a15d626771
In order to enable offline/intranet installation cases: * Move DNS/resolvconf configuration to preinstall role. Remove skip_dnsmasq_k8s var as not needed anymore. * Preconfigure DNS stack early, which may be the case when downloading artifacts from intranet repositories. Do not configure K8s DNS resolvers for hosts /etc/resolv.conf yet early (as they may be not existing). * Reconfigure K8s DNS resolvers for hosts only after kubedns/dnsmasq was set up and before K8s apps to be created. * Move docker install task to early stage as well and unbind it from the etcd role's specific install path. Fix external flannel dependency on docker role handlers. Also fix the docker restart handlers' steps ordering to match the expected sequence (the socket then the service). * Add default resolver fact, which is the cloud provider specific and remove hardcoded GCE resolver. * Reduce default ndots for hosts /etc/resolv.conf to 2. Multiple search domains combined with high ndots values lead to poor performance of DNS stack and make ansible workers to fail very often with the "Timeout (12s) waiting for privilege escalation prompt:" error. * Update docs. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
183 lines
5.4 KiB
YAML
183 lines
5.4 KiB
YAML
---
|
|
- name: Force binaries directory for CoreOS
|
|
set_fact:
|
|
bin_dir: "/opt/bin"
|
|
when: ansible_os_family == "CoreOS"
|
|
tags: facts
|
|
|
|
- name: check bin dir exists
|
|
file:
|
|
path: "{{bin_dir}}"
|
|
state: directory
|
|
owner: root
|
|
become: true
|
|
tags: bootstrap-os
|
|
|
|
- include: gitinfos.yml
|
|
when: run_gitinfos
|
|
tags: facts
|
|
|
|
- include: set_facts.yml
|
|
tags: facts
|
|
|
|
- name: gather os specific variables
|
|
include_vars: "{{ item }}"
|
|
with_first_found:
|
|
- files:
|
|
- "{{ ansible_distribution|lower }}-{{ ansible_distribution_version|lower|replace('/', '_') }}.yml"
|
|
- "{{ ansible_distribution|lower }}-{{ ansible_distribution_release }}.yml"
|
|
- "{{ ansible_distribution|lower }}-{{ ansible_distribution_major_version|lower|replace('/', '_') }}.yml"
|
|
- "{{ ansible_distribution|lower }}.yml"
|
|
- "{{ ansible_os_family|lower }}.yml"
|
|
- defaults.yml
|
|
paths:
|
|
- ../vars
|
|
skip: true
|
|
tags: facts
|
|
|
|
- name: Create kubernetes config directory
|
|
file:
|
|
path: "{{ kube_config_dir }}"
|
|
state: directory
|
|
owner: kube
|
|
when: "{{ inventory_hostname in groups['k8s-cluster'] }}"
|
|
tags: [kubelet, k8s-secrets, kube-controller-manager, kube-apiserver, bootstrap-os, apps, network, master, node]
|
|
|
|
- name: Create kubernetes script directory
|
|
file:
|
|
path: "{{ kube_script_dir }}"
|
|
state: directory
|
|
owner: kube
|
|
when: "{{ inventory_hostname in groups['k8s-cluster'] }}"
|
|
tags: [k8s-secrets, bootstrap-os]
|
|
|
|
- name: Create kubernetes manifests directory
|
|
file:
|
|
path: "{{ kube_manifest_dir }}"
|
|
state: directory
|
|
owner: kube
|
|
when: "{{ inventory_hostname in groups['k8s-cluster'] }}"
|
|
tags: [kubelet, bootstrap-os, master, node]
|
|
|
|
- name: Create kubernetes logs directory
|
|
file:
|
|
path: "{{ kube_log_dir }}"
|
|
state: directory
|
|
owner: kube
|
|
when: ansible_service_mgr in ["sysvinit","upstart"] and "{{ inventory_hostname in groups['k8s-cluster'] }}"
|
|
tags: [bootstrap-os, master, node]
|
|
|
|
- name: check cloud_provider value
|
|
fail:
|
|
msg: "If set the 'cloud_provider' var must be set either to 'generic', 'gce', 'aws', 'azure' or 'openstack'"
|
|
when: cloud_provider is defined and cloud_provider not in ['generic', 'gce', 'aws', 'openstack', 'azure']
|
|
tags: [cloud-provider, facts]
|
|
|
|
- include: openstack-credential-check.yml
|
|
when: cloud_provider is defined and cloud_provider == 'openstack'
|
|
tags: [cloud-provider, openstack, facts]
|
|
|
|
- include: azure-credential-check.yml
|
|
when: cloud_provider is defined and cloud_provider == 'azure'
|
|
tags: [cloud-provider, azure, facts]
|
|
|
|
- name: Fix ipv4 forward rule in GCE security policy
|
|
lineinfile:
|
|
dest: /etc/sysctl.d/99-sysctl.conf
|
|
regexp: '^net.ipv4.ip_forward='
|
|
line: 'net.ipv4.ip_forward=1'
|
|
state: present
|
|
create: yes
|
|
backup: yes
|
|
validate: 'sysctl -f %s'
|
|
when: cloud_provider is defined and cloud_provider == 'gce'
|
|
tags: [cloud-provider, gce, bootstrap-os]
|
|
|
|
- name: Create cni directories
|
|
file:
|
|
path: "{{ item }}"
|
|
state: directory
|
|
owner: kube
|
|
with_items:
|
|
- "/etc/cni/net.d"
|
|
- "/opt/cni/bin"
|
|
when: kube_network_plugin in ["calico", "weave", "canal"] and "{{ inventory_hostname in groups['k8s-cluster'] }}"
|
|
tags: [network, calico, weave, canal, bootstrap-os]
|
|
|
|
- name: Update package management cache (YUM)
|
|
yum: update_cache=yes name='*'
|
|
when: ansible_pkg_mgr == 'yum'
|
|
tags: bootstrap-os
|
|
|
|
- name: Install latest version of python-apt for Debian distribs
|
|
apt: name=python-apt state=latest update_cache=yes cache_valid_time=3600
|
|
when: ansible_os_family == "Debian"
|
|
tags: bootstrap-os
|
|
|
|
- name: Install python-dnf for latest RedHat versions
|
|
command: dnf install -y python-dnf yum
|
|
when: ansible_distribution == "Fedora" and
|
|
ansible_distribution_major_version > 21
|
|
changed_when: False
|
|
tags: bootstrap-os
|
|
|
|
- name: Install epel-release on RedHat/CentOS
|
|
shell: rpm -qa | grep epel-release || rpm -ivh {{ epel_rpm_download_url }}
|
|
when: ansible_distribution in ["CentOS","RedHat"] and
|
|
ansible_distribution_major_version >= 7
|
|
changed_when: False
|
|
tags: bootstrap-os
|
|
|
|
- name: Install packages requirements
|
|
action:
|
|
module: "{{ ansible_pkg_mgr }}"
|
|
name: "{{ item }}"
|
|
state: latest
|
|
register: pkgs_task_result
|
|
until: pkgs_task_result|success
|
|
retries: 4
|
|
delay: "{{ retry_stagger | random + 3 }}"
|
|
with_items: "{{required_pkgs | default([]) | union(common_required_pkgs|default([]))}}"
|
|
when: ansible_os_family != "CoreOS"
|
|
tags: bootstrap-os
|
|
|
|
- name: Disable IPv6 DNS lookup
|
|
lineinfile:
|
|
dest: /etc/gai.conf
|
|
line: "precedence ::ffff:0:0/96 100"
|
|
state: present
|
|
backup: yes
|
|
when: disable_ipv6_dns and ansible_os_family != "CoreOS"
|
|
tags: bootstrap-os
|
|
|
|
# Todo : selinux configuration
|
|
- name: Set selinux policy to permissive
|
|
selinux: policy=targeted state=permissive
|
|
when: ansible_os_family == "RedHat"
|
|
changed_when: False
|
|
tags: bootstrap-os
|
|
|
|
- name: Write openstack cloud-config
|
|
template:
|
|
src: openstack-cloud-config.j2
|
|
dest: "{{ kube_config_dir }}/cloud_config"
|
|
group: "{{ kube_cert_group }}"
|
|
mode: 0640
|
|
when: cloud_provider is defined and cloud_provider == "openstack"
|
|
tags: [cloud-provider, openstack]
|
|
|
|
- name: Write azure cloud-config
|
|
template:
|
|
src: azure-cloud-config.j2
|
|
dest: "{{ kube_config_dir }}/cloud_config"
|
|
group: "{{ kube_cert_group }}"
|
|
mode: 0640
|
|
when: cloud_provider is defined and cloud_provider == "azure"
|
|
tags: [cloud-provider, azure]
|
|
|
|
- include: etchosts.yml
|
|
tags: [bootstrap-os, etchosts]
|
|
|
|
- include: resolvconf.yml
|
|
tags: [bootstrap-os, resolvconf]
|