sa_8001/cmoa_installer_ansible
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

ansible v2 (release 3.4.9)

Browse Source
This commit is contained in:
havelight-ee
2023-02-16 16:20:12 +09:00
parent 7f08fdd9ff
commit 59a199e50f
3525 changed files with 435537 additions and 62726 deletions
Download Patch File Download Diff File Expand all files Collapse all files

142
roles/agent_os_setting/defaults/main.yml Normal file
View File

@@ -0,0 +1,142 @@
helm_checksum: sha256:72f1c0fcfb17b41b89087e9232e50f20c606e44a0edc2bb9737e05d1c75b8c4f
helm_version: v3.10.2
kubernetes_version: 1.25.2
kubernetes_kubelet_extra_args: ""
kubernetes_kubeadm_init_extra_opts: ""
kubernetes_join_command_extra_opts: ""
kubernetes_pod_network:
cni: 'calico'
cidr: '10.96.0.0/12'
kubernetes_calico_manifest_file: "{{ role_path }}/files/calico.yaml"
kubernetes_metric_server_file: "{{ role_path }}/files/components.yaml"
ansible_kube_config: "/tmp/agent_config"
containerd_config:
version: 2
root: /var/lib/containerd
state: /run/containerd
plugin_dir: ""
disabled_plugins: []
required_plugins: []
oom_score: 0
grpc:
address: /run/containerd/containerd.sock
tcp_address: ""
tcp_tls_cert: ""
tcp_tls_key: ""
uid: 0
gid: 0
max_recv_message_size: 16777216
max_send_message_size: 16777216
ttrpc:
address: ""
uid: 0
gid: 0
debug:
address: ""
uid: 0
gid: 0
level: ""
metrics:
address: ""
grpc_histogram: false
cgroup:
path: ""
timeouts:
"io.containerd.timeout.shim.cleanup": 5s
"io.containerd.timeout.shim.load": 5s
"io.containerd.timeout.shim.shutdown": 3s
"io.containerd.timeout.task.state": 2s
plugins:
"io.containerd.gc.v1.scheduler":
pause_threshold: 0.02
deletion_threshold: 0
mutation_threshold: 100
schedule_delay: 0s
startup_delay: 100ms
"io.containerd.grpc.v1.cri":
disable_tcp_service: true
stream_server_address: 127.0.0.1
stream_server_port: "0"
stream_idle_timeout: 4h0m0s
enable_selinux: false
sandbox_image: k8s.gcr.io/pause:3.1
stats_collect_period: 10
systemd_cgroup: false
enable_tls_streaming: false
max_container_log_line_size: 16384
disable_cgroup: false
disable_apparmor: false
restrict_oom_score_adj: false
max_concurrent_downloads: 3
disable_proc_mount: false
containerd:
snapshotter: overlayfs
default_runtime_name: runc
no_pivot: false
default_runtime:
runtime_type: ""
runtime_engine: ""
runtime_root: ""
privileged_without_host_devices: false
untrusted_workload_runtime:
runtime_type: ""
runtime_engine: ""
runtime_root: ""
privileged_without_host_devices: false
runtimes:
runc:
runtime_type: io.containerd.runc.v1
runtime_engine: ""
runtime_root: ""
privileged_without_host_devices: false
cni:
bin_dir: /opt/cni/bin
conf_dir: /etc/cni/net.d
max_conf_num: 1
conf_template: ""
registry:
configs:
"10.10.31.243:5000":
tls:
insecure_skip_verify: true
mirrors:
"docker.io":
endpoint:
- https://registry-1.docker.io
"10.10.31.243:5000":
endpoint:
- http://10.10.31.243:5000
x509_key_pair_streaming:
tls_cert_file: ""
tls_key_file: ""
"io.containerd.internal.v1.opt":
path: /opt/containerd
"io.containerd.internal.v1.restart":
interval: 10s
"io.containerd.metadata.v1.bolt":
content_sharing_policy: shared
"io.containerd.monitor.v1.cgroups":
no_prometheus: false
"io.containerd.runtime.v1.linux":
shim: containerd-shim
runtime: runc
runtime_root: ""
no_shim: false
shim_debug: false
"io.containerd.runtime.v2.task":
platforms:
- linux/amd64
"io.containerd.service.v1.diff-service":
default:
- walking
"io.containerd.snapshotter.v1.devmapper":
root_path: ""
pool_name: ""
base_image_size: ""

645
roles/agent_os_setting/files/get-docker.sh Executable file
View File

@@ -0,0 +1,645 @@
#!/bin/sh
set -e
# Docker CE for Linux installation script
#
# See https://docs.docker.com/engine/install/ for the installation steps.
#
# This script is meant for quick & easy install via:
# $ curl -fsSL https://get.docker.com -o get-docker.sh
# $ sh get-docker.sh
#
# For test builds (ie. release candidates):
# $ curl -fsSL https://test.docker.com -o test-docker.sh
# $ sh test-docker.sh
#
# NOTE: Make sure to verify the contents of the script
# you downloaded matches the contents of install.sh
# located at https://github.com/docker/docker-install
# before executing.
#
# Git commit from https://github.com/docker/docker-install when
# the script was uploaded (Should only be modified by upload job):
SCRIPT_COMMIT_SHA="66474034547a96caa0a25be56051ff8b726a1b28"
# strip "v" prefix if present
VERSION="${VERSION#v}"
# The channel to install from:
# * nightly
# * test
# * stable
# * edge (deprecated)
DEFAULT_CHANNEL_VALUE="stable"
if [ -z "$CHANNEL" ]; then
CHANNEL=$DEFAULT_CHANNEL_VALUE
fi
DEFAULT_DOWNLOAD_URL="https://download.docker.com"
if [ -z "$DOWNLOAD_URL" ]; then
DOWNLOAD_URL=$DEFAULT_DOWNLOAD_URL
fi
DEFAULT_REPO_FILE="docker-ce.repo"
if [ -z "$REPO_FILE" ]; then
REPO_FILE="$DEFAULT_REPO_FILE"
fi
mirror=''
DRY_RUN=${DRY_RUN:-}
while [ $# -gt 0 ]; do
case "$1" in
--mirror)
mirror="$2"
shift
;;
--dry-run)
DRY_RUN=1
;;
--*)
echo "Illegal option $1"
;;
esac
shift $(( $# > 0 ? 1 : 0 ))
done
case "$mirror" in
Aliyun)
DOWNLOAD_URL="https://mirrors.aliyun.com/docker-ce"
;;
AzureChinaCloud)
DOWNLOAD_URL="https://mirror.azure.cn/docker-ce"
;;
esac
command_exists() {
command -v "$@" > /dev/null 2>&1
}
# version_gte checks if the version specified in $VERSION is at least
# the given CalVer (YY.MM) version. returns 0 (success) if $VERSION is either
# unset (=latest) or newer or equal than the specified version. Returns 1 (fail)
# otherwise.
#
# examples:
#
# VERSION=20.10
# version_gte 20.10 // 0 (success)
# version_gte 19.03 // 0 (success)
# version_gte 21.10 // 1 (fail)
version_gte() {
if [ -z "$VERSION" ]; then
return 0
fi
eval calver_compare "$VERSION" "$1"
}
# calver_compare compares two CalVer (YY.MM) version strings. returns 0 (success)
# if version A is newer or equal than version B, or 1 (fail) otherwise. Patch
# releases and pre-release (-alpha/-beta) are not taken into account
#
# examples:
#
# calver_compare 20.10 19.03 // 0 (success)
# calver_compare 20.10 20.10 // 0 (success)
# calver_compare 19.03 20.10 // 1 (fail)
calver_compare() (
set +x
yy_a="$(echo "$1" | cut -d'.' -f1)"
yy_b="$(echo "$2" | cut -d'.' -f1)"
if [ "$yy_a" -lt "$yy_b" ]; then
return 1
fi
if [ "$yy_a" -gt "$yy_b" ]; then
return 0
fi
mm_a="$(echo "$1" | cut -d'.' -f2)"
mm_b="$(echo "$2" | cut -d'.' -f2)"
if [ "${mm_a#0}" -lt "${mm_b#0}" ]; then
return 1
fi
return 0
)
is_dry_run() {
if [ -z "$DRY_RUN" ]; then
return 1
else
return 0
fi
}
is_wsl() {
case "$(uname -r)" in
*microsoft* ) true ;; # WSL 2
*Microsoft* ) true ;; # WSL 1
* ) false;;
esac
}
is_darwin() {
case "$(uname -s)" in
*darwin* ) true ;;
*Darwin* ) true ;;
* ) false;;
esac
}
deprecation_notice() {
distro=$1
distro_version=$2
echo
printf "\033[91;1mDEPRECATION WARNING\033[0m\n"
printf " This Linux distribution (\033[1m%s %s\033[0m) reached end-of-life and is no longer supported by this script.\n" "$distro" "$distro_version"
echo " No updates or security fixes will be released for this distribution, and users are recommended"
echo " to upgrade to a currently maintained version of $distro."
echo
printf "Press \033[1mCtrl+C\033[0m now to abort this script, or wait for the installation to continue."
echo
sleep 10
}
get_distribution() {
lsb_dist=""
# Every system that we officially support has /etc/os-release
if [ -r /etc/os-release ]; then
lsb_dist="$(. /etc/os-release && echo "$ID")"
fi
# Returning an empty string here should be alright since the
# case statements don't act unless you provide an actual value
echo "$lsb_dist"
}
echo_docker_as_nonroot() {
if is_dry_run; then
return
fi
if command_exists docker && [ -e /var/run/docker.sock ]; then
(
set -x
$sh_c 'docker version'
) || true
fi
# intentionally mixed spaces and tabs here -- tabs are stripped by "<<-EOF", spaces are kept in the output
echo
echo "================================================================================"
echo
if version_gte "20.10"; then
echo "To run Docker as a non-privileged user, consider setting up the"
echo "Docker daemon in rootless mode for your user:"
echo
echo " dockerd-rootless-setuptool.sh install"
echo
echo "Visit https://docs.docker.com/go/rootless/ to learn about rootless mode."
echo
fi
echo
echo "To run the Docker daemon as a fully privileged service, but granting non-root"
echo "users access, refer to https://docs.docker.com/go/daemon-access/"
echo
echo "WARNING: Access to the remote API on a privileged Docker daemon is equivalent"
echo " to root access on the host. Refer to the 'Docker daemon attack surface'"
echo " documentation for details: https://docs.docker.com/go/attack-surface/"
echo
echo "================================================================================"
echo
}
# Check if this is a forked Linux distro
check_forked() {
# Check for lsb_release command existence, it usually exists in forked distros
if command_exists lsb_release; then
# Check if the `-u` option is supported
set +e
lsb_release -a -u > /dev/null 2>&1
lsb_release_exit_code=$?
set -e
# Check if the command has exited successfully, it means we're in a forked distro
if [ "$lsb_release_exit_code" = "0" ]; then
# Print info about current distro
cat <<-EOF
You're using '$lsb_dist' version '$dist_version'.
EOF
# Get the upstream release info
lsb_dist=$(lsb_release -a -u 2>&1 | tr '[:upper:]' '[:lower:]' | grep -E 'id' | cut -d ':' -f 2 | tr -d '[:space:]')
dist_version=$(lsb_release -a -u 2>&1 | tr '[:upper:]' '[:lower:]' | grep -E 'codename' | cut -d ':' -f 2 | tr -d '[:space:]')
# Print info about upstream distro
cat <<-EOF
Upstream release is '$lsb_dist' version '$dist_version'.
EOF
else
if [ -r /etc/debian_version ] && [ "$lsb_dist" != "ubuntu" ] && [ "$lsb_dist" != "raspbian" ]; then
if [ "$lsb_dist" = "osmc" ]; then
# OSMC runs Raspbian
lsb_dist=raspbian
else
# We're Debian and don't even know it!
lsb_dist=debian
fi
dist_version="$(sed 's/\/.*//' /etc/debian_version | sed 's/\..*//')"
case "$dist_version" in
11)
dist_version="bullseye"
;;
10)
dist_version="buster"
;;
9)
dist_version="stretch"
;;
8)
dist_version="jessie"
;;
esac
fi
fi
fi
}
do_install() {
echo "# Executing docker install script, commit: $SCRIPT_COMMIT_SHA"
if command_exists docker; then
cat >&2 <<-'EOF'
Warning: the "docker" command appears to already exist on this system.
If you already have Docker installed, this script can cause trouble, which is
why we're displaying this warning and provide the opportunity to cancel the
installation.
If you installed the current Docker package using this script and are using it
again to update Docker, you can safely ignore this message.
You may press Ctrl+C now to abort this script.
EOF
( set -x; sleep 20 )
fi
user="$(id -un 2>/dev/null || true)"
sh_c='sh -c'
if [ "$user" != 'root' ]; then
if command_exists sudo; then
sh_c='sudo -E sh -c'
elif command_exists su; then
sh_c='su -c'
else
cat >&2 <<-'EOF'
Error: this installer needs the ability to run commands as root.
We are unable to find either "sudo" or "su" available to make this happen.
EOF
exit 1
fi
fi
if is_dry_run; then
sh_c="echo"
fi
# perform some very rudimentary platform detection
lsb_dist=$( get_distribution )
lsb_dist="$(echo "$lsb_dist" | tr '[:upper:]' '[:lower:]')"
if is_wsl; then
echo
echo "WSL DETECTED: We recommend using Docker Desktop for Windows."
echo "Please get Docker Desktop from https://www.docker.com/products/docker-desktop"
echo
cat >&2 <<-'EOF'
You may press Ctrl+C now to abort this script.
EOF
( set -x; sleep 20 )
fi
case "$lsb_dist" in
ubuntu)
if command_exists lsb_release; then
dist_version="$(lsb_release --codename | cut -f2)"
fi
if [ -z "$dist_version" ] && [ -r /etc/lsb-release ]; then
dist_version="$(. /etc/lsb-release && echo "$DISTRIB_CODENAME")"
fi
;;
debian|raspbian)
dist_version="$(sed 's/\/.*//' /etc/debian_version | sed 's/\..*//')"
case "$dist_version" in
11)
dist_version="bullseye"
;;
10)
dist_version="buster"
;;
9)
dist_version="stretch"
;;
8)
dist_version="jessie"
;;
esac
;;
centos|rhel|sles)
if [ -z "$dist_version" ] && [ -r /etc/os-release ]; then
dist_version="$(. /etc/os-release && echo "$VERSION_ID")"
fi
;;
*)
if command_exists lsb_release; then
dist_version="$(lsb_release --release | cut -f2)"
fi
if [ -z "$dist_version" ] && [ -r /etc/os-release ]; then
dist_version="$(. /etc/os-release && echo "$VERSION_ID")"
fi
;;
esac
# Check if this is a forked Linux distro
check_forked
# Print deprecation warnings for distro versions that recently reached EOL,
# but may still be commonly used (especially LTS versions).
case "$lsb_dist.$dist_version" in
debian.stretch|debian.jessie)
deprecation_notice "$lsb_dist" "$dist_version"
;;
raspbian.stretch|raspbian.jessie)
deprecation_notice "$lsb_dist" "$dist_version"
;;
ubuntu.xenial|ubuntu.trusty)
deprecation_notice "$lsb_dist" "$dist_version"
;;
fedora.*)
if [ "$dist_version" -lt 33 ]; then
deprecation_notice "$lsb_dist" "$dist_version"
fi
;;
esac
# Run setup for each distro accordingly
case "$lsb_dist" in
ubuntu|debian|raspbian)
pre_reqs="apt-transport-https ca-certificates curl"
if ! command -v gpg > /dev/null; then
pre_reqs="$pre_reqs gnupg"
fi
apt_repo="deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] $DOWNLOAD_URL/linux/$lsb_dist $dist_version $CHANNEL"
(
if ! is_dry_run; then
set -x
fi
$sh_c 'apt-get update -qq >/dev/null'
$sh_c "DEBIAN_FRONTEND=noninteractive apt-get install -y -qq $pre_reqs >/dev/null"
$sh_c 'mkdir -p /etc/apt/keyrings && chmod -R 0755 /etc/apt/keyrings'
$sh_c "curl -fsSL \"$DOWNLOAD_URL/linux/$lsb_dist/gpg\" | gpg --dearmor --yes -o /etc/apt/keyrings/docker.gpg"
$sh_c "chmod a+r /etc/apt/keyrings/docker.gpg"
$sh_c "echo \"$apt_repo\" > /etc/apt/sources.list.d/docker.list"
$sh_c 'apt-get update -qq >/dev/null'
)
pkg_version=""
if [ -n "$VERSION" ]; then
if is_dry_run; then
echo "# WARNING: VERSION pinning is not supported in DRY_RUN"
else
# Will work for incomplete versions IE (17.12), but may not actually grab the "latest" if in the test channel
pkg_pattern="$(echo "$VERSION" | sed "s/-ce-/~ce~.*/g" | sed "s/-/.*/g")"
search_command="apt-cache madison 'docker-ce' | grep '$pkg_pattern' | head -1 | awk '{\$1=\$1};1' | cut -d' ' -f 3"
pkg_version="$($sh_c "$search_command")"
echo "INFO: Searching repository for VERSION '$VERSION'"
echo "INFO: $search_command"
if [ -z "$pkg_version" ]; then
echo
echo "ERROR: '$VERSION' not found amongst apt-cache madison results"
echo
exit 1
fi
if version_gte "18.09"; then
search_command="apt-cache madison 'docker-ce-cli' | grep '$pkg_pattern' | head -1 | awk '{\$1=\$1};1' | cut -d' ' -f 3"
echo "INFO: $search_command"
cli_pkg_version="=$($sh_c "$search_command")"
fi
pkg_version="=$pkg_version"
fi
fi
(
pkgs="docker-ce${pkg_version%=}"
if version_gte "18.09"; then
# older versions didn't ship the cli and containerd as separate packages
pkgs="$pkgs docker-ce-cli${cli_pkg_version%=} containerd.io"
fi
if version_gte "20.10" && [ "$(uname -m)" = "x86_64" ]; then
# also install the latest version of the "docker scan" cli-plugin (only supported on x86 currently)
pkgs="$pkgs docker-scan-plugin"
fi
if version_gte "20.10"; then
pkgs="$pkgs docker-compose-plugin docker-ce-rootless-extras$pkg_version"
fi
if version_gte "23.0"; then
pkgs="$pkgs docker-buildx-plugin"
fi
if ! is_dry_run; then
set -x
fi
$sh_c "DEBIAN_FRONTEND=noninteractive apt-get install -y -qq $pkgs >/dev/null"
)
echo_docker_as_nonroot
exit 0
;;
centos|fedora|rhel)
if [ "$(uname -m)" != "s390x" ] && [ "$lsb_dist" = "rhel" ]; then
echo "Packages for RHEL are currently only available for s390x."
exit 1
fi
if [ "$lsb_dist" = "fedora" ]; then
pkg_manager="dnf"
config_manager="dnf config-manager"
enable_channel_flag="--set-enabled"
disable_channel_flag="--set-disabled"
pre_reqs="dnf-plugins-core"
pkg_suffix="fc$dist_version"
else
pkg_manager="yum"
config_manager="yum-config-manager"
enable_channel_flag="--enable"
disable_channel_flag="--disable"
pre_reqs="yum-utils"
pkg_suffix="el"
fi
repo_file_url="$DOWNLOAD_URL/linux/$lsb_dist/$REPO_FILE"
(
if ! is_dry_run; then
set -x
fi
$sh_c "$pkg_manager install -y -q $pre_reqs"
$sh_c "$config_manager --add-repo $repo_file_url"
if [ "$CHANNEL" != "stable" ]; then
$sh_c "$config_manager $disable_channel_flag docker-ce-*"
$sh_c "$config_manager $enable_channel_flag docker-ce-$CHANNEL"
fi
$sh_c "$pkg_manager makecache"
)
pkg_version=""
if [ -n "$VERSION" ]; then
if is_dry_run; then
echo "# WARNING: VERSION pinning is not supported in DRY_RUN"
else
pkg_pattern="$(echo "$VERSION" | sed "s/-ce-/\\\\.ce.*/g" | sed "s/-/.*/g").*$pkg_suffix"
search_command="$pkg_manager list --showduplicates 'docker-ce' | grep '$pkg_pattern' | tail -1 | awk '{print \$2}'"
pkg_version="$($sh_c "$search_command")"
echo "INFO: Searching repository for VERSION '$VERSION'"
echo "INFO: $search_command"
if [ -z "$pkg_version" ]; then
echo
echo "ERROR: '$VERSION' not found amongst $pkg_manager list results"
echo
exit 1
fi
if version_gte "18.09"; then
# older versions don't support a cli package
search_command="$pkg_manager list --showduplicates 'docker-ce-cli' | grep '$pkg_pattern' | tail -1 | awk '{print \$2}'"
cli_pkg_version="$($sh_c "$search_command" | cut -d':' -f 2)"
fi
# Cut out the epoch and prefix with a '-'
pkg_version="-$(echo "$pkg_version" | cut -d':' -f 2)"
fi
fi
(
pkgs="docker-ce$pkg_version"
if version_gte "18.09"; then
# older versions didn't ship the cli and containerd as separate packages
if [ -n "$cli_pkg_version" ]; then
pkgs="$pkgs docker-ce-cli-$cli_pkg_version containerd.io"
else
pkgs="$pkgs docker-ce-cli containerd.io"
fi
fi
if version_gte "20.10" && [ "$(uname -m)" = "x86_64" ]; then
# also install the latest version of the "docker scan" cli-plugin (only supported on x86 currently)
pkgs="$pkgs docker-scan-plugin"
fi
if version_gte "20.10"; then
pkgs="$pkgs docker-compose-plugin docker-ce-rootless-extras$pkg_version"
fi
if version_gte "23.0"; then
pkgs="$pkgs docker-buildx-plugin"
fi
if ! is_dry_run; then
set -x
fi
$sh_c "$pkg_manager install -y -q $pkgs"
)
echo_docker_as_nonroot
exit 0
;;
sles)
if [ "$(uname -m)" != "s390x" ]; then
echo "Packages for SLES are currently only available for s390x"
exit 1
fi
if [ "$dist_version" = "15.3" ]; then
sles_version="SLE_15_SP3"
else
sles_minor_version="${dist_version##*.}"
sles_version="15.$sles_minor_version"
fi
opensuse_repo="https://download.opensuse.org/repositories/security:SELinux/$sles_version/security:SELinux.repo"
repo_file_url="$DOWNLOAD_URL/linux/$lsb_dist/$REPO_FILE"
pre_reqs="ca-certificates curl libseccomp2 awk"
(
if ! is_dry_run; then
set -x
fi
$sh_c "zypper install -y $pre_reqs"
$sh_c "zypper addrepo $repo_file_url"
if ! is_dry_run; then
cat >&2 <<-'EOF'
WARNING!!
openSUSE repository (https://download.opensuse.org/repositories/security:SELinux) will be enabled now.
Do you wish to continue?
You may press Ctrl+C now to abort this script.
EOF
( set -x; sleep 30 )
fi
$sh_c "zypper addrepo $opensuse_repo"
$sh_c "zypper --gpg-auto-import-keys refresh"
$sh_c "zypper lr -d"
)
pkg_version=""
if [ -n "$VERSION" ]; then
if is_dry_run; then
echo "# WARNING: VERSION pinning is not supported in DRY_RUN"
else
pkg_pattern="$(echo "$VERSION" | sed "s/-ce-/\\\\.ce.*/g" | sed "s/-/.*/g")"
search_command="zypper search -s --match-exact 'docker-ce' | grep '$pkg_pattern' | tail -1 | awk '{print \$6}'"
pkg_version="$($sh_c "$search_command")"
echo "INFO: Searching repository for VERSION '$VERSION'"
echo "INFO: $search_command"
if [ -z "$pkg_version" ]; then
echo
echo "ERROR: '$VERSION' not found amongst zypper list results"
echo
exit 1
fi
search_command="zypper search -s --match-exact 'docker-ce-cli' | grep '$pkg_pattern' | tail -1 | awk '{print \$6}'"
# It's okay for cli_pkg_version to be blank, since older versions don't support a cli package
cli_pkg_version="$($sh_c "$search_command")"
pkg_version="-$pkg_version"
fi
fi
(
pkgs="docker-ce$pkg_version"
if version_gte "18.09"; then
if [ -n "$cli_pkg_version" ]; then
# older versions didn't ship the cli and containerd as separate packages
pkgs="$pkgs docker-ce-cli-$cli_pkg_version containerd.io"
else
pkgs="$pkgs docker-ce-cli containerd.io"
fi
fi
if version_gte "20.10"; then
pkgs="$pkgs docker-compose-plugin docker-ce-rootless-extras$pkg_version"
fi
if version_gte "23.0"; then
pkgs="$pkgs docker-buildx-plugin"
fi
if ! is_dry_run; then
set -x
fi
$sh_c "zypper -q install -y $pkgs"
)
echo_docker_as_nonroot
exit 0
;;
*)
if [ -z "$lsb_dist" ]; then
if is_darwin; then
echo
echo "ERROR: Unsupported operating system 'macOS'"
echo "Please get Docker Desktop from https://www.docker.com/products/docker-desktop"
echo
exit 1
fi
fi
echo
echo "ERROR: Unsupported distribution '$lsb_dist'"
echo
exit 1
;;
esac
exit 1
}
# wrapped up in a function so that we have some protection against only getting
# half the file during "curl | sh"
do_install

22
roles/agent_os_setting/handlers/main.yml Normal file
View File

@@ -0,0 +1,22 @@
---
- name: Reload systemd configuration
service:
daemon_reload: True
- name: Restart containerd service
service:
name: containerd
enabled: true
state: restarted
- name: Restart docker service
service:
name: docker
enabled: true
state: restarted
- name: Restart crio service
service:
name: crio
enabled: true
state: restarted

52
roles/agent_os_setting/meta/main.yml Normal file
View File

@@ -0,0 +1,52 @@
galaxy_info:
author: your name
description: your role description
company: your company (optional)
# If the issue tracker for your role is not on github, uncomment the
# next line and provide a value
# issue_tracker_url: http://example.com/issue/tracker
# Choose a valid license ID from https://spdx.org - some suggested licenses:
# - BSD-3-Clause (default)
# - MIT
# - GPL-2.0-or-later
# - GPL-3.0-only
# - Apache-2.0
# - CC-BY-4.0
license: license (GPL-2.0-or-later, MIT, etc)
min_ansible_version: 2.1
# If this a Container Enabled role, provide the minimum Ansible Container version.
# min_ansible_container_version:
#
# Provide a list of supported platforms, and for each platform a list of versions.
# If you don't wish to enumerate all versions for a particular platform, use 'all'.
# To view available platforms and versions (or releases), visit:
# https://galaxy.ansible.com/api/v1/platforms/
#
# platforms:
# - name: Fedora
# versions:
# - all
# - 25
# - name: SomePlatform
# versions:
# - all
# - 1.0
# - 7
# - 99.99
galaxy_tags: []
# List tags for your role here, one per line. A tag is a keyword that describes
# and categorizes the role. Users find roles by searching for tags. Be sure to
# remove the '[]' above, if you add tags to this list.
#
# NOTE: A tag is limited to a single word comprised of alphanumeric characters.
# Maximum 20 tags per role.
dependencies: []
# List your role dependencies here, one per line. Be sure to remove the '[]' above,
# if you add dependencies to this list.

77
roles/agent_os_setting/tasks/00-centos-os-main.yml Normal file
View File

@@ -0,0 +1,77 @@
---
- name: Update and upgrade yum packages
yum:
name: "*"
state: latest
- name: Install yum packages
yum:
name: ['cloud-utils', 'ca-certificates', 'socat', 'conntrack', 'gnupg', 'bash-completion', 'net-tools']
state: present
- name: Disable firewalld
systemd: name=firewalld state=stopped
ignore_errors: yes
tags:
- install
- atomic
- firewalld
- name: Disable SWAP since kubernetes can't work with swap enabled (1/2)
command: 'swapoff -a'
- name: Disable SWAP in fstab since kubernetes can't work with swap enabled (2/2)
replace:
path: /etc/fstab
regexp: '^([^#].*?\sswap\s+sw\s+.*)$'
replace: '# \1'
- name: Add br_netfilter to module autoload
lineinfile:
path: /etc/modules-load.d/k8s2.conf
line: "{{ item }}"
create: true
with_items:
- 'overlay'
- 'br_netfilter'
- name: Add br_netfilter to module autoload
modprobe:
name: "{{ item }}"
state: present
become: true
with_items:
- 'overlay'
- 'br_netfilter'
- name: Add br_netfilter to module autoload
lineinfile:
path: /etc/sysctl.d/k8s.conf
line: "{{ item }}"
create: true
with_items:
- 'net.bridge.bridge-nf-call-iptables = 1'
- 'net.bridge.bridge-nf-call-ip6tables = 1'
- 'net.ipv4.ip_forward = 1'
- name: Disable net.bridge.bridge-nf-call-iptables
sysctl:
name: "{{ item }}"
value: 1
with_items:
- 'net.bridge.bridge-nf-call-iptables'
- 'net.bridge.bridge-nf-call-ip6tables'
- name: Disable net.ipv4.ip_forward
sysctl:
name: net.ipv4.ip_forward
value: "1"
- name: Setting hosts file
template:
src: hosts.j2
dest: /etc/hosts
- name: Disable SELinux
ansible.posix.selinux:
state: disabled

71
roles/agent_os_setting/tasks/00-ubuntu-os-main.yml Normal file
View File

@@ -0,0 +1,71 @@
---
- name: Update and upgrade apt packages
apt:
upgrade: yes
update_cache: yes
force_apt_get: yes
cache_valid_time: 86400
- name: Install apt packages
apt:
name: ['cloud-utils', 'apt-transport-https', 'ca-certificates', 'curl', 'socat', 'conntrack', 'gnupg', 'lsb-release', 'bash-completion', 'chrony']
state: present
- name: Disable ufw
command: 'ufw disable'
when: ansible_distribution_version == '20.04'
- name: Disable SWAP since kubernetes can't work with swap enabled (1/2)
command: 'swapoff -a'
- name: Disable SWAP in fstab since kubernetes can't work with swap enabled (2/2)
replace:
path: /etc/fstab
regexp: '^([^#].*?\sswap\s+sw\s+.*)$'
replace: '# \1'
- name: Add br_netfilter to module autoload
lineinfile:
path: /etc/modules-load.d/k8s.conf
line: "{{ item }}"
create: true
with_items:
- 'overlay'
- 'br_netfilter'
- name: Add br_netfilter to module autoload
modprobe:
name: "{{ item }}"
state: present
become: true
with_items:
- 'overlay'
- 'br_netfilter'
- name: Add br_netfilter to module autoload
lineinfile:
path: /etc/sysctl.d/k8s.conf
line: "{{ item }}"
create: true
with_items:
- 'net.bridge.bridge-nf-call-iptables = 1'
- 'net.bridge.bridge-nf-call-ip6tables = 1'
- 'net.ipv4.ip_forward = 1'
- name: Disable net.bridge.bridge-nf-call-iptables
sysctl:
name: "{{ item }}"
value: 1
with_items:
- 'net.bridge.bridge-nf-call-iptables'
- 'net.bridge.bridge-nf-call-ip6tables'
- name: Disable net.ipv4.ip_forward
sysctl:
name: net.ipv4.ip_forward
value: "1"
- name: Setting hosts file
template:
src: hosts.j2
dest: /etc/hosts

47
roles/agent_os_setting/tasks/01-centos-os-containerd.yml Normal file
View File

@@ -0,0 +1,47 @@
---
- name: Add containerd yum repository
command: yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
- name: Create containerd configuration directory
file:
path: /etc/containerd
state: directory
- name: Configure containerd
template:
src: config.toml.j2
dest: /etc/containerd/config.toml
notify:
- Restart containerd service
- name: Install required packages
yum:
name: ['containerd']
state: present
notify:
- Reload systemd configuration
- Restart containerd service
- meta: flush_handlers
- name: Enable containerd service
service:
name: containerd
enabled: True
state: started
- name: Add kubernetes yum repository
ansible.builtin.yum_repository:
name: kubernetes
description: kubernetes
baseurl: https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64
enabled: 1
gpgcheck: 1
gpgkey: https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
- name: Install kubernetes utils
ansible.builtin.yum:
name: ['kubelet-{{kubernetes_version}}','kubeadm-{{kubernetes_version}}','kubectl-{{kubernetes_version}}']
exclude: kubernetes
notify:
- Reload systemd configuration

53
roles/agent_os_setting/tasks/01-centos-os-crio.yml Normal file
View File

@@ -0,0 +1,53 @@
---
- name: Add crio yum repository
command: sudo curl -L -o /etc/yum.repos.d/devel:kubic:libcontainers:stable.repo https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/CentOS_7/devel:kubic:libcontainers:stable.repo
- name: Add crio yum repository
command: sudo curl -L -o /etc/yum.repos.d/devel:kubic:libcontainers:stable:cri-o:1.23.repo https://download.opensuse.org/repositories/devel:kubic:libcontainers:stable:cri-o:1.23/CentOS_7/devel:kubic:libcontainers:stable:cri-o:1.23.repo
- name: Create crio configuration directory
file:
path: /etc/containers/registries.conf.d
state: directory
- name: Configure crio
template:
src: myregistry.conf.j2
dest: /etc/containers/registries.conf.d/myregistry.conf
notify:
- Restart crio service
- name: Install required packages
yum:
name: ['crio']
state: present
notify:
- Reload systemd configuration
- Restart crio service
- meta: flush_handlers
- name: Enable crio service
service:
name: crio
enabled: True
state: started
- name: Add kubernetes yum repository
ansible.builtin.yum_repository:
name: kubernetes
description: kubernetes
baseurl: https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64
enabled: 1
gpgcheck: 1
gpgkey: https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
- name: Install kubernetes utils
ansible.builtin.yum:
name: ['kubelet-{{kubernetes_version}}','kubeadm-{{kubernetes_version}}','kubectl-{{kubernetes_version}}']
exclude: kubernetes
notify:
- Reload systemd configuration
- name: manual reload
command: systemctl daemon-reload

58
roles/agent_os_setting/tasks/01-centos-os-docker.yml Normal file
View File

@@ -0,0 +1,58 @@
---
- name: Add docker script
command: curl -fsSL https://get.docker.com -o /root/get-docker.sh
- name: install docker
command: sh /root/get-docker.sh
- name: Create docker configuration directory
file:
path: /etc/docker
state: directory
#- name: Install required packages
# yum:
# name: ['docker-ce']
# state: present
# notify:
# - Reload systemd configuration
# - Restart docker service
- name: Configure docker
template:
src: daemon.json.j2
dest: /etc/docker/daemon.json
notify:
- Reload systemd configuration
- Restart docker service
#- name: Delete containerd config
# file:
# path: /etc/containerd/config.toml
# state: absent
# notify:
# - Restart containerd service
- meta: flush_handlers
- name: Enable docker service
service:
name: docker
enabled: True
state: started
- name: Add kubernetes yum repository
ansible.builtin.yum_repository:
name: kubernetes
description: kubernetes
baseurl: https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64
enabled: 1
gpgcheck: 1
gpgkey: https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
- name: Install kubernetes utils
ansible.builtin.yum:
name: ['kubelet-{{kubernetes_version}}','kubeadm-{{kubernetes_version}}','kubectl-{{kubernetes_version}}']
exclude: kubernetes
notify:
- Reload systemd configuration

78
roles/agent_os_setting/tasks/01-ubuntu-os-containerd.yml Normal file
View File

@@ -0,0 +1,78 @@
---
- name: Add docker apt key
apt_key:
url: https://download.docker.com/linux/{{ ansible_distribution | lower }}/gpg
- name: Add docker apt repository
apt_repository:
repo: deb [arch=amd64] https://download.docker.com/linux/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} stable
filename: docker
register: containerd_apt_repo_task
- name: apt list --upgradable
command: apt list --upgradable
when: containerd_apt_repo_task.changed
- name: apt update
apt:
update_cache: yes
when: containerd_apt_repo_task.changed
- name: Create containerd configuration directory
file:
path: /etc/containerd
state: directory
- name: Configure containerd
template:
src: config.toml.j2
dest: /etc/containerd/config.toml
notify:
- Restart containerd service
- name: Install required packages
apt:
name:
- containerd.io
notify:
- Reload systemd configuration
- Restart containerd service
- meta: flush_handlers
- name: Enable containerd service
service:
name: containerd
enabled: True
state: started
- name: Install kubernetes
block:
- name: 'Add kubernetes repo key'
apt_key:
url: https://packages.cloud.google.com/apt/doc/apt-key.gpg
state: present
become: true
- name: Add kubernetes repository
apt_repository:
repo: deb http://apt.kubernetes.io kubernetes-xenial main
state: present
filename: 'kubernetes'
become: true
- name: Install kubernetes components
apt:
name: ['kubelet={{kubernetes_version}}-*', 'kubeadm={{kubernetes_version}}-*', 'kubectl={{kubernetes_version}}-*']
state: present
update_cache: yes
force: yes
dpkg_options: force-downgrade
- name: Hold kubernetes packages
dpkg_selections:
name: "{{item}}"
selection: hold
with_items:
- kubelet
- kubectl
- kubeadm

65
roles/agent_os_setting/tasks/01-ubuntu-os-crio.yml Normal file
View File

@@ -0,0 +1,65 @@
---
- name: Add crio yum repository
command: sudo curl -L -o /etc/yum.repos.d/devel:kubic:libcontainers:stable.repo https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/CentOS_7/devel:kubic:libcontainers:stable.repo
- name: Add crio yum repository
command: sudo curl -L -o /etc/yum.repos.d/devel:kubic:libcontainers:stable:cri-o:1.23.repo https://download.opensuse.org/repositories/devel:kubic:libcontainers:stable:cri-o:1.23/CentOS_7/devel:kubic:libcontainers:stable:cri-o:1.23.repo
- name: Create crio configuration directory
file:
path: /etc/containers/registries.conf.d
state: directory
- name: Configure crio
template:
src: myregistry.conf.j2
dest: /etc/containers/registries.conf.d/myregistry.conf
notify:
- Restart crio service
- name: Install required packages
apt:
name:
- crio
notify:
- Reload systemd configuration
- Restart crio service
- meta: flush_handlers
- name: Enable crio service
service:
name: crio
enabled: True
state: started
- name: Install kubernetes
block:
- name: 'Add kubernetes repo key'
apt_key:
url: https://packages.cloud.google.com/apt/doc/apt-key.gpg
state: present
become: true
- name: Add kubernetes repository
apt_repository:
repo: deb http://apt.kubernetes.io kubernetes-xenial main
state: present
filename: 'kubernetes'
become: true
- name: Install kubernetes components
apt:
name: ['kubelet={{kubernetes_version}}-*', 'kubeadm={{kubernetes_version}}-*', 'kubectl={{kubernetes_version}}-*']
state: present
update_cache: yes
force: yes
dpkg_options: force-downgrade
- name: Hold kubernetes packages
dpkg_selections:
name: "{{item}}"
selection: hold
with_items:
- kubelet
- kubectl
- kubeadm

50
roles/agent_os_setting/tasks/01-ubuntu-os-docker.yml Normal file
View File

@@ -0,0 +1,50 @@
---
- name: Add docker script
command: curl -fsSL https://get.docker.com -o /root/get-docker.sh
- name: install docker
command: sh /root/get-docker.sh
- name: Create docker configuration directory
file:
path: /etc/docker
state: directory
- name: Configure docker
template:
src: daemon.json.j2
dest: /etc/docker/daemon.json
notify:
- Reload systemd configuration
- Restart docker service
- name: Install kubernetes
block:
- name: 'Add kubernetes repo key'
apt_key:
url: https://packages.cloud.google.com/apt/doc/apt-key.gpg
state: present
become: true
- name: Add kubernetes repository
apt_repository:
repo: deb http://apt.kubernetes.io kubernetes-xenial main
state: present
filename: 'kubernetes'
become: true
- name: Install kubernetes components
apt:
name: ['kubelet={{kubernetes_version}}-*', 'kubeadm={{kubernetes_version}}-*', 'kubectl={{kubernetes_version}}-*']
state: present
update_cache: yes
force: yes
dpkg_options: force-downgrade
- name: Hold kubernetes packages
dpkg_selections:
name: "{{item}}"
selection: hold
with_items:
- kubelet
- kubectl
- kubeadm

43
roles/agent_os_setting/tasks/02-k8s-main.yml Normal file
View File

@@ -0,0 +1,43 @@
---
- name: Enable kubelet service
systemd:
name: kubelet
enabled: true
masked: false
- name: Check if Kubernetes has already been initialized.
stat:
path: /etc/kubernetes/admin.conf
register: kubernetes_init_stat
# Set up master.
- include_tasks: 03-k8s-master.yml
when: kubernetes_role == 'master'
# Set up nodes.
- name: Get the kubeadm join command from the Kubernetes master.
command: kubeadm token create --print-join-command
changed_when: false
when: kubernetes_role == 'master'
register: kubernetes_join_command_result
- name: Get kubeconfig
fetch:
src: /etc/kubernetes/admin.conf
dest: "{{ ansible_kube_config }}"
flat: yes
when: kubernetes_role == 'master'
- name: Set the kubeadm join command globally.
set_fact:
kubernetes_join_command: >
{{ kubernetes_join_command_result.stdout }}
{{ kubernetes_join_command_extra_opts }}
when: kubernetes_join_command_result.stdout is defined
delegate_to: "{{ item }}"
delegate_facts: true
with_items: "{{ groups['all'] }}"
- include_tasks: 05-k8s-node.yml
when: kubernetes_role == 'node'

51
roles/agent_os_setting/tasks/03-k8s-master.yml Normal file
View File

@@ -0,0 +1,51 @@
---
- name: Initialize Kubernetes master with kubeadm init.
command: >
kubeadm init
--pod-network-cidr={{ kubernetes_pod_network.cidr }}
--apiserver-advertise-address={{ kubernetes_apiserver_advertise_address | default(ansible_default_ipv4.address, true) }}
{{ kubernetes_kubeadm_init_extra_opts }}
register: kubeadmin_init
when: not kubernetes_init_stat.stat.exists
- name: Print the init output to screen.
debug:
var: kubeadmin_init.stdout
verbosity: 2
when: not kubernetes_init_stat.stat.exists
- name: Ensure .kube directory exists.
file:
path: ~/.kube
state: directory
- name: Symlink the kubectl admin.conf to ~/.kube/conf.
file:
src: /etc/kubernetes/admin.conf
dest: ~/.kube/config
state: link
force: yes
- name: copy the kubectl config to ~/.kube/ansible_config
copy:
src: /etc/kubernetes/admin.conf
dest: ~/.kube/ansible_config
remote_src: true
- name: Get kubeconfig
fetch:
src: /etc/kubernetes/admin.conf
dest: "{{ ansible_kube_config }}"
flat: yes
- name: Configure Calico networking and Metric Server
include_tasks: 04-k8s-master-yaml.yml
- name: Kubectl Cheat Sheet
lineinfile:
path: ~/.bashrc
line: "{{ item }}"
with_items:
- source <(kubectl completion bash)
- alias k=kubectl
- complete -o default -F __start_kubectl k

21
roles/agent_os_setting/tasks/04-k8s-master-yaml.yml Normal file
View File

@@ -0,0 +1,21 @@
---
- name: Copy calico yaml
template:
src: calico.yaml.j2
dest: /tmp/calico.yaml
- name: Copy metric server yaml
template:
src: components.yaml.j2
dest: /tmp/components.yaml
- name: Configure Calico networking.
command: kubectl apply -f /tmp/calico.yaml
register: calico_result
changed_when: "'created' in calico_result.stdout"
when: kubernetes_pod_network.cni == 'calico'
- name: Configure Metric Server
command: kubectl apply -f /tmp/components.yaml
register: metric_server_result
changed_when: "'created' in metric_server_result.stdout"

6
roles/agent_os_setting/tasks/05-k8s-node.yml Normal file
View File

@@ -0,0 +1,6 @@
---
- name: Join node to Kubernetes master
shell: >
{{ kubernetes_join_command }}
creates=/etc/kubernetes/kubelet.conf
tags: ['skip_ansible_lint']

35
roles/agent_os_setting/tasks/main.yml Normal file
View File

@@ -0,0 +1,35 @@
---
- include: 00-centos-os-main.yml
tags: centos
when: ansible_distribution == 'CentOS'
- include: 00-ubuntu-os-main.yml
tags: ubuntu
when: ansible_distribution == 'Ubuntu'
- include: 01-centos-os-docker.yml
tags: cent-docker
when: ansible_distribution == 'CentOS' and runtime == 'docker'
- include: 01-centos-os-containerd.yml
tags: cent-containerd
when: ansible_distribution == 'CentOS' and runtime == 'containerd'
- include: 01-centos-os-crio.yml
tags: cent-crio
when: ansible_distribution == 'CentOS' and runtime == 'crio'
- include: 01-ubuntu-os-docker.yml
tags: ubuntu-docker
when: ansible_distribution == 'Ubuntu' and runtime == 'docker'
- include: 01-ubuntu-os-containerd.yml
tags: ubuntu-containerd
when: ansible_distribution == 'Ubuntu' and runtime == 'containerd'
- include: 01-ubuntu-os-crio.yml
tags: ubuntu-crio
when: ansible_distribution == 'Ubuntu' and runtime == 'crio'
- include: 02-k8s-main.yml
tags: k8s-main

4779
roles/agent_os_setting/templates/calico.yaml.j2 Normal file
View File

File diff suppressed because it is too large Load Diff

197
roles/agent_os_setting/templates/components.yaml.j2 Normal file
View File

@@ -0,0 +1,197 @@
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
k8s-app: metrics-server
name: metrics-server
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
k8s-app: metrics-server
rbac.authorization.k8s.io/aggregate-to-admin: "true"
rbac.authorization.k8s.io/aggregate-to-edit: "true"
rbac.authorization.k8s.io/aggregate-to-view: "true"
name: system:aggregated-metrics-reader
rules:
- apiGroups:
- metrics.k8s.io
resources:
- pods
- nodes
verbs:
- get
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
k8s-app: metrics-server
name: system:metrics-server
rules:
- apiGroups:
- ""
resources:
- nodes/metrics
verbs:
- get
- apiGroups:
- ""
resources:
- pods
- nodes
verbs:
- get
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
k8s-app: metrics-server
name: metrics-server-auth-reader
namespace: kube-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: extension-apiserver-authentication-reader
subjects:
- kind: ServiceAccount
name: metrics-server
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
k8s-app: metrics-server
name: metrics-server:system:auth-delegator
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:auth-delegator
subjects:
- kind: ServiceAccount
name: metrics-server
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
k8s-app: metrics-server
name: system:metrics-server
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:metrics-server
subjects:
- kind: ServiceAccount
name: metrics-server
namespace: kube-system
---
apiVersion: v1
kind: Service
metadata:
labels:
k8s-app: metrics-server
name: metrics-server
namespace: kube-system
spec:
ports:
- name: https
port: 443
protocol: TCP
targetPort: https
selector:
k8s-app: metrics-server
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
k8s-app: metrics-server
name: metrics-server
namespace: kube-system
spec:
selector:
matchLabels:
k8s-app: metrics-server
strategy:
rollingUpdate:
maxUnavailable: 0
template:
metadata:
labels:
k8s-app: metrics-server
spec:
containers:
- args:
- --cert-dir=/tmp
- --secure-port=4443
- --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname
- --kubelet-use-node-status-port
- --metric-resolution=15s
- --kubelet-insecure-tls
image: k8s.gcr.io/metrics-server/metrics-server:v0.6.2
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3
httpGet:
path: /livez
port: https
scheme: HTTPS
periodSeconds: 10
name: metrics-server
ports:
- containerPort: 4443
name: https
protocol: TCP
readinessProbe:
failureThreshold: 3
httpGet:
path: /readyz
port: https
scheme: HTTPS
initialDelaySeconds: 20
periodSeconds: 10
resources:
requests:
cpu: 100m
memory: 200Mi
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1000
volumeMounts:
- mountPath: /tmp
name: tmp-dir
nodeSelector:
kubernetes.io/os: linux
priorityClassName: system-cluster-critical
serviceAccountName: metrics-server
volumes:
- emptyDir: {}
name: tmp-dir
---
apiVersion: apiregistration.k8s.io/v1
kind: APIService
metadata:
labels:
k8s-app: metrics-server
name: v1beta1.metrics.k8s.io
spec:
group: metrics.k8s.io
groupPriorityMinimum: 100
insecureSkipTLSVerify: true
service:
name: metrics-server
namespace: kube-system
version: v1beta1
versionPriority: 100

5
roles/agent_os_setting/templates/config.toml.j2 Normal file
View File

@@ -0,0 +1,5 @@
# {{ ansible_managed }}
{% from 'yaml2toml_macro.j2' import yaml2toml with context -%}
{{ yaml2toml(containerd_config) }}

9
roles/agent_os_setting/templates/daemon.json.j2 Normal file
View File

@@ -0,0 +1,9 @@
{
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},
"storage-driver": "overlay2",
"insecure-registries": ["10.10.31.243:5000"]
}

6
roles/agent_os_setting/templates/hosts.j2 Normal file
View File

@@ -0,0 +1,6 @@
127.0.0.1 localhost
:: 1 localhost
{% for host in groups.all %}
{{ hostvars[host].ansible_default_ipv4.address }} {{ hostvars[host].ansible_fqdn }} {{ hostvars[host].ansible_hostname }}
{%endfor%}

3
roles/agent_os_setting/templates/myregistry.conf.j2 Normal file
View File

@@ -0,0 +1,3 @@
[[registry]]
location = "10.10.31.243:5000"
insecure = true

58
roles/agent_os_setting/templates/yaml2toml_macro.j2 Normal file
View File

@@ -0,0 +1,58 @@
{%- macro yaml2inline_toml(item, depth) -%}
{%- if item is string or item is number -%}
{#- First, process all primitive types. -#}
{{ item | to_json }}
{%- elif item is mapping -%}
{#- Second, process all mappings. -#}
{#- Note that inline mappings must not contain newlines (except inside contained lists). -#}
{{ "{" }}
{%- for key, value in item.items() | sort -%}
{{ " "
+ (key | to_json)
+ " = "
+ yaml2inline_toml(value, depth)
}}
{%- if not loop.last -%}{{ "," }}{%- endif -%}
{%- endfor -%}
{{ " }" }}
{%- else -%}
{#- Third, process all lists. -#}
{%- if item | length == 0 -%}{{ "[]" }}{%- else -%}
{{ "[" }}
{%- for entry in item -%}
{{ "\n"
+ (" " * (depth + 1))
+ yaml2inline_toml(entry, depth + 1)
}}
{%- if not loop.last -%}{{ "," }}{%- endif -%}
{%- endfor -%}
{{ "\n" + (" " * depth) + "]" }}
{%- endif -%}
{%- endif -%}
{%- endmacro -%}
{%- macro yaml2toml(item, super_keys=[]) -%}
{%- for key, value in item.items() | sort -%}
{%- if value is not mapping -%}
{#- First, process all non-mappings. -#}
{{ (" " * (super_keys | length))
+ (key | to_json)
+ " = "
+ (yaml2inline_toml(value, super_keys | length))
+ "\n"
}}
{%- endif -%}
{%- endfor -%}
{%- for key, value in item.items() | sort -%}
{%- if value is mapping -%}
{#- Second, process all mappings. -#}
{{ "\n"
+ (" " * (super_keys | length))
+ "["
+ ((super_keys+[key]) | map('to_json') | join("."))
+ "]\n"
+ yaml2toml(value, super_keys+[key])
}}
{%- endif -%}
{%- endfor -%}
{%- endmacro -%}

2
roles/agent_os_setting/tests/inventory Normal file
View File

@@ -0,0 +1,2 @@
localhost

5
roles/agent_os_setting/tests/test.yml Normal file
View File

@@ -0,0 +1,5 @@
---
- hosts: localhost
remote_user: root
roles:
- apache

2
roles/agent_os_setting/vars/main.yml Normal file
View File

@@ -0,0 +1,2 @@
---
# vars file for apache