f77257cf79
the tasks fail because selinux prevents ip-forwarding setting. Moving the tasks around addresses two issues. Makes sure that the correct python tools are in place before adjusting of selinux and makes sure that ipforwarding is toggled after selinux adjustments.
195 lines
5.9 KiB
YAML
195 lines
5.9 KiB
YAML
---
|
|
- include: pre-upgrade.yml
|
|
tags: [upgrade, bootstrap-os]
|
|
|
|
- name: Force binaries directory for Container Linux by CoreOS
|
|
set_fact:
|
|
bin_dir: "/opt/bin"
|
|
when: ansible_os_family in ["CoreOS", "Container Linux by CoreOS"]
|
|
tags: facts
|
|
|
|
- name: check bin dir exists
|
|
file:
|
|
path: "{{bin_dir}}"
|
|
state: directory
|
|
owner: root
|
|
become: true
|
|
tags: bootstrap-os
|
|
|
|
- include: gitinfos.yml
|
|
when: run_gitinfos
|
|
tags: facts
|
|
|
|
- include: set_facts.yml
|
|
tags: facts
|
|
|
|
- name: gather os specific variables
|
|
include_vars: "{{ item }}"
|
|
with_first_found:
|
|
- files:
|
|
- "{{ ansible_distribution|lower }}-{{ ansible_distribution_version|lower|replace('/', '_') }}.yml"
|
|
- "{{ ansible_distribution|lower }}-{{ ansible_distribution_release }}.yml"
|
|
- "{{ ansible_distribution|lower }}-{{ ansible_distribution_major_version|lower|replace('/', '_') }}.yml"
|
|
- "{{ ansible_distribution|lower }}.yml"
|
|
- "{{ ansible_os_family|lower }}.yml"
|
|
- defaults.yml
|
|
paths:
|
|
- ../vars
|
|
skip: true
|
|
tags: facts
|
|
|
|
- name: Create kubernetes config directory
|
|
file:
|
|
path: "{{ kube_config_dir }}"
|
|
state: directory
|
|
owner: kube
|
|
when: "{{ inventory_hostname in groups['k8s-cluster'] }}"
|
|
tags: [kubelet, k8s-secrets, kube-controller-manager, kube-apiserver, bootstrap-os, apps, network, master, node]
|
|
|
|
- name: Create kubernetes script directory
|
|
file:
|
|
path: "{{ kube_script_dir }}"
|
|
state: directory
|
|
owner: kube
|
|
when: "{{ inventory_hostname in groups['k8s-cluster'] }}"
|
|
tags: [k8s-secrets, bootstrap-os]
|
|
|
|
- name: Create kubernetes manifests directory
|
|
file:
|
|
path: "{{ kube_manifest_dir }}"
|
|
state: directory
|
|
owner: kube
|
|
when: "{{ inventory_hostname in groups['k8s-cluster'] }}"
|
|
tags: [kubelet, bootstrap-os, master, node]
|
|
|
|
- name: check cloud_provider value
|
|
fail:
|
|
msg: "If set the 'cloud_provider' var must be set either to 'generic', 'gce', 'aws', 'azure' or 'openstack'"
|
|
when: cloud_provider is defined and cloud_provider not in ['generic', 'gce', 'aws', 'openstack', 'azure']
|
|
tags: [cloud-provider, facts]
|
|
|
|
- include: openstack-credential-check.yml
|
|
when: cloud_provider is defined and cloud_provider == 'openstack'
|
|
tags: [cloud-provider, openstack, facts]
|
|
|
|
- include: azure-credential-check.yml
|
|
when: cloud_provider is defined and cloud_provider == 'azure'
|
|
tags: [cloud-provider, azure, facts]
|
|
|
|
- name: Create cni directories
|
|
file:
|
|
path: "{{ item }}"
|
|
state: directory
|
|
owner: kube
|
|
with_items:
|
|
- "/etc/cni/net.d"
|
|
- "/opt/cni/bin"
|
|
when: kube_network_plugin in ["calico", "weave", "canal"] and "{{ inventory_hostname in groups['k8s-cluster'] }}"
|
|
tags: [network, calico, weave, canal, bootstrap-os]
|
|
|
|
- name: Update package management cache (YUM)
|
|
yum: update_cache=yes name='*'
|
|
when: ansible_pkg_mgr == 'yum'
|
|
tags: bootstrap-os
|
|
|
|
- name: Install latest version of python-apt for Debian distribs
|
|
apt: name=python-apt state=latest update_cache=yes cache_valid_time=3600
|
|
when: ansible_os_family == "Debian"
|
|
tags: bootstrap-os
|
|
|
|
- name: Install python-dnf for latest RedHat versions
|
|
command: dnf install -y python-dnf yum
|
|
when: ansible_distribution == "Fedora" and
|
|
ansible_distribution_major_version > 21
|
|
changed_when: False
|
|
tags: bootstrap-os
|
|
|
|
- name: Install epel-release on RedHat/CentOS
|
|
shell: rpm -qa | grep epel-release || rpm -ivh {{ epel_rpm_download_url }}
|
|
when: ansible_distribution in ["CentOS","RedHat"]
|
|
changed_when: False
|
|
tags: bootstrap-os
|
|
|
|
- name: Install packages requirements
|
|
action:
|
|
module: "{{ ansible_pkg_mgr }}"
|
|
name: "{{ item }}"
|
|
state: latest
|
|
register: pkgs_task_result
|
|
until: pkgs_task_result|success
|
|
retries: 4
|
|
delay: "{{ retry_stagger | random + 3 }}"
|
|
with_items: "{{required_pkgs | default([]) | union(common_required_pkgs|default([]))}}"
|
|
when: not ansible_os_family in ["CoreOS", "Container Linux by CoreOS"]
|
|
tags: bootstrap-os
|
|
|
|
# Todo : selinux configuration
|
|
- name: Set selinux policy to permissive
|
|
selinux: policy=targeted state=permissive
|
|
when: ansible_os_family == "RedHat"
|
|
changed_when: False
|
|
tags: bootstrap-os
|
|
|
|
- name: Disable IPv6 DNS lookup
|
|
lineinfile:
|
|
dest: /etc/gai.conf
|
|
line: "precedence ::ffff:0:0/96 100"
|
|
state: present
|
|
backup: yes
|
|
when: disable_ipv6_dns and not ansible_os_family in ["CoreOS", "Container Linux by CoreOS"]
|
|
tags: bootstrap-os
|
|
|
|
- name: Enable ip forwarding
|
|
lineinfile:
|
|
dest: /etc/sysctl.d/99-sysctl.conf
|
|
regexp: '^net.ipv4.ip_forward='
|
|
line: 'net.ipv4.ip_forward=1'
|
|
state: present
|
|
create: yes
|
|
backup: yes
|
|
validate: 'sysctl -f %s'
|
|
tags: bootstrap-os
|
|
|
|
- name: Write openstack cloud-config
|
|
template:
|
|
src: openstack-cloud-config.j2
|
|
dest: "{{ kube_config_dir }}/cloud_config"
|
|
group: "{{ kube_cert_group }}"
|
|
mode: 0640
|
|
when: cloud_provider is defined and cloud_provider == "openstack"
|
|
tags: [cloud-provider, openstack]
|
|
|
|
- name: Write azure cloud-config
|
|
template:
|
|
src: azure-cloud-config.j2
|
|
dest: "{{ kube_config_dir }}/cloud_config"
|
|
group: "{{ kube_cert_group }}"
|
|
mode: 0640
|
|
when: cloud_provider is defined and cloud_provider == "azure"
|
|
tags: [cloud-provider, azure]
|
|
|
|
- include: etchosts.yml
|
|
tags: [bootstrap-os, etchosts]
|
|
|
|
- include: resolvconf.yml
|
|
when: dns_mode != 'none' and resolvconf_mode == 'host_resolvconf'
|
|
tags: [bootstrap-os, resolvconf]
|
|
|
|
- include: dhclient-hooks.yml
|
|
when: dns_mode != 'none' and resolvconf_mode == 'host_resolvconf' and not ansible_os_family in ["CoreOS", "Container Linux by CoreOS"]
|
|
tags: [bootstrap-os, resolvconf]
|
|
|
|
- include: dhclient-hooks-undo.yml
|
|
when: dns_mode != 'none' and resolvconf_mode != 'host_resolvconf' and not ansible_os_family in ["CoreOS", "Container Linux by CoreOS"]
|
|
tags: [bootstrap-os, resolvconf]
|
|
|
|
- name: Check if we are running inside a Azure VM
|
|
stat: path=/var/lib/waagent/
|
|
register: azure_check
|
|
tags: bootstrap-os
|
|
|
|
- include: growpart-azure-centos-7.yml
|
|
when: azure_check.stat.exists and
|
|
ansible_distribution in ["CentOS","RedHat"]
|
|
tags: bootstrap-os
|
|
|