Separate tasks in kubernetes role
This commit is contained in:
parent
07afd3f694
commit
be70ab72bb
5 changed files with 202 additions and 224 deletions
35
roles/kubernetes/tasks/firewalld.yml
Normal file
35
roles/kubernetes/tasks/firewalld.yml
Normal file
|
|
@ -0,0 +1,35 @@
|
|||
---
|
||||
########################
|
||||
#### FIREWALL TASKS ####
|
||||
########################
|
||||
|
||||
# ## kubernetes requirements
|
||||
|
||||
# - name: enable port 6443/tcp
|
||||
# firewalld:
|
||||
# port: 6443/tcp
|
||||
# permanent: yes
|
||||
# state: enabled
|
||||
|
||||
# - name: enable port 10250/tcp
|
||||
# firewalld:
|
||||
# port: 10250/tcp
|
||||
# permanent: yes
|
||||
# state: enabled
|
||||
|
||||
# - name: enable port 6443/udp
|
||||
# firewalld:
|
||||
# port: 6443/udp
|
||||
# permanent: yes
|
||||
# state: enabled
|
||||
|
||||
# - name: enable port 10250/udp
|
||||
# firewalld:
|
||||
# port: 10250/udp
|
||||
# permanent: yes
|
||||
# state: enabled
|
||||
|
||||
# ## reload firewalld after setting rules
|
||||
|
||||
# - name: reload firewalld
|
||||
# shell: firewall-cmd --reload
|
||||
|
|
@ -1,181 +1,106 @@
|
|||
---
|
||||
#######################
|
||||
#### NETWORK TASKS ####
|
||||
#######################
|
||||
|
||||
- name: set static ipv6 for hosts
|
||||
lineinfile:
|
||||
path: /etc/sysconfig/network-scripts/ifcfg-eth0
|
||||
line: {{ item.line }}
|
||||
regexp: {{ item.regexp }}
|
||||
with_items:
|
||||
- { regexp: "^IPV6INIT=", line: "IPV6INIT=yes" }
|
||||
- { regexp: "^IPV6AUTOCONF=", line: "IPV6AUTOCONF=no" }
|
||||
- { regexp: "^IPV6ADDR=", line: "IPV6ADDR={{ host_ipv6 }}"}
|
||||
- { regexp: "^IPV6_DEFAULTGW=", line: "IPV6_DEFAULTGW={{ network_default_gw }}"}
|
||||
- name: upgrade all packages
|
||||
yum:
|
||||
name: '*'
|
||||
state: latest
|
||||
|
||||
- name: reboot
|
||||
reboot:
|
||||
- name: permanently disable selinux
|
||||
lineinfile:
|
||||
dest: /etc/sysconfig/selinux
|
||||
regexp: "^SELINUX="
|
||||
line: "SELINUX=disabled"
|
||||
|
||||
########################
|
||||
#### FIREWALL TASKS ####
|
||||
########################
|
||||
- name: temporarily disable swap
|
||||
shell: swapoff -a
|
||||
|
||||
# ## kubernetes requirements
|
||||
- name: permanently disable swap
|
||||
lineinfile:
|
||||
dest: /etc/fstab
|
||||
regexp: "^/dev/mapper/centos-swap"
|
||||
line: "# /dev/mapper/centos-swap swap swap defaults 0 0"
|
||||
|
||||
# - name: enable port 6443/tcp
|
||||
# firewalld:
|
||||
# port: 6443/tcp
|
||||
# permanent: yes
|
||||
# state: enabled
|
||||
- name: activate kernel module
|
||||
shell: modprobe br_netfilter
|
||||
|
||||
# - name: enable port 10250/tcp
|
||||
# firewalld:
|
||||
# port: 10250/tcp
|
||||
# permanent: yes
|
||||
# state: enabled
|
||||
- name: enable bridge-nf-call-iptables
|
||||
sysctl:
|
||||
name: net.bridge.bridge-nf-call-iptables
|
||||
value: 1
|
||||
sysctl_set: yes
|
||||
state: present
|
||||
reload: yes
|
||||
|
||||
# - name: enable port 6443/udp
|
||||
# firewalld:
|
||||
# port: 6443/udp
|
||||
# permanent: yes
|
||||
# state: enabled
|
||||
- name: enable bridge-nf-call-ip6tables
|
||||
sysctl:
|
||||
name: net.bridge.bridge-nf-call-ip6tables
|
||||
value: 1
|
||||
sysctl_set: yes
|
||||
state: present
|
||||
reload: yes
|
||||
|
||||
# - name: enable port 10250/udp
|
||||
# firewalld:
|
||||
# port: 10250/udp
|
||||
# permanent: yes
|
||||
# state: enabled
|
||||
- name: enable ipv6 default forwarding
|
||||
sysctl:
|
||||
name: net.ipv6.conf.default.forwarding
|
||||
value: 1
|
||||
sysctl_set: yes
|
||||
state: present
|
||||
reload: yes
|
||||
|
||||
# ## reload firewalld after setting rules
|
||||
|
||||
# - name: reload firewalld
|
||||
# shell: firewall-cmd --reload
|
||||
|
||||
######################
|
||||
#### UPDATE TASKS ####
|
||||
######################
|
||||
|
||||
- name: upgrade all packages
|
||||
yum:
|
||||
name: '*'
|
||||
state: latest
|
||||
|
||||
######################
|
||||
#### KERNEL TASKS ####
|
||||
######################
|
||||
- name: add docker-ce yum repository
|
||||
shell: yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
|
||||
|
||||
|
||||
# TODO: get rid of inline http_proxy and fetch repo with the yum-repository ansible module
|
||||
- name: import elrepo gpg key
|
||||
shell: rpm -httpproxy http://[2001:470:6d:22c::1]:3128 --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org
|
||||
- name: copy kubernetes repo config
|
||||
copy:
|
||||
src: ../files/kubernetes.repo
|
||||
dest: /etc/yum.repos.d/kubernetes.repo
|
||||
|
||||
- name: enable elrepo-release rpm
|
||||
shell: rpm -httpproxy http://[2001:470:6d:22c::1]:3128 -Uvh http://www.elrepo.org/elrepo-release-7.0-3.el7.elrepo.noarch.rpm
|
||||
- name: create cni config directory
|
||||
file:
|
||||
path: /etc/cni/net.d
|
||||
state: directory
|
||||
|
||||
# - name: Add repository
|
||||
# yum_repository:
|
||||
# name: elrepo-kernel
|
||||
# description: elrepo-release
|
||||
# baseurl: http://www.elrepo.org/elrepo-release-7.0-3.el7.elrepo.noarch.rpm
|
||||
# TODO: this
|
||||
# - name: copy cni config
|
||||
# template:
|
||||
# src: "../files/####CNI CONFIG####"
|
||||
# dest: /etc/cni/net.d/####CNI CONFIG####
|
||||
# owner: root
|
||||
# group: root
|
||||
# with_items: "{{ kubernetes }}"
|
||||
|
||||
- name: install mainline kernel
|
||||
shell: yum --enablerepo=elrepo-kernel install kernel-ml -y
|
||||
- name: install packages
|
||||
yum:
|
||||
name:
|
||||
- yum-utils
|
||||
- device-mapper-persistent-data
|
||||
- lvm2
|
||||
- docker-ce
|
||||
- kubelet
|
||||
- kubeadm
|
||||
- kubectl
|
||||
- kubernetes-cni
|
||||
state: present
|
||||
|
||||
- name: set default kernel version in grub
|
||||
lineinfile:
|
||||
dest: /etc/default/grub
|
||||
regexp: "^GRUB_DEFAULT"
|
||||
line: "GRUB_DEFAULT=0"
|
||||
- name: set cgroup
|
||||
lineinfile:
|
||||
dest: /etc/systemd/system/kubelet.service.d/10-kubeadm.conf
|
||||
regexp: "^cgroup-driver="
|
||||
line: "cgroup-driver=cgroupfs"
|
||||
|
||||
- name: write grub config
|
||||
shell: grub2-mkconfig -o /boot/grub2/grub.cfg
|
||||
- name: force systemd to reread configs and restart service docker
|
||||
systemd:
|
||||
name: docker
|
||||
enabled: yes
|
||||
state: restarted
|
||||
|
||||
####################
|
||||
#### MAIN TASKS ####
|
||||
####################
|
||||
- name: force systemd to reread configs and restart service kubelet
|
||||
systemd:
|
||||
name: kubelet
|
||||
enabled: yes
|
||||
state: restarted
|
||||
daemon_reload: yes
|
||||
|
||||
- name: permanently disable selinux
|
||||
lineinfile:
|
||||
dest: /etc/sysconfig/selinux
|
||||
regexp: "^SELINUX="
|
||||
line: "SELINUX=disabled"
|
||||
|
||||
- name: temporarily disable swap
|
||||
shell: swapoff -a
|
||||
|
||||
- name: permanently disable swap
|
||||
lineinfile:
|
||||
dest: /etc/fstab
|
||||
regexp: "^/dev/mapper/centos-swap"
|
||||
line: "# /dev/mapper/centos-swap swap swap defaults 0 0"
|
||||
|
||||
- name: activate kernel module
|
||||
shell: modprobe br_netfilter
|
||||
|
||||
- name: enable bridge-nf-call-iptables
|
||||
sysctl:
|
||||
name: net.bridge.bridge-nf-call-iptables
|
||||
value: 1
|
||||
sysctl_set: yes
|
||||
state: present
|
||||
reload: yes
|
||||
|
||||
- name: enable bridge-nf-call-ip6tables
|
||||
sysctl:
|
||||
name: net.bridge.bridge-nf-call-ip6tables
|
||||
value: 1
|
||||
sysctl_set: yes
|
||||
state: present
|
||||
reload: yes
|
||||
|
||||
- name: enable ipv6 default forwarding
|
||||
sysctl:
|
||||
name: net.ipv6.conf.default.forwarding
|
||||
value: 1
|
||||
sysctl_set: yes
|
||||
state: present
|
||||
reload: yes
|
||||
|
||||
- name: add docker-ce yum repository
|
||||
shell: yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
|
||||
|
||||
|
||||
- name: copy kubernetes repo config
|
||||
copy:
|
||||
src: ../files/kubernetes.repo
|
||||
dest: /etc/yum.repos.d/kubernetes.repo
|
||||
|
||||
- name: install packages
|
||||
yum:
|
||||
name:
|
||||
- yum-utils
|
||||
- device-mapper-persistent-data
|
||||
- lvm2
|
||||
- docker-ce
|
||||
- kubelet
|
||||
- kubeadm
|
||||
- kubectl
|
||||
state: present
|
||||
|
||||
- name: set cgroup
|
||||
lineinfile:
|
||||
dest: /etc/systemd/system/kubelet.service.d/10-kubeadm.conf
|
||||
regexp: "^cgroup-driver="
|
||||
line: "cgroup-driver=cgroupfs"
|
||||
|
||||
- name: force systemd to reread configs and restart service kubelet
|
||||
systemd:
|
||||
name: docker
|
||||
enabled: yes
|
||||
state: restarted
|
||||
|
||||
- name: force systemd to reread configs and restart service kubelet
|
||||
systemd:
|
||||
name: kubelet
|
||||
enabled: yes
|
||||
state: restarted
|
||||
daemon_reload: yes
|
||||
|
||||
- name: reboot
|
||||
reboot:
|
||||
- name: reboot
|
||||
reboot:
|
||||
30
roles/kubernetes/tasks/update_kernel.yml
Normal file
30
roles/kubernetes/tasks/update_kernel.yml
Normal file
|
|
@ -0,0 +1,30 @@
|
|||
---
|
||||
######################
|
||||
#### KERNEL TASKS ####
|
||||
######################
|
||||
|
||||
|
||||
# TODO: get rid of inline http_proxy and fetch repo with the yum-repository ansible module
|
||||
- name: import elrepo gpg key
|
||||
shell: rpm -httpproxy http://[2001:470:6d:22c::1]:3128 --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org
|
||||
|
||||
- name: enable elrepo-release rpm
|
||||
shell: rpm -httpproxy http://[2001:470:6d:22c::1]:3128 -Uvh http://www.elrepo.org/elrepo-release-7.0-3.el7.elrepo.noarch.rpm
|
||||
|
||||
# - name: Add repository
|
||||
# yum_repository:
|
||||
# name: elrepo-kernel
|
||||
# description: elrepo-release
|
||||
# baseurl: http://www.elrepo.org/elrepo-release-7.0-3.el7.elrepo.noarch.rpm
|
||||
|
||||
- name: install mainline kernel
|
||||
shell: yum --enablerepo=elrepo-kernel install kernel-ml -y
|
||||
|
||||
- name: set default kernel version in grub
|
||||
lineinfile:
|
||||
dest: /etc/default/grub
|
||||
regexp: "^GRUB_DEFAULT"
|
||||
line: "GRUB_DEFAULT=0"
|
||||
|
||||
- name: write grub config
|
||||
shell: grub2-mkconfig -o /boot/grub2/grub.cfg
|
||||
Loading…
Add table
Add a link
Reference in a new issue