diff --git a/roles/bootstrap-os/tasks/bootstrap-coreos.yml b/roles/bootstrap-os/tasks/bootstrap-coreos.yml index 18747f139..cf46b43f9 100644 --- a/roles/bootstrap-os/tasks/bootstrap-coreos.yml +++ b/roles/bootstrap-os/tasks/bootstrap-coreos.yml @@ -3,7 +3,8 @@ raw: stat /opt/bin/.bootstrapped register: need_bootstrap failed_when: false - tags: facts + tags: + - facts - name: Bootstrap | Run bootstrap.sh script: bootstrap.sh @@ -11,7 +12,8 @@ - set_fact: ansible_python_interpreter: "/opt/bin/python" - tags: facts + tags: + - facts - name: Bootstrap | Check if we need to install pip shell: "{{ansible_python_interpreter}} -m pip --version" @@ -20,7 +22,8 @@ changed_when: false check_mode: no when: need_bootstrap.rc != 0 - tags: facts + tags: + - facts - name: Bootstrap | Copy get-pip.py copy: diff --git a/roles/bootstrap-os/tasks/bootstrap-ubuntu.yml b/roles/bootstrap-os/tasks/bootstrap-ubuntu.yml index 64df71bd6..ad63a593f 100644 --- a/roles/bootstrap-os/tasks/bootstrap-ubuntu.yml +++ b/roles/bootstrap-os/tasks/bootstrap-ubuntu.yml @@ -8,7 +8,8 @@ with_items: - python - pip - tags: facts + tags: + - facts - name: Bootstrap | Install python 2.x and pip raw: @@ -19,4 +20,5 @@ - set_fact: ansible_python_interpreter: "/usr/bin/python" - tags: facts + tags: + - facts diff --git a/roles/dnsmasq/meta/main.yml b/roles/dnsmasq/meta/main.yml index 290754e33..aa0476977 100644 --- a/roles/dnsmasq/meta/main.yml +++ b/roles/dnsmasq/meta/main.yml @@ -3,4 +3,6 @@ dependencies: - role: download file: "{{ downloads.dnsmasq }}" when: dns_mode == 'dnsmasq_kubedns' and download_localhost|default(false) - tags: [download, dnsmasq] + tags: + - download + - dnsmasq diff --git a/roles/dnsmasq/tasks/main.yml b/roles/dnsmasq/tasks/main.yml index 4a9031013..35b88f9dc 100644 --- a/roles/dnsmasq/tasks/main.yml +++ b/roles/dnsmasq/tasks/main.yml @@ -3,13 +3,15 @@ file: path: /etc/dnsmasq.d state: directory - tags: bootstrap-os + tags: + - bootstrap-os - name: ensure dnsmasq.d-available directory exists file: path: /etc/dnsmasq.d-available state: directory - tags: bootstrap-os + tags: + - bootstrap-os - name: check system nameservers shell: awk '/^nameserver/ {print $NF}' /etc/resolv.conf diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml index ef7e7fe8d..0ecd6756f 100644 --- a/roles/docker/tasks/main.yml +++ b/roles/docker/tasks/main.yml @@ -12,11 +12,13 @@ paths: - ../vars skip: true - tags: facts + tags: + - facts - include: set_facts_dns.yml when: dns_mode != 'none' and resolvconf_mode == 'docker_dns' - tags: facts + tags: + - facts - name: check for minimum kernel version fail: @@ -25,7 +27,8 @@ {{ docker_kernel_min_version }} on {{ ansible_distribution }}-{{ ansible_distribution_version }} when: (not ansible_os_family in ["CoreOS", "Container Linux by CoreOS"]) and (ansible_kernel|version_compare(docker_kernel_min_version, "<")) - tags: facts + tags: + - facts - name: ensure docker repository public key is installed action: "{{ docker_repo_key_info.pkg_key }}" diff --git a/roles/download/tasks/main.yml b/roles/download/tasks/main.yml index 9fa0d7ca8..629c92219 100644 --- a/roles/download/tasks/main.yml +++ b/roles/download/tasks/main.yml @@ -7,7 +7,8 @@ when: - download.enabled|bool - not download.container|bool - tags: bootstrap-os + tags: + - bootstrap-os - name: file_download | Download item get_url: @@ -50,7 +51,8 @@ - set_fact: download_delegate: "{% if download_localhost|bool %}localhost{% else %}{{groups['kube-master'][0]}}{% endif %}" run_once: true - tags: facts + tags: + - facts - name: container_download | Create dest directory for saved/loaded container images file: @@ -62,7 +64,8 @@ when: - download.enabled|bool - download.container|bool - tags: bootstrap-os + tags: + - bootstrap-os # This is required for the download_localhost delegate to work smooth with Container Linux by CoreOS cluster nodes - name: container_download | Hack python binary path for localhost @@ -70,7 +73,8 @@ delegate_to: localhost when: download_delegate == 'localhost' failed_when: false - tags: localhost + tags: + - localhost - name: container_download | create local directory for saved/loaded container images file: @@ -85,7 +89,8 @@ - download.enabled|bool - download.container|bool - download_delegate == 'localhost' - tags: localhost + tags: + - localhost - name: container_download | Make download decision if pull is required by tag or sha256 include: set_docker_image_facts.yml @@ -94,7 +99,8 @@ - download.container|bool delegate_to: "{{ download_delegate if download_run_once|bool or omit }}" run_once: "{{ download_run_once|bool }}" - tags: facts + tags: + - facts - name: container_download | Download containers if pull is required or told to always pull command: "{{ docker_bin_dir }}/docker pull {{ pull_args }}" @@ -112,7 +118,8 @@ - set_fact: fname: "{{local_release_dir}}/containers/{{download.repo|regex_replace('/|\0|:', '_')}}:{{download.tag|default(download.sha256)|regex_replace('/|\0|:', '_')}}.tar" run_once: true - tags: facts + tags: + - facts - name: "container_download | Set default value for 'container_changed' to false" set_fact: @@ -126,7 +133,8 @@ - download.container|bool - pull_required|bool|default(download_always_pull) run_once: "{{ download_run_once|bool }}" - tags: facts + tags: + - facts - name: container_download | Stat saved container image stat: @@ -140,7 +148,8 @@ delegate_to: "{{ download_delegate }}" become: false run_once: true - tags: facts + tags: + - facts - name: container_download | save container images shell: "{{ docker_bin_dir }}/docker save {{ pull_args }} | gzip -{{ download_compress }} > {{ fname }}" @@ -188,7 +197,9 @@ - download_run_once|bool - download.enabled|bool - download.container|bool - tags: [upload, upgrade] + tags: + - upload + - upgrade - name: container_download | load container images shell: "{{ docker_bin_dir }}/docker load < {{ fname }}" @@ -198,4 +209,6 @@ - download_run_once|bool - download.enabled|bool - download.container|bool - tags: [upload, upgrade] + tags: + - upload + - upgrade diff --git a/roles/etcd/meta/main.yml b/roles/etcd/meta/main.yml index 9bd6f02a3..5e6e581c2 100644 --- a/roles/etcd/meta/main.yml +++ b/roles/etcd/meta/main.yml @@ -3,8 +3,10 @@ dependencies: - role: adduser user: "{{ addusers.etcd }}" when: not (ansible_os_family in ['CoreOS', 'Container Linux by CoreOS'] or is_atomic) + - role: download file: "{{ downloads.etcd }}" - tags: download + tags: + - download # NOTE: Dynamic task dependency on Vault Role if cert_management == "vault" diff --git a/roles/etcd/tasks/configure.yml b/roles/etcd/tasks/configure.yml index 4546d7896..5f8756e71 100644 --- a/roles/etcd/tasks/configure.yml +++ b/roles/etcd/tasks/configure.yml @@ -6,7 +6,8 @@ changed_when: false check_mode: no when: is_etcd_master - tags: facts + tags: + - facts - name: Configure | Add member to the cluster if it is not there when: is_etcd_master and etcd_member_in_cluster.rc != 0 and etcd_cluster_is_healthy.rc == 0 diff --git a/roles/etcd/tasks/gen_certs_script.yml b/roles/etcd/tasks/gen_certs_script.yml index 00b8b3489..3fbafc52a 100644 --- a/roles/etcd/tasks/gen_certs_script.yml +++ b/roles/etcd/tasks/gen_certs_script.yml @@ -83,7 +83,8 @@ 'node-{{ node }}-key.pem', {% endfor %}]" my_node_certs: ['ca.pem', 'node-{{ inventory_hostname }}.pem', 'node-{{ inventory_hostname }}-key.pem'] - tags: facts + tags: + - facts - name: Gen_certs | Gather etcd master certs shell: "tar cfz - -C {{ etcd_cert_dir }} -T /dev/stdin <<< {{ my_master_certs|join(' ') }} {{ all_node_certs|join(' ') }} | base64 --wrap=0" diff --git a/roles/etcd/tasks/gen_certs_vault.yml b/roles/etcd/tasks/gen_certs_vault.yml index 0048a7003..e8955cf70 100644 --- a/roles/etcd/tasks/gen_certs_vault.yml +++ b/roles/etcd/tasks/gen_certs_vault.yml @@ -1,11 +1,13 @@ --- - include: sync_etcd_master_certs.yml when: inventory_hostname in groups.etcd - tags: etcd-secrets + tags: + - etcd-secrets - include: sync_etcd_node_certs.yml when: inventory_hostname in etcd_node_cert_hosts - tags: etcd-secrets + tags: + - etcd-secrets # Issue master certs to Etcd nodes - include: ../../vault/tasks/shared/issue_cert.yml diff --git a/roles/etcd/tasks/main.yml b/roles/etcd/tasks/main.yml index d3bfe9628..2e0076f17 100644 --- a/roles/etcd/tasks/main.yml +++ b/roles/etcd/tasks/main.yml @@ -1,13 +1,17 @@ --- - include: check_certs.yml when: cert_management == "script" - tags: [etcd-secrets, facts] + tags: + - etcd-secrets + - facts - include: "gen_certs_{{ cert_management }}.yml" - tags: etcd-secrets + tags: + - etcd-secrets - include: upd_ca_trust.yml - tags: etcd-secrets + tags: + - etcd-secrets - name: "Gen_certs | Get etcd certificate serials" shell: "openssl x509 -in {{ etcd_cert_dir }}/node-{{ inventory_hostname }}.pem -noout -serial | cut -d= -f2" @@ -16,7 +20,8 @@ - include: "install_{{ etcd_deployment_type }}.yml" when: is_etcd_master - tags: upgrade + tags: + - upgrade - include: set_cluster_health.yml when: is_etcd_master and etcd_cluster_setup diff --git a/roles/etcd/tasks/set_cluster_health.yml b/roles/etcd/tasks/set_cluster_health.yml index 8cf5e8867..ecf248fec 100644 --- a/roles/etcd/tasks/set_cluster_health.yml +++ b/roles/etcd/tasks/set_cluster_health.yml @@ -6,4 +6,5 @@ changed_when: false check_mode: no when: is_etcd_master - tags: facts + tags: + - facts diff --git a/roles/etcd/tasks/upd_ca_trust.yml b/roles/etcd/tasks/upd_ca_trust.yml index 81ce1e573..dd36554fb 100644 --- a/roles/etcd/tasks/upd_ca_trust.yml +++ b/roles/etcd/tasks/upd_ca_trust.yml @@ -9,7 +9,8 @@ {%- elif ansible_os_family in ["CoreOS", "Container Linux by CoreOS"] -%} /etc/ssl/certs/etcd-ca.pem {%- endif %} - tags: facts + tags: + - facts - name: Gen_certs | add CA to trusted CA dir copy: diff --git a/roles/kubernetes-apps/ansible/tasks/main.yml b/roles/kubernetes-apps/ansible/tasks/main.yml index 9e9a30382..57f98ed86 100644 --- a/roles/kubernetes-apps/ansible/tasks/main.yml +++ b/roles/kubernetes-apps/ansible/tasks/main.yml @@ -16,7 +16,8 @@ resource: "{{ item }}" state: absent with_items: ['deploy', 'svc'] - tags: upgrade + tags: + - upgrade - name: Kubernetes Apps | Delete kubeadm kubedns kube: @@ -46,7 +47,8 @@ when: - dns_mode != 'none' and inventory_hostname == groups['kube-master'][0] - rbac_enabled or item.type not in rbac_resources - tags: dnsmasq + tags: + - dnsmasq # see https://github.com/kubernetes/kubernetes/issues/45084, only needed for "old" kube-dns - name: Kubernetes Apps | Patch system:kube-dns ClusterRole @@ -64,7 +66,8 @@ when: - dns_mode != 'none' and inventory_hostname == groups['kube-master'][0] - rbac_enabled and kubedns_version|version_compare("1.11.0", "<", strict=True) - tags: dnsmasq + tags: + - dnsmasq - name: Kubernetes Apps | Start Resources kube: @@ -79,14 +82,17 @@ - dns_mode != 'none' - inventory_hostname == groups['kube-master'][0] - not item|skipped - tags: dnsmasq + tags: + - dnsmasq - name: Kubernetes Apps | Netchecker include: tasks/netchecker.yml when: deploy_netchecker - tags: netchecker + tags: + - netchecker - name: Kubernetes Apps | Dashboard include: tasks/dashboard.yml when: dashboard_enabled - tags: dashboard + tags: + - dashboard diff --git a/roles/kubernetes-apps/ansible/tasks/netchecker.yml b/roles/kubernetes-apps/ansible/tasks/netchecker.yml index 3b9168c03..c07f07bba 100644 --- a/roles/kubernetes-apps/ansible/tasks/netchecker.yml +++ b/roles/kubernetes-apps/ansible/tasks/netchecker.yml @@ -4,7 +4,9 @@ stat: path: "{{ kube_config_dir }}/netchecker-server-deployment.yml.j2" register: netchecker_server_manifest - tags: ['facts', 'upgrade'] + tags: + - facts + - upgrade - name: Kubernetes Apps | Apply netchecker-server manifest to update annotations kube: @@ -15,7 +17,8 @@ resource: "deploy" state: latest when: inventory_hostname == groups['kube-master'][0] and netchecker_server_manifest.stat.exists - tags: upgrade + tags: + - upgrade - name: Kubernetes Apps | Lay Down Netchecker Template template: diff --git a/roles/kubernetes-apps/meta/main.yml b/roles/kubernetes-apps/meta/main.yml index 9652e1a96..893f79424 100644 --- a/roles/kubernetes-apps/meta/main.yml +++ b/roles/kubernetes-apps/meta/main.yml @@ -3,16 +3,34 @@ dependencies: - role: download file: "{{ downloads.netcheck_server }}" when: deploy_netchecker - tags: [download, netchecker] + tags: + - download + - netchecker + - role: download file: "{{ downloads.netcheck_agent }}" when: deploy_netchecker - tags: [download, netchecker] - - {role: kubernetes-apps/ansible, tags: apps} - - {role: kubernetes-apps/kpm, tags: [apps, kpm]} + tags: + - download + - netchecker + + - role: kubernetes-apps/ansible + tags: + - apps + + - role: kubernetes-apps/kpm + tags: + - apps + - kpm + - role: kubernetes-apps/efk when: efk_enabled - tags: [ apps, efk ] + tags: + - apps + - efk + - role: kubernetes-apps/helm when: helm_enabled - tags: [ apps, helm ] + tags: + - apps + - helm diff --git a/roles/kubernetes-apps/network_plugin/meta/main.yml b/roles/kubernetes-apps/network_plugin/meta/main.yml index 4df295ea4..7c7b5a85b 100644 --- a/roles/kubernetes-apps/network_plugin/meta/main.yml +++ b/roles/kubernetes-apps/network_plugin/meta/main.yml @@ -2,13 +2,20 @@ dependencies: - role: kubernetes-apps/network_plugin/calico when: kube_network_plugin == 'calico' - tags: calico + tags: + - calico + - role: kubernetes-apps/network_plugin/canal when: kube_network_plugin == 'canal' - tags: canal + tags: + - canal + - role: kubernetes-apps/network_plugin/flannel when: kube_network_plugin == 'flannel' - tags: flannel + tags: + - flannel + - role: kubernetes-apps/network_plugin/weave when: kube_network_plugin == 'weave' - tags: weave + tags: + - weave diff --git a/roles/kubernetes-apps/policy_controller/calico/tasks/main.yml b/roles/kubernetes-apps/policy_controller/calico/tasks/main.yml index a6b1e18c1..9a7225186 100644 --- a/roles/kubernetes-apps/policy_controller/calico/tasks/main.yml +++ b/roles/kubernetes-apps/policy_controller/calico/tasks/main.yml @@ -3,7 +3,9 @@ set_fact: calico_cert_dir: "{{ canal_cert_dir }}" when: kube_network_plugin == 'canal' - tags: [facts, canal] + tags: + - facts + - canal - name: Get calico-policy-controller version if running shell: "{{ bin_dir }}/kubectl -n {{ system_namespace }} get rs calico-policy-controller -o=jsonpath='{$.spec.template.spec.containers[:1].image}' | cut -d':' -f2" diff --git a/roles/kubernetes-apps/policy_controller/meta/main.yml b/roles/kubernetes-apps/policy_controller/meta/main.yml index e678a318c..10838db0b 100644 --- a/roles/kubernetes-apps/policy_controller/meta/main.yml +++ b/roles/kubernetes-apps/policy_controller/meta/main.yml @@ -2,13 +2,23 @@ dependencies: - role: download file: "{{ downloads.calico_policy }}" - when: enable_network_policy and - kube_network_plugin in ['calico', 'canal'] - tags: [download, canal, policy-controller] + when: + - enable_network_policy + - kube_network_plugin in ['calico', 'canal'] + tags: + - download + - canal + - policy-controller + - role: policy_controller/calico - when: kube_network_plugin == 'calico' and - enable_network_policy - tags: policy-controller + when: + - kube_network_plugin == 'calico' + - enable_network_policy + tags: + - policy-controller + - role: policy_controller/calico - when: kube_network_plugin == 'canal' - tags: policy-controller + when: + - kube_network_plugin == 'canal' + tags: + - policy-controller diff --git a/roles/kubernetes/client/tasks/main.yml b/roles/kubernetes/client/tasks/main.yml index 2aab0342c..84f806107 100644 --- a/roles/kubernetes/client/tasks/main.yml +++ b/roles/kubernetes/client/tasks/main.yml @@ -11,7 +11,8 @@ {%- else -%} https://{{ first_kube_master }}:{{ kube_apiserver_port }} {%- endif -%} - tags: facts + tags: + - facts - name: Gather certs for admin kubeconfig slurp: diff --git a/roles/kubernetes/kubeadm/tasks/main.yml b/roles/kubernetes/kubeadm/tasks/main.yml index 3eae97a4c..ad902b4f0 100644 --- a/roles/kubernetes/kubeadm/tasks/main.yml +++ b/roles/kubernetes/kubeadm/tasks/main.yml @@ -8,7 +8,8 @@ {{ kube_apiserver_endpoint }} {%- endif %} when: not is_kube_master - tags: facts + tags: + - facts - name: Check if kubelet.conf exists stat: diff --git a/roles/kubernetes/master/meta/main.yml b/roles/kubernetes/master/meta/main.yml index 3ce338939..204421fc5 100644 --- a/roles/kubernetes/master/meta/main.yml +++ b/roles/kubernetes/master/meta/main.yml @@ -2,4 +2,6 @@ dependencies: - role: download file: "{{ downloads.hyperkube }}" - tags: [download, hyperkube] + tags: + - download + - hyperkube diff --git a/roles/kubernetes/master/tasks/kubeadm-setup.yml b/roles/kubernetes/master/tasks/kubeadm-setup.yml index 6d892be34..86068c71c 100644 --- a/roles/kubernetes/master/tasks/kubeadm-setup.yml +++ b/roles/kubernetes/master/tasks/kubeadm-setup.yml @@ -48,7 +48,8 @@ {%- if hostvars[host]['access_ip'] is defined %}{{ hostvars[host]['access_ip'] }}{% endif %} {{ hostvars[host]['ip'] | default(hostvars[host]['ansible_default_ipv4']['address']) }} {%- endfor %} - tags: facts + tags: + - facts - name: kubeadm | Copy etcd cert dir under k8s cert dir command: "cp -TR {{ etcd_cert_dir }} {{ kube_config_dir }}/ssl/etcd" diff --git a/roles/kubernetes/master/tasks/main.yml b/roles/kubernetes/master/tasks/main.yml index 822323e7f..6739443eb 100644 --- a/roles/kubernetes/master/tasks/main.yml +++ b/roles/kubernetes/master/tasks/main.yml @@ -1,6 +1,7 @@ --- - include: pre-upgrade.yml - tags: k8s-pre-upgrade + tags: + - k8s-pre-upgrade # upstream bug: https://github.com/kubernetes/kubeadm/issues/441 - name: Disable kube_basic_auth until kubeadm/441 is fixed @@ -18,12 +19,16 @@ retries: 4 delay: "{{ retry_stagger | random + 3 }}" changed_when: false - tags: [hyperkube, kubectl, upgrade] + tags: + - hyperkube + - kubectl + - upgrade - name: Install kubectl bash completion shell: "{{ bin_dir }}/kubectl completion bash >/etc/bash_completion.d/kubectl.sh" when: ansible_os_family in ["Debian","RedHat"] - tags: kubectl + tags: + - kubectl - name: Set kubectl bash completion file file: @@ -32,7 +37,9 @@ group: root mode: 0755 when: ansible_os_family in ["Debian","RedHat"] - tags: [kubectl, upgrade] + tags: + - kubectl + - upgrade - task: Include kubeadm setup if enabled include: kubeadm-setup.yml diff --git a/roles/kubernetes/master/tasks/static-pod-setup.yml b/roles/kubernetes/master/tasks/static-pod-setup.yml index 1a431e9dc..a68ffb137 100644 --- a/roles/kubernetes/master/tasks/static-pod-setup.yml +++ b/roles/kubernetes/master/tasks/static-pod-setup.yml @@ -4,7 +4,8 @@ src: manifests/kube-apiserver.manifest.j2 dest: "{{ kube_manifest_dir }}/kube-apiserver.manifest" notify: Master | wait for the apiserver to be running - tags: kube-apiserver + tags: + - kube-apiserver - meta: flush_handlers @@ -13,7 +14,8 @@ src: namespace.j2 dest: "{{kube_config_dir}}/{{system_namespace}}-ns.yml" when: inventory_hostname == groups['kube-master'][0] - tags: apps + tags: + - apps - name: Check if kube system namespace exists command: "{{ bin_dir }}/kubectl get ns {{system_namespace}}" @@ -21,7 +23,8 @@ changed_when: False failed_when: False when: inventory_hostname == groups['kube-master'][0] - tags: apps + tags: + - apps - name: Create kube system namespace command: "{{ bin_dir }}/kubectl create -f {{kube_config_dir}}/{{system_namespace}}-ns.yml" @@ -31,30 +34,35 @@ until: create_system_ns.rc == 0 changed_when: False when: inventory_hostname == groups['kube-master'][0] and kubesystem.rc != 0 - tags: apps + tags: + - apps - name: Write kube-scheduler kubeconfig template: src: kube-scheduler-kubeconfig.yaml.j2 dest: "{{ kube_config_dir }}/kube-scheduler-kubeconfig.yaml" - tags: kube-scheduler + tags: + - kube-scheduler - name: Write kube-scheduler manifest template: src: manifests/kube-scheduler.manifest.j2 dest: "{{ kube_manifest_dir }}/kube-scheduler.manifest" notify: Master | wait for kube-scheduler - tags: kube-scheduler + tags: + - kube-scheduler - name: Write kube-controller-manager kubeconfig template: src: kube-controller-manager-kubeconfig.yaml.j2 dest: "{{ kube_config_dir }}/kube-controller-manager-kubeconfig.yaml" - tags: kube-controller-manager + tags: + - kube-controller-manager - name: Write kube-controller-manager manifest template: src: manifests/kube-controller-manager.manifest.j2 dest: "{{ kube_manifest_dir }}/kube-controller-manager.manifest" notify: Master | wait for kube-controller-manager - tags: kube-controller-manager + tags: + - kube-controller-manager diff --git a/roles/kubernetes/node/meta/main.yml b/roles/kubernetes/node/meta/main.yml index c1f472bfd..f62228856 100644 --- a/roles/kubernetes/node/meta/main.yml +++ b/roles/kubernetes/node/meta/main.yml @@ -2,44 +2,90 @@ dependencies: - role: download file: "{{ downloads.hyperkube }}" - tags: [download, hyperkube, kubelet, network, canal, calico, weave, kube-controller-manager, kube-scheduler, kube-apiserver, kube-proxy, kubectl] + tags: + - download + - hyperkube + - kubelet + - network + - canal + - calico + - weave + - kube-controller-manager + - kube-scheduler + - kube-apiserver + - kube-proxy + - kubectl + - role: download file: "{{ downloads.pod_infra }}" - tags: [download, kubelet] + tags: + - download + - kubelet + - role: download file: "{{ downloads.install_socat }}" - tags: [download, kubelet] when: ansible_os_family in ['CoreOS', 'Container Linux by CoreOS'] + tags: + - download + - kubelet + - role: download file: "{{ downloads.kubeadm }}" - tags: [download, kubelet, kubeadm] when: kubeadm_enabled + tags: + - download + - kubelet + - kubeadm + - role: kubernetes/secrets when: not kubeadm_enabled - tags: k8s-secrets + tags: + - k8s-secrets - role: download file: "{{ downloads.nginx }}" - tags: [download, nginx] + tags: + - download + - nginx + - role: download file: "{{ downloads.testbox }}" - tags: download + tags: + - download + - role: download file: "{{ downloads.netcheck_server }}" when: deploy_netchecker - tags: [download, netchecker] + tags: + - download + - netchecker + - role: download file: "{{ downloads.netcheck_agent }}" when: deploy_netchecker - tags: [download, netchecker] + tags: + - download + - netchecker + - role: download file: "{{ downloads.kubedns }}" - tags: [download, dnsmasq] + tags: + - download + - dnsmasq + - role: download file: "{{ downloads.dnsmasq_nanny }}" - tags: [download, dnsmasq] + tags: + - download + - dnsmasq + - role: download file: "{{ downloads.dnsmasq_sidecar }}" - tags: [download, dnsmasq] + tags: + - download + - dnsmasq + - role: download file: "{{ downloads.kubednsautoscaler }}" - tags: [download, dnsmasq] + tags: + - download + - dnsmasq diff --git a/roles/kubernetes/node/tasks/install.yml b/roles/kubernetes/node/tasks/install.yml index d4401c236..7f40e0d76 100644 --- a/roles/kubernetes/node/tasks/install.yml +++ b/roles/kubernetes/node/tasks/install.yml @@ -11,19 +11,22 @@ '/usr/share/ca-certificates', {% endif -%} ]" - tags: facts + tags: + - facts - name: Set kubelet deployment to host if kubeadm is enabled set_fact: kubelet_deployment_type: host when: kubeadm_enabled - tags: kubeadm + tags: + - kubeadm - name: install | Copy kubeadm binary from download dir command: rsync -piu "{{ local_release_dir }}/kubeadm" "{{ bin_dir }}/kubeadm" changed_when: false when: kubeadm_enabled - tags: kubeadm + tags: + - kubeadm - name: install | Set kubeadm binary permissions file: @@ -31,7 +34,8 @@ mode: "0755" state: file when: kubeadm_enabled - tags: kubeadm + tags: + - kubeadm - include: "install_{{ kubelet_deployment_type }}.yml" diff --git a/roles/kubernetes/node/tasks/install_host.yml b/roles/kubernetes/node/tasks/install_host.yml index 9f1523ffe..07c493f48 100644 --- a/roles/kubernetes/node/tasks/install_host.yml +++ b/roles/kubernetes/node/tasks/install_host.yml @@ -6,7 +6,9 @@ retries: 4 delay: "{{ retry_stagger | random + 3 }}" changed_when: false - tags: [hyperkube, upgrade] + tags: + - hyperkube + - upgrade notify: restart kubelet - name: install | Copy socat wrapper for Container Linux diff --git a/roles/kubernetes/node/tasks/main.yml b/roles/kubernetes/node/tasks/main.yml index b12b2348e..b2229cd5c 100644 --- a/roles/kubernetes/node/tasks/main.yml +++ b/roles/kubernetes/node/tasks/main.yml @@ -1,9 +1,11 @@ --- - include: facts.yml - tags: facts + tags: + - facts - include: pre_upgrade.yml - tags: kubelet + tags: + - kubelet - name: Ensure /var/lib/cni exists file: @@ -12,11 +14,13 @@ mode: 0755 - include: install.yml - tags: kubelet + tags: + - kubelet - include: nginx-proxy.yml when: is_kube_master == false and loadbalancer_apiserver_localhost|default(true) - tags: nginx + tags: + - nginx - name: Write kubelet config file (non-kubeadm) template: @@ -25,7 +29,8 @@ backup: yes when: not kubeadm_enabled notify: restart kubelet - tags: kubelet + tags: + - kubelet - name: Write kubelet config file (kubeadm) template: @@ -34,7 +39,9 @@ backup: yes when: kubeadm_enabled notify: restart kubelet - tags: ['kubelet', 'kubeadm'] + tags: + - kubelet + - kubeadm - name: write the kubecfg (auth) file for kubelet template: @@ -46,7 +53,8 @@ - kube-proxy when: not kubeadm_enabled notify: restart kubelet - tags: kubelet + tags: + - kubelet - name: Ensure nodePort range is reserved sysctl: @@ -56,7 +64,8 @@ state: present reload: yes when: kube_apiserver_node_port_range is defined - tags: kube-proxy + tags: + - kube-proxy - name: Verify if br_netfilter module exists shell: "modinfo br_netfilter" @@ -94,14 +103,16 @@ src: manifests/kube-proxy.manifest.j2 dest: "{{ kube_manifest_dir }}/kube-proxy.manifest" when: not kubeadm_enabled - tags: kube-proxy + tags: + - kube-proxy - name: Purge proxy manifest for kubeadm file: path: "{{ kube_manifest_dir }}/kube-proxy.manifest" state: absent when: kubeadm_enabled - tags: kube-proxy + tags: + - kube-proxy # reload-systemd - meta: flush_handlers @@ -111,4 +122,5 @@ name: kubelet enabled: yes state: started - tags: kubelet + tags: + - kubelet diff --git a/roles/kubernetes/node/tasks/pre_upgrade.yml b/roles/kubernetes/node/tasks/pre_upgrade.yml index d92b05809..ee4836974 100644 --- a/roles/kubernetes/node/tasks/pre_upgrade.yml +++ b/roles/kubernetes/node/tasks/pre_upgrade.yml @@ -8,4 +8,4 @@ - name: "Pre-upgrade | ensure kubelet container is stopped if using host deployment" command: docker stop kubelet failed_when: false - when: kubelet_deployment_type == "host" + when: kubelet_deployment_type == 'host' diff --git a/roles/kubernetes/preinstall/meta/main.yml b/roles/kubernetes/preinstall/meta/main.yml index 203d968a7..7eeef4b25 100644 --- a/roles/kubernetes/preinstall/meta/main.yml +++ b/roles/kubernetes/preinstall/meta/main.yml @@ -2,5 +2,6 @@ dependencies: - role: adduser user: "{{ addusers.kube }}" - tags: kubelet - when: not is_atomic \ No newline at end of file + when: not is_atomic + tags: + - kubelet \ No newline at end of file diff --git a/roles/kubernetes/preinstall/tasks/main.yml b/roles/kubernetes/preinstall/tasks/main.yml index 56b52b6c8..6021dcf67 100644 --- a/roles/kubernetes/preinstall/tasks/main.yml +++ b/roles/kubernetes/preinstall/tasks/main.yml @@ -1,12 +1,14 @@ --- - include: verify-settings.yml - tags: asserts + tags: + - asserts - name: Force binaries directory for Container Linux by CoreOS set_fact: bin_dir: "/opt/bin" when: ansible_os_family in ["CoreOS", "Container Linux by CoreOS"] - tags: facts + tags: + - facts - name: check bin dir exists file: @@ -14,10 +16,12 @@ state: directory owner: root become: true - tags: bootstrap-os + tags: + - bootstrap-os - include: set_facts.yml - tags: facts + tags: + - facts - name: gather os specific variables include_vars: "{{ item }}" @@ -32,7 +36,8 @@ paths: - ../vars skip: true - tags: facts + tags: + - facts - name: Create kubernetes directories file: @@ -40,7 +45,16 @@ state: directory owner: kube when: inventory_hostname in groups['k8s-cluster'] - tags: [kubelet, k8s-secrets, kube-controller-manager, kube-apiserver, bootstrap-os, apps, network, master, node] + tags: + - kubelet + - k8s-secrets + - kube-controller-manager + - kube-apiserver + - bootstrap-os + - apps + - network + - master + - node with_items: - "{{ kube_config_dir }}" - "{{ kube_config_dir }}/ssl" @@ -53,13 +67,17 @@ when: - cloud_provider is defined - cloud_provider not in ['generic', 'gce', 'aws', 'azure', 'openstack', 'vsphere'] - tags: [cloud-provider, facts] + tags: + - cloud-provider + - facts - include: "{{ cloud_provider }}-credential-check.yml" when: - cloud_provider is defined - cloud_provider in [ 'openstack', 'azure', 'vsphere' ] - tags: [cloud-provider, facts] + tags: + - cloud-provider + - facts - name: Create cni directories file: @@ -72,7 +90,12 @@ when: - kube_network_plugin in ["calico", "weave", "canal", "flannel"] - inventory_hostname in groups['k8s-cluster'] - tags: [network, calico, weave, canal, bootstrap-os] + tags: + - network + - calico + - weave + - canal + - bootstrap-os - name: Update package management cache (YUM) yum: @@ -85,7 +108,8 @@ when: - ansible_pkg_mgr == 'yum' - not is_atomic - tags: bootstrap-os + tags: + - bootstrap-os - name: Install latest version of python-apt for Debian distribs apt: @@ -94,7 +118,8 @@ update_cache: yes cache_valid_time: 3600 when: ansible_os_family == "Debian" - tags: bootstrap-os + tags: + - bootstrap-os - name: Install python-dnf for latest RedHat versions command: dnf install -y python-dnf yum @@ -106,7 +131,8 @@ - ansible_distribution == "Fedora" - ansible_distribution_major_version > 21 changed_when: False - tags: bootstrap-os + tags: + - bootstrap-os - name: Install epel-release on RedHat/CentOS shell: rpm -qa | grep epel-release || rpm -ivh {{ epel_rpm_download_url }} @@ -121,7 +147,8 @@ delay: "{{ retry_stagger | random + 3 }}" changed_when: False check_mode: no - tags: bootstrap-os + tags: + - bootstrap-os - name: Install packages requirements action: @@ -134,7 +161,8 @@ delay: "{{ retry_stagger | random + 3 }}" with_items: "{{required_pkgs | default([]) | union(common_required_pkgs|default([]))}}" when: not (ansible_os_family in ["CoreOS", "Container Linux by CoreOS"] or is_atomic) - tags: bootstrap-os + tags: + - bootstrap-os # Todo : selinux configuration - name: Confirm selinux deployed @@ -151,7 +179,8 @@ - ansible_os_family == "RedHat" - slc.stat.exists == True changed_when: False - tags: bootstrap-os + tags: + - bootstrap-os - name: Disable IPv6 DNS lookup lineinfile: @@ -162,18 +191,21 @@ when: - disable_ipv6_dns - not ansible_os_family in ["CoreOS", "Container Linux by CoreOS"] - tags: bootstrap-os + tags: + - bootstrap-os - name: set default sysctl file path set_fact: sysctl_file_path: "/etc/sysctl.d/99-sysctl.conf" - tags: bootstrap-os + tags: + - bootstrap-os - name: Stat sysctl file configuration stat: path: "{{sysctl_file_path}}" register: sysctl_file_stat - tags: bootstrap-os + tags: + - bootstrap-os - name: Change sysctl file path to link source if linked set_fact: @@ -181,7 +213,8 @@ when: - sysctl_file_stat.stat.islnk is defined - sysctl_file_stat.stat.islnk - tags: bootstrap-os + tags: + - bootstrap-os - name: Enable ip forwarding sysctl: @@ -189,7 +222,8 @@ name: net.ipv4.ip_forward value: 1 state: present - tags: bootstrap-os + tags: + - bootstrap-os - name: Write cloud-config template: @@ -201,39 +235,50 @@ - inventory_hostname in groups['k8s-cluster'] - cloud_provider is defined - cloud_provider in [ 'openstack', 'azure', 'vsphere' ] - tags: [cloud-provider] + tags: + - cloud-provider - include: etchosts.yml - tags: [bootstrap-os, etchosts] + tags: + - bootstrap-os + - etchosts - include: resolvconf.yml when: - dns_mode != 'none' - resolvconf_mode == 'host_resolvconf' - tags: [bootstrap-os, resolvconf] + tags: + - bootstrap-os + - resolvconf - include: dhclient-hooks.yml when: - dns_mode != 'none' - resolvconf_mode == 'host_resolvconf' - not ansible_os_family in ["CoreOS", "Container Linux by CoreOS"] - tags: [bootstrap-os, resolvconf] + tags: + - bootstrap-os + - resolvconf - include: dhclient-hooks-undo.yml when: - dns_mode != 'none' - resolvconf_mode != 'host_resolvconf' - not ansible_os_family in ["CoreOS", "Container Linux by CoreOS"] - tags: [bootstrap-os, resolvconf] + tags: + - bootstrap-os + - resolvconf - name: Check if we are running inside a Azure VM stat: path: /var/lib/waagent/ register: azure_check - tags: bootstrap-os + tags: + - bootstrap-os - include: growpart-azure-centos-7.yml when: - azure_check.stat.exists - ansible_distribution in ["CentOS","RedHat"] - tags: bootstrap-os + tags: + - bootstrap-os diff --git a/roles/kubernetes/preinstall/tasks/set_facts.yml b/roles/kubernetes/preinstall/tasks/set_facts.yml index 073033315..b5311bac8 100644 --- a/roles/kubernetes/preinstall/tasks/set_facts.yml +++ b/roles/kubernetes/preinstall/tasks/set_facts.yml @@ -12,4 +12,7 @@ when: is_atomic - include: set_resolv_facts.yml - tags: [bootstrap-os, resolvconf, facts] + tags: + - bootstrap-os + - resolvconf + - facts diff --git a/roles/kubernetes/secrets/tasks/gen_certs_script.yml b/roles/kubernetes/secrets/tasks/gen_certs_script.yml index 7ad280e60..619bbe445 100644 --- a/roles/kubernetes/secrets/tasks/gen_certs_script.yml +++ b/roles/kubernetes/secrets/tasks/gen_certs_script.yml @@ -6,8 +6,17 @@ owner: kube run_once: yes delegate_to: "{{groups['kube-master'][0]}}" - tags: [kubelet, k8s-secrets, kube-controller-manager, kube-apiserver, bootstrap-os, apps, network, master, node] when: gen_certs|default(false) + tags: + - kubelet + - k8s-secrets + - kube-controller-manager + - kube-apiserver + - bootstrap-os + - apps + - network + - master + - node - name: "Gen_certs | Create kubernetes script directory (on {{groups['kube-master'][0]}})" file: @@ -16,8 +25,10 @@ owner: kube run_once: yes delegate_to: "{{groups['kube-master'][0]}}" - tags: [k8s-secrets, bootstrap-os] when: gen_certs|default(false) + tags: + - k8s-secrets + - bootstrap-os - name: Gen_certs | write openssl config template: @@ -87,7 +98,8 @@ 'node-{{ inventory_hostname }}-key.pem', 'kube-proxy-{{ inventory_hostname }}.pem', 'kube-proxy-{{ inventory_hostname }}-key.pem'] - tags: facts + tags: + - facts - name: Gen_certs | Gather master certs shell: "tar cfz - -C {{ kube_cert_dir }} -T /dev/stdin <<< {{ my_master_certs|join(' ') }} {{ all_node_certs|join(' ') }} | base64 --wrap=0" diff --git a/roles/kubernetes/secrets/tasks/main.yml b/roles/kubernetes/secrets/tasks/main.yml index f45b892aa..55403ed16 100644 --- a/roles/kubernetes/secrets/tasks/main.yml +++ b/roles/kubernetes/secrets/tasks/main.yml @@ -1,9 +1,13 @@ --- - include: check-certs.yml - tags: [k8s-secrets, facts] + tags: + - k8s-secrets + - facts - include: check-tokens.yml - tags: [k8s-secrets, facts] + tags: + - k8s-secrets + - facts - name: Make sure the certificate directory exits file: @@ -31,8 +35,17 @@ owner: kube run_once: yes delegate_to: "{{groups['kube-master'][0]}}" - tags: [kubelet, k8s-secrets, kube-controller-manager, kube-apiserver, bootstrap-os, apps, network, master, node] when: gen_certs|default(false) or gen_tokens|default(false) + tags: + - kubelet + - k8s-secrets + - kube-controller-manager + - kube-apiserver + - bootstrap-os + - apps + - network + - master + - node - name: "Gen_certs | Create kubernetes script directory (on {{groups['kube-master'][0]}})" file: @@ -41,8 +54,10 @@ owner: kube run_once: yes delegate_to: "{{groups['kube-master'][0]}}" - tags: [k8s-secrets, bootstrap-os] when: gen_certs|default(false) or gen_tokens|default(false) + tags: + - k8s-secrets + - bootstrap-os - name: "Get_tokens | Make sure the tokens directory exits (on {{groups['kube-master'][0]}})" file: @@ -55,10 +70,12 @@ when: gen_tokens|default(false) - include: "gen_certs_{{ cert_management }}.yml" - tags: k8s-secrets + tags: + - k8s-secrets - include: upd_ca_trust.yml - tags: k8s-secrets + tags: + - k8s-secrets - name: "Gen_certs | Get certificate serials on kube masters" shell: "openssl x509 -in {{ kube_cert_dir }}/{{ item }} -noout -serial | cut -d= -f2" @@ -93,4 +110,5 @@ when: inventory_hostname in groups['k8s-cluster'] - include: gen_tokens.yml - tags: k8s-secrets + tags: + - k8s-secrets diff --git a/roles/kubernetes/secrets/tasks/upd_ca_trust.yml b/roles/kubernetes/secrets/tasks/upd_ca_trust.yml index c980bb6aa..eec44987f 100644 --- a/roles/kubernetes/secrets/tasks/upd_ca_trust.yml +++ b/roles/kubernetes/secrets/tasks/upd_ca_trust.yml @@ -9,7 +9,8 @@ {%- elif ansible_os_family in ["CoreOS", "Container Linux by CoreOS"] -%} /etc/ssl/certs/kube-ca.pem {%- endif %} - tags: facts + tags: + - facts - name: Gen_certs | add CA to trusted CA dir copy: diff --git a/roles/network_plugin/calico/meta/main.yml b/roles/network_plugin/calico/meta/main.yml index fdd4e8483..d8d1a6d4c 100644 --- a/roles/network_plugin/calico/meta/main.yml +++ b/roles/network_plugin/calico/meta/main.yml @@ -2,13 +2,20 @@ dependencies: - role: download file: "{{ downloads.calico_cni }}" - tags: download + tags: + - download + - role: download file: "{{ downloads.calico_node }}" - tags: download + tags: + - download + - role: download file: "{{ downloads.calicoctl }}" - tags: download + tags: + - download + - role: download file: "{{ downloads.hyperkube }}" - tags: download + tags: + - download diff --git a/roles/network_plugin/calico/tasks/main.yml b/roles/network_plugin/calico/tasks/main.yml index aef22edb3..c4cb60a7a 100644 --- a/roles/network_plugin/calico/tasks/main.yml +++ b/roles/network_plugin/calico/tasks/main.yml @@ -54,7 +54,9 @@ retries: 4 delay: "{{ retry_stagger | random + 3 }}" changed_when: false - tags: [hyperkube, upgrade] + tags: + - hyperkube + - upgrade - name: Calico | Copy cni plugins from calico/cni container command: "{{ docker_bin_dir }}/docker run --rm -v /opt/cni/bin:/cnibindir {{ calico_cni_image_repo }}:{{ calico_cni_image_tag }} sh -c 'cp -a /opt/cni/bin/* /cnibindir/'" @@ -64,7 +66,9 @@ delay: "{{ retry_stagger | random + 3 }}" changed_when: false when: overwrite_hyperkube_cni|bool - tags: [hyperkube, upgrade] + tags: + - hyperkube + - upgrade - name: Calico | Set cni directory permissions file: diff --git a/roles/network_plugin/canal/meta/main.yml b/roles/network_plugin/canal/meta/main.yml index 3d67dad5c..8bbc3cb6e 100644 --- a/roles/network_plugin/canal/meta/main.yml +++ b/roles/network_plugin/canal/meta/main.yml @@ -2,16 +2,25 @@ dependencies: - role: download file: "{{ downloads.flannel }}" - tags: download + tags: + - download + - role: download file: "{{ downloads.calico_node }}" - tags: download + tags: + - download + - role: download file: "{{ downloads.calicoctl }}" - tags: download + tags: + - download + - role: download file: "{{ downloads.calico_cni }}" - tags: download + tags: + - download + - role: download file: "{{ downloads.calico_policy }}" - tags: download + tags: + - download diff --git a/roles/network_plugin/canal/tasks/main.yml b/roles/network_plugin/canal/tasks/main.yml index 2cc1a8ffe..b9d7cdfe9 100644 --- a/roles/network_plugin/canal/tasks/main.yml +++ b/roles/network_plugin/canal/tasks/main.yml @@ -56,7 +56,9 @@ retries: 4 delay: "{{ retry_stagger | random + 3 }}" changed_when: false - tags: [hyperkube, upgrade] + tags: + - hyperkube + - upgrade - name: Canal | Copy cni plugins from calico/cni command: "{{ docker_bin_dir }}/docker run --rm -v /opt/cni/bin:/cnibindir {{ calico_cni_image_repo }}:{{ calico_cni_image_tag }} sh -c 'cp -a /opt/cni/bin/* /cnibindir/'" @@ -65,7 +67,9 @@ retries: 4 delay: "{{ retry_stagger | random + 3 }}" changed_when: false - tags: [hyperkube, upgrade] + tags: + - hyperkube + - upgrade - name: Canal | Set cni directory permissions file: diff --git a/roles/network_plugin/flannel/meta/main.yml b/roles/network_plugin/flannel/meta/main.yml index 791209357..7ee3ba96f 100644 --- a/roles/network_plugin/flannel/meta/main.yml +++ b/roles/network_plugin/flannel/meta/main.yml @@ -2,7 +2,10 @@ dependencies: - role: download file: "{{ downloads.flannel }}" - tags: download + tags: + - download + - role: download file: "{{ downloads.flannel_cni }}" - tags: download + tags: + - download diff --git a/roles/network_plugin/meta/main.yml b/roles/network_plugin/meta/main.yml index d9834a3cd..5a54647e2 100644 --- a/roles/network_plugin/meta/main.yml +++ b/roles/network_plugin/meta/main.yml @@ -2,15 +2,23 @@ dependencies: - role: network_plugin/calico when: kube_network_plugin == 'calico' - tags: calico + tags: + - calico + - role: network_plugin/flannel when: kube_network_plugin == 'flannel' - tags: flannel + tags: + - flannel + - role: network_plugin/weave when: kube_network_plugin == 'weave' - tags: weave + tags: + - weave + - role: network_plugin/canal when: kube_network_plugin == 'canal' - tags: canal + tags: + - canal + - role: network_plugin/cloud when: kube_network_plugin == 'cloud' diff --git a/roles/network_plugin/weave/meta/main.yml b/roles/network_plugin/weave/meta/main.yml index 37bcd9404..a0e93bc36 100644 --- a/roles/network_plugin/weave/meta/main.yml +++ b/roles/network_plugin/weave/meta/main.yml @@ -2,7 +2,10 @@ dependencies: - role: download file: "{{ downloads.weave_kube }}" - tags: download + tags: + - download + - role: download file: "{{ downloads.weave_npc }}" - tags: download + tags: + - download diff --git a/roles/network_plugin/weave/tasks/main.yml b/roles/network_plugin/weave/tasks/main.yml index 462278e94..30c209f8b 100644 --- a/roles/network_plugin/weave/tasks/main.yml +++ b/roles/network_plugin/weave/tasks/main.yml @@ -9,7 +9,9 @@ retries: 4 delay: "{{ retry_stagger | random + 3 }}" changed_when: false - tags: [hyperkube, upgrade] + tags: + - hyperkube + - upgrade - name: Weave | Create weave-net manifest template: diff --git a/roles/network_plugin/weave/tasks/seed.yml b/roles/network_plugin/weave/tasks/seed.yml index be2ef677d..1bca07cd3 100644 --- a/roles/network_plugin/weave/tasks/seed.yml +++ b/roles/network_plugin/weave/tasks/seed.yml @@ -4,28 +4,32 @@ seed: '{% for host in groups["k8s-cluster"] %}{{ hostvars[host]["ansible_default_ipv4"]["macaddress"] }}{% if not loop.last %},{% endif %}{% endfor %}' when: "weave_seed == 'uninitialized'" run_once: true - tags: confweave + tags: + - confweave - name: Weave seed | Set seed if not first time set_fact: seed: '{{ weave_seed }}' when: "weave_seed != 'uninitialized'" run_once: true - tags: confweave + tags: + - confweave - name: Weave seed | Set peers if fist time set_fact: peers: '{{ weave_ip_current_cluster }}' when: "weave_peers == 'uninitialized'" run_once: true - tags: confweave + tags: + - confweave - name: Weave seed | Set peers if existing peers set_fact: peers: '{{ weave_peers }}{% for ip in weave_ip_current_cluster.split(" ") %}{% if ip not in weave_peers.split(" ") %} {{ ip }}{% endif %}{% endfor %}' when: "weave_peers != 'uninitialized'" run_once: true - tags: confweave + tags: + - confweave - name: Weave seed | Save seed lineinfile: @@ -36,7 +40,8 @@ become: no delegate_to: 127.0.0.1 run_once: true - tags: confweave + tags: + - confweave - name: Weave seed | Save peers lineinfile: @@ -47,4 +52,5 @@ become: no delegate_to: 127.0.0.1 run_once: true - tags: confweave \ No newline at end of file + tags: + - confweave \ No newline at end of file diff --git a/roles/reset/tasks/main.yml b/roles/reset/tasks/main.yml index 6ad4aa725..77adf1205 100644 --- a/roles/reset/tasks/main.yml +++ b/roles/reset/tasks/main.yml @@ -9,7 +9,8 @@ - vault - etcd failed_when: false - tags: ['services'] + tags: + - services - name: reset | remove services file: @@ -21,7 +22,8 @@ - vault - calico-node register: services_removed - tags: ['services'] + tags: + - services - name: reset | remove docker dropins file: @@ -31,7 +33,8 @@ - docker-dns.conf - docker-options.conf register: docker_dropins_removed - tags: ['docker'] + tags: + - docker - name: reset | systemctl daemon-reload command: systemctl daemon-reload @@ -43,31 +46,36 @@ retries: 4 until: remove_all_containers.rc == 0 delay: 5 - tags: ['docker'] + tags: + - docker - name: reset | restart docker if needed service: name: docker state: restarted when: docker_dropins_removed.changed - tags: ['docker'] + tags: + - docker - name: reset | gather mounted kubelet dirs shell: mount | grep /var/lib/kubelet | awk '{print $3}' | tac check_mode: no register: mounted_dirs - tags: ['mounts'] + tags: + - mounts - name: reset | unmount kubelet dirs command: umount {{item}} with_items: '{{ mounted_dirs.stdout_lines }}' - tags: ['mounts'] + tags: + - mounts - name: flush iptables iptables: flush: yes when: flush_iptables|bool - tags: ['iptables'] + tags: + - iptables - name: reset | delete some files and directories file: @@ -115,7 +123,8 @@ - "{{ bin_dir }}/helm" - "{{ bin_dir }}/calicoctl" - "{{ bin_dir }}/weave" - tags: ['files'] + tags: + - files - name: reset | remove dns settings from dhclient.conf blockinfile: @@ -127,7 +136,9 @@ with_items: - /etc/dhclient.conf - /etc/dhcp/dhclient.conf - tags: ['files', 'dns'] + tags: + - files + - dns - name: reset | remove host entries from /etc/hosts blockinfile: @@ -135,7 +146,9 @@ state: absent follow: yes marker: "# Ansible inventory hosts {mark}" - tags: ['files', 'dns'] + tags: + - files + - dns - name: reset | Restart network service: @@ -147,4 +160,6 @@ {%- endif %} state: restarted when: ansible_os_family not in ["CoreOS", "Container Linux by CoreOS"] - tags: ['services', 'network'] + tags: + - services + - network diff --git a/roles/rkt/tasks/install.yml b/roles/rkt/tasks/install.yml index 0cc8f8898..599f9e50e 100644 --- a/roles/rkt/tasks/install.yml +++ b/roles/rkt/tasks/install.yml @@ -12,7 +12,8 @@ paths: - ../vars skip: true - tags: facts + tags: + - facts - name: install rkt pkg on ubuntu apt: diff --git a/roles/vault/meta/main.yml b/roles/vault/meta/main.yml index ba559e361..f8e993bcb 100644 --- a/roles/vault/meta/main.yml +++ b/roles/vault/meta/main.yml @@ -3,6 +3,8 @@ dependencies: - role: adduser user: "{{ vault_adduser_vars }}" + - role: download file: "{{ vault_download_vars }}" - tags: download + tags: + - download