mirror of
https://github.com/kubernetes-sigs/kubespray.git
synced 2026-02-12 15:04:46 -03:30
ansible-lint: add spaces around variables [E206] (#4699)
This commit is contained in:
MarkusTeufelberger
committed by
Kubernetes Prow Robot
Kubernetes Prow Robot
parent
560f50d3cd
commit
e67f848abc
@@ -1,15 +1,15 @@
|
||||
---
|
||||
- name: User | Create User Group
|
||||
group:
|
||||
name: "{{user.group|default(user.name)}}"
|
||||
system: "{{user.system|default(omit)}}"
|
||||
name: "{{ user.group|default(user.name) }}"
|
||||
system: "{{ user.system|default(omit) }}"
|
||||
|
||||
- name: User | Create User
|
||||
user:
|
||||
comment: "{{user.comment|default(omit)}}"
|
||||
createhome: "{{user.createhome|default(omit)}}"
|
||||
group: "{{user.group|default(user.name)}}"
|
||||
home: "{{user.home|default(omit)}}"
|
||||
shell: "{{user.shell|default(omit)}}"
|
||||
name: "{{user.name}}"
|
||||
system: "{{user.system|default(omit)}}"
|
||||
comment: "{{ user.comment|default(omit) }}"
|
||||
createhome: "{{ user.createhome|default(omit) }}"
|
||||
group: "{{ user.group|default(user.name) }}"
|
||||
home: "{{ user.home|default(omit) }}"
|
||||
shell: "{{ user.shell|default(omit) }}"
|
||||
name: "{{ user.name }}"
|
||||
system: "{{ user.system|default(omit) }}"
|
||||
|
||||
@@ -54,8 +54,8 @@
|
||||
- name: ensure docker-ce repository public key is installed
|
||||
action: "{{ docker_repo_key_info.pkg_key }}"
|
||||
args:
|
||||
id: "{{item}}"
|
||||
url: "{{docker_repo_key_info.url}}"
|
||||
id: "{{ item }}"
|
||||
url: "{{ docker_repo_key_info.url }}"
|
||||
state: present
|
||||
register: keyserver_task_result
|
||||
until: keyserver_task_result is succeeded
|
||||
@@ -67,7 +67,7 @@
|
||||
- name: ensure docker-ce repository is enabled
|
||||
action: "{{ docker_repo_info.pkg_repo }}"
|
||||
args:
|
||||
repo: "{{item}}"
|
||||
repo: "{{ item }}"
|
||||
state: present
|
||||
with_items: "{{ docker_repo_info.repos }}"
|
||||
when: not (ansible_os_family in ["CoreOS", "Container Linux by CoreOS", "RedHat", "Suse", "ClearLinux"] or is_atomic) and (docker_repo_info.repos|length > 0)
|
||||
@@ -75,8 +75,8 @@
|
||||
- name: ensure docker-engine repository public key is installed
|
||||
action: "{{ dockerproject_repo_key_info.pkg_key }}"
|
||||
args:
|
||||
id: "{{item}}"
|
||||
url: "{{dockerproject_repo_key_info.url}}"
|
||||
id: "{{ item }}"
|
||||
url: "{{ dockerproject_repo_key_info.url }}"
|
||||
state: present
|
||||
register: keyserver_task_result
|
||||
until: keyserver_task_result is succeeded
|
||||
@@ -90,7 +90,7 @@
|
||||
- name: ensure docker-engine repository is enabled
|
||||
action: "{{ dockerproject_repo_info.pkg_repo }}"
|
||||
args:
|
||||
repo: "{{item}}"
|
||||
repo: "{{ item }}"
|
||||
state: present
|
||||
with_items: "{{ dockerproject_repo_info.repos }}"
|
||||
when:
|
||||
@@ -123,7 +123,7 @@
|
||||
baseurl: "{{ extras_rh_repo_base_url }}"
|
||||
file: "extras"
|
||||
gpgcheck: yes
|
||||
gpgkey: "{{extras_rh_repo_gpgkey}}"
|
||||
gpgkey: "{{ extras_rh_repo_gpgkey }}"
|
||||
keepcache: "{{ docker_rpm_keepcache | default('1') }}"
|
||||
proxy: " {{ http_proxy | default('_none_') }}"
|
||||
when:
|
||||
@@ -148,10 +148,10 @@
|
||||
- name: ensure docker packages are installed
|
||||
action: "{{ docker_package_info.pkg_mgr }}"
|
||||
args:
|
||||
pkg: "{{item.name}}"
|
||||
force: "{{item.force|default(omit)}}"
|
||||
conf_file: "{{item.yum_conf|default(omit)}}"
|
||||
state: "{{item.state | default('present')}}"
|
||||
pkg: "{{ item.name }}"
|
||||
force: "{{ item.force|default(omit) }}"
|
||||
conf_file: "{{ item.yum_conf|default(omit) }}"
|
||||
state: "{{ item.state | default('present') }}"
|
||||
update_cache: "{{ omit if ansible_distribution == 'Fedora' else True }}"
|
||||
register: docker_task_result
|
||||
until: docker_task_result is succeeded
|
||||
@@ -166,7 +166,7 @@
|
||||
action: "{{ docker_package_info.pkg_mgr }}"
|
||||
args:
|
||||
name: "{{ item.name }}"
|
||||
state: "{{item.state | default('present')}}"
|
||||
state: "{{ item.state | default('present') }}"
|
||||
with_items: "{{ docker_package_info.pkgs }}"
|
||||
register: docker_task_result
|
||||
until: docker_task_result is succeeded
|
||||
@@ -185,7 +185,7 @@
|
||||
|
||||
- name: show available packages on ubuntu
|
||||
fail:
|
||||
msg: "{{available_packages}}"
|
||||
msg: "{{ available_packages }}"
|
||||
when:
|
||||
- docker_task_result is failed
|
||||
- ansible_distribution == 'Ubuntu'
|
||||
|
||||
@@ -2,11 +2,11 @@
|
||||
|
||||
- name: set dns server for docker
|
||||
set_fact:
|
||||
docker_dns_servers: "{{dns_servers}}"
|
||||
docker_dns_servers: "{{ dns_servers }}"
|
||||
|
||||
- name: show docker_dns_servers
|
||||
debug:
|
||||
msg: "{{docker_dns_servers}}"
|
||||
msg: "{{ docker_dns_servers }}"
|
||||
|
||||
- name: set base docker dns facts
|
||||
set_fact:
|
||||
|
||||
@@ -29,7 +29,7 @@ download_always_pull: False
|
||||
download_validate_certs: True
|
||||
|
||||
# Use the first kube-master if download_localhost is not set
|
||||
download_delegate: "{% if download_localhost %}localhost{% else %}{{groups['kube-master'][0]}}{% endif %}"
|
||||
download_delegate: "{% if download_localhost %}localhost{% else %}{{ groups['kube-master'][0] }}{% endif %}"
|
||||
|
||||
# Arch of Docker images and needed packages
|
||||
image_arch: "{{host_architecture | default('amd64')}}"
|
||||
|
||||
@@ -7,7 +7,7 @@
|
||||
|
||||
- name: file_download | Create dest directory
|
||||
file:
|
||||
path: "{{download.dest|dirname}}"
|
||||
path: "{{ download.dest | dirname }}"
|
||||
state: directory
|
||||
recurse: yes
|
||||
when:
|
||||
@@ -20,9 +20,9 @@
|
||||
# to one task in the future.
|
||||
- name: file_download | Download item (delegate)
|
||||
get_url:
|
||||
url: "{{download.url}}"
|
||||
dest: "{{download.dest}}"
|
||||
sha256sum: "{{download.sha256 | default(omit)}}"
|
||||
url: "{{ download.url }}"
|
||||
dest: "{{ download.dest }}"
|
||||
sha256sum: "{{ download.sha256|default(omit) }}"
|
||||
owner: "{{ download.owner|default(omit) }}"
|
||||
mode: "{{ download.mode|default(omit) }}"
|
||||
validate_certs: "{{ download_validate_certs }}"
|
||||
@@ -43,9 +43,9 @@
|
||||
|
||||
- name: file_download | Download item (all)
|
||||
get_url:
|
||||
url: "{{download.url}}"
|
||||
dest: "{{download.dest}}"
|
||||
sha256sum: "{{download.sha256 | default(omit)}}"
|
||||
url: "{{ download.url }}"
|
||||
dest: "{{ download.dest }}"
|
||||
sha256sum: "{{ download.sha256|default(omit) }}"
|
||||
owner: "{{ download.owner|default(omit) }}"
|
||||
mode: "{{ download.mode|default(omit) }}"
|
||||
validate_certs: "{{ download_validate_certs }}"
|
||||
@@ -64,8 +64,8 @@
|
||||
|
||||
- name: file_download | Extract archives
|
||||
unarchive:
|
||||
src: "{{download.dest}}"
|
||||
dest: "{{download.dest|dirname}}"
|
||||
src: "{{ download.dest }}"
|
||||
dest: "{{ download.dest |dirname }}"
|
||||
owner: "{{ download.owner|default(omit) }}"
|
||||
mode: "{{ download.mode|default(omit) }}"
|
||||
copy: no
|
||||
|
||||
@@ -11,16 +11,16 @@
|
||||
|
||||
- name: container_download | Create dest directory for saved/loaded container images
|
||||
file:
|
||||
path: "{{local_release_dir}}/containers"
|
||||
path: "{{ local_release_dir }}/containers"
|
||||
state: directory
|
||||
recurse: yes
|
||||
mode: 0755
|
||||
owner: "{{ansible_ssh_user|default(ansible_user_id)}}"
|
||||
owner: "{{ ansible_ssh_user|default(ansible_user_id) }}"
|
||||
when: download_container
|
||||
|
||||
- name: container_download | create local directory for saved/loaded container images
|
||||
file:
|
||||
path: "{{local_release_dir}}/containers"
|
||||
path: "{{ local_release_dir }}/containers"
|
||||
state: directory
|
||||
recurse: yes
|
||||
delegate_to: localhost
|
||||
|
||||
@@ -5,7 +5,7 @@
|
||||
|
||||
- set_fact:
|
||||
pull_args: >-
|
||||
{%- if pull_by_digest %}{{download.repo}}@sha256:{{download.sha256}}{%- else -%}{{download.repo}}:{{download.tag}}{%- endif -%}
|
||||
{%- if pull_by_digest %}{{ download.repo }}@sha256:{{ download.sha256 }}{%- else -%}{{ download.repo }}:{{ download.tag }}{%- endif -%}
|
||||
|
||||
- name: Register docker images info
|
||||
shell: >-
|
||||
@@ -33,7 +33,7 @@
|
||||
|
||||
- name: Check the local digest sha256 corresponds to the given image tag
|
||||
assert:
|
||||
that: "{{download.repo}}:{{download.tag}} in docker_images.stdout.split(',')"
|
||||
that: "{{ download.repo }}:{{ download.tag }} in docker_images.stdout.split(',')"
|
||||
when:
|
||||
- not download_always_pull
|
||||
- not pull_required
|
||||
|
||||
@@ -8,7 +8,7 @@
|
||||
- facts
|
||||
|
||||
- set_fact:
|
||||
fname: "{{local_release_dir}}/containers/{{download.repo|regex_replace('/|\0|:', '_')}}:{{download.tag|default(download.sha256)|regex_replace('/|\0|:', '_')}}.tar"
|
||||
fname: "{{ local_release_dir }}/containers/{{ download.repo|regex_replace('/|\0|:', '_') }}:{{ download.tag|default(download.sha256)|regex_replace('/|\0|:', '_') }}.tar"
|
||||
run_once: true
|
||||
when:
|
||||
- download.enabled
|
||||
@@ -20,7 +20,7 @@
|
||||
|
||||
- name: "container_download | Set default value for 'container_changed' to false"
|
||||
set_fact:
|
||||
container_changed: "{{pull_required|default(false)}}"
|
||||
container_changed: "{{ pull_required|default(false) }}"
|
||||
when:
|
||||
- download.enabled
|
||||
- download.container
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
---
|
||||
- name: file_download | create local download destination directory
|
||||
file:
|
||||
path: "{{download.dest|dirname}}"
|
||||
path: "{{ download.dest|dirname }}"
|
||||
state: directory
|
||||
recurse: yes
|
||||
mode: 0755
|
||||
|
||||
@@ -4,7 +4,7 @@
|
||||
paths: "{{ etcd_cert_dir }}"
|
||||
patterns: "ca.pem,node*.pem"
|
||||
get_checksum: true
|
||||
delegate_to: "{{groups['etcd'][0]}}"
|
||||
delegate_to: "{{ groups['etcd'][0] }}"
|
||||
register: etcdcert_master
|
||||
run_once: true
|
||||
|
||||
@@ -30,10 +30,10 @@
|
||||
with_items: "{{ expected_files }}"
|
||||
vars:
|
||||
expected_files: >-
|
||||
['{{etcd_cert_dir}}/ca.pem',
|
||||
['{{ etcd_cert_dir }}/ca.pem',
|
||||
{% set all_etcd_hosts = groups['k8s-cluster']|union(groups['etcd'])|union(groups['calico-rr']|default([]))|unique|sort %}
|
||||
{% for host in all_etcd_hosts %}
|
||||
'{{etcd_cert_dir}}/node-{{ host }}-key.pem'
|
||||
'{{ etcd_cert_dir }}/node-{{ host }}-key.pem'
|
||||
{% if not loop.last %}{{','}}{% endif %}
|
||||
{% endfor %}]
|
||||
|
||||
|
||||
@@ -8,7 +8,7 @@
|
||||
mode: 0700
|
||||
recurse: yes
|
||||
|
||||
- name: "Gen_certs | create etcd script dir (on {{groups['etcd'][0]}})"
|
||||
- name: "Gen_certs | create etcd script dir (on {{ groups['etcd'][0] }})"
|
||||
file:
|
||||
path: "{{ etcd_script_dir }}"
|
||||
state: directory
|
||||
@@ -16,9 +16,9 @@
|
||||
mode: 0700
|
||||
run_once: yes
|
||||
when: inventory_hostname == groups['etcd'][0]
|
||||
delegate_to: "{{groups['etcd'][0]}}"
|
||||
delegate_to: "{{ groups['etcd'][0] }}"
|
||||
|
||||
- name: "Gen_certs | create etcd cert dir (on {{groups['etcd'][0]}})"
|
||||
- name: "Gen_certs | create etcd cert dir (on {{ groups['etcd'][0] }})"
|
||||
file:
|
||||
path: "{{ etcd_cert_dir }}"
|
||||
group: "{{ etcd_cert_group }}"
|
||||
@@ -28,14 +28,14 @@
|
||||
mode: 0700
|
||||
run_once: yes
|
||||
when: inventory_hostname == groups['etcd'][0]
|
||||
delegate_to: "{{groups['etcd'][0]}}"
|
||||
delegate_to: "{{ groups['etcd'][0] }}"
|
||||
|
||||
- name: Gen_certs | write openssl config
|
||||
template:
|
||||
src: "openssl.conf.j2"
|
||||
dest: "{{ etcd_config_dir }}/openssl.conf"
|
||||
run_once: yes
|
||||
delegate_to: "{{groups['etcd'][0]}}"
|
||||
delegate_to: "{{ groups['etcd'][0] }}"
|
||||
when:
|
||||
- gen_certs|default(false)
|
||||
- inventory_hostname == groups['etcd'][0]
|
||||
@@ -46,7 +46,7 @@
|
||||
dest: "{{ etcd_script_dir }}/make-ssl-etcd.sh"
|
||||
mode: 0700
|
||||
run_once: yes
|
||||
delegate_to: "{{groups['etcd'][0]}}"
|
||||
delegate_to: "{{ groups['etcd'][0] }}"
|
||||
when:
|
||||
- gen_certs|default(false)
|
||||
- inventory_hostname == groups['etcd'][0]
|
||||
@@ -65,7 +65,7 @@
|
||||
{% endif %}
|
||||
{% endfor %}"
|
||||
run_once: yes
|
||||
delegate_to: "{{groups['etcd'][0]}}"
|
||||
delegate_to: "{{ groups['etcd'][0] }}"
|
||||
when:
|
||||
- gen_certs|default(false)
|
||||
notify: set etcd_secret_changed
|
||||
@@ -87,7 +87,7 @@
|
||||
'{{ etcd_cert_dir }}/node-{{ node }}.pem',
|
||||
'{{ etcd_cert_dir }}/node-{{ node }}-key.pem',
|
||||
{% endfor %}]"
|
||||
delegate_to: "{{groups['etcd'][0]}}"
|
||||
delegate_to: "{{ groups['etcd'][0] }}"
|
||||
when:
|
||||
- inventory_hostname in groups['etcd']
|
||||
- sync_certs|default(false)
|
||||
@@ -133,13 +133,13 @@
|
||||
no_log: true
|
||||
register: etcd_node_certs
|
||||
check_mode: no
|
||||
delegate_to: "{{groups['etcd'][0]}}"
|
||||
delegate_to: "{{ groups['etcd'][0] }}"
|
||||
when: (('calico-rr' in groups and inventory_hostname in groups['calico-rr']) or
|
||||
inventory_hostname in groups['k8s-cluster']) and
|
||||
sync_certs|default(false) and inventory_hostname not in groups['etcd']
|
||||
|
||||
- name: Gen_certs | Copy certs on nodes
|
||||
shell: "base64 -d <<< '{{etcd_node_certs.stdout|quote}}' | tar xz -C {{ etcd_cert_dir }}"
|
||||
shell: "base64 -d <<< '{{ etcd_node_certs.stdout|quote }}' | tar xz -C {{ etcd_cert_dir }}"
|
||||
args:
|
||||
executable: /bin/bash
|
||||
no_log: true
|
||||
|
||||
@@ -8,9 +8,9 @@
|
||||
set_fact:
|
||||
host_architecture: >-
|
||||
{%- if ansible_architecture in architecture_groups -%}
|
||||
{{architecture_groups[ansible_architecture]}}
|
||||
{{ architecture_groups[ansible_architecture] }}
|
||||
{%- else -%}
|
||||
{{ansible_architecture}}
|
||||
{{ ansible_architecture }}
|
||||
{% endif %}
|
||||
|
||||
- include_tasks: check_certs.yml
|
||||
|
||||
@@ -13,7 +13,7 @@
|
||||
name: "netchecker-server"
|
||||
namespace: "{{ netcheck_namespace }}"
|
||||
filename: "{{ netchecker_server_manifest.stat.path }}"
|
||||
kubectl: "{{bin_dir}}/kubectl"
|
||||
kubectl: "{{ bin_dir }}/kubectl"
|
||||
resource: "deploy"
|
||||
state: latest
|
||||
when: inventory_hostname == groups['kube-master'][0] and netchecker_server_manifest.stat.exists
|
||||
@@ -39,13 +39,13 @@
|
||||
|
||||
- name: Kubernetes Apps | Append extra templates to Netchecker Templates list for PodSecurityPolicy
|
||||
set_fact:
|
||||
netchecker_templates: "{{ netchecker_templates_for_psp + netchecker_templates}}"
|
||||
netchecker_templates: "{{ netchecker_templates_for_psp + netchecker_templates }}"
|
||||
when: podsecuritypolicy_enabled
|
||||
|
||||
- name: Kubernetes Apps | Lay Down Netchecker Template
|
||||
template:
|
||||
src: "{{item.file}}.j2"
|
||||
dest: "{{kube_config_dir}}/{{item.file}}"
|
||||
src: "{{ item.file }}.j2"
|
||||
dest: "{{ kube_config_dir }}/{{ item.file }}"
|
||||
with_items: "{{ netchecker_templates }}"
|
||||
register: manifests
|
||||
when:
|
||||
@@ -53,11 +53,11 @@
|
||||
|
||||
- name: Kubernetes Apps | Start Netchecker Resources
|
||||
kube:
|
||||
name: "{{item.item.name}}"
|
||||
namespace: "{{netcheck_namespace}}"
|
||||
kubectl: "{{bin_dir}}/kubectl"
|
||||
resource: "{{item.item.type}}"
|
||||
filename: "{{kube_config_dir}}/{{item.item.file}}"
|
||||
name: "{{ item.item.name }}"
|
||||
namespace: "{{ netcheck_namespace }}"
|
||||
kubectl: "{{ bin_dir }}/kubectl"
|
||||
resource: "{{ item.item.type }}"
|
||||
filename: "{{ kube_config_dir }}/{{ item.item.file }}"
|
||||
state: "latest"
|
||||
with_items: "{{ manifests.results }}"
|
||||
when: inventory_hostname == groups['kube-master'][0] and not item is skipped
|
||||
|
||||
@@ -41,10 +41,10 @@
|
||||
|
||||
- name: Kubernetes Apps | Add policies, roles, bindings for PodSecurityPolicy
|
||||
kube:
|
||||
name: "{{item.item.name}}"
|
||||
kubectl: "{{bin_dir}}/kubectl"
|
||||
resource: "{{item.item.type}}"
|
||||
filename: "{{kube_config_dir}}/{{item.item.file}}"
|
||||
name: "{{ item.item.name }}"
|
||||
kubectl: "{{ bin_dir }}/kubectl"
|
||||
resource: "{{ item.item.type }}"
|
||||
filename: "{{ kube_config_dir }}/{{ item.item.file }}"
|
||||
state: "latest"
|
||||
register: result
|
||||
until: result is succeeded
|
||||
@@ -69,7 +69,7 @@
|
||||
- name: Apply workaround to allow all nodes with cert O=system:nodes to register
|
||||
kube:
|
||||
name: "kubespray:system:node"
|
||||
kubectl: "{{bin_dir}}/kubectl"
|
||||
kubectl: "{{ bin_dir }}/kubectl"
|
||||
resource: "clusterrolebinding"
|
||||
filename: "{{ kube_config_dir }}/node-crb.yml"
|
||||
state: latest
|
||||
@@ -96,7 +96,7 @@
|
||||
- name: Apply webhook ClusterRole
|
||||
kube:
|
||||
name: "system:node-webhook"
|
||||
kubectl: "{{bin_dir}}/kubectl"
|
||||
kubectl: "{{ bin_dir }}/kubectl"
|
||||
resource: "clusterrole"
|
||||
filename: "{{ kube_config_dir }}/node-webhook-cr.yml"
|
||||
state: latest
|
||||
@@ -121,7 +121,7 @@
|
||||
- name: Grant system:nodes the webhook ClusterRole
|
||||
kube:
|
||||
name: "system:node-webhook"
|
||||
kubectl: "{{bin_dir}}/kubectl"
|
||||
kubectl: "{{ bin_dir }}/kubectl"
|
||||
resource: "clusterrolebinding"
|
||||
filename: "{{ kube_config_dir }}/node-webhook-crb.yml"
|
||||
state: latest
|
||||
@@ -164,7 +164,7 @@
|
||||
- name: Apply vsphere-cloud-provider ClusterRole
|
||||
kube:
|
||||
name: "system:vsphere-cloud-provider"
|
||||
kubectl: "{{bin_dir}}/kubectl"
|
||||
kubectl: "{{ bin_dir }}/kubectl"
|
||||
resource: "clusterrolebinding"
|
||||
filename: "{{ kube_config_dir }}/vsphere-rbac.yml"
|
||||
state: latest
|
||||
@@ -194,7 +194,7 @@
|
||||
- name: PriorityClass | Create k8s-cluster-critical
|
||||
kube:
|
||||
name: k8s-cluster-critical
|
||||
kubectl: "{{bin_dir}}/kubectl"
|
||||
kubectl: "{{ bin_dir }}/kubectl"
|
||||
resource: "PriorityClass"
|
||||
filename: "{{ kube_config_dir }}/k8s-cluster-critical-pc.yml"
|
||||
state: latest
|
||||
|
||||
@@ -10,7 +10,7 @@
|
||||
|
||||
- name: Apply OCI RBAC
|
||||
kube:
|
||||
kubectl: "{{bin_dir}}/kubectl"
|
||||
kubectl: "{{ bin_dir }}/kubectl"
|
||||
filename: "{{ kube_config_dir }}/oci-rbac.yml"
|
||||
when:
|
||||
- cloud_provider is defined
|
||||
|
||||
@@ -13,12 +13,12 @@
|
||||
|
||||
- name: Container Engine Acceleration Nvidia GPU | Set fact of download url Tesla
|
||||
set_fact:
|
||||
nvidia_driver_download_url_default: "{{nvidia_gpu_tesla_base_url}}{{nvidia_url_end}}"
|
||||
nvidia_driver_download_url_default: "{{ nvidia_gpu_tesla_base_url }}{{ nvidia_url_end }}"
|
||||
when: nvidia_gpu_flavor|lower == "tesla"
|
||||
|
||||
- name: Container Engine Acceleration Nvidia GPU | Set fact of download url GTX
|
||||
set_fact:
|
||||
nvidia_driver_download_url_default: "{{nvidia_gpu_gtx_base_url}}{{nvidia_url_end}}"
|
||||
nvidia_driver_download_url_default: "{{ nvidia_gpu_gtx_base_url }}{{ nvidia_url_end }}"
|
||||
when: nvidia_gpu_flavor|lower == "gtx"
|
||||
|
||||
- name: Container Engine Acceleration Nvidia GPU | Create addon dir
|
||||
@@ -49,6 +49,6 @@
|
||||
filename: "{{ kube_config_dir }}/addons/container_engine_accelerator/{{ item.item.file }}"
|
||||
state: "latest"
|
||||
with_items:
|
||||
- "{{container_engine_accelerator_manifests.results}}"
|
||||
- "{{ container_engine_accelerator_manifests.results }}"
|
||||
when:
|
||||
- inventory_hostname == groups['kube-master'][0] and nvidia_driver_install_container and nvidia_driver_install_supported
|
||||
|
||||
@@ -9,7 +9,7 @@
|
||||
delegate_to: "{{ item[0] }}"
|
||||
with_nested:
|
||||
- "{{ groups['k8s-cluster'] }}"
|
||||
- "{{ local_volume_provisioner_storage_classes.keys() | list}}"
|
||||
- "{{ local_volume_provisioner_storage_classes.keys() | list }}"
|
||||
|
||||
- name: Local Volume Provisioner | Create addon dir
|
||||
file:
|
||||
|
||||
@@ -1,15 +1,15 @@
|
||||
---
|
||||
- name: "Gen_helm_tiller_certs | Create helm config directory (on {{groups['kube-master'][0]}})"
|
||||
- name: "Gen_helm_tiller_certs | Create helm config directory (on {{ groups['kube-master'][0] }})"
|
||||
run_once: yes
|
||||
delegate_to: "{{groups['kube-master'][0]}}"
|
||||
delegate_to: "{{ groups['kube-master'][0] }}"
|
||||
file:
|
||||
path: "{{ helm_config_dir }}"
|
||||
state: directory
|
||||
owner: kube
|
||||
|
||||
- name: "Gen_helm_tiller_certs | Create helm script directory (on {{groups['kube-master'][0]}})"
|
||||
- name: "Gen_helm_tiller_certs | Create helm script directory (on {{ groups['kube-master'][0] }})"
|
||||
run_once: yes
|
||||
delegate_to: "{{groups['kube-master'][0]}}"
|
||||
delegate_to: "{{ groups['kube-master'][0] }}"
|
||||
file:
|
||||
path: "{{ helm_script_dir }}"
|
||||
state: directory
|
||||
@@ -17,24 +17,24 @@
|
||||
|
||||
- name: Gen_helm_tiller_certs | Copy certs generation script
|
||||
run_once: yes
|
||||
delegate_to: "{{groups['kube-master'][0]}}"
|
||||
delegate_to: "{{ groups['kube-master'][0] }}"
|
||||
template:
|
||||
src: "helm-make-ssl.sh.j2"
|
||||
dest: "{{ helm_script_dir }}/helm-make-ssl.sh"
|
||||
mode: 0700
|
||||
|
||||
- name: "Check_helm_certs | check if helm client certs have already been generated on first master (on {{groups['kube-master'][0]}})"
|
||||
- name: "Check_helm_certs | check if helm client certs have already been generated on first master (on {{ groups['kube-master'][0] }})"
|
||||
find:
|
||||
paths: "{{ helm_home_dir }}"
|
||||
patterns: "*.pem"
|
||||
get_checksum: true
|
||||
delegate_to: "{{groups['kube-master'][0]}}"
|
||||
delegate_to: "{{ groups['kube-master'][0] }}"
|
||||
register: helmcert_master
|
||||
run_once: true
|
||||
|
||||
- name: Gen_helm_tiller_certs | run cert generation script
|
||||
run_once: yes
|
||||
delegate_to: "{{groups['kube-master'][0]}}"
|
||||
delegate_to: "{{ groups['kube-master'][0] }}"
|
||||
command: "{{ helm_script_dir }}/helm-make-ssl.sh -e {{ helm_home_dir }} -d {{ helm_tiller_cert_dir }}"
|
||||
|
||||
- set_fact:
|
||||
@@ -64,7 +64,7 @@
|
||||
no_log: true
|
||||
register: helm_client_cert_data
|
||||
check_mode: no
|
||||
delegate_to: "{{groups['kube-master'][0]}}"
|
||||
delegate_to: "{{ groups['kube-master'][0] }}"
|
||||
when: sync_helm_certs|default(false) and inventory_hostname != groups['kube-master'][0]
|
||||
|
||||
- name: Gen_helm_tiller_certs | Use tempfile for unpacking certs on masters
|
||||
@@ -78,8 +78,8 @@
|
||||
|
||||
- name: Gen_helm_tiller_certs | Write helm client certs to tempfile
|
||||
copy:
|
||||
content: "{{helm_client_cert_data.stdout}}"
|
||||
dest: "{{helm_cert_tempfile.path}}"
|
||||
content: "{{ helm_client_cert_data.stdout }}"
|
||||
dest: "{{ helm_cert_tempfile.path }}"
|
||||
owner: root
|
||||
mode: "0600"
|
||||
when: sync_helm_certs|default(false) and inventory_hostname != groups['kube-master'][0]
|
||||
@@ -93,7 +93,7 @@
|
||||
|
||||
- name: Gen_helm_tiller_certs | Cleanup tempfile on masters
|
||||
file:
|
||||
path: "{{helm_cert_tempfile.path}}"
|
||||
path: "{{ helm_cert_tempfile.path }}"
|
||||
state: absent
|
||||
when: sync_helm_certs|default(false) and inventory_hostname != groups['kube-master'][0]
|
||||
|
||||
|
||||
@@ -7,8 +7,8 @@
|
||||
|
||||
- name: Helm | Lay Down Helm Manifests (RBAC)
|
||||
template:
|
||||
src: "{{item.file}}.j2"
|
||||
dest: "{{kube_config_dir}}/{{item.file}}"
|
||||
src: "{{ item.file }}.j2"
|
||||
dest: "{{ kube_config_dir }}/{{ item.file }}"
|
||||
with_items:
|
||||
- {name: tiller, file: tiller-namespace.yml, type: namespace}
|
||||
- {name: tiller, file: tiller-sa.yml, type: sa}
|
||||
@@ -20,11 +20,11 @@
|
||||
|
||||
- name: Helm | Apply Helm Manifests (RBAC)
|
||||
kube:
|
||||
name: "{{item.item.name}}"
|
||||
name: "{{ item.item.name }}"
|
||||
namespace: "{{ tiller_namespace }}"
|
||||
kubectl: "{{bin_dir}}/kubectl"
|
||||
resource: "{{item.item.type}}"
|
||||
filename: "{{kube_config_dir}}/{{item.item.file}}"
|
||||
kubectl: "{{ bin_dir }}/kubectl"
|
||||
resource: "{{ item.item.type }}"
|
||||
filename: "{{ kube_config_dir }}/{{ item.item.file }}"
|
||||
state: "latest"
|
||||
with_items: "{{ manifests.results }}"
|
||||
when:
|
||||
@@ -56,7 +56,7 @@
|
||||
{% endif %}
|
||||
register: install_helm
|
||||
changed_when: false
|
||||
environment: "{{proxy_env}}"
|
||||
environment: "{{ proxy_env }}"
|
||||
|
||||
# FIXME: https://github.com/helm/helm/issues/4063
|
||||
- name: Helm | Force apply tiller overrides if necessary
|
||||
@@ -73,12 +73,12 @@
|
||||
{% if tiller_secure_release_info %} --override 'spec.template.spec.containers[0].command'='{/tiller,--storage=secret}' {% endif %}
|
||||
{% if tiller_wait %} --wait{% endif %}
|
||||
--output yaml
|
||||
| {{bin_dir}}/kubectl apply -f -
|
||||
| {{ bin_dir }}/kubectl apply -f -
|
||||
changed_when: false
|
||||
when:
|
||||
- (tiller_override is defined and tiller_override) or (kube_version is version('v1.11.1', '>='))
|
||||
- inventory_hostname == groups['kube-master'][0]
|
||||
environment: "{{proxy_env}}"
|
||||
environment: "{{ proxy_env }}"
|
||||
|
||||
- name: Make sure bash_completion.d folder exists
|
||||
file:
|
||||
|
||||
@@ -1,11 +1,11 @@
|
||||
---
|
||||
- name: Start Calico resources
|
||||
kube:
|
||||
name: "{{item.item.name}}"
|
||||
name: "{{ item.item.name }}"
|
||||
namespace: "kube-system"
|
||||
kubectl: "{{bin_dir}}/kubectl"
|
||||
resource: "{{item.item.type}}"
|
||||
filename: "{{kube_config_dir}}/{{item.item.file}}"
|
||||
kubectl: "{{ bin_dir }}/kubectl"
|
||||
resource: "{{ item.item.type }}"
|
||||
filename: "{{ kube_config_dir }}/{{ item.item.file }}"
|
||||
state: "latest"
|
||||
with_items:
|
||||
- "{{ calico_node_manifests.results }}"
|
||||
|
||||
@@ -1,11 +1,11 @@
|
||||
---
|
||||
- name: Canal | Start Resources
|
||||
kube:
|
||||
name: "{{item.item.name}}"
|
||||
name: "{{ item.item.name }}"
|
||||
namespace: "kube-system"
|
||||
kubectl: "{{bin_dir}}/kubectl"
|
||||
resource: "{{item.item.type}}"
|
||||
filename: "{{kube_config_dir}}/{{item.item.file}}"
|
||||
kubectl: "{{ bin_dir }}/kubectl"
|
||||
resource: "{{ item.item.type }}"
|
||||
filename: "{{ kube_config_dir }}/{{ item.item.file }}"
|
||||
state: "latest"
|
||||
with_items: "{{ canal_manifests.results }}"
|
||||
when: inventory_hostname == groups['kube-master'][0] and not item is skipped
|
||||
|
||||
@@ -1,17 +1,17 @@
|
||||
---
|
||||
- name: Cilium | Start Resources
|
||||
kube:
|
||||
name: "{{item.item.name}}"
|
||||
name: "{{ item.item.name }}"
|
||||
namespace: "kube-system"
|
||||
kubectl: "{{bin_dir}}/kubectl"
|
||||
resource: "{{item.item.type}}"
|
||||
filename: "{{kube_config_dir}}/{{item.item.file}}"
|
||||
kubectl: "{{ bin_dir }}/kubectl"
|
||||
resource: "{{ item.item.type }}"
|
||||
filename: "{{ kube_config_dir }}/{{ item.item.file }}"
|
||||
state: "latest"
|
||||
with_items: "{{ cilium_node_manifests.results }}"
|
||||
when: inventory_hostname == groups['kube-master'][0] and not item is skipped
|
||||
|
||||
- name: Cilium | Wait for pods to run
|
||||
command: "{{bin_dir}}/kubectl -n kube-system get pods -l k8s-app=cilium -o jsonpath='{.items[?(@.status.containerStatuses[0].ready==false)].metadata.name}'" # noqa 601
|
||||
command: "{{ bin_dir }}/kubectl -n kube-system get pods -l k8s-app=cilium -o jsonpath='{.items[?(@.status.containerStatuses[0].ready==false)].metadata.name}'" # noqa 601
|
||||
register: pods_not_ready
|
||||
until: pods_not_ready.stdout.find("cilium")==-1
|
||||
retries: 30
|
||||
|
||||
@@ -1,11 +1,11 @@
|
||||
---
|
||||
- name: Flannel | Start Resources
|
||||
kube:
|
||||
name: "{{item.item.name}}"
|
||||
name: "{{ item.item.name }}"
|
||||
namespace: "kube-system"
|
||||
kubectl: "{{bin_dir}}/kubectl"
|
||||
resource: "{{item.item.type}}"
|
||||
filename: "{{kube_config_dir}}/{{item.item.file}}"
|
||||
kubectl: "{{ bin_dir }}/kubectl"
|
||||
resource: "{{ item.item.type }}"
|
||||
filename: "{{ kube_config_dir }}/{{ item.item.file }}"
|
||||
state: "latest"
|
||||
with_items: "{{ flannel_node_manifests.results }}"
|
||||
when: inventory_hostname == groups['kube-master'][0] and not item is skipped
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
- inventory_hostname == groups['kube-master'][0]
|
||||
|
||||
- name: kube-router | Wait for kube-router pods to be ready
|
||||
command: "{{bin_dir}}/kubectl -n kube-system get pods -l k8s-app=kube-router -o jsonpath='{.items[?(@.status.containerStatuses[0].ready==false)].metadata.name}'" # noqa 601
|
||||
command: "{{ bin_dir }}/kubectl -n kube-system get pods -l k8s-app=kube-router -o jsonpath='{.items[?(@.status.containerStatuses[0].ready==false)].metadata.name}'" # noqa 601
|
||||
register: pods_not_ready
|
||||
until: pods_not_ready.stdout.find("kube-router")==-1
|
||||
retries: 30
|
||||
|
||||
@@ -1,11 +1,11 @@
|
||||
---
|
||||
- name: Multus | Start resources
|
||||
kube:
|
||||
name: "{{item.item.name}}"
|
||||
name: "{{ item.item.name }}"
|
||||
namespace: "kube-system"
|
||||
kubectl: "{{bin_dir}}/kubectl"
|
||||
resource: "{{item.item.type}}"
|
||||
filename: "{{kube_config_dir}}/{{item.item.file}}"
|
||||
kubectl: "{{ bin_dir }}/kubectl"
|
||||
resource: "{{ item.item.type }}"
|
||||
filename: "{{ kube_config_dir }}/{{ item.item.file }}"
|
||||
state: "latest"
|
||||
with_items: "{{ multus_manifest_1.results }} + {{multus_manifest_2.results }}"
|
||||
with_items: "{{ multus_manifest_1.results }} + {{ multus_manifest_2.results }}"
|
||||
when: inventory_hostname == groups['kube-master'][0] and not item|skipped
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
- name: Kubernetes Persistent Volumes | Lay down OpenStack Cinder Storage Class template
|
||||
template:
|
||||
src: "openstack-storage-class.yml.j2"
|
||||
dest: "{{kube_config_dir}}/openstack-storage-class.yml"
|
||||
dest: "{{ kube_config_dir }}/openstack-storage-class.yml"
|
||||
register: manifests
|
||||
when:
|
||||
- inventory_hostname == groups['kube-master'][0]
|
||||
@@ -10,9 +10,9 @@
|
||||
- name: Kubernetes Persistent Volumes | Add OpenStack Cinder Storage Class
|
||||
kube:
|
||||
name: storage-class
|
||||
kubectl: "{{bin_dir}}/kubectl"
|
||||
kubectl: "{{ bin_dir }}/kubectl"
|
||||
resource: StorageClass
|
||||
filename: "{{kube_config_dir}}/openstack-storage-class.yml"
|
||||
filename: "{{ kube_config_dir }}/openstack-storage-class.yml"
|
||||
state: "latest"
|
||||
when:
|
||||
- inventory_hostname == groups['kube-master'][0]
|
||||
|
||||
@@ -10,8 +10,8 @@
|
||||
|
||||
- name: Create calico-kube-controllers manifests
|
||||
template:
|
||||
src: "{{item.file}}.j2"
|
||||
dest: "{{kube_config_dir}}/{{item.file}}"
|
||||
src: "{{ item.file }}.j2"
|
||||
dest: "{{ kube_config_dir }}/{{ item.file }}"
|
||||
with_items:
|
||||
- {name: calico-kube-controllers, file: calico-kube-controllers.yml, type: deployment}
|
||||
- {name: calico-kube-controllers, file: calico-kube-sa.yml, type: sa}
|
||||
@@ -24,11 +24,11 @@
|
||||
|
||||
- name: Start of Calico kube controllers
|
||||
kube:
|
||||
name: "{{item.item.name}}"
|
||||
name: "{{ item.item.name }}"
|
||||
namespace: "kube-system"
|
||||
kubectl: "{{bin_dir}}/kubectl"
|
||||
resource: "{{item.item.type}}"
|
||||
filename: "{{kube_config_dir}}/{{item.item.file}}"
|
||||
kubectl: "{{ bin_dir }}/kubectl"
|
||||
resource: "{{ item.item.type }}"
|
||||
filename: "{{ kube_config_dir }}/{{ item.item.file }}"
|
||||
state: "latest"
|
||||
with_items:
|
||||
- "{{ calico_kube_manifests.results }}"
|
||||
|
||||
@@ -77,7 +77,7 @@
|
||||
- name: Join to cluster
|
||||
command: >-
|
||||
{{ bin_dir }}/kubeadm join
|
||||
--config {{ kube_config_dir}}/kubeadm-client.conf
|
||||
--config {{ kube_config_dir }}/kubeadm-client.conf
|
||||
--ignore-preflight-errors=DirAvailable--etc-kubernetes-manifests
|
||||
register: kubeadm_join
|
||||
async: 120
|
||||
@@ -88,7 +88,7 @@
|
||||
- name: Join to cluster with ignores
|
||||
command: >-
|
||||
{{ bin_dir }}/kubeadm join
|
||||
--config {{ kube_config_dir}}/kubeadm-client.conf
|
||||
--config {{ kube_config_dir }}/kubeadm-client.conf
|
||||
--ignore-preflight-errors=all
|
||||
register: kubeadm_join
|
||||
async: 60
|
||||
|
||||
@@ -12,12 +12,12 @@
|
||||
|
||||
- name: Base 64 Decode slurped secrets_encryption.yaml file
|
||||
set_fact:
|
||||
secret_file_decoded: "{{secret_file_encoded['content'] | b64decode | from_yaml}}"
|
||||
secret_file_decoded: "{{ secret_file_encoded['content'] | b64decode | from_yaml }}"
|
||||
when: secrets_encryption_file.stat.exists
|
||||
|
||||
- name: Extract secret value from secrets_encryption.yaml
|
||||
set_fact:
|
||||
kube_encrypt_token_extracted: "{{ secret_file_decoded | json_query(secrets_encryption_query) | first | b64decode}}"
|
||||
kube_encrypt_token_extracted: "{{ secret_file_decoded | json_query(secrets_encryption_query) | first | b64decode }}"
|
||||
when: secrets_encryption_file.stat.exists
|
||||
|
||||
- name: Set kube_encrypt_token across master nodes
|
||||
|
||||
@@ -5,7 +5,7 @@
|
||||
{%- if "127.0.0.1" in kube_apiserver_endpoint or "localhost" in kube_apiserver_endpoint -%}
|
||||
{{ first_kube_master }}:{{ kube_apiserver_port }}
|
||||
{%- else -%}
|
||||
{{ kube_apiserver_endpoint | regex_replace('https://', '')}}
|
||||
{{ kube_apiserver_endpoint | regex_replace('https://', '') }}
|
||||
{%- endif %}
|
||||
tags:
|
||||
- facts
|
||||
@@ -21,15 +21,15 @@
|
||||
|
||||
- name: Wait for k8s apiserver
|
||||
wait_for:
|
||||
host: "{{kubeadm_discovery_address.split(':')[0]}}"
|
||||
port: "{{kubeadm_discovery_address.split(':')[1]}}"
|
||||
host: "{{ kubeadm_discovery_address.split(':')[0] }}"
|
||||
port: "{{ kubeadm_discovery_address.split(':')[1] }}"
|
||||
timeout: 180
|
||||
|
||||
|
||||
- name: Upload certificates so they are fresh and not expired
|
||||
command: >-
|
||||
{{ bin_dir }}/kubeadm init phase
|
||||
--config {{ kube_config_dir}}/kubeadm-config.yaml
|
||||
--config {{ kube_config_dir }}/kubeadm-config.yaml
|
||||
upload-certs --experimental-upload-certs
|
||||
{% if kubeadm_certificate_key is defined %}
|
||||
--certificate-key={{ kubeadm_certificate_key }}
|
||||
@@ -46,7 +46,7 @@
|
||||
- name: Joining control plane node to the cluster.
|
||||
command: >-
|
||||
{{ bin_dir }}/kubeadm join
|
||||
--config {{ kube_config_dir}}/kubeadm-controlplane.yaml
|
||||
--config {{ kube_config_dir }}/kubeadm-controlplane.yaml
|
||||
--ignore-preflight-errors=all
|
||||
{% if kubeadm_certificate_key is defined %}
|
||||
--certificate-key={{ kubeadm_certificate_key }}
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
stat:
|
||||
path: "{{ kube_cert_dir }}/apiserver.pem"
|
||||
register: old_apiserver_cert
|
||||
delegate_to: "{{groups['kube-master']|first}}"
|
||||
delegate_to: "{{ groups['kube-master'] | first }}"
|
||||
run_once: true
|
||||
|
||||
- name: kubeadm | Migrate old certs if necessary
|
||||
@@ -41,14 +41,14 @@
|
||||
|
||||
- name: kubeadm | Delete old static pods
|
||||
file:
|
||||
path: "{{ kube_config_dir }}/manifests/{{item}}.manifest"
|
||||
path: "{{ kube_config_dir }}/manifests/{{ item }}.manifest"
|
||||
state: absent
|
||||
with_items: ["kube-apiserver", "kube-controller-manager", "kube-scheduler", "kube-proxy"]
|
||||
when:
|
||||
- old_apiserver_cert.stat.exists
|
||||
|
||||
- name: kubeadm | Forcefully delete old static pods
|
||||
shell: "docker ps -f name=k8s_{{item}} -q | xargs --no-run-if-empty docker rm -f"
|
||||
shell: "docker ps -f name=k8s_{{ item }} -q | xargs --no-run-if-empty docker rm -f"
|
||||
with_items: ["kube-apiserver", "kube-controller-manager", "kube-scheduler"]
|
||||
when:
|
||||
- old_apiserver_cert.stat.exists
|
||||
@@ -147,7 +147,7 @@
|
||||
retries: 5
|
||||
delay: 5
|
||||
until: temp_token is succeeded
|
||||
delegate_to: "{{groups['kube-master']|first}}"
|
||||
delegate_to: "{{ groups['kube-master'] | first }}"
|
||||
when: kubeadm_token is not defined
|
||||
tags:
|
||||
- kubeadm_token
|
||||
@@ -190,6 +190,6 @@
|
||||
# FIXME(mattymo): from docs: If you don't want to taint your control-plane node, set this field to an empty slice, i.e. `taints: {}` in the YAML file.
|
||||
- name: kubeadm | Remove taint for master with node role
|
||||
command: "{{ bin_dir }}/kubectl --kubeconfig {{ kube_config_dir }}/admin.conf taint node {{ inventory_hostname }} node-role.kubernetes.io/master:NoSchedule-"
|
||||
delegate_to: "{{groups['kube-master']|first}}"
|
||||
delegate_to: "{{ groups['kube-master'] | first }}"
|
||||
when: inventory_hostname in groups['kube-node']
|
||||
failed_when: false
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
---
|
||||
- name: "Pre-upgrade | Delete master manifests if etcd secrets changed"
|
||||
file:
|
||||
path: "/etc/kubernetes/manifests/{{item}}.manifest"
|
||||
path: "/etc/kubernetes/manifests/{{ item }}.manifest"
|
||||
state: absent
|
||||
with_items:
|
||||
- ["kube-apiserver", "kube-controller-manager", "kube-scheduler"]
|
||||
@@ -9,7 +9,7 @@
|
||||
when: etcd_secret_changed|default(false)
|
||||
|
||||
- name: "Pre-upgrade | Delete master containers forcefully"
|
||||
shell: "docker ps -af name=k8s_{{item}}* -q | xargs --no-run-if-empty docker rm -f"
|
||||
shell: "docker ps -af name=k8s_{{ item }}* -q | xargs --no-run-if-empty docker rm -f"
|
||||
with_items:
|
||||
- ["kube-apiserver", "kube-controller-manager", "kube-scheduler"]
|
||||
when: kube_apiserver_manifest_replaced.changed
|
||||
|
||||
@@ -56,7 +56,7 @@
|
||||
|
||||
- name: check azure_loadbalancer_sku value
|
||||
fail:
|
||||
msg: "azure_loadbalancer_sku has an invalid value '{{azure_loadbalancer_sku}}'. Supported values are 'basic', 'standard'"
|
||||
msg: "azure_loadbalancer_sku has an invalid value '{{ azure_loadbalancer_sku }}'. Supported values are 'basic', 'standard'"
|
||||
when: azure_loadbalancer_sku not in ["basic", "standard"]
|
||||
|
||||
- name: "check azure_exclude_master_from_standard_lb is a bool"
|
||||
|
||||
@@ -65,7 +65,7 @@
|
||||
- name: Verify if br_netfilter module exists
|
||||
shell: "modinfo br_netfilter"
|
||||
environment:
|
||||
PATH: "{{ ansible_env.PATH}}:/sbin" # Make sure we can workaround RH's conservative path management
|
||||
PATH: "{{ ansible_env.PATH }}:/sbin" # Make sure we can workaround RH's conservative path management
|
||||
register: modinfo_br_netfilter
|
||||
failed_when: modinfo_br_netfilter.rc not in [0, 1]
|
||||
changed_when: false
|
||||
|
||||
@@ -6,7 +6,7 @@ Wants=docker.socket
|
||||
|
||||
[Service]
|
||||
User=root
|
||||
EnvironmentFile=-{{kube_config_dir}}/kubelet.env
|
||||
EnvironmentFile=-{{ kube_config_dir }}/kubelet.env
|
||||
ExecStartPre=-/bin/mkdir -p {{ kubelet_flexvolumes_plugins_dir }}
|
||||
ExecStart={{ bin_dir }}/kubelet \
|
||||
$KUBE_LOGTOSTDERR \
|
||||
|
||||
@@ -35,7 +35,7 @@
|
||||
- name: "Stop if known booleans are set as strings (Use JSON format on CLI: -e \"{'key': true }\")"
|
||||
assert:
|
||||
that: item.value|type_debug == 'bool'
|
||||
msg: "{{item.value}} isn't a bool"
|
||||
msg: "{{ item.value }} isn't a bool"
|
||||
run_once: yes
|
||||
with_items:
|
||||
- { name: download_run_once, value: "{{ download_run_once }}" }
|
||||
|
||||
@@ -8,9 +8,9 @@
|
||||
set_fact:
|
||||
host_architecture: >-
|
||||
{%- if ansible_architecture in architecture_groups -%}
|
||||
{{architecture_groups[ansible_architecture]}}
|
||||
{{ architecture_groups[ansible_architecture] }}
|
||||
{%- else -%}
|
||||
{{ansible_architecture}}
|
||||
{{ ansible_architecture }}
|
||||
{% endif %}
|
||||
|
||||
- name: Force binaries directory for Container Linux by CoreOS
|
||||
@@ -46,7 +46,7 @@
|
||||
- set_fact:
|
||||
bogus_domains: |-
|
||||
{% for d in [ 'default.svc.' + dns_domain, 'svc.' + dns_domain ] + searchdomains|default([]) -%}
|
||||
{{dns_domain}}.{{d}}./{{d}}.{{d}}./com.{{d}}./
|
||||
{{ dns_domain }}.{{ d }}./{{ d }}.{{ d }}./com.{{ d }}./
|
||||
{%- endfor %}
|
||||
cloud_resolver: >-
|
||||
{%- if cloud_provider is defined and cloud_provider == 'gce' -%}
|
||||
@@ -139,9 +139,9 @@
|
||||
- name: generate nameservers to resolvconf
|
||||
set_fact:
|
||||
nameserverentries:
|
||||
nameserver {{( coredns_server + nameservers|d([]) + cloud_resolver|d([])) | join(',nameserver ')}}
|
||||
nameserver {{ ( coredns_server + nameservers|d([]) + cloud_resolver|d([])) | join(',nameserver ') }}
|
||||
supersede_nameserver:
|
||||
supersede domain-name-servers {{( coredns_server + nameservers|d([]) + cloud_resolver|d([])) | join(', ') }};
|
||||
supersede domain-name-servers {{ ( coredns_server + nameservers|d([]) + cloud_resolver|d([])) | join(', ') }};
|
||||
|
||||
- name: gather os specific variables
|
||||
include_vars: "{{ item }}"
|
||||
|
||||
@@ -17,7 +17,7 @@
|
||||
- master
|
||||
- node
|
||||
with_items:
|
||||
- "{{bin_dir}}"
|
||||
- "{{ bin_dir }}"
|
||||
- "{{ kube_config_dir }}"
|
||||
- "{{ kube_cert_dir }}"
|
||||
- "{{ kube_manifest_dir }}"
|
||||
|
||||
@@ -5,7 +5,7 @@
|
||||
|
||||
- name: Add domain/search/nameservers/options to resolv.conf
|
||||
blockinfile:
|
||||
path: "{{resolvconffile}}"
|
||||
path: "{{ resolvconffile }}"
|
||||
block: |-
|
||||
{% for item in [domainentry] + [searchentries] + nameserverentries.split(',') -%}
|
||||
{{ item }}
|
||||
@@ -22,7 +22,7 @@
|
||||
|
||||
- name: Remove search/domain/nameserver options before block
|
||||
replace:
|
||||
dest: "{{item[0]}}"
|
||||
dest: "{{ item[0] }}"
|
||||
regexp: '^{{ item[1] }}[^#]*(?=# Ansible entries BEGIN)'
|
||||
backup: yes
|
||||
follow: yes
|
||||
@@ -33,7 +33,7 @@
|
||||
|
||||
- name: Remove search/domain/nameserver options after block
|
||||
replace:
|
||||
dest: "{{item[0]}}"
|
||||
dest: "{{ item[0] }}"
|
||||
regexp: '(# Ansible entries END\n(?:(?!^{{ item[1] }}).*\n)*)(?:^{{ item[1] }}.*\n?)+'
|
||||
replace: '\1'
|
||||
backup: yes
|
||||
@@ -51,7 +51,7 @@
|
||||
|
||||
- name: persist resolvconf cloud init file
|
||||
template:
|
||||
dest: "{{resolveconf_cloud_init_conf}}"
|
||||
dest: "{{ resolveconf_cloud_init_conf }}"
|
||||
src: resolvconf.j2
|
||||
owner: root
|
||||
mode: 0644
|
||||
|
||||
@@ -31,14 +31,14 @@
|
||||
|
||||
- name: Stat sysctl file configuration
|
||||
stat:
|
||||
path: "{{sysctl_file_path}}"
|
||||
path: "{{ sysctl_file_path }}"
|
||||
register: sysctl_file_stat
|
||||
tags:
|
||||
- bootstrap-os
|
||||
|
||||
- name: Change sysctl file path to link source if linked
|
||||
set_fact:
|
||||
sysctl_file_path: "{{sysctl_file_stat.stat.lnk_source}}"
|
||||
sysctl_file_path: "{{ sysctl_file_stat.stat.lnk_source }}"
|
||||
when:
|
||||
- sysctl_file_stat.stat.islnk is defined
|
||||
- sysctl_file_stat.stat.islnk
|
||||
@@ -52,7 +52,7 @@
|
||||
|
||||
- name: Enable ip forwarding
|
||||
sysctl:
|
||||
sysctl_file: "{{sysctl_file_path}}"
|
||||
sysctl_file: "{{ sysctl_file_path }}"
|
||||
name: net.ipv4.ip_forward
|
||||
value: 1
|
||||
state: present
|
||||
|
||||
@@ -5,7 +5,7 @@
|
||||
block: |-
|
||||
{% for item in (groups['k8s-cluster'] + groups['etcd'] + groups['calico-rr']|default([]))|unique -%}
|
||||
{% if 'access_ip' in hostvars[item] or 'ip' in hostvars[item] or fallback_ips[item] != "skip" -%}
|
||||
{{ hostvars[item]['access_ip'] | default(hostvars[item]['ip'] | default(fallback_ips[item]))}}
|
||||
{{ hostvars[item]['access_ip'] | default(hostvars[item]['ip'] | default(fallback_ips[item])) }}
|
||||
{%- if ('ansible_hostname' in hostvars[item] and item != hostvars[item]['ansible_hostname']) %} {{ hostvars[item]['ansible_hostname'] }}.{{ dns_domain }} {{ hostvars[item]['ansible_hostname'] }}{% endif %} {{ item }} {{ item }}.{{ dns_domain }}
|
||||
{% endif %}
|
||||
{% endfor %}
|
||||
|
||||
@@ -5,7 +5,7 @@
|
||||
{% for item in [ supersede_domain, supersede_search, supersede_nameserver ] -%}
|
||||
{{ item }}
|
||||
{% endfor %}
|
||||
path: "{{dhclientconffile}}"
|
||||
path: "{{ dhclientconffile }}"
|
||||
create: yes
|
||||
state: present
|
||||
insertbefore: BOF
|
||||
|
||||
@@ -5,7 +5,7 @@
|
||||
|
||||
- name: Remove kubespray specific config from dhclient config
|
||||
blockinfile:
|
||||
path: "{{dhclientconffile}}"
|
||||
path: "{{ dhclientconffile }}"
|
||||
state: absent
|
||||
backup: yes
|
||||
marker: "# Ansible entries {mark}"
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
- name: "Check_tokens | check if the tokens have already been generated on first master"
|
||||
stat:
|
||||
path: "{{ kube_token_dir }}/known_tokens.csv"
|
||||
delegate_to: "{{groups['kube-master'][0]}}"
|
||||
delegate_to: "{{ groups['kube-master'][0] }}"
|
||||
register: known_tokens_master
|
||||
run_once: true
|
||||
|
||||
|
||||
@@ -5,7 +5,7 @@
|
||||
dest: "{{ kube_script_dir }}/kube-gen-token.sh"
|
||||
mode: 0700
|
||||
run_once: yes
|
||||
delegate_to: "{{groups['kube-master'][0]}}"
|
||||
delegate_to: "{{ groups['kube-master'][0] }}"
|
||||
when: gen_tokens|default(false)
|
||||
|
||||
- name: Gen_tokens | generate tokens for master components
|
||||
@@ -18,7 +18,7 @@
|
||||
register: gentoken_master
|
||||
changed_when: "'Added' in gentoken_master.stdout"
|
||||
run_once: yes
|
||||
delegate_to: "{{groups['kube-master'][0]}}"
|
||||
delegate_to: "{{ groups['kube-master'][0] }}"
|
||||
when: gen_tokens|default(false)
|
||||
|
||||
- name: Gen_tokens | generate tokens for node components
|
||||
@@ -31,14 +31,14 @@
|
||||
register: gentoken_node
|
||||
changed_when: "'Added' in gentoken_node.stdout"
|
||||
run_once: yes
|
||||
delegate_to: "{{groups['kube-master'][0]}}"
|
||||
delegate_to: "{{ groups['kube-master'][0] }}"
|
||||
when: gen_tokens|default(false)
|
||||
|
||||
- name: Gen_tokens | Get list of tokens from first master
|
||||
shell: "(find {{ kube_token_dir }} -maxdepth 1 -type f)"
|
||||
register: tokens_list
|
||||
check_mode: no
|
||||
delegate_to: "{{groups['kube-master'][0]}}"
|
||||
delegate_to: "{{ groups['kube-master'][0] }}"
|
||||
run_once: true
|
||||
when: sync_tokens|default(false)
|
||||
|
||||
@@ -48,7 +48,7 @@
|
||||
warn: false
|
||||
register: tokens_data
|
||||
check_mode: no
|
||||
delegate_to: "{{groups['kube-master'][0]}}"
|
||||
delegate_to: "{{ groups['kube-master'][0] }}"
|
||||
run_once: true
|
||||
when: sync_tokens|default(false)
|
||||
|
||||
|
||||
@@ -376,7 +376,7 @@ contiv_global_neighbor_as: "500"
|
||||
fallback_ips_base: |
|
||||
---
|
||||
{% for item in groups['k8s-cluster'] + groups['etcd'] + groups['calico-rr']|default([])|unique %}
|
||||
{{item}}: "{{ hostvars[item].get('ansible_default_ipv4', {'address': '127.0.0.1'})['address'] }}"
|
||||
{{ item }}: "{{ hostvars[item].get('ansible_default_ipv4', {'address': '127.0.0.1'})['address'] }}"
|
||||
{% endfor %}
|
||||
fallback_ips: "{{ fallback_ips_base | from_yaml }}"
|
||||
|
||||
|
||||
@@ -61,7 +61,7 @@
|
||||
ETCDCTL_KEY: "{{ etcd_cert_dir }}/admin-{{ groups['etcd'][0] }}-key.pem"
|
||||
retries: 4
|
||||
delay: "{{ retry_stagger | random + 3 }}"
|
||||
delegate_to: "{{groups['etcd'][0]}}"
|
||||
delegate_to: "{{ groups['etcd'][0] }}"
|
||||
when:
|
||||
- calico_version is version("v3.0.0", ">=")
|
||||
|
||||
@@ -79,7 +79,7 @@
|
||||
ETCDCTL_KEY_FILE: "{{ etcd_cert_dir }}/admin-{{ groups['etcd'][0] }}-key.pem"
|
||||
retries: 4
|
||||
delay: "{{ retry_stagger | random + 3 }}"
|
||||
delegate_to: "{{groups['etcd'][0]}}"
|
||||
delegate_to: "{{ groups['etcd'][0] }}"
|
||||
when:
|
||||
- calico_version is version("v3.0.0", "<")
|
||||
|
||||
|
||||
@@ -155,7 +155,7 @@
|
||||
- calico_version is version('v3.0.0', '>=')
|
||||
|
||||
- name: Calico | Set global as_num (legacy)
|
||||
command: "{{ bin_dir}}/calicoctl.sh config set asNumber {{ global_as_num }}"
|
||||
command: "{{ bin_dir }}/calicoctl.sh config set asNumber {{ global_as_num }}"
|
||||
run_once: true
|
||||
when:
|
||||
- calico_version is version('v3.0.0', '<')
|
||||
@@ -301,7 +301,7 @@
|
||||
"name": "{{ inventory_hostname }}-{{ hostvars[item]["calico_rr_ip"]|default(hostvars[item]["ip"])|default(fallback_ips[item]) }}"
|
||||
},
|
||||
"spec": {
|
||||
"asNumber": "{{ local_as | default(global_as_num)}}",
|
||||
"asNumber": "{{ local_as | default(global_as_num) }}",
|
||||
"node": "{{ inventory_hostname }}",
|
||||
"peerIP": "{{ hostvars[item]["calico_rr_ip"]|default(hostvars[item]["ip"])|default(fallback_ips[item]) }}"
|
||||
}}' | {{ bin_dir }}/calicoctl.sh create --skip-exists -f -
|
||||
@@ -319,7 +319,7 @@
|
||||
shell: >
|
||||
echo '{
|
||||
"kind": "bgpPeer",
|
||||
"spec": {"asNumber": "{{ local_as | default(global_as_num)}}"},
|
||||
"spec": {"asNumber": "{{ local_as | default(global_as_num) }}"},
|
||||
"apiVersion": "v1",
|
||||
"metadata": {"node": "{{ inventory_hostname }}",
|
||||
"scope": "node",
|
||||
@@ -338,8 +338,8 @@
|
||||
|
||||
- name: Calico | Create calico manifests
|
||||
template:
|
||||
src: "{{item.file}}.j2"
|
||||
dest: "{{kube_config_dir}}/{{item.file}}"
|
||||
src: "{{ item.file }}.j2"
|
||||
dest: "{{ kube_config_dir }}/{{ item.file }}"
|
||||
with_items:
|
||||
- {name: calico-config, file: calico-config.yml, type: cm}
|
||||
- {name: calico-node, file: calico-node.yml, type: ds}
|
||||
@@ -353,8 +353,8 @@
|
||||
|
||||
- name: Calico | Create calico manifests for kdd
|
||||
template:
|
||||
src: "{{item.file}}.j2"
|
||||
dest: "{{kube_config_dir}}/{{item.file}}"
|
||||
src: "{{ item.file }}.j2"
|
||||
dest: "{{ kube_config_dir }}/{{ item.file }}"
|
||||
with_items:
|
||||
- {name: calico, file: kdd-crds.yml, type: kdd}
|
||||
register: calico_node_kdd_manifest
|
||||
@@ -364,8 +364,8 @@
|
||||
|
||||
- name: Calico | Create calico manifests for typha
|
||||
template:
|
||||
src: "{{item.file}}.j2"
|
||||
dest: "{{kube_config_dir}}/{{item.file}}"
|
||||
src: "{{ item.file }}.j2"
|
||||
dest: "{{ kube_config_dir }}/{{ item.file }}"
|
||||
with_items:
|
||||
- {name: calico, file: calico-typha.yml, type: typha}
|
||||
register: calico_node_typha_manifest
|
||||
|
||||
@@ -7,7 +7,7 @@
|
||||
owner: root
|
||||
group: root
|
||||
force: yes
|
||||
environment: "{{proxy_env}}"
|
||||
environment: "{{ proxy_env }}"
|
||||
- name: "Create etcdv2 and etcdv3 calicoApiConfig"
|
||||
template:
|
||||
src: "{{ item }}-store.yml.j2"
|
||||
|
||||
@@ -31,7 +31,7 @@
|
||||
'{ "Network": "{{ kube_pods_subnet }}", "SubnetLen": {{ kube_network_node_prefix }}, "Backend": { "Type": "{{ flannel_backend_type }}" } }'
|
||||
retries: 4
|
||||
delay: "{{ retry_stagger | random + 3 }}"
|
||||
delegate_to: "{{groups['etcd'][0]}}"
|
||||
delegate_to: "{{ groups['etcd'][0] }}"
|
||||
changed_when: false
|
||||
run_once: true
|
||||
environment:
|
||||
@@ -40,8 +40,8 @@
|
||||
|
||||
- name: Canal | Create canal node manifests
|
||||
template:
|
||||
src: "{{item.file}}.j2"
|
||||
dest: "{{kube_config_dir}}/{{item.file}}"
|
||||
src: "{{ item.file }}.j2"
|
||||
dest: "{{ kube_config_dir }}/{{ item.file }}"
|
||||
with_items:
|
||||
- {name: canal-config, file: canal-config.yaml, type: cm}
|
||||
- {name: canal-node, file: canal-node.yaml, type: ds}
|
||||
|
||||
@@ -27,8 +27,8 @@
|
||||
|
||||
- name: Cilium | Create Cilium node manifests
|
||||
template:
|
||||
src: "{{item.file}}.j2"
|
||||
dest: "{{kube_config_dir}}/{{item.file}}"
|
||||
src: "{{ item.file }}.j2"
|
||||
dest: "{{ kube_config_dir }}/{{ item.file }}"
|
||||
with_items:
|
||||
- {name: cilium, file: cilium-config.yml, type: cm}
|
||||
- {name: cilium, file: cilium-crb.yml, type: clusterrolebinding}
|
||||
|
||||
@@ -1,8 +1,8 @@
|
||||
---
|
||||
- name: Flannel | Create Flannel manifests
|
||||
template:
|
||||
src: "{{item.file}}.j2"
|
||||
dest: "{{kube_config_dir}}/{{item.file}}"
|
||||
src: "{{ item.file }}.j2"
|
||||
dest: "{{ kube_config_dir }}/{{ item.file }}"
|
||||
with_items:
|
||||
- {name: flannel, file: cni-flannel-rbac.yml, type: sa}
|
||||
- {name: kube-flannel, file: cni-flannel.yml, type: ds}
|
||||
|
||||
@@ -1,21 +1,21 @@
|
||||
---
|
||||
- name: kube-router | Add annotations on kube-master
|
||||
command: "{{bin_dir}}/kubectl annotate --overwrite node {{ ansible_hostname }} {{ item }}"
|
||||
command: "{{ bin_dir }}/kubectl annotate --overwrite node {{ ansible_hostname }} {{ item }}"
|
||||
with_items:
|
||||
- "{{ kube_router_annotations_master }}"
|
||||
delegate_to: "{{groups['kube-master'][0]}}"
|
||||
delegate_to: "{{ groups['kube-master'][0] }}"
|
||||
when: kube_router_annotations_master is defined and inventory_hostname in groups['kube-master']
|
||||
|
||||
- name: kube-router | Add annotations on kube-node
|
||||
command: "{{bin_dir}}/kubectl annotate --overwrite node {{ ansible_hostname }} {{ item }}"
|
||||
command: "{{ bin_dir }}/kubectl annotate --overwrite node {{ ansible_hostname }} {{ item }}"
|
||||
with_items:
|
||||
- "{{ kube_router_annotations_node }}"
|
||||
delegate_to: "{{groups['kube-master'][0]}}"
|
||||
delegate_to: "{{ groups['kube-master'][0] }}"
|
||||
when: kube_router_annotations_node is defined and inventory_hostname in groups['kube-node']
|
||||
|
||||
- name: kube-router | Add common annotations on all servers
|
||||
command: "{{bin_dir}}/kubectl annotate --overwrite node {{ ansible_hostname }} {{ item }}"
|
||||
command: "{{ bin_dir }}/kubectl annotate --overwrite node {{ ansible_hostname }} {{ item }}"
|
||||
with_items:
|
||||
- "{{ kube_router_annotations_all }}"
|
||||
delegate_to: "{{groups['kube-master'][0]}}"
|
||||
delegate_to: "{{ groups['kube-master'][0] }}"
|
||||
when: kube_router_annotations_all is defined and inventory_hostname in groups['all']
|
||||
@@ -32,7 +32,7 @@
|
||||
- old_etcd_members is defined
|
||||
|
||||
- name: Remove old cluster members
|
||||
shell: "{{ bin_dir}}/etcdctl --endpoints={{ etcd_access_addresses }} member remove {{ item[1].replace(' ','').split(',')[0] }}"
|
||||
shell: "{{ bin_dir }}/etcdctl --endpoints={{ etcd_access_addresses }} member remove {{ item[1].replace(' ','').split(',')[0] }}"
|
||||
environment:
|
||||
- ETCDCTL_API: 3
|
||||
- ETCDCTL_CA_FILE: /etc/ssl/etcd/ssl/ca.pem
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
---
|
||||
|
||||
- name: Delete node
|
||||
command: "{{ bin_dir}}/kubectl delete node {{ item }}"
|
||||
command: "{{ bin_dir }}/kubectl delete node {{ item }}"
|
||||
with_items:
|
||||
- "{{ node.split(',') | default(groups['kube-node']) }}"
|
||||
delegate_to: "{{ groups['kube-master']|first }}"
|
||||
|
||||
@@ -118,7 +118,7 @@
|
||||
- mounts
|
||||
|
||||
- name: reset | unmount kubelet dirs
|
||||
command: umount -f {{item}}
|
||||
command: umount -f {{ item }}
|
||||
with_items: '{{ mounted_dirs.stdout_lines }}'
|
||||
register: umount_dir
|
||||
retries: 4
|
||||
@@ -170,7 +170,7 @@
|
||||
path: "{{ item }}"
|
||||
state: absent
|
||||
with_items:
|
||||
- "{{kube_config_dir}}"
|
||||
- "{{ kube_config_dir }}"
|
||||
- /var/lib/kubelet
|
||||
- /root/.kube
|
||||
- /root/.helm
|
||||
|
||||
@@ -16,11 +16,11 @@
|
||||
|
||||
# Due to https://github.com/kubernetes/kubernetes/issues/58212 we cannot rely on exit code for "kubectl patch"
|
||||
- name: Check current nodeselector for kube-proxy daemonset
|
||||
shell: "{{bin_dir}}/kubectl --kubeconfig {{ kube_config_dir }}/admin.conf get ds kube-proxy --namespace=kube-system -o jsonpath='{.spec.template.spec.nodeSelector.beta.kubernetes.io/os}'"
|
||||
shell: "{{ bin_dir }}/kubectl --kubeconfig {{ kube_config_dir }}/admin.conf get ds kube-proxy --namespace=kube-system -o jsonpath='{.spec.template.spec.nodeSelector.beta.kubernetes.io/os}'"
|
||||
register: current_kube_proxy_state
|
||||
|
||||
- name: Apply nodeselector patch for kube-proxy daemonset
|
||||
shell: "{{bin_dir}}/kubectl --kubeconfig {{ kube_config_dir }}/admin.conf patch ds kube-proxy --namespace=kube-system --type=strategic -p \"$(cat nodeselector-os-linux-patch.json)\""
|
||||
shell: "{{ bin_dir }}/kubectl --kubeconfig {{ kube_config_dir }}/admin.conf patch ds kube-proxy --namespace=kube-system --type=strategic -p \"$(cat nodeselector-os-linux-patch.json)\""
|
||||
args:
|
||||
chdir: "{{ kubernetes_user_manifests_path }}"
|
||||
register: patch_kube_proxy_state
|
||||
|
||||
Reference in New Issue
Block a user