split network plugins into distinct roles

roles/network_plugin/calico/defaults/main.yml

@@ -0,0 +1,2 @@
+---
+# cloud_provider: no

roles/network_plugin/calico/handlers/main.yml

@@ -0,0 +1,15 @@
+---
+- name: restart calico-node
+  command: /bin/true
+  notify:
+    - reload systemd
+    - reload calico-node
+
+- name : reload systemd
+  shell: systemctl daemon-reload
+  when: init_system == "systemd"
+
+- name: reload calico-node
+  service:
+    name: calico-node
+    state: restarted

roles/network_plugin/calico/tasks/main.yml

@@ -1,9 +1,36 @@
 ---
+- name: Calico | Set docker daemon options
+  template:
+    src: docker
+    dest: "/etc/default/docker"
+    owner: root
+    group: root
+    mode: 0644
+  notify:
+    - restart docker
+
+- name: Calico | Write docker.service systemd file
+  template:
+    src: systemd-docker.service
+    dest: /lib/systemd/system/docker.service
+  notify: restart docker
+  when: init_system == "systemd"
+
+- meta: flush_handlers
+
 - name: Calico | Install calicoctl bin
   command: rsync -piu "{{ local_release_dir }}/calico/bin/calicoctl" "{{ bin_dir }}/calicoctl"
   register: calico_copy
   changed_when: false
 
+- name: Calico | Install calico cni bin
+  command: rsync -piu "{{ local_release_dir }}/calico/bin/calico" "/opt/cni/bin/calico"
+  changed_when: false
+
+- name: Calico | Install calico-ipam cni bin
+  command: rsync -piu "{{ local_release_dir }}/calico/bin/calico" "/opt/cni/bin/calico-ipam"
+  changed_when: false
+
 - name: Calico | install calicoctl
   file: path={{ bin_dir }}/calicoctl mode=0755 state=file
 
@@ -51,33 +78,32 @@
         ( not calico_pools.json['node']['nodes'][0]['key'] | search(".*{{ kube_pods_subnet | ipaddr('network') }}.*") )
   run_once: true
 
-- name: Calico | Write calico-node configuration
-  template: src=calico/calico.conf.j2 dest=/usr/libexec/kubernetes/kubelet-plugins/net/exec/calico/calico_kubernetes.ini
-  notify: restart calico-node
-
 - name: Calico | Write /etc/network-environment
-  template: src=calico/network-environment.j2 dest=/etc/network-environment
+  template: src=network-environment.j2 dest=/etc/network-environment
   when: init_system == "sysvinit"
 
 - name: Calico | Write calico-node systemd init file
-  template: src=calico/calico-node.service.j2 dest=/etc/systemd/system/calico-node.service
+  template: src=calico-node.service.j2 dest=/etc/systemd/system/calico-node.service
   when: init_system == "systemd"
   notify: restart calico-node
 
 - name: Calico | Write calico-node initd script
-  template: src=calico/deb-calico.initd.j2 dest=/etc/init.d/calico-node owner=root mode=0755
+  template: src=deb-calico.initd.j2 dest=/etc/init.d/calico-node owner=root mode=0755
   when: init_system == "sysvinit" and ansible_os_family == "Debian"
   notify: restart calico-node
 
 - name: Calico | Write calico-node initd script
-  template: src=calico/rh-calico.initd.j2 dest=/etc/init.d/calico-node owner=root mode=0755
+  template: src=rh-calico.initd.j2 dest=/etc/init.d/calico-node owner=root mode=0755
   when: init_system == "sysvinit" and ansible_os_family == "RedHat"
   notify: restart calico-node
 
 - meta: flush_handlers
 
 - name: Calico | Enable calico-node
-  service: name=calico-node enabled=yes state=started
+  service:
+    name: calico-node
+    state: started
+    enabled: yes
 
 - name: Calico | Restart calico if binary changed
   service:

roles/network_plugin/calico/templates/calico-node.service.j2

@@ -8,9 +8,9 @@ After=docker.service etcd.service
 User=root
 PermissionsStartOnly=true
 {% if inventory_hostname in groups['kube-node'] and peer_with_router|default(false)%}
-ExecStart={{ bin_dir }}/calicoctl node --kubernetes --ip={{ip | default(ansible_default_ipv4.address) }} --as={{ local_as }} --detach=false
+ExecStart={{ bin_dir }}/calicoctl node --ip={{ip | default(ansible_default_ipv4.address) }} --as={{ local_as }} --detach=false
 {%     else %}
-ExecStart={{ bin_dir }}/calicoctl node --kubernetes --ip={{ip | default(ansible_default_ipv4.address) }} --detach=false
+ExecStart={{ bin_dir }}/calicoctl node --ip={{ip | default(ansible_default_ipv4.address) }} --detach=false
 {%     endif %}
 Restart=always
 Restart=10

roles/network_plugin/calico/templates/network-environment.j2

@@ -0,0 +1,9 @@
+# This host's IPv4 address (the source IP address used to reach other nodes
+# in the Kubernetes cluster).
+DEFAULT_IPV4={{ip | default(ansible_default_ipv4.address) }}
+
+# The Kubernetes master IP
+KUBERNETES_MASTER={{ hostvars[groups['kube-master'][0]]['access_ip'] | default(hostvars[groups['kube-master'][0]]['ip'] | default(hostvars[groups['kube-master'][0]]['ansible_default_ipv4']['address'])) }}
+
+# IP and port of etcd instance used by Calico
+ETCD_AUTHORITY=127.0.0.1:2379

roles/network_plugin/flannel/defaults/main.yml

@@ -1,5 +1,4 @@
 ---
-
 # Flannel public IP
 # The address that flannel should advertise as how to access the system
 flannel_public_ip: "{{ access_ip|default(ip|default(ansible_default_ipv4.address)) }}"
@@ -7,5 +6,3 @@ flannel_public_ip: "{{ access_ip|default(ip|default(ansible_default_ipv4.address
 ## interface that should be used for flannel operations
 ## This is actually an inventory node-level item
 # flannel_interface:
-
-# cloud_provider: no

roles/network_plugin/flannel/handlers/main.yml

@@ -1,10 +1,4 @@
 ---
-- name: restart calico-node
-  command: /bin/true
-  notify:
-    - reload systemd
-    - reload calico-node
-
 - name: restart docker
   command: /bin/true
   notify:
@@ -21,11 +15,6 @@
   shell: systemctl daemon-reload
   when: init_system == "systemd"
 
-- name: reload calico-node
-  service:
-    name: calico-node
-    state: restarted
-
 - name: reload docker
   service:
     name: docker

roles/network_plugin/flannel/tasks/main.yml

@@ -1,13 +1,13 @@
 ---
 - name: Flannel | Write flannel configuration
   template:
-    src: flannel/network.json
+    src: network.json
     dest: /etc/flannel-network.json
     backup: yes
 
 - name: Flannel | Create flannel pod manifest
   template:
-    src: flannel/flannel-pod.yml
+    src: flannel-pod.yml
     dest: /etc/kubernetes/manifests/flannel-pod.manifest
   notify: delete default docker bridge
 
@@ -16,7 +16,7 @@
     path: /run/flannel/subnet.env
     delay: 5
 
-- name: Get flannel_subnet from subnet.env
+- name: Flannel | Get flannel_subnet from subnet.env
   shell: cat /run/flannel/subnet.env | awk -F'=' '$1 == "FLANNEL_SUBNET" {print $2}'
   register: flannel_subnet_output
   changed_when: false
@@ -24,10 +24,29 @@
 - set_fact:
     flannel_subnet: "{{ flannel_subnet_output.stdout }}"
 
-- name: Get flannel_mtu from subnet.env
+- name: Flannel | Get flannel_mtu from subnet.env
   shell: cat /run/flannel/subnet.env | awk -F'=' '$1 == "FLANNEL_MTU" {print $2}'
   register: flannel_mtu_output
   changed_when: false
 
 - set_fact:
     flannel_mtu: "{{ flannel_mtu_output.stdout }}"
+
+- name: Flannel | Set docker daemon options
+  template:
+    src: docker
+    dest: "/etc/default/docker"
+    owner: root
+    group: root
+    mode: 0644
+  notify:
+    - restart docker
+
+- name: Flannel | Write docker.service systemd file
+  template:
+    src: systemd-docker.service
+    dest: /lib/systemd/system/docker.service
+  notify: restart docker
+  when: init_system == "systemd"
+
+- meta: flush_handlers

roles/network_plugin/flannel/templates/docker

@@ -0,0 +1,6 @@
+# Deployed by Ansible
+{% if init_system == "sysvinit" and kube_network_plugin == "flannel" and ansible_os_family == "Debian" %}
+DOCKER_OPTS="--bip={{ flannel_subnet }} --mtu={{ flannel_mtu }}"
+{% elif kube_network_plugin == "flannel" %}
+OPTIONS="--bip={{ flannel_subnet }} --mtu={{ flannel_mtu }}"
+{% endif %}

roles/network_plugin/flannel/templates/systemd-docker.service

@@ -0,0 +1,28 @@
+[Unit]
+Description=Docker Application Container Engine
+Documentation=http://docs.docker.com
+{% if ansible_os_family == "RedHat" %}
+After=network.target
+Wants=docker-storage-setup.service
+{% elif ansible_os_family == "Debian" %}
+After=network.target docker.socket
+Requires=docker.socket
+{% endif %}
+
+[Service]
+Type=notify
+EnvironmentFile=-/etc/default/docker
+Environment=GOTRACEBACK=crash
+ExecStart=/usr/bin/docker daemon \
+          $OPTIONS \
+          $DOCKER_STORAGE_OPTIONS \
+          $DOCKER_NETWORK_OPTIONS \
+          $INSECURE_REGISTRY
+LimitNOFILE=1048576
+LimitNPROC=1048576
+LimitCORE=infinity
+MountFlags=slave
+TimeoutStartSec=1min
+
+[Install]
+WantedBy=multi-user.target

roles/network_plugin/meta/main.yml

@@ -0,0 +1,6 @@
+---
+dependencies:
+ - role: network_plugin/calico
+   when: kube_network_plugin == 'calico'
+ - role: network_plugin/flannel
+   when: kube_network_plugin == 'flannel'

roles/network_plugin/tasks/main.yml

@@ -1,30 +0,0 @@
----
-- name: "Test if network plugin is defined"
-  fail: msg="ERROR, One network_plugin variable must be defined (Flannel or Calico)"
-  when: ( kube_network_plugin is defined and kube_network_plugin == "calico" and kube_network_plugin == "flannel" ) or
-        kube_network_plugin is not defined
-
-- include: flannel.yml
-  when: kube_network_plugin == "flannel"
-
-- name: Set docker daemon options
-  template:
-    src: docker
-    dest: "{{ '/etc/sysconfig/docker-network' if ansible_os_family == 'RedHat' else '/etc/default/docker' }}"
-    owner: root
-    group: root
-    mode: 0644
-  notify:
-    - restart docker
-
-- name: Write docker.service systemd file
-  template:
-    src: systemd-docker.service
-    dest: /lib/systemd/system/docker.service
-  notify: restart docker
-  when: init_system == "systemd"
-
-- meta: flush_handlers
-
-- include: calico.yml
-  when: kube_network_plugin == "calico"

roles/network_plugin/templates/calico/calico.conf.j2

@@ -1,17 +0,0 @@
-[config]
-CALICO_IPAM=true
-
-# Location of etcd cluster used by Calico.  By default, this uses the etcd
-# instance running on the Kubernetes Master
-ETCD_AUTHORITY=127.0.0.1:2379
-
-# The kubernetes-apiserver location - used by the calico plugin
-{% if loadbalancer_apiserver is defined and apiserver_loadbalancer_domain_name is defined %}
-KUBE_API_ROOT=https://{{ apiserver_loadbalancer_domain_name }}:{{ loadbalancer_apiserver.port }}/api/v1/
-{% else %}
-KUBE_API_ROOT=https://{{ hostvars[groups['kube-master'][0]]['access_ip'] | default(hostvars[groups['kube-master'][0]]['ip'] | default(hostvars[groups['kube-master'][0]]['ansible_default_ipv4']['address'])) }}:{{kube_apiserver_port}}/api/v1/
-{% endif %}
-# Kubernetes authentication token
-{% if calico_token is defined | default('') %}
-KUBE_AUTH_TOKEN={{ calico_token.content|b64decode }}
-{% endif %}

roles/network_plugin/templates/calico/network-environment.j2

@@ -1,2 +0,0 @@
-DEFAULT_IPV4={{ip | default(ansible_default_ipv4.address) }}
-ETCD_AUTHORITY=127.0.0.1:2379