first version of CoreOS on GCE

Please enter the commit message for your changes. Lines starting
This commit is contained in:
Smana 2016-02-19 18:48:53 +01:00
parent ec64eda2bc
commit fca384e24c
25 changed files with 19127 additions and 17523 deletions

View file

@ -13,6 +13,7 @@ Linux distributions tested:
* **Ubuntu** 14.10, 15.04, 15.10 * **Ubuntu** 14.10, 15.04, 15.10
* **Fedora** 23 * **Fedora** 23
* **CentOS/RHEL** 7 * **CentOS/RHEL** 7
* **CoreOS**
### Requirements ### Requirements
* The target servers must have **access to the Internet** in order to pull docker imaqes. * The target servers must have **access to the Internet** in order to pull docker imaqes.
@ -68,6 +69,18 @@ You can jump directly to "*Available apps, installation procedure*"
Ansible Ansible
------------------------- -------------------------
### Coreos bootstrap
Before running the cluster playbook you must satisfy the following requirements:
* On each CoreOS nodes a writable directory **/opt/bin** (~400M disk space)
* Uncomment the variable **ansible_python_interpreter** in the file `inventory/group_vars/all.yml`
* run the Python bootstrap playbook
```
ansible-playbook -u smana -e ansible_ssh_user=smana -b --become-user=root -i inventory/inventory.cfg coreos-bootstrap.yml
```
Then you can proceed to cluster deployment
### Variables ### Variables
The main variables to change are located in the directory ```inventory/group_vars/all.yml```. The main variables to change are located in the directory ```inventory/group_vars/all.yml```.
@ -179,7 +192,6 @@ For the master nodes you'll have to see the docker logs for the apiserver
docker logs [apiserver docker id] docker logs [apiserver docker id]
``` ```
### Available apps, installation procedure ### Available apps, installation procedure
There are two ways of installing new apps There are two ways of installing new apps

View file

@ -5,7 +5,7 @@
- { role: download, tags: download } - { role: download, tags: download }
- { role: kubernetes/preinstall, tags: preinstall } - { role: kubernetes/preinstall, tags: preinstall }
- { role: etcd, tags: etcd } - { role: etcd, tags: etcd }
- { role: docker, tags: docker } - { role: docker, tags: docker, when: ansible_os_family != "CoreOS" }
- { role: kubernetes/node, tags: node } - { role: kubernetes/node, tags: node }
- { role: network_plugin, tags: network } - { role: network_plugin, tags: network }
- { role: dnsmasq, tags: dnsmasq } - { role: dnsmasq, tags: dnsmasq }

5
coreos-bootstrap.yml Normal file
View file

@ -0,0 +1,5 @@
---
- hosts: k8s-cluster
gather_facts: False
roles:
- coreos-bootstrap

View file

@ -5,6 +5,10 @@ bin_dir: /usr/local/bin
# Note: ensure that you've enough disk space (about 1G) # Note: ensure that you've enough disk space (about 1G)
local_release_dir: "/tmp/releases" local_release_dir: "/tmp/releases"
# Uncomment this line for CoreOS only.
# Directory where python binary is installed
# ansible_python_interpreter: "/opt/bin/python"
# This is the group that the cert creation scripts chgrp the # This is the group that the cert creation scripts chgrp the
# cert files to. Not really changable... # cert files to. Not really changable...
kube_cert_group: kube-cert kube_cert_group: kube-cert

View file

@ -1,3 +1,18 @@
---
- name: gather os specific variables
include_vars: "{{ item }}"
with_first_found:
- files:
- "{{ ansible_distribution|lower }}-{{ ansible_distribution_version|lower|replace('/', '_') }}.yml"
- "{{ ansible_distribution|lower }}-{{ ansible_distribution_release }}.yml"
- "{{ ansible_distribution|lower }}-{{ ansible_distribution_major_version|lower|replace('/', '_') }}.yml"
- "{{ ansible_distribution|lower }}.yml"
- "{{ ansible_os_family|lower }}.yml"
- defaults.yml
paths:
- ../vars
skip: true
- name: User | Create User Group - name: User | Create User Group
group: name={{item.group|default(item.name)}} system={{item.system|default(omit)}} group: name={{item.group|default(item.name)}} system={{item.system|default(omit)}}
with_items: addusers with_items: addusers

View file

@ -0,0 +1,8 @@
---
addusers:
- name: kube
comment: "Kubernetes user"
shell: /sbin/nologin
system: yes
group: "{{ kube_cert_group }}"
createhome: no

View file

@ -0,0 +1,15 @@
---
addusers:
- name: etcd
comment: "Etcd user"
createhome: yes
home: "/var/lib/etcd"
system: yes
shell: /bin/nologin
- name: kube
comment: "Kubernetes user"
shell: /sbin/nologin
system: yes
group: "{{ kube_cert_group }}"
createhome: no

View file

@ -0,0 +1,4 @@
---
pypy_version: 2.4.0
pip_python_modules:
- httplib2

View file

@ -1,7 +1,7 @@
#/bin/bash #/bin/bash
set -e set -e
BINDIR="/usr/local/bin" BINDIR="/opt/bin"
cd $BINDIR cd $BINDIR

File diff suppressed because it is too large Load diff

View file

@ -1,3 +1,3 @@
#!/bin/bash #!/bin/bash
BINDIR="/usr/local/bin" BINDIR="/opt/bin"
LD_LIBRARY_PATH=$BINDIR/pypy/lib:$LD_LIBRARY_PATH $BINDIR/pypy/bin/$(basename $0) $@ LD_LIBRARY_PATH=$BINDIR/pypy/lib:$LD_LIBRARY_PATH $BINDIR/pypy/bin/$(basename $0) $@

View file

@ -1,41 +1,40 @@
--- ---
- name: Python | Check if bootstrap is needed - name: Bootstrap | Check if bootstrap is needed
raw: stat {{ bin_dir}}/.bootstrapped raw: stat /opt/bin/.bootstrapped
register: need_bootstrap register: need_bootstrap
ignore_errors: True ignore_errors: True
- name: Python | Run bootstrap.sh - name: Bootstrap | Run bootstrap.sh
script: bootstrap.sh script: bootstrap.sh
when: need_bootstrap | failed when: need_bootstrap | failed
- set_fact: - set_fact:
ansible_python_interpreter: "{{ bin_dir }}/python" ansible_python_interpreter: "/opt/bin/python"
- name: Python | Check if we need to install pip - name: Bootstrap | Check if we need to install pip
shell: "{{ansible_python_interpreter}} -m pip --version" shell: "{{ansible_python_interpreter}} -m pip --version"
register: need_pip register: need_pip
ignore_errors: True ignore_errors: True
changed_when: false changed_when: false
when: need_bootstrap | failed when: need_bootstrap | failed
- name: Python | Copy get-pip.py - name: Bootstrap | Copy get-pip.py
copy: src=get-pip.py dest=~/get-pip.py copy: src=get-pip.py dest=~/get-pip.py
when: need_pip | failed when: need_pip | failed
- name: Python | Install pip - name: Bootstrap | Install pip
shell: "{{ansible_python_interpreter}} ~/get-pip.py" shell: "{{ansible_python_interpreter}} ~/get-pip.py"
when: need_pip | failed when: need_pip | failed
- name: Python | Remove get-pip.py - name: Bootstrap | Remove get-pip.py
file: path=~/get-pip.py state=absent file: path=~/get-pip.py state=absent
when: need_pip | failed when: need_pip | failed
- name: Python | Install pip launcher - name: Bootstrap | Install pip launcher
copy: src=runner dest={{ bin_dir }}/pip mode=0755 copy: src=runner dest=/opt/bin/pip mode=0755
when: need_pip | failed when: need_pip | failed
- name: Install required python modules - name: Install required python modules
pip: pip:
name: "{{ item }}" name: "{{ item }}"
with_items: pip_python_modules with_items: pip_python_modules

View file

@ -0,0 +1,2 @@
#!/bin/bash
LD_LIBRARY_PATH={{ pypy_install_path }}/lib:$LD_LIBRARY_PATH exec {{ pypy_install_path }}/bin/{{ item.src }} "$@"

View file

@ -11,6 +11,7 @@
- defaults.yml - defaults.yml
paths: paths:
- ../vars - ../vars
skip: true
- name: check for minimum kernel version - name: check for minimum kernel version
fail: fail:

View file

@ -2,7 +2,7 @@
- name: Configure | Copy etcd.service systemd file - name: Configure | Copy etcd.service systemd file
template: template:
src: etcd.service.j2 src: etcd.service.j2
dest: /lib/systemd/system/etcd.service dest: /etc/systemd/system/etcd.service
backup: yes backup: yes
when: ansible_service_mgr == "systemd" when: ansible_service_mgr == "systemd"
notify: restart etcd notify: restart etcd

View file

@ -3,6 +3,7 @@
copy: copy:
src: kubectl_bash_completion.sh src: kubectl_bash_completion.sh
dest: /etc/bash_completion.d/kubectl.sh dest: /etc/bash_completion.d/kubectl.sh
when: ansible_os_family in ["Debian","RedHat"]
- name: Copy kube-apiserver binary - name: Copy kube-apiserver binary
command: rsync -piu "{{ local_release_dir }}/kubernetes/bin/kube-apiserver" "{{ bin_dir }}/kube-apiserver" command: rsync -piu "{{ local_release_dir }}/kubernetes/bin/kube-apiserver" "{{ bin_dir }}/kube-apiserver"

View file

@ -18,12 +18,3 @@
command: rsync -piu "{{ local_release_dir }}/kubernetes/bin/kubelet" "{{ bin_dir }}/kubelet" command: rsync -piu "{{ local_release_dir }}/kubernetes/bin/kubelet" "{{ bin_dir }}/kubelet"
register: kubelet_copy register: kubelet_copy
changed_when: false changed_when: false
- name: install | Calico-plugin | Directory
file: path=/usr/libexec/kubernetes/kubelet-plugins/net/exec/calico/ state=directory
when: kube_network_plugin == "calico"
- name: install | Calico-plugin | Binary
command: rsync -piu "{{ local_release_dir }}/calico/bin/calico" "/usr/libexec/kubernetes/kubelet-plugins/net/exec/calico/calico"
when: kube_network_plugin == "calico"
changed_when: false

View file

@ -8,5 +8,3 @@ common_required_pkgs:
- rsync - rsync
- bash-completion - bash-completion
pypy_version: 2.4.0
python_pypy_url: "https://bitbucket.org/pypy/pypy/downloads/pypy-{{ pypy_version }}.tar.bz2"

File diff suppressed because it is too large Load diff

View file

@ -14,6 +14,12 @@
- defaults.yml - defaults.yml
paths: paths:
- ../vars - ../vars
skip: true
- name: Force binaries directory for CoreOS
set_fact:
bin_dir: "/opt/bin"
when: ansible_os_family == "CoreOS"
- name: Create kubernetes config directory - name: Create kubernetes config directory
file: file:
@ -85,8 +91,8 @@
module: "{{ ansible_pkg_mgr }}" module: "{{ ansible_pkg_mgr }}"
name: "{{ item }}" name: "{{ item }}"
state: latest state: latest
with_items: "{{required_pkgs | union(common_required_pkgs)}}" with_items: "{{required_pkgs | default([]) | union(common_required_pkgs|default([]))}}"
when: ansible_os_family in [ "Debian", "RedHat" ] when: ansible_os_family != "CoreOS"
# Todo : selinux configuration # Todo : selinux configuration
- name: Set selinux policy to permissive - name: Set selinux policy to permissive
@ -95,6 +101,3 @@
changed_when: False changed_when: False
- include: etchosts.yml - include: etchosts.yml
- include: python-bootstrap.yml
when: ansible_os_family not in [ "Debian", "RedHat" ]

View file

@ -8,13 +8,14 @@
mode: 0644 mode: 0644
notify: notify:
- restart docker - restart docker
when: ansible_os_family != "CoreOS"
- name: Calico | Write docker.service systemd file - name: Calico | Write docker.service systemd file
template: template:
src: systemd-docker.service src: systemd-docker.service
dest: /lib/systemd/system/docker.service dest: /lib/systemd/system/docker.service
notify: restart docker notify: restart docker
when: ansible_service_mgr == "systemd" when: ansible_service_mgr == "systemd" and ansible_os_family != "CoreOS"
- meta: flush_handlers - meta: flush_handlers
@ -34,12 +35,6 @@
- name: Calico | install calicoctl - name: Calico | install calicoctl
file: path={{ bin_dir }}/calicoctl mode=0755 state=file file: path={{ bin_dir }}/calicoctl mode=0755 state=file
- name: Calico | Create calicoctl symlink (needed by kubelet)
file:
src: /usr/local/bin/calicoctl
dest: /usr/bin/calicoctl
state: link
- name: Calico | wait for etcd - name: Calico | wait for etcd
wait_for: wait_for:
port: 2379 port: 2379
@ -54,12 +49,12 @@
run_once: true run_once: true
- name: Calico | Configure calico network pool for cloud - name: Calico | Configure calico network pool for cloud
command: "calicoctl pool add {{ kube_pods_subnet }} --ipip --nat-outgoing" command: "{{ bin_dir }}/calicoctl pool add {{ kube_pods_subnet }} --ipip --nat-outgoing"
run_once: true run_once: true
when: calico_conf.status == 404 and cloud_provider is defined and cloud_provider == True when: calico_conf.status == 404 and cloud_provider is defined and cloud_provider == True
- name: Calico | Configure calico network pool - name: Calico | Configure calico network pool
command: "calicoctl pool add {{ kube_pods_subnet }}" command: "{{ bin_dir }}/calicoctl pool add {{ kube_pods_subnet }}"
run_once: true run_once: true
when: calico_conf.status == 404 and (cloud_provider is not defined or cloud_provider != True) when: calico_conf.status == 404 and (cloud_provider is not defined or cloud_provider != True)
@ -112,13 +107,13 @@
when: calico_copy.stdout_lines when: calico_copy.stdout_lines
- name: Calico | Disable node mesh - name: Calico | Disable node mesh
shell: calicoctl bgp node-mesh off shell: "{{ bin_dir }}/calicoctl bgp node-mesh off"
environment: environment:
ETCD_AUTHORITY: "127.0.0.1:2379" ETCD_AUTHORITY: "127.0.0.1:2379"
when: peer_with_router|default(false) and inventory_hostname in groups['kube-node'] when: peer_with_router|default(false) and inventory_hostname in groups['kube-node']
- name: Calico | Configure peering with router(s) - name: Calico | Configure peering with router(s)
shell: calicoctl node bgp peer add {{ item.router_id }} as {{ item.as }} shell: "{{ bin_dir }}/calicoctl node bgp peer add {{ item.router_id }} as {{ item.as }}"
environment: environment:
ETCD_AUTHORITY: "127.0.0.1:2379" ETCD_AUTHORITY: "127.0.0.1:2379"
with_items: peers with_items: peers

View file

@ -4,7 +4,6 @@
src: network.json src: network.json
dest: /etc/flannel-network.json dest: /etc/flannel-network.json
backup: yes backup: yes
- name: Flannel | Create flannel pod manifest - name: Flannel | Create flannel pod manifest
template: template:
src: flannel-pod.yml src: flannel-pod.yml
@ -15,6 +14,7 @@
wait_for: wait_for:
path: /run/flannel/subnet.env path: /run/flannel/subnet.env
delay: 5 delay: 5
timeout: 600
- name: Flannel | Get flannel_subnet from subnet.env - name: Flannel | Get flannel_subnet from subnet.env
shell: cat /run/flannel/subnet.env | awk -F'=' '$1 == "FLANNEL_SUBNET" {print $2}' shell: cat /run/flannel/subnet.env | awk -F'=' '$1 == "FLANNEL_SUBNET" {print $2}'
@ -42,11 +42,18 @@
notify: notify:
- restart docker - restart docker
- name: Flannel | Create docker config symlink for CoreOS
file:
src: "/etc/default/docker"
dest: "/run/flannel_docker_opts.env"
state: link
when: ansible_os_family == "CoreOS"
- name: Flannel | Write docker.service systemd file - name: Flannel | Write docker.service systemd file
template: template:
src: systemd-docker.service src: systemd-docker.service
dest: /lib/systemd/system/docker.service dest: /lib/systemd/system/docker.service
notify: restart docker notify: restart docker
when: ansible_service_mgr == "systemd" when: ansible_service_mgr == "systemd" and ansible_os_family != "CoreOS"
- meta: flush_handlers - meta: flush_handlers

View file

@ -1,5 +1,6 @@
# Deployed by Ansible # Deployed by Ansible
{% if ansible_service_mgr in ["sysvinit","upstart"] and kube_network_plugin == "flannel" and ansible_os_family == "Debian" %} {% if (ansible_service_mgr in ["sysvinit","upstart"] and kube_network_plugin == "flannel" and ansible_os_family == "Debian") or
(kube_network_plugin == "flannel" and ansible_os_family == "CoreOS") %}
DOCKER_OPTS="--bip={{ flannel_subnet }} --mtu={{ flannel_mtu }}" DOCKER_OPTS="--bip={{ flannel_subnet }} --mtu={{ flannel_mtu }}"
{% elif kube_network_plugin == "flannel" %} {% elif kube_network_plugin == "flannel" %}
OPTIONS="--bip={{ flannel_subnet }} --mtu={{ flannel_mtu }}" OPTIONS="--bip={{ flannel_subnet }} --mtu={{ flannel_mtu }}"

View file

@ -14,7 +14,7 @@
src: systemd-docker.service src: systemd-docker.service
dest: /lib/systemd/system/docker.service dest: /lib/systemd/system/docker.service
notify: restart docker notify: restart docker
when: ansible_service_mgr == "systemd" when: ansible_service_mgr == "systemd" and ansible_os_family != "CoreOS"
- meta: flush_handlers - meta: flush_handlers