Refactor downloads to use download role directly (#1824)
* Refactor downloads to use download role directly Also disable fact delegation so download delegate works acros OSes. * clean up bools and ansible_os_family conditionals
This commit is contained in:
parent
49dff97d9c
commit
fc9a65be2b
28 changed files with 312 additions and 472 deletions
|
@ -31,6 +31,7 @@
|
|||
- role: rkt
|
||||
tags: rkt
|
||||
when: "'rkt' in [etcd_deployment_type, kubelet_deployment_type, vault_deployment_type]"
|
||||
- { role: download, tags: download, skip_downloads: false }
|
||||
|
||||
- hosts: etcd:k8s-cluster:vault
|
||||
any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
|
||||
|
|
|
@ -1,8 +0,0 @@
|
|||
---
|
||||
dependencies:
|
||||
- role: download
|
||||
file: "{{ downloads.dnsmasq }}"
|
||||
when: dns_mode == 'dnsmasq_kubedns' and download_localhost|default(false)
|
||||
tags:
|
||||
- download
|
||||
- dnsmasq
|
|
@ -1,6 +1,9 @@
|
|||
---
|
||||
local_release_dir: /tmp
|
||||
|
||||
# Used to only evaluate vars from download role
|
||||
skip_downloads: false
|
||||
|
||||
# if this is set to true will only download files once. Doesn't work
|
||||
# on Container Linux by CoreOS unless the download_localhost is true and localhost
|
||||
# is running another OS type. Default compress level is 1 (fastest).
|
||||
|
@ -17,6 +20,9 @@ download_localhost: False
|
|||
# Always pull images if set to True. Otherwise check by the repo's tag/digest.
|
||||
download_always_pull: False
|
||||
|
||||
# Use the first kube-master if download_localhost is not set
|
||||
download_delegate: "{% if download_localhost %}localhost{% else %}{{groups['kube-master'][0]}}{% endif %}"
|
||||
|
||||
# Versions
|
||||
kube_version: v1.8.0
|
||||
kubeadm_version: "{{ kube_version }}"
|
||||
|
@ -44,6 +50,13 @@ istio_version: "0.2.6"
|
|||
istioctl_download_url: "https://storage.googleapis.com/istio-release/releases/{{ istio_version }}/istioctl/istioctl-linux"
|
||||
istioctl_checksum: fd703063c540b8c0ab943f478c05ab257d88ae27224c746a27d0526ddbf7c370
|
||||
|
||||
vault_version: 0.8.1
|
||||
vault_binary_checksum: 3c4d70ba71619a43229e65c67830e30e050eab7a81ac6b28325ff707e5914188
|
||||
vault_download_url: "https://releases.hashicorp.com/vault/{{ vault_version }}/vault_{{ vault_version }}_linux_amd64.zip"
|
||||
vault_image_repo: "vault"
|
||||
vault_image_tag: "{{ vault_version }}"
|
||||
|
||||
|
||||
# Containers
|
||||
etcd_image_repo: "quay.io/coreos/etcd"
|
||||
etcd_image_tag: "{{ etcd_version }}"
|
||||
|
@ -113,23 +126,26 @@ tiller_image_tag: "{{ tiller_version }}"
|
|||
|
||||
downloads:
|
||||
netcheck_server:
|
||||
enabled: "{{ deploy_netchecker }}"
|
||||
container: true
|
||||
repo: "{{ netcheck_server_img_repo }}"
|
||||
tag: "{{ netcheck_server_tag }}"
|
||||
sha256: "{{ netcheck_server_digest_checksum|default(None) }}"
|
||||
enabled: "{{ deploy_netchecker|bool }}"
|
||||
netcheck_agent:
|
||||
enabled: "{{ deploy_netchecker }}"
|
||||
container: true
|
||||
repo: "{{ netcheck_agent_img_repo }}"
|
||||
tag: "{{ netcheck_agent_tag }}"
|
||||
sha256: "{{ netcheck_agent_digest_checksum|default(None) }}"
|
||||
enabled: "{{ deploy_netchecker|bool }}"
|
||||
etcd:
|
||||
enabled: true
|
||||
container: true
|
||||
repo: "{{ etcd_image_repo }}"
|
||||
tag: "{{ etcd_image_tag }}"
|
||||
sha256: "{{ etcd_digest_checksum|default(None) }}"
|
||||
kubeadm:
|
||||
enabled: "{{ kubeadm_enabled }}"
|
||||
file: true
|
||||
version: "{{ kubeadm_version }}"
|
||||
dest: "kubeadm"
|
||||
sha256: "{{ kubeadm_checksum }}"
|
||||
|
@ -139,6 +155,8 @@ downloads:
|
|||
owner: "root"
|
||||
mode: "0755"
|
||||
istioctl:
|
||||
enabled: "{{ istio_enabled }}"
|
||||
file: true
|
||||
version: "{{ istio_version }}"
|
||||
dest: "istio/istioctl"
|
||||
sha256: "{{ istioctl_checksum }}"
|
||||
|
@ -148,145 +166,173 @@ downloads:
|
|||
owner: "root"
|
||||
mode: "0755"
|
||||
hyperkube:
|
||||
enabled: true
|
||||
container: true
|
||||
repo: "{{ hyperkube_image_repo }}"
|
||||
tag: "{{ hyperkube_image_tag }}"
|
||||
sha256: "{{ hyperkube_digest_checksum|default(None) }}"
|
||||
flannel:
|
||||
enabled: "{{ kube_network_plugin == 'flannel' or kube_network_plugin == 'canal' }}"
|
||||
container: true
|
||||
repo: "{{ flannel_image_repo }}"
|
||||
tag: "{{ flannel_image_tag }}"
|
||||
sha256: "{{ flannel_digest_checksum|default(None) }}"
|
||||
enabled: "{{ kube_network_plugin == 'flannel' or kube_network_plugin == 'canal' }}"
|
||||
flannel_cni:
|
||||
enabled: "{{ kube_network_plugin == 'flannel' }}"
|
||||
container: true
|
||||
repo: "{{ flannel_cni_image_repo }}"
|
||||
tag: "{{ flannel_cni_image_tag }}"
|
||||
sha256: "{{ flannel_cni_digest_checksum|default(None) }}"
|
||||
enabled: "{{ kube_network_plugin == 'flannel' }}"
|
||||
calicoctl:
|
||||
enabled: "{{ kube_network_plugin == 'calico' or kube_network_plugin == 'canal' }}"
|
||||
container: true
|
||||
repo: "{{ calicoctl_image_repo }}"
|
||||
tag: "{{ calicoctl_image_tag }}"
|
||||
sha256: "{{ calicoctl_digest_checksum|default(None) }}"
|
||||
enabled: "{{ kube_network_plugin == 'calico' or kube_network_plugin == 'canal' }}"
|
||||
calico_node:
|
||||
enabled: "{{ kube_network_plugin == 'calico' or kube_network_plugin == 'canal' }}"
|
||||
container: true
|
||||
repo: "{{ calico_node_image_repo }}"
|
||||
tag: "{{ calico_node_image_tag }}"
|
||||
sha256: "{{ calico_node_digest_checksum|default(None) }}"
|
||||
enabled: "{{ kube_network_plugin == 'calico' or kube_network_plugin == 'canal' }}"
|
||||
calico_cni:
|
||||
enabled: "{{ kube_network_plugin == 'calico' or kube_network_plugin == 'canal' }}"
|
||||
container: true
|
||||
repo: "{{ calico_cni_image_repo }}"
|
||||
tag: "{{ calico_cni_image_tag }}"
|
||||
sha256: "{{ calico_cni_digest_checksum|default(None) }}"
|
||||
enabled: "{{ kube_network_plugin == 'calico' or kube_network_plugin == 'canal' }}"
|
||||
calico_policy:
|
||||
enabled: "{{ enable_network_policy or kube_network_plugin == 'canal' }}"
|
||||
container: true
|
||||
repo: "{{ calico_policy_image_repo }}"
|
||||
tag: "{{ calico_policy_image_tag }}"
|
||||
sha256: "{{ calico_policy_digest_checksum|default(None) }}"
|
||||
enabled: "{{ kube_network_plugin == 'canal' }}"
|
||||
calico_rr:
|
||||
enabled: "{{ peer_with_calico_rr is defined and peer_with_calico_rr}} and kube_network_plugin == 'calico'"
|
||||
container: true
|
||||
repo: "{{ calico_rr_image_repo }}"
|
||||
tag: "{{ calico_rr_image_tag }}"
|
||||
sha256: "{{ calico_rr_digest_checksum|default(None) }}"
|
||||
enabled: "{{ peer_with_calico_rr is defined and peer_with_calico_rr}} and kube_network_plugin == 'calico'"
|
||||
weave_kube:
|
||||
enabled: "{{ kube_network_plugin == 'weave' }}"
|
||||
container: true
|
||||
repo: "{{ weave_kube_image_repo }}"
|
||||
tag: "{{ weave_kube_image_tag }}"
|
||||
sha256: "{{ weave_kube_digest_checksum|default(None) }}"
|
||||
enabled: "{{ kube_network_plugin == 'weave' }}"
|
||||
weave_npc:
|
||||
enabled: "{{ kube_network_plugin == 'weave' }}"
|
||||
container: true
|
||||
repo: "{{ weave_npc_image_repo }}"
|
||||
tag: "{{ weave_npc_image_tag }}"
|
||||
sha256: "{{ weave_npc_digest_checksum|default(None) }}"
|
||||
enabled: "{{ kube_network_plugin == 'weave' }}"
|
||||
pod_infra:
|
||||
enabled: true
|
||||
container: true
|
||||
repo: "{{ pod_infra_image_repo }}"
|
||||
tag: "{{ pod_infra_image_tag }}"
|
||||
sha256: "{{ pod_infra_digest_checksum|default(None) }}"
|
||||
install_socat:
|
||||
enabled: "{{ ansible_os_family in ['CoreOS', 'Container Linux by CoreOS'] }}"
|
||||
container: true
|
||||
repo: "{{ install_socat_image_repo }}"
|
||||
tag: "{{ install_socat_image_tag }}"
|
||||
sha256: "{{ install_socat_digest_checksum|default(None) }}"
|
||||
nginx:
|
||||
enabled: true
|
||||
container: true
|
||||
repo: "{{ nginx_image_repo }}"
|
||||
tag: "{{ nginx_image_tag }}"
|
||||
sha256: "{{ nginx_digest_checksum|default(None) }}"
|
||||
dnsmasq:
|
||||
enabled: "{{ dns_mode == 'dnsmasq_kubedns' }}"
|
||||
container: true
|
||||
repo: "{{ dnsmasq_image_repo }}"
|
||||
tag: "{{ dnsmasq_image_tag }}"
|
||||
sha256: "{{ dnsmasq_digest_checksum|default(None) }}"
|
||||
kubedns:
|
||||
enabled: true
|
||||
container: true
|
||||
repo: "{{ kubedns_image_repo }}"
|
||||
tag: "{{ kubedns_image_tag }}"
|
||||
sha256: "{{ kubedns_digest_checksum|default(None) }}"
|
||||
dnsmasq_nanny:
|
||||
enabled: true
|
||||
container: true
|
||||
repo: "{{ dnsmasq_nanny_image_repo }}"
|
||||
tag: "{{ dnsmasq_nanny_image_tag }}"
|
||||
sha256: "{{ dnsmasq_nanny_digest_checksum|default(None) }}"
|
||||
dnsmasq_sidecar:
|
||||
enabled: true
|
||||
container: true
|
||||
repo: "{{ dnsmasq_sidecar_image_repo }}"
|
||||
tag: "{{ dnsmasq_sidecar_image_tag }}"
|
||||
sha256: "{{ dnsmasq_sidecar_digest_checksum|default(None) }}"
|
||||
kubednsautoscaler:
|
||||
enabled: true
|
||||
container: true
|
||||
repo: "{{ kubednsautoscaler_image_repo }}"
|
||||
tag: "{{ kubednsautoscaler_image_tag }}"
|
||||
sha256: "{{ kubednsautoscaler_digest_checksum|default(None) }}"
|
||||
testbox:
|
||||
enabled: true
|
||||
container: true
|
||||
repo: "{{ test_image_repo }}"
|
||||
tag: "{{ test_image_tag }}"
|
||||
sha256: "{{ testbox_digest_checksum|default(None) }}"
|
||||
elasticsearch:
|
||||
enabled: "{{ efk_enabled }}"
|
||||
container: true
|
||||
repo: "{{ elasticsearch_image_repo }}"
|
||||
tag: "{{ elasticsearch_image_tag }}"
|
||||
sha256: "{{ elasticsearch_digest_checksum|default(None) }}"
|
||||
fluentd:
|
||||
enabled: "{{ efk_enabled }}"
|
||||
container: true
|
||||
repo: "{{ fluentd_image_repo }}"
|
||||
tag: "{{ fluentd_image_tag }}"
|
||||
sha256: "{{ fluentd_digest_checksum|default(None) }}"
|
||||
kibana:
|
||||
enabled: "{{ efk_enabled }}"
|
||||
container: true
|
||||
repo: "{{ kibana_image_repo }}"
|
||||
tag: "{{ kibana_image_tag }}"
|
||||
sha256: "{{ kibana_digest_checksum|default(None) }}"
|
||||
helm:
|
||||
enabled: "{{ helm_enabled }}"
|
||||
container: true
|
||||
repo: "{{ helm_image_repo }}"
|
||||
tag: "{{ helm_image_tag }}"
|
||||
sha256: "{{ helm_digest_checksum|default(None) }}"
|
||||
tiller:
|
||||
enabled: "{{ helm_enabled }}"
|
||||
container: true
|
||||
repo: "{{ tiller_image_repo }}"
|
||||
tag: "{{ tiller_image_tag }}"
|
||||
sha256: "{{ tiller_digest_checksum|default(None) }}"
|
||||
vault:
|
||||
enabled: "{{ cert_management == 'vault' }}"
|
||||
container: "{{ vault_deployment_type != 'host' }}"
|
||||
file: "{{ vault_deployment_type == 'host' }}"
|
||||
dest: "vault/vault_{{ vault_version }}_linux_amd64.zip"
|
||||
mode: "0755"
|
||||
owner: "vault"
|
||||
repo: "{{ vault_image_repo }}"
|
||||
sha256: "{{ vault_binary_checksum if vault_deployment_type == 'host' else vault_digest_checksum|d(none) }}"
|
||||
source_url: "{{ vault_download_url }}"
|
||||
tag: "{{ vault_image_tag }}"
|
||||
unarchive: true
|
||||
url: "{{ vault_download_url }}"
|
||||
version: "{{ vault_version }}"
|
||||
|
||||
download:
|
||||
container: "{{ file.container|default(false) }}"
|
||||
repo: "{{ file.repo|default(None) }}"
|
||||
tag: "{{ file.tag|default(None) }}"
|
||||
enabled: "{{ file.enabled|default(true) }}"
|
||||
dest: "{{ file.dest|default(None) }}"
|
||||
version: "{{ file.version|default(None) }}"
|
||||
sha256: "{{ file.sha256|default(None) }}"
|
||||
source_url: "{{ file.source_url|default(None) }}"
|
||||
url: "{{ file.url|default(None) }}"
|
||||
unarchive: "{{ file.unarchive|default(false) }}"
|
||||
owner: "{{ file.owner|default('kube') }}"
|
||||
mode: "{{ file.mode|default(None) }}"
|
||||
download_defaults:
|
||||
container: false
|
||||
file: false
|
||||
repo: None
|
||||
tag: None
|
||||
enabled: false
|
||||
dest: None
|
||||
version: None
|
||||
url: None
|
||||
unarchive: false
|
||||
owner: kube
|
||||
mode: None
|
||||
|
|
2
roles/download/meta/main.yml
Normal file
2
roles/download/meta/main.yml
Normal file
|
@ -0,0 +1,2 @@
|
|||
---
|
||||
allow_duplicates: true
|
26
roles/download/tasks/download_container.yml
Normal file
26
roles/download/tasks/download_container.yml
Normal file
|
@ -0,0 +1,26 @@
|
|||
---
|
||||
- name: container_download | Make download decision if pull is required by tag or sha256
|
||||
include: set_docker_image_facts.yml
|
||||
delegate_to: "{{ download_delegate if download_run_once or omit }}"
|
||||
delegate_facts: no
|
||||
run_once: "{{ download_run_once }}"
|
||||
when:
|
||||
- download.enabled
|
||||
- download.container
|
||||
tags:
|
||||
- facts
|
||||
|
||||
- name: container_download | Download containers if pull is required or told to always pull
|
||||
command: "{{ docker_bin_dir }}/docker pull {{ pull_args }}"
|
||||
register: pull_task_result
|
||||
until: pull_task_result|succeeded
|
||||
retries: 4
|
||||
delay: "{{ retry_stagger | random + 3 }}"
|
||||
environment: "{{ proxy_env }}"
|
||||
when:
|
||||
- download.enabled
|
||||
- download.container
|
||||
- pull_required|default(download_always_pull)
|
||||
delegate_to: "{{ download_delegate if download_run_once or omit }}"
|
||||
delegate_facts: no
|
||||
run_once: "{{ download_run_once }}"
|
37
roles/download/tasks/download_file.yml
Normal file
37
roles/download/tasks/download_file.yml
Normal file
|
@ -0,0 +1,37 @@
|
|||
---
|
||||
- name: file_download | Create dest directory
|
||||
file:
|
||||
path: "{{local_release_dir}}/{{download.dest|dirname}}"
|
||||
state: directory
|
||||
recurse: yes
|
||||
when:
|
||||
- download.enabled
|
||||
- download.file
|
||||
|
||||
- name: file_download | Download item
|
||||
get_url:
|
||||
url: "{{download.url}}"
|
||||
dest: "{{local_release_dir}}/{{download.dest}}"
|
||||
sha256sum: "{{download.sha256 | default(omit)}}"
|
||||
owner: "{{ download.owner|default(omit) }}"
|
||||
mode: "{{ download.mode|default(omit) }}"
|
||||
register: get_url_result
|
||||
until: "'OK' in get_url_result.msg or 'file already exists' in get_url_result.msg"
|
||||
retries: 4
|
||||
delay: "{{ retry_stagger | random + 3 }}"
|
||||
environment: "{{ proxy_env }}"
|
||||
when:
|
||||
- download.enabled
|
||||
- download.file
|
||||
|
||||
- name: file_download | Extract archives
|
||||
unarchive:
|
||||
src: "{{ local_release_dir }}/{{download.dest}}"
|
||||
dest: "{{ local_release_dir }}/{{download.dest|dirname}}"
|
||||
owner: "{{ download.owner|default(omit) }}"
|
||||
mode: "{{ download.mode|default(omit) }}"
|
||||
copy: no
|
||||
when:
|
||||
- download.enabled
|
||||
- download.file
|
||||
- download.unarchive|default(False)
|
32
roles/download/tasks/download_prep.yml
Normal file
32
roles/download/tasks/download_prep.yml
Normal file
|
@ -0,0 +1,32 @@
|
|||
---
|
||||
- name: Register docker images info
|
||||
raw: >-
|
||||
{{ docker_bin_dir }}/docker images -q | xargs {{ docker_bin_dir }}/docker inspect -f "{{ '{{' }} (index .RepoTags 0) {{ '}}' }},{{ '{{' }} (index .RepoDigests 0) {{ '}}' }}" | tr '\n' ','
|
||||
no_log: true
|
||||
register: docker_images
|
||||
failed_when: false
|
||||
changed_when: false
|
||||
check_mode: no
|
||||
|
||||
- name: container_download | Create dest directory for saved/loaded container images
|
||||
file:
|
||||
path: "{{local_release_dir}}/containers"
|
||||
state: directory
|
||||
recurse: yes
|
||||
mode: 0755
|
||||
owner: "{{ansible_ssh_user|default(ansible_user_id)}}"
|
||||
|
||||
- name: container_download | create local directory for saved/loaded container images
|
||||
file:
|
||||
path: "{{local_release_dir}}/containers"
|
||||
state: directory
|
||||
recurse: yes
|
||||
delegate_to: localhost
|
||||
delegate_facts: false
|
||||
become: false
|
||||
run_once: true
|
||||
when:
|
||||
- download_run_once
|
||||
- download_delegate == 'localhost'
|
||||
tags:
|
||||
- localhost
|
|
@ -1,218 +1,24 @@
|
|||
---
|
||||
- name: file_download | Create dest directories
|
||||
file:
|
||||
path: "{{local_release_dir}}/{{download.dest|dirname}}"
|
||||
state: directory
|
||||
recurse: yes
|
||||
- import_tasks: download_prep.yml
|
||||
when:
|
||||
- download.enabled|bool
|
||||
- not download.container|bool
|
||||
tags:
|
||||
- bootstrap-os
|
||||
- not skip_downloads|default(false)
|
||||
|
||||
- name: file_download | Download item
|
||||
get_url:
|
||||
url: "{{download.url}}"
|
||||
dest: "{{local_release_dir}}/{{download.dest}}"
|
||||
sha256sum: "{{download.sha256 | default(omit)}}"
|
||||
owner: "{{ download.owner|default(omit) }}"
|
||||
mode: "{{ download.mode|default(omit) }}"
|
||||
register: get_url_result
|
||||
until: "'OK' in get_url_result.msg or 'file already exists' in get_url_result.msg"
|
||||
retries: 4
|
||||
delay: "{{ retry_stagger | random + 3 }}"
|
||||
environment: "{{ proxy_env }}"
|
||||
- name: "Download items"
|
||||
include: "download_{% if download.container %}container{% else %}file{% endif %}.yml"
|
||||
vars:
|
||||
download: "{{ download_defaults | combine(item.value) }}"
|
||||
with_dict: "{{ downloads }}"
|
||||
when:
|
||||
- download.enabled|bool
|
||||
- not download.container|bool
|
||||
- not skip_downloads|default(false)
|
||||
- item.enabled
|
||||
|
||||
- name: file_download | Extract archives
|
||||
unarchive:
|
||||
src: "{{ local_release_dir }}/{{download.dest}}"
|
||||
dest: "{{ local_release_dir }}/{{download.dest|dirname}}"
|
||||
owner: "{{ download.owner|default(omit) }}"
|
||||
mode: "{{ download.mode|default(omit) }}"
|
||||
copy: no
|
||||
- name: "Sync container"
|
||||
include: sync_container.yml
|
||||
vars:
|
||||
download: "{{ download_defaults | combine(item.value) }}"
|
||||
with_dict: "{{ downloads }}"
|
||||
when:
|
||||
- download.enabled|bool
|
||||
- not download.container|bool
|
||||
- download.unarchive|default(False)
|
||||
|
||||
- name: file_download | Fix permissions
|
||||
file:
|
||||
state: file
|
||||
path: "{{local_release_dir}}/{{download.dest}}"
|
||||
owner: "{{ download.owner|default(omit) }}"
|
||||
mode: "{{ download.mode|default(omit) }}"
|
||||
when:
|
||||
- download.enabled|bool
|
||||
- not download.container|bool
|
||||
- (download.unarchive is not defined or download.unarchive == False)
|
||||
|
||||
- set_fact:
|
||||
download_delegate: "{% if download_localhost|bool %}localhost{% else %}{{groups['kube-master'][0]}}{% endif %}"
|
||||
run_once: true
|
||||
tags:
|
||||
- facts
|
||||
|
||||
- name: container_download | Create dest directory for saved/loaded container images
|
||||
file:
|
||||
path: "{{local_release_dir}}/containers"
|
||||
state: directory
|
||||
recurse: yes
|
||||
mode: 0755
|
||||
owner: "{{ansible_ssh_user|default(ansible_user_id)}}"
|
||||
when:
|
||||
- download.enabled|bool
|
||||
- download.container|bool
|
||||
tags:
|
||||
- bootstrap-os
|
||||
|
||||
# This is required for the download_localhost delegate to work smooth with Container Linux by CoreOS cluster nodes
|
||||
- name: container_download | Hack python binary path for localhost
|
||||
raw: sh -c "mkdir -p /opt/bin; ln -sf /usr/bin/python /opt/bin/python"
|
||||
delegate_to: localhost
|
||||
when: download_delegate == 'localhost'
|
||||
failed_when: false
|
||||
tags:
|
||||
- localhost
|
||||
|
||||
- name: container_download | create local directory for saved/loaded container images
|
||||
file:
|
||||
path: "{{local_release_dir}}/containers"
|
||||
state: directory
|
||||
recurse: yes
|
||||
delegate_to: localhost
|
||||
become: false
|
||||
run_once: true
|
||||
when:
|
||||
- download_run_once|bool
|
||||
- download.enabled|bool
|
||||
- download.container|bool
|
||||
- download_delegate == 'localhost'
|
||||
tags:
|
||||
- localhost
|
||||
|
||||
- name: container_download | Make download decision if pull is required by tag or sha256
|
||||
include: set_docker_image_facts.yml
|
||||
when:
|
||||
- download.enabled|bool
|
||||
- download.container|bool
|
||||
delegate_to: "{{ download_delegate if download_run_once|bool or omit }}"
|
||||
run_once: "{{ download_run_once|bool }}"
|
||||
tags:
|
||||
- facts
|
||||
|
||||
- name: container_download | Download containers if pull is required or told to always pull
|
||||
command: "{{ docker_bin_dir }}/docker pull {{ pull_args }}"
|
||||
register: pull_task_result
|
||||
until: pull_task_result|succeeded
|
||||
retries: 4
|
||||
delay: "{{ retry_stagger | random + 3 }}"
|
||||
environment: "{{ proxy_env }}"
|
||||
when:
|
||||
- download.enabled|bool
|
||||
- download.container|bool
|
||||
- pull_required|bool|default(download_always_pull)
|
||||
delegate_to: "{{ download_delegate if download_run_once|bool or omit }}"
|
||||
run_once: "{{ download_run_once|bool }}"
|
||||
|
||||
- set_fact:
|
||||
fname: "{{local_release_dir}}/containers/{{download.repo|regex_replace('/|\0|:', '_')}}:{{download.tag|default(download.sha256)|regex_replace('/|\0|:', '_')}}.tar"
|
||||
run_once: true
|
||||
tags:
|
||||
- facts
|
||||
|
||||
- name: "container_download | Set default value for 'container_changed' to false"
|
||||
set_fact:
|
||||
container_changed: "{{pull_required|default(false)|bool}}"
|
||||
|
||||
- name: "container_download | Update the 'container_changed' fact"
|
||||
set_fact:
|
||||
container_changed: "{{ pull_required|bool|default(false) or not 'up to date' in pull_task_result.stdout }}"
|
||||
when:
|
||||
- download.enabled|bool
|
||||
- download.container|bool
|
||||
- pull_required|bool|default(download_always_pull)
|
||||
run_once: "{{ download_run_once|bool }}"
|
||||
tags:
|
||||
- facts
|
||||
|
||||
- name: container_download | Stat saved container image
|
||||
stat:
|
||||
path: "{{fname}}"
|
||||
register: img
|
||||
changed_when: false
|
||||
when:
|
||||
- download.enabled|bool
|
||||
- download.container|bool
|
||||
- download_run_once|bool
|
||||
delegate_to: "{{ download_delegate }}"
|
||||
become: false
|
||||
run_once: true
|
||||
tags:
|
||||
- facts
|
||||
|
||||
- name: container_download | save container images
|
||||
shell: "{{ docker_bin_dir }}/docker save {{ pull_args }} | gzip -{{ download_compress }} > {{ fname }}"
|
||||
delegate_to: "{{ download_delegate }}"
|
||||
register: saved
|
||||
run_once: true
|
||||
when:
|
||||
- (not ansible_os_family in ["CoreOS", "Container Linux by CoreOS"] or download_delegate == "localhost")
|
||||
- download_run_once|bool
|
||||
- download.enabled|bool
|
||||
- download.container|bool
|
||||
- (container_changed|bool or not img.stat.exists)
|
||||
|
||||
- name: container_download | copy container images to ansible host
|
||||
synchronize:
|
||||
src: "{{ fname }}"
|
||||
dest: "{{ fname }}"
|
||||
use_ssh_args: yes
|
||||
mode: pull
|
||||
delegate_to: localhost
|
||||
become: false
|
||||
when:
|
||||
- not ansible_os_family in ["CoreOS", "Container Linux by CoreOS"]
|
||||
- inventory_hostname == groups['kube-master'][0]
|
||||
- download_delegate != "localhost"
|
||||
- download_run_once|bool
|
||||
- download.enabled|bool
|
||||
- download.container|bool
|
||||
- saved.changed
|
||||
|
||||
- name: container_download | upload container images to nodes
|
||||
synchronize:
|
||||
src: "{{ fname }}"
|
||||
dest: "{{ fname }}"
|
||||
use_ssh_args: yes
|
||||
mode: push
|
||||
delegate_to: localhost
|
||||
become: false
|
||||
register: get_task
|
||||
until: get_task|succeeded
|
||||
retries: 4
|
||||
delay: "{{ retry_stagger | random + 3 }}"
|
||||
when:
|
||||
- (not ansible_os_family in ["CoreOS", "Container Linux by CoreOS"] and
|
||||
inventory_hostname != groups['kube-master'][0] or
|
||||
download_delegate == "localhost")
|
||||
- download_run_once|bool
|
||||
- download.enabled|bool
|
||||
- download.container|bool
|
||||
tags:
|
||||
- upload
|
||||
- upgrade
|
||||
|
||||
- name: container_download | load container images
|
||||
shell: "{{ docker_bin_dir }}/docker load < {{ fname }}"
|
||||
when:
|
||||
- (not ansible_os_family in ["CoreOS", "Container Linux by CoreOS"] and
|
||||
inventory_hostname != groups['kube-master'][0] or download_delegate == "localhost")
|
||||
- download_run_once|bool
|
||||
- download.enabled|bool
|
||||
- download.container|bool
|
||||
tags:
|
||||
- upload
|
||||
- upgrade
|
||||
- not skip_downloads|default(false)
|
||||
- item.enabled
|
||||
- item.container
|
||||
- download_run_once
|
||||
|
|
|
@ -5,7 +5,7 @@
|
|||
|
||||
- set_fact:
|
||||
pull_args: >-
|
||||
{%- if pull_by_digest|bool %}{{download.repo}}@sha256:{{download.sha256}}{%- else -%}{{download.repo}}:{{download.tag}}{%- endif -%}
|
||||
{%- if pull_by_digest %}{{download.repo}}@sha256:{{download.sha256}}{%- else -%}{{download.repo}}:{{download.tag}}{%- endif -%}
|
||||
|
||||
- name: Register docker images info
|
||||
raw: >-
|
||||
|
@ -15,16 +15,16 @@
|
|||
failed_when: false
|
||||
changed_when: false
|
||||
check_mode: no
|
||||
when: not download_always_pull|bool
|
||||
when: not download_always_pull
|
||||
|
||||
- set_fact:
|
||||
pull_required: >-
|
||||
{%- if pull_args in docker_images.stdout.split(',') %}false{%- else -%}true{%- endif -%}
|
||||
when: not download_always_pull|bool
|
||||
when: not download_always_pull
|
||||
|
||||
- name: Check the local digest sha256 corresponds to the given image tag
|
||||
assert:
|
||||
that: "{{download.repo}}:{{download.tag}} in docker_images.stdout.split(',')"
|
||||
when: not download_always_pull|bool and not pull_required|bool and pull_by_digest|bool
|
||||
when: not download_always_pull and not pull_required and pull_by_digest
|
||||
tags:
|
||||
- asserts
|
||||
|
|
114
roles/download/tasks/sync_container.yml
Normal file
114
roles/download/tasks/sync_container.yml
Normal file
|
@ -0,0 +1,114 @@
|
|||
---
|
||||
- set_fact:
|
||||
fname: "{{local_release_dir}}/containers/{{download.repo|regex_replace('/|\0|:', '_')}}:{{download.tag|default(download.sha256)|regex_replace('/|\0|:', '_')}}.tar"
|
||||
run_once: true
|
||||
when:
|
||||
- download.enabled
|
||||
- download.container
|
||||
- download_run_once
|
||||
tags:
|
||||
- facts
|
||||
|
||||
- name: "container_download | Set default value for 'container_changed' to false"
|
||||
set_fact:
|
||||
container_changed: "{{pull_required|default(false)}}"
|
||||
when:
|
||||
- download.enabled
|
||||
- download.container
|
||||
- download_run_once
|
||||
|
||||
- name: "container_download | Update the 'container_changed' fact"
|
||||
set_fact:
|
||||
container_changed: "{{ pull_required|default(false) or not 'up to date' in pull_task_result.stdout }}"
|
||||
when:
|
||||
- download.enabled
|
||||
- download.container
|
||||
- download_run_once
|
||||
- pull_required|default(download_always_pull)
|
||||
run_once: "{{ download_run_once }}"
|
||||
tags:
|
||||
- facts
|
||||
|
||||
- name: container_download | Stat saved container image
|
||||
stat:
|
||||
path: "{{fname}}"
|
||||
register: img
|
||||
changed_when: false
|
||||
delegate_to: "{{ download_delegate }}"
|
||||
delegate_facts: no
|
||||
become: false
|
||||
run_once: true
|
||||
when:
|
||||
- download.enabled
|
||||
- download.container
|
||||
- download_run_once
|
||||
tags:
|
||||
- facts
|
||||
|
||||
- name: container_download | save container images
|
||||
shell: "{{ docker_bin_dir }}/docker save {{ pull_args }} | gzip -{{ download_compress }} > {{ fname }}"
|
||||
delegate_to: "{{ download_delegate }}"
|
||||
delegate_facts: no
|
||||
register: saved
|
||||
run_once: true
|
||||
when:
|
||||
- download.enabled
|
||||
- download.container
|
||||
- download_run_once
|
||||
- (ansible_os_family not in ["CoreOS", "Container Linux by CoreOS"] or download_delegate == "localhost")
|
||||
- (container_changed or not img.stat.exists)
|
||||
|
||||
- name: container_download | copy container images to ansible host
|
||||
synchronize:
|
||||
src: "{{ fname }}"
|
||||
dest: "{{ fname }}"
|
||||
use_ssh_args: yes
|
||||
mode: pull
|
||||
delegate_to: localhost
|
||||
delegate_facts: no
|
||||
run_once: true
|
||||
become: false
|
||||
when:
|
||||
- download.enabled
|
||||
- download.container
|
||||
- download_run_once
|
||||
- ansible_os_family not in ["CoreOS", "Container Linux by CoreOS"]
|
||||
- inventory_hostname == download_delegate
|
||||
- download_delegate != "localhost"
|
||||
- saved.changed
|
||||
|
||||
- name: container_download | upload container images to nodes
|
||||
synchronize:
|
||||
src: "{{ fname }}"
|
||||
dest: "{{ fname }}"
|
||||
use_ssh_args: yes
|
||||
mode: push
|
||||
delegate_to: localhost
|
||||
delegate_facts: no
|
||||
become: false
|
||||
register: get_task
|
||||
until: get_task|succeeded
|
||||
retries: 4
|
||||
delay: "{{ retry_stagger | random + 3 }}"
|
||||
when:
|
||||
- download.enabled
|
||||
- download.container
|
||||
- download_run_once
|
||||
- (ansible_os_family not in ["CoreOS", "Container Linux by CoreOS"] and
|
||||
inventory_hostname != download_delegate or
|
||||
download_delegate == "localhost")
|
||||
tags:
|
||||
- upload
|
||||
- upgrade
|
||||
|
||||
- name: container_download | load container images
|
||||
shell: "{{ docker_bin_dir }}/docker load < {{ fname }}"
|
||||
when:
|
||||
- download.enabled
|
||||
- download.container
|
||||
- download_run_once
|
||||
- (ansible_os_family not in ["CoreOS", "Container Linux by CoreOS"] and
|
||||
inventory_hostname != download_delegate or download_delegate == "localhost")
|
||||
tags:
|
||||
- upload
|
||||
- upgrade
|
|
@ -4,9 +4,4 @@ dependencies:
|
|||
user: "{{ addusers.etcd }}"
|
||||
when: not (ansible_os_family in ['CoreOS', 'Container Linux by CoreOS'] or is_atomic)
|
||||
|
||||
- role: download
|
||||
file: "{{ downloads.etcd }}"
|
||||
tags:
|
||||
- download
|
||||
|
||||
# NOTE: Dynamic task dependency on Vault Role if cert_management == "vault"
|
||||
|
|
|
@ -1,7 +1,4 @@
|
|||
---
|
||||
dependencies:
|
||||
- role: download
|
||||
file: "{{ downloads.elasticsearch }}"
|
||||
# TODO: bradbeam add in curator
|
||||
# https://github.com/Skillshare/kubernetes-efk/blob/master/configs/elasticsearch.yml#L94
|
||||
# - role: download
|
||||
|
|
|
@ -1,4 +0,0 @@
|
|||
---
|
||||
dependencies:
|
||||
- role: download
|
||||
file: "{{ downloads.fluentd }}"
|
|
@ -1,4 +0,0 @@
|
|||
---
|
||||
dependencies:
|
||||
- role: download
|
||||
file: "{{ downloads.kibana }}"
|
|
@ -1,6 +0,0 @@
|
|||
---
|
||||
dependencies:
|
||||
- role: download
|
||||
file: "{{ downloads.helm }}"
|
||||
- role: download
|
||||
file: "{{ downloads.tiller }}"
|
|
@ -1,4 +0,0 @@
|
|||
---
|
||||
dependencies:
|
||||
- role: download
|
||||
file: "{{ downloads.istioctl }}"
|
|
@ -1,19 +1,5 @@
|
|||
---
|
||||
dependencies:
|
||||
- role: download
|
||||
file: "{{ downloads.netcheck_server }}"
|
||||
when: deploy_netchecker
|
||||
tags:
|
||||
- download
|
||||
- netchecker
|
||||
|
||||
- role: download
|
||||
file: "{{ downloads.netcheck_agent }}"
|
||||
when: deploy_netchecker
|
||||
tags:
|
||||
- download
|
||||
- netchecker
|
||||
|
||||
- role: kubernetes-apps/ansible
|
||||
tags:
|
||||
- apps
|
||||
|
|
|
@ -1,15 +1,5 @@
|
|||
---
|
||||
dependencies:
|
||||
- role: download
|
||||
file: "{{ downloads.calico_policy }}"
|
||||
when:
|
||||
- enable_network_policy
|
||||
- kube_network_plugin in ['calico', 'canal']
|
||||
tags:
|
||||
- download
|
||||
- canal
|
||||
- policy-controller
|
||||
|
||||
- role: policy_controller/calico
|
||||
when:
|
||||
- kube_network_plugin == 'calico'
|
||||
|
|
|
@ -1,7 +0,0 @@
|
|||
---
|
||||
dependencies:
|
||||
- role: download
|
||||
file: "{{ downloads.hyperkube }}"
|
||||
tags:
|
||||
- download
|
||||
- hyperkube
|
|
@ -1,91 +1,6 @@
|
|||
---
|
||||
dependencies:
|
||||
- role: download
|
||||
file: "{{ downloads.hyperkube }}"
|
||||
tags:
|
||||
- download
|
||||
- hyperkube
|
||||
- kubelet
|
||||
- network
|
||||
- canal
|
||||
- calico
|
||||
- weave
|
||||
- kube-controller-manager
|
||||
- kube-scheduler
|
||||
- kube-apiserver
|
||||
- kube-proxy
|
||||
- kubectl
|
||||
|
||||
- role: download
|
||||
file: "{{ downloads.pod_infra }}"
|
||||
tags:
|
||||
- download
|
||||
- kubelet
|
||||
|
||||
- role: download
|
||||
file: "{{ downloads.install_socat }}"
|
||||
when: ansible_os_family in ['CoreOS', 'Container Linux by CoreOS']
|
||||
tags:
|
||||
- download
|
||||
- kubelet
|
||||
|
||||
- role: download
|
||||
file: "{{ downloads.kubeadm }}"
|
||||
when: kubeadm_enabled
|
||||
tags:
|
||||
- download
|
||||
- kubelet
|
||||
- kubeadm
|
||||
|
||||
- role: kubernetes/secrets
|
||||
when: not kubeadm_enabled
|
||||
tags:
|
||||
- k8s-secrets
|
||||
- role: download
|
||||
file: "{{ downloads.nginx }}"
|
||||
tags:
|
||||
- download
|
||||
- nginx
|
||||
|
||||
- role: download
|
||||
file: "{{ downloads.testbox }}"
|
||||
tags:
|
||||
- download
|
||||
|
||||
- role: download
|
||||
file: "{{ downloads.netcheck_server }}"
|
||||
when: deploy_netchecker
|
||||
tags:
|
||||
- download
|
||||
- netchecker
|
||||
|
||||
- role: download
|
||||
file: "{{ downloads.netcheck_agent }}"
|
||||
when: deploy_netchecker
|
||||
tags:
|
||||
- download
|
||||
- netchecker
|
||||
|
||||
- role: download
|
||||
file: "{{ downloads.kubedns }}"
|
||||
tags:
|
||||
- download
|
||||
- dnsmasq
|
||||
|
||||
- role: download
|
||||
file: "{{ downloads.dnsmasq_nanny }}"
|
||||
tags:
|
||||
- download
|
||||
- dnsmasq
|
||||
|
||||
- role: download
|
||||
file: "{{ downloads.dnsmasq_sidecar }}"
|
||||
tags:
|
||||
- download
|
||||
- dnsmasq
|
||||
|
||||
- role: download
|
||||
file: "{{ downloads.kubednsautoscaler }}"
|
||||
tags:
|
||||
- download
|
||||
- dnsmasq
|
||||
|
|
|
@ -132,6 +132,8 @@ kubectl_localhost: false
|
|||
# K8s image pull policy (imagePullPolicy)
|
||||
k8s_image_pull_policy: IfNotPresent
|
||||
efk_enabled: false
|
||||
helm_enabled: false
|
||||
istio_enabled: false
|
||||
enable_network_policy: false
|
||||
|
||||
## When OpenStack is used, Cinder version can be explicitly specified if autodetection fails (https://github.com/kubernetes/kubernetes/issues/50461)
|
||||
|
|
6
roles/kubespray-defaults/meta/main.yml
Normal file
6
roles/kubespray-defaults/meta/main.yml
Normal file
|
@ -0,0 +1,6 @@
|
|||
---
|
||||
dependencies:
|
||||
- role: download
|
||||
skip_downloads: true
|
||||
tags:
|
||||
- facts
|
|
@ -1,21 +0,0 @@
|
|||
---
|
||||
dependencies:
|
||||
- role: download
|
||||
file: "{{ downloads.calico_cni }}"
|
||||
tags:
|
||||
- download
|
||||
|
||||
- role: download
|
||||
file: "{{ downloads.calico_node }}"
|
||||
tags:
|
||||
- download
|
||||
|
||||
- role: download
|
||||
file: "{{ downloads.calicoctl }}"
|
||||
tags:
|
||||
- download
|
||||
|
||||
- role: download
|
||||
file: "{{ downloads.hyperkube }}"
|
||||
tags:
|
||||
- download
|
|
@ -1,7 +0,0 @@
|
|||
---
|
||||
dependencies:
|
||||
- role: etcd
|
||||
- role: docker
|
||||
when: not ansible_os_family in ["CoreOS", "Container Linux by CoreOS"]
|
||||
- role: download
|
||||
file: "{{ downloads.calico_rr }}"
|
|
@ -1,26 +0,0 @@
|
|||
---
|
||||
dependencies:
|
||||
- role: download
|
||||
file: "{{ downloads.flannel }}"
|
||||
tags:
|
||||
- download
|
||||
|
||||
- role: download
|
||||
file: "{{ downloads.calico_node }}"
|
||||
tags:
|
||||
- download
|
||||
|
||||
- role: download
|
||||
file: "{{ downloads.calicoctl }}"
|
||||
tags:
|
||||
- download
|
||||
|
||||
- role: download
|
||||
file: "{{ downloads.calico_cni }}"
|
||||
tags:
|
||||
- download
|
||||
|
||||
- role: download
|
||||
file: "{{ downloads.calico_policy }}"
|
||||
tags:
|
||||
- download
|
|
@ -1,11 +0,0 @@
|
|||
---
|
||||
dependencies:
|
||||
- role: download
|
||||
file: "{{ downloads.flannel }}"
|
||||
tags:
|
||||
- download
|
||||
|
||||
- role: download
|
||||
file: "{{ downloads.flannel_cni }}"
|
||||
tags:
|
||||
- download
|
|
@ -1,11 +0,0 @@
|
|||
---
|
||||
dependencies:
|
||||
- role: download
|
||||
file: "{{ downloads.weave_kube }}"
|
||||
tags:
|
||||
- download
|
||||
|
||||
- role: download
|
||||
file: "{{ downloads.weave_npc }}"
|
||||
tags:
|
||||
- download
|
|
@ -1,10 +1,4 @@
|
|||
---
|
||||
|
||||
dependencies:
|
||||
- role: adduser
|
||||
user: "{{ vault_adduser_vars }}"
|
||||
|
||||
- role: download
|
||||
file: "{{ vault_download_vars }}"
|
||||
tags:
|
||||
- download
|
||||
|
|
Loading…
Reference in a new issue