yes
|
||||
delegate_to: "{{groups['etcd'][0]}}"
|
||||
delegate_to: "{{ groups['etcd'][0] }}"
|
||||
when:
|
||||
- gen_certs|default(false)
|
||||
- inventory_hostname == groups['etcd'][0]
|
||||
|
@ -65,7 +65,7 @@
|
|||
{% endif %}
|
||||
{% endfor %}"
|
||||
run_once: yes
|
||||
delegate_to: "{{groups['etcd'][0]}}"
|
||||
delegate_to: "{{ groups['etcd'][0] }}"
|
||||
when:
|
||||
- gen_certs|default(false)
|
||||
notify: set etcd_secret_changed
|
||||
|
@ -87,7 +87,7 @@
|
|||
'{{ etcd_cert_dir }}/node-{{ node }}.pem',
|
||||
'{{ etcd_cert_dir }}/node-{{ node }}-key.pem',
|
||||
{% endfor %}]"
|
||||
delegate_to: "{{groups['etcd'][0]}}"
|
||||
delegate_to: "{{ groups['etcd'][0] }}"
|
||||
when:
|
||||
- inventory_hostname in groups['etcd']
|
||||
- sync_certs|default(false)
|
||||
|
@ -133,13 +133,13 @@
|
|||
no_log: true
|
||||
register: etcd_node_certs
|
||||
check_mode: no
|
||||
delegate_to: "{{groups['etcd'][0]}}"
|
||||
delegate_to: "{{ groups['etcd'][0] }}"
|
||||
when: (('calico-rr' in groups and inventory_hostname in groups['calico-rr']) or
|
||||
inventory_hostname in groups['k8s-cluster']) and
|
||||
sync_certs|default(false) and inventory_hostname not in groups['etcd']
|
||||
|
||||
- name: Gen_certs | Copy certs on nodes
|
||||
shell: "base64 -d <<< '{{etcd_node_certs.stdout|quote}}' | tar xz -C {{ etcd_cert_dir }}"
|
||||
shell: "base64 -d <<< '{{ etcd_node_certs.stdout|quote }}' | tar xz -C {{ etcd_cert_dir }}"
|
||||
args:
|
||||
executable: /bin/bash
|
||||
no_log: true
|
||||
|
|
|
@ -8,9 +8,9 @@
|
|||
set_fact:
|
||||
host_architecture: >-
|
||||
{%- if ansible_architecture in architecture_groups -%}
|
||||
{{architecture_groups[ansible_architecture]}}
|
||||
{{ architecture_groups[ansible_architecture] }}
|
||||
{%- else -%}
|
||||
{{ansible_architecture}}
|
||||
{{ ansible_architecture }}
|
||||
{% endif %}
|
||||
|
||||
- include_tasks: check_certs.yml
|
||||
|
|
|
@ -13,7 +13,7 @@
|
|||
name: "netchecker-server"
|
||||
namespace: "{{ netcheck_namespace }}"
|
||||
filename: "{{ netchecker_server_manifest.stat.path }}"
|
||||
kubectl: "{{bin_dir}}/kubectl"
|
||||
kubectl: "{{ bin_dir }}/kubectl"
|
||||
resource: "deploy"
|
||||
state: latest
|
||||
when: inventory_hostname == groups['kube-master'][0] and netchecker_server_manifest.stat.exists
|
||||
|
@ -39,13 +39,13 @@
|
|||
|
||||
- name: Kubernetes Apps | Append extra templates to Netchecker Templates list for PodSecurityPolicy
|
||||
set_fact:
|
||||
netchecker_templates: "{{ netchecker_templates_for_psp + netchecker_templates}}"
|
||||
netchecker_templates: "{{ netchecker_templates_for_psp + netchecker_templates }}"
|
||||
when: podsecuritypolicy_enabled
|
||||
|
||||
- name: Kubernetes Apps | Lay Down Netchecker Template
|
||||
template:
|
||||
src: "{{item.file}}.j2"
|
||||
dest: "{{kube_config_dir}}/{{item.file}}"
|
||||
src: "{{ item.file }}.j2"
|
||||
dest: "{{ kube_config_dir }}/{{ item.file }}"
|
||||
with_items: "{{ netchecker_templates }}"
|
||||
register: manifests
|
||||
when:
|
||||
|
@ -53,11 +53,11 @@
|
|||
|
||||
- name: Kubernetes Apps | Start Netchecker Resources
|
||||
kube:
|
||||
name: "{{item.item.name}}"
|
||||
namespace: "{{netcheck_namespace}}"
|
||||
kubectl: "{{bin_dir}}/kubectl"
|
||||
resource: "{{item.item.type}}"
|
||||
filename: "{{kube_config_dir}}/{{item.item.file}}"
|
||||
name: "{{ item.item.name }}"
|
||||
namespace: "{{ netcheck_namespace }}"
|
||||
kubectl: "{{ bin_dir }}/kubectl"
|
||||
resource: "{{ item.item.type }}"
|
||||
filename: "{{ kube_config_dir }}/{{ item.item.file }}"
|
||||
state: "latest"
|
||||
with_items: "{{ manifests.results }}"
|
||||
when: inventory_hostname == groups['kube-master'][0] and not item is skipped
|
||||
|
|
|
@ -41,10 +41,10 @@
|
|||
|
||||
- name: Kubernetes Apps | Add policies, roles, bindings for PodSecurityPolicy
|
||||
kube:
|
||||
name: "{{item.item.name}}"
|
||||
kubectl: "{{bin_dir}}/kubectl"
|
||||
resource: "{{item.item.type}}"
|
||||
filename: "{{kube_config_dir}}/{{item.item.file}}"
|
||||
name: "{{ item.item.name }}"
|
||||
kubectl: "{{ bin_dir }}/kubectl"
|
||||
resource: "{{ item.item.type }}"
|
||||
filename: "{{ kube_config_dir }}/{{ item.item.file }}"
|
||||
state: "latest"
|
||||
register: result
|
||||
until: result is succeeded
|
||||
|
@ -69,7 +69,7 @@
|
|||
- name: Apply workaround to allow all nodes with cert O=system:nodes to register
|
||||
kube:
|
||||
name: "kubespray:system:node"
|
||||
kubectl: "{{bin_dir}}/kubectl"
|
||||
kubectl: "{{ bin_dir }}/kubectl"
|
||||
resource: "clusterrolebinding"
|
||||
filename: "{{ kube_config_dir }}/node-crb.yml"
|
||||
state: latest
|
||||
|
@ -96,7 +96,7 @@
|
|||
- name: Apply webhook ClusterRole
|
||||
kube:
|
||||
name: "system:node-webhook"
|
||||
kubectl: "{{bin_dir}}/kubectl"
|
||||
kubectl: "{{ bin_dir }}/kubectl"
|
||||
resource: "clusterrole"
|
||||
filename: "{{ kube_config_dir }}/node-webhook-cr.yml"
|
||||
state: latest
|
||||
|
@ -121,7 +121,7 @@
|
|||
- name: Grant system:nodes the webhook ClusterRole
|
||||
kube:
|
||||
name: "system:node-webhook"
|
||||
kubectl: "{{bin_dir}}/kubectl"
|
||||
kubectl: "{{ bin_dir }}/kubectl"
|
||||
resource: "clusterrolebinding"
|
||||
filename: "{{ kube_config_dir }}/node-webhook-crb.yml"
|
||||
state: latest
|
||||
|
@ -164,7 +164,7 @@
|
|||
- name: Apply vsphere-cloud-provider ClusterRole
|
||||
kube:
|
||||
name: "system:vsphere-cloud-provider"
|
||||
kubectl: "{{bin_dir}}/kubectl"
|
||||
kubectl: "{{ bin_dir }}/kubectl"
|
||||
resource: "clusterrolebinding"
|
||||
filename: "{{ kube_config_dir }}/vsphere-rbac.yml"
|
||||
state: latest
|
||||
|
@ -194,7 +194,7 @@
|
|||
- name: PriorityClass | Create k8s-cluster-critical
|
||||
kube:
|
||||
name: k8s-cluster-critical
|
||||
kubectl: "{{bin_dir}}/kubectl"
|
||||
kubectl: "{{ bin_dir }}/kubectl"
|
||||
resource: "PriorityClass"
|
||||
filename: "{{ kube_config_dir }}/k8s-cluster-critical-pc.yml"
|
||||
state: latest
|
||||
|
|
|
@ -10,7 +10,7 @@
|
|||
|
||||
- name: Apply OCI RBAC
|
||||
kube:
|
||||
kubectl: "{{bin_dir}}/kubectl"
|
||||
kubectl: "{{ bin_dir }}/kubectl"
|
||||
filename: "{{ kube_config_dir }}/oci-rbac.yml"
|
||||
when:
|
||||
- cloud_provider is defined
|
||||
|
|
|
@ -13,12 +13,12 @@
|
|||
|
||||
- name: Container Engine Acceleration Nvidia GPU | Set fact of download url Tesla
|
||||
set_fact:
|
||||
nvidia_driver_download_url_default: "{{nvidia_gpu_tesla_base_url}}{{nvidia_url_end}}"
|
||||
nvidia_driver_download_url_default: "{{ nvidia_gpu_tesla_base_url }}{{ nvidia_url_end }}"
|
||||
when: nvidia_gpu_flavor|lower == "tesla"
|
||||
|
||||
- name: Container Engine Acceleration Nvidia GPU | Set fact of download url GTX
|
||||
set_fact:
|
||||
nvidia_driver_download_url_default: "{{nvidia_gpu_gtx_base_url}}{{nvidia_url_end}}"
|
||||
nvidia_driver_download_url_default: "{{ nvidia_gpu_gtx_base_url }}{{ nvidia_url_end }}"
|
||||
when: nvidia_gpu_flavor|lower == "gtx"
|
||||
|
||||
- name: Container Engine Acceleration Nvidia GPU | Create addon dir
|
||||
|
@ -49,6 +49,6 @@
|
|||
filename: "{{ kube_config_dir }}/addons/container_engine_accelerator/{{ item.item.file }}"
|
||||
state: "latest"
|
||||
with_items:
|
||||
- "{{container_engine_accelerator_manifests.results}}"
|
||||
- "{{ container_engine_accelerator_manifests.results }}"
|
||||
when:
|
||||
- inventory_hostname == groups['kube-master'][0] and nvidia_driver_install_container and nvidia_driver_install_supported
|
||||
|
|
|
@ -9,7 +9,7 @@
|
|||
delegate_to: "{{ item[0] }}"
|
||||
with_nested:
|
||||
- "{{ groups['k8s-cluster'] }}"
|
||||
- "{{ local_volume_provisioner_storage_classes.keys() | list}}"
|
||||
- "{{ local_volume_provisioner_storage_classes.keys() | list }}"
|
||||
|
||||
- name: Local Volume Provisioner | Create addon dir
|
||||
file:
|
||||
|
|
|
@ -1,15 +1,15 @@
|
|||
---
|
||||
- name: "Gen_helm_tiller_certs | Create helm config directory (on {{groups['kube-master'][0]}})"
|
||||
- name: "Gen_helm_tiller_certs | Create helm config directory (on {{ groups['kube-master'][0] }})"
|
||||
run_once: yes
|
||||
delegate_to: "{{groups['kube-master'][0]}}"
|
||||
delegate_to: "{{ groups['kube-master'][0] }}"
|
||||
file:
|
||||
path: "{{ helm_config_dir }}"
|
||||
state: directory
|
||||
owner: kube
|
||||
|
||||
- name: "Gen_helm_tiller_certs | Create helm script directory (on {{groups['kube-master'][0]}})"
|
||||
- name: "Gen_helm_tiller_certs | Create helm script directory (on {{ groups['kube-master'][0] }})"
|
||||
run_once: yes
|
||||
delegate_to: "{{groups['kube-master'][0]}}"
|
||||
delegate_to: "{{ groups['kube-master'][0] }}"
|
||||
file:
|
||||
path: "{{ helm_script_dir }}"
|
||||
state: directory
|
||||
|
@ -17,24 +17,24 @@
|
|||
|
||||
- name: Gen_helm_tiller_certs | Copy certs generation script
|
||||
run_once: yes
|
||||
delegate_to: "{{groups['kube-master'][0]}}"
|
||||
delegate_to: "{{ groups['kube-master'][0] }}"
|
||||
template:
|
||||
src: "helm-make-ssl.sh.j2"
|
||||
dest: "{{ helm_script_dir }}/helm-make-ssl.sh"
|
||||
mode: 0700
|
||||
|
||||
- name: "Check_helm_certs | check if helm client certs have already been generated on first master (on {{groups['kube-master'][0]}})"
|
||||
- name: "Check_helm_certs | check if helm client certs have already been generated on first master (on {{ groups['kube-master'][0] }})"
|
||||
find:
|
||||
paths: "{{ helm_home_dir }}"
|
||||
patterns: "*.pem"
|
||||
get_checksum: true
|
||||
delegate_to: "{{groups['kube-master'][0]}}"
|
||||
delegate_to: "{{ groups['kube-master'][0] }}"
|
||||
register: helmcert_master
|
||||
run_once: true
|
||||
|
||||
- name: Gen_helm_tiller_certs | run cert generation script
|
||||
run_once: yes
|
||||
delegate_to: "{{groups['kube-master'][0]}}"
|
||||
delegate_to: "{{ groups['kube-master'][0] }}"
|
||||
command: "{{ helm_script_dir }}/helm-make-ssl.sh -e {{ helm_home_dir }} -d {{ helm_tiller_cert_dir }}"
|
||||
|
||||
- set_fact:
|
||||
|
@ -64,7 +64,7 @@
|
|||
no_log: true
|
||||
register: helm_client_cert_data
|
||||
check_mode: no
|
||||
delegate_to: "{{groups['kube-master'][0]}}"
|
||||
delegate_to: "{{ groups['kube-master'][0] }}"
|
||||
when: sync_helm_certs|default(false) and inventory_hostname != groups['kube-master'][0]
|
||||
|
||||
- name: Gen_helm_tiller_certs | Use tempfile for unpacking certs on masters
|
||||
|
@ -78,8 +78,8 @@
|
|||
|
||||
- name: Gen_helm_tiller_certs | Write helm client certs to tempfile
|
||||
copy:
|
||||
content: "{{helm_client_cert_data.stdout}}"
|
||||
dest: "{{helm_cert_tempfile.path}}"
|
||||
content: "{{ helm_client_cert_data.stdout }}"
|
||||
dest: "{{ helm_cert_tempfile.path }}"
|
||||
owner: root
|
||||
mode: "0600"
|
||||
when: sync_helm_certs|default(false) and inventory_hostname != groups['kube-master'][0]
|
||||
|
@ -93,7 +93,7 @@
|
|||
|
||||
- name: Gen_helm_tiller_certs | Cleanup tempfile on masters
|
||||
file:
|
||||
path: "{{helm_cert_tempfile.path}}"
|
||||
path: "{{ helm_cert_tempfile.path }}"
|
||||
state: absent
|
||||
when: sync_helm_certs|default(false) and inventory_hostname != groups['kube-master'][0]
|
||||
|
||||
|
|
|
@ -7,8 +7,8 @@
|
|||
|
||||
- name: Helm | Lay Down Helm Manifests (RBAC)
|
||||
template:
|
||||
src: "{{item.file}}.j2"
|
||||
dest: "{{kube_config_dir}}/{{item.file}}"
|
||||
src: "{{ item.file }}.j2"
|
||||
dest: "{{ kube_config_dir }}/{{ item.file }}"
|
||||
with_items:
|
||||
- {name: tiller, file: tiller-namespace.yml, type: namespace}
|
||||
- {name: tiller, file: tiller-sa.yml, type: sa}
|
||||
|
@ -20,11 +20,11 @@
|
|||
|
||||
- name: Helm | Apply Helm Manifests (RBAC)
|
||||
kube:
|
||||
name: "{{item.item.name}}"
|
||||
name: "{{ item.item.name }}"
|
||||
namespace: "{{ tiller_namespace }}"
|
||||
kubectl: "{{bin_dir}}/kubectl"
|
||||
resource: "{{item.item.type}}"
|
||||
filename: "{{kube_config_dir}}/{{item.item.file}}"
|
||||
kubectl: "{{ bin_dir }}/kubectl"
|
||||
resource: "{{ item.item.type }}"
|
||||
filename: "{{ kube_config_dir }}/{{ item.item.file }}"
|
||||
state: "latest"
|
||||
with_items: "{{ manifests.results }}"
|
||||
when:
|
||||
|
@ -56,7 +56,7 @@
|
|||
{% endif %}
|
||||
register: install_helm
|
||||
changed_when: false
|
||||
environment: "{{proxy_env}}"
|
||||
environment: "{{ proxy_env }}"
|
||||
|
||||
# FIXME: https://github.com/helm/helm/issues/4063
|
||||
- name: Helm | Force apply tiller overrides if necessary
|
||||
|
@ -73,12 +73,12 @@
|
|||
{% if tiller_secure_release_info %} --override 'spec.template.spec.containers[0].command'='{/tiller,--storage=secret}' {% endif %}
|
||||
{% if tiller_wait %} --wait{% endif %}
|
||||
--output yaml
|
||||
| {{bin_dir}}/kubectl apply -f -
|
||||
| {{ bin_dir }}/kubectl apply -f -
|
||||
changed_when: false
|
||||
when:
|
||||
- (tiller_override is defined and tiller_override) or (kube_version is version('v1.11.1', '>='))
|
||||
- inventory_hostname == groups['kube-master'][0]
|
||||
environment: "{{proxy_env}}"
|
||||
environment: "{{ proxy_env }}"
|
||||
|
||||
- name: Make sure bash_completion.d folder exists
|
||||
file:
|
||||
|
|
|
@ -1,11 +1,11 @@
|
|||
---
|
||||
- name: Start Calico resources
|
||||
kube:
|
||||
name: "{{item.item.name}}"
|
||||
name: "{{ item.item.name }}"
|
||||
namespace: "kube-system"
|
||||
kubectl: "{{bin_dir}}/kubectl"
|
||||
resource: "{{item.item.type}}"
|
||||
filename: "{{kube_config_dir}}/{{item.item.file}}"
|
||||
kubectl: "{{ bin_dir }}/kubectl"
|
||||
resource: "{{ item.item.type }}"
|
||||
filename: "{{ kube_config_dir }}/{{ item.item.file }}"
|
||||
state: "latest"
|
||||
with_items:
|
||||
- "{{ calico_node_manifests.results }}"
|
||||
|
|
|
@ -1,11 +1,11 @@
|
|||
---
|
||||
- name: Canal | Start Resources
|
||||
kube:
|
||||
name: "{{item.item.name}}"
|
||||
name: "{{ item.item.name }}"
|
||||
namespace: "kube-system"
|
||||
kubectl: "{{bin_dir}}/kubectl"
|
||||
resource: "{{item.item.type}}"
|
||||
filename: "{{kube_config_dir}}/{{item.item.file}}"
|
||||
kubectl: "{{ bin_dir }}/kubectl"
|
||||
resource: "{{ item.item.type }}"
|
||||
filename: "{{ kube_config_dir }}/{{ item.item.file }}"
|
||||
state: "latest"
|
||||
with_items: "{{ canal_manifests.results }}"
|
||||
when: inventory_hostname == groups['kube-master'][0] and not item is skipped
|
||||
|
|
|
@ -1,17 +1,17 @@
|
|||
---
|
||||
- name: Cilium | Start Resources
|
||||
kube:
|
||||
name: "{{item.item.name}}"
|
||||
name: "{{ item.item.name }}"
|
||||
namespace: "kube-system"
|
||||
kubectl: "{{bin_dir}}/kubectl"
|
||||
resource: "{{item.item.type}}"
|
||||
filename: "{{kube_config_dir}}/{{item.item.file}}"
|
||||
kubectl: "{{ bin_dir }}/kubectl"
|
||||
resource: "{{ item.item.type }}"
|
||||
filename: "{{ kube_config_dir }}/{{ item.item.file }}"
|
||||
state: "latest"
|
||||
with_items: "{{ cilium_node_manifests.results }}"
|
||||
when: inventory_hostname == groups['kube-master'][0] and not item is skipped
|
||||
|
||||
- name: Cilium | Wait for pods to run
|
||||
command: "{{bin_dir}}/kubectl -n kube-system get pods -l k8s-app=cilium -o jsonpath='{.items[?(@.status.containerStatuses[0].ready==false)].metadata.name}'" # noqa 601
|
||||
command: "{{ bin_dir }}/kubectl -n kube-system get pods -l k8s-app=cilium -o jsonpath='{.items[?(@.status.containerStatuses[0].ready==false)].metadata.name}'" # noqa 601
|
||||
register: pods_not_ready
|
||||
until: pods_not_ready.stdout.find("cilium")==-1
|
||||
retries: 30
|
||||
|
|
|
@ -1,11 +1,11 @@
|
|||
---
|
||||
- name: Flannel | Start Resources
|
||||
kube:
|
||||
name: "{{item.item.name}}"
|
||||
name: "{{ item.item.name }}"
|
||||
namespace: "kube-system"
|
||||
kubectl: "{{bin_dir}}/kubectl"
|
||||
resource: "{{item.item.type}}"
|
||||
filename: "{{kube_config_dir}}/{{item.item.file}}"
|
||||
kubectl: "{{ bin_dir }}/kubectl"
|
||||
resource: "{{ item.item.type }}"
|
||||
filename: "{{ kube_config_dir }}/{{ item.item.file }}"
|
||||
state: "latest"
|
||||
with_items: "{{ flannel_node_manifests.results }}"
|
||||
when: inventory_hostname == groups['kube-master'][0] and not item is skipped
|
||||
|
|
|
@ -12,7 +12,7 @@
|
|||
- inventory_hostname == groups['kube-master'][0]
|
||||
|
||||
- name: kube-router | Wait for kube-router pods to be ready
|
||||
command: "{{bin_dir}}/kubectl -n kube-system get pods -l k8s-app=kube-router -o jsonpath='{.items[?(@.status.containerStatuses[0].ready==false)].metadata.name}'" # noqa 601
|
||||
command: "{{ bin_dir }}/kubectl -n kube-system get pods -l k8s-app=kube-router -o jsonpath='{.items[?(@.status.containerStatuses[0].ready==false)].metadata.name}'" # noqa 601
|
||||
register: pods_not_ready
|
||||
until: pods_not_ready.stdout.find("kube-router")==-1
|
||||
retries: 30
|
||||
|
|
|
@ -1,11 +1,11 @@
|
|||
---
|
||||
- name: Multus | Start resources
|
||||
kube:
|
||||
name: "{{item.item.name}}"
|
||||
name: "{{ item.item.name }}"
|
||||
namespace: "kube-system"
|
||||
kubectl: "{{bin_dir}}/kubectl"
|
||||
resource: "{{item.item.type}}"
|
||||
filename: "{{kube_config_dir}}/{{item.item.file}}"
|
||||
kubectl: "{{ bin_dir }}/kubectl"
|
||||
resource: "{{ item.item.type }}"
|
||||
filename: "{{ kube_config_dir }}/{{ item.item.file }}"
|
||||
state: "latest"
|
||||
with_items: "{{ multus_manifest_1.results }} + {{multus_manifest_2.results }}"
|
||||
with_items: "{{ multus_manifest_1.results }} + {{ multus_manifest_2.results }}"
|
||||
when: inventory_hostname == groups['kube-master'][0] and not item|skipped
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
- name: Kubernetes Persistent Volumes | Lay down OpenStack Cinder Storage Class template
|
||||
template:
|
||||
src: "openstack-storage-class.yml.j2"
|
||||
dest: "{{kube_config_dir}}/openstack-storage-class.yml"
|
||||
dest: "{{ kube_config_dir }}/openstack-storage-class.yml"
|
||||
register: manifests
|
||||
when:
|
||||
- inventory_hostname == groups['kube-master'][0]
|
||||
|
@ -10,9 +10,9 @@
|
|||
- name: Kubernetes Persistent Volumes | Add OpenStack Cinder Storage Class
|
||||
kube:
|
||||
name: storage-class
|
||||
kubectl: "{{bin_dir}}/kubectl"
|
||||
kubectl: "{{ bin_dir }}/kubectl"
|
||||
resource: StorageClass
|
||||
filename: "{{kube_config_dir}}/openstack-storage-class.yml"
|
||||
filename: "{{ kube_config_dir }}/openstack-storage-class.yml"
|
||||
state: "latest"
|
||||
when:
|
||||
- inventory_hostname == groups['kube-master'][0]
|
||||
|
|
|
@ -10,8 +10,8 @@
|
|||
|
||||
- name: Create calico-kube-controllers manifests
|
||||
template:
|
||||
src: "{{item.file}}.j2"
|
||||
dest: "{{kube_config_dir}}/{{item.file}}"
|
||||
src: "{{ item.file }}.j2"
|
||||
dest: "{{ kube_config_dir }}/{{ item.file }}"
|
||||
with_items:
|
||||
- {name: calico-kube-controllers, file: calico-kube-controllers.yml, type: deployment}
|
||||
- {name: calico-kube-controllers, file: calico-kube-sa.yml, type: sa}
|
||||
|
@ -24,11 +24,11 @@
|
|||
|
||||
- name: Start of Calico kube controllers
|
||||
kube:
|
||||
name: "{{item.item.name}}"
|
||||
name: "{{ item.item.name }}"
|
||||
namespace: "kube-system"
|
||||
kubectl: "{{bin_dir}}/kubectl"
|
||||
resource: "{{item.item.type}}"
|
||||
filename: "{{kube_config_dir}}/{{item.item.file}}"
|
||||
kubectl: "{{ bin_dir }}/kubectl"
|
||||
resource: "{{ item.item.type }}"
|
||||
filename: "{{ kube_config_dir }}/{{ item.item.file }}"
|
||||
state: "latest"
|
||||
with_items:
|
||||
- "{{ calico_kube_manifests.results }}"
|
||||
|
|
|
@ -77,7 +77,7 @@
|
|||
- name: Join to cluster
|
||||
command: >-
|
||||
{{ bin_dir }}/kubeadm join
|
||||
--config {{ kube_config_dir}}/kubeadm-client.conf
|
||||
--config {{ kube_config_dir }}/kubeadm-client.conf
|
||||
--ignore-preflight-errors=DirAvailable--etc-kubernetes-manifests
|
||||
register: kubeadm_join
|
||||
async: 120
|
||||
|
@ -88,7 +88,7 @@
|
|||
- name: Join to cluster with ignores
|
||||
command: >-
|
||||
{{ bin_dir }}/kubeadm join
|
||||
--config {{ kube_config_dir}}/kubeadm-client.conf
|
||||
--config {{ kube_config_dir }}/kubeadm-client.conf
|
||||
--ignore-preflight-errors=all
|
||||
register: kubeadm_join
|
||||
async: 60
|
||||
|
|
|
@ -12,12 +12,12 @@
|
|||
|
||||
- name: Base 64 Decode slurped secrets_encryption.yaml file
|
||||
set_fact:
|
||||
secret_file_decoded: "{{secret_file_encoded['content'] | b64decode | from_yaml}}"
|
||||
secret_file_decoded: "{{ secret_file_encoded['content'] | b64decode | from_yaml }}"
|
||||
when: secrets_encryption_file.stat.exists
|
||||
|
||||
- name: Extract secret value from secrets_encryption.yaml
|
||||
set_fact:
|
||||
kube_encrypt_token_extracted: "{{ secret_file_decoded | json_query(secrets_encryption_query) | first | b64decode}}"
|
||||
kube_encrypt_token_extracted: "{{ secret_file_decoded | json_query(secrets_encryption_query) | first | b64decode }}"
|
||||
when: secrets_encryption_file.stat.exists
|
||||
|
||||
- name: Set kube_encrypt_token across master nodes
|
||||
|
|
|
@ -5,7 +5,7 @@
|
|||
{%- if "127.0.0.1" in kube_apiserver_endpoint or "localhost" in kube_apiserver_endpoint -%}
|
||||
{{ first_kube_master }}:{{ kube_apiserver_port }}
|
||||
{%- else -%}
|
||||
{{ kube_apiserver_endpoint | regex_replace('https://', '')}}
|
||||
{{ kube_apiserver_endpoint | regex_replace('https://', '') }}
|
||||
{%- endif %}
|
||||
tags:
|
||||
- facts
|
||||
|
@ -21,15 +21,15 @@
|
|||
|
||||
- name: Wait for k8s apiserver
|
||||
wait_for:
|
||||
host: "{{kubeadm_discovery_address.split(':')[0]}}"
|
||||
port: "{{kubeadm_discovery_address.split(':')[1]}}"
|
||||
host: "{{ kubeadm_discovery_address.split(':')[0] }}"
|
||||
port: "{{ kubeadm_discovery_address.split(':')[1] }}"
|
||||
timeout: 180
|
||||
|
||||
|
||||
- name: Upload certificates so they are fresh and not expired
|
||||
command: >-
|
||||
{{ bin_dir }}/kubeadm init phase
|
||||
--config {{ kube_config_dir}}/kubeadm-config.yaml
|
||||
--config {{ kube_config_dir }}/kubeadm-config.yaml
|
||||
upload-certs --experimental-upload-certs
|
||||
{% if kubeadm_certificate_key is defined %}
|
||||
--certificate-key={{ kubeadm_certificate_key }}
|
||||
|
@ -46,7 +46,7 @@
|
|||
- name: Joining control plane node to the cluster.
|
||||
command: >-
|
||||
{{ bin_dir }}/kubeadm join
|
||||
--config {{ kube_config_dir}}/kubeadm-controlplane.yaml
|
||||
--config {{ kube_config_dir }}/kubeadm-controlplane.yaml
|
||||
--ignore-preflight-errors=all
|
||||
{% if kubeadm_certificate_key is defined %}
|
||||
--certificate-key={{ kubeadm_certificate_key }}
|
||||
|
|
|
@ -3,7 +3,7 @@
|
|||
stat:
|
||||
path: "{{ kube_cert_dir }}/apiserver.pem"
|
||||
register: old_apiserver_cert
|
||||
delegate_to: "{{groups['kube-master']|first}}"
|
||||
delegate_to: "{{ groups['kube-master'] | first }}"
|
||||
run_once: true
|
||||
|
||||
- name: kubeadm | Migrate old certs if necessary
|
||||
|
@ -41,14 +41,14 @@
|
|||
|
||||
- name: kubeadm | Delete old static pods
|
||||
file:
|
||||
path: "{{ kube_config_dir }}/manifests/{{item}}.manifest"
|
||||
path: "{{ kube_config_dir }}/manifests/{{ item }}.manifest"
|
||||
state: absent
|
||||
with_items: ["kube-apiserver", "kube-controller-manager", "kube-scheduler", "kube-proxy"]
|
||||
when:
|
||||
- old_apiserver_cert.stat.exists
|
||||
|
||||
- name: kubeadm | Forcefully delete old static pods
|
||||
shell: "docker ps -f name=k8s_{{item}} -q | xargs --no-run-if-empty docker rm -f"
|
||||
shell: "docker ps -f name=k8s_{{ item }} -q | xargs --no-run-if-empty docker rm -f"
|
||||
with_items: ["kube-apiserver", "kube-controller-manager", "kube-scheduler"]
|
||||
when:
|
||||
- old_apiserver_cert.stat.exists
|
||||
|
@ -147,7 +147,7 @@
|
|||
retries: 5
|
||||
delay: 5
|
||||
until: temp_token is succeeded
|
||||
delegate_to: "{{groups['kube-master']|first}}"
|
||||
delegate_to: "{{ groups['kube-master'] | first }}"
|
||||
when: kubeadm_token is not defined
|
||||
tags:
|
||||
- kubeadm_token
|
||||
|
@ -190,6 +190,6 @@
|
|||
# FIXME(mattymo): from docs: If you don't want to taint your control-plane node, set this field to an empty slice, i.e. `taints: {}` in the YAML file.
|
||||
- name: kubeadm | Remove taint for master with node role
|
||||
command: "{{ bin_dir }}/kubectl --kubeconfig {{ kube_config_dir }}/admin.conf taint node {{ inventory_hostname }} node-role.kubernetes.io/master:NoSchedule-"
|
||||
delegate_to: "{{groups['kube-master']|first}}"
|
||||
delegate_to: "{{ groups['kube-master'] | first }}"
|
||||
when: inventory_hostname in groups['kube-node']
|
||||
failed_when: false
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
---
|
||||
- name: "Pre-upgrade | Delete master manifests if etcd secrets changed"
|
||||
file:
|
||||
path: "/etc/kubernetes/manifests/{{item}}.manifest"
|
||||
path: "/etc/kubernetes/manifests/{{ item }}.manifest"
|
||||
state: absent
|
||||
with_items:
|
||||
- ["kube-apiserver", "kube-controller-manager", "kube-scheduler"]
|
||||
|
@ -9,7 +9,7 @@
|
|||
when: etcd_secret_changed|default(false)
|
||||
|
||||
- name: "Pre-upgrade | Delete master containers forcefully"
|
||||
shell: "docker ps -af name=k8s_{{item}}* -q | xargs --no-run-if-empty docker rm -f"
|
||||
shell: "docker ps -af name=k8s_{{ item }}* -q | xargs --no-run-if-empty docker rm -f"
|
||||
with_items:
|
||||
- ["kube-apiserver", "kube-controller-manager", "kube-scheduler"]
|
||||
when: kube_apiserver_manifest_replaced.changed
|
||||
|
|
|
@ -56,7 +56,7 @@
|
|||
|
||||
- name: check azure_loadbalancer_sku value
|
||||
fail:
|
||||
msg: "azure_loadbalancer_sku has an invalid value '{{azure_loadbalancer_sku}}'. Supported values are 'basic', 'standard'"
|
||||
msg: "azure_loadbalancer_sku has an invalid value '{{ azure_loadbalancer_sku }}'. Supported values are 'basic', 'standard'"
|
||||
when: azure_loadbalancer_sku not in ["basic", "standard"]
|
||||
|
||||
- name: "check azure_exclude_master_from_standard_lb is a bool"
|
||||
|
|
|
@ -65,7 +65,7 @@
|
|||
- name: Verify if br_netfilter module exists
|
||||
shell: "modinfo br_netfilter"
|
||||
environment:
|
||||
PATH: "{{ ansible_env.PATH}}:/sbin" # Make sure we can workaround RH's conservative path management
|
||||
PATH: "{{ ansible_env.PATH }}:/sbin" # Make sure we can workaround RH's conservative path management
|
||||
register: modinfo_br_netfilter
|
||||
failed_when: modinfo_br_netfilter.rc not in [0, 1]
|
||||
changed_when: false
|
||||
|
|
|
@ -6,7 +6,7 @@ Wants=docker.socket
|
|||
|
||||
[Service]
|
||||
User=root
|
||||
EnvironmentFile=-{{kube_config_dir}}/kubelet.env
|
||||
EnvironmentFile=-{{ kube_config_dir }}/kubelet.env
|
||||
ExecStartPre=-/bin/mkdir -p {{ kubelet_flexvolumes_plugins_dir }}
|
||||
ExecStart={{ bin_dir }}/kubelet \
|
||||
$KUBE_LOGTOSTDERR \
|
||||
|
|
|
@ -35,7 +35,7 @@
|
|||
- name: "Stop if known booleans are set as strings (Use JSON format on CLI: -e \"{'key': true }\")"
|
||||
assert:
|
||||
that: item.value|type_debug == 'bool'
|
||||
msg: "{{item.value}} isn't a bool"
|
||||
msg: "{{ item.value }} isn't a bool"
|
||||
run_once: yes
|
||||
with_items:
|
||||
- { name: download_run_once, value: "{{ download_run_once }}" }
|
||||
|
|
|
@ -8,9 +8,9 @@
|
|||
set_fact:
|
||||
host_architecture: >-
|
||||
{%- if ansible_architecture in architecture_groups -%}
|
||||
{{architecture_groups[ansible_architecture]}}
|
||||
{{ architecture_groups[ansible_architecture] }}
|
||||
{%- else -%}
|
||||
{{ansible_architecture}}
|
||||
{{ ansible_architecture }}
|
||||
{% endif %}
|
||||
|
||||
- name: Force binaries directory for Container Linux by CoreOS
|
||||
|
@ -46,7 +46,7 @@
|
|||
- set_fact:
|
||||
bogus_domains: |-
|
||||
{% for d in [ 'default.svc.' + dns_domain, 'svc.' + dns_domain ] + searchdomains|default([]) -%}
|
||||
{{dns_domain}}.{{d}}./{{d}}.{{d}}./com.{{d}}./
|
||||
{{ dns_domain }}.{{ d }}./{{ d }}.{{ d }}./com.{{ d }}./
|
||||
{%- endfor %}
|
||||
cloud_resolver: >-
|
||||
{%- if cloud_provider is defined and cloud_provider == 'gce' -%}
|
||||
|
@ -139,9 +139,9 @@
|
|||
- name: generate nameservers to resolvconf
|
||||
set_fact:
|
||||
nameserverentries:
|
||||
nameserver {{( coredns_server + nameservers|d([]) + cloud_resolver|d([])) | join(',nameserver ')}}
|
||||
nameserver {{ ( coredns_server + nameservers|d([]) + cloud_resolver|d([])) | join(',nameserver ') }}
|
||||
supersede_nameserver:
|
||||
supersede domain-name-servers {{( coredns_server + nameservers|d([]) + cloud_resolver|d([])) | join(', ') }};
|
||||
supersede domain-name-servers {{ ( coredns_server + nameservers|d([]) + cloud_resolver|d([])) | join(', ') }};
|
||||
|
||||
- name: gather os specific variables
|
||||
include_vars: "{{ item }}"
|
||||
|
|
|
@ -17,7 +17,7 @@
|
|||
- master
|
||||
- node
|
||||
with_items:
|
||||
- "{{bin_dir}}"
|
||||
- "{{ bin_dir }}"
|
||||
- "{{ kube_config_dir }}"
|
||||
- "{{ kube_cert_dir }}"
|
||||
- "{{ kube_manifest_dir }}"
|
||||
|
|
|
@ -5,7 +5,7 @@
|
|||
|
||||
- name: Add domain/search/nameservers/options to resolv.conf
|
||||
blockinfile:
|
||||
path: "{{resolvconffile}}"
|
||||
path: "{{ resolvconffile }}"
|
||||
block: |-
|
||||
{% for item in [domainentry] + [searchentries] + nameserverentries.split(',') -%}
|
||||
{{ item }}
|
||||
|
@ -22,7 +22,7 @@
|
|||
|
||||
- name: Remove search/domain/nameserver options before block
|
||||
replace:
|
||||
dest: "{{item[0]}}"
|
||||
dest: "{{ item[0] }}"
|
||||
regexp: '^{{ item[1] }}[^#]*(?=# Ansible entries BEGIN)'
|
||||
backup: yes
|
||||
follow: yes
|
||||
|
@ -33,7 +33,7 @@
|
|||
|
||||
- name: Remove search/domain/nameserver options after block
|
||||
replace:
|
||||
dest: "{{item[0]}}"
|
||||
dest: "{{ item[0] }}"
|
||||
regexp: '(# Ansible entries END\n(?:(?!^{{ item[1] }}).*\n)*)(?:^{{ item[1] }}.*\n?)+'
|
||||
replace: '\1'
|
||||
backup: yes
|
||||
|
@ -51,7 +51,7 @@
|
|||
|
||||
- name: persist resolvconf cloud init file
|
||||
template:
|
||||
dest: "{{resolveconf_cloud_init_conf}}"
|
||||
dest: "{{ resolveconf_cloud_init_conf }}"
|
||||
src: resolvconf.j2
|
||||
owner: root
|
||||
mode: 0644
|
||||
|
|
|
@ -31,14 +31,14 @@
|
|||
|
||||
- name: Stat sysctl file configuration
|
||||
stat:
|
||||
path: "{{sysctl_file_path}}"
|
||||
path: "{{ sysctl_file_path }}"
|
||||
register: sysctl_file_stat
|
||||
tags:
|
||||
- bootstrap-os
|
||||
|
||||
- name: Change sysctl file path to link source if linked
|
||||
set_fact:
|
||||
sysctl_file_path: "{{sysctl_file_stat.stat.lnk_source}}"
|
||||
sysctl_file_path: "{{ sysctl_file_stat.stat.lnk_source }}"
|
||||
when:
|
||||
- sysctl_file_stat.stat.islnk is defined
|
||||
- sysctl_file_stat.stat.islnk
|
||||
|
@ -52,7 +52,7 @@
|
|||
|
||||
- name: Enable ip forwarding
|
||||
sysctl:
|
||||
sysctl_file: "{{sysctl_file_path}}"
|
||||
sysctl_file: "{{ sysctl_file_path }}"
|
||||
name: net.ipv4.ip_forward
|
||||
value: 1
|
||||
state: present
|
||||
|
|
|
@ -5,7 +5,7 @@
|
|||
block: |-
|
||||
{% for item in (groups['k8s-cluster'] + groups['etcd'] + groups['calico-rr']|default([]))|unique -%}
|
||||
{% if 'access_ip' in hostvars[item] or 'ip' in hostvars[item] or fallback_ips[item] != "skip" -%}
|
||||
{{ hostvars[item]['access_ip'] | default(hostvars[item]['ip'] | default(fallback_ips[item]))}}
|
||||
{{ hostvars[item]['access_ip'] | default(hostvars[item]['ip'] | default(fallback_ips[item])) }}
|
||||
{%- if ('ansible_hostname' in hostvars[item] and item != hostvars[item]['ansible_hostname']) %} {{ hostvars[item]['ansible_hostname'] }}.{{ dns_domain }} {{ hostvars[item]['ansible_hostname'] }}{% endif %} {{ item }} {{ item }}.{{ dns_domain }}
|
||||
{% endif %}
|
||||
{% endfor %}
|
||||
|
|
|
@ -5,7 +5,7 @@
|
|||
{% for item in [ supersede_domain, supersede_search, supersede_nameserver ] -%}
|
||||
{{ item }}
|
||||
{% endfor %}
|
||||
path: "{{dhclientconffile}}"
|
||||
path: "{{ dhclientconffile }}"
|
||||
create: yes
|
||||
state: present
|
||||
insertbefore: BOF
|
||||
|
|
|
@ -5,7 +5,7 @@
|
|||
|
||||
- name: Remove kubespray specific config from dhclient config
|
||||
blockinfile:
|
||||
path: "{{dhclientconffile}}"
|
||||
path: "{{ dhclientconffile }}"
|
||||
state: absent
|
||||
backup: yes
|
||||
marker: "# Ansible entries {mark}"
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
- name: "Check_tokens | check if the tokens have already been generated on first master"
|
||||
stat:
|
||||
path: "{{ kube_token_dir }}/known_tokens.csv"
|
||||
delegate_to: "{{groups['kube-master'][0]}}"
|
||||
delegate_to: "{{ groups['kube-master'][0] }}"
|
||||
register: known_tokens_master
|
||||
run_once: true
|
||||
|
||||
|
|
|
@ -5,7 +5,7 @@
|
|||
dest: "{{ kube_script_dir }}/kube-gen-token.sh"
|
||||
mode: 0700
|
||||
run_once: yes
|
||||
delegate_to: "{{groups['kube-master'][0]}}"
|
||||
delegate_to: "{{ groups['kube-master'][0] }}"
|
||||
when: gen_tokens|default(false)
|
||||
|
||||
- name: Gen_tokens | generate tokens for master components
|
||||
|
@ -18,7 +18,7 @@
|
|||
register: gentoken_master
|
||||
changed_when: "'Added' in gentoken_master.stdout"
|
||||
run_once: yes
|
||||
delegate_to: "{{groups['kube-master'][0]}}"
|
||||
delegate_to: "{{ groups['kube-master'][0] }}"
|
||||
when: gen_tokens|default(false)
|
||||
|
||||
- name: Gen_tokens | generate tokens for node components
|
||||
|
@ -31,14 +31,14 @@
|
|||
register: gentoken_node
|
||||
changed_when: "'Added' in gentoken_node.stdout"
|
||||
run_once: yes
|
||||
delegate_to: "{{groups['kube-master'][0]}}"
|
||||
delegate_to: "{{ groups['kube-master'][0] }}"
|
||||
when: gen_tokens|default(false)
|
||||
|
||||
- name: Gen_tokens | Get list of tokens from first master
|
||||
shell: "(find {{ kube_token_dir }} -maxdepth 1 -type f)"
|
||||
register: tokens_list
|
||||
check_mode: no
|
||||
delegate_to: "{{groups['kube-master'][0]}}"
|
||||
delegate_to: "{{ groups['kube-master'][0] }}"
|
||||
run_once: true
|
||||
when: sync_tokens|default(false)
|
||||
|
||||
|
@ -48,7 +48,7 @@
|
|||
warn: false
|
||||
register: tokens_data
|
||||
check_mode: no
|
||||
delegate_to: "{{groups['kube-master'][0]}}"
|
||||
delegate_to: "{{ groups['kube-master'][0] }}"
|
||||
run_once: true
|
||||
when: sync_tokens|default(false)
|
||||
|
||||
|
|
|
@ -376,7 +376,7 @@ contiv_global_neighbor_as: "500"
|
|||
fallback_ips_base: |
|
||||
---
|
||||
{% for item in groups['k8s-cluster'] + groups['etcd'] + groups['calico-rr']|default([])|unique %}
|
||||
{{item}}: "{{ hostvars[item].get('ansible_default_ipv4', {'address': '127.0.0.1'})['address'] }}"
|
||||
{{ item }}: "{{ hostvars[item].get('ansible_default_ipv4', {'address': '127.0.0.1'})['address'] }}"
|
||||
{% endfor %}
|
||||
fallback_ips: "{{ fallback_ips_base | from_yaml }}"
|
||||
|
||||
|
|
|
@ -61,7 +61,7 @@
|
|||
ETCDCTL_KEY: "{{ etcd_cert_dir }}/admin-{{ groups['etcd'][0] }}-key.pem"
|
||||
retries: 4
|
||||
delay: "{{ retry_stagger | random + 3 }}"
|
||||
delegate_to: "{{groups['etcd'][0]}}"
|
||||
delegate_to: "{{ groups['etcd'][0] }}"
|
||||
when:
|
||||
- calico_version is version("v3.0.0", ">=")
|
||||
|
||||
|
@ -79,7 +79,7 @@
|
|||
ETCDCTL_KEY_FILE: "{{ etcd_cert_dir }}/admin-{{ groups['etcd'][0] }}-key.pem"
|
||||
retries: 4
|
||||
delay: "{{ retry_stagger | random + 3 }}"
|
||||
delegate_to: "{{groups['etcd'][0]}}"
|
||||
delegate_to: "{{ groups['etcd'][0] }}"
|
||||
when:
|
||||
- calico_version is version("v3.0.0", "<")
|
||||
|
||||
|
|
|
@ -155,7 +155,7 @@
|
|||
- calico_version is version('v3.0.0', '>=')
|
||||
|
||||
- name: Calico | Set global as_num (legacy)
|
||||
command: "{{ bin_dir}}/calicoctl.sh config set asNumber {{ global_as_num }}"
|
||||
command: "{{ bin_dir }}/calicoctl.sh config set asNumber {{ global_as_num }}"
|
||||
run_once: true
|
||||
when:
|
||||
- calico_version is version('v3.0.0', '<')
|
||||
|
@ -301,7 +301,7 @@
|
|||
"name": "{{ inventory_hostname }}-{{ hostvars[item]["calico_rr_ip"]|default(hostvars[item]["ip"])|default(fallback_ips[item]) }}"
|
||||
},
|
||||
"spec": {
|
||||
"asNumber": "{{ local_as | default(global_as_num)}}",
|
||||
"asNumber": "{{ local_as | default(global_as_num) }}",
|
||||
"node": "{{ inventory_hostname }}",
|
||||
"peerIP": "{{ hostvars[item]["calico_rr_ip"]|default(hostvars[item]["ip"])|default(fallback_ips[item]) }}"
|
||||
}}' | {{ bin_dir }}/calicoctl.sh create --skip-exists -f -
|
||||
|
@ -319,7 +319,7 @@
|
|||
shell: >
|
||||
echo '{
|
||||
"kind": "bgpPeer",
|
||||
"spec": {"asNumber": "{{ local_as | default(global_as_num)}}"},
|
||||
"spec": {"asNumber": "{{ local_as | default(global_as_num) }}"},
|
||||
"apiVersion": "v1",
|
||||
"metadata": {"node": "{{ inventory_hostname }}",
|
||||
"scope": "node",
|
||||
|
@ -338,8 +338,8 @@
|
|||
|
||||
- name: Calico | Create calico manifests
|
||||
template:
|
||||
src: "{{item.file}}.j2"
|
||||
dest: "{{kube_config_dir}}/{{item.file}}"
|
||||
src: "{{ item.file }}.j2"
|
||||
dest: "{{ kube_config_dir }}/{{ item.file }}"
|
||||
with_items:
|
||||
- {name: calico-config, file: calico-config.yml, type: cm}
|
||||
- {name: calico-node, file: calico-node.yml, type: ds}
|
||||
|
@ -353,8 +353,8 @@
|
|||
|
||||
- name: Calico | Create calico manifests for kdd
|
||||
template:
|
||||
src: "{{item.file}}.j2"
|
||||
dest: "{{kube_config_dir}}/{{item.file}}"
|
||||
src: "{{ item.file }}.j2"
|
||||
dest: "{{ kube_config_dir }}/{{ item.file }}"
|
||||
with_items:
|
||||
- {name: calico, file: kdd-crds.yml, type: kdd}
|
||||
register: calico_node_kdd_manifest
|
||||
|
@ -364,8 +364,8 @@
|
|||
|
||||
- name: Calico | Create calico manifests for typha
|
||||
template:
|
||||
src: "{{item.file}}.j2"
|
||||
dest: "{{kube_config_dir}}/{{item.file}}"
|
||||
src: "{{ item.file }}.j2"
|
||||
dest: "{{ kube_config_dir }}/{{ item.file }}"
|
||||
with_items:
|
||||
- {name: calico, file: calico-typha.yml, type: typha}
|
||||
register: calico_node_typha_manifest
|
||||
|
|
|
@ -7,7 +7,7 @@
|
|||
owner: root
|
||||
group: root
|
||||
force: yes
|
||||
environment: "{{proxy_env}}"
|
||||
environment: "{{ proxy_env }}"
|
||||
- name: "Create etcdv2 and etcdv3 calicoApiConfig"
|
||||
template:
|
||||
src: "{{ item }}-store.yml.j2"
|
||||
|
|
|
@ -31,7 +31,7 @@
|
|||
'{ "Network": "{{ kube_pods_subnet }}", "SubnetLen": {{ kube_network_node_prefix }}, "Backend": { "Type": "{{ flannel_backend_type }}" } }'
|
||||
retries: 4
|
||||
delay: "{{ retry_stagger | random + 3 }}"
|
||||
delegate_to: "{{groups['etcd'][0]}}"
|
||||
delegate_to: "{{ groups['etcd'][0] }}"
|
||||
changed_when: false
|
||||
run_once: true
|
||||
environment:
|
||||
|
@ -40,8 +40,8 @@
|
|||
|
||||
- name: Canal | Create canal node manifests
|
||||
template:
|
||||
src: "{{item.file}}.j2"
|
||||
dest: "{{kube_config_dir}}/{{item.file}}"
|
||||
src: "{{ item.file }}.j2"
|
||||
dest: "{{ kube_config_dir }}/{{ item.file }}"
|
||||
with_items:
|
||||
- {name: canal-config, file: canal-config.yaml, type: cm}
|
||||
- {name: canal-node, file: canal-node.yaml, type: ds}
|
||||
|
|
|
@ -27,8 +27,8 @@
|
|||
|
||||
- name: Cilium | Create Cilium node manifests
|
||||
template:
|
||||
src: "{{item.file}}.j2"
|
||||
dest: "{{kube_config_dir}}/{{item.file}}"
|
||||
src: "{{ item.file }}.j2"
|
||||
dest: "{{ kube_config_dir }}/{{ item.file }}"
|
||||
with_items:
|
||||
- {name: cilium, file: cilium-config.yml, type: cm}
|
||||
- {name: cilium, file: cilium-crb.yml, type: clusterrolebinding}
|
||||
|
|
|
@ -1,8 +1,8 @@
|
|||
---
|
||||
- name: Flannel | Create Flannel manifests
|
||||
template:
|
||||
src: "{{item.file}}.j2"
|
||||
dest: "{{kube_config_dir}}/{{item.file}}"
|
||||
src: "{{ item.file }}.j2"
|
||||
dest: "{{ kube_config_dir }}/{{ item.file }}"
|
||||
with_items:
|
||||
- {name: flannel, file: cni-flannel-rbac.yml, type: sa}
|
||||
- {name: kube-flannel, file: cni-flannel.yml, type: ds}
|
||||
|
|
|
@ -1,21 +1,21 @@
|
|||
---
|
||||
- name: kube-router | Add annotations on kube-master
|
||||
command: "{{bin_dir}}/kubectl annotate --overwrite node {{ ansible_hostname }} {{ item }}"
|
||||
command: "{{ bin_dir }}/kubectl annotate --overwrite node {{ ansible_hostname }} {{ item }}"
|
||||
with_items:
|
||||
- "{{ kube_router_annotations_master }}"
|
||||
delegate_to: "{{groups['kube-master'][0]}}"
|
||||
delegate_to: "{{ groups['kube-master'][0] }}"
|
||||
when: kube_router_annotations_master is defined and inventory_hostname in groups['kube-master']
|
||||
|
||||
- name: kube-router | Add annotations on kube-node
|
||||
command: "{{bin_dir}}/kubectl annotate --overwrite node {{ ansible_hostname }} {{ item }}"
|
||||
command: "{{ bin_dir }}/kubectl annotate --overwrite node {{ ansible_hostname }} {{ item }}"
|
||||
with_items:
|
||||
- "{{ kube_router_annotations_node }}"
|
||||
delegate_to: "{{groups['kube-master'][0]}}"
|
||||
delegate_to: "{{ groups['kube-master'][0] }}"
|
||||
when: kube_router_annotations_node is defined and inventory_hostname in groups['kube-node']
|
||||
|
||||
- name: kube-router | Add common annotations on all servers
|
||||
command: "{{bin_dir}}/kubectl annotate --overwrite node {{ ansible_hostname }} {{ item }}"
|
||||
command: "{{ bin_dir }}/kubectl annotate --overwrite node {{ ansible_hostname }} {{ item }}"
|
||||
with_items:
|
||||
- "{{ kube_router_annotations_all }}"
|
||||
delegate_to: "{{groups['kube-master'][0]}}"
|
||||
delegate_to: "{{ groups['kube-master'][0] }}"
|
||||
when: kube_router_annotations_all is defined and inventory_hostname in groups['all']
|
|
@ -32,7 +32,7 @@
|
|||
- old_etcd_members is defined
|
||||
|
||||
- name: Remove old cluster members
|
||||
shell: "{{ bin_dir}}/etcdctl --endpoints={{ etcd_access_addresses }} member remove {{ item[1].replace(' ','').split(',')[0] }}"
|
||||
shell: "{{ bin_dir }}/etcdctl --endpoints={{ etcd_access_addresses }} member remove {{ item[1].replace(' ','').split(',')[0] }}"
|
||||
environment:
|
||||
- ETCDCTL_API: 3
|
||||
- ETCDCTL_CA_FILE: /etc/ssl/etcd/ssl/ca.pem
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
---
|
||||
|
||||
- name: Delete node
|
||||
command: "{{ bin_dir}}/kubectl delete node {{ item }}"
|
||||
command: "{{ bin_dir }}/kubectl delete node {{ item }}"
|
||||
with_items:
|
||||
- "{{ node.split(',') | default(groups['kube-node']) }}"
|
||||
delegate_to: "{{ groups['kube-master']|first }}"
|
||||
|
|
|
@ -118,7 +118,7 @@
|
|||
- mounts
|
||||
|
||||
- name: reset | unmount kubelet dirs
|
||||
command: umount -f {{item}}
|
||||
command: umount -f {{ item }}
|
||||
with_items: '{{ mounted_dirs.stdout_lines }}'
|
||||
register: umount_dir
|
||||
retries: 4
|
||||
|
@ -170,7 +170,7 @@
|
|||
path: "{{ item }}"
|
||||
state: absent
|
||||
with_items:
|
||||
- "{{kube_config_dir}}"
|
||||
- "{{ kube_config_dir }}"
|
||||
- /var/lib/kubelet
|
||||
- /root/.kube
|
||||
- /root/.helm
|
||||
|
|
|
@ -16,11 +16,11 @@
|
|||
|
||||
# Due to https://github.com/kubernetes/kubernetes/issues/58212 we cannot rely on exit code for "kubectl patch"
|
||||
- name: Check current nodeselector for kube-proxy daemonset
|
||||
shell: "{{bin_dir}}/kubectl --kubeconfig {{ kube_config_dir }}/admin.conf get ds kube-proxy --namespace=kube-system -o jsonpath='{.spec.template.spec.nodeSelector.beta.kubernetes.io/os}'"
|
||||
shell: "{{ bin_dir }}/kubectl --kubeconfig {{ kube_config_dir }}/admin.conf get ds kube-proxy --namespace=kube-system -o jsonpath='{.spec.template.spec.nodeSelector.beta.kubernetes.io/os}'"
|
||||
register: current_kube_proxy_state
|
||||
|
||||
- name: Apply nodeselector patch for kube-proxy daemonset
|
||||
shell: "{{bin_dir}}/kubectl --kubeconfig {{ kube_config_dir }}/admin.conf patch ds kube-proxy --namespace=kube-system --type=strategic -p \"$(cat nodeselector-os-linux-patch.json)\""
|
||||
shell: "{{ bin_dir }}/kubectl --kubeconfig {{ kube_config_dir }}/admin.conf patch ds kube-proxy --namespace=kube-system --type=strategic -p \"$(cat nodeselector-os-linux-patch.json)\""
|
||||
args:
|
||||
chdir: "{{ kubernetes_user_manifests_path }}"
|
||||
register: patch_kube_proxy_state
|
||||
|
|
|
@ -53,4 +53,4 @@
|
|||
- { role: kubernetes/node, tags: node }
|
||||
- { role: kubernetes/kubeadm, tags: kubeadm }
|
||||
- { role: network_plugin, tags: network }
|
||||
environment: "{{proxy_env}}"
|
||||
environment: "{{ proxy_env }}"
|
||||
|
|
|
@ -32,13 +32,13 @@
|
|||
- name: etcd_info
|
||||
cmd: "{{ bin_dir }}/etcdctl --peers={{ etcd_access_addresses | default('http://127.0.0.1:2379') }} cluster-health"
|
||||
- name: calico_info
|
||||
cmd: "{{bin_dir}}/calicoctl node status"
|
||||
cmd: "{{ bin_dir }}/calicoctl node status"
|
||||
when: '{{ kube_network_plugin == "calico" }}'
|
||||
- name: calico_workload_info
|
||||
cmd: "{{bin_dir}}/calicoctl get workloadEndpoint -o wide"
|
||||
cmd: "{{ bin_dir }}/calicoctl get workloadEndpoint -o wide"
|
||||
when: '{{ kube_network_plugin == "calico" }}'
|
||||
- name: calico_pool_info
|
||||
cmd: "{{bin_dir}}/calicoctl get ippool -o wide"
|
||||
cmd: "{{ bin_dir }}/calicoctl get ippool -o wide"
|
||||
when: '{{ kube_network_plugin == "calico" }}'
|
||||
- name: weave_info
|
||||
cmd: weave report
|
||||
|
@ -111,19 +111,19 @@
|
|||
- name: Storing commands output
|
||||
shell: "{{ item.cmd }} 2>&1 | tee {{ item.name }}"
|
||||
failed_when: false
|
||||
with_items: "{{commands}}"
|
||||
with_items: "{{ commands }}"
|
||||
when: item.when | default(True)
|
||||
no_log: True
|
||||
|
||||
- name: Fetch results
|
||||
fetch: src={{ item.name }} dest=/tmp/{{ archive_dirname }}/commands
|
||||
with_items: "{{commands}}"
|
||||
with_items: "{{ commands }}"
|
||||
when: item.when | default(True)
|
||||
failed_when: false
|
||||
|
||||
- name: Fetch logs
|
||||
fetch: src={{ item }} dest=/tmp/{{ archive_dirname }}/logs
|
||||
with_items: "{{logs}}"
|
||||
with_items: "{{ logs }}"
|
||||
failed_when: false
|
||||
|
||||
- name: Pack results and logs
|
||||
|
@ -137,4 +137,4 @@
|
|||
|
||||
- name: Clean up collected command outputs
|
||||
file: path={{ item.name }} state=absent
|
||||
with_items: "{{commands}}"
|
||||
with_items: "{{ commands }}"
|
||||
|
|
|
@ -40,7 +40,7 @@
|
|||
dest: "{{ images_dir }}/Dockerfile"
|
||||
|
||||
- name: Create docker images for each OS
|
||||
command: docker build -t {{registry}}/vm-{{ item.key }} --build-arg cloud_image="{{ item.key }}.qcow2" {{ images_dir }}
|
||||
command: docker build -t {{ registry }}/vm-{{ item.key }} --build-arg cloud_image="{{ item.key }}.qcow2" {{ images_dir }}
|
||||
with_dict:
|
||||
- "{{ images }}"
|
||||
|
||||
|
|
|
@ -10,8 +10,8 @@
|
|||
aws_access_key: "{{ aws.access_key }}"
|
||||
aws_secret_key: "{{ aws.secret_key }}"
|
||||
region: "{{ aws.region }}"
|
||||
group_id: "{{ aws.group}}"
|
||||
instance_type: "{{ aws.instance_type}}"
|
||||
group_id: "{{ aws.group }}"
|
||||
instance_type: "{{ aws.instance_type }}"
|
||||
image: "{{ aws.ami_id }}"
|
||||
wait: true
|
||||
count: "{{ aws.count }}"
|
||||
|
@ -30,4 +30,4 @@
|
|||
timeout: 300
|
||||
state: started
|
||||
delegate_to: localhost
|
||||
with_items: "{{ec2.instances}}"
|
||||
with_items: "{{ ec2.instances }}"
|
||||
|
|
|
@ -52,20 +52,20 @@
|
|||
tasks:
|
||||
- name: replace_test_id
|
||||
set_fact:
|
||||
test_name: "{{test_id |regex_replace('\\.', '-')}}"
|
||||
test_name: "{{ test_id |regex_replace('\\.', '-') }}"
|
||||
|
||||
- name: show vars
|
||||
debug: msg="{{cloud_region}}, {{cloud_image}}"
|
||||
debug: msg="{{ cloud_region }}, {{ cloud_image }}"
|
||||
|
||||
- set_fact:
|
||||
instance_names: >-
|
||||
{%- if mode in ['separate', 'ha'] -%}
|
||||
["k8s-{{test_name}}-1", "k8s-{{test_name}}-2", "k8s-{{test_name}}-3"]
|
||||
["k8s-{{ test_name }}-1", "k8s-{{ test_name }}-2", "k8s-{{ test_name }}-3"]
|
||||
{%- else -%}
|
||||
["k8s-{{test_name}}-1", "k8s-{{test_name}}-2"]
|
||||
["k8s-{{ test_name }}-1", "k8s-{{ test_name }}-2"]
|
||||
{%- endif -%}
|
||||
|
||||
- name: Manage DO instances | {{state}}
|
||||
- name: Manage DO instances | {{ state }}
|
||||
digital_ocean:
|
||||
unique_name: yes
|
||||
api_token: "{{ lookup('env','DO_API_TOKEN') }}"
|
||||
|
@ -73,16 +73,16 @@
|
|||
image_id: "{{ cloud_image }}"
|
||||
name: "{{ item }}"
|
||||
private_networking: no
|
||||
region_id: "{{cloud_region}}"
|
||||
size_id: "{{cloud_machine_type}}"
|
||||
ssh_key_ids: "{{ssh_key_id}}"
|
||||
state: "{{state}}"
|
||||
region_id: "{{ cloud_region }}"
|
||||
size_id: "{{ cloud_machine_type }}"
|
||||
ssh_key_ids: "{{ ssh_key_id }}"
|
||||
state: "{{ state }}"
|
||||
wait: yes
|
||||
register: droplets
|
||||
with_items: "{{instance_names}}"
|
||||
with_items: "{{ instance_names }}"
|
||||
|
||||
- debug:
|
||||
msg: "{{droplets}}, {{inventory_path}}"
|
||||
msg: "{{ droplets }}, {{ inventory_path }}"
|
||||
when: state == 'present'
|
||||
|
||||
- name: Template the inventory
|
||||
|
@ -92,6 +92,6 @@
|
|||
when: state == 'present'
|
||||
|
||||
- name: Wait for SSH to come up
|
||||
wait_for: host={{item.droplet.ip_address}} port=22 delay=10 timeout=180 state=started
|
||||
with_items: "{{droplets.results}}"
|
||||
wait_for: host={{ item.droplet.ip_address }} port=22 delay=10 timeout=180 state=started
|
||||
with_items: "{{ droplets.results }}"
|
||||
when: state == 'present'
|
||||
|
|
|
@ -14,39 +14,39 @@
|
|||
|
||||
- name: replace_test_id
|
||||
set_fact:
|
||||
test_name: "{{test_id |regex_replace('\\.', '-')}}"
|
||||
test_name: "{{ test_id |regex_replace('\\.', '-') }}"
|
||||
|
||||
- set_fact:
|
||||
instance_names: >-
|
||||
{%- if mode in ['separate', 'separate-scale', 'ha', 'ha-scale'] -%}
|
||||
k8s-{{test_name}}-1,k8s-{{test_name}}-2,k8s-{{test_name}}-3
|
||||
k8s-{{ test_name }}-1,k8s-{{ test_name }}-2,k8s-{{ test_name }}-3
|
||||
{%- elif mode == 'aio' -%}
|
||||
k8s-{{test_name}}-1
|
||||
k8s-{{ test_name }}-1
|
||||
{%- else -%}
|
||||
k8s-{{test_name}}-1,k8s-{{test_name}}-2
|
||||
k8s-{{ test_name }}-1,k8s-{{ test_name }}-2
|
||||
{%- endif -%}
|
||||
|
||||
- name: Create gce instances
|
||||
gce:
|
||||
instance_names: "{{instance_names}}"
|
||||
instance_names: "{{ instance_names }}"
|
||||
machine_type: "{{ cloud_machine_type }}"
|
||||
image: "{{ cloud_image | default(omit) }}"
|
||||
image_family: "{{ cloud_image_family | default(omit) }}"
|
||||
preemptible: "{{ preemptible }}"
|
||||
service_account_email: "{{ gce_service_account_email }}"
|
||||
pem_file: "{{ gce_pem_file | default(omit)}}"
|
||||
credentials_file: "{{gce_credentials_file | default(omit)}}"
|
||||
pem_file: "{{ gce_pem_file | default(omit) }}"
|
||||
credentials_file: "{{ gce_credentials_file | default(omit) }}"
|
||||
project_id: "{{ gce_project_id }}"
|
||||
zone: "{{cloud_region}}"
|
||||
metadata: '{"test_id": "{{test_id}}", "network": "{{kube_network_plugin}}", "startup-script": "{{startup_script|default("")}}"}'
|
||||
tags: "build-{{test_name}},{{kube_network_plugin}}"
|
||||
zone: "{{ cloud_region }}"
|
||||
metadata: '{"test_id": "{{ test_id }}", "network": "{{ kube_network_plugin }}", "startup-script": "{{ startup_script|default("") }}"}'
|
||||
tags: "build-{{ test_name }},{{ kube_network_plugin }}"
|
||||
ip_forward: yes
|
||||
service_account_permissions: ['compute-rw']
|
||||
register: gce
|
||||
|
||||
- name: Add instances to host group
|
||||
add_host: hostname={{item.public_ip}} groupname="waitfor_hosts"
|
||||
with_items: '{{gce.instance_data}}'
|
||||
add_host: hostname={{ item.public_ip }} groupname="waitfor_hosts"
|
||||
with_items: '{{ gce.instance_data }}'
|
||||
|
||||
- name: Template the inventory
|
||||
template:
|
||||
|
|
|
@ -8,25 +8,25 @@
|
|||
tasks:
|
||||
- name: replace_test_id
|
||||
set_fact:
|
||||
test_name: "{{test_id |regex_replace('\\.', '-')}}"
|
||||
test_name: "{{ test_id |regex_replace('\\.', '-') }}"
|
||||
|
||||
- set_fact:
|
||||
instance_names: >-
|
||||
{%- if mode in ['separate', 'ha'] -%}
|
||||
k8s-{{test_name}}-1,k8s-{{test_name}}-2,k8s-{{test_name}}-3
|
||||
k8s-{{ test_name }}-1,k8s-{{ test_name }}-2,k8s-{{ test_name }}-3
|
||||
{%- else -%}
|
||||
k8s-{{test_name}}-1,k8s-{{test_name}}-2
|
||||
k8s-{{ test_name }}-1,k8s-{{ test_name }}-2
|
||||
{%- endif -%}
|
||||
|
||||
- name: stop gce instances
|
||||
gce:
|
||||
instance_names: "{{instance_names}}"
|
||||
instance_names: "{{ instance_names }}"
|
||||
image: "{{ cloud_image | default(omit) }}"
|
||||
service_account_email: "{{ gce_service_account_email }}"
|
||||
pem_file: "{{ gce_pem_file | default(omit)}}"
|
||||
credentials_file: "{{gce_credentials_file | default(omit)}}"
|
||||
pem_file: "{{ gce_pem_file | default(omit) }}"
|
||||
credentials_file: "{{ gce_credentials_file | default(omit) }}"
|
||||
project_id: "{{ gce_project_id }}"
|
||||
zone: "{{cloud_region | default('europe-west1-b')}}"
|
||||
zone: "{{ cloud_region | default('europe-west1-b') }}"
|
||||
state: 'stopped'
|
||||
async: 120
|
||||
poll: 3
|
||||
|
@ -35,13 +35,13 @@
|
|||
|
||||
- name: delete gce instances
|
||||
gce:
|
||||
instance_names: "{{instance_names}}"
|
||||
instance_names: "{{ instance_names }}"
|
||||
image: "{{ cloud_image | default(omit) }}"
|
||||
service_account_email: "{{ gce_service_account_email }}"
|
||||
pem_file: "{{ gce_pem_file | default(omit)}}"
|
||||
credentials_file: "{{gce_credentials_file | default(omit)}}"
|
||||
pem_file: "{{ gce_pem_file | default(omit) }}"
|
||||
credentials_file: "{{ gce_credentials_file | default(omit) }}"
|
||||
project_id: "{{ gce_project_id }}"
|
||||
zone: "{{cloud_region | default('europe-west1-b')}}"
|
||||
zone: "{{ cloud_region | default('europe-west1-b') }}"
|
||||
state: 'absent'
|
||||
async: 120
|
||||
poll: 3
|
||||
|
|
|
@ -16,7 +16,7 @@
|
|||
test_name: "kargo-ci-{{ out.stdout_lines[0] }}"
|
||||
|
||||
- set_fact:
|
||||
file_name: "{{ostype}}-{{kube_network_plugin}}-{{commit}}-logs.tar.gz"
|
||||
file_name: "{{ ostype }}-{{ kube_network_plugin }}-{{ commit }}-logs.tar.gz"
|
||||
|
||||
- name: Create a bucket
|
||||
gc_storage:
|
||||
|
@ -30,31 +30,31 @@
|
|||
- name: Create a lifecycle template for the bucket
|
||||
template:
|
||||
src: gcs_life.json.j2
|
||||
dest: "{{dir}}/gcs_life.json"
|
||||
dest: "{{ dir }}/gcs_life.json"
|
||||
|
||||
- name: Create a boto config to access GCS
|
||||
template:
|
||||
src: boto.j2
|
||||
dest: "{{dir}}/.boto"
|
||||
dest: "{{ dir }}/.boto"
|
||||
no_log: True
|
||||
|
||||
- name: Download gsutil cp installer
|
||||
get_url:
|
||||
url: https://dl.google.com/dl/cloudsdk/channels/rapid/install_google_cloud_sdk.bash
|
||||
dest: "{{dir}}/gcp-installer.sh"
|
||||
dest: "{{ dir }}/gcp-installer.sh"
|
||||
|
||||
- name: Get gsutil tool
|
||||
script: "{{dir}}/gcp-installer.sh"
|
||||
script: "{{ dir }}/gcp-installer.sh"
|
||||
environment:
|
||||
CLOUDSDK_CORE_DISABLE_PROMPTS: 1
|
||||
CLOUDSDK_INSTALL_DIR: "{{dir}}"
|
||||
CLOUDSDK_INSTALL_DIR: "{{ dir }}"
|
||||
no_log: True
|
||||
failed_when: false
|
||||
|
||||
- name: Apply the lifecycle rules
|
||||
command: "{{dir}}/google-cloud-sdk/bin/gsutil lifecycle set {{dir}}/gcs_life.json gs://{{test_name}}"
|
||||
command: "{{ dir }}/google-cloud-sdk/bin/gsutil lifecycle set {{ dir }}/gcs_life.json gs://{{ test_name }}"
|
||||
environment:
|
||||
BOTO_CONFIG: "{{dir}}/.boto"
|
||||
BOTO_CONFIG: "{{ dir }}/.boto"
|
||||
no_log: True
|
||||
|
||||
- name: Upload collected diagnostic info
|
||||
|
@ -63,13 +63,13 @@
|
|||
mode: put
|
||||
permission: public-read
|
||||
object: "{{ file_name }}"
|
||||
src: "{{dir}}/logs.tar.gz"
|
||||
src: "{{ dir }}/logs.tar.gz"
|
||||
headers: '{"Content-Encoding": "x-gzip"}'
|
||||
gs_access_key: "{{ gs_key }}"
|
||||
gs_secret_key: "{{ gs_skey }}"
|
||||
expiration: "{{expire_days * 36000|int}}"
|
||||
expiration: "{{ expire_days * 36000|int }}"
|
||||
failed_when: false
|
||||
no_log: True
|
||||
|
||||
- debug:
|
||||
msg: "A public url https://storage.googleapis.com/{{test_name}}/{{file_name}}"
|
||||
msg: "A public url https://storage.googleapis.com/{{ test_name }}/{{ file_name }}"
|
||||
|
|
|
@ -12,14 +12,14 @@
|
|||
when: not ansible_os_family in ["CoreOS", "Container Linux by CoreOS"]
|
||||
|
||||
- name: Check kubectl output
|
||||
shell: "{{bin_dir}}/kubectl get pods --all-namespaces -owide"
|
||||
shell: "{{ bin_dir }}/kubectl get pods --all-namespaces -owide"
|
||||
register: get_pods
|
||||
no_log: true
|
||||
|
||||
- debug: msg="{{get_pods.stdout.split('\n')}}"
|
||||
- debug: msg="{{ get_pods.stdout.split('\n') }}"
|
||||
|
||||
- name: Check that all pods are running and ready
|
||||
shell: "{{bin_dir}}/kubectl get pods --all-namespaces --no-headers -o yaml"
|
||||
shell: "{{ bin_dir }}/kubectl get pods --all-namespaces --no-headers -o yaml"
|
||||
register: run_pods_log
|
||||
until:
|
||||
# Check that all pods are running
|
||||
|
@ -32,9 +32,9 @@
|
|||
no_log: true
|
||||
|
||||
- name: Check kubectl output
|
||||
shell: "{{bin_dir}}/kubectl get pods --all-namespaces -owide"
|
||||
shell: "{{ bin_dir }}/kubectl get pods --all-namespaces -owide"
|
||||
register: get_pods
|
||||
no_log: true
|
||||
|
||||
- debug: msg="{{get_pods.stdout.split('\n')}}"
|
||||
- debug: msg="{{ get_pods.stdout.split('\n') }}"
|
||||
failed_when: not run_pods_log is success
|
||||
|
|
|
@ -15,13 +15,13 @@
|
|||
when: not ansible_os_family in ["CoreOS", "Container Linux by CoreOS"]
|
||||
|
||||
- name: Create test namespace
|
||||
shell: "{{bin_dir}}/kubectl create namespace test"
|
||||
shell: "{{ bin_dir }}/kubectl create namespace test"
|
||||
|
||||
- name: Run a replica controller composed of 2 pods in test ns
|
||||
shell: "{{bin_dir}}/kubectl run test --image={{test_image_repo}}:{{test_image_tag}} --namespace test --replicas=2 --command -- tail -f /dev/null"
|
||||
shell: "{{ bin_dir }}/kubectl run test --image={{ test_image_repo }}:{{ test_image_tag }} --namespace test --replicas=2 --command -- tail -f /dev/null"
|
||||
|
||||
- name: Check that all pods are running and ready
|
||||
shell: "{{bin_dir}}/kubectl get pods --namespace test --no-headers -o yaml"
|
||||
shell: "{{ bin_dir }}/kubectl get pods --namespace test --no-headers -o yaml"
|
||||
register: run_pods_log
|
||||
until:
|
||||
# Check that all pods are running
|
||||
|
@ -34,31 +34,31 @@
|
|||
no_log: true
|
||||
|
||||
- name: Get pod names
|
||||
shell: "{{bin_dir}}/kubectl get pods -n test -o json"
|
||||
shell: "{{ bin_dir }}/kubectl get pods -n test -o json"
|
||||
register: pods
|
||||
no_log: true
|
||||
|
||||
- debug: msg="{{pods.stdout.split('\n')}}"
|
||||
- debug: msg="{{ pods.stdout.split('\n') }}"
|
||||
failed_when: not run_pods_log is success
|
||||
|
||||
- name: Get hostnet pods
|
||||
command: "{{bin_dir}}/kubectl get pods -n test -o
|
||||
command: "{{ bin_dir }}/kubectl get pods -n test -o
|
||||
jsonpath='{range .items[?(.spec.hostNetwork)]}{.metadata.name} {.status.podIP} {.status.containerStatuses} {end}'"
|
||||
register: hostnet_pods
|
||||
no_log: true
|
||||
|
||||
- name: Get running pods
|
||||
command: "{{bin_dir}}/kubectl get pods -n test -o
|
||||
command: "{{ bin_dir }}/kubectl get pods -n test -o
|
||||
jsonpath='{range .items[?(.status.phase==\"Running\")]}{.metadata.name} {.status.podIP} {.status.containerStatuses} {end}'"
|
||||
register: running_pods
|
||||
no_log: true
|
||||
|
||||
- name: Check kubectl output
|
||||
shell: "{{bin_dir}}/kubectl get pods --all-namespaces -owide"
|
||||
shell: "{{ bin_dir }}/kubectl get pods --all-namespaces -owide"
|
||||
register: get_pods
|
||||
no_log: true
|
||||
|
||||
- debug: msg="{{get_pods.stdout.split('\n')}}"
|
||||
- debug: msg="{{ get_pods.stdout.split('\n') }}"
|
||||
|
||||
- set_fact:
|
||||
kube_pods_subnet: 10.233.64.0/18
|
||||
|
@ -66,30 +66,30 @@
|
|||
pod_ips: "{{ (pods.stdout | from_json)['items'] | selectattr('status.podIP', 'defined') | map(attribute = 'status.podIP') | list }}"
|
||||
pods_hostnet: |
|
||||
{% set list = hostnet_pods.stdout.split(" ") %}
|
||||
{{list}}
|
||||
{{ list }}
|
||||
pods_running: |
|
||||
{% set list = running_pods.stdout.split(" ") %}
|
||||
{{list}}
|
||||
{{ list }}
|
||||
|
||||
- name: Check pods IP are in correct network
|
||||
assert:
|
||||
that: item | ipaddr(kube_pods_subnet)
|
||||
when: not item in pods_hostnet and item in pods_running
|
||||
with_items: "{{pod_ips}}"
|
||||
with_items: "{{ pod_ips }}"
|
||||
|
||||
- name: Ping between pods is working
|
||||
shell: "{{bin_dir}}/kubectl -n test exec {{item[0]}} -- ping -c 4 {{ item[1] }}"
|
||||
shell: "{{ bin_dir }}/kubectl -n test exec {{ item[0] }} -- ping -c 4 {{ item[1] }}"
|
||||
when: not item[0] in pods_hostnet and not item[1] in pods_hostnet
|
||||
with_nested:
|
||||
- "{{pod_names}}"
|
||||
- "{{pod_ips}}"
|
||||
- "{{ pod_names }}"
|
||||
- "{{ pod_ips }}"
|
||||
|
||||
- name: Ping between hostnet pods is working
|
||||
shell: "{{bin_dir}}/kubectl -n test exec {{item[0]}} -- ping -c 4 {{ item[1] }}"
|
||||
shell: "{{ bin_dir }}/kubectl -n test exec {{ item[0] }} -- ping -c 4 {{ item[1] }}"
|
||||
when: item[0] in pods_hostnet and item[1] in pods_hostnet
|
||||
with_nested:
|
||||
- "{{pod_names}}"
|
||||
- "{{pod_ips}}"
|
||||
- "{{ pod_names }}"
|
||||
- "{{ pod_ips }}"
|
||||
|
||||
- name: Delete test namespace
|
||||
shell: "{{bin_dir}}/kubectl delete namespace test"
|
||||
shell: "{{ bin_dir }}/kubectl delete namespace test"
|
||||
|
|
|
@ -24,8 +24,8 @@
|
|||
when: not ansible_os_family in ["CoreOS", "Container Linux by CoreOS"]
|
||||
|
||||
- name: Wait for netchecker server
|
||||
shell: "{{ bin_dir }}/kubectl get pods -o wide --namespace {{netcheck_namespace}} | grep ^netchecker-server"
|
||||
delegate_to: "{{groups['kube-master'][0]}}"
|
||||
shell: "{{ bin_dir }}/kubectl get pods -o wide --namespace {{ netcheck_namespace }} | grep ^netchecker-server"
|
||||
delegate_to: "{{ groups['kube-master'][0] }}"
|
||||
run_once: true
|
||||
register: ncs_pod
|
||||
until: ncs_pod.stdout.find('Running') != -1
|
||||
|
@ -33,18 +33,18 @@
|
|||
delay: 10
|
||||
|
||||
- name: Wait for netchecker agents
|
||||
shell: "{{ bin_dir }}/kubectl get pods -o wide --namespace {{netcheck_namespace}} | grep '^netchecker-agent-.*Running'"
|
||||
shell: "{{ bin_dir }}/kubectl get pods -o wide --namespace {{ netcheck_namespace }} | grep '^netchecker-agent-.*Running'"
|
||||
run_once: true
|
||||
delegate_to: "{{groups['kube-master'][0]}}"
|
||||
delegate_to: "{{ groups['kube-master'][0] }}"
|
||||
register: nca_pod
|
||||
until: nca_pod.stdout_lines|length >= groups['k8s-cluster']|intersect(ansible_play_hosts)|length * 2
|
||||
retries: 3
|
||||
delay: 10
|
||||
failed_when: false
|
||||
|
||||
- command: "{{ bin_dir }}/kubectl -n {{netcheck_namespace}} describe pod -l app={{ item }}"
|
||||
- command: "{{ bin_dir }}/kubectl -n {{ netcheck_namespace }} describe pod -l app={{ item }}"
|
||||
run_once: true
|
||||
delegate_to: "{{groups['kube-master'][0]}}"
|
||||
delegate_to: "{{ groups['kube-master'][0] }}"
|
||||
no_log: false
|
||||
with_items:
|
||||
- netchecker-agent
|
||||
|
@ -56,9 +56,9 @@
|
|||
run_once: true
|
||||
|
||||
- name: Get netchecker agents
|
||||
uri: url=http://{{ ansible_default_ipv4.address }}:{{netchecker_port}}/api/v1/agents/ return_content=yes
|
||||
uri: url=http://{{ ansible_default_ipv4.address }}:{{ netchecker_port }}/api/v1/agents/ return_content=yes
|
||||
run_once: true
|
||||
delegate_to: "{{groups['kube-master'][0]}}"
|
||||
delegate_to: "{{ groups['kube-master'][0] }}"
|
||||
register: agents
|
||||
retries: 18
|
||||
delay: "{{ agent_report_interval }}"
|
||||
|
@ -77,8 +77,8 @@
|
|||
- agents.content[0] == '{'
|
||||
|
||||
- name: Check netchecker status
|
||||
uri: url=http://{{ ansible_default_ipv4.address }}:{{netchecker_port}}/api/v1/connectivity_check status_code=200 return_content=yes
|
||||
delegate_to: "{{groups['kube-master'][0]}}"
|
||||
uri: url=http://{{ ansible_default_ipv4.address }}:{{ netchecker_port }}/api/v1/connectivity_check status_code=200 return_content=yes
|
||||
delegate_to: "{{ groups['kube-master'][0] }}"
|
||||
run_once: true
|
||||
register: result
|
||||
retries: 3
|
||||
|
@ -97,13 +97,13 @@
|
|||
- command: "{{ bin_dir }}/kubectl -n kube-system logs -l k8s-app=kube-proxy"
|
||||
run_once: true
|
||||
when: not result is success
|
||||
delegate_to: "{{groups['kube-master'][0]}}"
|
||||
delegate_to: "{{ groups['kube-master'][0] }}"
|
||||
no_log: false
|
||||
|
||||
- command: "{{ bin_dir }}/kubectl -n kube-system logs -l k8s-app={{item}} --all-containers"
|
||||
- command: "{{ bin_dir }}/kubectl -n kube-system logs -l k8s-app={{ item }} --all-containers"
|
||||
run_once: true
|
||||
when: not result is success
|
||||
delegate_to: "{{groups['kube-master'][0]}}"
|
||||
delegate_to: "{{ groups['kube-master'][0] }}"
|
||||
no_log: false
|
||||
with_items:
|
||||
- kube-router
|
||||
|
|
|
@ -38,7 +38,7 @@
|
|||
pre_tasks:
|
||||
- name: gather facts from all instances
|
||||
setup:
|
||||
delegate_to: "{{item}}"
|
||||
delegate_to: "{{ item }}"
|
||||
delegate_facts: True
|
||||
with_items: "{{ groups['k8s-cluster'] + groups['etcd'] + groups['calico-rr']|default([]) }}"
|
||||
|
||||
|
@ -50,7 +50,7 @@
|
|||
- { role: kubernetes/preinstall, tags: preinstall }
|
||||
- { role: container-engine, tags: "container-engine", when: deploy_container_engine|default(true) }
|
||||
- { role: download, tags: download, when: "not skip_downloads" }
|
||||
environment: "{{proxy_env}}"
|
||||
environment: "{{ proxy_env }}"
|
||||
|
||||
- hosts: etcd
|
||||
any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
|
||||
|
@ -76,7 +76,7 @@
|
|||
- { role: kubernetes/client, tags: client }
|
||||
- { role: kubernetes-apps/cluster_roles, tags: cluster-roles }
|
||||
- { role: upgrade/post-upgrade, tags: post-upgrade }
|
||||
environment: "{{proxy_env}}"
|
||||
environment: "{{ proxy_env }}"
|
||||
|
||||
- name: Upgrade calico on all masters and nodes
|
||||
hosts: kube-master:kube-node
|
||||
|
@ -98,7 +98,7 @@
|
|||
- { role: kubernetes/node, tags: node }
|
||||
- { role: kubernetes/kubeadm, tags: kubeadm }
|
||||
- { role: upgrade/post-upgrade, tags: post-upgrade }
|
||||
environment: "{{proxy_env}}"
|
||||
environment: "{{ proxy_env }}"
|
||||
|
||||
- hosts: kube-master[0]
|
||||
any_errors_fatal: true
|
||||
|
@ -112,14 +112,14 @@
|
|||
roles:
|
||||
- { role: kubespray-defaults}
|
||||
- { role: network_plugin/calico/rr, tags: network }
|
||||
environment: "{{proxy_env}}"
|
||||
environment: "{{ proxy_env }}"
|
||||
|
||||
- hosts: kube-master
|
||||
any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
|
||||
roles:
|
||||
- { role: kubespray-defaults}
|
||||
- { role: kubernetes-apps, tags: apps }
|
||||
environment: "{{proxy_env}}"
|
||||
environment: "{{ proxy_env }}"
|
||||
|
||||
- hosts: k8s-cluster
|
||||
any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
|
||||
|
|
Loading…
Reference in a new issue