diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index af898ebe9..d70a479f8 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -343,7 +343,7 @@ gce_ubuntu18-flannel-aio: variables: <<: *ubuntu18_flannel_aio_variables <<: *gce_variables - when: on_success + when: manual except: ['triggers'] only: [/^pr-.*$/] diff --git a/roles/dnsmasq/defaults/main.yml b/roles/dnsmasq/defaults/main.yml index e3013f4ea..15fb7f169 100644 --- a/roles/dnsmasq/defaults/main.yml +++ b/roles/dnsmasq/defaults/main.yml @@ -33,6 +33,3 @@ dnsmasq_min_replicas: 1 # Custom name servers dnsmasq_upstream_dns_servers: [] - -# Arch of Docker images and needed packages -image_arch: amd64 diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml index 70e98b53f..d2426769f 100644 --- a/roles/docker/tasks/main.yml +++ b/roles/docker/tasks/main.yml @@ -4,10 +4,12 @@ with_first_found: - files: - "{{ ansible_distribution|lower }}-{{ ansible_distribution_version|lower|replace('/', '_') }}.yml" - - "{{ ansible_distribution|lower }}-{{ ansible_distribution_release }}.yml" + - "{{ ansible_distribution|lower }}-{{ ansible_distribution_release|lower }}-{{ host_architecture }}.yml" + - "{{ ansible_distribution|lower }}-{{ ansible_distribution_release|lower }}.yml" - "{{ ansible_distribution|lower }}-{{ ansible_distribution_major_version|lower|replace('/', '_') }}.yml" + - "{{ ansible_distribution|lower }}-{{ host_architecture }}.yml" - "{{ ansible_distribution|lower }}.yml" - - "{{ ansible_os_family|lower }}-{{ ansible_architecture }}.yml" + - "{{ ansible_os_family|lower }}-{{ host_architecture }}.yml" - "{{ ansible_os_family|lower }}.yml" - defaults.yml paths: diff --git a/roles/docker/vars/ubuntu.yml b/roles/docker/vars/ubuntu-amd64.yml similarity index 100% rename from roles/docker/vars/ubuntu.yml rename to roles/docker/vars/ubuntu-amd64.yml diff --git a/roles/docker/vars/ubuntu-arm64.yml b/roles/docker/vars/ubuntu-arm64.yml new file mode 100644 index 000000000..3dbb1a0e4 --- /dev/null +++ b/roles/docker/vars/ubuntu-arm64.yml @@ -0,0 +1,43 @@ +--- +docker_kernel_min_version: '3.10' +docker_version: 17.09 +# https://download.docker.com/linux/ubuntu/ +docker_versioned_pkg: + 'latest': docker-ce + '17.09': docker-ce=17.09.1~ce-0~ubuntu + 'stable': docker-ce=17.09.1~ce-0~ubuntu + 'edge': docker-ce=17.12.1~ce-0~ubuntu + +docker_package_info: + pkg_mgr: apt + pkgs: + - name: "{{ docker_versioned_pkg[docker_version | string] }}" + force: yes + +docker_repo_key_info: + pkg_key: apt_key + url: '{{ docker_ubuntu_repo_gpgkey }}' + repo_keys: + - 9DC858229FC7DD38854AE2D88D81803C0EBFCD88 + +docker_repo_info: + pkg_repo: apt_repository + repos: + - > + deb {{ docker_ubuntu_repo_base_url }} + {{ ansible_distribution_release|lower }} + stable + +dockerproject_repo_key_info: + pkg_key: apt_key + url: '{{ dockerproject_apt_repo_gpgkey }}' + repo_keys: + - 58118E89F3A912897C070ADBF76221572C52609D + +dockerproject_repo_info: + pkg_repo: apt_repository + repos: + - > + deb {{ dockerproject_apt_repo_base_url }} + {{ ansible_distribution|lower }}-{{ ansible_distribution_release|lower }} + main diff --git a/roles/download/defaults/main.yml b/roles/download/defaults/main.yml index d673c72b5..a21881758 100644 --- a/roles/download/defaults/main.yml +++ b/roles/download/defaults/main.yml @@ -27,7 +27,7 @@ download_always_pull: False download_delegate: "{% if download_localhost %}localhost{% else %}{{groups['kube-master'][0]}}{% endif %}" # Arch of Docker images and needed packages -image_arch: amd64 +image_arch: "{{host_architecture | default('amd64')}}" # Versions kube_version: v1.11.2 @@ -35,10 +35,10 @@ kubeadm_version: "{{ kube_version }}" etcd_version: v3.2.18 # TODO(mattymo): Move calico versions to roles/network_plugins/calico/defaults # after migration to container download -calico_version: "v3.1.3" -calico_ctl_version: "v3.1.3" -calico_cni_version: "v3.1.3" -calico_policy_version: "v3.1.3" +calico_version: "v3.2.0" +calico_ctl_version: "v3.2.0" +calico_cni_version: "v3.2.0" +calico_policy_version: "v3.2.0" calico_rr_version: "v0.6.1" flannel_version: "v0.10.0" flannel_cni_version: "v0.3.0" @@ -62,19 +62,19 @@ vault_binary_checksum: 3c4d70ba71619a43229e65c67830e30e050eab7a81ac6b28325ff707e # Containers etcd_image_repo: "quay.io/coreos/etcd" -etcd_image_tag: "{{ etcd_version }}" +etcd_image_tag: "{{ etcd_version }}{%- if image_arch != 'amd64' -%}-{{ image_arch }}{%- endif -%}" flannel_image_repo: "quay.io/coreos/flannel" flannel_image_tag: "{{ flannel_version }}" flannel_cni_image_repo: "quay.io/coreos/flannel-cni" flannel_cni_image_tag: "{{ flannel_cni_version }}" calicoctl_image_repo: "quay.io/calico/ctl" -calicoctl_image_tag: "{{ calico_ctl_version }}" +calicoctl_image_tag: "{{ calico_ctl_version }}-{{ image_arch }}" calico_node_image_repo: "quay.io/calico/node" -calico_node_image_tag: "{{ calico_version }}" +calico_node_image_tag: "{{ calico_version }}-{{ image_arch }}" calico_cni_image_repo: "quay.io/calico/cni" -calico_cni_image_tag: "{{ calico_cni_version }}" +calico_cni_image_tag: "{{ calico_cni_version }}-{{ image_arch }}" calico_policy_image_repo: "quay.io/calico/kube-controllers" -calico_policy_image_tag: "{{ calico_policy_version }}" +calico_policy_image_tag: "{{ calico_policy_version }}-{{ image_arch }}" calico_rr_image_repo: "quay.io/calico/routereflector" calico_rr_image_tag: "{{ calico_rr_version }}" hyperkube_image_repo: "gcr.io/google-containers/hyperkube-{{ image_arch }}" @@ -108,9 +108,12 @@ dnsmasq_image_tag: "{{ dnsmasq_version }}" kubedns_version: 1.14.10 kubedns_image_repo: "gcr.io/google_containers/k8s-dns-kube-dns-{{ image_arch }}" kubedns_image_tag: "{{ kubedns_version }}" -coredns_version: 1.2.0 -coredns_image_repo: "docker.io/coredns/coredns" -coredns_image_tag: "{{ coredns_version }}" + +coredns_version: "{%- if image_arch != 'amd64' -%}1.1.3{%- else -%}1.2.0{%- endif -%}" +coredns_image_repo: "gcr.io/google-containers/coredns" +coredns_image_tag: "{{ coredns_version }}{%- if image_arch != 'amd64' -%}__{{ image_arch}}_linux{%- endif -%}" + + dnsmasq_nanny_image_repo: "gcr.io/google_containers/k8s-dns-dnsmasq-nanny-{{ image_arch }}" dnsmasq_nanny_image_tag: "{{ kubedns_version }}" dnsmasq_sidecar_image_repo: "gcr.io/google_containers/k8s-dns-sidecar-{{ image_arch }}" diff --git a/roles/etcd/templates/etcd-events.env.j2 b/roles/etcd/templates/etcd-events.env.j2 index 525ce86c3..6caeb1cf9 100644 --- a/roles/etcd/templates/etcd-events.env.j2 +++ b/roles/etcd/templates/etcd-events.env.j2 @@ -30,3 +30,7 @@ ETCD_PEER_TRUSTED_CA_FILE={{ etcd_cert_dir }}/ca.pem ETCD_PEER_CERT_FILE={{ etcd_cert_dir }}/member-{{ inventory_hostname }}.pem ETCD_PEER_KEY_FILE={{ etcd_cert_dir }}/member-{{ inventory_hostname }}-key.pem ETCD_PEER_CLIENT_CERT_AUTH={{ etcd_peer_client_auth }} + +{% if host_architecture != "amd64" -%} +ETCD_UNSUPPORTED_ARCH={{host_architecture}} +{%- endif %} diff --git a/roles/etcd/templates/etcd.env.j2 b/roles/etcd/templates/etcd.env.j2 index c302b0285..a682f1f71 100644 --- a/roles/etcd/templates/etcd.env.j2 +++ b/roles/etcd/templates/etcd.env.j2 @@ -35,3 +35,7 @@ ETCD_PEER_CLIENT_CERT_AUTH={{ etcd_peer_client_auth }} {% for key, value in etcd_extra_vars.items() %} {{ key }}={{ value }} {% endfor %} + +{% if host_architecture != "amd64" -%} +ETCD_UNSUPPORTED_ARCH={{host_architecture}} +{%- endif %} diff --git a/roles/etcd/templates/etcd.j2 b/roles/etcd/templates/etcd.j2 old mode 100644 new mode 100755 diff --git a/roles/kubernetes-apps/ansible/defaults/main.yml b/roles/kubernetes-apps/ansible/defaults/main.yml index ef17c57b9..6a60e09d8 100644 --- a/roles/kubernetes-apps/ansible/defaults/main.yml +++ b/roles/kubernetes-apps/ansible/defaults/main.yml @@ -14,7 +14,8 @@ kubedns_nodes_per_replica: 10 coredns_replicas: 2 # Images -image_arch: amd64 +image_arch: "{{host_architecture}}" + kubedns_image_repo: "gcr.io/google_containers/k8s-dns-kube-dns-{{ image_arch }}" kubedns_image_tag: "{{ kubedns_version }}" dnsmasq_nanny_image_repo: "gcr.io/google_containers/k8s-dns-dnsmasq-nanny-{{ image_arch }}" diff --git a/roles/kubernetes/preinstall/tasks/swapoff.yml b/roles/kubernetes/preinstall/tasks/0010-swapoff.yml similarity index 100% rename from roles/kubernetes/preinstall/tasks/swapoff.yml rename to roles/kubernetes/preinstall/tasks/0010-swapoff.yml diff --git a/roles/kubernetes/preinstall/tasks/verify-settings.yml b/roles/kubernetes/preinstall/tasks/0020-verify-settings.yml similarity index 90% rename from roles/kubernetes/preinstall/tasks/verify-settings.yml rename to roles/kubernetes/preinstall/tasks/0020-verify-settings.yml index 003f33cf2..8c3cec92e 100644 --- a/roles/kubernetes/preinstall/tasks/verify-settings.yml +++ b/roles/kubernetes/preinstall/tasks/0020-verify-settings.yml @@ -68,7 +68,7 @@ # NOTICE: the check blatantly ignores the inet6-case - name: Guarantee that enough network address space is available for all pods assert: - that: "{{ kubelet_max_pods <= (2 ** (32 - kube_network_node_prefix)) - 2 }}" + that: "{{ kubelet_max_pods | default(110) <= (2 ** (32 - kube_network_node_prefix)) - 2 }}" msg: "Do not schedule more pods on a node than inet addresses are available." ignore_errors: "{{ ignore_assert_errors }}" when: @@ -115,3 +115,15 @@ that: inventory_hostname | match("[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$") msg: "Hostname must consist of lower case alphanumeric characters, '.' or '-', and must start and end with an alphanumeric character" ignore_errors: "{{ ignore_assert_errors }}" + +- name: check cloud_provider value + assert: + that: cloud_provider in ['generic', 'gce', 'aws', 'azure', 'openstack', 'vsphere', 'oci', 'external'] + msg: "If set the 'cloud_provider' var must be set either to 'generic', 'gce', 'aws', 'azure', 'openstack', 'vsphere', or external" + when: + - cloud_provider is defined + + ignore_errors: "{{ ignore_assert_errors }}" + tags: + - cloud-provider + - facts diff --git a/roles/kubernetes/preinstall/tasks/pre_upgrade.yml b/roles/kubernetes/preinstall/tasks/0030-pre_upgrade.yml similarity index 100% rename from roles/kubernetes/preinstall/tasks/pre_upgrade.yml rename to roles/kubernetes/preinstall/tasks/0030-pre_upgrade.yml diff --git a/roles/kubernetes/preinstall/tasks/set_resolv_facts.yml b/roles/kubernetes/preinstall/tasks/0040-set_facts.yml similarity index 75% rename from roles/kubernetes/preinstall/tasks/set_resolv_facts.yml rename to roles/kubernetes/preinstall/tasks/0040-set_facts.yml index 4e535fb0f..1fddb7de5 100644 --- a/roles/kubernetes/preinstall/tasks/set_resolv_facts.yml +++ b/roles/kubernetes/preinstall/tasks/0040-set_facts.yml @@ -1,4 +1,37 @@ --- +- set_fact: + architecture_groups: + x86_64: amd64 + aarch64: arm64 + +- name: ansible_architecture_rename + set_fact: + host_architecture: >- + {%- if ansible_architecture in architecture_groups -%} + {{architecture_groups[ansible_architecture]}} + {%- else -%} + {{ansible_architecture}} + {% endif %} + +- name: Force binaries directory for Container Linux by CoreOS + set_fact: + bin_dir: "/opt/bin" + when: ansible_os_family in ["CoreOS", "Container Linux by CoreOS"] + tags: + - facts + +- name: check if atomic host + stat: + path: /run/ostree-booted + register: ostree + +- set_fact: + is_atomic: "{{ ostree.stat.exists }}" + +- set_fact: + kube_cert_group: "kube" + when: is_atomic + - name: check resolvconf shell: which resolvconf register: resolvconf @@ -111,3 +144,17 @@ nameserver {{( dnsmasq_server + nameservers|d([]) + cloud_resolver|d([])) | join(',nameserver ')}} supersede_nameserver: supersede domain-name-servers {{( dnsmasq_server + nameservers|d([]) + cloud_resolver|d([])) | join(', ') }}; + +- name: gather os specific variables + include_vars: "{{ item }}" + with_first_found: + - files: + - "{{ ansible_distribution|lower }}-{{ ansible_distribution_version|lower|replace('/', '_') }}.yml" + - "{{ ansible_distribution|lower }}-{{ ansible_distribution_release }}.yml" + - "{{ ansible_distribution|lower }}-{{ ansible_distribution_major_version|lower|replace('/', '_') }}.yml" + - "{{ ansible_distribution|lower }}.yml" + - "{{ ansible_os_family|lower }}.yml" + - defaults.yml + paths: + - ../vars + skip: true diff --git a/roles/kubernetes/preinstall/tasks/0050-create_directories.yml b/roles/kubernetes/preinstall/tasks/0050-create_directories.yml new file mode 100644 index 000000000..a91f81eb0 --- /dev/null +++ b/roles/kubernetes/preinstall/tasks/0050-create_directories.yml @@ -0,0 +1,58 @@ +- name: Create kubernetes directories + file: + path: "{{ item }}" + state: directory + owner: kube + when: inventory_hostname in groups['k8s-cluster'] + become: true + tags: + - kubelet + - k8s-secrets + - kube-controller-manager + - kube-apiserver + - bootstrap-os + - apps + - network + - master + - node + with_items: + - "{{bin_dir}}" + - "{{ kube_config_dir }}" + - "{{ kube_config_dir }}/ssl" + - "{{ kube_manifest_dir }}" + - "{{ kube_script_dir }}" + +- name: Create cni directories + file: + path: "{{ item }}" + state: directory + owner: kube + with_items: + - "/etc/cni/net.d" + - "/opt/cni/bin" + - "/var/lib/calico" + when: + - kube_network_plugin in ["calico", "weave", "canal", "flannel", "contiv", "cilium"] + - inventory_hostname in groups['k8s-cluster'] + tags: + - network + - cilium + - calico + - weave + - canal + - contiv + - bootstrap-os + +- name: Create local volume provisioner directories + file: + path: "{{ item }}" + state: directory + owner: kube + with_items: + - "{{ local_volume_provisioner_base_dir }}" + - "{{ local_volume_provisioner_mount_dir }}" + when: + - inventory_hostname in groups['k8s-cluster'] + - local_volume_provisioner_enabled + tags: + - persistent_volumes diff --git a/roles/kubernetes/preinstall/tasks/resolvconf.yml b/roles/kubernetes/preinstall/tasks/0060-resolvconf.yml similarity index 100% rename from roles/kubernetes/preinstall/tasks/resolvconf.yml rename to roles/kubernetes/preinstall/tasks/0060-resolvconf.yml diff --git a/roles/kubernetes/preinstall/tasks/0070-system-packages.yml b/roles/kubernetes/preinstall/tasks/0070-system-packages.yml new file mode 100644 index 000000000..2df3a0025 --- /dev/null +++ b/roles/kubernetes/preinstall/tasks/0070-system-packages.yml @@ -0,0 +1,94 @@ +- name: Update package management cache (YUM) + yum: + update_cache: yes + name: '*' + register: yum_task_result + until: yum_task_result|succeeded + retries: 4 + delay: "{{ retry_stagger | random + 3 }}" + when: + - ansible_pkg_mgr == 'yum' + - ansible_distribution != 'RedHat' + - not is_atomic + +- name: Expire management cache (YUM) for Updation - Redhat + shell: yum clean expire-cache + register: expire_cache_output + until: expire_cache_output|succeeded + retries: 4 + delay: "{{ retry_stagger | random + 3 }}" + when: + - ansible_pkg_mgr == 'yum' + - ansible_distribution == 'RedHat' + - not is_atomic + tags: bootstrap-os + +- name: Update package management cache (YUM) - Redhat + shell: yum makecache + register: make_cache_output + until: make_cache_output|succeeded + retries: 4 + delay: "{{ retry_stagger | random + 3 }}" + when: + - ansible_pkg_mgr == 'yum' + - ansible_distribution == 'RedHat' + - expire_cache_output.rc == 0 + - not is_atomic + tags: bootstrap-os + +- name: Update package management cache (zypper) - SUSE + shell: zypper -n --gpg-auto-import-keys ref + register: make_cache_output + until: make_cache_output|succeeded + retries: 4 + delay: "{{ retry_stagger | random + 3 }}" + when: + - ansible_pkg_mgr == 'zypper' + tags: bootstrap-os + +- name: Update package management cache (APT) + apt: + update_cache: yes + cache_valid_time: 3600 + when: ansible_os_family == "Debian" + tags: + - bootstrap-os + +- name: Install python-dnf for latest RedHat versions + command: dnf install -y python-dnf yum + register: dnf_task_result + until: dnf_task_result|succeeded + retries: 4 + delay: "{{ retry_stagger | random + 3 }}" + when: + - ansible_distribution == "Fedora" + - ansible_distribution_major_version|int > 21 + - not is_atomic + changed_when: False + tags: + - bootstrap-os + +- name: Install epel-release on RedHat/CentOS + yum: + name: epel-release + state: present + when: + - ansible_distribution in ["CentOS","RedHat"] + - not is_atomic + - epel_enabled|bool + tags: + - bootstrap-os + +- name: Install packages requirements + action: + module: "{{ ansible_pkg_mgr }}" + name: "{{ item }}" + state: latest + register: pkgs_task_result + until: pkgs_task_result|succeeded + retries: 4 + delay: "{{ retry_stagger | random + 3 }}" + with_items: "{{required_pkgs | default([]) | union(common_required_pkgs|default([]))}}" + when: not (ansible_os_family in ["CoreOS", "Container Linux by CoreOS"] or is_atomic) + tags: + - bootstrap-os diff --git a/roles/kubernetes/preinstall/tasks/0080-system-configurations.yml b/roles/kubernetes/preinstall/tasks/0080-system-configurations.yml new file mode 100644 index 000000000..76944cb61 --- /dev/null +++ b/roles/kubernetes/preinstall/tasks/0080-system-configurations.yml @@ -0,0 +1,53 @@ +# Todo : selinux configuration +- name: Confirm selinux deployed + stat: + path: /etc/selinux/config + when: ansible_os_family == "RedHat" + register: slc + +- name: Set selinux policy + selinux: + policy: targeted + state: "{{ preinstall_selinux_state }}" + when: + - ansible_os_family == "RedHat" + - slc.stat.exists == True + changed_when: False + tags: + - bootstrap-os + +- name: Disable IPv6 DNS lookup + lineinfile: + dest: /etc/gai.conf + line: "precedence ::ffff:0:0/96 100" + state: present + backup: yes + when: + - disable_ipv6_dns + - not ansible_os_family in ["CoreOS", "Container Linux by CoreOS"] + tags: + - bootstrap-os + +- name: Stat sysctl file configuration + stat: + path: "{{sysctl_file_path}}" + register: sysctl_file_stat + tags: + - bootstrap-os + +- name: Change sysctl file path to link source if linked + set_fact: + sysctl_file_path: "{{sysctl_file_stat.stat.lnk_source}}" + when: + - sysctl_file_stat.stat.islnk is defined + - sysctl_file_stat.stat.islnk + tags: + - bootstrap-os + +- name: Enable ip forwarding + sysctl: + sysctl_file: "{{sysctl_file_path}}" + name: net.ipv4.ip_forward + value: 1 + state: present + reload: yes diff --git a/roles/kubernetes/preinstall/tasks/etchosts.yml b/roles/kubernetes/preinstall/tasks/0090-etchosts.yml similarity index 100% rename from roles/kubernetes/preinstall/tasks/etchosts.yml rename to roles/kubernetes/preinstall/tasks/0090-etchosts.yml diff --git a/roles/kubernetes/preinstall/tasks/dhclient-hooks.yml b/roles/kubernetes/preinstall/tasks/0100-dhclient-hooks.yml similarity index 100% rename from roles/kubernetes/preinstall/tasks/dhclient-hooks.yml rename to roles/kubernetes/preinstall/tasks/0100-dhclient-hooks.yml diff --git a/roles/kubernetes/preinstall/tasks/dhclient-hooks-undo.yml b/roles/kubernetes/preinstall/tasks/0110-dhclient-hooks-undo.yml similarity index 100% rename from roles/kubernetes/preinstall/tasks/dhclient-hooks-undo.yml rename to roles/kubernetes/preinstall/tasks/0110-dhclient-hooks-undo.yml diff --git a/roles/kubernetes/preinstall/tasks/growpart-azure-centos-7.yml b/roles/kubernetes/preinstall/tasks/0120-growpart-azure-centos-7.yml similarity index 100% rename from roles/kubernetes/preinstall/tasks/growpart-azure-centos-7.yml rename to roles/kubernetes/preinstall/tasks/0120-growpart-azure-centos-7.yml diff --git a/roles/kubernetes/preinstall/tasks/main.yml b/roles/kubernetes/preinstall/tasks/main.yml index 505a6f829..d749a941f 100644 --- a/roles/kubernetes/preinstall/tasks/main.yml +++ b/roles/kubernetes/preinstall/tasks/main.yml @@ -1,122 +1,26 @@ --- # Disable swap -- import_tasks: swapoff.yml +- import_tasks: 0010-swapoff.yml when: disable_swap -- import_tasks: verify-settings.yml +- import_tasks: 0020-verify-settings.yml tags: - asserts # This is run before bin_dir is pinned because these tasks are run on localhost -- import_tasks: pre_upgrade.yml +- import_tasks: 0030-pre_upgrade.yml run_once: true tags: - upgrade -- name: Force binaries directory for Container Linux by CoreOS - set_fact: - bin_dir: "/opt/bin" - when: ansible_os_family in ["CoreOS", "Container Linux by CoreOS"] +- import_tasks: 0040-set_facts.yml tags: + - resolvconf - facts -- name: check bin dir exists - file: - path: "{{bin_dir}}" - state: directory - owner: root - become: true - tags: - - bootstrap-os +- import_tasks: 0050-create_directories.yml -- import_tasks: set_facts.yml - tags: - - facts - -- name: gather os specific variables - include_vars: "{{ item }}" - with_first_found: - - files: - - "{{ ansible_distribution|lower }}-{{ ansible_distribution_version|lower|replace('/', '_') }}.yml" - - "{{ ansible_distribution|lower }}-{{ ansible_distribution_release }}.yml" - - "{{ ansible_distribution|lower }}-{{ ansible_distribution_major_version|lower|replace('/', '_') }}.yml" - - "{{ ansible_distribution|lower }}.yml" - - "{{ ansible_os_family|lower }}.yml" - - defaults.yml - paths: - - ../vars - skip: true - tags: - - facts - -- name: Create kubernetes directories - file: - path: "{{ item }}" - state: directory - owner: kube - when: inventory_hostname in groups['k8s-cluster'] - tags: - - kubelet - - k8s-secrets - - kube-controller-manager - - kube-apiserver - - bootstrap-os - - apps - - network - - master - - node - with_items: - - "{{ kube_config_dir }}" - - "{{ kube_config_dir }}/ssl" - - "{{ kube_manifest_dir }}" - - "{{ kube_script_dir }}" - -- name: check cloud_provider value - fail: - msg: "If set the 'cloud_provider' var must be set either to 'generic', 'gce', 'aws', 'azure', 'openstack', 'vsphere', 'oci', or external" - when: - - cloud_provider is defined - - cloud_provider not in ['generic', 'gce', 'aws', 'azure', 'openstack', 'vsphere', 'oci', 'external'] - tags: - - cloud-provider - - facts - -- name: Create cni directories - file: - path: "{{ item }}" - state: directory - owner: kube - with_items: - - "/etc/cni/net.d" - - "/opt/cni/bin" - - "/var/lib/calico" - when: - - kube_network_plugin in ["calico", "weave", "canal", "flannel", "contiv", "cilium"] - - inventory_hostname in groups['k8s-cluster'] - tags: - - network - - cilium - - calico - - weave - - canal - - contiv - - bootstrap-os - -- name: Create local volume provisioner directories - file: - path: "{{ item }}" - state: directory - owner: kube - with_items: - - "{{ local_volume_provisioner_base_dir }}" - - "{{ local_volume_provisioner_mount_dir }}" - when: - - inventory_hostname in groups['k8s-cluster'] - - local_volume_provisioner_enabled - tags: - - persistent_volumes - -- import_tasks: resolvconf.yml +- import_tasks: 0060-resolvconf.yml when: - dns_mode != 'none' - resolvconf_mode == 'host_resolvconf' @@ -124,164 +28,20 @@ - bootstrap-os - resolvconf -- name: Update package management cache (YUM) - yum: - update_cache: yes - name: '*' - register: yum_task_result - until: yum_task_result|succeeded - retries: 4 - delay: "{{ retry_stagger | random + 3 }}" - when: - - ansible_pkg_mgr == 'yum' - - ansible_distribution != 'RedHat' - - not is_atomic - tags: bootstrap-os - -- name: Expire management cache (YUM) for Updation - Redhat - shell: yum clean expire-cache - register: expire_cache_output - until: expire_cache_output|succeeded - retries: 4 - delay: "{{ retry_stagger | random + 3 }}" - when: - - ansible_pkg_mgr == 'yum' - - ansible_distribution == 'RedHat' - - not is_atomic - tags: bootstrap-os - -- name: Update package management cache (YUM) - Redhat - shell: yum makecache - register: make_cache_output - until: make_cache_output|succeeded - retries: 4 - delay: "{{ retry_stagger | random + 3 }}" - when: - - ansible_pkg_mgr == 'yum' - - ansible_distribution == 'RedHat' - - expire_cache_output.rc == 0 - - not is_atomic - tags: bootstrap-os - -- name: Update package management cache (zypper) - SUSE - shell: zypper -n --gpg-auto-import-keys ref - register: make_cache_output - until: make_cache_output|succeeded - retries: 4 - delay: "{{ retry_stagger | random + 3 }}" - when: - - ansible_pkg_mgr == 'zypper' - tags: bootstrap-os - -- name: Update package management cache (APT) - apt: - update_cache: yes - cache_valid_time: 3600 - when: ansible_os_family == "Debian" +- import_tasks: 0070-system-packages.yml tags: - bootstrap-os -- name: Install python-dnf for latest RedHat versions - command: dnf install -y python-dnf yum - register: dnf_task_result - until: dnf_task_result|succeeded - retries: 4 - delay: "{{ retry_stagger | random + 3 }}" - when: - - ansible_distribution == "Fedora" - - ansible_distribution_major_version|int > 21 - - not is_atomic - changed_when: False +- import_tasks: 0080-system-configurations.yml tags: - bootstrap-os -- name: Install epel-release on RedHat/CentOS - yum: - name: epel-release - state: present - when: - - ansible_distribution in ["CentOS","RedHat"] - - not is_atomic - - epel_enabled|bool - tags: - - bootstrap-os - -- name: Install packages requirements - action: - module: "{{ ansible_pkg_mgr }}" - name: "{{ item }}" - state: latest - register: pkgs_task_result - until: pkgs_task_result|succeeded - retries: 4 - delay: "{{ retry_stagger | random + 3 }}" - with_items: "{{required_pkgs | default([]) | union(common_required_pkgs|default([]))}}" - when: not (ansible_os_family in ["CoreOS", "Container Linux by CoreOS"] or is_atomic) - tags: - - bootstrap-os - -# Todo : selinux configuration -- name: Confirm selinux deployed - stat: - path: /etc/selinux/config - when: ansible_os_family == "RedHat" - register: slc - -- name: Set selinux policy - selinux: - policy: targeted - state: "{{ preinstall_selinux_state }}" - when: - - ansible_os_family == "RedHat" - - slc.stat.exists == True - changed_when: False - tags: - - bootstrap-os - -- name: Disable IPv6 DNS lookup - lineinfile: - dest: /etc/gai.conf - line: "precedence ::ffff:0:0/96 100" - state: present - backup: yes - when: - - disable_ipv6_dns - - not ansible_os_family in ["CoreOS", "Container Linux by CoreOS"] - tags: - - bootstrap-os - -- name: Stat sysctl file configuration - stat: - path: "{{sysctl_file_path}}" - register: sysctl_file_stat - tags: - - bootstrap-os - -- name: Change sysctl file path to link source if linked - set_fact: - sysctl_file_path: "{{sysctl_file_stat.stat.lnk_source}}" - when: - - sysctl_file_stat.stat.islnk is defined - - sysctl_file_stat.stat.islnk - tags: - - bootstrap-os - -- name: Enable ip forwarding - sysctl: - sysctl_file: "{{sysctl_file_path}}" - name: net.ipv4.ip_forward - value: 1 - state: present - reload: yes - tags: - - bootstrap-os - -- import_tasks: etchosts.yml +- import_tasks: 0090-etchosts.yml tags: - bootstrap-os - etchosts -- import_tasks: dhclient-hooks.yml +- import_tasks: 0100-dhclient-hooks.yml when: - dns_mode != 'none' - resolvconf_mode == 'host_resolvconf' @@ -290,7 +50,7 @@ - bootstrap-os - resolvconf -- import_tasks: dhclient-hooks-undo.yml +- import_tasks: 0110-dhclient-hooks-undo.yml when: - dns_mode != 'none' - resolvconf_mode != 'host_resolvconf' @@ -306,7 +66,7 @@ tags: - bootstrap-os -- import_tasks: growpart-azure-centos-7.yml +- import_tasks: 0120-growpart-azure-centos-7.yml when: - azure_check.stat.exists - ansible_distribution in ["CentOS","RedHat"] diff --git a/roles/kubernetes/preinstall/tasks/set_facts.yml b/roles/kubernetes/preinstall/tasks/set_facts.yml deleted file mode 100644 index a514aa079..000000000 --- a/roles/kubernetes/preinstall/tasks/set_facts.yml +++ /dev/null @@ -1,17 +0,0 @@ ---- -- name: check if atomic host - stat: - path: /run/ostree-booted - register: ostree - -- set_fact: - is_atomic: "{{ ostree.stat.exists }}" - -- set_fact: - kube_cert_group: "kube" - when: is_atomic - -- import_tasks: set_resolv_facts.yml - tags: - - resolvconf - - facts diff --git a/roles/network_plugin/calico/tasks/check.yml b/roles/network_plugin/calico/tasks/check.yml index 4eca9cc65..cfacf12a1 100644 --- a/roles/network_plugin/calico/tasks/check.yml +++ b/roles/network_plugin/calico/tasks/check.yml @@ -34,4 +34,4 @@ - 'calico_version_on_server.stdout is defined' - 'calico_version_on_server.stdout != ""' - inventory_hostname == groups['kube-master'][0] - run_once: yes \ No newline at end of file + run_once: yes diff --git a/roles/vault/defaults/main.yml b/roles/vault/defaults/main.yml index 1051ca8d6..1d05cfefc 100644 --- a/roles/vault/defaults/main.yml +++ b/roles/vault/defaults/main.yml @@ -24,7 +24,7 @@ vault_binary_checksum: 66f0f1b0b221d664dd5913f8697409d7401df4bb2a19c7277e8fbad15 vault_download_url: "https://releases.hashicorp.com/vault/{{ vault_version }}/vault_{{ vault_version }}_linux_{{ image_arch }}.zip" # Arch of Docker images and needed packages -image_arch: amd64 +image_arch: "{{host_architecture}}" vault_download_vars: container: "{{ vault_deployment_type != 'host' }}"