Merge branch 'master' into issue-229

roles/docker/vars/ubuntu-16.04.yml

@@ -0,0 +1,27 @@
+---
+docker_version: 1.11
+docker_kernel_min_version: '3.2'
+
+# https://apt.dockerproject.org/repo/dists/ubuntu-trusty/main/filelist
+docker_versioned_pkg:
+  latest: docker-engine
+  1.11: docker-engine=1.11.1-0~{{ ansible_distribution_release|lower }}
+
+docker_package_info:
+  pkg_mgr: apt
+  pkgs:
+    - "{{ docker_versioned_pkg[docker_version] }}"
+
+docker_repo_key_info:
+  pkg_key: apt_key
+  keyserver: hkp://p80.pool.sks-keyservers.net:80
+  repo_keys:
+    - 58118E89F3A912897C070ADBF76221572C52609D
+
+docker_repo_info:
+  pkg_repo: apt_repository
+  repos:
+    - >
+       deb https://apt.dockerproject.org/repo
+       {{ ansible_distribution|lower }}-{{ ansible_distribution_release|lower }}
+       main

roles/download/defaults/main.yml

@@ -2,7 +2,7 @@
 local_release_dir: /tmp
 
 # Versions
-kube_version: v1.2.2
+kube_version: "v1.2.4"
 etcd_version: v2.2.5
 calico_version: v0.19.0
 calico_cni_version: v1.2.1
@@ -25,9 +25,9 @@ calico_cni_checksum: "b2eeb45fdfce58394e3a0019dd4b74bebe4bb35ed6d7c399213297594f
 calico_cni_ipam_checksum: "fd122bee97af3ed86fc18fa4d797da29be3a5857a526aa154b433e50d7b36845"
 weave_checksum: "28d2c4e2b1ad8600da69882501eba697679aea10a5e61c769aa3a9ee72b0d89a"
 etcd_checksum: "aa6037406257d2a1bc48ffa769afe7a4f8a04cc1ffcd36ef84f9ee8bc4eca756"
-kubectl_checksum: "473e6924569fba30d4a50cecdc2cae5f31d97d1f662463e85b74a472105dcff4"
-kubelet_checksum: "f16827dc7e7c82f0e215f0fc73eb01e2dfe91a2ec83f9cbcaf8d37c91b64fd3b"
-kube_apiserver_checksum: "eb1bfd8b877052cbd1991b8c429a1d06661f4cb019905e20e128174f724e16de"
+kubectl_checksum: "dac61fbd506f7a17540feca691cd8a9d9d628d59661eebce788a50511f578897"
+kubelet_checksum: "4adaf40592248eef6fd4fa126464915ea41e624a70dc77178089760ed235e341"
+kube_apiserver_checksum: "6ac99b36b02968459e026fcfc234207c66064b5e11816b69dd8fc234b2ffec1e"
 
 downloads:
   - name: calico

roles/kubernetes/node/defaults/main.yml

@@ -32,7 +32,7 @@ dns_domain: "{{ cluster_name }}"
 kube_proxy_mode: userspace
 
 hyperkube_image_repo: quay.io/smana/kubernetes-hyperkube
-hyperkube_image_tag: v1.2.2
+hyperkube_image_tag: "v1.2.4"
 
 # IP address of the DNS server.
 # Kubernetes will create a pod with several containers, serving as the DNS

roles/kubernetes/secrets/tasks/gen_certs.yml

@@ -4,7 +4,8 @@
     src: "openssl.conf.j2"
     dest: "{{ kube_config_dir }}/openssl.conf"
   run_once: yes
-  when: inventory_hostname == groups['kube-master'][0] and gen_certs|default(false)
+  delegate_to: "{{groups['kube-master'][0]}}"
+  when: gen_certs|default(false)
 
 - name: certs | copy certs generation script
   copy:
@@ -12,12 +13,14 @@
     dest: "{{ kube_script_dir }}/make-ssl.sh"
     mode: 0700
   run_once: yes
-  when: inventory_hostname == groups['kube-master'][0] and gen_certs|default(false)
+  delegate_to: "{{groups['kube-master'][0]}}"
+  when: gen_certs|default(false)
 
 - name: certs | run cert generation script
   command: "{{ kube_script_dir }}/make-ssl.sh -f {{ kube_config_dir }}/openssl.conf -d {{ kube_cert_dir }}"
   run_once: yes
-  when: inventory_hostname == groups['kube-master'][0] and gen_certs|default(false)
+  delegate_to: "{{groups['kube-master'][0]}}"
+  when: gen_certs|default(false)
   notify: set secret_changed
 
 - set_fact:
@@ -39,8 +42,7 @@
     content: "{{ item.content|b64decode }}"
     dest: "{{ item.source }}"
   with_items: '{{slurp_certs.results}}'
-  when: item.item in master_certs and
-        inventory_hostname in groups['kube-master'] and sync_certs|default(false) and
+  when: inventory_hostname in groups['kube-master'] and sync_certs|default(false) and
         inventory_hostname != groups['kube-master'][0]
 
 - name: certs | Copy certs on nodes

roles/kubernetes/secrets/tasks/gen_tokens.yml

@@ -5,7 +5,8 @@
     dest: "{{ kube_script_dir }}/kube-gen-token.sh"
     mode: 0700
   run_once: yes
-  when: inventory_hostname == groups['kube-master'][0] and gen_tokens|default(false)
+  delegate_to: "{{groups['kube-master'][0]}}"
+  when: gen_tokens|default(false)
 
 - name: tokens | generate tokens for master components
   command: "{{ kube_script_dir }}/kube-gen-token.sh {{ item[0] }}-{{ item[1] }}"
@@ -18,7 +19,8 @@
   changed_when: "'Added' in gentoken_master.stdout"
   notify: set secret_changed
   run_once: yes
-  when: inventory_hostname == groups['kube-master'][0] and gen_tokens|default(false)
+  delegate_to: "{{groups['kube-master'][0]}}"
+  when: gen_tokens|default(false)
 
 - name: tokens | generate tokens for node components
   command: "{{ kube_script_dir }}/kube-gen-token.sh {{ item[0] }}-{{ item[1] }}"
@@ -31,22 +33,24 @@
   changed_when: "'Added' in gentoken_node.stdout"
   notify: set secret_changed
   run_once: yes
-  when: inventory_hostname == groups['kube-master'][0] and gen_tokens|default(false)
+  delegate_to: "{{groups['kube-master'][0]}}"
+  when: gen_tokens|default(false)
 
 - name: tokens | Get list of tokens from first master
   shell: "(find {{ kube_token_dir }} -maxdepth 1 -type f)"
   register: tokens_list
   changed_when: false
-  when: inventory_hostname == groups['kube-master'][0] and sync_tokens|default(false)
+  delegate_to: "{{groups['kube-master'][0]}}"
+  when: sync_tokens|default(false)
 
 - name: tokens | Get the tokens from first master
   slurp:
     src: "{{ item }}"
-  delegate_to: "{{groups['kube-master'][0]}}"
   register: slurp_tokens
   with_items: '{{tokens_list.stdout_lines}}'
-  when: sync_tokens|default(false)
   run_once: true
+  delegate_to: "{{groups['kube-master'][0]}}"
+  when: sync_tokens|default(false)
   notify: set secret_changed
 
 - name: tokens | Copy tokens on masters
@@ -54,5 +58,5 @@
     content: "{{ item.content|b64decode }}"
     dest: "{{ item.source }}"
   with_items: '{{slurp_tokens.results}}'
-  when: inventory_hostname in groups['kube-master'] and sync_certs|default(false) and
+  when: inventory_hostname in groups['kube-master'] and sync_tokens|default(false) and
         inventory_hostname != groups['kube-master'][0]

roles/uploads/defaults/main.yml

@@ -2,7 +2,7 @@
 local_release_dir: /tmp
 
 # Versions
-kube_version: v1.2.2
+kube_version: "v1.2.4"
 etcd_version: v2.2.5
 calico_version: v0.19.0
 calico_cni_version: v1.2.1
@@ -22,9 +22,9 @@ calico_cni_checksum: "b2eeb45fdfce58394e3a0019dd4b74bebe4bb35ed6d7c399213297594f
 calico_cni_ipam_checksum: "fd122bee97af3ed86fc18fa4d797da29be3a5857a526aa154b433e50d7b36845"
 weave_checksum: "28d2c4e2b1ad8600da69882501eba697679aea10a5e61c769aa3a9ee72b0d89a"
 etcd_checksum: "aa6037406257d2a1bc48ffa769afe7a4f8a04cc1ffcd36ef84f9ee8bc4eca756"
-kubectl_checksum: "473e6924569fba30d4a50cecdc2cae5f31d97d1f662463e85b74a472105dcff4"
-kubelet_checksum: "f16827dc7e7c82f0e215f0fc73eb01e2dfe91a2ec83f9cbcaf8d37c91b64fd3b"
-kube_apiserver_checksum: "eb1bfd8b877052cbd1991b8c429a1d06661f4cb019905e20e128174f724e16de"
+kubectl_checksum: "dac61fbd506f7a17540feca691cd8a9d9d628d59661eebce788a50511f578897"
+kubelet_checksum: "4adaf40592248eef6fd4fa126464915ea41e624a70dc77178089760ed235e341"
+kube_apiserver_checksum: "6ac99b36b02968459e026fcfc234207c66064b5e11816b69dd8fc234b2ffec1e"
 
 downloads:
   - name: calico

roles/uploads/tasks/main.yml

@@ -1,4 +1,22 @@
 ---
+- name: Create the checksum file
+  lineinfile:
+    create: yes
+    dest: "{{ role_path }}/{{ kube_version }}_k8s-sha256"
+    line: '{{item.name}}:{{item.sha256}}'
+  with_items: '{{downloads}}'
+  when: item.name in ["kubernetes-kubelet", "kubernetes-kubectl", "kubernetes-apiserver"]
+
+- name: Upload checksum file on GS
+  gc_storage:
+    bucket: kargo
+    object: "{{ kube_version }}_k8s-sha256"
+    src: "{{ role_path }}/{{ kube_version }}_k8s-sha256"
+    mode: put
+    permission: public-read
+    gs_access_key: "changeme"
+    gs_secret_key: "changeme"
+
 - name: Create dest directories
   file: path={{local_release_dir}}/{{item.dest|dirname}} state=directory recurse=yes
   with_items: '{{downloads}}'