2015-12-31 00:11:33 +08:00
|
|
|
---
|
2016-08-27 01:24:47 +08:00
|
|
|
- name: Force binaries directory for CoreOS
|
|
|
|
set_fact:
|
|
|
|
bin_dir: "/opt/bin"
|
|
|
|
when: ansible_os_family == "CoreOS"
|
2016-12-08 21:36:00 +08:00
|
|
|
tags: facts
|
2016-08-27 01:24:47 +08:00
|
|
|
|
2016-12-02 19:37:22 +08:00
|
|
|
- name: check bin dir exists
|
|
|
|
file:
|
|
|
|
path: "{{bin_dir}}"
|
|
|
|
state: directory
|
|
|
|
owner: root
|
|
|
|
become: true
|
2016-12-08 21:36:00 +08:00
|
|
|
tags: bootstrap-os
|
2016-08-22 20:45:42 +08:00
|
|
|
|
2016-01-21 17:51:13 +08:00
|
|
|
- include: gitinfos.yml
|
2016-01-21 20:19:02 +08:00
|
|
|
when: run_gitinfos
|
2016-12-08 21:36:00 +08:00
|
|
|
tags: facts
|
2016-01-21 17:51:13 +08:00
|
|
|
|
2016-07-20 17:35:06 +08:00
|
|
|
- include: set_facts.yml
|
2016-12-08 21:36:00 +08:00
|
|
|
tags: facts
|
2016-07-20 17:35:06 +08:00
|
|
|
|
2016-01-09 17:45:50 +08:00
|
|
|
- name: gather os specific variables
|
|
|
|
include_vars: "{{ item }}"
|
|
|
|
with_first_found:
|
|
|
|
- files:
|
|
|
|
- "{{ ansible_distribution|lower }}-{{ ansible_distribution_version|lower|replace('/', '_') }}.yml"
|
|
|
|
- "{{ ansible_distribution|lower }}-{{ ansible_distribution_release }}.yml"
|
|
|
|
- "{{ ansible_distribution|lower }}-{{ ansible_distribution_major_version|lower|replace('/', '_') }}.yml"
|
|
|
|
- "{{ ansible_distribution|lower }}.yml"
|
|
|
|
- "{{ ansible_os_family|lower }}.yml"
|
|
|
|
- defaults.yml
|
|
|
|
paths:
|
|
|
|
- ../vars
|
2016-02-20 01:48:53 +08:00
|
|
|
skip: true
|
2016-12-08 21:36:00 +08:00
|
|
|
tags: facts
|
2016-02-20 01:48:53 +08:00
|
|
|
|
2016-01-30 23:04:47 +08:00
|
|
|
- name: Create kubernetes config directory
|
|
|
|
file:
|
|
|
|
path: "{{ kube_config_dir }}"
|
|
|
|
state: directory
|
|
|
|
owner: kube
|
2016-07-26 21:18:47 +08:00
|
|
|
when: "{{ inventory_hostname in groups['k8s-cluster'] }}"
|
2016-12-08 21:36:00 +08:00
|
|
|
tags: [kubelet, k8s-secrets, kube-controller-manager, kube-apiserver, bootstrap-os, apps, network, master, node]
|
2016-01-30 23:04:47 +08:00
|
|
|
|
|
|
|
- name: Create kubernetes script directory
|
|
|
|
file:
|
|
|
|
path: "{{ kube_script_dir }}"
|
|
|
|
state: directory
|
|
|
|
owner: kube
|
2016-07-26 21:18:47 +08:00
|
|
|
when: "{{ inventory_hostname in groups['k8s-cluster'] }}"
|
2016-12-08 21:36:00 +08:00
|
|
|
tags: [k8s-secrets, bootstrap-os]
|
2016-01-30 23:04:47 +08:00
|
|
|
|
|
|
|
- name: Create kubernetes manifests directory
|
|
|
|
file:
|
|
|
|
path: "{{ kube_manifest_dir }}"
|
|
|
|
state: directory
|
|
|
|
owner: kube
|
2016-07-26 21:18:47 +08:00
|
|
|
when: "{{ inventory_hostname in groups['k8s-cluster'] }}"
|
2016-12-08 21:36:00 +08:00
|
|
|
tags: [kubelet, bootstrap-os, master, node]
|
2016-01-30 23:04:47 +08:00
|
|
|
|
|
|
|
- name: Create kubernetes logs directory
|
|
|
|
file:
|
|
|
|
path: "{{ kube_log_dir }}"
|
|
|
|
state: directory
|
|
|
|
owner: kube
|
2016-07-26 21:18:47 +08:00
|
|
|
when: ansible_service_mgr in ["sysvinit","upstart"] and "{{ inventory_hostname in groups['k8s-cluster'] }}"
|
2016-12-08 21:36:00 +08:00
|
|
|
tags: [bootstrap-os, master, node]
|
2016-01-30 23:04:47 +08:00
|
|
|
|
2016-03-24 00:27:06 +08:00
|
|
|
- name: check cloud_provider value
|
|
|
|
fail:
|
2016-11-29 17:20:28 +08:00
|
|
|
msg: "If set the 'cloud_provider' var must be set either to 'generic', 'gce', 'aws', 'azure' or 'openstack'"
|
|
|
|
when: cloud_provider is defined and cloud_provider not in ['generic', 'gce', 'aws', 'openstack', 'azure']
|
2016-12-08 21:36:00 +08:00
|
|
|
tags: [cloud-provider, facts]
|
2016-03-29 20:50:22 +08:00
|
|
|
|
|
|
|
- include: openstack-credential-check.yml
|
|
|
|
when: cloud_provider is defined and cloud_provider == 'openstack'
|
2016-12-08 21:36:00 +08:00
|
|
|
tags: [cloud-provider, openstack, facts]
|
2016-03-24 00:27:06 +08:00
|
|
|
|
2016-11-29 17:20:28 +08:00
|
|
|
- include: azure-credential-check.yml
|
|
|
|
when: cloud_provider is defined and cloud_provider == 'azure'
|
2016-12-08 21:36:00 +08:00
|
|
|
tags: [cloud-provider, azure, facts]
|
2016-11-29 17:20:28 +08:00
|
|
|
|
2016-12-14 22:08:13 +08:00
|
|
|
- name: Enable ip forwarding
|
2016-12-06 01:14:05 +08:00
|
|
|
lineinfile:
|
2016-12-07 19:45:15 +08:00
|
|
|
dest: /etc/sysctl.d/99-sysctl.conf
|
2016-12-06 01:14:05 +08:00
|
|
|
regexp: '^net.ipv4.ip_forward='
|
|
|
|
line: 'net.ipv4.ip_forward=1'
|
|
|
|
state: present
|
|
|
|
create: yes
|
|
|
|
backup: yes
|
|
|
|
validate: 'sysctl -f %s'
|
2016-12-14 22:08:13 +08:00
|
|
|
tags: bootstrap-os
|
2016-12-06 01:14:05 +08:00
|
|
|
|
2016-01-30 23:04:47 +08:00
|
|
|
- name: Create cni directories
|
|
|
|
file:
|
|
|
|
path: "{{ item }}"
|
|
|
|
state: directory
|
|
|
|
owner: kube
|
|
|
|
with_items:
|
|
|
|
- "/etc/cni/net.d"
|
|
|
|
- "/opt/cni/bin"
|
2016-11-03 23:57:11 +08:00
|
|
|
when: kube_network_plugin in ["calico", "weave", "canal"] and "{{ inventory_hostname in groups['k8s-cluster'] }}"
|
2016-12-08 21:36:00 +08:00
|
|
|
tags: [network, calico, weave, canal, bootstrap-os]
|
2016-01-30 23:04:47 +08:00
|
|
|
|
2016-01-26 01:16:56 +08:00
|
|
|
- name: Update package management cache (YUM)
|
|
|
|
yum: update_cache=yes name='*'
|
|
|
|
when: ansible_pkg_mgr == 'yum'
|
2016-12-08 21:36:00 +08:00
|
|
|
tags: bootstrap-os
|
2016-01-25 09:06:34 +08:00
|
|
|
|
2016-03-30 16:27:29 +08:00
|
|
|
- name: Install latest version of python-apt for Debian distribs
|
|
|
|
apt: name=python-apt state=latest update_cache=yes cache_valid_time=3600
|
2015-12-31 05:15:18 +08:00
|
|
|
when: ansible_os_family == "Debian"
|
2016-12-08 21:36:00 +08:00
|
|
|
tags: bootstrap-os
|
2016-01-09 17:45:50 +08:00
|
|
|
|
|
|
|
- name: Install python-dnf for latest RedHat versions
|
2016-02-13 18:59:46 +08:00
|
|
|
command: dnf install -y python-dnf yum
|
2016-01-09 17:45:50 +08:00
|
|
|
when: ansible_distribution == "Fedora" and
|
|
|
|
ansible_distribution_major_version > 21
|
|
|
|
changed_when: False
|
2016-12-08 21:36:00 +08:00
|
|
|
tags: bootstrap-os
|
2015-12-31 21:07:02 +08:00
|
|
|
|
2016-04-11 04:08:13 +08:00
|
|
|
- name: Install epel-release on RedHat/CentOS
|
2016-10-15 05:46:44 +08:00
|
|
|
shell: rpm -qa | grep epel-release || rpm -ivh {{ epel_rpm_download_url }}
|
2016-04-11 15:33:08 +08:00
|
|
|
when: ansible_distribution in ["CentOS","RedHat"] and
|
2016-04-13 09:41:46 +08:00
|
|
|
ansible_distribution_major_version >= 7
|
2016-04-11 15:33:08 +08:00
|
|
|
changed_when: False
|
2016-12-08 21:36:00 +08:00
|
|
|
tags: bootstrap-os
|
2016-02-01 04:05:49 +08:00
|
|
|
|
2016-01-09 17:45:50 +08:00
|
|
|
- name: Install packages requirements
|
2015-12-31 21:07:02 +08:00
|
|
|
action:
|
|
|
|
module: "{{ ansible_pkg_mgr }}"
|
|
|
|
name: "{{ item }}"
|
|
|
|
state: latest
|
2016-09-13 21:29:22 +08:00
|
|
|
register: pkgs_task_result
|
|
|
|
until: pkgs_task_result|success
|
|
|
|
retries: 4
|
2016-09-15 17:23:27 +08:00
|
|
|
delay: "{{ retry_stagger | random + 3 }}"
|
2016-02-20 01:48:53 +08:00
|
|
|
with_items: "{{required_pkgs | default([]) | union(common_required_pkgs|default([]))}}"
|
|
|
|
when: ansible_os_family != "CoreOS"
|
2016-12-08 21:36:00 +08:00
|
|
|
tags: bootstrap-os
|
2016-01-09 17:45:50 +08:00
|
|
|
|
2016-08-08 18:59:20 +08:00
|
|
|
- name: Disable IPv6 DNS lookup
|
|
|
|
lineinfile:
|
|
|
|
dest: /etc/gai.conf
|
|
|
|
line: "precedence ::ffff:0:0/96 100"
|
|
|
|
state: present
|
|
|
|
backup: yes
|
|
|
|
when: disable_ipv6_dns and ansible_os_family != "CoreOS"
|
2016-12-08 21:36:00 +08:00
|
|
|
tags: bootstrap-os
|
2016-08-08 18:59:20 +08:00
|
|
|
|
2016-01-09 17:45:50 +08:00
|
|
|
# Todo : selinux configuration
|
|
|
|
- name: Set selinux policy to permissive
|
|
|
|
selinux: policy=targeted state=permissive
|
2015-12-31 21:07:02 +08:00
|
|
|
when: ansible_os_family == "RedHat"
|
2016-01-09 17:45:50 +08:00
|
|
|
changed_when: False
|
2016-12-08 21:36:00 +08:00
|
|
|
tags: bootstrap-os
|
2015-12-31 05:15:18 +08:00
|
|
|
|
2016-03-29 20:50:22 +08:00
|
|
|
- name: Write openstack cloud-config
|
|
|
|
template:
|
|
|
|
src: openstack-cloud-config.j2
|
|
|
|
dest: "{{ kube_config_dir }}/cloud_config"
|
|
|
|
group: "{{ kube_cert_group }}"
|
|
|
|
mode: 0640
|
|
|
|
when: cloud_provider is defined and cloud_provider == "openstack"
|
2016-12-08 21:36:00 +08:00
|
|
|
tags: [cloud-provider, openstack]
|
2016-03-29 20:50:22 +08:00
|
|
|
|
2016-11-29 17:20:28 +08:00
|
|
|
- name: Write azure cloud-config
|
|
|
|
template:
|
|
|
|
src: azure-cloud-config.j2
|
|
|
|
dest: "{{ kube_config_dir }}/cloud_config"
|
|
|
|
group: "{{ kube_cert_group }}"
|
|
|
|
mode: 0640
|
|
|
|
when: cloud_provider is defined and cloud_provider == "azure"
|
2016-12-08 21:36:00 +08:00
|
|
|
tags: [cloud-provider, azure]
|
2016-11-29 17:20:28 +08:00
|
|
|
|
2016-01-21 00:37:23 +08:00
|
|
|
- include: etchosts.yml
|
2016-12-08 21:36:00 +08:00
|
|
|
tags: [bootstrap-os, etchosts]
|
2016-12-07 23:57:05 +08:00
|
|
|
|
|
|
|
- include: resolvconf.yml
|
|
|
|
tags: [bootstrap-os, resolvconf]
|
2016-12-09 20:27:50 +08:00
|
|
|
|
2016-12-12 21:14:22 +08:00
|
|
|
- name: Check if we are running inside a Azure VM
|
|
|
|
stat: path=/var/lib/waagent/
|
|
|
|
register: azure_check
|
|
|
|
tags: bootstrap-os
|
|
|
|
|
|
|
|
- include: growpart-azure-centos-7.yml
|
|
|
|
when: azure_check.stat.exists and
|
|
|
|
ansible_distribution in ["CentOS","RedHat"] and
|
2016-12-09 20:27:50 +08:00
|
|
|
ansible_distribution_major_version >= 7
|
|
|
|
tags: bootstrap-os
|
|
|
|
|