Commit graph

124 commits

Author SHA1 Message Date
Cristian Calin
2f44b40d68
OEL7: Fix CentOS7 Extras for OEL7 (#8219)
* OEL7: Fix CentOS7 Extras for OEL7

* Molecule: add logs collection for jobs
2021-11-29 13:39:21 -08:00
Florian Ruynat
be9de6b9d9
Fix debian 9 check for apt cache update (#8215) 2021-11-19 09:02:51 -08:00
Łukasz Żułnowski
83e0b786d4
Fix wrong baseurl for centos extra repo for Oracle Linux (#8208) 2021-11-18 23:44:51 -08:00
Omar Aloraini
6aac59394e
Rocky Linux support (#8095)
* Add Rocky as a known OS

* Make sure Rocky includes bootstrap-centos.yml

* Update docs with Rocky Linux

* Rocky Linux wireguard and EPEL

* Rocky Linux in the list of supported distributions
2021-10-19 08:29:04 -07:00
Iago Santos
43958614e3
Fix kubespray flatcar ansible_os_family and ansible_distribution (#8029)
Closes https://github.com/kubernetes-sigs/kubespray/issues/8028

Signed-off-by: Iago Santos <iago.santos.pardo@adfinis.com>
2021-10-01 09:11:23 -07:00
Kenichi Omichi
da92c7e215
Add proxy for subscription-manager (#8012)
If using proxy, it is necessary to configure it before running
"subscription-manager status" command.
This adds the step.
2021-09-27 08:47:35 -07:00
Bryan Hundven
35c928798d
Fix missing file mode (risky-file-permissions) (#7959)
* Fix missing file mode (risky-file-permissions)

Found this using ansible-lint.

Signed-off-by: Bryan Hundven <bryanhundven@gmail.com>

* Fix another missing file mode (risky-file-permissions)

This one fixes `/etc/crio/config.json`

Signed-off-by: Bryan Hundven <bryanhundven@gmail.com>
2021-09-09 23:35:59 -07:00
rtsp
79166496f3
debian: Fix test failed after bullseye release (#7888) 2021-08-19 15:37:24 -07:00
Florian Ruynat
0ef7af76bc Fixup label for oracle linux bootstrap 2021-07-20 01:29:31 -07:00
spaced
c2cf0d9945
add containerd on fedora CoreOS (#7794)
* set selinux type t_etc if selinux state is enforcing

* workaround with update repo is no longer needed
remove comments about failing playbook

* grubby is not available in distros using ostree

* remove docker support because removed in fcos
update install script example with live rootfs

* do not call grubby on ostree based distro

* update docs enabling containerd on fedora coreos
2021-07-15 00:00:48 -07:00
Cristian Calin
7516fe142f
Move to Ansible 3.4.0 (#7672)
* Ansible: move to Ansible 3.4.0 which uses ansible-base 2.10.10

* Docs: add a note about ansible upgrade post 2.9.x

* CI: ensure ansible is removed before ansible 3.x is installed to avoid pip failures

* Ansible: use newer ansible-lint

* Fix ansible-lint 5.0.11 found issues

* syntax issues
* risky-file-permissions
* var-naming
* role-name
* molecule tests

* Mitogen: use 0.3.0rc1 which adds support for ansible 2.10+

* Pin ansible-base to 2.10.11 to get package fix on RHEL8
2021-07-12 00:00:47 -07:00
Florian Ruynat
d1388d69d0
Fix tests following python change (#7775)
* Fix ansible detection for python3 and ubuntu

* Fix oracle missing centos-extras repo for containerd/docker dependencies
2021-07-08 18:52:53 -07:00
Cristian Calin
a2cf6816ce
Calico wireguard (#7638)
* Calico: add Wireguard support

* CI: Add Calico Wireguard scenario
2021-06-25 03:22:45 -07:00
Florian Ruynat
bcf695913f
Fix Oracle yum disabled repository file after EPEL install (#7639) 2021-05-25 08:30:23 -07:00
Cristian Calin
73db44b00c
Initial AlmaLinux support (#7538)
* AlmaLinux: ansible>2.9.19 is needed to know about AlmaLinux

* AlmaLinux: identify as a centos derrivative

* AlmaLinux: add AlmaLinux to checks for CentOS

* Use ansible_os_family to compare family and not distribution
2021-04-22 23:50:03 -07:00
Terry
f72063e7c2
Remove DNSSEC config management in bootstrap-debian.yml (#7408)
DNSSEC is off by default on ubuntu/bionic64 (18.04) as per resolved.conf(5).
These tasks are artefacts of obsolete infra configuration, and no longer needed.

Further removing these tasks resolves the issue that the tasks always reports
'changed' and bounces systemd-resolved unneccesarily, even if there was no
actual modification of /etc/systemd/resolved.conf.
2021-03-29 00:00:45 -07:00
Etienne Champetier
95b329b64d
bootstrap-os: match on os-release ID / VARIANT_ID (#7269)
This fixes deployment with CentOS 8 Streams and make detection more reliable

Signed-off-by: Etienne Champetier <e.champetier@ateme.com>
2021-02-11 08:14:16 -08:00
Etienne Champetier
de1d9df787
Only use stat get_checksum: yes when needed (#7270)
By default Ansible stat module compute checksum, list extended attributes and find mime type
To find all stat invocations that really use one of those:
git grep -F stat. | grep -vE 'stat.(islnk|exists|lnk_source|writeable)'

Signed-off-by: Etienne Champetier <e.champetier@ateme.com>
2021-02-10 05:36:59 -08:00
Vyacheslav
e3ab665e90
Update main.yml (#7267)
````
TASK [bootstrap-os : Enable RHEL 8 repos] ***************************************************************************************************************************************************************************************************
fatal: [node6]: FAILED! => {"changed": false, "msg": "This system has no repositories available through subscriptions"}
fatal: [node7]: FAILED! => {"changed": false, "msg": "This system has no repositories available through subscriptions"}
fatal: [node1]: FAILED! => {"changed": false, "msg": "This system has no repositories available through subscriptions"}


root@node1:/kubespray# cat /etc/os-release
NAME="Ubuntu"
VERSION="18.04.5 LTS (Bionic Beaver)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 18.04.5 LTS"
VERSION_ID="18.04"
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
VERSION_CODENAME=bionic
UBUNTU_CODENAME=bionic
root@node1:/kubespray#
```
2021-02-08 10:25:37 -08:00
Sander Cornelissen
b70d986bfa
Ensure when use_oracle_public_repo is set to false the public Oracle Linux yum repos are not set (#7228) 2021-01-29 03:59:41 -08:00
Etienne Champetier
8f2b0772f9
containerd,docker: stop installing extras repo on CentOS/RHEL (#7203)
This was introduced in 143e2272ff
Extra repo is enabled by default in CentOS, and is not the right repo for EL8
Instead of adding a CentOS repo to RHEL, enable the needed RHEL repos with rhsm_repository

For RHEL 7, we need the "extras" repo for container-selinux
For RHEL 8, we need the "appstream" repo for container-selinux, ipvsadm and socat

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
2021-01-25 03:12:54 -08:00
Etienne Champetier
a790935d02
Only setup *_PROXY env variables where needed (#7095)
no_proxy is a pain to get right, and having proxy variables present causes issues
(k8s components get proxy configuration after upgrade, see #7100)

It's better to only configure what require proxy:
- the runtime (containerd/docker/crio)
- the package manager + apt_key
- the download tasks

Tested with the following clusters
- 4 CentOS 8 nodes
- 1 Ubuntu 20.04 node

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
2021-01-11 07:21:08 -08:00
Etienne Champetier
ab2bfd7f8c
Proxy small fixes (#7102)
* Improve how we set 'proxy=' in yum.conf or dnf.conf

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>

* Fixup spaces in no_proxy

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>

* Add svc,svc.{{ dns_domain }} to no_proxy

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
2021-01-07 10:50:53 -08:00
flix444
308ceee46c
Valuating conditional (need_https_proxy.rc != 0) fail if http_proxy set and skip_http_proxy_on_os_packages is true (#7078)
* Remove because of empty need_http_proxy.rc if http/https_proxy and skip_http_proxy_on_os_packages=true is set

* Modify sample for debian and centos skip_http_proxy

* Modify sample for debian and centos skip_http_proxy
2021-01-05 18:49:51 -08:00
marcosfsch
9db4b949f2
Fedora CoreOS fixes (#7010)
* Fedora CoreOS: Fix for ethtool pre-installed

Fix error in rpm-ostree when ethtool is already insatlled (FCOS >= 32.20201104.3.0)

* Fedora CoreOS: Fix connection lost

Fedora CoreOS: Ignore connection lost due to reboot and continues the playbook
2020-12-23 00:22:25 -08:00
Barry Melbourne
eb16986f32
Add RHEL support subscription registration (#6572) 2020-11-24 08:33:00 -08:00
wand3r3r
f323d70c0f
Adding option to disable globally applying a proxy to etc/yum.conf (#6828)
* Adding option to disable gloablly applying a proxy to etc/yum.conf

* Change made to proxy_yum_globaly basedon reviewer feedback

* fix trailing spaces in ymllint
2020-10-20 23:22:19 -07:00
Florian Ruynat
8e3915f5bf
Set ansible_python_interpreter to python3 on debian (fix error with mitogen) (#6633) 2020-09-08 15:37:52 -07:00
spaced
2de6a5676d
Fedora coreos networkmanager global dns and bootstrapping fix (#6577)
* remove podman cni plugin

* configure networkamanger global dns

* allow installation of python3-libselinux by disabling update repo temporary

* remove ipv4 section because it is not a valid configuration
2020-09-07 02:27:41 -07:00
Florian Ruynat
d97e9b9e50
Fix oracle linux repo (#6627) 2020-09-07 01:15:41 -07:00
Barry Melbourne
058438a25d
Remove support for CoreOS Container Linux (#6576) 2020-08-28 02:28:53 -07:00
Maxime Guyot
c6588856c7
Add Ubuntu 20.04 support and use Python 3 (#6157) 2020-06-16 13:04:05 -07:00
marcosfsch
8dc01df60b
Oracle Linux 8 support and fixes (#6198)
* Add oraclelinux8 and disable firewalld

Add oraclelinux8 image and disable firewalld on oraclelinux VMs

* Fix Oracle Linux repositories

As documented in: http://yum.oracle.com/getting-started.html#installing-software-from-oracle-linux-yum-server
public-yum-ol7.repo was deprecated on release 7.6. Some repos were integrated into oracle-linux-ol7.repo (i.e.: ol7_latest, ol7_addons) and other are available as packages (epel). This also adds support for oraclelinux8

* Fix to use ansible_distribution_version

Instead of ansible_distribution_major_version

* Update README.md
2020-06-12 01:59:56 -07:00
Danilo Riecken P. de Morais
50204d9551
Add rpm-ostree cleanup task (#5986) 2020-06-09 02:49:17 -07:00
Maxime Guyot
3134dd4c0d
Drop support for Fedora 28 and add Fedora 30 and 31 (#5969) 2020-04-18 06:35:36 -07:00
Victor Morales
7930f6fa0a
Ensure /etc/sysconfig/proxy for openSUSE bootstrap (#5445)
The playbook that bootstrap openSUSE servers assumes that the
/etc/sysconfig/proxy file exists but the execution fails when
these file is not present. This change guarantees its existence.
2020-04-17 14:23:35 -07:00
aharrisson
9cce46ea8c
Fix idempotence issue in bootstrap-os (#5916) 2020-04-09 03:31:44 -07:00
Denis Kadyshev
7d1ab3374e
Proxy fixes (#5869)
* Fix proxy and module_hotfixes

On CentOS 8 with proxy ansible render inline `proxy` and `module_hotfixes` options.

For example:

`proxy=http://127.0.0.1:3128module_hotfixes=True`

But expected result:

```
proxy=http://127.0.0.1:3128
module_hotfixes=True
```

* Use ini_file module for work with ini files

* Prevent duplicates proxy= option in /etc/yum.conf

Module `lineinfile` is weak, use most powerful module `ini_file` and add or remove `proxy=` when `http_proxy` is defined or not.
2020-04-09 01:25:44 -07:00
Maxime Guyot
7eaa7c957a
Fix conntrack for opensuse and docker support (#5880) 2020-04-08 07:37:44 -07:00
spaced
8ce5a9dd19
remove atomic support because reached end of live (#5783) 2020-03-17 14:31:27 -07:00
spaced
876d4de6be
Fedora CoreOS support (#5657)
* fedora coreos support
- bootstrap and new fact for

* fedora coreos support
- fix bootstrap condition

* fedora coreos support
- allow customize packages for fedora coreos bootstrap

* fedora coreos support
- prevent install ptyhon3 and epel via dnf for fedora coreos

* fedora coreos support
- handle all ostree like os in same way

* fedora coreos support
- handle all ostree like os in same way for crio

* fedora coreos support
- add fcos documentations
2020-03-17 03:12:21 -07:00
Sander Cornelissen
f5417032bf
Merge OracleLinux in RedHat bootstrap-os (#5575)
* Merge OracleLinux in RedHat bootstrap-os

* Set default for use_oracle_public_repo in main.yaml
2020-03-14 06:28:34 -07:00
dymq
e0b76b185a
Failover for adding proxy when line exists in file (#5751)
The 'regexp' parameter matches last occurrence of a line starting with 'proxy=' and replaces it with the one defined in 'line' parameter. If no match - it works same way as before. This fixes resuming cluster deployments failed after that task (if there was no more than one line starting with 'proxy' in the yum.conf file - this condition should also be reassured with the change introduced here) eg. if they were initiated with Terraform.
2020-03-12 15:08:39 -07:00
Sylvain Chateau
0ca7aa126b
added "Flatcar", "Flatcar Container Linux by Kinvolk" for all coreOS role (#5607) 2020-02-18 00:15:29 -08:00
Etienne Champetier
42702dc1a3 Fixes for CentOS 8 (#5213)
* Fix python3-libselinux installation for RHEL/CentOS 8

In bootstrap-centos.yml we haven't gathered the facts,
so #5127 couldn't work

Minimum ansible version to run kubespray is 2.7.8,
so ansible_distribution_major_version is defined an there is no need to default it

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>

* Restart NetworkManager for RHEL/CentOS 8

network.service doesn't exist anymore
 # systemctl status network
 Unit network.service could not be found.

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>

* Add module_hotfixes=True to docker / containerd yum repo config

https://bugzilla.redhat.com/show_bug.cgi?id=1734081
https://bugzilla.redhat.com/show_bug.cgi?id=1756473
Without this setting you end up with the following error:
 # yum install docker-ce
 Failed to set locale, defaulting to C
 Last metadata expiration check: 0:03:21 ago on Thu Sep 26 22:00:05 2019.
 Error:
  Problem: package docker-ce-3:19.03.2-3.el7.x86_64 requires containerd.io >= 1.2.2-3, but none of the providers can be installed
   - cannot install the best candidate for the job
   - package containerd.io-1.2.2-3.3.el7.x86_64 is excluded
   - package containerd.io-1.2.2-3.el7.x86_64 is excluded
   - package containerd.io-1.2.4-3.1.el7.x86_64 is excluded
   - package containerd.io-1.2.5-3.1.el7.x86_64 is excluded
   - package containerd.io-1.2.6-3.3.el7.x86_64 is excluded
 (try to add '--skip-broken' to skip uninstallable packages or '--nobest' to use not only best candidate packages)

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
2019-12-09 01:37:10 -08:00
Richard Arends
4d95bb1421 Use python3-libselinux on RHEL8/Centos8 (#5127)
* Use python3-libselinux on RHEL8/Centos8

* The fact ansible_facts.distribution_major_version is not present on older Ansible version.
Default it to 0 in when not present and use libselinux-python as package to get current
default behaviour.
2019-08-28 02:33:15 -07:00
ewtang
3bc4b4c174 Use raw module for bootstrap-debian.yml (#5061)
Updated Openstack to terraform 0.12 (#5062)

* update openstack to terraform 0.12(.5)

* replace cluter.tf with cluster.tfvars

* update README.md to terraform 0.12

* update Openstack CI tests to use terraform 0.12

* specify terraform version in openstack README

* gitlab CI to copy cluster.tfvars in case of openstack provider

* The terraform/openstack dynamic inventory can read
tfstate v4 (generated by terraform 0.12) and convert them internally
ro v3 (as generated by terraform 0.11.x).

Additionally the script has been updated to Python 3.
2019-08-22 01:46:31 -07:00
Mark Janssen
f3df0d5f4a Always create bash_completion.d folder (#5039) 2019-08-04 18:15:48 -07:00
Vincent Link
5826f0810c Check all apt config files for configured proxies (#4972) 2019-07-16 01:41:24 -07:00
Jeff Bornemann
728155a2a1 Support for Oracle Linux (#3655)
Fixed Issue #1032

test case for OEL7 AIL with kubeadm

Add packet CI stuff for oracle 7
2019-07-11 23:17:05 -07:00