diff --git a/roles/network_plugin/calico/tasks/check.yml b/roles/network_plugin/calico/tasks/check.yml index 9216231a4..973d30261 100644 --- a/roles/network_plugin/calico/tasks/check.yml +++ b/roles/network_plugin/calico/tasks/check.yml @@ -37,13 +37,16 @@ when: - "calico_vxlan_mode in ['Always', 'CrossSubnet']" -- name: "Get current version of calico cluster version" # noqa 306 - shell: "{{ bin_dir }}/calicoctl.sh version | grep 'Cluster Version:' | awk '{ print $3}'" +- name: "Get current version of calico cluster version" + shell: "set -o pipefail && {{ bin_dir }}/calicoctl.sh version | grep 'Cluster Version:' | awk '{ print $3}'" + args: + executable: /bin/bash register: calico_version_on_server async: 10 poll: 3 run_once: yes changed_when: false + failed_when: false - name: "Determine if calico upgrade is needed" block: diff --git a/roles/network_plugin/calico/tasks/install.yml b/roles/network_plugin/calico/tasks/install.yml index 716833671..57ba90ae4 100644 --- a/roles/network_plugin/calico/tasks/install.yml +++ b/roles/network_plugin/calico/tasks/install.yml @@ -85,9 +85,12 @@ run_once: true when: calico_datastore == "etcd" -- name: Calico | Check if calico network pool has already been configured # noqa 306 +- name: Calico | Check if calico network pool has already been configured + # noqa 306 - grep will exit 1 if no match found shell: > {{ bin_dir }}/calicoctl.sh get ippool | grep -w "{{ calico_pool_cidr | default(kube_pods_subnet) }}" | wc -l + args: + executable: /bin/bash register: calico_conf retries: 4 until: calico_conf.rc == 0 @@ -132,9 +135,10 @@ loop_control: label: "{{ item.item.file }}" -- name: Calico | Configure calico network pool (version < v3.3.0) # noqa 306 - shell: > - echo " +- name: Calico | Configure calico network pool (version < v3.3.0) + command: + cmd: "{{ bin_dir }}/calicoctl.sh apply -f -" + stdin: > { "kind": "IPPool", "apiVersion": "projectcalico.org/v3", "metadata": { @@ -144,26 +148,27 @@ "cidr": "{{ calico_pool_cidr | default(kube_pods_subnet) }}", "ipipMode": "{{ calico_ipip_mode }}", "vxlanMode": "{{ calico_vxlan_mode }}", - "natOutgoing": {{ nat_outgoing|default(false) and not peer_with_router|default(false) }} }} " | {{ bin_dir }}/calicoctl.sh apply -f - + "natOutgoing": {{ nat_outgoing|default(false) and not peer_with_router|default(false) }} }} when: - inventory_hostname == groups['kube-master'][0] - 'calico_conf.stdout == "0"' - calico_version is version("v3.3.0", "<") -- name: Calico | Configure calico network pool (version >= v3.3.0) # noqa 306 - shell: > - echo " +- name: Calico | Configure calico network pool (version >= v3.3.0) + command: + cmd: "{{ bin_dir }}/calicoctl.sh apply -f -" + stdin: > { "kind": "IPPool", "apiVersion": "projectcalico.org/v3", "metadata": { "name": "{{ calico_pool_name }}", }, "spec": { - "blockSize": "{{ calico_pool_blocksize | default(kube_network_node_prefix) }}", + "blockSize": {{ calico_pool_blocksize | default(kube_network_node_prefix) }}, "cidr": "{{ calico_pool_cidr | default(kube_pods_subnet) }}", "ipipMode": "{{ calico_ipip_mode }}", "vxlanMode": "{{ calico_vxlan_mode }}", - "natOutgoing": {{ nat_outgoing|default(false) and not peer_with_router|default(false) }} }} " | {{ bin_dir }}/calicoctl.sh apply -f - + "natOutgoing": {{ nat_outgoing|default(false) and not peer_with_router|default(false) }} }} when: - inventory_hostname == groups['kube-master'][0] - 'calico_conf.stdout == "0"' @@ -177,34 +182,36 @@ - inventory_hostname in groups['k8s-cluster'] run_once: yes -- name: Calico | Set global as_num # noqa 306 - shell: > - echo ' - { "kind": "BGPConfiguration", - "apiVersion": "projectcalico.org/v3", - "metadata": { - "name": "default", - }, - "spec": { - "logSeverityScreen": "Info", - "nodeToNodeMeshEnabled": {{ nodeToNodeMeshEnabled|default('true') }} , - "asNumber": {{ global_as_num }} }} ' | {{ bin_dir }}/calicoctl.sh apply -f - +- name: Calico | Set global as_num + command: + cmd: "{{ bin_dir }}/calicoctl.sh apply -f -" + stdin: > + { "kind": "BGPConfiguration", + "apiVersion": "projectcalico.org/v3", + "metadata": { + "name": "default", + }, + "spec": { + "logSeverityScreen": "Info", + "nodeToNodeMeshEnabled": {{ nodeToNodeMeshEnabled|default('true') }} , + "asNumber": {{ global_as_num }} }} changed_when: false when: - inventory_hostname == groups['kube-master'][0] -- name: Calico | Configure peering with router(s) at global scope # noqa 306 - shell: > - echo '{ - "apiVersion": "projectcalico.org/v3", - "kind": "BGPPeer", - "metadata": { - "name": "global-{{ item.router_id }}" - }, - "spec": { - "asNumber": "{{ item.as }}", - "peerIP": "{{ item.router_id }}" - }}' | {{ bin_dir }}/calicoctl.sh apply -f - +- name: Calico | Configure peering with router(s) at global scope + command: + cmd: "{{ bin_dir }}/calicoctl.sh apply -f -" + stdin: > + {"apiVersion": "projectcalico.org/v3", + "kind": "BGPPeer", + "metadata": { + "name": "global-{{ item.router_id }}" + }, + "spec": { + "asNumber": "{{ item.as }}", + "peerIP": "{{ item.router_id }}" + }} register: output retries: 4 until: output.rc == 0 @@ -215,18 +222,19 @@ - inventory_hostname == groups['kube-master'][0] - peer_with_router|default(false) -- name: Calico | Configure peering with route reflectors at global scope # noqa 306 - shell: | - echo '{ - "apiVersion": "projectcalico.org/v3", - "kind": "BGPPeer", - "metadata": { - "name": "peer-to-rrs" - }, - "spec": { - "nodeSelector": "!has(i-am-a-route-reflector)", - "peerSelector": "has(i-am-a-route-reflector)" - }}' | {{ bin_dir }}/calicoctl.sh apply -f - +- name: Calico | Configure peering with route reflectors at global scope + command: + cmd: "{{ bin_dir }}/calicoctl.sh apply -f -" + stdin: > + {"apiVersion": "projectcalico.org/v3", + "kind": "BGPPeer", + "metadata": { + "name": "peer-to-rrs" + }, + "spec": { + "nodeSelector": "!has(i-am-a-route-reflector)", + "peerSelector": "has(i-am-a-route-reflector)" + }} register: output retries: 4 until: output.rc == 0 @@ -237,18 +245,19 @@ - inventory_hostname == groups['kube-master'][0] - peer_with_calico_rr|default(false) -- name: Calico | Configure route reflectors to peer with each other # noqa 306 - shell: > - echo '{ - "apiVersion": "projectcalico.org/v3", - "kind": "BGPPeer", - "metadata": { - "name": "rr-mesh" - }, - "spec": { - "nodeSelector": "has(i-am-a-route-reflector)", - "peerSelector": "has(i-am-a-route-reflector)" - }}' | {{ bin_dir }}/calicoctl.sh apply -f - +- name: Calico | Configure route reflectors to peer with each other + command: + cmd: "{{ bin_dir }}/calicoctl.sh apply -f -" + stdin: > + {"apiVersion": "projectcalico.org/v3", + "kind": "BGPPeer", + "metadata": { + "name": "rr-mesh" + }, + "spec": { + "nodeSelector": "has(i-am-a-route-reflector)", + "peerSelector": "has(i-am-a-route-reflector)" + }} register: output retries: 4 until: output.rc == 0 @@ -310,20 +319,21 @@ - inventory_hostname not in groups['kube-master'] - calico_datastore == "kdd" -- name: Calico | Configure node asNumber for per node peering # noqa 306 - shell: > - echo '{ - "apiVersion": "projectcalico.org/v3", - "kind": "Node", - "metadata": { - "name": "{{ inventory_hostname }}" - }, - "spec": { - "bgp": { - "asNumber": "{{ local_as }}" +- name: Calico | Configure node asNumber for per node peering + command: + cmd: "{{ bin_dir }}/calicoctl.sh apply -f -" + stdin: > + {"apiVersion": "projectcalico.org/v3", + "kind": "Node", + "metadata": { + "name": "{{ inventory_hostname }}" }, - "orchRefs":[{"nodeName":"{{ inventory_hostname }}","orchestrator":"k8s"}] - }}' | {{ bin_dir }}/calicoctl.sh apply -f - + "spec": { + "bgp": { + "asNumber": "{{ local_as }}" + }, + "orchRefs":[{"nodeName":"{{ inventory_hostname }}","orchestrator":"k8s"}] + }} register: output retries: 4 until: output.rc == 0 @@ -334,19 +344,20 @@ - local_as is defined - groups['calico-rr'] | default([]) | length == 0 -- name: Calico | Configure peering with router(s) at node scope # noqa 306 - shell: > - echo '{ - "apiVersion": "projectcalico.org/v3", - "kind": "BGPPeer", - "metadata": { - "name": "{{ inventory_hostname }}-{{ item.router_id }}" - }, - "spec": { - "asNumber": "{{ item.as }}", - "node": "{{ inventory_hostname }}", - "peerIP": "{{ item.router_id }}" - }}' | {{ bin_dir }}/calicoctl.sh apply -f - +- name: Calico | Configure peering with router(s) at node scope + command: + cmd: "{{ bin_dir }}/calicoctl.sh apply -f -" + stdin: > + {"apiVersion": "projectcalico.org/v3", + "kind": "BGPPeer", + "metadata": { + "name": "{{ inventory_hostname }}-{{ item.router_id }}" + }, + "spec": { + "asNumber": "{{ item.as }}", + "node": "{{ inventory_hostname }}", + "peerIP": "{{ item.router_id }}" + }} register: output retries: 4 until: output.rc == 0 diff --git a/roles/network_plugin/calico/tasks/pre.yml b/roles/network_plugin/calico/tasks/pre.yml index aaae21bcd..cebd717c4 100644 --- a/roles/network_plugin/calico/tasks/pre.yml +++ b/roles/network_plugin/calico/tasks/pre.yml @@ -1,8 +1,10 @@ --- -- name: Calico | Get kubelet hostname # noqa 306 +- name: Calico | Get kubelet hostname shell: >- - {{ bin_dir }}/kubectl get node -o custom-columns='NAME:.metadata.name,INTERNAL-IP:.status.addresses[?(@.type=="InternalIP")].address' + set -o pipefail && {{ bin_dir }}/kubectl get node -o custom-columns='NAME:.metadata.name,INTERNAL-IP:.status.addresses[?(@.type=="InternalIP")].address' | egrep "{{ ansible_all_ipv4_addresses | join('$|') }}$" | cut -d" " -f1 + args: + executable: /bin/bash register: calico_kubelet_name delegate_to: "{{ groups['kube-master'][0] }}" when: