8fc5a844b3
Updates based on feedback Simplify checks for file exists remove invalid char Review feedback. Use regular systemd file. Add template for docker systemd atomic
225 lines
6.7 KiB
YAML
225 lines
6.7 KiB
YAML
---
|
|
- include: pre-upgrade.yml
|
|
tags: [upgrade, bootstrap-os]
|
|
|
|
- name: Force binaries directory for Container Linux by CoreOS
|
|
set_fact:
|
|
bin_dir: "/opt/bin"
|
|
when: ansible_os_family in ["CoreOS", "Container Linux by CoreOS"]
|
|
tags: facts
|
|
|
|
- name: check bin dir exists
|
|
file:
|
|
path: "{{bin_dir}}"
|
|
state: directory
|
|
owner: root
|
|
become: true
|
|
tags: bootstrap-os
|
|
|
|
- include: gitinfos.yml
|
|
when: run_gitinfos
|
|
tags: facts
|
|
|
|
- include: set_facts.yml
|
|
tags: facts
|
|
|
|
- name: gather os specific variables
|
|
include_vars: "{{ item }}"
|
|
with_first_found:
|
|
- files:
|
|
- "{{ ansible_distribution|lower }}-{{ ansible_distribution_version|lower|replace('/', '_') }}.yml"
|
|
- "{{ ansible_distribution|lower }}-{{ ansible_distribution_release }}.yml"
|
|
- "{{ ansible_distribution|lower }}-{{ ansible_distribution_major_version|lower|replace('/', '_') }}.yml"
|
|
- "{{ ansible_distribution|lower }}.yml"
|
|
- "{{ ansible_os_family|lower }}.yml"
|
|
- defaults.yml
|
|
paths:
|
|
- ../vars
|
|
skip: true
|
|
tags: facts
|
|
|
|
- name: Create kubernetes config directory
|
|
file:
|
|
path: "{{ kube_config_dir }}"
|
|
state: directory
|
|
owner: kube
|
|
when: "{{ inventory_hostname in groups['k8s-cluster'] }}"
|
|
tags: [kubelet, k8s-secrets, kube-controller-manager, kube-apiserver, bootstrap-os, apps, network, master, node]
|
|
|
|
- name: Create kubernetes script directory
|
|
file:
|
|
path: "{{ kube_script_dir }}"
|
|
state: directory
|
|
owner: kube
|
|
when: "{{ inventory_hostname in groups['k8s-cluster'] }}"
|
|
tags: [k8s-secrets, bootstrap-os]
|
|
|
|
- name: Create kubernetes manifests directory
|
|
file:
|
|
path: "{{ kube_manifest_dir }}"
|
|
state: directory
|
|
owner: kube
|
|
when: "{{ inventory_hostname in groups['k8s-cluster'] }}"
|
|
tags: [kubelet, bootstrap-os, master, node]
|
|
|
|
- name: check cloud_provider value
|
|
fail:
|
|
msg: "If set the 'cloud_provider' var must be set either to 'generic', 'gce', 'aws', 'azure' or 'openstack'"
|
|
when: cloud_provider is defined and cloud_provider not in ['generic', 'gce', 'aws', 'openstack', 'azure']
|
|
tags: [cloud-provider, facts]
|
|
|
|
- include: openstack-credential-check.yml
|
|
when: cloud_provider is defined and cloud_provider == 'openstack'
|
|
tags: [cloud-provider, openstack, facts]
|
|
|
|
- include: azure-credential-check.yml
|
|
when: cloud_provider is defined and cloud_provider == 'azure'
|
|
tags: [cloud-provider, azure, facts]
|
|
|
|
- name: Create cni directories
|
|
file:
|
|
path: "{{ item }}"
|
|
state: directory
|
|
owner: kube
|
|
with_items:
|
|
- "/etc/cni/net.d"
|
|
- "/opt/cni/bin"
|
|
when: kube_network_plugin in ["calico", "weave", "canal"] and "{{ inventory_hostname in groups['k8s-cluster'] }}"
|
|
tags: [network, calico, weave, canal, bootstrap-os]
|
|
|
|
- name: Update package management cache (YUM)
|
|
yum:
|
|
update_cache: yes
|
|
name: '*'
|
|
when: ansible_pkg_mgr == 'yum' and not is_atomic
|
|
tags: bootstrap-os
|
|
|
|
- name: Install latest version of python-apt for Debian distribs
|
|
apt:
|
|
name: python-apt
|
|
state: latest
|
|
update_cache: yes
|
|
cache_valid_time: 3600
|
|
when: ansible_os_family == "Debian"
|
|
tags: bootstrap-os
|
|
|
|
- name: Install python-dnf for latest RedHat versions
|
|
command: dnf install -y python-dnf yum
|
|
when: ansible_distribution == "Fedora" and
|
|
ansible_distribution_major_version > 21
|
|
changed_when: False
|
|
tags: bootstrap-os
|
|
|
|
- name: Install epel-release on RedHat/CentOS
|
|
shell: rpm -qa | grep epel-release || rpm -ivh {{ epel_rpm_download_url }}
|
|
when: ansible_distribution in ["CentOS","RedHat"] and not is_atomic
|
|
changed_when: False
|
|
check_mode: no
|
|
tags: bootstrap-os
|
|
|
|
- name: Install packages requirements
|
|
action:
|
|
module: "{{ ansible_pkg_mgr }}"
|
|
name: "{{ item }}"
|
|
state: latest
|
|
register: pkgs_task_result
|
|
until: pkgs_task_result|success
|
|
retries: 4
|
|
delay: "{{ retry_stagger | random + 3 }}"
|
|
with_items: "{{required_pkgs | default([]) | union(common_required_pkgs|default([]))}}"
|
|
when: not (ansible_os_family in ["CoreOS", "Container Linux by CoreOS"] or is_atomic)
|
|
tags: bootstrap-os
|
|
|
|
# Todo : selinux configuration
|
|
- name: Confirm selinux deployed
|
|
stat:
|
|
path: /etc/selinux/config
|
|
when: ansible_os_family == "RedHat"
|
|
register: slc
|
|
|
|
- name: Set selinux policy to permissive
|
|
selinux:
|
|
policy: targeted
|
|
state: permissive
|
|
when: ansible_os_family == "RedHat" and slc.stat.exists == True
|
|
changed_when: False
|
|
tags: bootstrap-os
|
|
|
|
- name: Disable IPv6 DNS lookup
|
|
lineinfile:
|
|
dest: /etc/gai.conf
|
|
line: "precedence ::ffff:0:0/96 100"
|
|
state: present
|
|
backup: yes
|
|
when: disable_ipv6_dns and not ansible_os_family in ["CoreOS", "Container Linux by CoreOS"]
|
|
tags: bootstrap-os
|
|
|
|
- name: set default sysctl file path
|
|
set_fact:
|
|
sysctl_file_path: "/etc/sysctl.d/99-sysctl.conf"
|
|
tags: bootstrap-os
|
|
|
|
- name: Stat sysctl file configuration
|
|
stat:
|
|
path: "{{sysctl_file_path}}"
|
|
register: sysctl_file_stat
|
|
tags: bootstrap-os
|
|
|
|
- name: Change sysctl file path to link source if linked
|
|
set_fact:
|
|
sysctl_file_path: "{{sysctl_file_stat.stat.lnk_source}}"
|
|
when: sysctl_file_stat.stat.islnk is defined and sysctl_file_stat.stat.islnk
|
|
tags: bootstrap-os
|
|
|
|
- name: Enable ip forwarding
|
|
sysctl:
|
|
sysctl_file: "{{sysctl_file_path}}"
|
|
name: net.ipv4.ip_forward
|
|
value: 1
|
|
state: present
|
|
tags: bootstrap-os
|
|
|
|
- name: Write openstack cloud-config
|
|
template:
|
|
src: openstack-cloud-config.j2
|
|
dest: "{{ kube_config_dir }}/cloud_config"
|
|
group: "{{ kube_cert_group }}"
|
|
mode: 0640
|
|
when: inventory_hostname in groups['k8s-cluster'] and cloud_provider is defined and cloud_provider == "openstack"
|
|
tags: [cloud-provider, openstack]
|
|
|
|
- name: Write azure cloud-config
|
|
template:
|
|
src: azure-cloud-config.j2
|
|
dest: "{{ kube_config_dir }}/cloud_config"
|
|
group: "{{ kube_cert_group }}"
|
|
mode: 0640
|
|
when: inventory_hostname in groups['k8s-cluster'] and cloud_provider is defined and cloud_provider == "azure"
|
|
tags: [cloud-provider, azure]
|
|
|
|
- include: etchosts.yml
|
|
tags: [bootstrap-os, etchosts]
|
|
|
|
- include: resolvconf.yml
|
|
when: dns_mode != 'none' and resolvconf_mode == 'host_resolvconf'
|
|
tags: [bootstrap-os, resolvconf]
|
|
|
|
- include: dhclient-hooks.yml
|
|
when: dns_mode != 'none' and resolvconf_mode == 'host_resolvconf' and not ansible_os_family in ["CoreOS", "Container Linux by CoreOS"]
|
|
tags: [bootstrap-os, resolvconf]
|
|
|
|
- include: dhclient-hooks-undo.yml
|
|
when: dns_mode != 'none' and resolvconf_mode != 'host_resolvconf' and not ansible_os_family in ["CoreOS", "Container Linux by CoreOS"]
|
|
tags: [bootstrap-os, resolvconf]
|
|
|
|
- name: Check if we are running inside a Azure VM
|
|
stat:
|
|
path: /var/lib/waagent/
|
|
register: azure_check
|
|
tags: bootstrap-os
|
|
|
|
- include: growpart-azure-centos-7.yml
|
|
when: azure_check.stat.exists and
|
|
ansible_distribution in ["CentOS","RedHat"]
|
|
tags: bootstrap-os
|
|
|