mirror of
https://github.com/kubernetes-sigs/kubespray.git
synced 2026-04-07 02:59:24 -02:30
Remove unmaintained contrib: kvm-setup
This commit is contained in:
Max Gautier
@@ -1,11 +0,0 @@
|
|||||||
# Kubespray on KVM Virtual Machines hypervisor preparation
|
|
||||||
|
|
||||||
A simple playbook to ensure your system has the right settings to enable Kubespray
|
|
||||||
deployment on VMs.
|
|
||||||
|
|
||||||
This playbook does not create Virtual Machines, nor does it run Kubespray itself.
|
|
||||||
|
|
||||||
## User creation
|
|
||||||
|
|
||||||
If you want to create a user for running Kubespray deployment, you should specify
|
|
||||||
both `k8s_deployment_user` and `k8s_deployment_user_pkey_path`.
|
|
||||||
@@ -1,2 +0,0 @@
|
|||||||
#k8s_deployment_user: kubespray
|
|
||||||
#k8s_deployment_user_pkey_path: /tmp/ssh_rsa
|
|
||||||
@@ -1,9 +0,0 @@
|
|||||||
---
|
|
||||||
- name: Prepare Hypervisor to later install kubespray VMs
|
|
||||||
hosts: localhost
|
|
||||||
gather_facts: false
|
|
||||||
become: true
|
|
||||||
vars:
|
|
||||||
bootstrap_os: none
|
|
||||||
roles:
|
|
||||||
- { role: kvm-setup }
|
|
||||||
@@ -1,30 +0,0 @@
|
|||||||
---
|
|
||||||
|
|
||||||
- name: Install required packages
|
|
||||||
package:
|
|
||||||
name: "{{ item }}"
|
|
||||||
state: present
|
|
||||||
with_items:
|
|
||||||
- bind-utils
|
|
||||||
- ntp
|
|
||||||
when: ansible_os_family == "RedHat"
|
|
||||||
|
|
||||||
- name: Install required packages
|
|
||||||
apt:
|
|
||||||
upgrade: true
|
|
||||||
update_cache: true
|
|
||||||
cache_valid_time: 3600
|
|
||||||
name: "{{ item }}"
|
|
||||||
state: present
|
|
||||||
install_recommends: false
|
|
||||||
with_items:
|
|
||||||
- dnsutils
|
|
||||||
- ntp
|
|
||||||
when: ansible_os_family == "Debian"
|
|
||||||
|
|
||||||
- name: Create deployment user if required
|
|
||||||
include_tasks: user.yml
|
|
||||||
when: k8s_deployment_user is defined
|
|
||||||
|
|
||||||
- name: Set proper sysctl values
|
|
||||||
import_tasks: sysctl.yml
|
|
||||||
@@ -1,46 +0,0 @@
|
|||||||
---
|
|
||||||
- name: Load br_netfilter module
|
|
||||||
community.general.modprobe:
|
|
||||||
name: br_netfilter
|
|
||||||
state: present
|
|
||||||
register: br_netfilter
|
|
||||||
|
|
||||||
- name: Add br_netfilter into /etc/modules
|
|
||||||
lineinfile:
|
|
||||||
dest: /etc/modules
|
|
||||||
state: present
|
|
||||||
line: 'br_netfilter'
|
|
||||||
when: br_netfilter is defined and ansible_os_family == 'Debian'
|
|
||||||
|
|
||||||
- name: Add br_netfilter into /etc/modules-load.d/kubespray.conf
|
|
||||||
copy:
|
|
||||||
dest: /etc/modules-load.d/kubespray.conf
|
|
||||||
content: |-
|
|
||||||
### This file is managed by Ansible
|
|
||||||
br-netfilter
|
|
||||||
owner: root
|
|
||||||
group: root
|
|
||||||
mode: "0644"
|
|
||||||
when: br_netfilter is defined
|
|
||||||
|
|
||||||
|
|
||||||
- name: Enable net.ipv4.ip_forward in sysctl
|
|
||||||
ansible.posix.sysctl:
|
|
||||||
name: net.ipv4.ip_forward
|
|
||||||
value: 1
|
|
||||||
sysctl_file: "{{ sysctl_file_path }}"
|
|
||||||
state: present
|
|
||||||
reload: true
|
|
||||||
|
|
||||||
- name: Set bridge-nf-call-{arptables,iptables} to 0
|
|
||||||
ansible.posix.sysctl:
|
|
||||||
name: "{{ item }}"
|
|
||||||
state: present
|
|
||||||
value: 0
|
|
||||||
sysctl_file: "{{ sysctl_file_path }}"
|
|
||||||
reload: true
|
|
||||||
with_items:
|
|
||||||
- net.bridge.bridge-nf-call-arptables
|
|
||||||
- net.bridge.bridge-nf-call-ip6tables
|
|
||||||
- net.bridge.bridge-nf-call-iptables
|
|
||||||
when: br_netfilter is defined
|
|
||||||
@@ -1,47 +0,0 @@
|
|||||||
---
|
|
||||||
- name: Create user {{ k8s_deployment_user }}
|
|
||||||
user:
|
|
||||||
name: "{{ k8s_deployment_user }}"
|
|
||||||
groups: adm
|
|
||||||
shell: /bin/bash
|
|
||||||
|
|
||||||
- name: Ensure that .ssh exists
|
|
||||||
file:
|
|
||||||
path: "/home/{{ k8s_deployment_user }}/.ssh"
|
|
||||||
state: directory
|
|
||||||
owner: "{{ k8s_deployment_user }}"
|
|
||||||
group: "{{ k8s_deployment_user }}"
|
|
||||||
mode: "0700"
|
|
||||||
|
|
||||||
- name: Configure sudo for deployment user
|
|
||||||
copy:
|
|
||||||
content: |
|
|
||||||
%{{ k8s_deployment_user }} ALL=(ALL) NOPASSWD: ALL
|
|
||||||
dest: "/etc/sudoers.d/55-k8s-deployment"
|
|
||||||
owner: root
|
|
||||||
group: root
|
|
||||||
mode: "0644"
|
|
||||||
|
|
||||||
- name: Write private SSH key
|
|
||||||
copy:
|
|
||||||
src: "{{ k8s_deployment_user_pkey_path }}"
|
|
||||||
dest: "/home/{{ k8s_deployment_user }}/.ssh/id_rsa"
|
|
||||||
mode: "0400"
|
|
||||||
owner: "{{ k8s_deployment_user }}"
|
|
||||||
group: "{{ k8s_deployment_user }}"
|
|
||||||
when: k8s_deployment_user_pkey_path is defined
|
|
||||||
|
|
||||||
- name: Write public SSH key
|
|
||||||
shell: "ssh-keygen -y -f /home/{{ k8s_deployment_user }}/.ssh/id_rsa \
|
|
||||||
> /home/{{ k8s_deployment_user }}/.ssh/authorized_keys"
|
|
||||||
args:
|
|
||||||
creates: "/home/{{ k8s_deployment_user }}/.ssh/authorized_keys"
|
|
||||||
when: k8s_deployment_user_pkey_path is defined
|
|
||||||
|
|
||||||
- name: Fix ssh-pub-key permissions
|
|
||||||
file:
|
|
||||||
path: "/home/{{ k8s_deployment_user }}/.ssh/authorized_keys"
|
|
||||||
mode: "0600"
|
|
||||||
owner: "{{ k8s_deployment_user }}"
|
|
||||||
group: "{{ k8s_deployment_user }}"
|
|
||||||
when: k8s_deployment_user_pkey_path is defined
|
|
||||||
Reference in New Issue
Block a user