From be70ab72bbbb86801ad7d0c6f03684868c329da7 Mon Sep 17 00:00:00 2001 From: hybris Date: Fri, 25 Jan 2019 18:54:52 +0100 Subject: [PATCH] Separate tasks in kubernetes role --- 2-setup-kubernetes.yml | 7 +- roles/kubernetes/tasks/firewalld.yml | 35 ++++ roles/kubernetes/tasks/main.yml | 249 ++++++++--------------- roles/kubernetes/tasks/update_kernel.yml | 30 +++ roles/terraform/tasks/main.yml | 105 +++++----- 5 files changed, 202 insertions(+), 224 deletions(-) create mode 100644 roles/kubernetes/tasks/firewalld.yml create mode 100644 roles/kubernetes/tasks/update_kernel.yml diff --git a/2-setup-kubernetes.yml b/2-setup-kubernetes.yml index 55e038c..76c22cf 100644 --- a/2-setup-kubernetes.yml +++ b/2-setup-kubernetes.yml @@ -1,5 +1,7 @@ --- -- hosts: kubernetes +- hosts: + - k8s-masters + - k8s-nodes remote_user: hybris become: yes @@ -10,7 +12,4 @@ roles: - dns - proxy - - network - kubernetes - -# TODO: set ipv6 static so it will stick even on reboots diff --git a/roles/kubernetes/tasks/firewalld.yml b/roles/kubernetes/tasks/firewalld.yml new file mode 100644 index 0000000..46e3f8f --- /dev/null +++ b/roles/kubernetes/tasks/firewalld.yml @@ -0,0 +1,35 @@ +--- +######################## +#### FIREWALL TASKS #### +######################## + +# ## kubernetes requirements + +# - name: enable port 6443/tcp +# firewalld: +# port: 6443/tcp +# permanent: yes +# state: enabled + +# - name: enable port 10250/tcp +# firewalld: +# port: 10250/tcp +# permanent: yes +# state: enabled + +# - name: enable port 6443/udp +# firewalld: +# port: 6443/udp +# permanent: yes +# state: enabled + +# - name: enable port 10250/udp +# firewalld: +# port: 10250/udp +# permanent: yes +# state: enabled + +# ## reload firewalld after setting rules + +# - name: reload firewalld +# shell: firewall-cmd --reload diff --git a/roles/kubernetes/tasks/main.yml b/roles/kubernetes/tasks/main.yml index 918d274..9c24edd 100644 --- a/roles/kubernetes/tasks/main.yml +++ b/roles/kubernetes/tasks/main.yml @@ -1,181 +1,106 @@ --- -####################### -#### NETWORK TASKS #### -####################### - - name: set static ipv6 for hosts - lineinfile: - path: /etc/sysconfig/network-scripts/ifcfg-eth0 - line: {{ item.line }} - regexp: {{ item.regexp }} - with_items: - - { regexp: "^IPV6INIT=", line: "IPV6INIT=yes" } - - { regexp: "^IPV6AUTOCONF=", line: "IPV6AUTOCONF=no" } - - { regexp: "^IPV6ADDR=", line: "IPV6ADDR={{ host_ipv6 }}"} - - { regexp: "^IPV6_DEFAULTGW=", line: "IPV6_DEFAULTGW={{ network_default_gw }}"} +- name: upgrade all packages + yum: + name: '*' + state: latest - - name: reboot - reboot: +- name: permanently disable selinux + lineinfile: + dest: /etc/sysconfig/selinux + regexp: "^SELINUX=" + line: "SELINUX=disabled" -######################## -#### FIREWALL TASKS #### -######################## +- name: temporarily disable swap + shell: swapoff -a -# ## kubernetes requirements +- name: permanently disable swap + lineinfile: + dest: /etc/fstab + regexp: "^/dev/mapper/centos-swap" + line: "# /dev/mapper/centos-swap swap swap defaults 0 0" -# - name: enable port 6443/tcp -# firewalld: -# port: 6443/tcp -# permanent: yes -# state: enabled +- name: activate kernel module + shell: modprobe br_netfilter -# - name: enable port 10250/tcp -# firewalld: -# port: 10250/tcp -# permanent: yes -# state: enabled +- name: enable bridge-nf-call-iptables + sysctl: + name: net.bridge.bridge-nf-call-iptables + value: 1 + sysctl_set: yes + state: present + reload: yes -# - name: enable port 6443/udp -# firewalld: -# port: 6443/udp -# permanent: yes -# state: enabled +- name: enable bridge-nf-call-ip6tables + sysctl: + name: net.bridge.bridge-nf-call-ip6tables + value: 1 + sysctl_set: yes + state: present + reload: yes -# - name: enable port 10250/udp -# firewalld: -# port: 10250/udp -# permanent: yes -# state: enabled +- name: enable ipv6 default forwarding + sysctl: + name: net.ipv6.conf.default.forwarding + value: 1 + sysctl_set: yes + state: present + reload: yes -# ## reload firewalld after setting rules - -# - name: reload firewalld -# shell: firewall-cmd --reload - -###################### -#### UPDATE TASKS #### -###################### - - - name: upgrade all packages - yum: - name: '*' - state: latest - -###################### -#### KERNEL TASKS #### -###################### +- name: add docker-ce yum repository + shell: yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo -# TODO: get rid of inline http_proxy and fetch repo with the yum-repository ansible module - - name: import elrepo gpg key - shell: rpm -httpproxy http://[2001:470:6d:22c::1]:3128 --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org +- name: copy kubernetes repo config + copy: + src: ../files/kubernetes.repo + dest: /etc/yum.repos.d/kubernetes.repo - - name: enable elrepo-release rpm - shell: rpm -httpproxy http://[2001:470:6d:22c::1]:3128 -Uvh http://www.elrepo.org/elrepo-release-7.0-3.el7.elrepo.noarch.rpm +- name: create cni config directory + file: + path: /etc/cni/net.d + state: directory - # - name: Add repository - # yum_repository: - # name: elrepo-kernel - # description: elrepo-release - # baseurl: http://www.elrepo.org/elrepo-release-7.0-3.el7.elrepo.noarch.rpm +# TODO: this +# - name: copy cni config +# template: +# src: "../files/####CNI CONFIG####" +# dest: /etc/cni/net.d/####CNI CONFIG#### +# owner: root +# group: root +# with_items: "{{ kubernetes }}" - - name: install mainline kernel - shell: yum --enablerepo=elrepo-kernel install kernel-ml -y +- name: install packages + yum: + name: + - yum-utils + - device-mapper-persistent-data + - lvm2 + - docker-ce + - kubelet + - kubeadm + - kubectl + - kubernetes-cni + state: present - - name: set default kernel version in grub - lineinfile: - dest: /etc/default/grub - regexp: "^GRUB_DEFAULT" - line: "GRUB_DEFAULT=0" +- name: set cgroup + lineinfile: + dest: /etc/systemd/system/kubelet.service.d/10-kubeadm.conf + regexp: "^cgroup-driver=" + line: "cgroup-driver=cgroupfs" - - name: write grub config - shell: grub2-mkconfig -o /boot/grub2/grub.cfg +- name: force systemd to reread configs and restart service docker + systemd: + name: docker + enabled: yes + state: restarted -#################### -#### MAIN TASKS #### -#################### +- name: force systemd to reread configs and restart service kubelet + systemd: + name: kubelet + enabled: yes + state: restarted + daemon_reload: yes - - name: permanently disable selinux - lineinfile: - dest: /etc/sysconfig/selinux - regexp: "^SELINUX=" - line: "SELINUX=disabled" - - - name: temporarily disable swap - shell: swapoff -a - - - name: permanently disable swap - lineinfile: - dest: /etc/fstab - regexp: "^/dev/mapper/centos-swap" - line: "# /dev/mapper/centos-swap swap swap defaults 0 0" - - - name: activate kernel module - shell: modprobe br_netfilter - - - name: enable bridge-nf-call-iptables - sysctl: - name: net.bridge.bridge-nf-call-iptables - value: 1 - sysctl_set: yes - state: present - reload: yes - - - name: enable bridge-nf-call-ip6tables - sysctl: - name: net.bridge.bridge-nf-call-ip6tables - value: 1 - sysctl_set: yes - state: present - reload: yes - - - name: enable ipv6 default forwarding - sysctl: - name: net.ipv6.conf.default.forwarding - value: 1 - sysctl_set: yes - state: present - reload: yes - - - name: add docker-ce yum repository - shell: yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo - - - - name: copy kubernetes repo config - copy: - src: ../files/kubernetes.repo - dest: /etc/yum.repos.d/kubernetes.repo - - - name: install packages - yum: - name: - - yum-utils - - device-mapper-persistent-data - - lvm2 - - docker-ce - - kubelet - - kubeadm - - kubectl - state: present - - - name: set cgroup - lineinfile: - dest: /etc/systemd/system/kubelet.service.d/10-kubeadm.conf - regexp: "^cgroup-driver=" - line: "cgroup-driver=cgroupfs" - - - name: force systemd to reread configs and restart service kubelet - systemd: - name: docker - enabled: yes - state: restarted - - - name: force systemd to reread configs and restart service kubelet - systemd: - name: kubelet - enabled: yes - state: restarted - daemon_reload: yes - - - name: reboot - reboot: \ No newline at end of file +- name: reboot + reboot: \ No newline at end of file diff --git a/roles/kubernetes/tasks/update_kernel.yml b/roles/kubernetes/tasks/update_kernel.yml new file mode 100644 index 0000000..3007393 --- /dev/null +++ b/roles/kubernetes/tasks/update_kernel.yml @@ -0,0 +1,30 @@ +--- +###################### +#### KERNEL TASKS #### +###################### + + +# TODO: get rid of inline http_proxy and fetch repo with the yum-repository ansible module +- name: import elrepo gpg key + shell: rpm -httpproxy http://[2001:470:6d:22c::1]:3128 --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org + +- name: enable elrepo-release rpm + shell: rpm -httpproxy http://[2001:470:6d:22c::1]:3128 -Uvh http://www.elrepo.org/elrepo-release-7.0-3.el7.elrepo.noarch.rpm + +# - name: Add repository +# yum_repository: +# name: elrepo-kernel +# description: elrepo-release +# baseurl: http://www.elrepo.org/elrepo-release-7.0-3.el7.elrepo.noarch.rpm + +- name: install mainline kernel + shell: yum --enablerepo=elrepo-kernel install kernel-ml -y + +- name: set default kernel version in grub + lineinfile: + dest: /etc/default/grub + regexp: "^GRUB_DEFAULT" + line: "GRUB_DEFAULT=0" + +- name: write grub config + shell: grub2-mkconfig -o /boot/grub2/grub.cfg \ No newline at end of file diff --git a/roles/terraform/tasks/main.yml b/roles/terraform/tasks/main.yml index 4979a0f..717b8ba 100644 --- a/roles/terraform/tasks/main.yml +++ b/roles/terraform/tasks/main.yml @@ -1,67 +1,56 @@ --- - - name: install packages - yum: - name: - - libvirt-devel - - git - - gcc - - unzip - state: present - become: yes - - name: download and install terraform 0.11.11 release - unarchive: - src: https://releases.hashicorp.com/terraform/0.11.11/terraform_0.11.11_linux_amd64.zip - dest: /usr/local/bin - remote_src: yes - become: yes +- name: remove files and directories + file: + path: "/home/{{ ansible_ssh_user }}/terraform/" + state: "{{ item }}" + with_items: + - absent + - directory - - name: download and install golang 1.11.4 release - unarchive: - src: https://dl.google.com/go/go1.11.4.linux-amd64.tar.gz - dest: /usr/local - remote_src: yes - become: yes +- name: "download qcow2 cloud image" + copy: + src: "/home/{{ ansible_ssh_user }}/images/{{ source_cloud_image_name }}" + dest: "/home/{{ ansible_ssh_user }}/terraform/{{ source_cloud_image_name }}" + remote_src: yes - - name: export path - lineinfile: - path: /etc/profile - regexp: '^export PATH=$PATH:/usr/local/go/bin' - line: 'export PATH=$PATH:/usr/local/go/bin' - become: yes +- name: create vm definitions + template: + src: "../files/cloud-init.tf.j2" + dest: "/home/{{ ansible_ssh_user }}/terraform/{{ item.hostname }}.tf" + owner: "{{ ansible_ssh_user }}" + group: "{{ ansible_ssh_user }}" + with_items: "{{ kubernetes }}" - - name: go get terraform-provider-libvirt - shell: /usr/local/go/bin/go get github.com/dmacvicar/terraform-provider-libvirt +- name: create cloud-init config + template: + src: "../files/cloud-init.cfg.j2" + dest: "/home/{{ ansible_ssh_user }}/terraform/{{ item.hostname }}.cloud_init.cfg" + owner: "{{ ansible_ssh_user }}" + group: "{{ ansible_ssh_user }}" + with_items: "{{ kubernetes }}" - - name: go install terraform-provider-libvirt - shell: /usr/local/go/bin/go install - args: - chdir: /home/{{ remote_user }}/go/src/github.com/dmacvicar/terraform-provider-libvirt +- name: create cloud-init network config + template: + src: "../files/cloud-init-network.cfg.j2" + dest: "/home/{{ ansible_ssh_user }}/terraform/{{ item.hostname }}.cloud_init_network.cfg" + owner: "{{ ansible_ssh_user }}" + group: "{{ ansible_ssh_user }}" + with_items: "{{ kubernetes }}" - - name: create terraform config directory - file: - path: /home/{{ remote_user }}/.terraform.d/ - state: directory +- name: create libvirt_provider config + template: + src: "../files/libvirt_provider.tf.j2" + dest: "/home/{{ ansible_ssh_user }}/terraform/libvirt_provider.tf" + owner: "{{ ansible_ssh_user }}" + group: "{{ ansible_ssh_user }}" - - name: create terraform plugin directory - file: - path: /home/{{ remote_user }}/.terraform.d/plugins - state: directory +- name: initialize terraform + shell: terraform init + args: + chdir: /home/{{ ansible_ssh_user }}/terraform/ - - name: install terraform-provider-libvirt - copy: - src: /home/{{ remote_user }}/go/bin/terraform-provider-libvirt - dest: /home/{{ remote_user }}/.terraform.d/plugins/terraform-provider-libvirt - mode: 0777 - owner: {{ remote_user }} - remote_src: yes - - - name: delete terraform directory - file: - path: /home/{{ remote_user }}/terraform - state: absent - - - name: create terraform directory - file: - path: /home/{{ remote_user }}/terraform - state: directory +- name: terraform deploy + terraform: + project_path: /home/{{ ansible_ssh_user }}/terraform + state: present