terraform-k8s/roles/kubernetes/tasks/main.yml

181 lines
4.3 KiB
YAML

---
#######################
#### NETWORK TASKS ####
#######################
- name: set static ipv6 for hosts
lineinfile:
path: /etc/sysconfig/network-scripts/ifcfg-eth0
line: {{ item.line }}
regexp: {{ item.regexp }}
with_items:
- { regexp: "^IPV6INIT=", line: "IPV6INIT=yes" }
- { regexp: "^IPV6AUTOCONF=", line: "IPV6AUTOCONF=no" }
- { regexp: "^IPV6ADDR=", line: "IPV6ADDR={{ host_ipv6 }}"}
- { regexp: "^IPV6_DEFAULTGW=", line: "IPV6_DEFAULTGW={{ network_default_gw }}"}
- name: reboot
reboot:
########################
#### FIREWALL TASKS ####
########################
# ## kubernetes requirements
# - name: enable port 6443/tcp
# firewalld:
# port: 6443/tcp
# permanent: yes
# state: enabled
# - name: enable port 10250/tcp
# firewalld:
# port: 10250/tcp
# permanent: yes
# state: enabled
# - name: enable port 6443/udp
# firewalld:
# port: 6443/udp
# permanent: yes
# state: enabled
# - name: enable port 10250/udp
# firewalld:
# port: 10250/udp
# permanent: yes
# state: enabled
# ## reload firewalld after setting rules
# - name: reload firewalld
# shell: firewall-cmd --reload
######################
#### UPDATE TASKS ####
######################
- name: upgrade all packages
yum:
name: '*'
state: latest
######################
#### KERNEL TASKS ####
######################
# TODO: get rid of inline http_proxy and fetch repo with the yum-repository ansible module
- name: import elrepo gpg key
shell: rpm -httpproxy http://[2001:470:6d:22c::1]:3128 --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org
- name: enable elrepo-release rpm
shell: rpm -httpproxy http://[2001:470:6d:22c::1]:3128 -Uvh http://www.elrepo.org/elrepo-release-7.0-3.el7.elrepo.noarch.rpm
# - name: Add repository
# yum_repository:
# name: elrepo-kernel
# description: elrepo-release
# baseurl: http://www.elrepo.org/elrepo-release-7.0-3.el7.elrepo.noarch.rpm
- name: install mainline kernel
shell: yum --enablerepo=elrepo-kernel install kernel-ml -y
- name: set default kernel version in grub
lineinfile:
dest: /etc/default/grub
regexp: "^GRUB_DEFAULT"
line: "GRUB_DEFAULT=0"
- name: write grub config
shell: grub2-mkconfig -o /boot/grub2/grub.cfg
####################
#### MAIN TASKS ####
####################
- name: permanently disable selinux
lineinfile:
dest: /etc/sysconfig/selinux
regexp: "^SELINUX="
line: "SELINUX=disabled"
- name: temporarily disable swap
shell: swapoff -a
- name: permanently disable swap
lineinfile:
dest: /etc/fstab
regexp: "^/dev/mapper/centos-swap"
line: "# /dev/mapper/centos-swap swap swap defaults 0 0"
- name: activate kernel module
shell: modprobe br_netfilter
- name: enable bridge-nf-call-iptables
sysctl:
name: net.bridge.bridge-nf-call-iptables
value: 1
sysctl_set: yes
state: present
reload: yes
- name: enable bridge-nf-call-ip6tables
sysctl:
name: net.bridge.bridge-nf-call-ip6tables
value: 1
sysctl_set: yes
state: present
reload: yes
- name: enable ipv6 default forwarding
sysctl:
name: net.ipv6.conf.default.forwarding
value: 1
sysctl_set: yes
state: present
reload: yes
- name: add docker-ce yum repository
shell: yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
- name: copy kubernetes repo config
copy:
src: ../files/kubernetes.repo
dest: /etc/yum.repos.d/kubernetes.repo
- name: install packages
yum:
name:
- yum-utils
- device-mapper-persistent-data
- lvm2
- docker-ce
- kubelet
- kubeadm
- kubectl
state: present
- name: set cgroup
lineinfile:
dest: /etc/systemd/system/kubelet.service.d/10-kubeadm.conf
regexp: "^cgroup-driver="
line: "cgroup-driver=cgroupfs"
- name: force systemd to reread configs and restart service kubelet
systemd:
name: docker
enabled: yes
state: restarted
- name: force systemd to reread configs and restart service kubelet
systemd:
name: kubelet
enabled: yes
state: restarted
daemon_reload: yes
- name: reboot
reboot: