--- - import_tasks: verify-settings.yml tags: - asserts - name: Force binaries directory for Container Linux by CoreOS set_fact: bin_dir: "/opt/bin" when: ansible_os_family in ["CoreOS", "Container Linux by CoreOS"] tags: - facts - name: check bin dir exists file: path: "{{bin_dir}}" state: directory owner: root become: true tags: - bootstrap-os - import_tasks: set_facts.yml tags: - facts - name: gather os specific variables include_vars: "{{ item }}" with_first_found: - files: - "{{ ansible_distribution|lower }}-{{ ansible_distribution_version|lower|replace('/', '_') }}.yml" - "{{ ansible_distribution|lower }}-{{ ansible_distribution_release }}.yml" - "{{ ansible_distribution|lower }}-{{ ansible_distribution_major_version|lower|replace('/', '_') }}.yml" - "{{ ansible_distribution|lower }}.yml" - "{{ ansible_os_family|lower }}.yml" - defaults.yml paths: - ../vars skip: true tags: - facts - name: Create kubernetes directories file: path: "{{ item }}" state: directory owner: kube when: inventory_hostname in groups['k8s-cluster'] tags: - kubelet - k8s-secrets - kube-controller-manager - kube-apiserver - bootstrap-os - apps - network - master - node with_items: - "{{ kube_config_dir }}" - "{{ kube_config_dir }}/ssl" - "{{ kube_manifest_dir }}" - "{{ kube_script_dir }}" - "{{ local_volume_base_dir }}" - name: check cloud_provider value fail: msg: "If set the 'cloud_provider' var must be set either to 'generic', 'gce', 'aws', 'azure', 'openstack', 'vsphere', or external" when: - cloud_provider is defined - cloud_provider not in ['generic', 'gce', 'aws', 'azure', 'openstack', 'vsphere', 'external'] tags: - cloud-provider - facts - include_tasks: "{{ cloud_provider }}-credential-check.yml" when: - cloud_provider is defined - cloud_provider in [ 'openstack', 'azure', 'vsphere' ] tags: - cloud-provider - facts - name: Create cni directories file: path: "{{ item }}" state: directory owner: kube with_items: - "/etc/cni/net.d" - "/opt/cni/bin" when: - kube_network_plugin in ["calico", "weave", "canal", "flannel", "contiv", "cilium"] - inventory_hostname in groups['k8s-cluster'] tags: - network - cilium - calico - weave - canal - contiv - bootstrap-os - import_tasks: resolvconf.yml when: - dns_mode != 'none' - resolvconf_mode == 'host_resolvconf' tags: - bootstrap-os - resolvconf - name: Update package management cache (YUM) yum: update_cache: yes name: '*' register: yum_task_result until: yum_task_result|succeeded retries: 4 delay: "{{ retry_stagger | random + 3 }}" when: - ansible_pkg_mgr == 'yum' - ansible_distribution != 'RedHat' - not is_atomic tags: bootstrap-os - name: Expire management cache (YUM) for Updation - Redhat shell: yum clean expire-cache register: expire_cache_output until: expire_cache_output|succeeded retries: 4 delay: "{{ retry_stagger | random + 3 }}" when: - ansible_pkg_mgr == 'yum' - ansible_distribution == 'RedHat' - not is_atomic tags: bootstrap-os - name: Update package management cache (YUM) - Redhat shell: yum makecache register: make_cache_output until: make_cache_output|succeeded retries: 4 delay: "{{ retry_stagger | random + 3 }}" when: - ansible_pkg_mgr == 'yum' - ansible_distribution == 'RedHat' - expire_cache_output.rc == 0 - not is_atomic tags: bootstrap-os - name: Update package management cache (APT) apt: update_cache: yes cache_valid_time: 3600 when: ansible_os_family == "Debian" tags: - bootstrap-os - name: Install python-dnf for latest RedHat versions command: dnf install -y python-dnf yum register: dnf_task_result until: dnf_task_result|succeeded retries: 4 delay: "{{ retry_stagger | random + 3 }}" when: - ansible_distribution == "Fedora" - ansible_distribution_major_version > 21 - not is_atomic changed_when: False tags: - bootstrap-os - name: Install epel-release on RedHat/CentOS yum: name: epel-release state: present when: - ansible_distribution in ["CentOS","RedHat"] - not is_atomic - epel_enabled|bool tags: - bootstrap-os - name: Install packages requirements action: module: "{{ ansible_pkg_mgr }}" name: "{{ item }}" state: latest register: pkgs_task_result until: pkgs_task_result|succeeded retries: 4 delay: "{{ retry_stagger | random + 3 }}" with_items: "{{required_pkgs | default([]) | union(common_required_pkgs|default([]))}}" when: not (ansible_os_family in ["CoreOS", "Container Linux by CoreOS"] or is_atomic) tags: - bootstrap-os # Todo : selinux configuration - name: Confirm selinux deployed stat: path: /etc/selinux/config when: ansible_os_family == "RedHat" register: slc - name: Set selinux policy selinux: policy: targeted state: "{{ preinstall_selinux_state }}" when: - ansible_os_family == "RedHat" - slc.stat.exists == True changed_when: False tags: - bootstrap-os - name: Disable IPv6 DNS lookup lineinfile: dest: /etc/gai.conf line: "precedence ::ffff:0:0/96 100" state: present backup: yes when: - disable_ipv6_dns - not ansible_os_family in ["CoreOS", "Container Linux by CoreOS"] tags: - bootstrap-os - name: set default sysctl file path set_fact: sysctl_file_path: "/etc/sysctl.d/99-sysctl.conf" tags: - bootstrap-os - name: Stat sysctl file configuration stat: path: "{{sysctl_file_path}}" register: sysctl_file_stat tags: - bootstrap-os - name: Change sysctl file path to link source if linked set_fact: sysctl_file_path: "{{sysctl_file_stat.stat.lnk_source}}" when: - sysctl_file_stat.stat.islnk is defined - sysctl_file_stat.stat.islnk tags: - bootstrap-os - name: Enable ip forwarding sysctl: sysctl_file: "{{sysctl_file_path}}" name: net.ipv4.ip_forward value: 1 state: present reload: yes tags: - bootstrap-os - name: Write cloud-config template: src: "{{ cloud_provider }}-cloud-config.j2" dest: "{{ kube_config_dir }}/cloud_config" group: "{{ kube_cert_group }}" mode: 0640 when: - inventory_hostname in groups['k8s-cluster'] - cloud_provider is defined - cloud_provider in [ 'openstack', 'azure', 'vsphere' ] tags: - cloud-provider - import_tasks: etchosts.yml tags: - bootstrap-os - etchosts - import_tasks: dhclient-hooks.yml when: - dns_mode != 'none' - resolvconf_mode == 'host_resolvconf' - not ansible_os_family in ["CoreOS", "Container Linux by CoreOS"] tags: - bootstrap-os - resolvconf - import_tasks: dhclient-hooks-undo.yml when: - dns_mode != 'none' - resolvconf_mode != 'host_resolvconf' - not ansible_os_family in ["CoreOS", "Container Linux by CoreOS"] tags: - bootstrap-os - resolvconf - name: Check if we are running inside a Azure VM stat: path: /var/lib/waagent/ register: azure_check tags: - bootstrap-os - import_tasks: growpart-azure-centos-7.yml when: - azure_check.stat.exists - ansible_distribution in ["CentOS","RedHat"] tags: - bootstrap-os