diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 6a1eef6ab..e03e64017 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -308,6 +308,10 @@ before_script: # stage: deploy-special MOVED_TO_GROUP_VARS: "true" +.opensuse_canal_variables: &opensuse_canal_variables +# stage: deploy-part2 + MOVED_TO_GROUP_VARS: "true" + # Builds for PRs only (premoderated by unit-tests step) and triggers (auto) ### PR JOBS PART1 @@ -589,6 +593,17 @@ gce_centos7-calico-ha-triggers: when: on_success only: ['triggers'] +gce_opensuse-canal: + stage: deploy-part2 + <<: *job + <<: *gce + variables: + <<: *gce_variables + <<: *opensuse_canal_variables + when: manual + except: ['triggers'] + only: ['master', /^pr-.*$/] + # no triggers yet https://github.com/kubernetes-incubator/kargo/issues/613 gce_coreos-alpha-weave-ha: stage: deploy-special diff --git a/README.md b/README.md index 9ceb241c0..094c36bb6 100644 --- a/README.md +++ b/README.md @@ -52,6 +52,7 @@ Documents - [Vagrant install](docs/vagrant.md) - [CoreOS bootstrap](docs/coreos.md) - [Debian Jessie setup](docs/debian.md) +- [openSUSE setup](docs/opensuse.md) - [Downloaded artifacts](docs/downloads.md) - [Cloud providers](docs/cloud.md) - [OpenStack](docs/openstack.md) @@ -70,6 +71,7 @@ Supported Linux Distributions - **Ubuntu** 16.04 - **CentOS/RHEL** 7 - **Fedora/CentOS** Atomic +- **openSUSE** Leap 42.3/Tumbleweed Note: Upstart/SysV init based OS types are not supported. diff --git a/Vagrantfile b/Vagrantfile index 536bbff2b..cf174ef77 100644 --- a/Vagrantfile +++ b/Vagrantfile @@ -18,6 +18,8 @@ SUPPORTED_OS = { "coreos-beta" => {box: "coreos-beta", bootstrap_os: "coreos", user: "core", box_url: COREOS_URL_TEMPLATE % ["beta"]}, "ubuntu" => {box: "bento/ubuntu-16.04", bootstrap_os: "ubuntu", user: "vagrant"}, "centos" => {box: "centos/7", bootstrap_os: "centos", user: "vagrant"}, + "opensuse" => {box: "opensuse/openSUSE-42.3-x86_64", bootstrap_os: "opensuse", use: "vagrant"}, + "opensuse-tumbleweed" => {box: "opensuse/openSUSE-Tumbleweed-x86_64", bootstrap_os: "opensuse", use: "vagrant"}, } # Defaults for config options defined in CONFIG @@ -84,7 +86,6 @@ Vagrant.configure("2") do |config| if Vagrant.has_plugin?("vagrant-vbguest") then config.vbguest.auto_update = false end - (1..$num_instances).each do |i| config.vm.define vm_name = "%s-%02d" % [$instance_name_prefix, i] do |config| config.vm.hostname = vm_name @@ -110,8 +111,10 @@ Vagrant.configure("2") do |config| end end + config.vm.synced_folder ".", "/vagrant", type: "rsync", rsync__args: ['--verbose', '--archive', '--delete', '-z'] + $shared_folders.each do |src, dst| - config.vm.synced_folder src, dst + config.vm.synced_folder src, dst, type: "rsync", rsync__args: ['--verbose', '--archive', '--delete', '-z'] end config.vm.provider :virtualbox do |vb| diff --git a/docs/opensuse.md b/docs/opensuse.md new file mode 100644 index 000000000..88fac3790 --- /dev/null +++ b/docs/opensuse.md @@ -0,0 +1,19 @@ +openSUSE Leap 42.3 and Tumbleweed +=============== + +openSUSE Leap installation Notes: + +- Install Ansible + + ``` + sudo zypper ref + sudo zypper -n install ansible + + ``` + +- Install Jinja2 and Python-Netaddr + + ```sudo zypper -n install python-Jinja2 python-netaddr``` + + +Now you can continue with [Preparing your deployment](getting-started.md#starting-custom-deployment) diff --git a/roles/bootstrap-os/tasks/bootstrap-opensuse.yml b/roles/bootstrap-os/tasks/bootstrap-opensuse.yml new file mode 100644 index 000000000..abedd2195 --- /dev/null +++ b/roles/bootstrap-os/tasks/bootstrap-opensuse.yml @@ -0,0 +1,7 @@ +--- +- name: Install required packages (SUSE) + package: + name: "{{ item }}" + state: present + with_items: + - python-cryptography diff --git a/roles/bootstrap-os/tasks/main.yml b/roles/bootstrap-os/tasks/main.yml index 01031deeb..c921b643e 100644 --- a/roles/bootstrap-os/tasks/main.yml +++ b/roles/bootstrap-os/tasks/main.yml @@ -11,6 +11,9 @@ - import_tasks: bootstrap-centos.yml when: bootstrap_os == "centos" +- import_tasks: bootstrap-opensuse.yml + when: bootstrap_os == "opensuse" + - import_tasks: setup-pipelining.yml - name: check if atomic host @@ -26,18 +29,25 @@ gather_subset: '!all' filter: ansible_* -- name: Assign inventory name to unconfigured hostnames (non-CoreOS) +- name: Assign inventory name to unconfigured hostnames (non-CoreOS and Tumbleweed) hostname: name: "{{inventory_hostname}}" - when: ansible_os_family not in ['CoreOS', 'Container Linux by CoreOS'] and override_system_hostname + when: + - override_system_hostname + - ansible_distribution not in ['openSUSE Tumbleweed'] + - ansible_os_family not in ['CoreOS', 'Container Linux by CoreOS'] -- name: Assign inventory name to unconfigured hostnames (CoreOS only) +- name: Assign inventory name to unconfigured hostnames (CoreOS and Tumbleweed only) command: "hostnamectl set-hostname {{inventory_hostname}}" register: hostname_changed - when: ansible_hostname == 'localhost' and ansible_os_family in ['CoreOS', 'Container Linux by CoreOS'] and override_system_hostname + when: + - ansible_hostname == 'localhost' + - ansible_distribution in ['openSUSE Tumbleweed'] or ansible_os_family in ['CoreOS', 'Container Linux by CoreOS'] + - override_system_hostname -- name: Update hostname fact (CoreOS only) +- name: Update hostname fact (CoreOS and Tumbleweed only) setup: gather_subset: '!all' filter: ansible_hostname - when: ansible_os_family in ['CoreOS', 'Container Linux by CoreOS'] and hostname_changed.changed + when: + - hostname_changed.changed diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml index 729397b44..3668f61b8 100644 --- a/roles/docker/tasks/main.yml +++ b/roles/docker/tasks/main.yml @@ -15,6 +15,14 @@ tags: - facts +# https://yum.dockerproject.org/repo/main/opensuse/ contains packages for an EOL +# openSUSE version so we can't use it. The only alternative is to use the docker +# packages from the distribution repositories. +- name: Warn about Docker version on SUSE + debug: + msg: "SUSE distributions always install Docker from the distro repos" + when: ansible_pkg_mgr == 'zypper' + - include_tasks: set_facts_dns.yml when: dns_mode != 'none' and resolvconf_mode == 'docker_dns' tags: @@ -43,7 +51,7 @@ retries: 4 delay: "{{ retry_stagger | random + 3 }}" with_items: "{{ docker_repo_key_info.repo_keys }}" - when: not (ansible_os_family in ["CoreOS", "Container Linux by CoreOS", "RedHat"] or is_atomic) + when: not (ansible_os_family in ["CoreOS", "Container Linux by CoreOS", "RedHat", "Suse"] or is_atomic) - name: ensure docker-ce repository is enabled action: "{{ docker_repo_info.pkg_repo }}" @@ -51,7 +59,7 @@ repo: "{{item}}" state: present with_items: "{{ docker_repo_info.repos }}" - when: not (ansible_os_family in ["CoreOS", "Container Linux by CoreOS", "RedHat"] or is_atomic) and (docker_repo_info.repos|length > 0) + when: not (ansible_os_family in ["CoreOS", "Container Linux by CoreOS", "RedHat", "Suse"] or is_atomic) and (docker_repo_info.repos|length > 0) - name: ensure docker-engine repository public key is installed action: "{{ dockerproject_repo_key_info.pkg_key }}" @@ -64,7 +72,7 @@ retries: 4 delay: "{{ retry_stagger | random + 3 }}" with_items: "{{ dockerproject_repo_key_info.repo_keys }}" - when: not (ansible_os_family in ["CoreOS", "Container Linux by CoreOS", "RedHat"] or is_atomic) + when: not (ansible_os_family in ["CoreOS", "Container Linux by CoreOS", "RedHat", "Suse"] or is_atomic) - name: ensure docker-engine repository is enabled action: "{{ dockerproject_repo_info.pkg_repo }}" @@ -72,7 +80,7 @@ repo: "{{item}}" state: present with_items: "{{ dockerproject_repo_info.repos }}" - when: not (ansible_os_family in ["CoreOS", "Container Linux by CoreOS", "RedHat"] or is_atomic) and (dockerproject_repo_info.repos|length > 0) + when: not (ansible_os_family in ["CoreOS", "Container Linux by CoreOS", "RedHat", "Suse"] or is_atomic) and (dockerproject_repo_info.repos|length > 0) - name: Configure docker repository on RedHat/CentOS template: @@ -110,6 +118,12 @@ notify: restart docker when: not (ansible_os_family in ["CoreOS", "Container Linux by CoreOS"] or is_atomic) and (docker_package_info.pkgs|length > 0) +- name: ensure service is started if docker packages are already present + service: + name: docker + state: started + when: docker_task_result is not changed + - name: flush handlers so we can wait for docker to come up meta: flush_handlers diff --git a/roles/docker/templates/docker.service.j2 b/roles/docker/templates/docker.service.j2 index d8efe2025..8dc82bbb2 100644 --- a/roles/docker/templates/docker.service.j2 +++ b/roles/docker/templates/docker.service.j2 @@ -7,6 +7,9 @@ Wants=docker-storage-setup.service {% elif ansible_os_family == "Debian" %} After=network.target docker.socket Wants=docker.socket +{% elif ansible_os_family == "Suse" %} +After=network.target containerd.socket containerd.service +Requires=containerd.socket containerd.service {% endif %} [Service] @@ -19,6 +22,9 @@ ExecReload=/bin/kill -s HUP $MAINPID Delegate=yes KillMode=process ExecStart={{ docker_bin_dir }}/docker{% if installed_docker_version.stdout|version_compare('17.03', '<') %} daemon{% else %}d{% endif %} \ +{% if ansible_os_family == "Suse" %} + --containerd /run/containerd/containerd.sock --add-runtime oci=/usr/bin/docker-runc \ +{% endif %} $DOCKER_OPTS \ $DOCKER_STORAGE_OPTIONS \ $DOCKER_NETWORK_OPTIONS \ diff --git a/roles/docker/vars/suse.yml b/roles/docker/vars/suse.yml new file mode 100644 index 000000000..d89a50a7f --- /dev/null +++ b/roles/docker/vars/suse.yml @@ -0,0 +1,15 @@ +--- +docker_kernel_min_version: '0' + +docker_package_info: + pkg_mgr: zypper + pkgs: + - name: docker + +docker_repo_key_info: + pkg_key: '' + repo_keys: [] + +docker_repo_info: + pkg_repo: '' + repos: [] diff --git a/roles/etcd/tasks/upd_ca_trust.yml b/roles/etcd/tasks/upd_ca_trust.yml index dd36554fb..0ff363860 100644 --- a/roles/etcd/tasks/upd_ca_trust.yml +++ b/roles/etcd/tasks/upd_ca_trust.yml @@ -8,6 +8,8 @@ /etc/pki/ca-trust/source/anchors/etcd-ca.crt {%- elif ansible_os_family in ["CoreOS", "Container Linux by CoreOS"] -%} /etc/ssl/certs/etcd-ca.pem + {%- elif ansible_os_family == "Suse" -%} + /etc/pki/trust/anchors/etcd-ca.pem {%- endif %} tags: - facts @@ -19,9 +21,9 @@ remote_src: true register: etcd_ca_cert -- name: Gen_certs | update ca-certificates (Debian/Ubuntu/Container Linux by CoreOS) +- name: Gen_certs | update ca-certificates (Debian/Ubuntu/SUSE/Container Linux by CoreOS) command: update-ca-certificates - when: etcd_ca_cert.changed and ansible_os_family in ["Debian", "CoreOS", "Container Linux by CoreOS"] + when: etcd_ca_cert.changed and ansible_os_family in ["Debian", "CoreOS", "Container Linux by CoreOS", "Suse"] - name: Gen_certs | update ca-certificates (RedHat) command: update-ca-trust extract diff --git a/roles/kubernetes/preinstall/defaults/main.yml b/roles/kubernetes/preinstall/defaults/main.yml index 149cbb42a..3bf847fb9 100644 --- a/roles/kubernetes/preinstall/defaults/main.yml +++ b/roles/kubernetes/preinstall/defaults/main.yml @@ -8,7 +8,7 @@ epel_enabled: false common_required_pkgs: - python-httplib2 - - openssl + - "{{ (ansible_distribution == 'openSUSE Tumbleweed') | ternary('openssl-1_1_0', 'openssl') }}" - curl - rsync - bash-completion diff --git a/roles/kubernetes/preinstall/tasks/main.yml b/roles/kubernetes/preinstall/tasks/main.yml index 652e35682..cd5dd7acd 100644 --- a/roles/kubernetes/preinstall/tasks/main.yml +++ b/roles/kubernetes/preinstall/tasks/main.yml @@ -143,6 +143,15 @@ - not is_atomic tags: bootstrap-os +- name: Update package management cache (zypper) - SUSE + shell: zypper -n --gpg-auto-import-keys ref + register: make_cache_output + until: make_cache_output|succeeded + retries: 4 + delay: "{{ retry_stagger | random + 3 }}" + when: + - ansible_pkg_mgr == 'zypper' + tags: bootstrap-os - name: Update package management cache (APT) apt: diff --git a/roles/kubernetes/preinstall/tasks/verify-settings.yml b/roles/kubernetes/preinstall/tasks/verify-settings.yml index 8f0a2e854..5f647101d 100644 --- a/roles/kubernetes/preinstall/tasks/verify-settings.yml +++ b/roles/kubernetes/preinstall/tasks/verify-settings.yml @@ -12,7 +12,7 @@ - name: Stop if unknown OS assert: - that: ansible_distribution in ['RedHat', 'CentOS', 'Fedora', 'Ubuntu', 'Debian', 'CoreOS', 'Container Linux by CoreOS'] + that: ansible_distribution in ['RedHat', 'CentOS', 'Fedora', 'Ubuntu', 'Debian', 'CoreOS', 'Container Linux by CoreOS', 'openSUSE Leap', 'openSUSE Tumbleweed'] ignore_errors: "{{ ignore_assert_errors }}" - name: Stop if unknown network plugin @@ -94,4 +94,4 @@ assert: that: ansible_kernel.split('-')[0]|version_compare('4.8', '>=') when: kube_network_plugin == 'cilium' - ignore_errors: "{{ ignore_assert_errors }}" \ No newline at end of file + ignore_errors: "{{ ignore_assert_errors }}" diff --git a/roles/kubernetes/preinstall/vars/suse.yml b/roles/kubernetes/preinstall/vars/suse.yml new file mode 100644 index 000000000..3f4f9aee9 --- /dev/null +++ b/roles/kubernetes/preinstall/vars/suse.yml @@ -0,0 +1,4 @@ +--- +required_pkgs: + - device-mapper + - ebtables diff --git a/roles/kubernetes/secrets/tasks/upd_ca_trust.yml b/roles/kubernetes/secrets/tasks/upd_ca_trust.yml index eec44987f..cdd5f48fa 100644 --- a/roles/kubernetes/secrets/tasks/upd_ca_trust.yml +++ b/roles/kubernetes/secrets/tasks/upd_ca_trust.yml @@ -8,6 +8,8 @@ /etc/pki/ca-trust/source/anchors/kube-ca.crt {%- elif ansible_os_family in ["CoreOS", "Container Linux by CoreOS"] -%} /etc/ssl/certs/kube-ca.pem + {%- elif ansible_os_family == "Suse" -%} + /etc/pki/trust/anchors/kube-ca.pem {%- endif %} tags: - facts @@ -19,9 +21,9 @@ remote_src: true register: kube_ca_cert -- name: Gen_certs | update ca-certificates (Debian/Ubuntu/Container Linux by CoreOS) +- name: Gen_certs | update ca-certificates (Debian/Ubuntu/SUSE/Container Linux by CoreOS) command: update-ca-certificates - when: kube_ca_cert.changed and ansible_os_family in ["Debian", "CoreOS", "Container Linux by CoreOS"] + when: kube_ca_cert.changed and ansible_os_family in ["Debian", "CoreOS", "Container Linux by CoreOS", "Suse"] - name: Gen_certs | update ca-certificates (RedHat) command: update-ca-trust extract diff --git a/roles/rkt/tasks/install.yml b/roles/rkt/tasks/install.yml index 599f9e50e..cbaaf4085 100644 --- a/roles/rkt/tasks/install.yml +++ b/roles/rkt/tasks/install.yml @@ -15,22 +15,11 @@ tags: - facts -- name: install rkt pkg on ubuntu - apt: - deb: "{{ rkt_download_url }}/{{ rkt_pkg_name }}" +- name: install rkt pkg + package: + name: "{{ rkt_download_url }}/{{ rkt_pkg_name }}" state: present register: rkt_task_result until: rkt_task_result|succeeded retries: 4 delay: "{{ retry_stagger | random + 3 }}" - when: ansible_os_family == "Debian" - -- name: install rkt pkg on centos - yum: - pkg: "{{ rkt_download_url }}/{{ rkt_pkg_name }}" - state: present - register: rkt_task_result - until: rkt_task_result|succeeded - retries: 4 - delay: "{{ retry_stagger | random + 3 }}" - when: ansible_os_family == "RedHat" diff --git a/roles/rkt/vars/suse.yml b/roles/rkt/vars/suse.yml new file mode 100644 index 000000000..13149e8fb --- /dev/null +++ b/roles/rkt/vars/suse.yml @@ -0,0 +1,2 @@ +--- +rkt_pkg_name: "rkt-{{ rkt_pkg_version }}.x86_64.rpm" diff --git a/tests/files/gce_opensuse-canal.yml b/tests/files/gce_opensuse-canal.yml new file mode 100644 index 000000000..9eae57e2e --- /dev/null +++ b/tests/files/gce_opensuse-canal.yml @@ -0,0 +1,12 @@ +# Instance settings +cloud_image_family: opensuse-leap +cloud_region: us-central1-c +mode: default + +# Deployment settings +bootstrap_os: opensuse +kube_network_plugin: canal +kubeadm_enabled: true +deploy_netchecker: true +kubedns_min_replicas: 1 +cloud_provider: gce