many changes

2019-08-08 21:20:54 +02:00 · 2019-08-08 21:20:54 +02:00 · dccf8ca00e
commit dccf8ca00e
parent d4cb32b9c3
22 changed files with 297 additions and 133 deletions
--- a/roles/kubernetes-base/tasks/firewalld.yml
+++ b/roles/kubernetes-base/tasks/firewalld.yml
@ -0,0 +1,34 @@
+---
+########################
+#### FIREWALL TASKS ####
+########################
+
+## kubernetes requirements
+  - name: install firewalld
+    package:
+      name: firewalld
+
+  - name: enable and start firewalld
+    systemd:
+      name: firewalld
+      enabled: yes
+      state: started
+
+  - name: open ports
+    firewalld:
+      port: "{{ item }}"
+      permanent: yes
+      state: enabled
+    with_items:
+      - 6443/tcp
+      - 2379/tcp
+      - 2380/tcp
+      - 10250/tcp
+      - 10251/tcp
+      - 10252/tcp
+      - 10255/tcp
+
+## reload firewalld after setting rules
+
+  - name: reload firewalld
+    shell: firewall-cmd --reload
--- a/roles/kubernetes-base/tasks/main.yml
+++ b/roles/kubernetes-base/tasks/main.yml
@ -0,0 +1,146 @@
+---
+
+- name: reboot
+  reboot:
+
+# - name: clear yum package cache
+#   shell: "{{ item }}"
+#   args:
+#     warn: false
+#   with_items:
+#     # - yum clean all
+#     # - yum-config-manager --enable updates
+
+- name: upgrade all packages
+  yum:
+    name: '*'
+    state: latest
+
+- name: temporarily disable SELinux 
+  shell: setenforce 0
+
+- name: permanently disable SELinux 
+  lineinfile:
+    dest: /etc/sysconfig/selinux
+    regexp: "^SELINUX="
+    line: "SELINUX=disabled"
+
+- name: temporarily disable swap
+  shell: swapoff -a
+
+- name: permanently disable swap
+  lineinfile:
+    dest: /etc/fstab
+    regexp: "^/dev/mapper/centos-swap"
+    line: "# /dev/mapper/centos-swap swap swap defaults 0 0"
+
+- name: add bridge-netfilter kernel module
+  shell: modprobe br_netfilter
+
+- name: enable bridge-nf-call-iptables
+  sysctl:
+    name: net.bridge.bridge-nf-call-iptables
+    value: 1
+    sysctl_set: yes
+    state: present
+    reload: yes
+
+- name: enable bridge-nf-call-ip6tables
+  sysctl: 
+    name: net.bridge.bridge-nf-call-ip6tables
+    value: 1
+    sysctl_set: yes
+    state: present
+    reload: yes
+
+- name: enable ipv6 default forwarding
+  sysctl:
+    name: net.ipv6.conf.default.forwarding
+    value: 1
+    sysctl_set: yes
+    state: present
+    reload: yes
+
+- name: add docker-ce yum repository
+  shell: yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
+
+
+- name: copy kubernetes repo config
+  copy:
+    src: ../files/kubernetes.repo
+    dest: /etc/yum.repos.d/kubernetes.repo
+
+- name: clear yum package cache
+  shell: yum clean all
+  args:
+    warn: false
+
+- name: install dependencies
+  package:
+    name: "{{ item }}"
+    state: installed
+  with_items:
+    - device-mapper-persistent-data
+  
+- name: install lvm2
+  shell: yum install -y lvm2
+  args:
+    warn: false
+
+- name: installing kubernetes binaries (kubeadm, kubelet and kubectl)
+  shell: "{{ item }}"
+  args:
+    warn: false
+  with_items:
+    - yum install -y kubelet kubeadm kubectl
+    - systemctl enable --now kubelet
+
+- name: add docker-ce repo
+  shell: yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
+
+- name: install docker-ce
+  package:
+    name: docker-ce-18.06.2.ce
+    state: installed
+
+- name:  create docker directory
+  file:
+    path: /etc/docker
+    state: directory
+
+- name: deploy docker daemon configuration
+  copy:
+    src: ../files/docker-daemon.json
+    dest: /etc/docker/daemon.json
+
+- name: touch /etc/default/kubelet
+  file:
+    path: /etc/default/kubelet
+    state: touch
+    owner: root
+    group: root
+
+- name: set kubelet extra args
+  lineinfile:
+    dest: /etc/default/kubelet
+    regexp: "^KUBELET_EXTRA_ARGS="
+    line: "KUBELET_EXTRA_ARGS=--fail-swap-on=false --node-ip={{ host_ipv6 }}"
+
+- name: restart services
+  systemd:
+    name: "{{ item }}"
+    enabled: yes
+    state: restarted
+    daemon_reload: yes
+  with_items:
+    - docker
+    - kubelet
+
+- name: open firewall ports
+  import_tasks: firewalld.yml
+
+# - name: update linux kernel
+#   import_tasks: upgrade_kernel.yml
+
+- name: reboot
+  reboot:
--- a/roles/kubernetes-base/tasks/upgrade_kernel.yml
+++ b/roles/kubernetes-base/tasks/upgrade_kernel.yml
@ -0,0 +1,33 @@
+---
+######################
+#### KERNEL TASKS ####
+######################
+
+
+# TODO: get rid of inline http_proxy and fetch repo with the yum-repository ansible module
+- name: import elrepo gpg key
+  shell: rpm -httpproxy http://[2001:470:6d:22c::1]:3128 --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org
+
+- name: enable elrepo-release rpm
+  shell: rpm -httpproxy http://[2001:470:6d:22c::1]:3128 -Uvh http://www.elrepo.org/elrepo-release-7.0-3.el7.elrepo.noarch.rpm
+
+# - name: Add repository
+#   yum_repository:
+#     name: elrepo-kernel
+#     description: elrepo-release
+#     baseurl: http://www.elrepo.org/elrepo-release-7.0-3.el7.elrepo.noarch.rpm
+
+- name: install mainline kernel
+  shell: yum --enablerepo=elrepo-kernel install kernel-ml -y
+
+- name: set default kernel version in grub
+  lineinfile:
+    dest: /etc/default/grub
+    regexp: "^GRUB_DEFAULT"
+    line: "GRUB_DEFAULT=0"
+
+- name: write grub config
+  shell: grub2-mkconfig -o /boot/grub2/grub.cfg
+
+- name: reboot
+  reboot: