diff --git a/Vagrantfile b/Vagrantfile index ac8b91827..85a32d0f4 100644 --- a/Vagrantfile +++ b/Vagrantfile @@ -97,7 +97,9 @@ Vagrant.configure("2") do |config| ansible.host_key_checking = false ansible.raw_arguments = ["--forks=#{$num_instances}"] ansible.host_vars = host_vars - #ansible.tags = ['download'] + if ENV['ansible_tags'] + ansible.tags = ENV['ansible_tags'].split(',') + end ansible.groups = { # The first three nodes should be etcd servers "etcd" => ["k8s-0[1:3]"], diff --git a/cluster.yml b/cluster.yml index 4ccef1963..753934175 100644 --- a/cluster.yml +++ b/cluster.yml @@ -14,3 +14,15 @@ - hosts: k8s-cluster roles: - { role: dnsmasq, tags: dnsmasq } + +- hosts: kube-master + roles: + - role: helm + tags: helm + when: helm_enabled|default('False')|bool + +- hosts: kube-master + roles: + - role: deis + tags: deis + when: deis_enabled|default('False')|bool diff --git a/inventory/group_vars/all.yml b/inventory/group_vars/all.yml index b73fb66b2..41331b637 100644 --- a/inventory/group_vars/all.yml +++ b/inventory/group_vars/all.yml @@ -134,3 +134,6 @@ dns_server: "{{ kube_service_addresses|ipaddr('net')|ipaddr(2)|ipaddr('address') ## An obvious use case is allowing insecure-registry access ## to self hosted registries like so: docker_options: "--insecure-registry={{ kube_service_addresses }}" + +## Enable [DEIS Workflow](https://docs-v2.readthedocs.io/en/latest/) +deis_enabled: True diff --git a/roles/deis/defaults/main.yml b/roles/deis/defaults/main.yml new file mode 100644 index 000000000..500077ad6 --- /dev/null +++ b/roles/deis/defaults/main.yml @@ -0,0 +1,30 @@ +--- +deis_chart_repo: "https://github.com/deis/charts" +deis_remote_chart_name: "deis/workflow-rc1" +deis_local_chart_name: "workflow-rc1" + +deis_helm_command: "helmc --home /etc/deis/helm" + +# lookup service that returns IP when accessed like +# `$ host deis.10.3.3.11.nip.io` +deis_wildcard_provider: nip.io + +# the interval and number of times to retry the deis +# api when installing. If you have a slow connection +# you may need to increase these values. +deis_check_api_retries: 20 +deis_check_api_interval: 60 + + +# by default we will create an admin user. set one +# of these values to null if you do not want this +# behavior. +deis_admin_username: admin +deis_admin_password: admin +deis_admin_email: admin@example.com + +# do not change this +deis_admin_register: + username: "{{ deis_admin_username }}" + password: "{{ deis_admin_password }}" + email: "{{ deis_admin_email }}" diff --git a/roles/deis/handlers/main.yml b/roles/deis/handlers/main.yml new file mode 100644 index 000000000..f92fd9809 --- /dev/null +++ b/roles/deis/handlers/main.yml @@ -0,0 +1,7 @@ +--- +- name: generate deis manifest + command: "{{ deis_helm_command }} generate -x manifests {{ deis_local_chart_name }}" + +- name: give k8s a chance to get deis pods scheduled + pause: + minutes: 1 diff --git a/roles/deis/meta/main.yml b/roles/deis/meta/main.yml new file mode 100644 index 000000000..bb7c8a838 --- /dev/null +++ b/roles/deis/meta/main.yml @@ -0,0 +1,5 @@ +--- +dependencies: + - role: helm + - role: download + file: "{{ downloads.deis }}" diff --git a/roles/deis/tasks/main.yml b/roles/deis/tasks/main.yml new file mode 100644 index 000000000..25eb64a6a --- /dev/null +++ b/roles/deis/tasks/main.yml @@ -0,0 +1,90 @@ +--- +- name: Copy deis binary + command: rsync -piu "{{ local_release_dir }}/deis/deis-{{ deis_version }}" "{{ bin_dir }}/deis" + changed_when: false + +- name: create deis config path + file: + path: /etc/deis + state: directory + +- name: tell helm about deis chart repo + command: "{{ deis_helm_command }} repo add deis {{ deis_chart_repo }}" + args: + creates: /etc/deis/helm/cache/deis + +- name: fetch deis charts + command: "{{ deis_helm_command }} fetch {{ deis_remote_chart_name }}" + args: + creates: "/etc/deis/helm/workspace/charts/{{ deis_local_chart_name }}/Chart.yaml" + notify: + - generate deis manifest + +- meta: flush_handlers + +- name: check if deis namespace exists + uri: + url: http://localhost:8080/api/v1/namespaces/deis + method: GET + register: deis_namespace + failed_when: false + run_once: true + +- name: install deis + command: "{{ deis_helm_command }} install {{ deis_local_chart_name }}" + when: deis_namespace.status != 200 + run_once: true + notify: + - give k8s a chance to get deis pods scheduled + +- meta: flush_handlers + +- name: get deis router IP + shell: "kubectl --namespace=deis describe service deis-router | grep IP | awk '{ print $2 }'" + register: deis_router_ip + retries: 10 + delay: 60 + changed_when: false + +- name: check deis API + uri: + url: "http://deis.{{ deis_router_ip.stdout }}.{{ deis_wildcard_provider }}/v2/" + method: GET + register: check_deis_api + run_once: true + failed_when: check_deis_api.status != 401 + until: check_deis_api.status == 401 + retries: "{{ deis_check_api_retries }}" + delay: "{{ deis_check_api_interval }}" + +- name: check if deis admin credentials work + uri: + url: "http://deis.{{ deis_router_ip.stdout }}.{{ deis_wildcard_provider }}/v2/auth/login/" + body: "{{ deis_admin_register | to_json }}" + method: POST + body_format: json + register: check_deis_admin_creds + run_once: true + failed_when: false + +- name: set deis admin credentials. + uri: + url: "http://deis.{{ deis_router_ip.stdout }}.{{ deis_wildcard_provider }}/v2/auth/register/" + method: POST + body: "{{ deis_admin_register | to_json }}" + body_format: json + register: set_deis_admin_user + run_once: true + failed_when: false + when: check_deis_admin_creds.status == 401 + +- name: check if deis admin credentials work + uri: + url: "http://deis.{{ deis_router_ip.stdout }}.{{ deis_wildcard_provider }}/v2/auth/login/" + body: "{{ deis_admin_register | to_json }}" + method: POST + body_format: json + register: check_deis_admin_creds_after_creation + when: check_deis_admin_creds.status == 401 + run_once: true + failed_when: check_deis_admin_creds_after_creation.status != 200 diff --git a/roles/download/defaults/main.yml b/roles/download/defaults/main.yml index 55b437f53..054fedf80 100644 --- a/roles/download/defaults/main.yml +++ b/roles/download/defaults/main.yml @@ -4,24 +4,22 @@ local_release_dir: /tmp # if this is set to true will only download files once download_run_once: False +## Core Components # Versions kube_version: "v1.2.4" etcd_version: v2.2.5 calico_version: v0.19.0 calico_cni_version: v1.2.1 weave_version: v1.5.0 - # Download URL's kubelet_download_url: "https://storage.googleapis.com/kargo/{{kube_version}}_kubernetes-kubelet" apiserver_download_url: "https://storage.googleapis.com/kargo/{{kube_version}}_kubernetes-apiserver" kubectl_download_url: "https://storage.googleapis.com/kargo/{{kube_version}}_kubernetes-kubectl" - etcd_download_url: "https://storage.googleapis.com/kargo/{{etcd_version}}_etcd" calico_download_url: "https://storage.googleapis.com/kargo/{{calico_version}}_calico" calico_cni_download_url: "https://storage.googleapis.com/kargo/{{calico_cni_version}}_calico-cni-plugin" calico_cni_ipam_download_url: "https://storage.googleapis.com/kargo/{{calico_cni_version}}_calico-cni-plugin-ipam" weave_download_url: "https://storage.googleapis.com/kargo/{{weave_version}}_weave" - # Checksums calico_checksum: "6db00c94619e82d878d348c4e1791f8d2f0db59075f6c8e430fefae297c54d96" calico_cni_checksum: "b2eeb45fdfce58394e3a0019dd4b74bebe4bb35ed6d7c399213297594f25e89e" @@ -32,7 +30,19 @@ kubectl_checksum: "dac61fbd506f7a17540feca691cd8a9d9d628d59661eebce788a50511f578 kubelet_checksum: "4adaf40592248eef6fd4fa126464915ea41e624a70dc77178089760ed235e341" kube_apiserver_checksum: "6ac99b36b02968459e026fcfc234207c66064b5e11816b69dd8fc234b2ffec1e" +## Extra Components +# Versions +helm_version: "0.8.0%2Bf3cafbc" +deis_version: "7283e7c" +# Download URL's +helm_download_url: "https://bintray.com/deis/helm/download_file?file_path=helmc-{{ helm_version }}-linux-amd64.zip" +deis_download_url: "https://dl.bintray.com/deis/deisci/deis-{{ deis_version }}-linux-amd64" +# Checksums +helm_checksum: "f91216d0ec77aba2e330827bdc0e599f50d0d75f5d437b9413f6a464299be186" +deis_checksum: "c28ab01c4fd220153d0303401f711e02963c2320b39ffc288a378ab862cc47f7" + downloads: +## Core Components calico: dest: calico/bin/calicoctl version: "{{calico_version}}" @@ -98,6 +108,24 @@ downloads: url: "{{ apiserver_download_url }}" owner: "kube" mode: "0755" +## Extras + helm: + version: "{{ helm_version }}" + dest: "helm/helmc-{{ helm_version }}-linux-amd64.zip" + sha256: "{{ helm_checksum }}" + source_url: "{{ helm_download_url }}" + url: "{{ helm_download_url }}" + unarchive: true + owner: "kube" + mode: "0755" + deis: + version: "{{ deis_version }}" + dest: "deis/deis-{{ deis_version }}" + sha256: "{{ deis_checksum }}" + source_url: "{{ deis_download_url }}" + url: "{{ deis_download_url }}" + owner: "kube" + mode: "0755" download: enabled: "{{ file.enabled|default('true') }}" diff --git a/roles/download/tasks/main.yml b/roles/download/tasks/main.yml index 40bd3c902..1eacd47b8 100644 --- a/roles/download/tasks/main.yml +++ b/roles/download/tasks/main.yml @@ -3,6 +3,7 @@ debug: msg: "{{ download.url }}" when: "{{ download.enabled|bool }}" + run_once: "{{ download_run_once|bool }}" - name: Create dest directories file: path={{local_release_dir}}/{{download.dest|dirname}} state=directory recurse=yes diff --git a/roles/etcd/tasks/main.yml b/roles/etcd/tasks/main.yml index b91c9a252..89d1df74a 100644 --- a/roles/etcd/tasks/main.yml +++ b/roles/etcd/tasks/main.yml @@ -10,7 +10,6 @@ # reload systemd before starting service - meta: flush_handlers - - name: Ensure etcd is running service: name: etcd diff --git a/roles/helm/meta/main.yml b/roles/helm/meta/main.yml new file mode 100644 index 000000000..50f762b55 --- /dev/null +++ b/roles/helm/meta/main.yml @@ -0,0 +1,4 @@ +--- +dependencies: + - role: download + file: "{{ downloads.helm }}" diff --git a/roles/helm/tasks/main.yml b/roles/helm/tasks/main.yml new file mode 100644 index 000000000..57fc1287f --- /dev/null +++ b/roles/helm/tasks/main.yml @@ -0,0 +1,4 @@ +--- +- name: Copy helm binary + command: rsync -piu "{{ local_release_dir }}/helm/helmc" "{{ bin_dir }}/helmc" + changed_when: false diff --git a/roles/kubernetes/preinstall/defaults/main.yml b/roles/kubernetes/preinstall/defaults/main.yml index 49f9b7c0e..b150802bc 100644 --- a/roles/kubernetes/preinstall/defaults/main.yml +++ b/roles/kubernetes/preinstall/defaults/main.yml @@ -7,6 +7,7 @@ common_required_pkgs: - curl - rsync - bash-completion + - unzip