sa_8001/cmoa_installer_ansible
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

ansible v2 (release 3.4.9)

Browse Source
This commit is contained in:
havelight-ee
2023-02-16 16:20:12 +09:00
parent 7f08fdd9ff
commit 59a199e50f
3525 changed files with 435537 additions and 62726 deletions
Download Patch File Download Diff File Expand all files Collapse all files

77
roles/agent_os_setting/tasks/00-centos-os-main.yml Normal file
View File

@@ -0,0 +1,77 @@
---
- name: Update and upgrade yum packages
yum:
name: "*"
state: latest
- name: Install yum packages
yum:
name: ['cloud-utils', 'ca-certificates', 'socat', 'conntrack', 'gnupg', 'bash-completion', 'net-tools']
state: present
- name: Disable firewalld
systemd: name=firewalld state=stopped
ignore_errors: yes
tags:
- install
- atomic
- firewalld
- name: Disable SWAP since kubernetes can't work with swap enabled (1/2)
command: 'swapoff -a'
- name: Disable SWAP in fstab since kubernetes can't work with swap enabled (2/2)
replace:
path: /etc/fstab
regexp: '^([^#].*?\sswap\s+sw\s+.*)$'
replace: '# \1'
- name: Add br_netfilter to module autoload
lineinfile:
path: /etc/modules-load.d/k8s2.conf
line: "{{ item }}"
create: true
with_items:
- 'overlay'
- 'br_netfilter'
- name: Add br_netfilter to module autoload
modprobe:
name: "{{ item }}"
state: present
become: true
with_items:
- 'overlay'
- 'br_netfilter'
- name: Add br_netfilter to module autoload
lineinfile:
path: /etc/sysctl.d/k8s.conf
line: "{{ item }}"
create: true
with_items:
- 'net.bridge.bridge-nf-call-iptables = 1'
- 'net.bridge.bridge-nf-call-ip6tables = 1'
- 'net.ipv4.ip_forward = 1'
- name: Disable net.bridge.bridge-nf-call-iptables
sysctl:
name: "{{ item }}"
value: 1
with_items:
- 'net.bridge.bridge-nf-call-iptables'
- 'net.bridge.bridge-nf-call-ip6tables'
- name: Disable net.ipv4.ip_forward
sysctl:
name: net.ipv4.ip_forward
value: "1"
- name: Setting hosts file
template:
src: hosts.j2
dest: /etc/hosts
- name: Disable SELinux
ansible.posix.selinux:
state: disabled

71
roles/agent_os_setting/tasks/00-ubuntu-os-main.yml Normal file
View File

@@ -0,0 +1,71 @@
---
- name: Update and upgrade apt packages
apt:
upgrade: yes
update_cache: yes
force_apt_get: yes
cache_valid_time: 86400
- name: Install apt packages
apt:
name: ['cloud-utils', 'apt-transport-https', 'ca-certificates', 'curl', 'socat', 'conntrack', 'gnupg', 'lsb-release', 'bash-completion', 'chrony']
state: present
- name: Disable ufw
command: 'ufw disable'
when: ansible_distribution_version == '20.04'
- name: Disable SWAP since kubernetes can't work with swap enabled (1/2)
command: 'swapoff -a'
- name: Disable SWAP in fstab since kubernetes can't work with swap enabled (2/2)
replace:
path: /etc/fstab
regexp: '^([^#].*?\sswap\s+sw\s+.*)$'
replace: '# \1'
- name: Add br_netfilter to module autoload
lineinfile:
path: /etc/modules-load.d/k8s.conf
line: "{{ item }}"
create: true
with_items:
- 'overlay'
- 'br_netfilter'
- name: Add br_netfilter to module autoload
modprobe:
name: "{{ item }}"
state: present
become: true
with_items:
- 'overlay'
- 'br_netfilter'
- name: Add br_netfilter to module autoload
lineinfile:
path: /etc/sysctl.d/k8s.conf
line: "{{ item }}"
create: true
with_items:
- 'net.bridge.bridge-nf-call-iptables = 1'
- 'net.bridge.bridge-nf-call-ip6tables = 1'
- 'net.ipv4.ip_forward = 1'
- name: Disable net.bridge.bridge-nf-call-iptables
sysctl:
name: "{{ item }}"
value: 1
with_items:
- 'net.bridge.bridge-nf-call-iptables'
- 'net.bridge.bridge-nf-call-ip6tables'
- name: Disable net.ipv4.ip_forward
sysctl:
name: net.ipv4.ip_forward
value: "1"
- name: Setting hosts file
template:
src: hosts.j2
dest: /etc/hosts

47
roles/agent_os_setting/tasks/01-centos-os-containerd.yml Normal file
View File

@@ -0,0 +1,47 @@
---
- name: Add containerd yum repository
command: yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
- name: Create containerd configuration directory
file:
path: /etc/containerd
state: directory
- name: Configure containerd
template:
src: config.toml.j2
dest: /etc/containerd/config.toml
notify:
- Restart containerd service
- name: Install required packages
yum:
name: ['containerd']
state: present
notify:
- Reload systemd configuration
- Restart containerd service
- meta: flush_handlers
- name: Enable containerd service
service:
name: containerd
enabled: True
state: started
- name: Add kubernetes yum repository
ansible.builtin.yum_repository:
name: kubernetes
description: kubernetes
baseurl: https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64
enabled: 1
gpgcheck: 1
gpgkey: https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
- name: Install kubernetes utils
ansible.builtin.yum:
name: ['kubelet-{{kubernetes_version}}','kubeadm-{{kubernetes_version}}','kubectl-{{kubernetes_version}}']
exclude: kubernetes
notify:
- Reload systemd configuration

53
roles/agent_os_setting/tasks/01-centos-os-crio.yml Normal file
View File

@@ -0,0 +1,53 @@
---
- name: Add crio yum repository
command: sudo curl -L -o /etc/yum.repos.d/devel:kubic:libcontainers:stable.repo https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/CentOS_7/devel:kubic:libcontainers:stable.repo
- name: Add crio yum repository
command: sudo curl -L -o /etc/yum.repos.d/devel:kubic:libcontainers:stable:cri-o:1.23.repo https://download.opensuse.org/repositories/devel:kubic:libcontainers:stable:cri-o:1.23/CentOS_7/devel:kubic:libcontainers:stable:cri-o:1.23.repo
- name: Create crio configuration directory
file:
path: /etc/containers/registries.conf.d
state: directory
- name: Configure crio
template:
src: myregistry.conf.j2
dest: /etc/containers/registries.conf.d/myregistry.conf
notify:
- Restart crio service
- name: Install required packages
yum:
name: ['crio']
state: present
notify:
- Reload systemd configuration
- Restart crio service
- meta: flush_handlers
- name: Enable crio service
service:
name: crio
enabled: True
state: started
- name: Add kubernetes yum repository
ansible.builtin.yum_repository:
name: kubernetes
description: kubernetes
baseurl: https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64
enabled: 1
gpgcheck: 1
gpgkey: https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
- name: Install kubernetes utils
ansible.builtin.yum:
name: ['kubelet-{{kubernetes_version}}','kubeadm-{{kubernetes_version}}','kubectl-{{kubernetes_version}}']
exclude: kubernetes
notify:
- Reload systemd configuration
- name: manual reload
command: systemctl daemon-reload

58
roles/agent_os_setting/tasks/01-centos-os-docker.yml Normal file
View File

@@ -0,0 +1,58 @@
---
- name: Add docker script
command: curl -fsSL https://get.docker.com -o /root/get-docker.sh
- name: install docker
command: sh /root/get-docker.sh
- name: Create docker configuration directory
file:
path: /etc/docker
state: directory
#- name: Install required packages
# yum:
# name: ['docker-ce']
# state: present
# notify:
# - Reload systemd configuration
# - Restart docker service
- name: Configure docker
template:
src: daemon.json.j2
dest: /etc/docker/daemon.json
notify:
- Reload systemd configuration
- Restart docker service
#- name: Delete containerd config
# file:
# path: /etc/containerd/config.toml
# state: absent
# notify:
# - Restart containerd service
- meta: flush_handlers
- name: Enable docker service
service:
name: docker
enabled: True
state: started
- name: Add kubernetes yum repository
ansible.builtin.yum_repository:
name: kubernetes
description: kubernetes
baseurl: https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64
enabled: 1
gpgcheck: 1
gpgkey: https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
- name: Install kubernetes utils
ansible.builtin.yum:
name: ['kubelet-{{kubernetes_version}}','kubeadm-{{kubernetes_version}}','kubectl-{{kubernetes_version}}']
exclude: kubernetes
notify:
- Reload systemd configuration

78
roles/agent_os_setting/tasks/01-ubuntu-os-containerd.yml Normal file
View File

@@ -0,0 +1,78 @@
---
- name: Add docker apt key
apt_key:
url: https://download.docker.com/linux/{{ ansible_distribution | lower }}/gpg
- name: Add docker apt repository
apt_repository:
repo: deb [arch=amd64] https://download.docker.com/linux/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} stable
filename: docker
register: containerd_apt_repo_task
- name: apt list --upgradable
command: apt list --upgradable
when: containerd_apt_repo_task.changed
- name: apt update
apt:
update_cache: yes
when: containerd_apt_repo_task.changed
- name: Create containerd configuration directory
file:
path: /etc/containerd
state: directory
- name: Configure containerd
template:
src: config.toml.j2
dest: /etc/containerd/config.toml
notify:
- Restart containerd service
- name: Install required packages
apt:
name:
- containerd.io
notify:
- Reload systemd configuration
- Restart containerd service
- meta: flush_handlers
- name: Enable containerd service
service:
name: containerd
enabled: True
state: started
- name: Install kubernetes
block:
- name: 'Add kubernetes repo key'
apt_key:
url: https://packages.cloud.google.com/apt/doc/apt-key.gpg
state: present
become: true
- name: Add kubernetes repository
apt_repository:
repo: deb http://apt.kubernetes.io kubernetes-xenial main
state: present
filename: 'kubernetes'
become: true
- name: Install kubernetes components
apt:
name: ['kubelet={{kubernetes_version}}-*', 'kubeadm={{kubernetes_version}}-*', 'kubectl={{kubernetes_version}}-*']
state: present
update_cache: yes
force: yes
dpkg_options: force-downgrade
- name: Hold kubernetes packages
dpkg_selections:
name: "{{item}}"
selection: hold
with_items:
- kubelet
- kubectl
- kubeadm

65
roles/agent_os_setting/tasks/01-ubuntu-os-crio.yml Normal file
View File

@@ -0,0 +1,65 @@
---
- name: Add crio yum repository
command: sudo curl -L -o /etc/yum.repos.d/devel:kubic:libcontainers:stable.repo https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/CentOS_7/devel:kubic:libcontainers:stable.repo
- name: Add crio yum repository
command: sudo curl -L -o /etc/yum.repos.d/devel:kubic:libcontainers:stable:cri-o:1.23.repo https://download.opensuse.org/repositories/devel:kubic:libcontainers:stable:cri-o:1.23/CentOS_7/devel:kubic:libcontainers:stable:cri-o:1.23.repo
- name: Create crio configuration directory
file:
path: /etc/containers/registries.conf.d
state: directory
- name: Configure crio
template:
src: myregistry.conf.j2
dest: /etc/containers/registries.conf.d/myregistry.conf
notify:
- Restart crio service
- name: Install required packages
apt:
name:
- crio
notify:
- Reload systemd configuration
- Restart crio service
- meta: flush_handlers
- name: Enable crio service
service:
name: crio
enabled: True
state: started
- name: Install kubernetes
block:
- name: 'Add kubernetes repo key'
apt_key:
url: https://packages.cloud.google.com/apt/doc/apt-key.gpg
state: present
become: true
- name: Add kubernetes repository
apt_repository:
repo: deb http://apt.kubernetes.io kubernetes-xenial main
state: present
filename: 'kubernetes'
become: true
- name: Install kubernetes components
apt:
name: ['kubelet={{kubernetes_version}}-*', 'kubeadm={{kubernetes_version}}-*', 'kubectl={{kubernetes_version}}-*']
state: present
update_cache: yes
force: yes
dpkg_options: force-downgrade
- name: Hold kubernetes packages
dpkg_selections:
name: "{{item}}"
selection: hold
with_items:
- kubelet
- kubectl
- kubeadm

50
roles/agent_os_setting/tasks/01-ubuntu-os-docker.yml Normal file
View File

@@ -0,0 +1,50 @@
---
- name: Add docker script
command: curl -fsSL https://get.docker.com -o /root/get-docker.sh
- name: install docker
command: sh /root/get-docker.sh
- name: Create docker configuration directory
file:
path: /etc/docker
state: directory
- name: Configure docker
template:
src: daemon.json.j2
dest: /etc/docker/daemon.json
notify:
- Reload systemd configuration
- Restart docker service
- name: Install kubernetes
block:
- name: 'Add kubernetes repo key'
apt_key:
url: https://packages.cloud.google.com/apt/doc/apt-key.gpg
state: present
become: true
- name: Add kubernetes repository
apt_repository:
repo: deb http://apt.kubernetes.io kubernetes-xenial main
state: present
filename: 'kubernetes'
become: true
- name: Install kubernetes components
apt:
name: ['kubelet={{kubernetes_version}}-*', 'kubeadm={{kubernetes_version}}-*', 'kubectl={{kubernetes_version}}-*']
state: present
update_cache: yes
force: yes
dpkg_options: force-downgrade
- name: Hold kubernetes packages
dpkg_selections:
name: "{{item}}"
selection: hold
with_items:
- kubelet
- kubectl
- kubeadm

43
roles/agent_os_setting/tasks/02-k8s-main.yml Normal file
View File

@@ -0,0 +1,43 @@
---
- name: Enable kubelet service
systemd:
name: kubelet
enabled: true
masked: false
- name: Check if Kubernetes has already been initialized.
stat:
path: /etc/kubernetes/admin.conf
register: kubernetes_init_stat
# Set up master.
- include_tasks: 03-k8s-master.yml
when: kubernetes_role == 'master'
# Set up nodes.
- name: Get the kubeadm join command from the Kubernetes master.
command: kubeadm token create --print-join-command
changed_when: false
when: kubernetes_role == 'master'
register: kubernetes_join_command_result
- name: Get kubeconfig
fetch:
src: /etc/kubernetes/admin.conf
dest: "{{ ansible_kube_config }}"
flat: yes
when: kubernetes_role == 'master'
- name: Set the kubeadm join command globally.
set_fact:
kubernetes_join_command: >
{{ kubernetes_join_command_result.stdout }}
{{ kubernetes_join_command_extra_opts }}
when: kubernetes_join_command_result.stdout is defined
delegate_to: "{{ item }}"
delegate_facts: true
with_items: "{{ groups['all'] }}"
- include_tasks: 05-k8s-node.yml
when: kubernetes_role == 'node'

51
roles/agent_os_setting/tasks/03-k8s-master.yml Normal file
View File

@@ -0,0 +1,51 @@
---
- name: Initialize Kubernetes master with kubeadm init.
command: >
kubeadm init
--pod-network-cidr={{ kubernetes_pod_network.cidr }}
--apiserver-advertise-address={{ kubernetes_apiserver_advertise_address | default(ansible_default_ipv4.address, true) }}
{{ kubernetes_kubeadm_init_extra_opts }}
register: kubeadmin_init
when: not kubernetes_init_stat.stat.exists
- name: Print the init output to screen.
debug:
var: kubeadmin_init.stdout
verbosity: 2
when: not kubernetes_init_stat.stat.exists
- name: Ensure .kube directory exists.
file:
path: ~/.kube
state: directory
- name: Symlink the kubectl admin.conf to ~/.kube/conf.
file:
src: /etc/kubernetes/admin.conf
dest: ~/.kube/config
state: link
force: yes
- name: copy the kubectl config to ~/.kube/ansible_config
copy:
src: /etc/kubernetes/admin.conf
dest: ~/.kube/ansible_config
remote_src: true
- name: Get kubeconfig
fetch:
src: /etc/kubernetes/admin.conf
dest: "{{ ansible_kube_config }}"
flat: yes
- name: Configure Calico networking and Metric Server
include_tasks: 04-k8s-master-yaml.yml
- name: Kubectl Cheat Sheet
lineinfile:
path: ~/.bashrc
line: "{{ item }}"
with_items:
- source <(kubectl completion bash)
- alias k=kubectl
- complete -o default -F __start_kubectl k

21
roles/agent_os_setting/tasks/04-k8s-master-yaml.yml Normal file
View File

@@ -0,0 +1,21 @@
---
- name: Copy calico yaml
template:
src: calico.yaml.j2
dest: /tmp/calico.yaml
- name: Copy metric server yaml
template:
src: components.yaml.j2
dest: /tmp/components.yaml
- name: Configure Calico networking.
command: kubectl apply -f /tmp/calico.yaml
register: calico_result
changed_when: "'created' in calico_result.stdout"
when: kubernetes_pod_network.cni == 'calico'
- name: Configure Metric Server
command: kubectl apply -f /tmp/components.yaml
register: metric_server_result
changed_when: "'created' in metric_server_result.stdout"

6
roles/agent_os_setting/tasks/05-k8s-node.yml Normal file
View File

@@ -0,0 +1,6 @@
---
- name: Join node to Kubernetes master
shell: >
{{ kubernetes_join_command }}
creates=/etc/kubernetes/kubelet.conf
tags: ['skip_ansible_lint']

35
roles/agent_os_setting/tasks/main.yml Normal file
View File

@@ -0,0 +1,35 @@
---
- include: 00-centos-os-main.yml
tags: centos
when: ansible_distribution == 'CentOS'
- include: 00-ubuntu-os-main.yml
tags: ubuntu
when: ansible_distribution == 'Ubuntu'
- include: 01-centos-os-docker.yml
tags: cent-docker
when: ansible_distribution == 'CentOS' and runtime == 'docker'
- include: 01-centos-os-containerd.yml
tags: cent-containerd
when: ansible_distribution == 'CentOS' and runtime == 'containerd'
- include: 01-centos-os-crio.yml
tags: cent-crio
when: ansible_distribution == 'CentOS' and runtime == 'crio'
- include: 01-ubuntu-os-docker.yml
tags: ubuntu-docker
when: ansible_distribution == 'Ubuntu' and runtime == 'docker'
- include: 01-ubuntu-os-containerd.yml
tags: ubuntu-containerd
when: ansible_distribution == 'Ubuntu' and runtime == 'containerd'
- include: 01-ubuntu-os-crio.yml
tags: ubuntu-crio
when: ansible_distribution == 'Ubuntu' and runtime == 'crio'
- include: 02-k8s-main.yml
tags: k8s-main