Add tags

Add tags to allow more granular tasks filtering.
Add generator script for MD formatted tags found.
Add docs for tags how-to.

Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>

roles/kubernetes/master/meta/main.yml

@@ -2,3 +2,4 @@
 dependencies:
   - role: download
     file: "{{ downloads.hyperkube }}"
+    tags: [download, hyperkube]

roles/kubernetes/master/tasks/main.yml

@@ -1,6 +1,6 @@
 ---
 - include: pre-upgrade.yml
-
+  tags: k8s-pre-upgrade
 
 - name: Copy kubectl from hyperkube container
   command: "/usr/bin/docker run --rm -v {{ bin_dir }}:/systembindir {{ hyperkube_image_repo }}:{{ hyperkube_image_tag }} /bin/cp /hyperkube /systembindir/kubectl"
@@ -9,12 +9,14 @@
   retries: 4
   delay: "{{ retry_stagger | random + 3 }}"
   changed_when: false
+  tags: [hyperkube, kubectl, upgrade]
 
 - name: Gather kubectl bash completion
   command: "{{ bin_dir }}/kubectl completion bash"
   no_log: true
   register: kubectl_bash_completion
   when: ansible_os_family in ["Debian","RedHat"]
+  tags: kubectl
 
 - name: Write kubectl bash completion
   copy:
@@ -24,12 +26,14 @@
     group: root
     mode: 0755
   when: ansible_os_family in ["Debian","RedHat"] and kubectl_bash_completion.changed
+  tags: [kubectl, upgrade]
 
 - name: Write kube-apiserver manifest
   template:
     src: manifests/kube-apiserver.manifest.j2
     dest: "{{ kube_manifest_dir }}/kube-apiserver.manifest"
   notify: Master | wait for the apiserver to be running
+  tags: kube-apiserver
 
 - meta: flush_handlers
 # Create kube-system namespace
@@ -37,6 +41,7 @@
   copy: src=namespace.yml dest=/etc/kubernetes/kube-system-ns.yml
   run_once: yes
   when: inventory_hostname == groups['kube-master'][0]
+  tags: apps
 
 - name: Check if kube-system exists
   command: "{{ bin_dir }}/kubectl get ns kube-system"
@@ -44,11 +49,13 @@
   changed_when: False
   failed_when: False
   run_once: yes
+  tags: apps
 
 - name: Create 'kube-system' namespace
   command: "{{ bin_dir }}/kubectl create -f /etc/kubernetes/kube-system-ns.yml"
   changed_when: False
   when: kubesystem|failed and inventory_hostname == groups['kube-master'][0]
+  tags: apps
 
 # Write other manifests
 - name: Write kube-controller-manager manifest
@@ -56,9 +63,11 @@
     src: manifests/kube-controller-manager.manifest.j2
     dest: "{{ kube_manifest_dir }}/kube-controller-manager.manifest"
   notify: Master | wait for kube-controller-manager
+  tags: kube-controller-manager
 
 - name: Write kube-scheduler manifest
   template:
     src: manifests/kube-scheduler.manifest.j2
     dest: "{{ kube_manifest_dir }}/kube-scheduler.manifest"
   notify: Master | wait for kube-scheduler
+  tags: kube-scheduler

roles/kubernetes/master/tasks/pre-upgrade.yml

@@ -3,17 +3,20 @@
   stat:
     path: /etc/systemd/system/kube-apiserver.service
   register: kube_apiserver_service_file
+  tags: [facts, kube-apiserver]
 
 - name: "Pre-upgrade | check for kube-apiserver init script"
   stat:
     path: /etc/init.d/kube-apiserver
   register: kube_apiserver_init_script
+  tags: [facts, kube-apiserver]
 
 - name: "Pre-upgrade | stop kube-apiserver if service defined"
   service:
     name: kube-apiserver
     state: stopped
   when: (kube_apiserver_service_file.stat.exists|default(False) or kube_apiserver_init_script.stat.exists|default(False))
+  tags: kube-apiserver
 
 - name: "Pre-upgrade | remove kube-apiserver service definition"
   file:
@@ -23,3 +26,4 @@
   with_items:
     - /etc/systemd/system/kube-apiserver.service
     - /etc/init.d/kube-apiserver
+  tags: kube-apiserver

roles/kubernetes/node/meta/main.yml

@@ -2,28 +2,39 @@
 dependencies:
   - role: download
     file: "{{ downloads.hyperkube }}"
+    tags: [download, hyperkube, kubelet, network, canal, calico, weave, kube-controller-manager, kube-scheduler, kube-apiserver, kube-proxy, kubectl]
   - role: download
     file: "{{ downloads.pod_infra }}"
+    tags: [download, kubelet]
   - role: kubernetes/secrets
+    tags: k8s-secrets
   - role: download
     file: "{{ downloads.nginx }}"
+    tags: [download, nginx]
   - role: download
     file: "{{ downloads.testbox }}"
+    tags: download
   - role: download
     file: "{{ downloads.netcheck_server }}"
     when: deploy_netchecker
+    tags: [download, netchecker]
   - role: download
     file: "{{ downloads.netcheck_agent }}"
     when: deploy_netchecker
+    tags: [download, netchecker]
   - role: download
     file: "{{ downloads.netcheck_kubectl }}"
     when: deploy_netchecker
+    tags: [download, netchecker]
   - role: download
     file: "{{ downloads.kubednsmasq }}"
     when: not skip_dnsmasq_k8s|default(false)
+    tags: [download, dnsmasq]
   - role: download
     file: "{{ downloads.kubedns }}"
     when: not skip_dnsmasq_k8s|default(false)
+    tags: [download, dnsmasq]
   - role: download
     file: "{{ downloads.exechealthz }}"
     when: not skip_dnsmasq_k8s|default(false)
+    tags: [download, dnsmasq]

roles/kubernetes/node/tasks/main.yml

@@ -1,23 +1,26 @@
 ---
 - include: install.yml
+  tags: kubelet
 
 - include: nginx-proxy.yml
   when: is_kube_master == false and loadbalancer_apiserver_localhost|default(false)
+  tags: nginx
 
 - name: Write kubelet config file
   template: src=kubelet.j2 dest={{ kube_config_dir }}/kubelet.env backup=yes
-  notify:
-    - restart kubelet
+  notify: restart kubelet
+  tags: kubelet
 
 - name: write the kubecfg (auth) file for kubelet
   template: src=node-kubeconfig.yaml.j2 dest={{ kube_config_dir }}/node-kubeconfig.yaml backup=yes
-  notify:
-    - restart kubelet
+  notify: restart kubelet
+  tags: kubelet
 
 - name: Write proxy manifest
   template:
     src: manifests/kube-proxy.manifest.j2
     dest: "{{ kube_manifest_dir }}/kube-proxy.manifest"
+  tags: kube-proxy
 
 # reload-systemd
 - meta: flush_handlers
@@ -27,3 +30,4 @@
     name: kubelet
     enabled: yes
     state: started
+  tags: kubelet

roles/kubernetes/preinstall/meta/main.yml

@@ -2,3 +2,4 @@
 dependencies:
   - role: adduser
     user: "{{ addusers.kube }}"
+    tags: kubelet

roles/kubernetes/preinstall/tasks/main.yml

@@ -3,6 +3,7 @@
   set_fact:
     bin_dir: "/opt/bin"
   when: ansible_os_family == "CoreOS"
+  tags: facts
 
 - name: check bin dir exists
   file:
@@ -10,11 +11,14 @@
     state: directory
     owner: root
   become: true
+  tags: bootstrap-os
 
 - include: gitinfos.yml
   when: run_gitinfos
+  tags: facts
 
 - include: set_facts.yml
+  tags: facts
 
 - name: gather os specific variables
   include_vars: "{{ item }}"
@@ -29,6 +33,7 @@
       paths:
       - ../vars
       skip: true
+  tags: facts
 
 - name: Create kubernetes config directory
   file:
@@ -36,6 +41,7 @@
     state: directory
     owner: kube
   when: "{{ inventory_hostname in groups['k8s-cluster'] }}"
+  tags: [kubelet, k8s-secrets, kube-controller-manager, kube-apiserver, bootstrap-os, apps, network, master, node]
 
 - name: Create kubernetes script directory
   file:
@@ -43,6 +49,7 @@
     state: directory
     owner: kube
   when: "{{ inventory_hostname in groups['k8s-cluster'] }}"
+  tags: [k8s-secrets, bootstrap-os]
 
 - name: Create kubernetes manifests directory
   file:
@@ -50,6 +57,7 @@
     state: directory
     owner: kube
   when: "{{ inventory_hostname in groups['k8s-cluster'] }}"
+  tags: [kubelet, bootstrap-os, master, node]
 
 - name: Create kubernetes logs directory
   file:
@@ -57,17 +65,21 @@
     state: directory
     owner: kube
   when: ansible_service_mgr in ["sysvinit","upstart"] and "{{ inventory_hostname in groups['k8s-cluster'] }}"
+  tags: [bootstrap-os, master, node]
 
 - name: check cloud_provider value
   fail:
     msg: "If set the 'cloud_provider' var must be set either to 'generic', 'gce', 'aws', 'azure' or 'openstack'"
   when: cloud_provider is defined and cloud_provider not in ['generic', 'gce', 'aws', 'openstack', 'azure']
+  tags: [cloud-provider, facts]
 
 - include: openstack-credential-check.yml
   when: cloud_provider is defined and cloud_provider == 'openstack'
+  tags: [cloud-provider, openstack, facts]
 
 - include: azure-credential-check.yml
   when: cloud_provider is defined and cloud_provider == 'azure'
+  tags: [cloud-provider, azure, facts]
 
 - name: Fix ipv4 forward rule in GCE security policy
   lineinfile:
@@ -79,6 +91,7 @@
     backup: yes
     validate: 'sysctl -f %s'
   when: cloud_provider is defined and cloud_provider == 'gce'
+  tags: [cloud-provider, gce, bootstrap-os]
 
 - name: Create cni directories
   file:
@@ -89,26 +102,31 @@
     - "/etc/cni/net.d"
     - "/opt/cni/bin"
   when: kube_network_plugin in ["calico", "weave", "canal"] and "{{ inventory_hostname in groups['k8s-cluster'] }}"
+  tags: [network, calico, weave, canal, bootstrap-os]
 
 - name: Update package management cache (YUM)
   yum: update_cache=yes name='*'
   when: ansible_pkg_mgr == 'yum'
+  tags: bootstrap-os
 
 - name: Install latest version of python-apt for Debian distribs
   apt: name=python-apt state=latest update_cache=yes cache_valid_time=3600
   when: ansible_os_family == "Debian"
+  tags: bootstrap-os
 
 - name: Install python-dnf for latest RedHat versions
   command: dnf install -y python-dnf yum
   when: ansible_distribution == "Fedora" and
         ansible_distribution_major_version > 21
   changed_when: False
+  tags: bootstrap-os
 
 - name: Install epel-release on RedHat/CentOS
   shell: rpm -qa | grep epel-release || rpm -ivh {{ epel_rpm_download_url }}
   when: ansible_distribution in ["CentOS","RedHat"] and
         ansible_distribution_major_version >= 7
   changed_when: False
+  tags: bootstrap-os
 
 - name: Install packages requirements
   action:
@@ -121,6 +139,7 @@
   delay: "{{ retry_stagger | random + 3 }}"
   with_items: "{{required_pkgs | default([]) | union(common_required_pkgs|default([]))}}"
   when: ansible_os_family != "CoreOS"
+  tags: bootstrap-os
 
 - name: Disable IPv6 DNS lookup
   lineinfile:
@@ -129,12 +148,14 @@
     state: present
     backup: yes
   when: disable_ipv6_dns and ansible_os_family != "CoreOS"
+  tags: bootstrap-os
 
 # Todo : selinux configuration
 - name: Set selinux policy to permissive
   selinux: policy=targeted state=permissive
   when: ansible_os_family == "RedHat"
   changed_when: False
+  tags: bootstrap-os
 
 - name: Write openstack cloud-config
   template:
@@ -143,6 +164,7 @@
     group: "{{ kube_cert_group }}"
     mode: 0640
   when: cloud_provider is defined and cloud_provider == "openstack"
+  tags: [cloud-provider, openstack]
 
 - name: Write azure cloud-config
   template:
@@ -151,5 +173,7 @@
     group: "{{ kube_cert_group }}"
     mode: 0640
   when: cloud_provider is defined and cloud_provider == "azure"
+  tags: [cloud-provider, azure]
 
 - include: etchosts.yml
+  tags: [bootstrap-os, etchosts]

roles/kubernetes/secrets/tasks/gen_certs.yml

@@ -26,6 +26,7 @@
 - set_fact:
     master_certs: ['ca-key.pem', 'admin.pem', 'admin-key.pem', 'apiserver-key.pem', 'apiserver.pem']
     node_certs: ['ca.pem', 'node.pem', 'node-key.pem']
+  tags: facts
 
 - name: Gen_certs | Gather master certs
   shell: "tar cfz - -C {{ kube_cert_dir }} {{ master_certs|join(' ') }} {{ node_certs|join(' ') }} | base64 --wrap=0"
@@ -75,6 +76,7 @@
       {%- elif ansible_os_family == "CoreOS" -%}
       /etc/ssl/certs/kube-ca.pem
       {%- endif %}
+  tags: facts
 
 - name: Gen_certs | add CA to trusted CA dir
   copy:

roles/kubernetes/secrets/tasks/main.yml

@@ -1,6 +1,8 @@
 ---
 - include: check-certs.yml
+  tags: [k8s-secrets, facts]
 - include: check-tokens.yml
+  tags: [k8s-secrets, facts]
 
 - name: Make sure the certificate directory exits
   file:
@@ -34,5 +36,6 @@
   notify: set secret_changed
 
 - include: gen_certs.yml
-
+  tags: k8s-secrets
 - include: gen_tokens.yml
+  tags: k8s-secrets