Resolve ansible-lint name errors (#10253)

* project: fix ansible-lint name

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>

* project: ignore jinja template error in names

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>

* project: capitalize ansible name

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>

* project: update notify after name capitalization

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>

---------

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>
pull/10312/head
Arthur Outhenin-Chalandre 2023-07-26 16:36:22 +02:00 committed by GitHub
parent b9e3861385
commit 36e5d742dc
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
162 changed files with 842 additions and 675 deletions

View File

@ -22,18 +22,7 @@ skip_list:
# (Disabled in Feb 2023) # (Disabled in Feb 2023)
- 'fqcn-builtins' - 'fqcn-builtins'
# names should start with an uppercase letter # We use template in names
# (Disabled in June 2023 after ansible upgrade; FIXME)
- 'name[casing]'
# Everything should be named
# (Disabled in June 2023 after ansible upgrade; FIXME)
- 'name[play]'
- 'name[missing]'
# templates should only be at the end of 'name'
# (Disabled in June 2023 after ansible upgrade; FIXME)
- 'name[jinja]'
- 'name[template]' - 'name[template]'
# order of keys errors # order of keys errors

View File

@ -1,5 +1,6 @@
--- ---
- hosts: localhost - name: Generate Azure inventory
hosts: localhost
gather_facts: False gather_facts: False
roles: roles:
- generate-inventory - generate-inventory

View File

@ -1,5 +1,6 @@
--- ---
- hosts: localhost - name: Generate Azure inventory
hosts: localhost
gather_facts: False gather_facts: False
roles: roles:
- generate-inventory_2 - generate-inventory_2

View File

@ -1,5 +1,6 @@
--- ---
- hosts: localhost - name: Generate Azure templates
hosts: localhost
gather_facts: False gather_facts: False
roles: roles:
- generate-templates - generate-templates

View File

@ -1,9 +1,11 @@
--- ---
- hosts: localhost - name: Create nodes as docker containers
hosts: localhost
gather_facts: False gather_facts: False
roles: roles:
- { role: dind-host } - { role: dind-host }
- hosts: containers - name: Customize each node containers
hosts: containers
roles: roles:
- { role: dind-cluster } - { role: dind-cluster }

View File

@ -1,9 +1,9 @@
--- ---
- name: set_fact distro_setup - name: Set_fact distro_setup
set_fact: set_fact:
distro_setup: "{{ distro_settings[node_distro] }}" distro_setup: "{{ distro_settings[node_distro] }}"
- name: set_fact other distro settings - name: Set_fact other distro settings
set_fact: set_fact:
distro_user: "{{ distro_setup['user'] }}" distro_user: "{{ distro_setup['user'] }}"
distro_ssh_service: "{{ distro_setup['ssh_service'] }}" distro_ssh_service: "{{ distro_setup['ssh_service'] }}"
@ -66,7 +66,7 @@
dest: "/etc/sudoers.d/{{ distro_user }}" dest: "/etc/sudoers.d/{{ distro_user }}"
mode: 0640 mode: 0640
- name: Add my pubkey to "{{ distro_user }}" user authorized keys - name: "Add my pubkey to {{ distro_user }} user authorized keys"
ansible.posix.authorized_key: ansible.posix.authorized_key:
user: "{{ distro_user }}" user: "{{ distro_user }}"
state: present state: present

View File

@ -1,9 +1,9 @@
--- ---
- name: set_fact distro_setup - name: Set_fact distro_setup
set_fact: set_fact:
distro_setup: "{{ distro_settings[node_distro] }}" distro_setup: "{{ distro_settings[node_distro] }}"
- name: set_fact other distro settings - name: Set_fact other distro settings
set_fact: set_fact:
distro_image: "{{ distro_setup['image'] }}" distro_image: "{{ distro_setup['image'] }}"
distro_init: "{{ distro_setup['init'] }}" distro_init: "{{ distro_setup['init'] }}"

View File

@ -1,5 +1,6 @@
--- ---
- hosts: localhost - name: Prepare Hypervisor to later install kubespray VMs
hosts: localhost
gather_facts: False gather_facts: False
become: yes become: yes
vars: vars:

View File

@ -22,9 +22,9 @@
- ntp - ntp
when: ansible_os_family == "Debian" when: ansible_os_family == "Debian"
# Create deployment user if required - name: Create deployment user if required
- include_tasks: user.yml include_tasks: user.yml
when: k8s_deployment_user is defined when: k8s_deployment_user is defined
# Set proper sysctl values - name: Set proper sysctl values
- import_tasks: sysctl.yml import_tasks: sysctl.yml

View File

@ -2,7 +2,8 @@
- name: Check ansible version - name: Check ansible version
import_playbook: kubernetes_sigs.kubespray.ansible_version import_playbook: kubernetes_sigs.kubespray.ansible_version
- hosts: localhost - name: Install mitogen
hosts: localhost
strategy: linear strategy: linear
vars: vars:
mitogen_version: 0.3.2 mitogen_version: 0.3.2
@ -19,24 +20,24 @@
- "{{ playbook_dir }}/plugins/mitogen" - "{{ playbook_dir }}/plugins/mitogen"
- "{{ playbook_dir }}/dist" - "{{ playbook_dir }}/dist"
- name: download mitogen release - name: Download mitogen release
get_url: get_url:
url: "{{ mitogen_url }}" url: "{{ mitogen_url }}"
dest: "{{ playbook_dir }}/dist/mitogen_{{ mitogen_version }}.tar.gz" dest: "{{ playbook_dir }}/dist/mitogen_{{ mitogen_version }}.tar.gz"
validate_certs: true validate_certs: true
mode: 0644 mode: 0644
- name: extract archive - name: Extract archive
unarchive: unarchive:
src: "{{ playbook_dir }}/dist/mitogen_{{ mitogen_version }}.tar.gz" src: "{{ playbook_dir }}/dist/mitogen_{{ mitogen_version }}.tar.gz"
dest: "{{ playbook_dir }}/dist/" dest: "{{ playbook_dir }}/dist/"
- name: copy plugin - name: Copy plugin
ansible.posix.synchronize: ansible.posix.synchronize:
src: "{{ playbook_dir }}/dist/mitogen-{{ mitogen_version }}/" src: "{{ playbook_dir }}/dist/mitogen-{{ mitogen_version }}/"
dest: "{{ playbook_dir }}/plugins/mitogen" dest: "{{ playbook_dir }}/plugins/mitogen"
- name: add strategy to ansible.cfg - name: Add strategy to ansible.cfg
community.general.ini_file: community.general.ini_file:
path: ansible.cfg path: ansible.cfg
mode: 0644 mode: 0644

View File

@ -1,24 +1,29 @@
--- ---
- hosts: gfs-cluster - name: Bootstrap hosts
hosts: gfs-cluster
gather_facts: false gather_facts: false
vars: vars:
ansible_ssh_pipelining: false ansible_ssh_pipelining: false
roles: roles:
- { role: bootstrap-os, tags: bootstrap-os} - { role: bootstrap-os, tags: bootstrap-os}
- hosts: all - name: Gather facts
hosts: all
gather_facts: true gather_facts: true
- hosts: gfs-cluster - name: Install glusterfs server
hosts: gfs-cluster
vars: vars:
ansible_ssh_pipelining: true ansible_ssh_pipelining: true
roles: roles:
- { role: glusterfs/server } - { role: glusterfs/server }
- hosts: k8s_cluster - name: Install glusterfs servers
hosts: k8s_cluster
roles: roles:
- { role: glusterfs/client } - { role: glusterfs/client }
- hosts: kube_control_plane[0] - name: Configure Kubernetes to use glusterfs
hosts: kube_control_plane[0]
roles: roles:
- { role: kubernetes-pv } - { role: kubernetes-pv }

View File

@ -3,10 +3,12 @@
# hyperkube and needs to be installed as part of the system. # hyperkube and needs to be installed as part of the system.
# Setup/install tasks. # Setup/install tasks.
- include_tasks: setup-RedHat.yml - name: Setup RedHat distros for glusterfs
include_tasks: setup-RedHat.yml
when: ansible_os_family == 'RedHat' and groups['gfs-cluster'] is defined when: ansible_os_family == 'RedHat' and groups['gfs-cluster'] is defined
- include_tasks: setup-Debian.yml - name: Setup Debian distros for glusterfs
include_tasks: setup-Debian.yml
when: ansible_os_family == 'Debian' and groups['gfs-cluster'] is defined when: ansible_os_family == 'Debian' and groups['gfs-cluster'] is defined
- name: Ensure Gluster mount directories exist. - name: Ensure Gluster mount directories exist.

View File

@ -4,13 +4,13 @@
include_vars: "{{ ansible_os_family }}.yml" include_vars: "{{ ansible_os_family }}.yml"
# Install xfs package # Install xfs package
- name: install xfs Debian - name: Install xfs Debian
apt: apt:
name: xfsprogs name: xfsprogs
state: present state: present
when: ansible_os_family == "Debian" when: ansible_os_family == "Debian"
- name: install xfs RedHat - name: Install xfs RedHat
package: package:
name: xfsprogs name: xfsprogs
state: present state: present
@ -23,7 +23,7 @@
dev: "{{ disk_volume_device_1 }}" dev: "{{ disk_volume_device_1 }}"
# Mount external volumes # Mount external volumes
- name: mounting new xfs filesystem - name: Mounting new xfs filesystem
ansible.posix.mount: ansible.posix.mount:
name: "{{ gluster_volume_node_mount_dir }}" name: "{{ gluster_volume_node_mount_dir }}"
src: "{{ disk_volume_device_1 }}" src: "{{ disk_volume_device_1 }}"
@ -31,10 +31,12 @@
state: mounted state: mounted
# Setup/install tasks. # Setup/install tasks.
- include_tasks: setup-RedHat.yml - name: Setup RedHat distros for glusterfs
include_tasks: setup-RedHat.yml
when: ansible_os_family == 'RedHat' when: ansible_os_family == 'RedHat'
- include_tasks: setup-Debian.yml - name: Setup Debian distros for glusterfs
include_tasks: setup-Debian.yml
when: ansible_os_family == 'Debian' when: ansible_os_family == 'Debian'
- name: Ensure GlusterFS is started and enabled at boot. - name: Ensure GlusterFS is started and enabled at boot.

View File

@ -1,9 +1,11 @@
--- ---
- hosts: kube_control_plane[0] - name: Tear down heketi
hosts: kube_control_plane[0]
roles: roles:
- { role: tear-down } - { role: tear-down }
- hosts: heketi-node - name: Teardown disks in heketi
hosts: heketi-node
become: yes become: yes
roles: roles:
- { role: tear-down-disks } - { role: tear-down-disks }

View File

@ -1,9 +1,11 @@
--- ---
- hosts: heketi-node - name: Prepare heketi install
hosts: heketi-node
roles: roles:
- { role: prepare } - { role: prepare }
- hosts: kube_control_plane[0] - name: Provision heketi
hosts: kube_control_plane[0]
tags: tags:
- "provision" - "provision"
roles: roles:

View File

@ -1,3 +1,3 @@
--- ---
- name: "stop port forwarding" - name: "Stop port forwarding"
command: "killall " command: "killall "

View File

@ -1,5 +1,6 @@
--- ---
- hosts: localhost - name: Collect container images for offline deployment
hosts: localhost
become: no become: no
roles: roles:
@ -11,7 +12,8 @@
tasks: tasks:
# Generate files.list and images.list files from templates. # Generate files.list and images.list files from templates.
- template: - name: Collect container images for offline deployment
template:
src: ./contrib/offline/temp/{{ item }}.list.template src: ./contrib/offline/temp/{{ item }}.list.template
dest: ./contrib/offline/temp/{{ item }}.list dest: ./contrib/offline/temp/{{ item }}.list
mode: 0644 mode: 0644

View File

@ -1,4 +1,5 @@
--- ---
- hosts: all - name: Disable firewalld/ufw
hosts: all
roles: roles:
- { role: prepare } - { role: prepare }

View File

@ -1,5 +1,6 @@
--- ---
- block: - name: Disable firewalld and ufw
block:
- name: List services - name: List services
service_facts: service_facts:

View File

@ -1,5 +1,6 @@
--- ---
- hosts: kube_node:kube_control_plane - name: Remove old cloud provider config
hosts: kube_node:kube_control_plane
tasks: tasks:
- name: Remove old cloud provider config - name: Remove old cloud provider config
file: file:
@ -7,7 +8,8 @@
state: absent state: absent
with_items: with_items:
- /etc/kubernetes/cloud_config - /etc/kubernetes/cloud_config
- hosts: kube_control_plane[0] - name: Migrate intree Cinder PV
hosts: kube_control_plane[0]
tasks: tasks:
- name: Include kubespray-default variables - name: Include kubespray-default variables
include_vars: ../roles/kubespray-defaults/defaults/main.yaml include_vars: ../roles/kubespray-defaults/defaults/main.yaml

View File

@ -10,13 +10,15 @@
### In most cases, you probably want to use upgrade-cluster.yml playbook and ### In most cases, you probably want to use upgrade-cluster.yml playbook and
### not this one. ### not this one.
- hosts: localhost - name: Setup ssh config to use the bastion
hosts: localhost
gather_facts: False gather_facts: False
roles: roles:
- { role: kubespray-defaults} - { role: kubespray-defaults}
- { role: bastion-ssh-config, tags: ["localhost", "bastion"]} - { role: bastion-ssh-config, tags: ["localhost", "bastion"]}
- hosts: k8s_cluster:etcd:calico_rr - name: Bootstrap hosts OS for Ansible
hosts: k8s_cluster:etcd:calico_rr
any_errors_fatal: "{{ any_errors_fatal | default(true) }}" any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
gather_facts: false gather_facts: false
vars: vars:
@ -27,7 +29,8 @@
- { role: kubespray-defaults} - { role: kubespray-defaults}
- { role: bootstrap-os, tags: bootstrap-os} - { role: bootstrap-os, tags: bootstrap-os}
- hosts: k8s_cluster:etcd:calico_rr - name: Preinstall
hosts: k8s_cluster:etcd:calico_rr
any_errors_fatal: "{{ any_errors_fatal | default(true) }}" any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
roles: roles:
- { role: kubespray-defaults} - { role: kubespray-defaults}

View File

@ -1,5 +1,6 @@
--- ---
- hosts: all - name: Wait for cloud-init to finish
hosts: all
tasks: tasks:
- name: Wait for cloud-init to finish - name: Wait for cloud-init to finish
command: cloud-init status --wait command: cloud-init status --wait

View File

@ -1,5 +1,6 @@
--- ---
- hosts: localhost - name: Check Ansible version
hosts: localhost
gather_facts: false gather_facts: false
become: no become: no
vars: vars:

View File

@ -5,7 +5,8 @@
- name: Ensure compatibility with old groups - name: Ensure compatibility with old groups
import_playbook: legacy_groups.yml import_playbook: legacy_groups.yml
- hosts: bastion[0] - name: Install bastion ssh config
hosts: bastion[0]
gather_facts: False gather_facts: False
environment: "{{ proxy_disable_env }}" environment: "{{ proxy_disable_env }}"
roles: roles:
@ -16,7 +17,8 @@
tags: always tags: always
import_playbook: facts.yml import_playbook: facts.yml
- hosts: k8s_cluster:etcd - name: Prepare for etcd install
hosts: k8s_cluster:etcd
gather_facts: False gather_facts: False
any_errors_fatal: "{{ any_errors_fatal | default(true) }}" any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
environment: "{{ proxy_disable_env }}" environment: "{{ proxy_disable_env }}"
@ -26,7 +28,8 @@
- { role: "container-engine", tags: "container-engine", when: deploy_container_engine } - { role: "container-engine", tags: "container-engine", when: deploy_container_engine }
- { role: download, tags: download, when: "not skip_downloads" } - { role: download, tags: download, when: "not skip_downloads" }
- hosts: etcd:kube_control_plane - name: Install etcd
hosts: etcd:kube_control_plane
gather_facts: False gather_facts: False
any_errors_fatal: "{{ any_errors_fatal | default(true) }}" any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
environment: "{{ proxy_disable_env }}" environment: "{{ proxy_disable_env }}"
@ -39,7 +42,8 @@
etcd_events_cluster_setup: "{{ etcd_events_cluster_enabled }}" etcd_events_cluster_setup: "{{ etcd_events_cluster_enabled }}"
when: etcd_deployment_type != "kubeadm" when: etcd_deployment_type != "kubeadm"
- hosts: k8s_cluster - name: Install etcd certs on nodes if required
hosts: k8s_cluster
gather_facts: False gather_facts: False
any_errors_fatal: "{{ any_errors_fatal | default(true) }}" any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
environment: "{{ proxy_disable_env }}" environment: "{{ proxy_disable_env }}"
@ -55,7 +59,8 @@
- kube_network_plugin in ["calico", "flannel", "canal", "cilium"] or cilium_deploy_additionally | default(false) | bool - kube_network_plugin in ["calico", "flannel", "canal", "cilium"] or cilium_deploy_additionally | default(false) | bool
- kube_network_plugin != "calico" or calico_datastore == "etcd" - kube_network_plugin != "calico" or calico_datastore == "etcd"
- hosts: k8s_cluster - name: Install Kubernetes nodes
hosts: k8s_cluster
gather_facts: False gather_facts: False
any_errors_fatal: "{{ any_errors_fatal | default(true) }}" any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
environment: "{{ proxy_disable_env }}" environment: "{{ proxy_disable_env }}"
@ -63,7 +68,8 @@
- { role: kubespray-defaults } - { role: kubespray-defaults }
- { role: kubernetes/node, tags: node } - { role: kubernetes/node, tags: node }
- hosts: kube_control_plane - name: Install the control plane
hosts: kube_control_plane
gather_facts: False gather_facts: False
any_errors_fatal: "{{ any_errors_fatal | default(true) }}" any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
environment: "{{ proxy_disable_env }}" environment: "{{ proxy_disable_env }}"
@ -73,7 +79,8 @@
- { role: kubernetes/client, tags: client } - { role: kubernetes/client, tags: client }
- { role: kubernetes-apps/cluster_roles, tags: cluster-roles } - { role: kubernetes-apps/cluster_roles, tags: cluster-roles }
- hosts: k8s_cluster - name: Invoke kubeadm and install a CNI
hosts: k8s_cluster
gather_facts: False gather_facts: False
any_errors_fatal: "{{ any_errors_fatal | default(true) }}" any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
environment: "{{ proxy_disable_env }}" environment: "{{ proxy_disable_env }}"
@ -84,7 +91,8 @@
- { role: network_plugin, tags: network } - { role: network_plugin, tags: network }
- { role: kubernetes-apps/kubelet-csr-approver, tags: kubelet-csr-approver } - { role: kubernetes-apps/kubelet-csr-approver, tags: kubelet-csr-approver }
- hosts: calico_rr - name: Install Calico Route Reflector
hosts: calico_rr
gather_facts: False gather_facts: False
any_errors_fatal: "{{ any_errors_fatal | default(true) }}" any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
environment: "{{ proxy_disable_env }}" environment: "{{ proxy_disable_env }}"
@ -92,7 +100,8 @@
- { role: kubespray-defaults } - { role: kubespray-defaults }
- { role: network_plugin/calico/rr, tags: ['network', 'calico_rr'] } - { role: network_plugin/calico/rr, tags: ['network', 'calico_rr'] }
- hosts: kube_control_plane[0] - name: Patch Kubernetes for Windows
hosts: kube_control_plane[0]
gather_facts: False gather_facts: False
any_errors_fatal: "{{ any_errors_fatal | default(true) }}" any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
environment: "{{ proxy_disable_env }}" environment: "{{ proxy_disable_env }}"
@ -100,7 +109,8 @@
- { role: kubespray-defaults } - { role: kubespray-defaults }
- { role: win_nodes/kubernetes_patch, tags: ["master", "win_nodes"] } - { role: win_nodes/kubernetes_patch, tags: ["master", "win_nodes"] }
- hosts: kube_control_plane - name: Install Kubernetes apps
hosts: kube_control_plane
gather_facts: False gather_facts: False
any_errors_fatal: "{{ any_errors_fatal | default(true) }}" any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
environment: "{{ proxy_disable_env }}" environment: "{{ proxy_disable_env }}"

View File

@ -1,5 +1,6 @@
--- ---
- hosts: k8s_cluster:etcd:calico_rr - name: Bootstrap hosts for Ansible
hosts: k8s_cluster:etcd:calico_rr
strategy: linear strategy: linear
any_errors_fatal: "{{ any_errors_fatal | default(true) }}" any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
gather_facts: false gather_facts: false

View File

@ -6,7 +6,7 @@
gather_facts: false gather_facts: false
tags: always tags: always
tasks: tasks:
- name: add nodes to kube_control_plane group - name: Add nodes to kube_control_plane group
group_by: group_by:
key: 'kube_control_plane' key: 'kube_control_plane'
@ -15,7 +15,7 @@
gather_facts: false gather_facts: false
tags: always tags: always
tasks: tasks:
- name: add nodes to kube_node group - name: Add nodes to kube_node group
group_by: group_by:
key: 'kube_node' key: 'kube_node'
@ -24,7 +24,7 @@
gather_facts: false gather_facts: false
tags: always tags: always
tasks: tasks:
- name: add nodes to k8s_cluster group - name: Add nodes to k8s_cluster group
group_by: group_by:
key: 'k8s_cluster' key: 'k8s_cluster'
@ -33,7 +33,7 @@
gather_facts: false gather_facts: false
tags: always tags: always
tasks: tasks:
- name: add nodes to calico_rr group - name: Add nodes to calico_rr group
group_by: group_by:
key: 'calico_rr' key: 'calico_rr'
@ -42,6 +42,6 @@
gather_facts: false gather_facts: false
tags: always tags: always
tasks: tasks:
- name: add nodes to no-floating group - name: Add nodes to no-floating group
group_by: group_by:
key: 'no_floating' key: 'no_floating'

View File

@ -5,29 +5,34 @@
- name: Ensure compatibility with old groups - name: Ensure compatibility with old groups
import_playbook: legacy_groups.yml import_playbook: legacy_groups.yml
- hosts: bastion[0] - name: Install bastion ssh config
hosts: bastion[0]
gather_facts: False gather_facts: False
environment: "{{ proxy_disable_env }}" environment: "{{ proxy_disable_env }}"
roles: roles:
- { role: kubespray-defaults} - { role: kubespray-defaults}
- { role: bastion-ssh-config, tags: ["localhost", "bastion"]} - { role: bastion-ssh-config, tags: ["localhost", "bastion"]}
- hosts: etcd[0] - name: Recover etcd
hosts: etcd[0]
environment: "{{ proxy_disable_env }}" environment: "{{ proxy_disable_env }}"
roles: roles:
- { role: kubespray-defaults} - { role: kubespray-defaults}
- role: recover_control_plane/etcd - role: recover_control_plane/etcd
when: etcd_deployment_type != "kubeadm" when: etcd_deployment_type != "kubeadm"
- hosts: kube_control_plane[0] - name: Recover control plane
hosts: kube_control_plane[0]
environment: "{{ proxy_disable_env }}" environment: "{{ proxy_disable_env }}"
roles: roles:
- { role: kubespray-defaults} - { role: kubespray-defaults}
- { role: recover_control_plane/control-plane } - { role: recover_control_plane/control-plane }
- import_playbook: cluster.yml - name: Apply whole cluster install
import_playbook: cluster.yml
- hosts: kube_control_plane - name: Perform post recover tasks
hosts: kube_control_plane
environment: "{{ proxy_disable_env }}" environment: "{{ proxy_disable_env }}"
roles: roles:
- { role: kubespray-defaults} - { role: kubespray-defaults}

View File

@ -5,14 +5,16 @@
- name: Ensure compatibility with old groups - name: Ensure compatibility with old groups
import_playbook: legacy_groups.yml import_playbook: legacy_groups.yml
- hosts: bastion[0] - name: Install bastion ssh config
hosts: bastion[0]
gather_facts: False gather_facts: False
environment: "{{ proxy_disable_env }}" environment: "{{ proxy_disable_env }}"
roles: roles:
- { role: kubespray-defaults } - { role: kubespray-defaults }
- { role: bastion-ssh-config, tags: ["localhost", "bastion"] } - { role: bastion-ssh-config, tags: ["localhost", "bastion"] }
- hosts: "{{ node | default('etcd:k8s_cluster:calico_rr') }}" - name: Confirm node removal
hosts: "{{ node | default('etcd:k8s_cluster:calico_rr') }}"
gather_facts: no gather_facts: no
tasks: tasks:
- name: Confirm Execution - name: Confirm Execution
@ -32,7 +34,8 @@
import_playbook: facts.yml import_playbook: facts.yml
when: reset_nodes | default(True) | bool when: reset_nodes | default(True) | bool
- hosts: "{{ node | default('kube_node') }}" - name: Reset node
hosts: "{{ node | default('kube_node') }}"
gather_facts: no gather_facts: no
environment: "{{ proxy_disable_env }}" environment: "{{ proxy_disable_env }}"
roles: roles:
@ -42,7 +45,8 @@
- { role: reset, tags: reset, when: reset_nodes | default(True) | bool } - { role: reset, tags: reset, when: reset_nodes | default(True) | bool }
# Currently cannot remove first master or etcd # Currently cannot remove first master or etcd
- hosts: "{{ node | default('kube_control_plane[1:]:etcd[1:]') }}" - name: Post node removal
hosts: "{{ node | default('kube_control_plane[1:]:etcd[1:]') }}"
gather_facts: no gather_facts: no
environment: "{{ proxy_disable_env }}" environment: "{{ proxy_disable_env }}"
roles: roles:

View File

@ -5,7 +5,8 @@
- name: Ensure compatibility with old groups - name: Ensure compatibility with old groups
import_playbook: legacy_groups.yml import_playbook: legacy_groups.yml
- hosts: bastion[0] - name: Install bastion ssh config
hosts: bastion[0]
gather_facts: False gather_facts: False
environment: "{{ proxy_disable_env }}" environment: "{{ proxy_disable_env }}"
roles: roles:
@ -15,7 +16,8 @@
- name: Gather facts - name: Gather facts
import_playbook: facts.yml import_playbook: facts.yml
- hosts: etcd:k8s_cluster:calico_rr - name: Reset cluster
hosts: etcd:k8s_cluster:calico_rr
gather_facts: False gather_facts: False
pre_tasks: pre_tasks:
- name: Reset Confirmation - name: Reset Confirmation

View File

@ -5,7 +5,8 @@
- name: Ensure compatibility with old groups - name: Ensure compatibility with old groups
import_playbook: legacy_groups.yml import_playbook: legacy_groups.yml
- hosts: bastion[0] - name: Install bastion ssh config
hosts: bastion[0]
gather_facts: False gather_facts: False
environment: "{{ proxy_disable_env }}" environment: "{{ proxy_disable_env }}"
roles: roles:
@ -88,7 +89,7 @@
environment: "{{ proxy_disable_env }}" environment: "{{ proxy_disable_env }}"
register: kubeadm_upload_cert register: kubeadm_upload_cert
changed_when: false changed_when: false
- name: set fact 'kubeadm_certificate_key' for later use - name: Set fact 'kubeadm_certificate_key' for later use
set_fact: set_fact:
kubeadm_certificate_key: "{{ kubeadm_upload_cert.stdout_lines[-1] | trim }}" kubeadm_certificate_key: "{{ kubeadm_upload_cert.stdout_lines[-1] | trim }}"
when: kubeadm_certificate_key is not defined when: kubeadm_certificate_key is not defined

View File

@ -5,7 +5,8 @@
- name: Ensure compatibility with old groups - name: Ensure compatibility with old groups
import_playbook: legacy_groups.yml import_playbook: legacy_groups.yml
- hosts: bastion[0] - name: Install bastion ssh config
hosts: bastion[0]
gather_facts: False gather_facts: False
environment: "{{ proxy_disable_env }}" environment: "{{ proxy_disable_env }}"
roles: roles:
@ -46,7 +47,8 @@
- { role: kubespray-defaults } - { role: kubespray-defaults }
- { role: container-engine, tags: "container-engine", when: deploy_container_engine } - { role: container-engine, tags: "container-engine", when: deploy_container_engine }
- hosts: etcd:kube_control_plane - name: Install etcd
hosts: etcd:kube_control_plane
gather_facts: False gather_facts: False
any_errors_fatal: "{{ any_errors_fatal | default(true) }}" any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
environment: "{{ proxy_disable_env }}" environment: "{{ proxy_disable_env }}"
@ -59,7 +61,8 @@
etcd_events_cluster_setup: "{{ etcd_events_cluster_enabled }}" etcd_events_cluster_setup: "{{ etcd_events_cluster_enabled }}"
when: etcd_deployment_type != "kubeadm" when: etcd_deployment_type != "kubeadm"
- hosts: k8s_cluster - name: Install etcd certs on nodes if required
hosts: k8s_cluster
gather_facts: False gather_facts: False
any_errors_fatal: "{{ any_errors_fatal | default(true) }}" any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
environment: "{{ proxy_disable_env }}" environment: "{{ proxy_disable_env }}"
@ -126,7 +129,8 @@
- { role: kubernetes/node-label, tags: node-label } - { role: kubernetes/node-label, tags: node-label }
- { role: upgrade/post-upgrade, tags: post-upgrade } - { role: upgrade/post-upgrade, tags: post-upgrade }
- hosts: kube_control_plane[0] - name: Patch Kubernetes for Windows
hosts: kube_control_plane[0]
gather_facts: False gather_facts: False
any_errors_fatal: true any_errors_fatal: true
environment: "{{ proxy_disable_env }}" environment: "{{ proxy_disable_env }}"
@ -134,7 +138,8 @@
- { role: kubespray-defaults } - { role: kubespray-defaults }
- { role: win_nodes/kubernetes_patch, tags: ["master", "win_nodes"] } - { role: win_nodes/kubernetes_patch, tags: ["master", "win_nodes"] }
- hosts: calico_rr - name: Install Calico Route Reflector
hosts: calico_rr
gather_facts: False gather_facts: False
any_errors_fatal: "{{ any_errors_fatal | default(true) }}" any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
environment: "{{ proxy_disable_env }}" environment: "{{ proxy_disable_env }}"
@ -142,7 +147,8 @@
- { role: kubespray-defaults } - { role: kubespray-defaults }
- { role: network_plugin/calico/rr, tags: network } - { role: network_plugin/calico/rr, tags: network }
- hosts: kube_control_plane - name: Install Kubernetes apps
hosts: kube_control_plane
gather_facts: False gather_facts: False
any_errors_fatal: "{{ any_errors_fatal | default(true) }}" any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
environment: "{{ proxy_disable_env }}" environment: "{{ proxy_disable_env }}"

View File

@ -1,5 +1,5 @@
--- ---
- name: set bastion host IP and port - name: Set bastion host IP and port
set_fact: set_fact:
bastion_ip: "{{ hostvars[groups['bastion'][0]]['ansible_host'] | d(hostvars[groups['bastion'][0]]['ansible_ssh_host']) }}" bastion_ip: "{{ hostvars[groups['bastion'][0]]['ansible_host'] | d(hostvars[groups['bastion'][0]]['ansible_ssh_host']) }}"
bastion_port: "{{ hostvars[groups['bastion'][0]]['ansible_port'] | d(hostvars[groups['bastion'][0]]['ansible_ssh_port']) | d(22) }}" bastion_port: "{{ hostvars[groups['bastion'][0]]['ansible_port'] | d(hostvars[groups['bastion'][0]]['ansible_ssh_port']) | d(22) }}"
@ -12,7 +12,7 @@
set_fact: set_fact:
real_user: "{{ ansible_user }}" real_user: "{{ ansible_user }}"
- name: create ssh bastion conf - name: Create ssh bastion conf
become: false become: false
delegate_to: localhost delegate_to: localhost
connection: local connection: local

View File

@ -6,37 +6,46 @@
# This command should always run, even in check mode # This command should always run, even in check mode
check_mode: false check_mode: false
- include_tasks: bootstrap-centos.yml - name: Bootstrap CentOS
include_tasks: bootstrap-centos.yml
when: '''ID="centos"'' in os_release.stdout_lines or ''ID="ol"'' in os_release.stdout_lines or ''ID="almalinux"'' in os_release.stdout_lines or ''ID="rocky"'' in os_release.stdout_lines or ''ID="kylin"'' in os_release.stdout_lines or ''ID="uos"'' in os_release.stdout_lines or ''ID="openEuler"'' in os_release.stdout_lines' when: '''ID="centos"'' in os_release.stdout_lines or ''ID="ol"'' in os_release.stdout_lines or ''ID="almalinux"'' in os_release.stdout_lines or ''ID="rocky"'' in os_release.stdout_lines or ''ID="kylin"'' in os_release.stdout_lines or ''ID="uos"'' in os_release.stdout_lines or ''ID="openEuler"'' in os_release.stdout_lines'
- include_tasks: bootstrap-amazon.yml - name: Bootstrap Amazon
include_tasks: bootstrap-amazon.yml
when: '''ID="amzn"'' in os_release.stdout_lines' when: '''ID="amzn"'' in os_release.stdout_lines'
- include_tasks: bootstrap-redhat.yml - name: Bootstrap RedHat
include_tasks: bootstrap-redhat.yml
when: '''ID="rhel"'' in os_release.stdout_lines' when: '''ID="rhel"'' in os_release.stdout_lines'
- include_tasks: bootstrap-clearlinux.yml - name: Bootstrap Clear Linux
include_tasks: bootstrap-clearlinux.yml
when: '''ID=clear-linux-os'' in os_release.stdout_lines' when: '''ID=clear-linux-os'' in os_release.stdout_lines'
# Fedora CoreOS # Fedora CoreOS
- include_tasks: bootstrap-fedora-coreos.yml - name: Bootstrap Fedora CoreOS
include_tasks: bootstrap-fedora-coreos.yml
when: when:
- '''ID=fedora'' in os_release.stdout_lines' - '''ID=fedora'' in os_release.stdout_lines'
- '''VARIANT_ID=coreos'' in os_release.stdout_lines' - '''VARIANT_ID=coreos'' in os_release.stdout_lines'
- include_tasks: bootstrap-flatcar.yml - name: Bootstrap Flatcar
include_tasks: bootstrap-flatcar.yml
when: '''ID=flatcar'' in os_release.stdout_lines' when: '''ID=flatcar'' in os_release.stdout_lines'
- include_tasks: bootstrap-debian.yml - name: Bootstrap Debian
include_tasks: bootstrap-debian.yml
when: '''ID=debian'' in os_release.stdout_lines or ''ID=ubuntu'' in os_release.stdout_lines' when: '''ID=debian'' in os_release.stdout_lines or ''ID=ubuntu'' in os_release.stdout_lines'
# Fedora "classic" # Fedora "classic"
- include_tasks: bootstrap-fedora.yml - name: Boostrap Fedora
include_tasks: bootstrap-fedora.yml
when: when:
- '''ID=fedora'' in os_release.stdout_lines' - '''ID=fedora'' in os_release.stdout_lines'
- '''VARIANT_ID=coreos'' not in os_release.stdout_lines' - '''VARIANT_ID=coreos'' not in os_release.stdout_lines'
- include_tasks: bootstrap-opensuse.yml - name: Bootstrap OpenSUSE
include_tasks: bootstrap-opensuse.yml
when: '''ID="opensuse-leap"'' in os_release.stdout_lines or ''ID="opensuse-tumbleweed"'' in os_release.stdout_lines' when: '''ID="opensuse-leap"'' in os_release.stdout_lines or ''ID="opensuse-tumbleweed"'' in os_release.stdout_lines'
- name: Create remote_tmp for it is used by another module - name: Create remote_tmp for it is used by another module

View File

@ -1,5 +1,5 @@
--- ---
- name: containerd-common | check if fedora coreos - name: Containerd-common | check if fedora coreos
stat: stat:
path: /run/ostree-booted path: /run/ostree-booted
get_attributes: no get_attributes: no
@ -7,11 +7,11 @@
get_mime: no get_mime: no
register: ostree register: ostree
- name: containerd-common | set is_ostree - name: Containerd-common | set is_ostree
set_fact: set_fact:
is_ostree: "{{ ostree.stat.exists }}" is_ostree: "{{ ostree.stat.exists }}"
- name: containerd-common | gather os specific variables - name: Containerd-common | gather os specific variables
include_vars: "{{ item }}" include_vars: "{{ item }}"
with_first_found: with_first_found:
- files: - files:

View File

@ -1,5 +1,5 @@
--- ---
- name: restart containerd - name: Restart containerd
command: /bin/true command: /bin/true
notify: notify:
- Containerd | restart containerd - Containerd | restart containerd

View File

@ -12,7 +12,8 @@
- role: adduser - role: adduser
user: "{{ addusers.kube }}" user: "{{ addusers.kube }}"
tasks: tasks:
- include_tasks: "../../../../download/tasks/download_file.yml" - name: Download CNI
include_tasks: "../../../../download/tasks/download_file.yml"
vars: vars:
download: "{{ download_defaults | combine(downloads.cni) }}" download: "{{ download_defaults | combine(downloads.cni) }}"

View File

@ -5,33 +5,33 @@
when: when:
- not (allow_unsupported_distribution_setup | default(false)) and (ansible_distribution not in containerd_supported_distributions) - not (allow_unsupported_distribution_setup | default(false)) and (ansible_distribution not in containerd_supported_distributions)
- name: containerd | Remove any package manager controlled containerd package - name: Containerd | Remove any package manager controlled containerd package
package: package:
name: "{{ containerd_package }}" name: "{{ containerd_package }}"
state: absent state: absent
when: when:
- not (is_ostree or (ansible_distribution == "Flatcar Container Linux by Kinvolk") or (ansible_distribution == "Flatcar")) - not (is_ostree or (ansible_distribution == "Flatcar Container Linux by Kinvolk") or (ansible_distribution == "Flatcar"))
- name: containerd | Remove containerd repository - name: Containerd | Remove containerd repository
file: file:
path: "{{ yum_repo_dir }}/containerd.repo" path: "{{ yum_repo_dir }}/containerd.repo"
state: absent state: absent
when: when:
- ansible_os_family in ['RedHat'] - ansible_os_family in ['RedHat']
- name: containerd | Remove containerd repository - name: Containerd | Remove containerd repository
apt_repository: apt_repository:
repo: "{{ item }}" repo: "{{ item }}"
state: absent state: absent
with_items: "{{ containerd_repo_info.repos }}" with_items: "{{ containerd_repo_info.repos }}"
when: ansible_pkg_mgr == 'apt' when: ansible_pkg_mgr == 'apt'
- name: containerd | Download containerd - name: Containerd | Download containerd
include_tasks: "../../../download/tasks/download_file.yml" include_tasks: "../../../download/tasks/download_file.yml"
vars: vars:
download: "{{ download_defaults | combine(downloads.containerd) }}" download: "{{ download_defaults | combine(downloads.containerd) }}"
- name: containerd | Unpack containerd archive - name: Containerd | Unpack containerd archive
unarchive: unarchive:
src: "{{ downloads.containerd.dest }}" src: "{{ downloads.containerd.dest }}"
dest: "{{ containerd_bin_dir }}" dest: "{{ containerd_bin_dir }}"
@ -39,9 +39,9 @@
remote_src: yes remote_src: yes
extra_opts: extra_opts:
- --strip-components=1 - --strip-components=1
notify: restart containerd notify: Restart containerd
- name: containerd | Remove orphaned binary - name: Containerd | Remove orphaned binary
file: file:
path: "/usr/bin/{{ item }}" path: "/usr/bin/{{ item }}"
state: absent state: absent
@ -56,14 +56,14 @@
- containerd-shim-runc-v2 - containerd-shim-runc-v2
- ctr - ctr
- name: containerd | Generate systemd service for containerd - name: Containerd | Generate systemd service for containerd
template: template:
src: containerd.service.j2 src: containerd.service.j2
dest: /etc/systemd/system/containerd.service dest: /etc/systemd/system/containerd.service
mode: 0644 mode: 0644
notify: restart containerd notify: Restart containerd
- name: containerd | Ensure containerd directories exist - name: Containerd | Ensure containerd directories exist
file: file:
dest: "{{ item }}" dest: "{{ item }}"
state: directory state: directory
@ -76,50 +76,51 @@
- "{{ containerd_storage_dir }}" - "{{ containerd_storage_dir }}"
- "{{ containerd_state_dir }}" - "{{ containerd_state_dir }}"
- name: containerd | Write containerd proxy drop-in - name: Containerd | Write containerd proxy drop-in
template: template:
src: http-proxy.conf.j2 src: http-proxy.conf.j2
dest: "{{ containerd_systemd_dir }}/http-proxy.conf" dest: "{{ containerd_systemd_dir }}/http-proxy.conf"
mode: 0644 mode: 0644
notify: restart containerd notify: Restart containerd
when: http_proxy is defined or https_proxy is defined when: http_proxy is defined or https_proxy is defined
- name: containerd | Generate default base_runtime_spec - name: Containerd | Generate default base_runtime_spec
register: ctr_oci_spec register: ctr_oci_spec
command: "{{ containerd_bin_dir }}/ctr oci spec" command: "{{ containerd_bin_dir }}/ctr oci spec"
check_mode: false check_mode: false
changed_when: false changed_when: false
- name: containerd | Store generated default base_runtime_spec - name: Containerd | Store generated default base_runtime_spec
set_fact: set_fact:
containerd_default_base_runtime_spec: "{{ ctr_oci_spec.stdout | from_json }}" containerd_default_base_runtime_spec: "{{ ctr_oci_spec.stdout | from_json }}"
- name: containerd | Write base_runtime_specs - name: Containerd | Write base_runtime_specs
copy: copy:
content: "{{ item.value }}" content: "{{ item.value }}"
dest: "{{ containerd_cfg_dir }}/{{ item.key }}" dest: "{{ containerd_cfg_dir }}/{{ item.key }}"
owner: "root" owner: "root"
mode: 0644 mode: 0644
with_dict: "{{ containerd_base_runtime_specs | default({}) }}" with_dict: "{{ containerd_base_runtime_specs | default({}) }}"
notify: restart containerd notify: Restart containerd
- name: containerd | Copy containerd config file - name: Containerd | Copy containerd config file
template: template:
src: config.toml.j2 src: config.toml.j2
dest: "{{ containerd_cfg_dir }}/config.toml" dest: "{{ containerd_cfg_dir }}/config.toml"
owner: "root" owner: "root"
mode: 0640 mode: 0640
notify: restart containerd notify: Restart containerd
- block: - name: Containerd | Configure containerd registries
- name: containerd Create registry directories block:
- name: Containerd Create registry directories
file: file:
path: "{{ containerd_cfg_dir }}/certs.d/{{ item.key }}" path: "{{ containerd_cfg_dir }}/certs.d/{{ item.key }}"
state: directory state: directory
mode: 0755 mode: 0755
recurse: true recurse: true
with_dict: "{{ containerd_insecure_registries }}" with_dict: "{{ containerd_insecure_registries }}"
- name: containerd Write hosts.toml file - name: Containerd Write hosts.toml file
blockinfile: blockinfile:
path: "{{ containerd_cfg_dir }}/certs.d/{{ item.key }}/hosts.toml" path: "{{ containerd_cfg_dir }}/certs.d/{{ item.key }}/hosts.toml"
mode: 0640 mode: 0640
@ -134,10 +135,10 @@
# you can sometimes end up in a state where everything is installed # you can sometimes end up in a state where everything is installed
# but containerd was not started / enabled # but containerd was not started / enabled
- name: containerd | Flush handlers - name: Containerd | Flush handlers
meta: flush_handlers meta: flush_handlers
- name: containerd | Ensure containerd is started and enabled - name: Containerd | Ensure containerd is started and enabled
systemd: systemd:
name: containerd name: containerd
daemon_reload: yes daemon_reload: yes

View File

@ -1,5 +1,5 @@
--- ---
- name: containerd | Remove containerd repository for RedHat os family - name: Containerd | Remove containerd repository for RedHat os family
file: file:
path: "{{ yum_repo_dir }}/containerd.repo" path: "{{ yum_repo_dir }}/containerd.repo"
state: absent state: absent
@ -8,7 +8,7 @@
tags: tags:
- reset_containerd - reset_containerd
- name: containerd | Remove containerd repository for Debian os family - name: Containerd | Remove containerd repository for Debian os family
apt_repository: apt_repository:
repo: "{{ item }}" repo: "{{ item }}"
state: absent state: absent
@ -17,7 +17,7 @@
tags: tags:
- reset_containerd - reset_containerd
- name: containerd | Stop containerd service - name: Containerd | Stop containerd service
service: service:
name: containerd name: containerd
daemon_reload: true daemon_reload: true
@ -26,7 +26,7 @@
tags: tags:
- reset_containerd - reset_containerd
- name: containerd | Remove configuration files - name: Containerd | Remove configuration files
file: file:
path: "{{ item }}" path: "{{ item }}"
state: absent state: absent

View File

@ -1,35 +1,35 @@
--- ---
- name: restart and enable cri-dockerd - name: Restart and enable cri-dockerd
command: /bin/true command: /bin/true
notify: notify:
- cri-dockerd | reload systemd - Cri-dockerd | reload systemd
- cri-dockerd | restart docker.service - Cri-dockerd | restart docker.service
- cri-dockerd | reload cri-dockerd.socket - Cri-dockerd | reload cri-dockerd.socket
- cri-dockerd | reload cri-dockerd.service - Cri-dockerd | reload cri-dockerd.service
- cri-dockerd | enable cri-dockerd service - Cri-dockerd | enable cri-dockerd service
- name: cri-dockerd | reload systemd - name: Cri-dockerd | reload systemd
systemd: systemd:
name: cri-dockerd name: cri-dockerd
daemon_reload: true daemon_reload: true
masked: no masked: no
- name: cri-dockerd | restart docker.service - name: Cri-dockerd | restart docker.service
service: service:
name: docker.service name: docker.service
state: restarted state: restarted
- name: cri-dockerd | reload cri-dockerd.socket - name: Cri-dockerd | reload cri-dockerd.socket
service: service:
name: cri-dockerd.socket name: cri-dockerd.socket
state: restarted state: restarted
- name: cri-dockerd | reload cri-dockerd.service - name: Cri-dockerd | reload cri-dockerd.service
service: service:
name: cri-dockerd.service name: cri-dockerd.service
state: restarted state: restarted
- name: cri-dockerd | enable cri-dockerd service - name: Cri-dockerd | enable cri-dockerd service
service: service:
name: cri-dockerd.service name: cri-dockerd.service
enabled: yes enabled: yes

View File

@ -8,7 +8,8 @@
- role: adduser - role: adduser
user: "{{ addusers.kube }}" user: "{{ addusers.kube }}"
tasks: tasks:
- include_tasks: "../../../../download/tasks/download_file.yml" - name: Download CNI
include_tasks: "../../../../download/tasks/download_file.yml"
vars: vars:
download: "{{ download_defaults | combine(downloads.cni) }}" download: "{{ download_defaults | combine(downloads.cni) }}"

View File

@ -1,5 +1,5 @@
--- ---
- name: runc | Download cri-dockerd binary - name: Runc | Download cri-dockerd binary
include_tasks: "../../../download/tasks/download_file.yml" include_tasks: "../../../download/tasks/download_file.yml"
vars: vars:
download: "{{ download_defaults | combine(downloads.cri_dockerd) }}" download: "{{ download_defaults | combine(downloads.cri_dockerd) }}"
@ -11,7 +11,7 @@
mode: 0755 mode: 0755
remote_src: true remote_src: true
notify: notify:
- restart and enable cri-dockerd - Restart and enable cri-dockerd
- name: Generate cri-dockerd systemd unit files - name: Generate cri-dockerd systemd unit files
template: template:
@ -22,7 +22,7 @@
- cri-dockerd.service - cri-dockerd.service
- cri-dockerd.socket - cri-dockerd.socket
notify: notify:
- restart and enable cri-dockerd - Restart and enable cri-dockerd
- name: Flush handlers - name: Flush handlers
meta: flush_handlers meta: flush_handlers

View File

@ -1,5 +1,5 @@
--- ---
- name: restart crio - name: Restart crio
command: /bin/true command: /bin/true
notify: notify:
- CRI-O | reload systemd - CRI-O | reload systemd

View File

@ -12,7 +12,8 @@
- role: adduser - role: adduser
user: "{{ addusers.kube }}" user: "{{ addusers.kube }}"
tasks: tasks:
- include_tasks: "../../../../download/tasks/download_file.yml" - name: Download CNI
include_tasks: "../../../../download/tasks/download_file.yml"
vars: vars:
download: "{{ download_defaults | combine(downloads.cni) }}" download: "{{ download_defaults | combine(downloads.cni) }}"

View File

@ -109,7 +109,7 @@
- 1.23 - 1.23
- 1.24 - 1.24
- name: cri-o | remove installed packages - name: Cri-o | remove installed packages
package: package:
name: "{{ item }}" name: "{{ item }}"
state: absent state: absent

View File

@ -1,5 +1,5 @@
--- ---
- name: cri-o | check if fedora coreos - name: Cri-o | check if fedora coreos
stat: stat:
path: /run/ostree-booted path: /run/ostree-booted
get_attributes: no get_attributes: no
@ -7,48 +7,48 @@
get_mime: no get_mime: no
register: ostree register: ostree
- name: cri-o | set is_ostree - name: Cri-o | set is_ostree
set_fact: set_fact:
is_ostree: "{{ ostree.stat.exists }}" is_ostree: "{{ ostree.stat.exists }}"
- name: cri-o | get ostree version - name: Cri-o | get ostree version
shell: "set -o pipefail && rpm-ostree --version | awk -F\\' '/Version/{print $2}'" shell: "set -o pipefail && rpm-ostree --version | awk -F\\' '/Version/{print $2}'"
args: args:
executable: /bin/bash executable: /bin/bash
register: ostree_version register: ostree_version
when: is_ostree when: is_ostree
- name: cri-o | Download cri-o - name: Cri-o | Download cri-o
include_tasks: "../../../download/tasks/download_file.yml" include_tasks: "../../../download/tasks/download_file.yml"
vars: vars:
download: "{{ download_defaults | combine(downloads.crio) }}" download: "{{ download_defaults | combine(downloads.crio) }}"
- name: cri-o | special handling for amazon linux - name: Cri-o | special handling for amazon linux
import_tasks: "setup-amazon.yaml" import_tasks: "setup-amazon.yaml"
when: ansible_distribution in ["Amazon"] when: ansible_distribution in ["Amazon"]
- name: cri-o | clean up reglacy repos - name: Cri-o | clean up reglacy repos
import_tasks: "cleanup.yaml" import_tasks: "cleanup.yaml"
- name: cri-o | build a list of crio runtimes with Katacontainers runtimes - name: Cri-o | build a list of crio runtimes with Katacontainers runtimes
set_fact: set_fact:
crio_runtimes: "{{ crio_runtimes + kata_runtimes }}" crio_runtimes: "{{ crio_runtimes + kata_runtimes }}"
when: when:
- kata_containers_enabled - kata_containers_enabled
- name: cri-o | build a list of crio runtimes with crun runtime - name: Cri-o | build a list of crio runtimes with crun runtime
set_fact: set_fact:
crio_runtimes: "{{ crio_runtimes + [crun_runtime] }}" crio_runtimes: "{{ crio_runtimes + [crun_runtime] }}"
when: when:
- crun_enabled - crun_enabled
- name: cri-o | build a list of crio runtimes with youki runtime - name: Cri-o | build a list of crio runtimes with youki runtime
set_fact: set_fact:
crio_runtimes: "{{ crio_runtimes + [youki_runtime] }}" crio_runtimes: "{{ crio_runtimes + [youki_runtime] }}"
when: when:
- youki_enabled - youki_enabled
- name: cri-o | make sure needed folders exist in the system - name: Cri-o | make sure needed folders exist in the system
with_items: with_items:
- /etc/crio - /etc/crio
- /etc/containers - /etc/containers
@ -58,21 +58,21 @@
state: directory state: directory
mode: 0755 mode: 0755
- name: cri-o | install cri-o config - name: Cri-o | install cri-o config
template: template:
src: crio.conf.j2 src: crio.conf.j2
dest: /etc/crio/crio.conf dest: /etc/crio/crio.conf
mode: 0644 mode: 0644
register: config_install register: config_install
- name: cri-o | install config.json - name: Cri-o | install config.json
template: template:
src: config.json.j2 src: config.json.j2
dest: /etc/crio/config.json dest: /etc/crio/config.json
mode: 0644 mode: 0644
register: reg_auth_install register: reg_auth_install
- name: cri-o | copy binaries - name: Cri-o | copy binaries
copy: copy:
src: "{{ local_release_dir }}/cri-o/bin/{{ item }}" src: "{{ local_release_dir }}/cri-o/bin/{{ item }}"
dest: "{{ bin_dir }}/{{ item }}" dest: "{{ bin_dir }}/{{ item }}"
@ -80,48 +80,48 @@
remote_src: true remote_src: true
with_items: with_items:
- "{{ crio_bin_files }}" - "{{ crio_bin_files }}"
notify: restart crio notify: Restart crio
- name: cri-o | copy service file - name: Cri-o | copy service file
copy: copy:
src: "{{ local_release_dir }}/cri-o/contrib/crio.service" src: "{{ local_release_dir }}/cri-o/contrib/crio.service"
dest: /etc/systemd/system/crio.service dest: /etc/systemd/system/crio.service
mode: 0755 mode: 0755
remote_src: true remote_src: true
notify: restart crio notify: Restart crio
- name: cri-o | update the bin dir for crio.service file - name: Cri-o | update the bin dir for crio.service file
replace: replace:
dest: /etc/systemd/system/crio.service dest: /etc/systemd/system/crio.service
regexp: "/usr/local/bin/crio" regexp: "/usr/local/bin/crio"
replace: "{{ bin_dir }}/crio" replace: "{{ bin_dir }}/crio"
notify: restart crio notify: Restart crio
- name: cri-o | copy default policy - name: Cri-o | copy default policy
copy: copy:
src: "{{ local_release_dir }}/cri-o/contrib/policy.json" src: "{{ local_release_dir }}/cri-o/contrib/policy.json"
dest: /etc/containers/policy.json dest: /etc/containers/policy.json
mode: 0755 mode: 0755
remote_src: true remote_src: true
notify: restart crio notify: Restart crio
- name: cri-o | copy mounts.conf - name: Cri-o | copy mounts.conf
copy: copy:
src: mounts.conf src: mounts.conf
dest: /etc/containers/mounts.conf dest: /etc/containers/mounts.conf
mode: 0644 mode: 0644
when: when:
- ansible_os_family == 'RedHat' - ansible_os_family == 'RedHat'
notify: restart crio notify: Restart crio
- name: cri-o | create directory for oci hooks - name: Cri-o | create directory for oci hooks
file: file:
path: /etc/containers/oci/hooks.d path: /etc/containers/oci/hooks.d
state: directory state: directory
owner: root owner: root
mode: 0755 mode: 0755
- name: cri-o | set overlay driver - name: Cri-o | set overlay driver
community.general.ini_file: community.general.ini_file:
dest: /etc/containers/storage.conf dest: /etc/containers/storage.conf
section: storage section: storage
@ -135,7 +135,7 @@
value: '"/var/lib/containers/storage"' value: '"/var/lib/containers/storage"'
# metacopy=on is available since 4.19 and was backported to RHEL 4.18 kernel # metacopy=on is available since 4.19 and was backported to RHEL 4.18 kernel
- name: cri-o | set metacopy mount options correctly - name: Cri-o | set metacopy mount options correctly
community.general.ini_file: community.general.ini_file:
dest: /etc/containers/storage.conf dest: /etc/containers/storage.conf
section: storage.options.overlay section: storage.options.overlay
@ -143,37 +143,37 @@
value: '{{ ''"nodev"'' if ansible_kernel is version_compare(("4.18" if ansible_os_family == "RedHat" else "4.19"), "<") else ''"nodev,metacopy=on"'' }}' value: '{{ ''"nodev"'' if ansible_kernel is version_compare(("4.18" if ansible_os_family == "RedHat" else "4.19"), "<") else ''"nodev,metacopy=on"'' }}'
mode: 0644 mode: 0644
- name: cri-o | create directory registries configs - name: Cri-o | create directory registries configs
file: file:
path: /etc/containers/registries.conf.d path: /etc/containers/registries.conf.d
state: directory state: directory
owner: root owner: root
mode: 0755 mode: 0755
- name: cri-o | write registries configs - name: Cri-o | write registries configs
template: template:
src: registry.conf.j2 src: registry.conf.j2
dest: "/etc/containers/registries.conf.d/10-{{ item.prefix | default(item.location) | regex_replace(':', '_') }}.conf" dest: "/etc/containers/registries.conf.d/10-{{ item.prefix | default(item.location) | regex_replace(':', '_') }}.conf"
mode: 0644 mode: 0644
loop: "{{ crio_registries }}" loop: "{{ crio_registries }}"
notify: restart crio notify: Restart crio
- name: cri-o | configure unqualified registry settings - name: Cri-o | configure unqualified registry settings
template: template:
src: unqualified.conf.j2 src: unqualified.conf.j2
dest: "/etc/containers/registries.conf.d/01-unqualified.conf" dest: "/etc/containers/registries.conf.d/01-unqualified.conf"
mode: 0644 mode: 0644
notify: restart crio notify: Restart crio
- name: cri-o | write cri-o proxy drop-in - name: Cri-o | write cri-o proxy drop-in
template: template:
src: http-proxy.conf.j2 src: http-proxy.conf.j2
dest: /etc/systemd/system/crio.service.d/http-proxy.conf dest: /etc/systemd/system/crio.service.d/http-proxy.conf
mode: 0644 mode: 0644
notify: restart crio notify: Restart crio
when: http_proxy is defined or https_proxy is defined when: http_proxy is defined or https_proxy is defined
- name: cri-o | configure the uid/gid space for user namespaces - name: Cri-o | configure the uid/gid space for user namespaces
lineinfile: lineinfile:
path: '{{ item.path }}' path: '{{ item.path }}'
line: '{{ item.entry }}' line: '{{ item.entry }}'
@ -187,7 +187,7 @@
loop_control: loop_control:
label: '{{ item.path }}' label: '{{ item.path }}'
- name: cri-o | ensure crio service is started and enabled - name: Cri-o | ensure crio service is started and enabled
service: service:
name: crio name: crio
daemon_reload: true daemon_reload: true
@ -195,7 +195,7 @@
state: started state: started
register: service_start register: service_start
- name: cri-o | trigger service restart only when needed - name: Cri-o | trigger service restart only when needed
service: service:
name: crio name: crio
state: restarted state: restarted
@ -203,7 +203,7 @@
- config_install.changed or reg_auth_install.changed - config_install.changed or reg_auth_install.changed
- not service_start.changed - not service_start.changed
- name: cri-o | verify that crio is running - name: Cri-o | verify that crio is running
command: "{{ bin_dir }}/crio-status info" command: "{{ bin_dir }}/crio-status info"
register: get_crio_info register: get_crio_info
until: get_crio_info is succeeded until: get_crio_info is succeeded

View File

@ -1,5 +1,5 @@
--- ---
- name: crictl | Download crictl - name: Crictl | Download crictl
include_tasks: "../../../download/tasks/download_file.yml" include_tasks: "../../../download/tasks/download_file.yml"
vars: vars:
download: "{{ download_defaults | combine(downloads.crictl) }}" download: "{{ download_defaults | combine(downloads.crictl) }}"

View File

@ -1,3 +1,3 @@
--- ---
- name: install crictl - name: Install crictl
include_tasks: crictl.yml include_tasks: crictl.yml

View File

@ -1,5 +1,5 @@
--- ---
- name: crun | Download crun binary - name: Crun | Download crun binary
include_tasks: "../../../download/tasks/download_file.yml" include_tasks: "../../../download/tasks/download_file.yml"
vars: vars:
download: "{{ download_defaults | combine(downloads.crun) }}" download: "{{ download_defaults | combine(downloads.crun) }}"

View File

@ -1,18 +1,18 @@
--- ---
- name: docker-storage-setup | install git and make - name: Docker-storage-setup | install git and make
with_items: [git, make] with_items: [git, make]
package: package:
pkg: "{{ item }}" pkg: "{{ item }}"
state: present state: present
- name: docker-storage-setup | docker-storage-setup sysconfig template - name: Docker-storage-setup | docker-storage-setup sysconfig template
template: template:
src: docker-storage-setup.j2 src: docker-storage-setup.j2
dest: /etc/sysconfig/docker-storage-setup dest: /etc/sysconfig/docker-storage-setup
mode: 0644 mode: 0644
- name: docker-storage-override-directory | docker service storage-setup override dir - name: Docker-storage-override-directory | docker service storage-setup override dir
file: file:
dest: /etc/systemd/system/docker.service.d dest: /etc/systemd/system/docker.service.d
mode: 0755 mode: 0755
@ -20,7 +20,7 @@
group: root group: root
state: directory state: directory
- name: docker-storage-override | docker service storage-setup override file - name: Docker-storage-override | docker service storage-setup override file
copy: copy:
dest: /etc/systemd/system/docker.service.d/override.conf dest: /etc/systemd/system/docker.service.d/override.conf
content: |- content: |-
@ -33,12 +33,12 @@
mode: 0644 mode: 0644
# https://docs.docker.com/engine/installation/linux/docker-ce/centos/#install-using-the-repository # https://docs.docker.com/engine/installation/linux/docker-ce/centos/#install-using-the-repository
- name: docker-storage-setup | install lvm2 - name: Docker-storage-setup | install lvm2
package: package:
name: lvm2 name: lvm2
state: present state: present
- name: docker-storage-setup | install and run container-storage-setup - name: Docker-storage-setup | install and run container-storage-setup
become: yes become: yes
script: | script: |
install_container_storage_setup.sh \ install_container_storage_setup.sh \

View File

@ -1,5 +1,5 @@
--- ---
- name: restart docker - name: Restart docker
command: /bin/true command: /bin/true
notify: notify:
- Docker | reload systemd - Docker | reload systemd

View File

@ -1,5 +1,5 @@
--- ---
- name: check if fedora coreos - name: Check if fedora coreos
stat: stat:
path: /run/ostree-booted path: /run/ostree-booted
get_attributes: no get_attributes: no
@ -7,18 +7,18 @@
get_mime: no get_mime: no
register: ostree register: ostree
- name: set is_ostree - name: Set is_ostree
set_fact: set_fact:
is_ostree: "{{ ostree.stat.exists }}" is_ostree: "{{ ostree.stat.exists }}"
- name: set docker_version for openEuler - name: Set docker_version for openEuler
set_fact: set_fact:
docker_version: '19.03' docker_version: '19.03'
when: ansible_distribution == "openEuler" when: ansible_distribution == "openEuler"
tags: tags:
- facts - facts
- name: gather os specific variables - name: Gather os specific variables
include_vars: "{{ item }}" include_vars: "{{ item }}"
with_first_found: with_first_found:
- files: - files:
@ -44,14 +44,16 @@
msg: "SUSE distributions always install Docker from the distro repos" msg: "SUSE distributions always install Docker from the distro repos"
when: ansible_pkg_mgr == 'zypper' when: ansible_pkg_mgr == 'zypper'
- include_tasks: set_facts_dns.yml - name: Gather DNS facts
include_tasks: set_facts_dns.yml
when: dns_mode != 'none' and resolvconf_mode == 'docker_dns' when: dns_mode != 'none' and resolvconf_mode == 'docker_dns'
tags: tags:
- facts - facts
- import_tasks: pre-upgrade.yml - name: Pre-upgrade docker
import_tasks: pre-upgrade.yml
- name: ensure docker-ce repository public key is installed - name: Ensure docker-ce repository public key is installed
apt_key: apt_key:
id: "{{ item }}" id: "{{ item }}"
url: "{{ docker_repo_key_info.url }}" url: "{{ docker_repo_key_info.url }}"
@ -64,7 +66,7 @@
environment: "{{ proxy_env }}" environment: "{{ proxy_env }}"
when: ansible_pkg_mgr == 'apt' when: ansible_pkg_mgr == 'apt'
- name: ensure docker-ce repository is enabled - name: Ensure docker-ce repository is enabled
apt_repository: apt_repository:
repo: "{{ item }}" repo: "{{ item }}"
state: present state: present
@ -99,7 +101,7 @@
- docker-ce - docker-ce
- docker-ce-cli - docker-ce-cli
- name: ensure docker packages are installed - name: Ensure docker packages are installed
package: package:
name: "{{ docker_package_info.pkgs }}" name: "{{ docker_package_info.pkgs }}"
state: "{{ docker_package_info.state | default('present') }}" state: "{{ docker_package_info.state | default('present') }}"
@ -117,7 +119,7 @@
until: docker_task_result is succeeded until: docker_task_result is succeeded
retries: 4 retries: 4
delay: "{{ retry_stagger | d(3) }}" delay: "{{ retry_stagger | d(3) }}"
notify: restart docker notify: Restart docker
when: when:
- not ansible_os_family in ["Flatcar", "Flatcar Container Linux by Kinvolk"] - not ansible_os_family in ["Flatcar", "Flatcar Container Linux by Kinvolk"]
- not is_ostree - not is_ostree
@ -135,9 +137,9 @@
- docker-ce - docker-ce
- docker-ce-cli - docker-ce-cli
- name: ensure docker started, remove our config if docker start failed and try again - name: Ensure docker started, remove our config if docker start failed and try again
block: block:
- name: ensure service is started if docker packages are already present - name: Ensure service is started if docker packages are already present
service: service:
name: docker name: docker
state: started state: started
@ -145,7 +147,7 @@
rescue: rescue:
- debug: # noqa name[missing] - debug: # noqa name[missing]
msg: "Docker start failed. Try to remove our config" msg: "Docker start failed. Try to remove our config"
- name: remove kubespray generated config - name: Remove kubespray generated config
file: file:
path: "{{ item }}" path: "{{ item }}"
state: absent state: absent
@ -154,13 +156,14 @@
- /etc/systemd/system/docker.service.d/docker-options.conf - /etc/systemd/system/docker.service.d/docker-options.conf
- /etc/systemd/system/docker.service.d/docker-dns.conf - /etc/systemd/system/docker.service.d/docker-dns.conf
- /etc/systemd/system/docker.service.d/docker-orphan-cleanup.conf - /etc/systemd/system/docker.service.d/docker-orphan-cleanup.conf
notify: restart docker notify: Restart docker
- name: flush handlers so we can wait for docker to come up - name: Flush handlers so we can wait for docker to come up
meta: flush_handlers meta: flush_handlers
# Install each plugin using a looped include to make error handling in the included task simpler. # Install each plugin using a looped include to make error handling in the included task simpler.
- include_tasks: docker_plugin.yml - name: Install docker plugin
include_tasks: docker_plugin.yml
loop: "{{ docker_plugins }}" loop: "{{ docker_plugins }}"
loop_control: loop_control:
loop_var: docker_plugin loop_var: docker_plugin
@ -168,7 +171,7 @@
- name: Set docker systemd config - name: Set docker systemd config
import_tasks: systemd.yml import_tasks: systemd.yml
- name: ensure docker service is started and enabled - name: Ensure docker service is started and enabled
service: service:
name: "{{ item }}" name: "{{ item }}"
enabled: yes enabled: yes

View File

@ -21,7 +21,7 @@
ignore_errors: true # noqa ignore-errors ignore_errors: true # noqa ignore-errors
when: docker_packages_list | length>0 when: docker_packages_list | length>0
- name: reset | remove all containers - name: Reset | remove all containers
shell: "set -o pipefail && {{ docker_bin_dir }}/docker ps -aq | xargs -r docker rm -fv" shell: "set -o pipefail && {{ docker_bin_dir }}/docker ps -aq | xargs -r docker rm -fv"
args: args:
executable: /bin/bash executable: /bin/bash

View File

@ -1,23 +1,23 @@
--- ---
- name: set dns server for docker - name: Set dns server for docker
set_fact: set_fact:
docker_dns_servers: "{{ dns_servers }}" docker_dns_servers: "{{ dns_servers }}"
- name: show docker_dns_servers - name: Show docker_dns_servers
debug: debug:
msg: "{{ docker_dns_servers }}" msg: "{{ docker_dns_servers }}"
- name: add upstream dns servers - name: Add upstream dns servers
set_fact: set_fact:
docker_dns_servers: "{{ docker_dns_servers + upstream_dns_servers | default([]) }}" docker_dns_servers: "{{ docker_dns_servers + upstream_dns_servers | default([]) }}"
when: dns_mode in ['coredns', 'coredns_dual'] when: dns_mode in ['coredns', 'coredns_dual']
- name: add global searchdomains - name: Add global searchdomains
set_fact: set_fact:
docker_dns_search_domains: "{{ docker_dns_search_domains + searchdomains | default([]) }}" docker_dns_search_domains: "{{ docker_dns_search_domains + searchdomains | default([]) }}"
- name: check system nameservers - name: Check system nameservers
shell: set -o pipefail && grep "^nameserver" /etc/resolv.conf | sed -r 's/^nameserver\s*([^#\s]+)\s*(#.*)?/\1/' shell: set -o pipefail && grep "^nameserver" /etc/resolv.conf | sed -r 's/^nameserver\s*([^#\s]+)\s*(#.*)?/\1/'
args: args:
executable: /bin/bash executable: /bin/bash
@ -25,7 +25,7 @@
register: system_nameservers register: system_nameservers
check_mode: no check_mode: no
- name: check system search domains - name: Check system search domains
# noqa risky-shell-pipe - if resolf.conf has no search domain, grep will exit 1 which would force us to add failed_when: false # noqa risky-shell-pipe - if resolf.conf has no search domain, grep will exit 1 which would force us to add failed_when: false
# Therefore -o pipefail is not applicable in this specific instance # Therefore -o pipefail is not applicable in this specific instance
shell: grep "^search" /etc/resolv.conf | sed -r 's/^search\s*([^#]+)\s*(#.*)?/\1/' shell: grep "^search" /etc/resolv.conf | sed -r 's/^search\s*([^#]+)\s*(#.*)?/\1/'
@ -35,32 +35,32 @@
register: system_search_domains register: system_search_domains
check_mode: no check_mode: no
- name: add system nameservers to docker options - name: Add system nameservers to docker options
set_fact: set_fact:
docker_dns_servers: "{{ docker_dns_servers | union(system_nameservers.stdout_lines) | unique }}" docker_dns_servers: "{{ docker_dns_servers | union(system_nameservers.stdout_lines) | unique }}"
when: system_nameservers.stdout when: system_nameservers.stdout
- name: add system search domains to docker options - name: Add system search domains to docker options
set_fact: set_fact:
docker_dns_search_domains: "{{ docker_dns_search_domains | union(system_search_domains.stdout.split() | default([])) | unique }}" docker_dns_search_domains: "{{ docker_dns_search_domains | union(system_search_domains.stdout.split() | default([])) | unique }}"
when: system_search_domains.stdout when: system_search_domains.stdout
- name: check number of nameservers - name: Check number of nameservers
fail: fail:
msg: "Too many nameservers. You can relax this check by set docker_dns_servers_strict=false in docker.yml and we will only use the first 3." msg: "Too many nameservers. You can relax this check by set docker_dns_servers_strict=false in docker.yml and we will only use the first 3."
when: docker_dns_servers | length > 3 and docker_dns_servers_strict | bool when: docker_dns_servers | length > 3 and docker_dns_servers_strict | bool
- name: rtrim number of nameservers to 3 - name: Rtrim number of nameservers to 3
set_fact: set_fact:
docker_dns_servers: "{{ docker_dns_servers[0:3] }}" docker_dns_servers: "{{ docker_dns_servers[0:3] }}"
when: docker_dns_servers | length > 3 and not docker_dns_servers_strict | bool when: docker_dns_servers | length > 3 and not docker_dns_servers_strict | bool
- name: check number of search domains - name: Check number of search domains
fail: fail:
msg: "Too many search domains" msg: "Too many search domains"
when: docker_dns_search_domains | length > 6 when: docker_dns_search_domains | length > 6
- name: check length of search domains - name: Check length of search domains
fail: fail:
msg: "Search domains exceeded limit of 256 characters" msg: "Search domains exceeded limit of 256 characters"
when: docker_dns_search_domains | join(' ') | length > 256 when: docker_dns_search_domains | join(' ') | length > 256

View File

@ -10,10 +10,10 @@
src: http-proxy.conf.j2 src: http-proxy.conf.j2
dest: /etc/systemd/system/docker.service.d/http-proxy.conf dest: /etc/systemd/system/docker.service.d/http-proxy.conf
mode: 0644 mode: 0644
notify: restart docker notify: Restart docker
when: http_proxy is defined or https_proxy is defined when: http_proxy is defined or https_proxy is defined
- name: get systemd version - name: Get systemd version
# noqa command-instead-of-module - systemctl is called intentionally here # noqa command-instead-of-module - systemctl is called intentionally here
shell: set -o pipefail && systemctl --version | head -n 1 | cut -d " " -f 2 shell: set -o pipefail && systemctl --version | head -n 1 | cut -d " " -f 2
args: args:
@ -29,7 +29,7 @@
dest: /etc/systemd/system/docker.service dest: /etc/systemd/system/docker.service
mode: 0644 mode: 0644
register: docker_service_file register: docker_service_file
notify: restart docker notify: Restart docker
when: when:
- not ansible_os_family in ["Flatcar", "Flatcar Container Linux by Kinvolk"] - not ansible_os_family in ["Flatcar", "Flatcar Container Linux by Kinvolk"]
- not is_fedora_coreos - not is_fedora_coreos
@ -39,14 +39,14 @@
src: docker-options.conf.j2 src: docker-options.conf.j2
dest: "/etc/systemd/system/docker.service.d/docker-options.conf" dest: "/etc/systemd/system/docker.service.d/docker-options.conf"
mode: 0644 mode: 0644
notify: restart docker notify: Restart docker
- name: Write docker dns systemd drop-in - name: Write docker dns systemd drop-in
template: template:
src: docker-dns.conf.j2 src: docker-dns.conf.j2
dest: "/etc/systemd/system/docker.service.d/docker-dns.conf" dest: "/etc/systemd/system/docker.service.d/docker-dns.conf"
mode: 0644 mode: 0644
notify: restart docker notify: Restart docker
when: dns_mode != 'none' and resolvconf_mode == 'docker_dns' when: dns_mode != 'none' and resolvconf_mode == 'docker_dns'
- name: Copy docker orphan clean up script to the node - name: Copy docker orphan clean up script to the node
@ -61,7 +61,7 @@
src: docker-orphan-cleanup.conf.j2 src: docker-orphan-cleanup.conf.j2
dest: "/etc/systemd/system/docker.service.d/docker-orphan-cleanup.conf" dest: "/etc/systemd/system/docker.service.d/docker-orphan-cleanup.conf"
mode: 0644 mode: 0644
notify: restart docker notify: Restart docker
when: docker_orphan_clean_up | bool when: docker_orphan_clean_up | bool
- name: Flush handlers - name: Flush handlers

View File

@ -8,7 +8,8 @@
- role: adduser - role: adduser
user: "{{ addusers.kube }}" user: "{{ addusers.kube }}"
tasks: tasks:
- include_tasks: "../../../../download/tasks/download_file.yml" - name: Download CNI
include_tasks: "../../../../download/tasks/download_file.yml"
vars: vars:
download: "{{ download_defaults | combine(downloads.cni) }}" download: "{{ download_defaults | combine(downloads.cni) }}"

View File

@ -1,15 +1,15 @@
--- ---
- name: gVisor | Download runsc binary - name: GVisor | Download runsc binary
include_tasks: "../../../download/tasks/download_file.yml" include_tasks: "../../../download/tasks/download_file.yml"
vars: vars:
download: "{{ download_defaults | combine(downloads.gvisor_runsc) }}" download: "{{ download_defaults | combine(downloads.gvisor_runsc) }}"
- name: gVisor | Download containerd-shim-runsc-v1 binary - name: GVisor | Download containerd-shim-runsc-v1 binary
include_tasks: "../../../download/tasks/download_file.yml" include_tasks: "../../../download/tasks/download_file.yml"
vars: vars:
download: "{{ download_defaults | combine(downloads.gvisor_containerd_shim) }}" download: "{{ download_defaults | combine(downloads.gvisor_containerd_shim) }}"
- name: gVisor | Copy binaries - name: GVisor | Copy binaries
copy: copy:
src: "{{ item.src }}" src: "{{ item.src }}"
dest: "{{ bin_dir }}/{{ item.dest }}" dest: "{{ bin_dir }}/{{ item.dest }}"

View File

@ -8,7 +8,8 @@
- role: adduser - role: adduser
user: "{{ addusers.kube }}" user: "{{ addusers.kube }}"
tasks: tasks:
- include_tasks: "../../../../download/tasks/download_file.yml" - name: Download CNI
include_tasks: "../../../../download/tasks/download_file.yml"
vars: vars:
download: "{{ download_defaults | combine(downloads.cni) }}" download: "{{ download_defaults | combine(downloads.cni) }}"

View File

@ -1,23 +1,23 @@
--- ---
- name: kata-containers | Download kata binary - name: Kata-containers | Download kata binary
include_tasks: "../../../download/tasks/download_file.yml" include_tasks: "../../../download/tasks/download_file.yml"
vars: vars:
download: "{{ download_defaults | combine(downloads.kata_containers) }}" download: "{{ download_defaults | combine(downloads.kata_containers) }}"
- name: kata-containers | Copy kata-containers binary - name: Kata-containers | Copy kata-containers binary
unarchive: unarchive:
src: "{{ downloads.kata_containers.dest }}" src: "{{ downloads.kata_containers.dest }}"
dest: "/" dest: "/"
mode: 0755 mode: 0755
remote_src: yes remote_src: yes
- name: kata-containers | Create config directory - name: Kata-containers | Create config directory
file: file:
path: "{{ kata_containers_config_dir }}" path: "{{ kata_containers_config_dir }}"
state: directory state: directory
mode: 0755 mode: 0755
- name: kata-containers | Set configuration - name: Kata-containers | Set configuration
template: template:
src: "{{ item }}.j2" src: "{{ item }}.j2"
dest: "{{ kata_containers_config_dir }}/{{ item }}" dest: "{{ kata_containers_config_dir }}/{{ item }}"
@ -25,7 +25,7 @@
with_items: with_items:
- configuration-qemu.toml - configuration-qemu.toml
- name: kata-containers | Set containerd bin - name: Kata-containers | Set containerd bin
vars: vars:
shim: "{{ item }}" shim: "{{ item }}"
template: template:
@ -35,7 +35,7 @@
with_items: with_items:
- qemu - qemu
- name: kata-containers | Load vhost kernel modules - name: Kata-containers | Load vhost kernel modules
community.general.modprobe: community.general.modprobe:
state: present state: present
name: "{{ item }}" name: "{{ item }}"
@ -43,7 +43,7 @@
- vhost_vsock - vhost_vsock
- vhost_net - vhost_net
- name: kata-containers | Persist vhost kernel modules - name: Kata-containers | Persist vhost kernel modules
copy: copy:
dest: /etc/modules-load.d/kubespray-kata-containers.conf dest: /etc/modules-load.d/kubespray-kata-containers.conf
mode: 0644 mode: 0644

View File

@ -1,10 +1,10 @@
--- ---
- name: nerdctl | Download nerdctl - name: Nerdctl | Download nerdctl
include_tasks: "../../../download/tasks/download_file.yml" include_tasks: "../../../download/tasks/download_file.yml"
vars: vars:
download: "{{ download_defaults | combine(downloads.nerdctl) }}" download: "{{ download_defaults | combine(downloads.nerdctl) }}"
- name: nerdctl | Copy nerdctl binary from download dir - name: Nerdctl | Copy nerdctl binary from download dir
copy: copy:
src: "{{ local_release_dir }}/nerdctl" src: "{{ local_release_dir }}/nerdctl"
dest: "{{ bin_dir }}/nerdctl" dest: "{{ bin_dir }}/nerdctl"
@ -17,7 +17,7 @@
- Get nerdctl completion - Get nerdctl completion
- Install nerdctl completion - Install nerdctl completion
- name: nerdctl | Create configuration dir - name: Nerdctl | Create configuration dir
file: file:
path: /etc/nerdctl path: /etc/nerdctl
state: directory state: directory
@ -26,7 +26,7 @@
group: root group: root
become: true become: true
- name: nerdctl | Install nerdctl configuration - name: Nerdctl | Install nerdctl configuration
template: template:
src: nerdctl.toml.j2 src: nerdctl.toml.j2
dest: /etc/nerdctl/nerdctl.toml dest: /etc/nerdctl/nerdctl.toml

View File

@ -1,5 +1,5 @@
--- ---
- name: runc | check if fedora coreos - name: Runc | check if fedora coreos
stat: stat:
path: /run/ostree-booted path: /run/ostree-booted
get_attributes: no get_attributes: no
@ -7,18 +7,18 @@
get_mime: no get_mime: no
register: ostree register: ostree
- name: runc | set is_ostree - name: Runc | set is_ostree
set_fact: set_fact:
is_ostree: "{{ ostree.stat.exists }}" is_ostree: "{{ ostree.stat.exists }}"
- name: runc | Uninstall runc package managed by package manager - name: Runc | Uninstall runc package managed by package manager
package: package:
name: "{{ runc_package_name }}" name: "{{ runc_package_name }}"
state: absent state: absent
when: when:
- not (is_ostree or (ansible_distribution == "Flatcar Container Linux by Kinvolk") or (ansible_distribution == "Flatcar")) - not (is_ostree or (ansible_distribution == "Flatcar Container Linux by Kinvolk") or (ansible_distribution == "Flatcar"))
- name: runc | Download runc binary - name: Runc | Download runc binary
include_tasks: "../../../download/tasks/download_file.yml" include_tasks: "../../../download/tasks/download_file.yml"
vars: vars:
download: "{{ download_defaults | combine(downloads.runc) }}" download: "{{ download_defaults | combine(downloads.runc) }}"
@ -30,7 +30,7 @@
mode: 0755 mode: 0755
remote_src: true remote_src: true
- name: runc | Remove orphaned binary - name: Runc | Remove orphaned binary
file: file:
path: /usr/bin/runc path: /usr/bin/runc
state: absent state: absent

View File

@ -1,5 +1,5 @@
--- ---
- name: skopeo | check if fedora coreos - name: Skopeo | check if fedora coreos
stat: stat:
path: /run/ostree-booted path: /run/ostree-booted
get_attributes: no get_attributes: no
@ -7,11 +7,11 @@
get_mime: no get_mime: no
register: ostree register: ostree
- name: skopeo | set is_ostree - name: Skopeo | set is_ostree
set_fact: set_fact:
is_ostree: "{{ ostree.stat.exists }}" is_ostree: "{{ ostree.stat.exists }}"
- name: skopeo | Uninstall skopeo package managed by package manager - name: Skopeo | Uninstall skopeo package managed by package manager
package: package:
name: skopeo name: skopeo
state: absent state: absent
@ -19,7 +19,7 @@
- not (is_ostree or (ansible_distribution == "Flatcar Container Linux by Kinvolk") or (ansible_distribution == "Flatcar")) - not (is_ostree or (ansible_distribution == "Flatcar Container Linux by Kinvolk") or (ansible_distribution == "Flatcar"))
ignore_errors: true # noqa ignore-errors ignore_errors: true # noqa ignore-errors
- name: skopeo | Download skopeo binary - name: Skopeo | Download skopeo binary
include_tasks: "../../../download/tasks/download_file.yml" include_tasks: "../../../download/tasks/download_file.yml"
vars: vars:
download: "{{ download_defaults | combine(downloads.skopeo) }}" download: "{{ download_defaults | combine(downloads.skopeo) }}"

View File

@ -1,5 +1,5 @@
--- ---
- name: validate-container-engine | check if fedora coreos - name: Validate-container-engine | check if fedora coreos
stat: stat:
path: /run/ostree-booted path: /run/ostree-booted
get_attributes: no get_attributes: no
@ -9,7 +9,7 @@
tags: tags:
- facts - facts
- name: validate-container-engine | set is_ostree - name: Validate-container-engine | set is_ostree
set_fact: set_fact:
is_ostree: "{{ ostree.stat.exists }}" is_ostree: "{{ ostree.stat.exists }}"
tags: tags:

View File

@ -8,7 +8,8 @@
- role: adduser - role: adduser
user: "{{ addusers.kube }}" user: "{{ addusers.kube }}"
tasks: tasks:
- include_tasks: "../../../../download/tasks/download_file.yml" - name: Download CNI
include_tasks: "../../../../download/tasks/download_file.yml"
vars: vars:
download: "{{ download_defaults | combine(downloads.cni) }}" download: "{{ download_defaults | combine(downloads.cni) }}"

View File

@ -1,10 +1,10 @@
--- ---
- name: youki | Download youki - name: Youki | Download youki
include_tasks: "../../../download/tasks/download_file.yml" include_tasks: "../../../download/tasks/download_file.yml"
vars: vars:
download: "{{ download_defaults | combine(downloads.youki) }}" download: "{{ download_defaults | combine(downloads.youki) }}"
- name: youki | Copy youki binary from download dir - name: Youki | Copy youki binary from download dir
copy: copy:
src: "{{ local_release_dir }}/youki_v{{ youki_version | regex_replace('\\.', '_') }}_linux/youki-v{{ youki_version }}/youki" src: "{{ local_release_dir }}/youki_v{{ youki_version | regex_replace('\\.', '_') }}_linux/youki-v{{ youki_version }}/youki"
dest: "{{ youki_bin_dir }}/youki" dest: "{{ youki_bin_dir }}/youki"

View File

@ -1,20 +1,20 @@
--- ---
# The image_info_command depends on the Container Runtime and will output something like the following: # The image_info_command depends on the Container Runtime and will output something like the following:
# nginx:1.15,gcr.io/google-containers/kube-proxy:v1.14.1,gcr.io/google-containers/kube-proxy@sha256:44af2833c6cbd9a7fc2e9d2f5244a39dfd2e31ad91bf9d4b7d810678db738ee9,gcr.io/google-containers/kube-apiserver:v1.14.1,etc... # nginx:1.15,gcr.io/google-containers/kube-proxy:v1.14.1,gcr.io/google-containers/kube-proxy@sha256:44af2833c6cbd9a7fc2e9d2f5244a39dfd2e31ad91bf9d4b7d810678db738ee9,gcr.io/google-containers/kube-apiserver:v1.14.1,etc...
- name: check_pull_required | Generate a list of information about the images on a node # noqa command-instead-of-shell - image_info_command contains a pipe, therefore requiring shell - name: Check_pull_required | Generate a list of information about the images on a node # noqa command-instead-of-shell - image_info_command contains a pipe, therefore requiring shell
shell: "{{ image_info_command }}" shell: "{{ image_info_command }}"
register: docker_images register: docker_images
changed_when: false changed_when: false
check_mode: no check_mode: no
when: not download_always_pull when: not download_always_pull
- name: check_pull_required | Set pull_required if the desired image is not yet loaded - name: Check_pull_required | Set pull_required if the desired image is not yet loaded
set_fact: set_fact:
pull_required: >- pull_required: >-
{%- if image_reponame | regex_replace('^docker\.io/(library/)?', '') in docker_images.stdout.split(',') %}false{%- else -%}true{%- endif -%} {%- if image_reponame | regex_replace('^docker\.io/(library/)?', '') in docker_images.stdout.split(',') %}false{%- else -%}true{%- endif -%}
when: not download_always_pull when: not download_always_pull
- name: check_pull_required | Check that the local digest sha256 corresponds to the given image tag - name: Check_pull_required | Check that the local digest sha256 corresponds to the given image tag
assert: assert:
that: "{{ download.repo }}:{{ download.tag }} in docker_images.stdout.split(',')" that: "{{ download.repo }}:{{ download.tag }} in docker_images.stdout.split(',')"
when: when:

View File

@ -1,6 +1,6 @@
--- ---
- block: - block:
- name: set default values for flag variables - name: Set default values for flag variables
set_fact: set_fact:
image_is_cached: false image_is_cached: false
image_changed: false image_changed: false
@ -8,12 +8,12 @@
tags: tags:
- facts - facts
- name: download_container | Set a few facts - name: Download_container | Set a few facts
import_tasks: set_container_facts.yml import_tasks: set_container_facts.yml
tags: tags:
- facts - facts
- name: download_container | Prepare container download - name: Download_container | Prepare container download
include_tasks: check_pull_required.yml include_tasks: check_pull_required.yml
when: when:
- not download_always_pull - not download_always_pull
@ -21,7 +21,7 @@
- debug: # noqa name[missing] - debug: # noqa name[missing]
msg: "Pull {{ image_reponame }} required is: {{ pull_required }}" msg: "Pull {{ image_reponame }} required is: {{ pull_required }}"
- name: download_container | Determine if image is in cache - name: Download_container | Determine if image is in cache
stat: stat:
path: "{{ image_path_cached }}" path: "{{ image_path_cached }}"
get_attributes: no get_attributes: no
@ -36,7 +36,7 @@
when: when:
- download_force_cache - download_force_cache
- name: download_container | Set fact indicating if image is in cache - name: Download_container | Set fact indicating if image is in cache
set_fact: set_fact:
image_is_cached: "{{ cache_image.stat.exists }}" image_is_cached: "{{ cache_image.stat.exists }}"
tags: tags:
@ -52,7 +52,7 @@
- download_force_cache - download_force_cache
- not download_run_once - not download_run_once
- name: download_container | Download image if required - name: Download_container | Download image if required
command: "{{ image_pull_command_on_localhost if download_localhost else image_pull_command }} {{ image_reponame }}" command: "{{ image_pull_command_on_localhost if download_localhost else image_pull_command }} {{ image_reponame }}"
delegate_to: "{{ download_delegate if download_run_once else inventory_hostname }}" delegate_to: "{{ download_delegate if download_run_once else inventory_hostname }}"
delegate_facts: yes delegate_facts: yes
@ -67,7 +67,7 @@
- pull_required or download_run_once - pull_required or download_run_once
- not image_is_cached - not image_is_cached
- name: download_container | Save and compress image - name: Download_container | Save and compress image
shell: "{{ image_save_command_on_localhost if download_localhost else image_save_command }}" # noqa command-instead-of-shell - image_save_command_on_localhost contains a pipe, therefore requires shell shell: "{{ image_save_command_on_localhost if download_localhost else image_save_command }}" # noqa command-instead-of-shell - image_save_command_on_localhost contains a pipe, therefore requires shell
delegate_to: "{{ download_delegate }}" delegate_to: "{{ download_delegate }}"
delegate_facts: no delegate_facts: no
@ -79,7 +79,7 @@
- not image_is_cached - not image_is_cached
- download_run_once - download_run_once
- name: download_container | Copy image to ansible host cache - name: Download_container | Copy image to ansible host cache
ansible.posix.synchronize: ansible.posix.synchronize:
src: "{{ image_path_final }}" src: "{{ image_path_final }}"
dest: "{{ image_path_cached }}" dest: "{{ image_path_cached }}"
@ -91,7 +91,7 @@
- not download_localhost - not download_localhost
- download_delegate == inventory_hostname - download_delegate == inventory_hostname
- name: download_container | Upload image to node if it is cached - name: Download_container | Upload image to node if it is cached
ansible.posix.synchronize: ansible.posix.synchronize:
src: "{{ image_path_cached }}" src: "{{ image_path_cached }}"
dest: "{{ image_path_final }}" dest: "{{ image_path_final }}"
@ -107,7 +107,7 @@
- pull_required - pull_required
- download_force_cache - download_force_cache
- name: download_container | Load image into the local container registry - name: Download_container | Load image into the local container registry
shell: "{{ image_load_command }}" # noqa command-instead-of-shell - image_load_command uses pipes, therefore requires shell shell: "{{ image_load_command }}" # noqa command-instead-of-shell - image_load_command uses pipes, therefore requires shell
register: container_load_status register: container_load_status
failed_when: container_load_status is failed failed_when: container_load_status is failed
@ -115,7 +115,7 @@
- pull_required - pull_required
- download_force_cache - download_force_cache
- name: download_container | Remove container image from cache - name: Download_container | Remove container image from cache
file: file:
state: absent state: absent
path: "{{ image_path_final }}" path: "{{ image_path_final }}"

View File

@ -1,21 +1,22 @@
--- ---
- block: - name: "Download_file | download {{ download.dest }}"
- name: prep_download | Set a few facts block:
- name: Prep_download | Set a few facts
set_fact: set_fact:
download_force_cache: "{{ true if download_run_once else download_force_cache }}" download_force_cache: "{{ true if download_run_once else download_force_cache }}"
- name: download_file | Starting download of file - name: Download_file | Starting download of file
debug: debug:
msg: "{{ download.url }}" msg: "{{ download.url }}"
run_once: "{{ download_run_once }}" run_once: "{{ download_run_once }}"
- name: download_file | Set pathname of cached file - name: Download_file | Set pathname of cached file
set_fact: set_fact:
file_path_cached: "{{ download_cache_dir }}/{{ download.dest | basename }}" file_path_cached: "{{ download_cache_dir }}/{{ download.dest | basename }}"
tags: tags:
- facts - facts
- name: download_file | Create dest directory on node - name: Download_file | Create dest directory on node
file: file:
path: "{{ download.dest | dirname }}" path: "{{ download.dest | dirname }}"
owner: "{{ download.owner | default(omit) }}" owner: "{{ download.owner | default(omit) }}"
@ -23,7 +24,7 @@
state: directory state: directory
recurse: yes recurse: yes
- name: download_file | Create local cache directory - name: Download_file | Create local cache directory
file: file:
path: "{{ file_path_cached | dirname }}" path: "{{ file_path_cached | dirname }}"
state: directory state: directory
@ -38,7 +39,7 @@
tags: tags:
- localhost - localhost
- name: download_file | Create cache directory on download_delegate host - name: Download_file | Create cache directory on download_delegate host
file: file:
path: "{{ file_path_cached | dirname }}" path: "{{ file_path_cached | dirname }}"
state: directory state: directory
@ -52,7 +53,7 @@
# We check a number of mirrors that may hold the file and pick a working one at random # We check a number of mirrors that may hold the file and pick a working one at random
# This task will avoid logging it's parameters to not leak environment passwords in the log # This task will avoid logging it's parameters to not leak environment passwords in the log
- name: download_file | Validate mirrors - name: Download_file | Validate mirrors
uri: uri:
url: "{{ mirror }}" url: "{{ mirror }}"
method: HEAD method: HEAD
@ -75,14 +76,14 @@
ignore_errors: true ignore_errors: true
# Ansible 2.9 requires we convert a generator to a list # Ansible 2.9 requires we convert a generator to a list
- name: download_file | Get the list of working mirrors - name: Download_file | Get the list of working mirrors
set_fact: set_fact:
valid_mirror_urls: "{{ uri_result.results | selectattr('failed', 'eq', False) | map(attribute='mirror') | list }}" valid_mirror_urls: "{{ uri_result.results | selectattr('failed', 'eq', False) | map(attribute='mirror') | list }}"
delegate_to: "{{ download_delegate if download_force_cache else inventory_hostname }}" delegate_to: "{{ download_delegate if download_force_cache else inventory_hostname }}"
# This must always be called, to check if the checksum matches. On no-match the file is re-downloaded. # This must always be called, to check if the checksum matches. On no-match the file is re-downloaded.
# This task will avoid logging it's parameters to not leak environment passwords in the log # This task will avoid logging it's parameters to not leak environment passwords in the log
- name: download_file | Download item - name: Download_file | Download item
get_url: get_url:
url: "{{ valid_mirror_urls | random }}" url: "{{ valid_mirror_urls | random }}"
dest: "{{ file_path_cached if download_force_cache else download.dest }}" dest: "{{ file_path_cached if download_force_cache else download.dest }}"
@ -104,7 +105,7 @@
environment: "{{ proxy_env }}" environment: "{{ proxy_env }}"
no_log: "{{ not (unsafe_show_logs | bool) }}" no_log: "{{ not (unsafe_show_logs | bool) }}"
- name: download_file | Copy file back to ansible host file cache - name: Download_file | Copy file back to ansible host file cache
ansible.posix.synchronize: ansible.posix.synchronize:
src: "{{ file_path_cached }}" src: "{{ file_path_cached }}"
dest: "{{ file_path_cached }}" dest: "{{ file_path_cached }}"
@ -115,7 +116,7 @@
- not download_localhost - not download_localhost
- download_delegate == inventory_hostname - download_delegate == inventory_hostname
- name: download_file | Copy file from cache to nodes, if it is available - name: Download_file | Copy file from cache to nodes, if it is available
ansible.posix.synchronize: ansible.posix.synchronize:
src: "{{ file_path_cached }}" src: "{{ file_path_cached }}"
dest: "{{ download.dest }}" dest: "{{ download.dest }}"
@ -128,7 +129,7 @@
when: when:
- download_force_cache - download_force_cache
- name: download_file | Set mode and owner - name: Download_file | Set mode and owner
file: file:
path: "{{ download.dest }}" path: "{{ download.dest }}"
mode: "{{ download.mode | default(omit) }}" mode: "{{ download.mode | default(omit) }}"
@ -136,7 +137,7 @@
when: when:
- download_force_cache - download_force_cache
- name: "download_file | Extract file archives" - name: "Download_file | Extract file archives"
include_tasks: "extract_file.yml" include_tasks: "extract_file.yml"
tags: tags:

View File

@ -1,5 +1,5 @@
--- ---
- name: extract_file | Unpacking archive - name: Extract_file | Unpacking archive
unarchive: unarchive:
src: "{{ download.dest }}" src: "{{ download.dest }}"
dest: "{{ download.dest | dirname }}" dest: "{{ download.dest | dirname }}"

View File

@ -1,5 +1,5 @@
--- ---
- name: download | Prepare working directories and variables - name: Download | Prepare working directories and variables
import_tasks: prep_download.yml import_tasks: prep_download.yml
when: when:
- not skip_downloads | default(false) - not skip_downloads | default(false)
@ -7,7 +7,7 @@
- download - download
- upload - upload
- name: download | Get kubeadm binary and list of required images - name: Download | Get kubeadm binary and list of required images
include_tasks: prep_kubeadm_images.yml include_tasks: prep_kubeadm_images.yml
when: when:
- not skip_downloads | default(false) - not skip_downloads | default(false)
@ -16,7 +16,7 @@
- download - download
- upload - upload
- name: download | Download files / images - name: Download | Download files / images
include_tasks: "{{ include_file }}" include_tasks: "{{ include_file }}"
loop: "{{ downloads | combine(kubeadm_images) | dict2items }}" loop: "{{ downloads | combine(kubeadm_images) | dict2items }}"
vars: vars:

View File

@ -1,11 +1,11 @@
--- ---
- name: prep_download | Set a few facts - name: Prep_download | Set a few facts
set_fact: set_fact:
download_force_cache: "{{ true if download_run_once else download_force_cache }}" download_force_cache: "{{ true if download_run_once else download_force_cache }}"
tags: tags:
- facts - facts
- name: prep_download | On localhost, check if passwordless root is possible - name: Prep_download | On localhost, check if passwordless root is possible
command: "true" command: "true"
delegate_to: localhost delegate_to: localhost
connection: local connection: local
@ -20,7 +20,7 @@
- localhost - localhost
- asserts - asserts
- name: prep_download | On localhost, check if user has access to the container runtime without using sudo - name: Prep_download | On localhost, check if user has access to the container runtime without using sudo
shell: "{{ image_info_command_on_localhost }}" # noqa command-instead-of-shell - image_info_command_on_localhost contains pipe, therefore requires shell shell: "{{ image_info_command_on_localhost }}" # noqa command-instead-of-shell - image_info_command_on_localhost contains pipe, therefore requires shell
delegate_to: localhost delegate_to: localhost
connection: local connection: local
@ -35,7 +35,7 @@
- localhost - localhost
- asserts - asserts
- name: prep_download | Parse the outputs of the previous commands - name: Prep_download | Parse the outputs of the previous commands
set_fact: set_fact:
user_in_docker_group: "{{ not test_docker.failed }}" user_in_docker_group: "{{ not test_docker.failed }}"
user_can_become_root: "{{ not test_become.failed }}" user_can_become_root: "{{ not test_become.failed }}"
@ -45,7 +45,7 @@
- localhost - localhost
- asserts - asserts
- name: prep_download | Check that local user is in group or can become root - name: Prep_download | Check that local user is in group or can become root
assert: assert:
that: "user_in_docker_group or user_can_become_root" that: "user_in_docker_group or user_can_become_root"
msg: >- msg: >-
@ -56,7 +56,7 @@
- localhost - localhost
- asserts - asserts
- name: prep_download | Register docker images info - name: Prep_download | Register docker images info
shell: "{{ image_info_command }}" # noqa command-instead-of-shell - image_info_command contains pipe therefore requires shell shell: "{{ image_info_command }}" # noqa command-instead-of-shell - image_info_command contains pipe therefore requires shell
no_log: "{{ not (unsafe_show_logs | bool) }}" no_log: "{{ not (unsafe_show_logs | bool) }}"
register: docker_images register: docker_images
@ -65,7 +65,7 @@
check_mode: no check_mode: no
when: download_container when: download_container
- name: prep_download | Create staging directory on remote node - name: Prep_download | Create staging directory on remote node
file: file:
path: "{{ local_release_dir }}/images" path: "{{ local_release_dir }}/images"
state: directory state: directory
@ -75,7 +75,7 @@
when: when:
- ansible_os_family not in ["Flatcar", "Flatcar Container Linux by Kinvolk"] - ansible_os_family not in ["Flatcar", "Flatcar Container Linux by Kinvolk"]
- name: prep_download | Create local cache for files and images on control node - name: Prep_download | Create local cache for files and images on control node
file: file:
path: "{{ download_cache_dir }}/images" path: "{{ download_cache_dir }}/images"
state: directory state: directory

View File

@ -1,12 +1,12 @@
--- ---
- name: prep_kubeadm_images | Check kubeadm version matches kubernetes version - name: Prep_kubeadm_images | Check kubeadm version matches kubernetes version
fail: fail:
msg: "Kubeadm version {{ kubeadm_version }} do not matches kubernetes {{ kube_version }}" msg: "Kubeadm version {{ kubeadm_version }} do not matches kubernetes {{ kube_version }}"
when: when:
- not skip_downloads | default(false) - not skip_downloads | default(false)
- not kubeadm_version == downloads.kubeadm.version - not kubeadm_version == downloads.kubeadm.version
- name: prep_kubeadm_images | Download kubeadm binary - name: Prep_kubeadm_images | Download kubeadm binary
include_tasks: "download_file.yml" include_tasks: "download_file.yml"
vars: vars:
download: "{{ download_defaults | combine(downloads.kubeadm) }}" download: "{{ download_defaults | combine(downloads.kubeadm) }}"
@ -14,7 +14,7 @@
- not skip_downloads | default(false) - not skip_downloads | default(false)
- downloads.kubeadm.enabled - downloads.kubeadm.enabled
- name: prep_kubeadm_images | Create kubeadm config - name: Prep_kubeadm_images | Create kubeadm config
template: template:
src: "kubeadm-images.yaml.j2" src: "kubeadm-images.yaml.j2"
dest: "{{ kube_config_dir }}/kubeadm-images.yaml" dest: "{{ kube_config_dir }}/kubeadm-images.yaml"
@ -22,21 +22,21 @@
when: when:
- not skip_kubeadm_images | default(false) - not skip_kubeadm_images | default(false)
- name: prep_kubeadm_images | Copy kubeadm binary from download dir to system path - name: Prep_kubeadm_images | Copy kubeadm binary from download dir to system path
copy: copy:
src: "{{ downloads.kubeadm.dest }}" src: "{{ downloads.kubeadm.dest }}"
dest: "{{ bin_dir }}/kubeadm" dest: "{{ bin_dir }}/kubeadm"
mode: 0755 mode: 0755
remote_src: true remote_src: true
- name: prep_kubeadm_images | Set kubeadm binary permissions - name: Prep_kubeadm_images | Set kubeadm binary permissions
file: file:
path: "{{ bin_dir }}/kubeadm" path: "{{ bin_dir }}/kubeadm"
mode: "0755" mode: "0755"
state: file state: file
- name: prep_kubeadm_images | Generate list of required images - name: Prep_kubeadm_images | Generate list of required images
shell: "set -o pipefail && {{ bin_dir }}/kubeadm config images list --config={{ kube_config_dir }}/kubeadm-images.yaml | grep -Ev 'coredns | pause'" shell: "set -o pipefail && {{ bin_dir }}/kubeadm config images list --config={{ kube_config_dir }}/kubeadm-images.yaml | grep -Ev 'coredns|pause'"
args: args:
executable: /bin/bash executable: /bin/bash
register: kubeadm_images_raw register: kubeadm_images_raw
@ -45,7 +45,7 @@
when: when:
- not skip_kubeadm_images | default(false) - not skip_kubeadm_images | default(false)
- name: prep_kubeadm_images | Parse list of images - name: Prep_kubeadm_images | Parse list of images
vars: vars:
kubeadm_images_list: "{{ kubeadm_images_raw.stdout_lines }}" kubeadm_images_list: "{{ kubeadm_images_raw.stdout_lines }}"
set_fact: set_fact:
@ -63,7 +63,7 @@
when: when:
- not skip_kubeadm_images | default(false) - not skip_kubeadm_images | default(false)
- name: prep_kubeadm_images | Convert list of images to dict for later use - name: Prep_kubeadm_images | Convert list of images to dict for later use
set_fact: set_fact:
kubeadm_images: "{{ kubeadm_images_cooked.results | map(attribute='ansible_facts.kubeadm_image') | list | items2dict }}" kubeadm_images: "{{ kubeadm_images_cooked.results | map(attribute='ansible_facts.kubeadm_image') | list | items2dict }}"
run_once: true run_once: true

View File

@ -1,22 +1,22 @@
--- ---
- name: set_container_facts | Display the name of the image being processed - name: Set_container_facts | Display the name of the image being processed
debug: debug:
msg: "{{ download.repo }}" msg: "{{ download.repo }}"
- name: set_container_facts | Set if containers should be pulled by digest - name: Set_container_facts | Set if containers should be pulled by digest
set_fact: set_fact:
pull_by_digest: "{{ download.sha256 is defined and download.sha256 }}" pull_by_digest: "{{ download.sha256 is defined and download.sha256 }}"
- name: set_container_facts | Define by what name to pull the image - name: Set_container_facts | Define by what name to pull the image
set_fact: set_fact:
image_reponame: >- image_reponame: >-
{%- if pull_by_digest %}{{ download.repo }}@sha256:{{ download.sha256 }}{%- else -%}{{ download.repo }}:{{ download.tag }}{%- endif -%} {%- if pull_by_digest %}{{ download.repo }}@sha256:{{ download.sha256 }}{%- else -%}{{ download.repo }}:{{ download.tag }}{%- endif -%}
- name: set_container_facts | Define file name of image - name: Set_container_facts | Define file name of image
set_fact: set_fact:
image_filename: "{{ image_reponame | regex_replace('/|\0|:', '_') }}.tar" image_filename: "{{ image_reponame | regex_replace('/|\0|:', '_') }}.tar"
- name: set_container_facts | Define path of image - name: Set_container_facts | Define path of image
set_fact: set_fact:
image_path_cached: "{{ download_cache_dir }}/images/{{ image_filename }}" image_path_cached: "{{ download_cache_dir }}/images/{{ image_filename }}"
image_path_final: "{{ local_release_dir }}/images/{{ image_filename }}" image_path_final: "{{ local_release_dir }}/images/{{ image_filename }}"

View File

@ -1,39 +1,40 @@
--- ---
- name: restart etcd - name: Restart etcd
command: /bin/true command: /bin/true
notify: notify:
- Backup etcd data - Backup etcd data
- etcd | reload systemd - Etcd | reload systemd
- reload etcd - Reload etcd
- wait for etcd up - Wait for etcd up
- Cleanup etcd backups - Cleanup etcd backups
- name: restart etcd-events - name: Restart etcd-events
command: /bin/true command: /bin/true
notify: notify:
- etcd | reload systemd - Etcd | reload systemd
- reload etcd-events - Reload etcd-events
- wait for etcd-events up - Wait for etcd-events up
- import_tasks: backup.yml - name: Backup etcd
import_tasks: backup.yml
- name: etcd | reload systemd - name: Etcd | reload systemd
systemd: systemd:
daemon_reload: true daemon_reload: true
- name: reload etcd - name: Reload etcd
service: service:
name: etcd name: etcd
state: restarted state: restarted
when: is_etcd_master when: is_etcd_master
- name: reload etcd-events - name: Reload etcd-events
service: service:
name: etcd-events name: etcd-events
state: restarted state: restarted
when: is_etcd_master when: is_etcd_master
- name: wait for etcd up - name: Wait for etcd up
uri: uri:
url: "https://{% if is_etcd_master %}{{ etcd_address }}{% else %}127.0.0.1{% endif %}:2379/health" url: "https://{% if is_etcd_master %}{{ etcd_address }}{% else %}127.0.0.1{% endif %}:2379/health"
validate_certs: no validate_certs: no
@ -44,9 +45,10 @@
retries: 60 retries: 60
delay: 1 delay: 1
- import_tasks: backup_cleanup.yml - name: Cleanup etcd backups
import_tasks: backup_cleanup.yml
- name: wait for etcd-events up - name: Wait for etcd-events up
uri: uri:
url: "https://{% if is_etcd_master %}{{ etcd_address }}{% else %}127.0.0.1{% endif %}:2383/health" url: "https://{% if is_etcd_master %}{{ etcd_address }}{% else %}127.0.0.1{% endif %}:2383/health"
validate_certs: no validate_certs: no
@ -57,6 +59,6 @@
retries: 60 retries: 60
delay: 1 delay: 1
- name: set etcd_secret_changed - name: Set etcd_secret_changed
set_fact: set_fact:
etcd_secret_changed: true etcd_secret_changed: true

View File

@ -41,7 +41,8 @@
ETCDCTL_CACERT: "{{ etcd_cert_dir }}/ca.pem" ETCDCTL_CACERT: "{{ etcd_cert_dir }}/ca.pem"
ETCDCTL_ENDPOINTS: "{{ etcd_events_access_addresses }}" ETCDCTL_ENDPOINTS: "{{ etcd_events_access_addresses }}"
- include_tasks: refresh_config.yml - name: Configure | Refresh etcd config
include_tasks: refresh_config.yml
when: is_etcd_master when: is_etcd_master
- name: Configure | Copy etcd.service systemd file - name: Configure | Copy etcd.service systemd file

View File

@ -56,7 +56,7 @@
run_once: yes run_once: yes
delegate_to: "{{ groups['etcd'][0] }}" delegate_to: "{{ groups['etcd'][0] }}"
when: gen_certs | default(false) when: gen_certs | default(false)
notify: set etcd_secret_changed notify: Set etcd_secret_changed
- name: Gen_certs | run cert generation script for all clients - name: Gen_certs | run cert generation script for all clients
command: "bash -x {{ etcd_script_dir }}/make-ssl-etcd.sh -f {{ etcd_config_dir }}/openssl.conf -d {{ etcd_cert_dir }}" command: "bash -x {{ etcd_script_dir }}/make-ssl-etcd.sh -f {{ etcd_config_dir }}/openssl.conf -d {{ etcd_cert_dir }}"
@ -73,7 +73,7 @@
- kube_network_plugin in ["calico", "flannel", "cilium"] or cilium_deploy_additionally | default(false) | bool - kube_network_plugin in ["calico", "flannel", "cilium"] or cilium_deploy_additionally | default(false) | bool
- kube_network_plugin != "calico" or calico_datastore == "etcd" - kube_network_plugin != "calico" or calico_datastore == "etcd"
- gen_certs | default(false) - gen_certs | default(false)
notify: set etcd_secret_changed notify: Set etcd_secret_changed
- name: Gen_certs | Gather etcd member/admin and kube_control_plane client certs from first etcd node - name: Gen_certs | Gather etcd member/admin and kube_control_plane client certs from first etcd node
slurp: slurp:
@ -97,7 +97,7 @@
- inventory_hostname in groups['etcd'] - inventory_hostname in groups['etcd']
- sync_certs | default(false) - sync_certs | default(false)
- inventory_hostname != groups['etcd'][0] - inventory_hostname != groups['etcd'][0]
notify: set etcd_secret_changed notify: Set etcd_secret_changed
- name: Gen_certs | Write etcd member/admin and kube_control_plane client certs to other etcd nodes - name: Gen_certs | Write etcd member/admin and kube_control_plane client certs to other etcd nodes
copy: copy:
@ -129,7 +129,7 @@
- inventory_hostname != groups['etcd'][0] - inventory_hostname != groups['etcd'][0]
- kube_network_plugin in ["calico", "flannel", "cilium"] or cilium_deploy_additionally | default(false) | bool - kube_network_plugin in ["calico", "flannel", "cilium"] or cilium_deploy_additionally | default(false) | bool
- kube_network_plugin != "calico" or calico_datastore == "etcd" - kube_network_plugin != "calico" or calico_datastore == "etcd"
notify: set etcd_secret_changed notify: Set etcd_secret_changed
- name: Gen_certs | Write node certs to other etcd nodes - name: Gen_certs | Write node certs to other etcd nodes
copy: copy:
@ -147,12 +147,14 @@
loop_control: loop_control:
label: "{{ item.item }}" label: "{{ item.item }}"
- include_tasks: gen_nodes_certs_script.yml - name: Gen_certs | Generate etcd certs
include_tasks: gen_nodes_certs_script.yml
when: when:
- inventory_hostname in groups['kube_control_plane'] and - inventory_hostname in groups['kube_control_plane'] and
sync_certs | default(false) and inventory_hostname not in groups['etcd'] sync_certs | default(false) and inventory_hostname not in groups['etcd']
- include_tasks: gen_nodes_certs_script.yml - name: Gen_certs | Generate etcd certs on nodes if needed
include_tasks: gen_nodes_certs_script.yml
when: when:
- kube_network_plugin in ["calico", "flannel", "cilium"] or cilium_deploy_additionally | default(false) | bool - kube_network_plugin in ["calico", "flannel", "cilium"] or cilium_deploy_additionally | default(false) | bool
- kube_network_plugin != "calico" or calico_datastore == "etcd" - kube_network_plugin != "calico" or calico_datastore == "etcd"

View File

@ -1,5 +1,7 @@
--- ---
- import_tasks: install_etcdctl_docker.yml
- name: Install etcdctl from docker
import_tasks: install_etcdctl_docker.yml
when: etcd_cluster_setup when: etcd_cluster_setup
- name: Get currently-deployed etcd version - name: Get currently-deployed etcd version
@ -14,14 +16,14 @@
- name: Restart etcd if necessary - name: Restart etcd if necessary
command: /bin/true command: /bin/true
notify: restart etcd notify: Restart etcd
when: when:
- etcd_cluster_setup - etcd_cluster_setup
- etcd_image_tag not in etcd_current_docker_image.stdout | default('') - etcd_image_tag not in etcd_current_docker_image.stdout | default('')
- name: Restart etcd-events if necessary - name: Restart etcd-events if necessary
command: /bin/true command: /bin/true
notify: restart etcd-events notify: Restart etcd-events
when: when:
- etcd_events_cluster_setup - etcd_events_cluster_setup
- etcd_image_tag not in etcd_events_current_docker_image.stdout | default('') - etcd_image_tag not in etcd_events_current_docker_image.stdout | default('')

View File

@ -8,19 +8,19 @@
- name: Restart etcd if necessary - name: Restart etcd if necessary
command: /bin/true command: /bin/true
notify: restart etcd notify: Restart etcd
when: when:
- etcd_cluster_setup - etcd_cluster_setup
- etcd_version.lstrip('v') not in etcd_current_host_version.stdout | default('') - etcd_version.lstrip('v') not in etcd_current_host_version.stdout | default('')
- name: Restart etcd-events if necessary - name: Restart etcd-events if necessary
command: /bin/true command: /bin/true
notify: restart etcd-events notify: Restart etcd-events
when: when:
- etcd_events_cluster_setup - etcd_events_cluster_setup
- etcd_version.lstrip('v') not in etcd_current_host_version.stdout | default('') - etcd_version.lstrip('v') not in etcd_current_host_version.stdout | default('')
- name: install | Download etcd and etcdctl - name: Install | Download etcd and etcdctl
include_tasks: "../../download/tasks/download_file.yml" include_tasks: "../../download/tasks/download_file.yml"
vars: vars:
download: "{{ download_defaults | combine(downloads.etcd) }}" download: "{{ download_defaults | combine(downloads.etcd) }}"
@ -29,7 +29,7 @@
- never - never
- etcd - etcd
- name: install | Copy etcd and etcdctl binary from download dir - name: Install | Copy etcd and etcdctl binary from download dir
copy: copy:
src: "{{ local_release_dir }}/etcd-{{ etcd_version }}-linux-{{ host_architecture }}/{{ item }}" src: "{{ local_release_dir }}/etcd-{{ etcd_version }}-linux-{{ host_architecture }}/{{ item }}"
dest: "{{ bin_dir }}/{{ item }}" dest: "{{ bin_dir }}/{{ item }}"

View File

@ -12,7 +12,8 @@
ETCDCTL_CACERT: "{{ etcd_cert_dir }}/ca.pem" ETCDCTL_CACERT: "{{ etcd_cert_dir }}/ca.pem"
ETCDCTL_ENDPOINTS: "{{ etcd_events_access_addresses }}" ETCDCTL_ENDPOINTS: "{{ etcd_events_access_addresses }}"
- include_tasks: refresh_config.yml - name: Join Member | Refresh etcd config
include_tasks: refresh_config.yml
vars: vars:
# noqa: jinja[spacing] # noqa: jinja[spacing]
etcd_events_peer_addresses: >- etcd_events_peer_addresses: >-

View File

@ -13,7 +13,8 @@
ETCDCTL_CACERT: "{{ etcd_cert_dir }}/ca.pem" ETCDCTL_CACERT: "{{ etcd_cert_dir }}/ca.pem"
ETCDCTL_ENDPOINTS: "{{ etcd_access_addresses }}" ETCDCTL_ENDPOINTS: "{{ etcd_access_addresses }}"
- include_tasks: refresh_config.yml - name: Join Member | Refresh etcd config
include_tasks: refresh_config.yml
vars: vars:
# noqa: jinja[spacing] # noqa: jinja[spacing]
etcd_peer_addresses: >- etcd_peer_addresses: >-

View File

@ -1,23 +1,27 @@
--- ---
- include_tasks: check_certs.yml - name: Check etcd certs
include_tasks: check_certs.yml
when: cert_management == "script" when: cert_management == "script"
tags: tags:
- etcd-secrets - etcd-secrets
- facts - facts
- include_tasks: "gen_certs_script.yml" - name: Generate etcd certs
include_tasks: "gen_certs_script.yml"
when: when:
- cert_management | d('script') == "script" - cert_management | d('script') == "script"
tags: tags:
- etcd-secrets - etcd-secrets
- include_tasks: upd_ca_trust.yml - name: Trust etcd CA
include_tasks: upd_ca_trust.yml
when: when:
- inventory_hostname in groups['etcd'] | union(groups['kube_control_plane']) | unique | sort - inventory_hostname in groups['etcd'] | union(groups['kube_control_plane']) | unique | sort
tags: tags:
- etcd-secrets - etcd-secrets
- include_tasks: upd_ca_trust.yml - name: Trust etcd CA on nodes if needed
include_tasks: upd_ca_trust.yml
when: when:
- kube_network_plugin in ["calico", "flannel", "cilium"] or cilium_deploy_additionally | default(false) | bool - kube_network_plugin in ["calico", "flannel", "cilium"] or cilium_deploy_additionally | default(false) | bool
- kube_network_plugin != "calico" or calico_datastore == "etcd" - kube_network_plugin != "calico" or calico_datastore == "etcd"
@ -49,29 +53,33 @@
- master - master
- network - network
- include_tasks: "install_{{ etcd_deployment_type }}.yml" - name: Install etcd
include_tasks: "install_{{ etcd_deployment_type }}.yml"
when: is_etcd_master when: is_etcd_master
tags: tags:
- upgrade - upgrade
- include_tasks: configure.yml - name: Configure etcd
include_tasks: configure.yml
when: is_etcd_master when: is_etcd_master
- include_tasks: refresh_config.yml - name: Refresh etcd config
include_tasks: refresh_config.yml
when: is_etcd_master when: is_etcd_master
- name: Restart etcd if certs changed - name: Restart etcd if certs changed
command: /bin/true command: /bin/true
notify: restart etcd notify: Restart etcd
when: is_etcd_master and etcd_cluster_setup and etcd_secret_changed | default(false) when: is_etcd_master and etcd_cluster_setup and etcd_secret_changed | default(false)
- name: Restart etcd-events if certs changed - name: Restart etcd-events if certs changed
command: /bin/true command: /bin/true
notify: restart etcd notify: Restart etcd
when: is_etcd_master and etcd_events_cluster_setup and etcd_secret_changed | default(false) when: is_etcd_master and etcd_events_cluster_setup and etcd_secret_changed | default(false)
# After etcd cluster is assembled, make sure that # After etcd cluster is assembled, make sure that
# initial state of the cluster is in `existing` # initial state of the cluster is in `existing`
# state instead of `new`. # state instead of `new`.
- include_tasks: refresh_config.yml - name: Refresh etcd config again for idempotency
include_tasks: refresh_config.yml
when: is_etcd_master when: is_etcd_master

View File

@ -4,7 +4,7 @@
src: etcd.env.j2 src: etcd.env.j2
dest: /etc/etcd.env dest: /etc/etcd.env
mode: 0640 mode: 0640
notify: restart etcd notify: Restart etcd
when: is_etcd_master and etcd_cluster_setup when: is_etcd_master and etcd_cluster_setup
- name: Refresh config | Create etcd-events config file - name: Refresh config | Create etcd-events config file
@ -12,5 +12,5 @@
src: etcd-events.env.j2 src: etcd-events.env.j2
dest: /etc/etcd-events.env dest: /etc/etcd-events.env
mode: 0640 mode: 0640
notify: restart etcd-events notify: Restart etcd-events
when: is_etcd_master and etcd_events_cluster_setup when: is_etcd_master and etcd_events_cluster_setup

View File

@ -14,7 +14,8 @@
get_mime: no get_mime: no
register: stat_etcdctl register: stat_etcdctl
- block: - name: Remove old etcd binary
block:
- name: Check version - name: Check version
command: "{{ bin_dir }}/etcdctl version" command: "{{ bin_dir }}/etcdctl version"
register: etcdctl_version register: etcdctl_version
@ -36,7 +37,8 @@
get_mime: no get_mime: no
register: stat_etcdctl register: stat_etcdctl
- block: - name: Copy etcdctl script to host
block:
- name: Copy etcdctl script to host - name: Copy etcdctl script to host
shell: "{{ docker_bin_dir }}/docker cp \"$({{ docker_bin_dir }}/docker ps -qf ancestor={{ etcd_image_repo }}:{{ etcd_image_tag }})\":/usr/local/bin/etcdctl {{ etcd_data_dir }}/etcdctl" shell: "{{ docker_bin_dir }}/docker cp \"$({{ docker_bin_dir }}/docker ps -qf ancestor={{ etcd_image_repo }}:{{ etcd_image_tag }})\":/usr/local/bin/etcdctl {{ etcd_data_dir }}/etcdctl"
when: container_manager == "docker" when: container_manager == "docker"

View File

@ -1,6 +1,7 @@
--- ---
- import_tasks: credentials-check.yml - name: OCI Cloud Controller | Check Oracle Cloud credentials
import_tasks: credentials-check.yml
- name: "OCI Cloud Controller | Generate Cloud Provider Configuration" - name: "OCI Cloud Controller | Generate Cloud Provider Configuration"
template: template:

View File

@ -59,7 +59,8 @@
- inventory_hostname == groups['kube_control_plane'][0] - inventory_hostname == groups['kube_control_plane'][0]
tags: node-webhook tags: node-webhook
- include_tasks: oci.yml - name: Configure Oracle Cloud provider
include_tasks: oci.yml
tags: oci tags: oci
when: when:
- cloud_provider is defined - cloud_provider is defined

View File

@ -1,6 +1,6 @@
--- ---
- name: crun | Copy runtime class manifest - name: Crun | Copy runtime class manifest
template: template:
src: runtimeclass-crun.yml src: runtimeclass-crun.yml
dest: "{{ kube_config_dir }}/runtimeclass-crun.yml" dest: "{{ kube_config_dir }}/runtimeclass-crun.yml"
@ -8,7 +8,7 @@
when: when:
- inventory_hostname == groups['kube_control_plane'][0] - inventory_hostname == groups['kube_control_plane'][0]
- name: crun | Apply manifests - name: Crun | Apply manifests
kube: kube:
name: "runtimeclass-crun" name: "runtimeclass-crun"
kubectl: "{{ bin_dir }}/kubectl" kubectl: "{{ bin_dir }}/kubectl"

View File

@ -1,5 +1,5 @@
--- ---
- name: gVisor | Create addon dir - name: GVisor | Create addon dir
file: file:
path: "{{ kube_config_dir }}/addons/gvisor" path: "{{ kube_config_dir }}/addons/gvisor"
owner: root owner: root
@ -7,12 +7,12 @@
mode: 0755 mode: 0755
recurse: true recurse: true
- name: gVisor | Templates List - name: GVisor | Templates List
set_fact: set_fact:
gvisor_templates: gvisor_templates:
- { name: runtimeclass-gvisor, file: runtimeclass-gvisor.yml, type: runtimeclass } - { name: runtimeclass-gvisor, file: runtimeclass-gvisor.yml, type: runtimeclass }
- name: gVisort | Create manifests - name: GVisort | Create manifests
template: template:
src: "{{ item.file }}.j2" src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/addons/gvisor/{{ item.file }}" dest: "{{ kube_config_dir }}/addons/gvisor/{{ item.file }}"
@ -22,7 +22,7 @@
when: when:
- inventory_hostname == groups['kube_control_plane'][0] - inventory_hostname == groups['kube_control_plane'][0]
- name: gVisor | Apply manifests - name: GVisor | Apply manifests
kube: kube:
name: "{{ item.item.name }}" name: "{{ item.item.name }}"
kubectl: "{{ bin_dir }}/kubectl" kubectl: "{{ bin_dir }}/kubectl"

View File

@ -1,6 +1,6 @@
--- ---
- name: youki | Copy runtime class manifest - name: Youki | Copy runtime class manifest
template: template:
src: runtimeclass-youki.yml src: runtimeclass-youki.yml
dest: "{{ kube_config_dir }}/runtimeclass-youki.yml" dest: "{{ kube_config_dir }}/runtimeclass-youki.yml"
@ -8,7 +8,7 @@
when: when:
- inventory_hostname == groups['kube_control_plane'][0] - inventory_hostname == groups['kube_control_plane'][0]
- name: youki | Apply manifests - name: Youki | Apply manifests
kube: kube:
name: "runtimeclass-youki" name: "runtimeclass-youki"
kubectl: "{{ bin_dir }}/kubectl" kubectl: "{{ bin_dir }}/kubectl"

View File

@ -1,5 +1,6 @@
--- ---
- include_tasks: azure-credential-check.yml - name: Azure CSI Driver | Check Azure credentials
include_tasks: azure-credential-check.yml
- name: Azure CSI Driver | Write Azure CSI cloud-config - name: Azure CSI Driver | Write Azure CSI cloud-config
template: template:

View File

@ -1,5 +1,6 @@
--- ---
- include_tasks: cinder-credential-check.yml - name: Cinder CSI Driver | Check Cinder credentials
include_tasks: cinder-credential-check.yml
- name: Cinder CSI Driver | Write cacert file - name: Cinder CSI Driver | Write cacert file
include_tasks: cinder-write-cacert.yml include_tasks: cinder-write-cacert.yml

View File

@ -1,7 +1,8 @@
--- ---
- include_tasks: vsphere-credentials-check.yml - name: VSphere CSI Driver | Check vsphare credentials
include_tasks: vsphere-credentials-check.yml
- name: vSphere CSI Driver | Generate CSI cloud-config - name: VSphere CSI Driver | Generate CSI cloud-config
template: template:
src: "{{ item }}.j2" src: "{{ item }}.j2"
dest: "{{ kube_config_dir }}/{{ item }}" dest: "{{ kube_config_dir }}/{{ item }}"
@ -10,7 +11,7 @@
- vsphere-csi-cloud-config - vsphere-csi-cloud-config
when: inventory_hostname == groups['kube_control_plane'][0] when: inventory_hostname == groups['kube_control_plane'][0]
- name: vSphere CSI Driver | Generate Manifests - name: VSphere CSI Driver | Generate Manifests
template: template:
src: "{{ item }}.j2" src: "{{ item }}.j2"
dest: "{{ kube_config_dir }}/{{ item }}" dest: "{{ kube_config_dir }}/{{ item }}"
@ -27,7 +28,7 @@
register: vsphere_csi_manifests register: vsphere_csi_manifests
when: inventory_hostname == groups['kube_control_plane'][0] when: inventory_hostname == groups['kube_control_plane'][0]
- name: vSphere CSI Driver | Apply Manifests - name: VSphere CSI Driver | Apply Manifests
kube: kube:
kubectl: "{{ bin_dir }}/kubectl" kubectl: "{{ bin_dir }}/kubectl"
filename: "{{ kube_config_dir }}/{{ item.item }}" filename: "{{ kube_config_dir }}/{{ item.item }}"
@ -40,13 +41,13 @@
loop_control: loop_control:
label: "{{ item.item }}" label: "{{ item.item }}"
- name: vSphere CSI Driver | Generate a CSI secret manifest - name: VSphere CSI Driver | Generate a CSI secret manifest
command: "{{ kubectl }} create secret generic vsphere-config-secret --from-file=csi-vsphere.conf={{ kube_config_dir }}/vsphere-csi-cloud-config -n {{ vsphere_csi_namespace }} --dry-run --save-config -o yaml" command: "{{ kubectl }} create secret generic vsphere-config-secret --from-file=csi-vsphere.conf={{ kube_config_dir }}/vsphere-csi-cloud-config -n {{ vsphere_csi_namespace }} --dry-run --save-config -o yaml"
register: vsphere_csi_secret_manifest register: vsphere_csi_secret_manifest
when: inventory_hostname == groups['kube_control_plane'][0] when: inventory_hostname == groups['kube_control_plane'][0]
no_log: "{{ not (unsafe_show_logs | bool) }}" no_log: "{{ not (unsafe_show_logs | bool) }}"
- name: vSphere CSI Driver | Apply a CSI secret manifest - name: VSphere CSI Driver | Apply a CSI secret manifest
command: command:
cmd: "{{ kubectl }} apply -f -" cmd: "{{ kubectl }} apply -f -"
stdin: "{{ vsphere_csi_secret_manifest.stdout }}" stdin: "{{ vsphere_csi_secret_manifest.stdout }}"

View File

@ -1,5 +1,6 @@
--- ---
- include_tasks: openstack-credential-check.yml - name: External OpenStack Cloud Controller | Check OpenStack credentials
include_tasks: openstack-credential-check.yml
tags: external-openstack tags: external-openstack
- name: External OpenStack Cloud Controller | Get base64 cacert - name: External OpenStack Cloud Controller | Get base64 cacert

View File

@ -1,5 +1,6 @@
--- ---
- include_tasks: vsphere-credentials-check.yml - name: External vSphere Cloud Controller | Check vsphere credentials
include_tasks: vsphere-credentials-check.yml
- name: External vSphere Cloud Controller | Generate CPI cloud-config - name: External vSphere Cloud Controller | Generate CPI cloud-config
template: template:

View File

@ -1,6 +1,6 @@
--- ---
- name: kube-router | Start Resources - name: Kube-router | Start Resources
kube: kube:
name: "kube-router" name: "kube-router"
kubectl: "{{ bin_dir }}/kubectl" kubectl: "{{ bin_dir }}/kubectl"
@ -11,7 +11,7 @@
delegate_to: "{{ groups['kube_control_plane'] | first }}" delegate_to: "{{ groups['kube_control_plane'] | first }}"
run_once: true run_once: true
- name: kube-router | Wait for kube-router pods to be ready - name: Kube-router | Wait for kube-router pods to be ready
command: "{{ kubectl }} -n kube-system get pods -l k8s-app=kube-router -o jsonpath='{.items[?(@.status.containerStatuses[0].ready==false)].metadata.name}'" # noqa ignore-errors command: "{{ kubectl }} -n kube-system get pods -l k8s-app=kube-router -o jsonpath='{.items[?(@.status.containerStatuses[0].ready==false)].metadata.name}'" # noqa ignore-errors
register: pods_not_ready register: pods_not_ready
until: pods_not_ready.stdout.find("kube-router")==-1 until: pods_not_ready.stdout.find("kube-router")==-1

View File

@ -1,5 +1,5 @@
--- ---
- name: check if snapshot namespace exists - name: Check if snapshot namespace exists
register: snapshot_namespace_exists register: snapshot_namespace_exists
kube: kube:
kubectl: "{{ bin_dir }}/kubectl" kubectl: "{{ bin_dir }}/kubectl"

View File

@ -100,7 +100,7 @@
run_once: yes run_once: yes
when: kubectl_localhost when: kubectl_localhost
- name: create helper script kubectl.sh on ansible host - name: Create helper script kubectl.sh on ansible host
copy: copy:
content: | content: |
#!/bin/bash #!/bin/bash

View File

@ -47,7 +47,7 @@
timeout: 180 timeout: 180
- name: check already run - name: Check already run
debug: debug:
msg: "{{ kubeadm_already_run.stat.exists }}" msg: "{{ kubeadm_already_run.stat.exists }}"

View File

@ -10,7 +10,7 @@
- kube_oidc_auth - kube_oidc_auth
- kube_oidc_ca_cert is defined - kube_oidc_ca_cert is defined
- name: kubeadm | Check if kubeadm has already run - name: Kubeadm | Check if kubeadm has already run
stat: stat:
path: "/var/lib/kubelet/config.yaml" path: "/var/lib/kubelet/config.yaml"
get_attributes: no get_attributes: no
@ -18,12 +18,12 @@
get_mime: no get_mime: no
register: kubeadm_already_run register: kubeadm_already_run
- name: kubeadm | Backup kubeadm certs / kubeconfig - name: Kubeadm | Backup kubeadm certs / kubeconfig
import_tasks: kubeadm-backup.yml import_tasks: kubeadm-backup.yml
when: when:
- kubeadm_already_run.stat.exists - kubeadm_already_run.stat.exists
- name: kubeadm | aggregate all SANs - name: Kubeadm | aggregate all SANs
set_fact: set_fact:
apiserver_sans: "{{ (sans_base + groups['kube_control_plane'] + sans_lb + sans_lb_ip + sans_supp + sans_access_ip + sans_ip + sans_address + sans_override + sans_hostname + sans_fqdn + sans_kube_vip_address) | unique }}" apiserver_sans: "{{ (sans_base + groups['kube_control_plane'] + sans_lb + sans_lb_ip + sans_supp + sans_access_ip + sans_ip + sans_address + sans_override + sans_hostname + sans_fqdn + sans_kube_vip_address) | unique }}"
vars: vars:
@ -69,7 +69,7 @@
when: kubernetes_audit_webhook | default(false) when: kubernetes_audit_webhook | default(false)
# Nginx LB(default), If kubeadm_config_api_fqdn is defined, use other LB by kubeadm controlPlaneEndpoint. # Nginx LB(default), If kubeadm_config_api_fqdn is defined, use other LB by kubeadm controlPlaneEndpoint.
- name: set kubeadm_config_api_fqdn define - name: Set kubeadm_config_api_fqdn define
set_fact: set_fact:
kubeadm_config_api_fqdn: "{{ apiserver_loadbalancer_domain_name | default('lb-apiserver.kubernetes.local') }}" kubeadm_config_api_fqdn: "{{ apiserver_loadbalancer_domain_name | default('lb-apiserver.kubernetes.local') }}"
when: loadbalancer_apiserver is defined when: loadbalancer_apiserver is defined
@ -78,27 +78,27 @@
set_fact: set_fact:
kubeadmConfig_api_version: v1beta3 kubeadmConfig_api_version: v1beta3
- name: kubeadm | Create kubeadm config - name: Kubeadm | Create kubeadm config
template: template:
src: "kubeadm-config.{{ kubeadmConfig_api_version }}.yaml.j2" src: "kubeadm-config.{{ kubeadmConfig_api_version }}.yaml.j2"
dest: "{{ kube_config_dir }}/kubeadm-config.yaml" dest: "{{ kube_config_dir }}/kubeadm-config.yaml"
mode: 0640 mode: 0640
- name: kubeadm | Create directory to store admission control configurations - name: Kubeadm | Create directory to store admission control configurations
file: file:
path: "{{ kube_config_dir }}/admission-controls" path: "{{ kube_config_dir }}/admission-controls"
state: directory state: directory
mode: 0640 mode: 0640
when: kube_apiserver_admission_control_config_file when: kube_apiserver_admission_control_config_file
- name: kubeadm | Push admission control config file - name: Kubeadm | Push admission control config file
template: template:
src: "admission-controls.yaml.j2" src: "admission-controls.yaml.j2"
dest: "{{ kube_config_dir }}/admission-controls/admission-controls.yaml" dest: "{{ kube_config_dir }}/admission-controls/admission-controls.yaml"
mode: 0640 mode: 0640
when: kube_apiserver_admission_control_config_file when: kube_apiserver_admission_control_config_file
- name: kubeadm | Push admission control config files - name: Kubeadm | Push admission control config files
template: template:
src: "{{ item | lower }}.yaml.j2" src: "{{ item | lower }}.yaml.j2"
dest: "{{ kube_config_dir }}/admission-controls/{{ item | lower }}.yaml" dest: "{{ kube_config_dir }}/admission-controls/{{ item | lower }}.yaml"
@ -108,15 +108,15 @@
- item in kube_apiserver_admission_plugins_needs_configuration - item in kube_apiserver_admission_plugins_needs_configuration
loop: "{{ kube_apiserver_enable_admission_plugins }}" loop: "{{ kube_apiserver_enable_admission_plugins }}"
- name: kubeadm | Check apiserver.crt SANs - name: Kubeadm | Check apiserver.crt SANs
block: block:
- name: kubeadm | Check apiserver.crt SAN IPs - name: Kubeadm | Check apiserver.crt SAN IPs
command: command:
cmd: "openssl x509 -noout -in {{ kube_cert_dir }}/apiserver.crt -checkip {{ item }}" cmd: "openssl x509 -noout -in {{ kube_cert_dir }}/apiserver.crt -checkip {{ item }}"
loop: "{{ apiserver_ips }}" loop: "{{ apiserver_ips }}"
register: apiserver_sans_ip_check register: apiserver_sans_ip_check
changed_when: apiserver_sans_ip_check.stdout is not search('does match certificate') changed_when: apiserver_sans_ip_check.stdout is not search('does match certificate')
- name: kubeadm | Check apiserver.crt SAN hosts - name: Kubeadm | Check apiserver.crt SAN hosts
command: command:
cmd: "openssl x509 -noout -in {{ kube_cert_dir }}/apiserver.crt -checkhost {{ item }}" cmd: "openssl x509 -noout -in {{ kube_cert_dir }}/apiserver.crt -checkhost {{ item }}"
loop: "{{ apiserver_hosts }}" loop: "{{ apiserver_hosts }}"
@ -129,7 +129,7 @@
- kubeadm_already_run.stat.exists - kubeadm_already_run.stat.exists
- not kube_external_ca_mode - not kube_external_ca_mode
- name: kubeadm | regenerate apiserver cert 1/2 - name: Kubeadm | regenerate apiserver cert 1/2
file: file:
state: absent state: absent
path: "{{ kube_cert_dir }}/{{ item }}" path: "{{ kube_cert_dir }}/{{ item }}"
@ -141,7 +141,7 @@
- apiserver_sans_ip_check.changed or apiserver_sans_host_check.changed - apiserver_sans_ip_check.changed or apiserver_sans_host_check.changed
- not kube_external_ca_mode - not kube_external_ca_mode
- name: kubeadm | regenerate apiserver cert 2/2 - name: Kubeadm | regenerate apiserver cert 2/2
command: >- command: >-
{{ bin_dir }}/kubeadm {{ bin_dir }}/kubeadm
init phase certs apiserver init phase certs apiserver
@ -151,14 +151,14 @@
- apiserver_sans_ip_check.changed or apiserver_sans_host_check.changed - apiserver_sans_ip_check.changed or apiserver_sans_host_check.changed
- not kube_external_ca_mode - not kube_external_ca_mode
- name: kubeadm | Create directory to store kubeadm patches - name: Kubeadm | Create directory to store kubeadm patches
file: file:
path: "{{ kubeadm_patches.dest_dir }}" path: "{{ kubeadm_patches.dest_dir }}"
state: directory state: directory
mode: 0640 mode: 0640
when: kubeadm_patches is defined and kubeadm_patches.enabled when: kubeadm_patches is defined and kubeadm_patches.enabled
- name: kubeadm | Copy kubeadm patches from inventory files - name: Kubeadm | Copy kubeadm patches from inventory files
copy: copy:
src: "{{ kubeadm_patches.source_dir }}/" src: "{{ kubeadm_patches.source_dir }}/"
dest: "{{ kubeadm_patches.dest_dir }}" dest: "{{ kubeadm_patches.dest_dir }}"
@ -166,7 +166,7 @@
mode: 0644 mode: 0644
when: kubeadm_patches is defined and kubeadm_patches.enabled when: kubeadm_patches is defined and kubeadm_patches.enabled
- name: kubeadm | Initialize first master - name: Kubeadm | Initialize first master
command: >- command: >-
timeout -k {{ kubeadm_init_timeout }} {{ kubeadm_init_timeout }} timeout -k {{ kubeadm_init_timeout }} {{ kubeadm_init_timeout }}
{{ bin_dir }}/kubeadm init {{ bin_dir }}/kubeadm init
@ -184,7 +184,7 @@
PATH: "{{ bin_dir }}:{{ ansible_env.PATH }}" PATH: "{{ bin_dir }}:{{ ansible_env.PATH }}"
notify: Master | restart kubelet notify: Master | restart kubelet
- name: set kubeadm certificate key - name: Set kubeadm certificate key
set_fact: set_fact:
kubeadm_certificate_key: "{{ item | regex_search('--certificate-key ([^ ]+)', '\\1') | first }}" kubeadm_certificate_key: "{{ item | regex_search('--certificate-key ([^ ]+)', '\\1') | first }}"
with_items: "{{ hostvars[groups['kube_control_plane'][0]]['kubeadm_init'].stdout_lines | default([]) }}" with_items: "{{ hostvars[groups['kube_control_plane'][0]]['kubeadm_init'].stdout_lines | default([]) }}"
@ -229,17 +229,17 @@
- podsecuritypolicy_enabled - podsecuritypolicy_enabled
- inventory_hostname == first_kube_control_plane - inventory_hostname == first_kube_control_plane
- name: kubeadm | Join other masters - name: Kubeadm | Join other masters
include_tasks: kubeadm-secondary.yml include_tasks: kubeadm-secondary.yml
- name: kubeadm | upgrade kubernetes cluster - name: Kubeadm | upgrade kubernetes cluster
include_tasks: kubeadm-upgrade.yml include_tasks: kubeadm-upgrade.yml
when: when:
- upgrade_cluster_setup - upgrade_cluster_setup
- kubeadm_already_run.stat.exists - kubeadm_already_run.stat.exists
# FIXME(mattymo): from docs: If you don't want to taint your control-plane node, set this field to an empty slice, i.e. `taints: {}` in the YAML file. # FIXME(mattymo): from docs: If you don't want to taint your control-plane node, set this field to an empty slice, i.e. `taints: {}` in the YAML file.
- name: kubeadm | Remove taint for master with node role - name: Kubeadm | Remove taint for master with node role
command: "{{ kubectl }} taint node {{ inventory_hostname }} {{ item }}" command: "{{ kubectl }} taint node {{ inventory_hostname }} {{ item }}"
delegate_to: "{{ first_kube_control_plane }}" delegate_to: "{{ first_kube_control_plane }}"
with_items: with_items:

View File

@ -1,5 +1,5 @@
--- ---
- name: kubeadm | Check api is up - name: Kubeadm | Check api is up
uri: uri:
url: "https://{{ ip | default(fallback_ips[inventory_hostname]) }}:{{ kube_apiserver_port }}/healthz" url: "https://{{ ip | default(fallback_ips[inventory_hostname]) }}:{{ kube_apiserver_port }}/healthz"
validate_certs: false validate_certs: false
@ -9,7 +9,7 @@
delay: 5 delay: 5
until: _result.status == 200 until: _result.status == 200
- name: kubeadm | Upgrade first master - name: Kubeadm | Upgrade first master
command: >- command: >-
timeout -k 600s 600s timeout -k 600s 600s
{{ bin_dir }}/kubeadm {{ bin_dir }}/kubeadm
@ -31,7 +31,7 @@
PATH: "{{ bin_dir }}:{{ ansible_env.PATH }}" PATH: "{{ bin_dir }}:{{ ansible_env.PATH }}"
notify: Master | restart kubelet notify: Master | restart kubelet
- name: kubeadm | Upgrade other masters - name: Kubeadm | Upgrade other masters
command: >- command: >-
timeout -k 600s 600s timeout -k 600s 600s
{{ bin_dir }}/kubeadm {{ bin_dir }}/kubeadm
@ -53,7 +53,7 @@
PATH: "{{ bin_dir }}:{{ ansible_env.PATH }}" PATH: "{{ bin_dir }}:{{ ansible_env.PATH }}"
notify: Master | restart kubelet notify: Master | restart kubelet
- name: kubeadm | clean kubectl cache to refresh api types - name: Kubeadm | clean kubectl cache to refresh api types
file: file:
path: "{{ item }}" path: "{{ item }}"
state: absent state: absent
@ -62,7 +62,7 @@
- /root/.kube/http-cache - /root/.kube/http-cache
# FIXME: https://github.com/kubernetes/kubeadm/issues/1318 # FIXME: https://github.com/kubernetes/kubeadm/issues/1318
- name: kubeadm | scale down coredns replicas to 0 if not using coredns dns_mode - name: Kubeadm | scale down coredns replicas to 0 if not using coredns dns_mode
command: >- command: >-
{{ kubectl }} {{ kubectl }}
-n kube-system -n kube-system

View File

@ -1,5 +1,6 @@
--- ---
- import_tasks: pre-upgrade.yml - name: Pre-upgrade control plane
import_tasks: pre-upgrade.yml
tags: tags:
- k8s-pre-upgrade - k8s-pre-upgrade
@ -23,7 +24,8 @@
dest: "{{ kube_config_dir }}/kubescheduler-config.yaml" dest: "{{ kube_config_dir }}/kubescheduler-config.yaml"
mode: 0644 mode: 0644
- import_tasks: encrypt-at-rest.yml - name: Apply Kubernetes encrypt at rest config
import_tasks: encrypt-at-rest.yml
when: when:
- kube_encrypt_secret_data - kube_encrypt_secret_data

View File

@ -65,14 +65,14 @@
mode: 0640 mode: 0640
when: not is_kube_master when: not is_kube_master
- name: kubeadm | Create directory to store kubeadm patches - name: Kubeadm | Create directory to store kubeadm patches
file: file:
path: "{{ kubeadm_patches.dest_dir }}" path: "{{ kubeadm_patches.dest_dir }}"
state: directory state: directory
mode: 0640 mode: 0640
when: kubeadm_patches is defined and kubeadm_patches.enabled when: kubeadm_patches is defined and kubeadm_patches.enabled
- name: kubeadm | Copy kubeadm patches from inventory files - name: Kubeadm | Copy kubeadm patches from inventory files
copy: copy:
src: "{{ kubeadm_patches.source_dir }}/" src: "{{ kubeadm_patches.source_dir }}/"
dest: "{{ kubeadm_patches.dest_dir }}" dest: "{{ kubeadm_patches.dest_dir }}"

Some files were not shown because too many files have changed in this diff Show More