Separate tasks in kubernetes role

2-setup-kubernetes.yml

@@ -1,5 +1,7 @@
 ---
-- hosts: kubernetes
+- hosts:
+    - k8s-masters
+    - k8s-nodes
   remote_user: hybris
   become: yes
 
@@ -10,7 +12,4 @@
   roles:
     - dns
     - proxy
-    - network
     - kubernetes
-
-# TODO: set ipv6 static so it will stick even on reboots

roles/kubernetes/tasks/firewalld.yml

@@ -0,0 +1,35 @@
+---
+########################
+#### FIREWALL TASKS ####
+########################
+
+# ## kubernetes requirements
+
+#   - name: enable port 6443/tcp
+#     firewalld:
+#       port: 6443/tcp
+#       permanent: yes
+#       state: enabled
+
+#   - name: enable port 10250/tcp
+#     firewalld:
+#       port: 10250/tcp
+#       permanent: yes
+#       state: enabled
+
+#   - name: enable port 6443/udp
+#     firewalld:
+#       port: 6443/udp
+#       permanent: yes
+#       state: enabled
+
+#   - name: enable port 10250/udp
+#     firewalld:
+#       port: 10250/udp
+#       permanent: yes
+#       state: enabled
+
+# ## reload firewalld after setting rules
+
+#   - name: reload firewalld
+#     shell: firewall-cmd --reload

roles/kubernetes/tasks/main.yml

@@ -1,181 +1,106 @@
 ---
-#######################
-#### NETWORK TASKS ####
-#######################
 
-  - name: set static ipv6 for hosts
+- name: upgrade all packages
-    lineinfile:
+  yum:
-      path: /etc/sysconfig/network-scripts/ifcfg-eth0
+    name: '*'
-      line: {{ item.line }}
+    state: latest
-      regexp: {{ item.regexp }}
-    with_items:
-      - { regexp: "^IPV6INIT=", line: "IPV6INIT=yes" }
-      - { regexp: "^IPV6AUTOCONF=", line: "IPV6AUTOCONF=no" }
-      - { regexp: "^IPV6ADDR=", line: "IPV6ADDR={{ host_ipv6 }}"}
-      - { regexp: "^IPV6_DEFAULTGW=", line: "IPV6_DEFAULTGW={{ network_default_gw }}"}
 
-  - name: reboot
+- name: permanently disable selinux
-    reboot:
+  lineinfile:
+    dest: /etc/sysconfig/selinux
+    regexp: "^SELINUX="
+    line: "SELINUX=disabled"
 
-########################
+- name: temporarily disable swap
-#### FIREWALL TASKS ####
+  shell: swapoff -a
-########################
 
-# ## kubernetes requirements
+- name: permanently disable swap
+  lineinfile:
+    dest: /etc/fstab
+    regexp: "^/dev/mapper/centos-swap"
+    line: "# /dev/mapper/centos-swap swap swap defaults 0 0"
 
-#   - name: enable port 6443/tcp
+- name: activate kernel module
-#     firewalld:
+  shell: modprobe br_netfilter
-#       port: 6443/tcp
-#       permanent: yes
-#       state: enabled
 
-#   - name: enable port 10250/tcp
+- name: enable bridge-nf-call-iptables
-#     firewalld:
+  sysctl:
-#       port: 10250/tcp
+    name: net.bridge.bridge-nf-call-iptables
-#       permanent: yes
+    value: 1
-#       state: enabled
+    sysctl_set: yes
+    state: present
+    reload: yes
 
-#   - name: enable port 6443/udp
+- name: enable bridge-nf-call-ip6tables
-#     firewalld:
+  sysctl: 
-#       port: 6443/udp
+    name: net.bridge.bridge-nf-call-ip6tables
-#       permanent: yes
+    value: 1
-#       state: enabled
+    sysctl_set: yes
+    state: present
+    reload: yes
 
-#   - name: enable port 10250/udp
+- name: enable ipv6 default forwarding
-#     firewalld:
+  sysctl:
-#       port: 10250/udp
+    name: net.ipv6.conf.default.forwarding
-#       permanent: yes
+    value: 1
-#       state: enabled
+    sysctl_set: yes
+    state: present
+    reload: yes
 
-# ## reload firewalld after setting rules
+- name: add docker-ce yum repository
-
+  shell: yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
-#   - name: reload firewalld
-#     shell: firewall-cmd --reload
-
-######################
-#### UPDATE TASKS ####
-######################
-
-  - name: upgrade all packages
-    yum:
-      name: '*'
-      state: latest
-
-######################
-#### KERNEL TASKS ####
-######################
 
 
-# TODO: get rid of inline http_proxy and fetch repo with the yum-repository ansible module
+- name: copy kubernetes repo config
-  - name: import elrepo gpg key
+  copy:
-    shell: rpm -httpproxy http://[2001:470:6d:22c::1]:3128 --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org
+    src: ../files/kubernetes.repo
+    dest: /etc/yum.repos.d/kubernetes.repo
 
-  - name: enable elrepo-release rpm
+- name: create cni config directory
-    shell: rpm -httpproxy http://[2001:470:6d:22c::1]:3128 -Uvh http://www.elrepo.org/elrepo-release-7.0-3.el7.elrepo.noarch.rpm
+  file:
+    path: /etc/cni/net.d
+    state: directory
 
-  # - name: Add repository
+# TODO: this
-  #   yum_repository:
+# - name: copy cni config
-  #     name: elrepo-kernel
+#   template: 
-  #     description: elrepo-release
+#     src: "../files/####CNI CONFIG####"
-  #     baseurl: http://www.elrepo.org/elrepo-release-7.0-3.el7.elrepo.noarch.rpm
+#     dest: /etc/cni/net.d/####CNI CONFIG####
+#     owner: root
+#     group: root
+#   with_items: "{{ kubernetes }}"
 
-  - name: install mainline kernel
+- name: install packages
-    shell: yum --enablerepo=elrepo-kernel install kernel-ml -y
+  yum:
+    name:
+    - yum-utils
+    - device-mapper-persistent-data
+    - lvm2
+    - docker-ce
+    - kubelet
+    - kubeadm
+    - kubectl
+    - kubernetes-cni
+    state: present
 
-  - name: set default kernel version in grub
+- name: set cgroup
-    lineinfile:
+  lineinfile:
-      dest: /etc/default/grub
+    dest: /etc/systemd/system/kubelet.service.d/10-kubeadm.conf
-      regexp: "^GRUB_DEFAULT"
+    regexp: "^cgroup-driver="
-      line: "GRUB_DEFAULT=0"
+    line: "cgroup-driver=cgroupfs"
 
-  - name: write grub config
+- name: force systemd to reread configs and restart service docker
-    shell: grub2-mkconfig -o /boot/grub2/grub.cfg
+  systemd:
+    name: docker
+    enabled: yes
+    state: restarted
 
-####################
+- name: force systemd to reread configs and restart service kubelet
-#### MAIN TASKS ####
+  systemd:
-####################
+    name: kubelet
+    enabled: yes
+    state: restarted
+    daemon_reload: yes
 
-  - name: permanently disable selinux
+- name: reboot
-    lineinfile:
+  reboot:
-      dest: /etc/sysconfig/selinux
-      regexp: "^SELINUX="
-      line: "SELINUX=disabled"
-
-  - name: temporarily disable swap
-    shell: swapoff -a
-
-  - name: permanently disable swap
-    lineinfile:
-      dest: /etc/fstab
-      regexp: "^/dev/mapper/centos-swap"
-      line: "# /dev/mapper/centos-swap swap swap defaults 0 0"
-
-  - name: activate kernel module
-    shell: modprobe br_netfilter
-
-  - name: enable bridge-nf-call-iptables
-    sysctl:
-      name: net.bridge.bridge-nf-call-iptables
-      value: 1
-      sysctl_set: yes
-      state: present
-      reload: yes
-
-  - name: enable bridge-nf-call-ip6tables
-    sysctl: 
-      name: net.bridge.bridge-nf-call-ip6tables
-      value: 1
-      sysctl_set: yes
-      state: present
-      reload: yes
-
-  - name: enable ipv6 default forwarding
-    sysctl:
-      name: net.ipv6.conf.default.forwarding
-      value: 1
-      sysctl_set: yes
-      state: present
-      reload: yes
-
-  - name: add docker-ce yum repository
-    shell: yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
-
-
-  - name: copy kubernetes repo config
-    copy:
-      src: ../files/kubernetes.repo
-      dest: /etc/yum.repos.d/kubernetes.repo
-
-  - name: install packages
-    yum:
-      name:
-      - yum-utils
-      - device-mapper-persistent-data
-      - lvm2
-      - docker-ce
-      - kubelet
-      - kubeadm
-      - kubectl
-      state: present
-
-  - name: set cgroup
-    lineinfile:
-      dest: /etc/systemd/system/kubelet.service.d/10-kubeadm.conf
-      regexp: "^cgroup-driver="
-      line: "cgroup-driver=cgroupfs"
-
-  - name: force systemd to reread configs and restart service kubelet
-    systemd:
-      name: docker
-      enabled: yes
-      state: restarted
-
-  - name: force systemd to reread configs and restart service kubelet
-    systemd:
-      name: kubelet
-      enabled: yes
-      state: restarted
-      daemon_reload: yes
-
-  - name: reboot
-    reboot:

roles/kubernetes/tasks/update_kernel.yml

@@ -0,0 +1,30 @@
+---
+######################
+#### KERNEL TASKS ####
+######################
+
+
+# TODO: get rid of inline http_proxy and fetch repo with the yum-repository ansible module
+- name: import elrepo gpg key
+  shell: rpm -httpproxy http://[2001:470:6d:22c::1]:3128 --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org
+
+- name: enable elrepo-release rpm
+  shell: rpm -httpproxy http://[2001:470:6d:22c::1]:3128 -Uvh http://www.elrepo.org/elrepo-release-7.0-3.el7.elrepo.noarch.rpm
+
+# - name: Add repository
+#   yum_repository:
+#     name: elrepo-kernel
+#     description: elrepo-release
+#     baseurl: http://www.elrepo.org/elrepo-release-7.0-3.el7.elrepo.noarch.rpm
+
+- name: install mainline kernel
+  shell: yum --enablerepo=elrepo-kernel install kernel-ml -y
+
+- name: set default kernel version in grub
+  lineinfile:
+    dest: /etc/default/grub
+    regexp: "^GRUB_DEFAULT"
+    line: "GRUB_DEFAULT=0"
+
+- name: write grub config
+  shell: grub2-mkconfig -o /boot/grub2/grub.cfg

roles/terraform/tasks/main.yml

@@ -1,67 +1,56 @@
 ---
-  - name: install packages
-    yum:
-      name:
-      - libvirt-devel
-      - git
-      - gcc
-      - unzip
-      state: present
-    become: yes
 
-  - name: download and install terraform 0.11.11 release
+- name: remove files and directories
-    unarchive:
+  file:
-      src: https://releases.hashicorp.com/terraform/0.11.11/terraform_0.11.11_linux_amd64.zip
+    path: "/home/{{ ansible_ssh_user }}/terraform/"
-      dest: /usr/local/bin
+    state: "{{ item }}"
-      remote_src: yes
+  with_items:
-      become: yes
+    - absent
+    - directory
 
-  - name: download and install golang 1.11.4 release
+- name: "download qcow2 cloud image"
-    unarchive:
+  copy:
-      src: https://dl.google.com/go/go1.11.4.linux-amd64.tar.gz
+    src: "/home/{{ ansible_ssh_user }}/images/{{ source_cloud_image_name }}"
-      dest: /usr/local
+    dest: "/home/{{ ansible_ssh_user }}/terraform/{{ source_cloud_image_name }}"
-      remote_src: yes
+    remote_src: yes
-      become: yes
 
-  - name: export path
+- name: create vm definitions
-    lineinfile:
+  template: 
-      path: /etc/profile
+    src: "../files/cloud-init.tf.j2"
-      regexp: '^export PATH=$PATH:/usr/local/go/bin'
+    dest: "/home/{{ ansible_ssh_user }}/terraform/{{ item.hostname }}.tf"
-      line: 'export PATH=$PATH:/usr/local/go/bin'
+    owner: "{{ ansible_ssh_user }}"
-    become: yes
+    group: "{{ ansible_ssh_user }}"
+  with_items: "{{ kubernetes }}"
 
-  - name: go get terraform-provider-libvirt
+- name: create cloud-init config
-    shell: /usr/local/go/bin/go get github.com/dmacvicar/terraform-provider-libvirt
+  template: 
+    src: "../files/cloud-init.cfg.j2"
+    dest: "/home/{{ ansible_ssh_user }}/terraform/{{ item.hostname }}.cloud_init.cfg"
+    owner: "{{ ansible_ssh_user }}"
+    group: "{{ ansible_ssh_user }}"
+  with_items: "{{ kubernetes }}"
 
-  - name: go install terraform-provider-libvirt
+- name: create cloud-init network config
-    shell: /usr/local/go/bin/go install
+  template: 
-    args:
+    src: "../files/cloud-init-network.cfg.j2"
-      chdir: /home/{{ remote_user }}/go/src/github.com/dmacvicar/terraform-provider-libvirt
+    dest: "/home/{{ ansible_ssh_user }}/terraform/{{ item.hostname }}.cloud_init_network.cfg"
+    owner: "{{ ansible_ssh_user }}"
+    group: "{{ ansible_ssh_user }}"
+  with_items: "{{ kubernetes }}"
 
-  - name: create terraform config directory
+- name: create libvirt_provider config
-    file:
+  template: 
-      path: /home/{{ remote_user }}/.terraform.d/
+    src: "../files/libvirt_provider.tf.j2"
-      state: directory
+    dest: "/home/{{ ansible_ssh_user }}/terraform/libvirt_provider.tf"
+    owner: "{{ ansible_ssh_user }}"
+    group: "{{ ansible_ssh_user }}"
 
-  - name: create terraform plugin directory
+- name: initialize terraform
-    file:
+  shell: terraform init
-      path: /home/{{ remote_user }}/.terraform.d/plugins
+  args:
-      state: directory
+    chdir: /home/{{ ansible_ssh_user }}/terraform/
 
-  - name: install terraform-provider-libvirt
+- name: terraform deploy
-    copy:
+  terraform:
-      src: /home/{{ remote_user }}/go/bin/terraform-provider-libvirt
+    project_path: /home/{{ ansible_ssh_user }}/terraform
-      dest: /home/{{ remote_user }}/.terraform.d/plugins/terraform-provider-libvirt
+    state: present
-      mode: 0777
-      owner: {{ remote_user }}
-      remote_src: yes
-
-  - name: delete terraform directory
-    file:
-      path: /home/{{ remote_user }}/terraform
-      state: absent
-
-  - name: create terraform directory
-    file:
-      path: /home/{{ remote_user }}/terraform
-      state: directory