fff8780a51
"shell" step doesn't support check mode, which currently leads to failures, when Ansible is being run in check mode (because Ansible doesn't run command, assuming that command might have effect, and no "rc" or "output" is registered). Setting "check_mode: no" allows to run those "shell" commands in check mode (which is safe, because those shell commands doesn't have side effects).
209 lines
6.4 KiB
YAML
209 lines
6.4 KiB
YAML
---
|
|
- include: pre-upgrade.yml
|
|
tags: [upgrade, bootstrap-os]
|
|
|
|
- name: Force binaries directory for Container Linux by CoreOS
|
|
set_fact:
|
|
bin_dir: "/opt/bin"
|
|
when: ansible_os_family in ["CoreOS", "Container Linux by CoreOS"]
|
|
tags: facts
|
|
|
|
- name: check bin dir exists
|
|
file:
|
|
path: "{{bin_dir}}"
|
|
state: directory
|
|
owner: root
|
|
become: true
|
|
tags: bootstrap-os
|
|
|
|
- include: gitinfos.yml
|
|
when: run_gitinfos
|
|
tags: facts
|
|
|
|
- include: set_facts.yml
|
|
tags: facts
|
|
|
|
- name: gather os specific variables
|
|
include_vars: "{{ item }}"
|
|
with_first_found:
|
|
- files:
|
|
- "{{ ansible_distribution|lower }}-{{ ansible_distribution_version|lower|replace('/', '_') }}.yml"
|
|
- "{{ ansible_distribution|lower }}-{{ ansible_distribution_release }}.yml"
|
|
- "{{ ansible_distribution|lower }}-{{ ansible_distribution_major_version|lower|replace('/', '_') }}.yml"
|
|
- "{{ ansible_distribution|lower }}.yml"
|
|
- "{{ ansible_os_family|lower }}.yml"
|
|
- defaults.yml
|
|
paths:
|
|
- ../vars
|
|
skip: true
|
|
tags: facts
|
|
|
|
- name: Create kubernetes config directory
|
|
file:
|
|
path: "{{ kube_config_dir }}"
|
|
state: directory
|
|
owner: kube
|
|
when: "{{ inventory_hostname in groups['k8s-cluster'] }}"
|
|
tags: [kubelet, k8s-secrets, kube-controller-manager, kube-apiserver, bootstrap-os, apps, network, master, node]
|
|
|
|
- name: Create kubernetes script directory
|
|
file:
|
|
path: "{{ kube_script_dir }}"
|
|
state: directory
|
|
owner: kube
|
|
when: "{{ inventory_hostname in groups['k8s-cluster'] }}"
|
|
tags: [k8s-secrets, bootstrap-os]
|
|
|
|
- name: Create kubernetes manifests directory
|
|
file:
|
|
path: "{{ kube_manifest_dir }}"
|
|
state: directory
|
|
owner: kube
|
|
when: "{{ inventory_hostname in groups['k8s-cluster'] }}"
|
|
tags: [kubelet, bootstrap-os, master, node]
|
|
|
|
- name: check cloud_provider value
|
|
fail:
|
|
msg: "If set the 'cloud_provider' var must be set either to 'generic', 'gce', 'aws', 'azure' or 'openstack'"
|
|
when: cloud_provider is defined and cloud_provider not in ['generic', 'gce', 'aws', 'openstack', 'azure']
|
|
tags: [cloud-provider, facts]
|
|
|
|
- include: openstack-credential-check.yml
|
|
when: cloud_provider is defined and cloud_provider == 'openstack'
|
|
tags: [cloud-provider, openstack, facts]
|
|
|
|
- include: azure-credential-check.yml
|
|
when: cloud_provider is defined and cloud_provider == 'azure'
|
|
tags: [cloud-provider, azure, facts]
|
|
|
|
- name: Create cni directories
|
|
file:
|
|
path: "{{ item }}"
|
|
state: directory
|
|
owner: kube
|
|
with_items:
|
|
- "/etc/cni/net.d"
|
|
- "/opt/cni/bin"
|
|
when: kube_network_plugin in ["calico", "weave", "canal"] and "{{ inventory_hostname in groups['k8s-cluster'] }}"
|
|
tags: [network, calico, weave, canal, bootstrap-os]
|
|
|
|
- name: Update package management cache (YUM)
|
|
yum: update_cache=yes name='*'
|
|
when: ansible_pkg_mgr == 'yum'
|
|
tags: bootstrap-os
|
|
|
|
- name: Install latest version of python-apt for Debian distribs
|
|
apt: name=python-apt state=latest update_cache=yes cache_valid_time=3600
|
|
when: ansible_os_family == "Debian"
|
|
tags: bootstrap-os
|
|
|
|
- name: Install python-dnf for latest RedHat versions
|
|
command: dnf install -y python-dnf yum
|
|
when: ansible_distribution == "Fedora" and
|
|
ansible_distribution_major_version > 21
|
|
changed_when: False
|
|
tags: bootstrap-os
|
|
|
|
- name: Install epel-release on RedHat/CentOS
|
|
shell: rpm -qa | grep epel-release || rpm -ivh {{ epel_rpm_download_url }}
|
|
when: ansible_distribution in ["CentOS","RedHat"]
|
|
changed_when: False
|
|
check_mode: no
|
|
tags: bootstrap-os
|
|
|
|
- name: Install packages requirements
|
|
action:
|
|
module: "{{ ansible_pkg_mgr }}"
|
|
name: "{{ item }}"
|
|
state: latest
|
|
register: pkgs_task_result
|
|
until: pkgs_task_result|success
|
|
retries: 4
|
|
delay: "{{ retry_stagger | random + 3 }}"
|
|
with_items: "{{required_pkgs | default([]) | union(common_required_pkgs|default([]))}}"
|
|
when: not ansible_os_family in ["CoreOS", "Container Linux by CoreOS"]
|
|
tags: bootstrap-os
|
|
|
|
# Todo : selinux configuration
|
|
- name: Set selinux policy to permissive
|
|
selinux: policy=targeted state=permissive
|
|
when: ansible_os_family == "RedHat"
|
|
changed_when: False
|
|
tags: bootstrap-os
|
|
|
|
- name: Disable IPv6 DNS lookup
|
|
lineinfile:
|
|
dest: /etc/gai.conf
|
|
line: "precedence ::ffff:0:0/96 100"
|
|
state: present
|
|
backup: yes
|
|
when: disable_ipv6_dns and not ansible_os_family in ["CoreOS", "Container Linux by CoreOS"]
|
|
tags: bootstrap-os
|
|
|
|
- name: set default sysctl file path
|
|
set_fact:
|
|
sysctl_file_path: "/etc/sysctl.d/99-sysctl.conf"
|
|
tags: bootstrap-os
|
|
|
|
- name: Stat sysctl file configuration
|
|
stat: path={{sysctl_file_path}}
|
|
register: sysctl_file_stat
|
|
tags: bootstrap-os
|
|
|
|
- name: Change sysctl file path to link source if linked
|
|
set_fact:
|
|
sysctl_file_path: "{{sysctl_file_stat.stat.lnk_source}}"
|
|
when: sysctl_file_stat.stat.islnk is defined and sysctl_file_stat.stat.islnk
|
|
tags: bootstrap-os
|
|
|
|
- name: Enable ip forwarding
|
|
sysctl:
|
|
sysctl_file: "{{sysctl_file_path}}"
|
|
name: net.ipv4.ip_forward
|
|
value: 1
|
|
state: present
|
|
tags: bootstrap-os
|
|
|
|
- name: Write openstack cloud-config
|
|
template:
|
|
src: openstack-cloud-config.j2
|
|
dest: "{{ kube_config_dir }}/cloud_config"
|
|
group: "{{ kube_cert_group }}"
|
|
mode: 0640
|
|
when: inventory_hostname in groups['k8s-cluster'] and cloud_provider is defined and cloud_provider == "openstack"
|
|
tags: [cloud-provider, openstack]
|
|
|
|
- name: Write azure cloud-config
|
|
template:
|
|
src: azure-cloud-config.j2
|
|
dest: "{{ kube_config_dir }}/cloud_config"
|
|
group: "{{ kube_cert_group }}"
|
|
mode: 0640
|
|
when: inventory_hostname in groups['k8s-cluster'] and cloud_provider is defined and cloud_provider == "azure"
|
|
tags: [cloud-provider, azure]
|
|
|
|
- include: etchosts.yml
|
|
tags: [bootstrap-os, etchosts]
|
|
|
|
- include: resolvconf.yml
|
|
when: dns_mode != 'none' and resolvconf_mode == 'host_resolvconf'
|
|
tags: [bootstrap-os, resolvconf]
|
|
|
|
- include: dhclient-hooks.yml
|
|
when: dns_mode != 'none' and resolvconf_mode == 'host_resolvconf' and not ansible_os_family in ["CoreOS", "Container Linux by CoreOS"]
|
|
tags: [bootstrap-os, resolvconf]
|
|
|
|
- include: dhclient-hooks-undo.yml
|
|
when: dns_mode != 'none' and resolvconf_mode != 'host_resolvconf' and not ansible_os_family in ["CoreOS", "Container Linux by CoreOS"]
|
|
tags: [bootstrap-os, resolvconf]
|
|
|
|
- name: Check if we are running inside a Azure VM
|
|
stat: path=/var/lib/waagent/
|
|
register: azure_check
|
|
tags: bootstrap-os
|
|
|
|
- include: growpart-azure-centos-7.yml
|
|
when: azure_check.stat.exists and
|
|
ansible_distribution in ["CentOS","RedHat"]
|
|
tags: bootstrap-os
|
|
|