Gate/Dev: RPM and structure improvements
This PS restores the use of the distro provided docker for RPM based distros. It also removes the roles subdirectory from the playbooks and replaces it with a symlink for local dev use. Change-Id: Ic11adb85813e92488f5ebbe6714ad7da8d3938e2
This commit is contained in:
parent
626b94e0c8
commit
37d836c8c7
2
.gitignore
vendored
2
.gitignore
vendored
@ -72,4 +72,4 @@ releasenotes/build
|
|||||||
# Gate and Check Logs
|
# Gate and Check Logs
|
||||||
logs/
|
logs/
|
||||||
tools/gate/local-overrides/
|
tools/gate/local-overrides/
|
||||||
tools/gate/playbooks/*.retry
|
playbooks/*.retry
|
||||||
|
@ -1 +0,0 @@
|
|||||||
local
|
|
@ -1 +0,0 @@
|
|||||||
local
|
|
@ -1 +0,0 @@
|
|||||||
local
|
|
1
playbooks/roles
Symbolic link
1
playbooks/roles
Symbolic link
@ -0,0 +1 @@
|
|||||||
|
../roles
|
@ -1,18 +0,0 @@
|
|||||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
# you may not use this file except in compliance with the License.
|
|
||||||
# You may obtain a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
# See the License for the specific language governing permissions and
|
|
||||||
# limitations under the License.
|
|
||||||
|
|
||||||
- include: setup-helm-serve.yaml
|
|
||||||
|
|
||||||
- name: build all charts in repo
|
|
||||||
make:
|
|
||||||
chdir: "{{ work_dir }}"
|
|
||||||
target: all
|
|
@ -1,87 +0,0 @@
|
|||||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
# you may not use this file except in compliance with the License.
|
|
||||||
# You may obtain a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
# See the License for the specific language governing permissions and
|
|
||||||
# limitations under the License.
|
|
||||||
|
|
||||||
- block:
|
|
||||||
- name: check if correct version of helm client already installed
|
|
||||||
shell: "set -e; [ \"x$($(type -p helm) version --client --short | awk '{ print $NF }' | awk -F '+' '{ print $1 }')\" == \"x${HELM_VERSION}\" ] || exit 1"
|
|
||||||
environment:
|
|
||||||
HELM_VERSION: "{{ version.helm }}"
|
|
||||||
args:
|
|
||||||
executable: /bin/bash
|
|
||||||
register: need_helm
|
|
||||||
ignore_errors: True
|
|
||||||
- name: install helm client
|
|
||||||
when: need_helm | failed
|
|
||||||
become_user: root
|
|
||||||
shell: |
|
|
||||||
TMP_DIR=$(mktemp -d)
|
|
||||||
curl -sSL https://storage.googleapis.com/kubernetes-helm/helm-${HELM_VERSION}-linux-amd64.tar.gz | tar -zxv --strip-components=1 -C ${TMP_DIR}
|
|
||||||
sudo mv ${TMP_DIR}/helm /usr/bin/helm
|
|
||||||
rm -rf ${TMP_DIR}
|
|
||||||
environment:
|
|
||||||
HELM_VERSION: "{{ version.helm }}"
|
|
||||||
args:
|
|
||||||
executable: /bin/bash
|
|
||||||
- name: setting up helm client
|
|
||||||
command: helm init --client-only
|
|
||||||
|
|
||||||
- block:
|
|
||||||
- name: checking if local helm server is running
|
|
||||||
shell: curl -s 127.0.0.1:8879 | grep -q 'Helm Repository'
|
|
||||||
args:
|
|
||||||
executable: /bin/bash
|
|
||||||
register: helm_server_running
|
|
||||||
ignore_errors: True
|
|
||||||
- name: getting current host user name
|
|
||||||
when: helm_server_running | failed
|
|
||||||
shell: id -un
|
|
||||||
args:
|
|
||||||
executable: /bin/bash
|
|
||||||
register: helm_server_user
|
|
||||||
- name: moving systemd unit into place for helm server
|
|
||||||
when: helm_server_running | failed
|
|
||||||
become: yes
|
|
||||||
become_user: root
|
|
||||||
template:
|
|
||||||
src: helm-serve.service.j2
|
|
||||||
dest: /etc/systemd/system/helm-serve.service
|
|
||||||
mode: 0640
|
|
||||||
- name: starting helm serve service
|
|
||||||
when: helm_server_running | failed
|
|
||||||
become: yes
|
|
||||||
become_user: root
|
|
||||||
systemd:
|
|
||||||
state: restarted
|
|
||||||
daemon_reload: yes
|
|
||||||
name: helm-serve
|
|
||||||
- name: wait for helm server to be ready
|
|
||||||
shell: curl -s 127.0.0.1:8879 | grep -q 'Helm Repository'
|
|
||||||
args:
|
|
||||||
executable: /bin/bash
|
|
||||||
register: wait_for_helm_server
|
|
||||||
until: wait_for_helm_server.rc == 0
|
|
||||||
retries: 120
|
|
||||||
delay: 5
|
|
||||||
|
|
||||||
- block:
|
|
||||||
- name: checking if helm 'stable' repo is present
|
|
||||||
shell: helm repo list | grep -q "^stable"
|
|
||||||
args:
|
|
||||||
executable: /bin/bash
|
|
||||||
register: helm_stable_repo_present
|
|
||||||
ignore_errors: True
|
|
||||||
- name: checking if helm 'stable' repo is present
|
|
||||||
when: helm_stable_repo_present | succeeded
|
|
||||||
command: helm repo remove stable
|
|
||||||
|
|
||||||
- name: adding helm local repo
|
|
||||||
command: helm repo add local http://localhost:8879/charts
|
|
@ -1,11 +0,0 @@
|
|||||||
[Unit]
|
|
||||||
Description=Helm Server
|
|
||||||
After=network.target
|
|
||||||
|
|
||||||
[Service]
|
|
||||||
User={{ helm_server_user.stdout }}
|
|
||||||
Restart=always
|
|
||||||
ExecStart=/usr/bin/helm serve
|
|
||||||
|
|
||||||
[Install]
|
|
||||||
WantedBy=multi-user.target
|
|
@ -1,74 +0,0 @@
|
|||||||
# Copyright 2017 The Openstack-Helm Authors.
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
# you may not use this file except in compliance with the License.
|
|
||||||
# You may obtain a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
# See the License for the specific language governing permissions and
|
|
||||||
# limitations under the License.
|
|
||||||
|
|
||||||
#NOTE(portdirect): Untill https://github.com/ansible/ansible/issues/21433 is
|
|
||||||
# reolved, we build with a shell script to make use of the host network.
|
|
||||||
- name: Kubeadm-AIO build
|
|
||||||
block:
|
|
||||||
#NOTE(portdirect): we do this to ensure we are feeding the docker build
|
|
||||||
# a clean path to work with.
|
|
||||||
- name: Kubeadm-AIO image build path
|
|
||||||
shell: cd "{{ work_dir }}"; pwd
|
|
||||||
register: kubeadm_aio_path
|
|
||||||
# - name: build the Kubeadm-AIO image
|
|
||||||
# docker_image:
|
|
||||||
# path: "{{ kubeadm_aio_path.stdout }}/"
|
|
||||||
# name: "{{ images.kubernetes.kubeadm_aio }}"
|
|
||||||
# dockerfile: "tools/images/kubeadm-aio/Dockerfile"
|
|
||||||
# force: yes
|
|
||||||
# pull: yes
|
|
||||||
# state: present
|
|
||||||
# rm: yes
|
|
||||||
# buildargs:
|
|
||||||
# KUBE_VERSION: "{{ version.kubernetes }}"
|
|
||||||
# CNI_VERSION: "{{ version.cni }}"
|
|
||||||
# HELM_VERSION: "{{ version.helm }}"
|
|
||||||
# CHARTS: "calico,flannel,tiller,kube-dns"
|
|
||||||
- name: Kubeadm-AIO image build path with proxy
|
|
||||||
when: proxy.http is defined and (proxy.http | trim != "")
|
|
||||||
shell: |-
|
|
||||||
set -e
|
|
||||||
docker build \
|
|
||||||
--network host \
|
|
||||||
--force-rm \
|
|
||||||
--tag "{{ images.kubernetes.kubeadm_aio }}" \
|
|
||||||
--file tools/images/kubeadm-aio/Dockerfile \
|
|
||||||
--build-arg KUBE_VERSION="{{ version.kubernetes }}" \
|
|
||||||
--build-arg CNI_VERSION="{{ version.cni }}" \
|
|
||||||
--build-arg HELM_VERSION="{{ version.helm }}" \
|
|
||||||
--build-arg CHARTS="calico,flannel,tiller,kube-dns" \
|
|
||||||
--build-arg HTTP_PROXY="{{ proxy.http }}" \
|
|
||||||
--build-arg HTTPS_PROXY="{{ proxy.https }}" \
|
|
||||||
--build-arg NO_PROXY="{{ proxy.noproxy }}" \
|
|
||||||
.
|
|
||||||
args:
|
|
||||||
chdir: "{{ kubeadm_aio_path.stdout }}/"
|
|
||||||
executable: /bin/bash
|
|
||||||
- name: Kubeadm-AIO image build path
|
|
||||||
when: proxy.http is undefined or (proxy.http | trim == "")
|
|
||||||
shell: |-
|
|
||||||
set -e
|
|
||||||
docker build \
|
|
||||||
--network host \
|
|
||||||
--force-rm \
|
|
||||||
--tag "{{ images.kubernetes.kubeadm_aio }}" \
|
|
||||||
--file tools/images/kubeadm-aio/Dockerfile \
|
|
||||||
--build-arg KUBE_VERSION="{{ version.kubernetes }}" \
|
|
||||||
--build-arg CNI_VERSION="{{ version.cni }}" \
|
|
||||||
--build-arg HELM_VERSION="{{ version.helm }}" \
|
|
||||||
--build-arg CHARTS="calico,flannel,tiller,kube-dns" \
|
|
||||||
.
|
|
||||||
args:
|
|
||||||
chdir: "{{ kubeadm_aio_path.stdout }}/"
|
|
||||||
executable: /bin/bash
|
|
@ -1,15 +0,0 @@
|
|||||||
# Copyright 2017 The Openstack-Helm Authors.
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
# you may not use this file except in compliance with the License.
|
|
||||||
# You may obtain a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
# See the License for the specific language governing permissions and
|
|
||||||
# limitations under the License.
|
|
||||||
|
|
||||||
- include: kubeadm-aio.yaml
|
|
@ -1,22 +0,0 @@
|
|||||||
# Copyright 2017 The Openstack-Helm Authors.
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
# you may not use this file except in compliance with the License.
|
|
||||||
# You may obtain a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
# See the License for the specific language governing permissions and
|
|
||||||
# limitations under the License.
|
|
||||||
|
|
||||||
- name: remove osh directory
|
|
||||||
become: yes
|
|
||||||
become_user: root
|
|
||||||
file:
|
|
||||||
path: "{{ item }}"
|
|
||||||
state: absent
|
|
||||||
with_items:
|
|
||||||
- /var/lib/openstack-helm
|
|
@ -1,68 +0,0 @@
|
|||||||
# Copyright 2017 The Openstack-Helm Authors.
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
# you may not use this file except in compliance with the License.
|
|
||||||
# You may obtain a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
# See the License for the specific language governing permissions and
|
|
||||||
# limitations under the License.
|
|
||||||
|
|
||||||
- name: ensuring SELinux is disabled on centos & fedora
|
|
||||||
when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux' or ansible_distribution == 'Fedora'
|
|
||||||
become: true
|
|
||||||
become_user: root
|
|
||||||
command: setenforce 0
|
|
||||||
ignore_errors: True
|
|
||||||
|
|
||||||
#NOTE(portdirect): See https://ask.openstack.org/en/question/110437/importerror-cannot-import-name-unrewindablebodyerror/
|
|
||||||
- name: fix docker removal issue with ansible's docker_container on centos
|
|
||||||
when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux'
|
|
||||||
block:
|
|
||||||
- name: remove requests and urllib3 pip packages to fix docker removal issue with ansible's docker_container on centos
|
|
||||||
become: true
|
|
||||||
become_user: root
|
|
||||||
include_role:
|
|
||||||
name: deploy-package
|
|
||||||
tasks_from: pip
|
|
||||||
vars:
|
|
||||||
state: absent
|
|
||||||
packages:
|
|
||||||
- requests
|
|
||||||
- urllib3
|
|
||||||
- name: remove requests and urllib3 distro packages to fix docker removal issue with ansible's docker_container on centos
|
|
||||||
become: true
|
|
||||||
become_user: root
|
|
||||||
include_role:
|
|
||||||
name: deploy-package
|
|
||||||
tasks_from: dist
|
|
||||||
vars:
|
|
||||||
state: absent
|
|
||||||
packages:
|
|
||||||
rpm:
|
|
||||||
- python-urllib3
|
|
||||||
- python-requests
|
|
||||||
- name: restore requests and urllib3 distro packages to fix docker removal issue with ansible's docker_container on centos
|
|
||||||
become: true
|
|
||||||
become_user: root
|
|
||||||
include_role:
|
|
||||||
name: deploy-package
|
|
||||||
tasks_from: dist
|
|
||||||
vars:
|
|
||||||
state: present
|
|
||||||
packages:
|
|
||||||
rpm:
|
|
||||||
- python-urllib3
|
|
||||||
- python-requests
|
|
||||||
|
|
||||||
- name: Ensure docker python packages deployed
|
|
||||||
include_role:
|
|
||||||
name: deploy-package
|
|
||||||
tasks_from: pip
|
|
||||||
vars:
|
|
||||||
packages:
|
|
||||||
- docker-py
|
|
@ -1,85 +0,0 @@
|
|||||||
# Copyright 2017 The Openstack-Helm Authors.
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
# you may not use this file except in compliance with the License.
|
|
||||||
# You may obtain a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
# See the License for the specific language governing permissions and
|
|
||||||
# limitations under the License.
|
|
||||||
|
|
||||||
- name: check if docker deploy is needed
|
|
||||||
raw: which docker
|
|
||||||
register: need_docker
|
|
||||||
ignore_errors: True
|
|
||||||
|
|
||||||
- name: centos | moving systemd unit into place
|
|
||||||
when: ( ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux' ) and ( need_docker | failed )
|
|
||||||
template:
|
|
||||||
src: centos-docker.service.j2
|
|
||||||
dest: /etc/systemd/system/docker.service
|
|
||||||
mode: 0640
|
|
||||||
|
|
||||||
- name: fedora | moving systemd unit into place
|
|
||||||
when: ( ansible_distribution == 'Fedora' ) and ( need_docker | failed )
|
|
||||||
template:
|
|
||||||
src: fedora-docker.service.j2
|
|
||||||
dest: /etc/systemd/system/docker.service
|
|
||||||
mode: 0640
|
|
||||||
|
|
||||||
- name: ubuntu | moving systemd unit into place
|
|
||||||
when: ( ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu' ) and ( need_docker | failed )
|
|
||||||
template:
|
|
||||||
src: ubuntu-docker.service.j2
|
|
||||||
dest: /etc/systemd/system/docker.service
|
|
||||||
mode: 0640
|
|
||||||
|
|
||||||
# NOTE: (lamt) Setting up the proxy before installing docker
|
|
||||||
- name: ensure docker.service.d directory exists
|
|
||||||
when: proxy.http is defined and (proxy.http | trim != "")
|
|
||||||
file:
|
|
||||||
path: /etc/systemd/system/docker.service.d
|
|
||||||
state: directory
|
|
||||||
|
|
||||||
- name: proxy | moving proxy systemd unit into place
|
|
||||||
when: ( need_docker | failed ) and ( proxy.http is defined and (proxy.http | trim != "") )
|
|
||||||
template:
|
|
||||||
src: http-proxy.conf.j2
|
|
||||||
dest: /etc/systemd/system/docker.service.d/http-proxy.conf
|
|
||||||
mode: 0640
|
|
||||||
|
|
||||||
- name: centos | add docker-ce repository
|
|
||||||
when: ( ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux' ) and ( need_docker | failed )
|
|
||||||
get_url:
|
|
||||||
url: https://download.docker.com/linux/centos/docker-ce.repo
|
|
||||||
dest: /etc/yum.repos.d/docker-ce.repo
|
|
||||||
|
|
||||||
- name: fedora | add docker-ce repository
|
|
||||||
when: ( ansible_distribution == 'Fedora' ) and ( need_docker | failed )
|
|
||||||
get_url:
|
|
||||||
url: https://download.docker.com/linux/fedora/docker-ce.repo
|
|
||||||
dest: /etc/yum.repos.d/docker-ce.repo
|
|
||||||
|
|
||||||
- name: deploy docker packages
|
|
||||||
when: need_docker | failed
|
|
||||||
include_role:
|
|
||||||
name: deploy-package
|
|
||||||
tasks_from: dist
|
|
||||||
vars:
|
|
||||||
packages:
|
|
||||||
deb:
|
|
||||||
- docker.io
|
|
||||||
rpm:
|
|
||||||
- docker-ce
|
|
||||||
|
|
||||||
- name: restarting docker
|
|
||||||
systemd:
|
|
||||||
state: restarted
|
|
||||||
daemon_reload: yes
|
|
||||||
name: docker
|
|
||||||
|
|
||||||
- include: deploy-ansible-docker-support.yaml
|
|
@ -1,30 +0,0 @@
|
|||||||
[Unit]
|
|
||||||
Description=Docker Application Container Engine
|
|
||||||
Documentation=https://docs.docker.com
|
|
||||||
After=network-online.target firewalld.service
|
|
||||||
Wants=network-online.target
|
|
||||||
|
|
||||||
[Service]
|
|
||||||
Type=notify
|
|
||||||
NotifyAccess=all
|
|
||||||
Environment=GOTRACEBACK=crash
|
|
||||||
Environment=DOCKER_HTTP_HOST_COMPAT=1
|
|
||||||
Environment=PATH=/usr/libexec/docker:/usr/bin:/usr/sbin
|
|
||||||
ExecStart=/usr/bin/dockerd \
|
|
||||||
--exec-opt native.cgroupdriver=systemd \
|
|
||||||
--userland-proxy-path=/usr/libexec/docker/docker-proxy \
|
|
||||||
--data-root=/var/lib/docker \
|
|
||||||
--storage-driver=overlay2 \
|
|
||||||
--log-driver=json-file \
|
|
||||||
--iptables=false
|
|
||||||
ExecReload=/bin/kill -s HUP $MAINPID
|
|
||||||
LimitNOFILE=1048576
|
|
||||||
LimitNPROC=1048576
|
|
||||||
LimitCORE=infinity
|
|
||||||
TimeoutStartSec=0
|
|
||||||
Restart=on-abnormal
|
|
||||||
MountFlags=share
|
|
||||||
KillMode=process
|
|
||||||
|
|
||||||
[Install]
|
|
||||||
WantedBy=multi-user.target
|
|
@ -1,29 +0,0 @@
|
|||||||
[Unit]
|
|
||||||
Description=Docker Application Container Engine
|
|
||||||
Documentation=https://docs.docker.com
|
|
||||||
After=network-online.target firewalld.service
|
|
||||||
Wants=network-online.target
|
|
||||||
|
|
||||||
[Service]
|
|
||||||
Type=notify
|
|
||||||
Environment=GOTRACEBACK=crash
|
|
||||||
# the default is not to use systemd for cgroups because the delegate issues still
|
|
||||||
# exists and systemd currently does not support the cgroup feature set required
|
|
||||||
# for containers run by docker
|
|
||||||
ExecStart=/usr/bin/dockerd \
|
|
||||||
--exec-opt native.cgroupdriver=systemd \
|
|
||||||
--userland-proxy-path=/usr/libexec/docker/docker-proxy \
|
|
||||||
--data-root=/var/lib/docker \
|
|
||||||
--storage-driver=overlay2 \
|
|
||||||
--log-driver=json-file \
|
|
||||||
--iptables=false
|
|
||||||
ExecReload=/bin/kill -s HUP $MAINPID
|
|
||||||
TasksMax=8192
|
|
||||||
LimitNOFILE=1048576
|
|
||||||
LimitNPROC=1048576
|
|
||||||
LimitCORE=infinity
|
|
||||||
TimeoutStartSec=0
|
|
||||||
Restart=on-abnormal
|
|
||||||
|
|
||||||
[Install]
|
|
||||||
WantedBy=multi-user.target
|
|
@ -1,4 +0,0 @@
|
|||||||
[Service]
|
|
||||||
Environment="HTTP_PROXY={{ proxy.http }}"
|
|
||||||
Environment="HTTPS_PROXY={{ proxy.https }}"
|
|
||||||
Environment="NO_PROXY={{ proxy.noproxy }}"
|
|
@ -1,30 +0,0 @@
|
|||||||
[Unit]
|
|
||||||
Description=Docker Application Container Engine
|
|
||||||
Documentation=https://docs.docker.com
|
|
||||||
After=network.target docker.socket firewalld.service
|
|
||||||
Requires=docker.socket
|
|
||||||
|
|
||||||
[Service]
|
|
||||||
Type=notify
|
|
||||||
# the default is not to use systemd for cgroups because the delegate issues still
|
|
||||||
# exists and systemd currently does not support the cgroup feature set required
|
|
||||||
# for containers run by docker
|
|
||||||
EnvironmentFile=-/etc/default/docker
|
|
||||||
ExecStart=/usr/bin/dockerd --iptables=false -H fd:// $DOCKER_OPTS
|
|
||||||
ExecReload=/bin/kill -s HUP $MAINPID
|
|
||||||
LimitNOFILE=1048576
|
|
||||||
# Having non-zero Limit*s causes performance problems due to accounting overhead
|
|
||||||
# in the kernel. We recommend using cgroups to do container-local accounting.
|
|
||||||
LimitNPROC=infinity
|
|
||||||
LimitCORE=infinity
|
|
||||||
# Uncomment TasksMax if your systemd version supports it.
|
|
||||||
# Only systemd 226 and above support this version.
|
|
||||||
TasksMax=infinity
|
|
||||||
TimeoutStartSec=0
|
|
||||||
# set delegate yes so that systemd does not reset the cgroups of docker containers
|
|
||||||
Delegate=yes
|
|
||||||
# kill only the docker process, not all processes in the cgroup
|
|
||||||
KillMode=process
|
|
||||||
|
|
||||||
[Install]
|
|
||||||
WantedBy=multi-user.target
|
|
@ -1,19 +0,0 @@
|
|||||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
# you may not use this file except in compliance with the License.
|
|
||||||
# You may obtain a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
# See the License for the specific language governing permissions and
|
|
||||||
# limitations under the License.
|
|
||||||
|
|
||||||
# This set of tasks creates over-rides that need to be generated dyamicly and
|
|
||||||
# injected at runtime.
|
|
||||||
|
|
||||||
- name: setup directorys on host
|
|
||||||
file:
|
|
||||||
path: "{{ work_dir }}/tools/gate/local-overrides/"
|
|
||||||
state: directory
|
|
@ -1,39 +0,0 @@
|
|||||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
# you may not use this file except in compliance with the License.
|
|
||||||
# You may obtain a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
# See the License for the specific language governing permissions and
|
|
||||||
# limitations under the License.
|
|
||||||
|
|
||||||
- block:
|
|
||||||
- name: installing OS-H dev tools
|
|
||||||
include_role:
|
|
||||||
name: deploy-package
|
|
||||||
tasks_from: dist
|
|
||||||
vars:
|
|
||||||
packages:
|
|
||||||
deb:
|
|
||||||
- git
|
|
||||||
- make
|
|
||||||
- curl
|
|
||||||
- ca-certificates
|
|
||||||
rpm:
|
|
||||||
- git
|
|
||||||
- make
|
|
||||||
- curl
|
|
||||||
- name: installing jq
|
|
||||||
include_role:
|
|
||||||
name: deploy-jq
|
|
||||||
tasks_from: main
|
|
||||||
|
|
||||||
- name: assemble charts
|
|
||||||
make:
|
|
||||||
chdir: "{{ work_dir }}"
|
|
||||||
register: out
|
|
||||||
|
|
||||||
- include: util-setup-dev-environment.yaml
|
|
@ -1,27 +0,0 @@
|
|||||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
# you may not use this file except in compliance with the License.
|
|
||||||
# You may obtain a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
# See the License for the specific language governing permissions and
|
|
||||||
# limitations under the License.
|
|
||||||
|
|
||||||
- include: generate-dynamic-over-rides.yaml
|
|
||||||
|
|
||||||
- name: "creating directory for helm test logs"
|
|
||||||
file:
|
|
||||||
path: "{{ logs_dir }}/helm-tests"
|
|
||||||
state: directory
|
|
||||||
|
|
||||||
- name: "iterating through Helm chart groups"
|
|
||||||
vars:
|
|
||||||
chart_group_name: "{{ helm_chart_group.name }}"
|
|
||||||
chart_group_items: "{{ helm_chart_group.charts }}"
|
|
||||||
include: util-chart-group.yaml
|
|
||||||
loop_control:
|
|
||||||
loop_var: helm_chart_group
|
|
||||||
with_items: "{{ chart_groups }}"
|
|
@ -1,29 +0,0 @@
|
|||||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
# you may not use this file except in compliance with the License.
|
|
||||||
# You may obtain a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
# See the License for the specific language governing permissions and
|
|
||||||
# limitations under the License.
|
|
||||||
|
|
||||||
- name: "{{ helm_chart_group.name }}"
|
|
||||||
vars:
|
|
||||||
chart_def: "{{ charts[helm_chart] }}"
|
|
||||||
loop_control:
|
|
||||||
loop_var: helm_chart
|
|
||||||
include: util-common-helm-chart.yaml
|
|
||||||
with_items: "{{ helm_chart_group.charts }}"
|
|
||||||
|
|
||||||
- name: "Running wait for pods for the charts in the {{ helm_chart_group.name }} group"
|
|
||||||
when: ('timeout' in helm_chart_group)
|
|
||||||
include: util-common-wait-for-pods.yaml
|
|
||||||
vars:
|
|
||||||
namespace: "{{ charts[helm_chart].namespace }}"
|
|
||||||
timeout: "{{ helm_chart_group.timeout }}"
|
|
||||||
loop_control:
|
|
||||||
loop_var: helm_chart
|
|
||||||
with_items: "{{ helm_chart_group.charts }}"
|
|
@ -1,92 +0,0 @@
|
|||||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
# you may not use this file except in compliance with the License.
|
|
||||||
# You may obtain a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
# See the License for the specific language governing permissions and
|
|
||||||
# limitations under the License.
|
|
||||||
|
|
||||||
- name: Helm management common block
|
|
||||||
vars:
|
|
||||||
check_deployed_result: null
|
|
||||||
chart_values_file: null
|
|
||||||
upgrade:
|
|
||||||
pre:
|
|
||||||
delete: null
|
|
||||||
|
|
||||||
block:
|
|
||||||
- name: "create temporary file for {{ chart_def['release'] }}'s values .yaml"
|
|
||||||
tempfile:
|
|
||||||
state: file
|
|
||||||
suffix: .yaml
|
|
||||||
register: chart_values_file
|
|
||||||
- name: "write out values.yaml for {{ chart_def['release'] }}"
|
|
||||||
copy:
|
|
||||||
dest: "{{ chart_values_file.path }}"
|
|
||||||
content: "{% if 'values' in chart_def %}{{ chart_def['values'] | to_nice_yaml }}{% else %}{% endif %}"
|
|
||||||
|
|
||||||
- name: "check if {{ chart_def['release'] }} is deployed"
|
|
||||||
command: helm status "{{ chart_def['release'] }}"
|
|
||||||
register: check_deployed_result
|
|
||||||
ignore_errors: True
|
|
||||||
|
|
||||||
- name: "check if local overrides are present in {{ work_dir }}/tools/gate/local-overrides/{{ chart_def['release'] }}.yaml"
|
|
||||||
stat:
|
|
||||||
path: "{{ work_dir }}/tools/gate/local-overrides/{{ chart_def['release'] }}.yaml"
|
|
||||||
register: local_overrides
|
|
||||||
|
|
||||||
- name: "try to deploy release {{ chart_def['release'] }} in {{ chart_def['namespace'] }} namespace with {{ chart_def['chart_name'] }} chart"
|
|
||||||
when: check_deployed_result | failed
|
|
||||||
command: "helm install {{ work_dir }}/{{ chart_def['chart_name'] }} --namespace {{ chart_def['namespace'] }} --name {{ chart_def['release'] }} --values={{ chart_values_file.path }}{% if local_overrides.stat.exists %} --values {{ work_dir }}/tools/gate/local-overrides/{{ chart_def['release'] }}.yaml{% endif %}"
|
|
||||||
register: out
|
|
||||||
- name: "display info for the helm {{ chart_def['release'] }} release deploy"
|
|
||||||
when: check_deployed_result | failed
|
|
||||||
debug:
|
|
||||||
var: out.stdout_lines
|
|
||||||
|
|
||||||
- name: "pre-upgrade, delete jobs for {{ chart_def['release'] }} release"
|
|
||||||
when:
|
|
||||||
- check_deployed_result | succeeded
|
|
||||||
- "'upgrade' in chart_def"
|
|
||||||
- "'pre' in chart_def['upgrade']"
|
|
||||||
- "'delete' in chart_def['upgrade']['pre']"
|
|
||||||
- "chart_def.upgrade.pre.delete is not none"
|
|
||||||
with_items: "{{ chart_def.upgrade.pre.delete }}"
|
|
||||||
loop_control:
|
|
||||||
loop_var: helm_upgrade_delete_job
|
|
||||||
command: "kubectl delete --namespace {{ chart_def['namespace'] }} job -l application={{ helm_upgrade_delete_job.labels.application }},component={{ helm_upgrade_delete_job.labels.component }} --ignore-not-found=true"
|
|
||||||
- name: "try to upgrade release {{ chart_def['release'] }} in {{ chart_def['namespace'] }} namespace with {{ chart_def['chart_name'] }} chart"
|
|
||||||
when: check_deployed_result | succeeded
|
|
||||||
command: "helm upgrade {{ chart_def['release'] }} {{ work_dir }}/{{ chart_def['chart_name'] }} --values={{ chart_values_file.path }}{% if local_overrides.stat.exists %} --values {{ work_dir }}/tools/gate/local-overrides/{{ chart_def['release'] }}.yaml{% endif %}"
|
|
||||||
register: out
|
|
||||||
- name: "display info for the helm {{ chart_def['release'] }} release upgrade"
|
|
||||||
when: check_deployed_result | succeeded
|
|
||||||
debug:
|
|
||||||
var: out.stdout_lines
|
|
||||||
|
|
||||||
- include: util-common-wait-for-pods.yaml
|
|
||||||
when: ('timeout' in chart_def)
|
|
||||||
vars:
|
|
||||||
namespace: "{{ chart_def['namespace'] }}"
|
|
||||||
timeout: "{{ chart_def['timeout'] }}"
|
|
||||||
|
|
||||||
- include: util-common-helm-test.yaml
|
|
||||||
when:
|
|
||||||
- "'test' in chart_def"
|
|
||||||
- "chart_def.test is not none"
|
|
||||||
- "'enabled' in chart_def['test']"
|
|
||||||
- "chart_def.test.enabled|bool == true"
|
|
||||||
vars:
|
|
||||||
release: "{{ chart_def['release'] }}"
|
|
||||||
namespace: "{{ chart_def['namespace'] }}"
|
|
||||||
test_settings: "{{ chart_def.test }}"
|
|
||||||
|
|
||||||
always:
|
|
||||||
- name: "remove values.yaml for {{ chart_def['release'] }}"
|
|
||||||
file:
|
|
||||||
path: "{{ chart_values_file.path }}"
|
|
||||||
state: absent
|
|
@ -1,67 +0,0 @@
|
|||||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
# you may not use this file except in compliance with the License.
|
|
||||||
# You may obtain a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
# See the License for the specific language governing permissions and
|
|
||||||
# limitations under the License.
|
|
||||||
|
|
||||||
- name: Helm test common block
|
|
||||||
vars:
|
|
||||||
release: null
|
|
||||||
namespace: null
|
|
||||||
test_settings: null
|
|
||||||
|
|
||||||
block:
|
|
||||||
- name: "remove any expired helm test pods for {{ release }}"
|
|
||||||
command: "kubectl delete pod {{ release }}-test -n {{ namespace }}"
|
|
||||||
ignore_errors: True
|
|
||||||
|
|
||||||
- name: "run helm tests for the {{ release }} release"
|
|
||||||
when:
|
|
||||||
- "'timeout' in test_settings"
|
|
||||||
- "'timeout' is none"
|
|
||||||
command: "helm test {{ release }}"
|
|
||||||
register: test_result
|
|
||||||
|
|
||||||
- name: "run helm tests for the {{ release }} release with timeout"
|
|
||||||
when:
|
|
||||||
- "'timeout' in test_settings"
|
|
||||||
- "'timeout' is not none"
|
|
||||||
command: " helm test --timeout {{ test_settings.timeout }} {{ release }}"
|
|
||||||
register: test_result
|
|
||||||
|
|
||||||
- name: "display status for {{ release }} helm tests"
|
|
||||||
debug:
|
|
||||||
var: test_result.stdout_lines
|
|
||||||
|
|
||||||
- name: "gathering logs for helm tests for {{ release }}"
|
|
||||||
when:
|
|
||||||
- test_result | succeeded
|
|
||||||
shell: |-
|
|
||||||
set -e
|
|
||||||
kubectl logs {{ release }}-test -n {{ namespace }} >> {{ logs_dir }}/helm-tests/{{ release }}.txt
|
|
||||||
args:
|
|
||||||
executable: /bin/bash
|
|
||||||
register: test_logs
|
|
||||||
|
|
||||||
- name: "displaying logs for successful helm tests for {{ release }}"
|
|
||||||
when:
|
|
||||||
- test_result | succeeded
|
|
||||||
- "'output' in test_settings"
|
|
||||||
- "test_settings.output|bool == true"
|
|
||||||
debug:
|
|
||||||
var: test_logs.stdout_lines
|
|
||||||
rescue:
|
|
||||||
- name: "gathering logs for failed helm tests for {{ release }}"
|
|
||||||
command: "kubectl logs {{ release }}-test -n {{ namespace }}"
|
|
||||||
register: out
|
|
||||||
- name: "displaying logs for failed helm tests for {{ release }}"
|
|
||||||
debug:
|
|
||||||
var: out.stdout_lines
|
|
||||||
- name: "helm tests for {{ release }} failed, stopping execution"
|
|
||||||
command: exit 1
|
|
@ -1,50 +0,0 @@
|
|||||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
# you may not use this file except in compliance with the License.
|
|
||||||
# You may obtain a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
# See the License for the specific language governing permissions and
|
|
||||||
# limitations under the License.
|
|
||||||
|
|
||||||
- name: wait for pods in namespace
|
|
||||||
vars:
|
|
||||||
namespace: null
|
|
||||||
timeout: 600
|
|
||||||
wait_return_code:
|
|
||||||
rc: 1
|
|
||||||
block:
|
|
||||||
- name: "wait for pods in {{ namespace }} namespace to be ready"
|
|
||||||
shell: |-
|
|
||||||
set -e
|
|
||||||
kubectl get pods --namespace="{{ namespace }}" -o json | jq -r \
|
|
||||||
'.items[].status.phase' | grep Pending > /dev/null && \
|
|
||||||
PENDING=True || PENDING=False
|
|
||||||
|
|
||||||
query='.items[]|select(.status.phase=="Running")'
|
|
||||||
query="$query|.status.containerStatuses[].ready"
|
|
||||||
kubectl get pods --namespace="{{ namespace }}" -o json | jq -r "$query" | \
|
|
||||||
grep false > /dev/null && READY="False" || READY="True"
|
|
||||||
|
|
||||||
kubectl get jobs -o json --namespace="{{ namespace }}" | jq -r \
|
|
||||||
'.items[] | .spec.completions == .status.succeeded' | \
|
|
||||||
grep false > /dev/null && JOBR="False" || JOBR="True"
|
|
||||||
[ $PENDING == "False" -a $READY == "True" -a $JOBR == "True" ] && \
|
|
||||||
exit 0 || exit 1
|
|
||||||
args:
|
|
||||||
executable: /bin/bash
|
|
||||||
register: wait_return_code
|
|
||||||
until: wait_return_code.rc == 0
|
|
||||||
retries: "{{ timeout }}"
|
|
||||||
delay: 1
|
|
||||||
rescue:
|
|
||||||
- name: "pods failed to come up in time, getting kubernetes objects status"
|
|
||||||
command: kubectl get --all-namespaces all -o wide --show-all
|
|
||||||
register: out
|
|
||||||
- name: "pods failed to come up in time, displaying kubernetes objects status"
|
|
||||||
debug: var=out.stdout_lines
|
|
||||||
- name: "pods failed to come up in time, stopping execution"
|
|
||||||
command: exit 1
|
|
@ -1,69 +0,0 @@
|
|||||||
# Copyright 2017 The Openstack-Helm Authors.
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
# you may not use this file except in compliance with the License.
|
|
||||||
# You may obtain a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
# See the License for the specific language governing permissions and
|
|
||||||
# limitations under the License.
|
|
||||||
|
|
||||||
- name: master
|
|
||||||
vars:
|
|
||||||
kubeadm_aio_action: clean-host
|
|
||||||
block:
|
|
||||||
- name: "kubeadm-aio performing action: {{ kubeadm_aio_action }}"
|
|
||||||
become: true
|
|
||||||
become_user: root
|
|
||||||
docker_container:
|
|
||||||
name: "kubeadm-{{ kubeadm_aio_action }}"
|
|
||||||
image: "{{ images.kubernetes.kubeadm_aio }}"
|
|
||||||
state: started
|
|
||||||
detach: false
|
|
||||||
recreate: yes
|
|
||||||
pid_mode: host
|
|
||||||
network_mode: host
|
|
||||||
capabilities: SYS_ADMIN
|
|
||||||
volumes:
|
|
||||||
- /sys:/sys:rw
|
|
||||||
- /run:/run:rw
|
|
||||||
- /:/mnt/rootfs:rw
|
|
||||||
- /etc:/etc:rw
|
|
||||||
env:
|
|
||||||
CONTAINER_NAME="kubeadm-{{ kubeadm_aio_action }}"
|
|
||||||
ACTION="{{ kubeadm_aio_action }}"
|
|
||||||
KUBE_BIND_DEVICE="{{ kubernetes_default_device }}"
|
|
||||||
USER_UID="{{ playbook_user_id }}"
|
|
||||||
USER_GID="{{ playbook_group_id }}"
|
|
||||||
USER_HOME="{{ playbook_user_dir }}"
|
|
||||||
CNI_ENABLED="{{ kubernetes.cluster.cni }}"
|
|
||||||
PVC_SUPPORT_CEPH=true
|
|
||||||
PVC_SUPPORT_NFS=true
|
|
||||||
NET_SUPPORT_LINUXBRIDGE=true
|
|
||||||
KUBE_NET_POD_SUBNET="{{ kubernetes.cluster.pod_subnet }}"
|
|
||||||
KUBE_NET_DNS_DOMAIN="{{ kubernetes.cluster.domain }}"
|
|
||||||
CONTAINER_RUNTIME=docker
|
|
||||||
register: kubeadm_master_deploy
|
|
||||||
ignore_errors: True
|
|
||||||
rescue:
|
|
||||||
- name: getting logs from kubeadm-aio container
|
|
||||||
command: "docker logs kubeadm-{{ kubeadm_aio_action }}"
|
|
||||||
become: true
|
|
||||||
become_user: root
|
|
||||||
register: out
|
|
||||||
- name: dumping logs from kubeadm-aio container
|
|
||||||
debug:
|
|
||||||
var: out.stdout_lines
|
|
||||||
- name: exiting if the kubeadm deploy failed
|
|
||||||
command: exit 1
|
|
||||||
always:
|
|
||||||
- name: removing kubeadm-aio container
|
|
||||||
become: true
|
|
||||||
become_user: root
|
|
||||||
docker_container:
|
|
||||||
name: "kubeadm-{{ kubeadm_aio_action }}"
|
|
||||||
state: absent
|
|
@ -1,27 +0,0 @@
|
|||||||
# Copyright 2017 The Openstack-Helm Authors.
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
# you may not use this file except in compliance with the License.
|
|
||||||
# You may obtain a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
# See the License for the specific language governing permissions and
|
|
||||||
# limitations under the License.
|
|
||||||
|
|
||||||
|
|
||||||
- name: setting node labels
|
|
||||||
vars:
|
|
||||||
kubeadm_kubelet_labels_node:
|
|
||||||
- "{% if nodes.labels.all is defined %}{% set comma = joiner(\",\") %}{% for item in nodes.labels.all %}{{ comma() }}{{ item.name }}={{ item.value }}{% endfor %}{% else %}\"\"{% endif %}"
|
|
||||||
- "{% set comma = joiner(\",\") %}{% for group in group_names %}{% if nodes.labels[group] is defined %}{% for item in nodes.labels[group] %}{{ comma() }}{{ item.name }}={{ item.value }}{% endfor %}{% else %}\"\"{% endif %}{% endfor %}"
|
|
||||||
set_fact:
|
|
||||||
kubeadm_kubelet_labels: "{% set comma = joiner(\",\") %}{% for item in kubeadm_kubelet_labels_node %}{{ comma() }}{{ item }}{% endfor %}"
|
|
||||||
|
|
||||||
- name: deploy-kubelet
|
|
||||||
vars:
|
|
||||||
kubeadm_aio_action: deploy-kubelet
|
|
||||||
include: util-kubeadm-aio-run.yaml
|
|
@ -1,35 +0,0 @@
|
|||||||
# Copyright 2017 The Openstack-Helm Authors.
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
# you may not use this file except in compliance with the License.
|
|
||||||
# You may obtain a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
# See the License for the specific language governing permissions and
|
|
||||||
# limitations under the License.
|
|
||||||
|
|
||||||
- name: setting playbook facts
|
|
||||||
set_fact:
|
|
||||||
playbook_user_id: "{{ ansible_user_uid }}"
|
|
||||||
playbook_group_id: "{{ ansible_user_gid }}"
|
|
||||||
playbook_user_dir: "{{ ansible_user_dir }}"
|
|
||||||
kubernetes_default_device: "{{ ansible_default_ipv4.alias }}"
|
|
||||||
kubernetes_default_address: null
|
|
||||||
|
|
||||||
- name: if we have defined a custom interface for kubernetes use that
|
|
||||||
when: kubernetes.network.default_device is defined and kubernetes.network.default_device
|
|
||||||
set_fact:
|
|
||||||
kubernetes_default_device: "{{ kubernetes.network.default_device }}"
|
|
||||||
|
|
||||||
- name: if we are in openstack infra use the private IP for kubernetes
|
|
||||||
when: (nodepool is defined) and (nodepool.private_ipv4 is defined)
|
|
||||||
set_fact:
|
|
||||||
kubernetes_default_address: "{{ nodepool.private_ipv4 }}"
|
|
||||||
|
|
||||||
- include: clean-node.yaml
|
|
||||||
|
|
||||||
- include: deploy-kubelet.yaml
|
|
@ -1,71 +0,0 @@
|
|||||||
# Copyright 2017 The Openstack-Helm Authors.
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
# you may not use this file except in compliance with the License.
|
|
||||||
# You may obtain a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
# See the License for the specific language governing permissions and
|
|
||||||
# limitations under the License.
|
|
||||||
|
|
||||||
- name: Run Kubeadm-AIO container
|
|
||||||
vars:
|
|
||||||
kubeadm_aio_action: null
|
|
||||||
kubeadm_kubelet_labels: ""
|
|
||||||
block:
|
|
||||||
- name: "performing {{ kubeadm_aio_action }} action"
|
|
||||||
become: true
|
|
||||||
become_user: root
|
|
||||||
docker_container:
|
|
||||||
name: "kubeadm-{{ kubeadm_aio_action }}"
|
|
||||||
image: "{{ images.kubernetes.kubeadm_aio }}"
|
|
||||||
state: started
|
|
||||||
detach: false
|
|
||||||
recreate: yes
|
|
||||||
pid_mode: host
|
|
||||||
network_mode: host
|
|
||||||
capabilities: SYS_ADMIN
|
|
||||||
volumes:
|
|
||||||
- /sys:/sys:rw
|
|
||||||
- /run:/run:rw
|
|
||||||
- /:/mnt/rootfs:rw
|
|
||||||
- /etc:/etc:rw
|
|
||||||
env:
|
|
||||||
CONTAINER_NAME="kubeadm-{{ kubeadm_aio_action }}"
|
|
||||||
ACTION="{{ kubeadm_aio_action }}"
|
|
||||||
KUBE_BIND_DEVICE="{{ kubernetes_default_device }}"
|
|
||||||
KUBE_BIND_ADDR="{{ kubernetes_default_address }}"
|
|
||||||
USER_UID="{{ playbook_user_id }}"
|
|
||||||
USER_GID="{{ playbook_group_id }}"
|
|
||||||
USER_HOME="{{ playbook_user_dir }}"
|
|
||||||
CNI_ENABLED="{{ kubernetes.cluster.cni }}"
|
|
||||||
PVC_SUPPORT_CEPH=true
|
|
||||||
PVC_SUPPORT_NFS=true
|
|
||||||
NET_SUPPORT_LINUXBRIDGE=true
|
|
||||||
KUBE_NET_POD_SUBNET="{{ kubernetes.cluster.pod_subnet }}"
|
|
||||||
KUBE_NET_DNS_DOMAIN="{{ kubernetes.cluster.domain }}"
|
|
||||||
CONTAINER_RUNTIME=docker
|
|
||||||
KUBELET_NODE_LABELS="{{ kubeadm_kubelet_labels }}"
|
|
||||||
register: kubeadm_master_deploy
|
|
||||||
rescue:
|
|
||||||
- name: "getting logs for {{ kubeadm_aio_action }} action"
|
|
||||||
command: "docker logs kubeadm-{{ kubeadm_aio_action }}"
|
|
||||||
become: true
|
|
||||||
become_user: root
|
|
||||||
register: out
|
|
||||||
- name: "dumping logs for {{ kubeadm_aio_action }} action"
|
|
||||||
debug:
|
|
||||||
var: out.stdout_lines
|
|
||||||
- name: "exiting if {{ kubeadm_aio_action }} action failed"
|
|
||||||
command: exit 1
|
|
||||||
always:
|
|
||||||
- name: "removing container for {{ kubeadm_aio_action }} action"
|
|
||||||
become: true
|
|
||||||
become_user: root
|
|
||||||
docker_container:
|
|
||||||
name: "kubeadm-{{ kubeadm_aio_action }}"
|
|
||||||
state: absent
|
|
@ -1,31 +0,0 @@
|
|||||||
# Copyright 2017 The Openstack-Helm Authors.
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
# you may not use this file except in compliance with the License.
|
|
||||||
# You may obtain a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
# See the License for the specific language governing permissions and
|
|
||||||
# limitations under the License.
|
|
||||||
|
|
||||||
- name: setting playbook user info facts before escalating privileges
|
|
||||||
set_fact:
|
|
||||||
playbook_user_id: "{{ ansible_user_uid }}"
|
|
||||||
playbook_group_id: "{{ ansible_user_gid }}"
|
|
||||||
playbook_user_dir: "{{ ansible_user_dir }}"
|
|
||||||
|
|
||||||
- name: deploying kubelet and support assets to node
|
|
||||||
include_role:
|
|
||||||
name: deploy-kubeadm-aio-common
|
|
||||||
tasks_from: main
|
|
||||||
|
|
||||||
- name: deploying kubernetes on master node
|
|
||||||
vars:
|
|
||||||
kubeadm_aio_action: deploy-kube
|
|
||||||
include_role:
|
|
||||||
name: deploy-kubeadm-aio-common
|
|
||||||
tasks_from: util-kubeadm-aio-run
|
|
@ -1,44 +0,0 @@
|
|||||||
# Copyright 2017 The Openstack-Helm Authors.
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
# you may not use this file except in compliance with the License.
|
|
||||||
# You may obtain a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
# See the License for the specific language governing permissions and
|
|
||||||
# limitations under the License.
|
|
||||||
|
|
||||||
- name: setting playbook user info facts before escalating privileges
|
|
||||||
set_fact:
|
|
||||||
playbook_user_id: "{{ ansible_user_uid }}"
|
|
||||||
playbook_group_id: "{{ ansible_user_gid }}"
|
|
||||||
playbook_user_dir: "{{ ansible_user_dir }}"
|
|
||||||
kube_master: "{{ groups['primary'][0] }}"
|
|
||||||
kube_worker: "{{ inventory_hostname }}"
|
|
||||||
|
|
||||||
- name: deploying kubelet and support assets to node
|
|
||||||
include_role:
|
|
||||||
name: deploy-kubeadm-aio-common
|
|
||||||
tasks_from: main
|
|
||||||
|
|
||||||
- name: generating the kubeadm join command for the node
|
|
||||||
include: util-generate-join-command.yaml
|
|
||||||
delegate_to: "{{ kube_master }}"
|
|
||||||
|
|
||||||
- name: joining node to kubernetes cluster
|
|
||||||
vars:
|
|
||||||
kubeadm_aio_action: join-kube
|
|
||||||
kubeadm_aio_join_command: "{{ kubeadm_cluster_join_command }}"
|
|
||||||
include: util-run-join-command.yaml
|
|
||||||
|
|
||||||
- name: waiting for node to be ready
|
|
||||||
delegate_to: "{{ kube_master }}"
|
|
||||||
command: kubectl get node "{{ ansible_fqdn }}" -o jsonpath="{$.status.conditions[?(@.reason=='KubeletReady')]['type']}"
|
|
||||||
register: task_result
|
|
||||||
until: task_result.stdout == 'Ready'
|
|
||||||
retries: 120
|
|
||||||
delay: 5
|
|
@ -1,56 +0,0 @@
|
|||||||
# Copyright 2017 The Openstack-Helm Authors.
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
# you may not use this file except in compliance with the License.
|
|
||||||
# You may obtain a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
# See the License for the specific language governing permissions and
|
|
||||||
# limitations under the License.
|
|
||||||
|
|
||||||
- name: generate the kubeadm join command for nodes
|
|
||||||
vars:
|
|
||||||
kubeadm_aio_action: generate-join-cmd
|
|
||||||
kubeadm_cluster_join_ttl: 30m
|
|
||||||
kube_worker: null
|
|
||||||
block:
|
|
||||||
- name: "deploying kubeadm {{ kubeadm_aio_action }} container"
|
|
||||||
become: true
|
|
||||||
become_user: root
|
|
||||||
docker_container:
|
|
||||||
name: "kubeadm-{{ kube_worker }}-{{ kubeadm_aio_action }}"
|
|
||||||
image: "{{ images.kubernetes.kubeadm_aio }}"
|
|
||||||
state: started
|
|
||||||
detach: false
|
|
||||||
recreate: yes
|
|
||||||
network_mode: host
|
|
||||||
volumes:
|
|
||||||
- /etc/kubernetes:/etc/kubernetes:ro
|
|
||||||
env:
|
|
||||||
ACTION=generate-join-cmd
|
|
||||||
TTL="{{ kubeadm_cluster_join_ttl }}"
|
|
||||||
register: kubeadm_generate_join_command
|
|
||||||
- name: "getting logs for {{ kubeadm_aio_action }} action"
|
|
||||||
command: "docker logs kubeadm-{{ kube_worker }}-{{ kubeadm_aio_action }}"
|
|
||||||
become: true
|
|
||||||
become_user: root
|
|
||||||
register: kubeadm_aio_action_logs
|
|
||||||
- name: storing cluster join command
|
|
||||||
set_fact: kubeadm_cluster_join_command="{{ kubeadm_aio_action_logs.stdout }}"
|
|
||||||
rescue:
|
|
||||||
- name: "dumping logs for {{ kubeadm_aio_action }} action"
|
|
||||||
debug:
|
|
||||||
var: kubeadm_aio_action_logs.stdout_lines
|
|
||||||
- name: "exiting if {{ kubeadm_aio_action }} action failed"
|
|
||||||
command: exit 1
|
|
||||||
always:
|
|
||||||
- name: "removing container for {{ kubeadm_aio_action }} action"
|
|
||||||
become: true
|
|
||||||
become_user: root
|
|
||||||
docker_container:
|
|
||||||
name: "kubeadm-{{ kube_worker }}-{{ kubeadm_aio_action }}"
|
|
||||||
state: absent
|
|
@ -1,59 +0,0 @@
|
|||||||
# Copyright 2017 The Openstack-Helm Authors.
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
# you may not use this file except in compliance with the License.
|
|
||||||
# You may obtain a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
# See the License for the specific language governing permissions and
|
|
||||||
# limitations under the License.
|
|
||||||
|
|
||||||
- name: master
|
|
||||||
vars:
|
|
||||||
kubeadm_aio_action: join-kube
|
|
||||||
kubeadm_aio_join_command: null
|
|
||||||
block:
|
|
||||||
- name: "deploying kubeadm {{ kubeadm_aio_action }} container"
|
|
||||||
become: true
|
|
||||||
become_user: root
|
|
||||||
docker_container:
|
|
||||||
name: "kubeadm-{{ kubeadm_aio_action }}"
|
|
||||||
image: "{{ images.kubernetes.kubeadm_aio }}"
|
|
||||||
state: started
|
|
||||||
detach: false
|
|
||||||
recreate: yes
|
|
||||||
pid_mode: host
|
|
||||||
network_mode: host
|
|
||||||
capabilities: SYS_ADMIN
|
|
||||||
volumes:
|
|
||||||
- /sys:/sys:rw
|
|
||||||
- /run:/run:rw
|
|
||||||
- /:/mnt/rootfs:rw
|
|
||||||
- /etc:/etc:rw
|
|
||||||
env:
|
|
||||||
CONTAINER_NAME="kubeadm-{{ kubeadm_aio_action }}"
|
|
||||||
ACTION="{{ kubeadm_aio_action }}"
|
|
||||||
KUBEADM_JOIN_COMMAND="{{ kubeadm_aio_join_command }}"
|
|
||||||
register: kubeadm_aio_join_container
|
|
||||||
rescue:
|
|
||||||
- name: "getting logs for {{ kubeadm_aio_action }} action"
|
|
||||||
command: "docker logs kubeadm-{{ kubeadm_aio_action }}"
|
|
||||||
become: true
|
|
||||||
become_user: root
|
|
||||||
register: kubeadm_aio_join_container_output
|
|
||||||
- name: "dumping logs for {{ kubeadm_aio_action }} action"
|
|
||||||
debug:
|
|
||||||
msg: "{{ kubeadm_aio_join_container_output.stdout_lines }}"
|
|
||||||
- name: "exiting if {{ kubeadm_aio_action }} action failed"
|
|
||||||
command: exit 1
|
|
||||||
always:
|
|
||||||
- name: "removing container for {{ kubeadm_aio_action }} action"
|
|
||||||
become: true
|
|
||||||
become_user: root
|
|
||||||
docker_container:
|
|
||||||
name: "kubeadm-{{ kubeadm_aio_action }}"
|
|
||||||
state: absent
|
|
@ -1,46 +0,0 @@
|
|||||||
# Copyright 2017 The Openstack-Helm Authors.
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
# you may not use this file except in compliance with the License.
|
|
||||||
# You may obtain a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
# See the License for the specific language governing permissions and
|
|
||||||
# limitations under the License.
|
|
||||||
|
|
||||||
- name: managing distro packages for ubuntu
|
|
||||||
become: true
|
|
||||||
become_user: root
|
|
||||||
when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'
|
|
||||||
vars:
|
|
||||||
state: present
|
|
||||||
apt:
|
|
||||||
name: "{{ item }}"
|
|
||||||
state: "{{ state }}"
|
|
||||||
with_items: "{{ packages.deb }}"
|
|
||||||
|
|
||||||
- name: managing distro packages for centos
|
|
||||||
become: true
|
|
||||||
become_user: root
|
|
||||||
when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux'
|
|
||||||
vars:
|
|
||||||
state: present
|
|
||||||
yum:
|
|
||||||
name: "{{ item }}"
|
|
||||||
state: "{{ state }}"
|
|
||||||
with_items: "{{ packages.rpm }}"
|
|
||||||
|
|
||||||
- name: managing distro packages for fedora
|
|
||||||
become: true
|
|
||||||
become_user: root
|
|
||||||
when: ansible_distribution == 'Fedora'
|
|
||||||
vars:
|
|
||||||
state: present
|
|
||||||
dnf:
|
|
||||||
name: "{{ item }}"
|
|
||||||
state: "{{ state }}"
|
|
||||||
with_items: "{{ packages.rpm }}"
|
|
@ -1,27 +0,0 @@
|
|||||||
# Copyright 2017 The Openstack-Helm Authors.
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
# you may not use this file except in compliance with the License.
|
|
||||||
# You may obtain a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
# See the License for the specific language governing permissions and
|
|
||||||
# limitations under the License.
|
|
||||||
|
|
||||||
- name: managing pip packages
|
|
||||||
become: true
|
|
||||||
become_user: root
|
|
||||||
environment:
|
|
||||||
http_proxy: "{{ proxy.http }}"
|
|
||||||
https_proxy: "{{ proxy.https }}"
|
|
||||||
no_proxy: "{{ proxy.noproxy }}"
|
|
||||||
vars:
|
|
||||||
state: present
|
|
||||||
pip:
|
|
||||||
name: "{{ item }}"
|
|
||||||
state: "{{ state }}"
|
|
||||||
with_items: "{{ packages }}"
|
|
@ -1,48 +0,0 @@
|
|||||||
# Copyright 2017 The Openstack-Helm Authors.
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
# you may not use this file except in compliance with the License.
|
|
||||||
# You may obtain a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
# See the License for the specific language governing permissions and
|
|
||||||
# limitations under the License.
|
|
||||||
|
|
||||||
- name: ensuring python pip package is present for ubuntu
|
|
||||||
when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'
|
|
||||||
apt:
|
|
||||||
name: python-pip
|
|
||||||
state: present
|
|
||||||
|
|
||||||
- name: ensuring python pip package is present for centos
|
|
||||||
when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux'
|
|
||||||
block:
|
|
||||||
- name: ensuring epel-release package is present for centos as python-pip is in the epel repo
|
|
||||||
yum:
|
|
||||||
name: epel-release
|
|
||||||
state: present
|
|
||||||
- name: ensuring python pip package is present for centos
|
|
||||||
yum:
|
|
||||||
name: python-devel
|
|
||||||
state: present
|
|
||||||
|
|
||||||
- name: ensuring python pip package is present for fedora via the python-devel rpm
|
|
||||||
when: ansible_distribution == 'Fedora'
|
|
||||||
dnf:
|
|
||||||
name: python2-pip
|
|
||||||
state: present
|
|
||||||
|
|
||||||
- name: ensuring pip is the latest version
|
|
||||||
become: true
|
|
||||||
become_user: root
|
|
||||||
environment:
|
|
||||||
http_proxy: "{{ proxy.http }}"
|
|
||||||
https_proxy: "{{ proxy.https }}"
|
|
||||||
no_proxy: "{{ proxy.noproxy }}"
|
|
||||||
pip:
|
|
||||||
name: pip
|
|
||||||
state: latest
|
|
@ -1,16 +0,0 @@
|
|||||||
# Copyright 2017 The Openstack-Helm Authors.
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
# you may not use this file except in compliance with the License.
|
|
||||||
# You may obtain a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
# See the License for the specific language governing permissions and
|
|
||||||
# limitations under the License.
|
|
||||||
|
|
||||||
- name: ensuring python2 is present on all hosts
|
|
||||||
raw: test -e /usr/bin/python || (sudo apt -y update && sudo apt install -y python-minimal) || (sudo yum install -y python) || (sudo dnf install -y python2)
|
|
@ -1,43 +0,0 @@
|
|||||||
# Copyright 2017 The Openstack-Helm Authors.
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
# you may not use this file except in compliance with the License.
|
|
||||||
# You may obtain a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
# See the License for the specific language governing permissions and
|
|
||||||
# limitations under the License.
|
|
||||||
|
|
||||||
- block:
|
|
||||||
- name: ensuring jq is deployed on host
|
|
||||||
when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu' or ansible_distribution == 'Fedora'
|
|
||||||
include_role:
|
|
||||||
name: deploy-package
|
|
||||||
tasks_from: dist
|
|
||||||
vars:
|
|
||||||
packages:
|
|
||||||
deb:
|
|
||||||
- jq
|
|
||||||
rpm:
|
|
||||||
- jq
|
|
||||||
- name: removing jq binary on centos
|
|
||||||
become: true
|
|
||||||
become_user: root
|
|
||||||
when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux'
|
|
||||||
file:
|
|
||||||
path: "{{ item }}"
|
|
||||||
state: absent
|
|
||||||
with_items:
|
|
||||||
- /usr/bin/jq
|
|
||||||
- name: installing jq 1.5 binary for centos
|
|
||||||
become: true
|
|
||||||
become_user: root
|
|
||||||
when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux'
|
|
||||||
get_url:
|
|
||||||
url: https://github.com/stedolan/jq/releases/download/jq-1.5/jq-linux64
|
|
||||||
dest: /usr/bin/jq
|
|
||||||
mode: 0555
|
|
@ -1,108 +0,0 @@
|
|||||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
# you may not use this file except in compliance with the License.
|
|
||||||
# You may obtain a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
# See the License for the specific language governing permissions and
|
|
||||||
# limitations under the License.
|
|
||||||
|
|
||||||
- name: "creating directory for cluster scoped objects"
|
|
||||||
file:
|
|
||||||
path: "{{ logs_dir }}/objects/cluster"
|
|
||||||
state: directory
|
|
||||||
|
|
||||||
- name: "Gathering descriptions for cluster scoped objects"
|
|
||||||
shell: |-
|
|
||||||
set -e
|
|
||||||
export OBJECT_TYPE=node,clusterrole,clusterrolebinding,storageclass,namespace
|
|
||||||
export PARALLELISM_FACTOR=2
|
|
||||||
|
|
||||||
function list_objects () {
|
|
||||||
printf ${OBJECT_TYPE} | xargs -d ',' -I {} -P1 -n1 bash -c 'echo "$@"' _ {}
|
|
||||||
}
|
|
||||||
export -f list_objects
|
|
||||||
|
|
||||||
function name_objects () {
|
|
||||||
export OBJECT=$1
|
|
||||||
kubectl get ${OBJECT} -o name | xargs -L1 -I {} -P1 -n1 bash -c 'echo "${OBJECT} ${1#*/}"' _ {}
|
|
||||||
}
|
|
||||||
export -f name_objects
|
|
||||||
|
|
||||||
function get_objects () {
|
|
||||||
input=($1)
|
|
||||||
export OBJECT=${input[0]}
|
|
||||||
export NAME=${input[1]#*/}
|
|
||||||
echo "${OBJECT}/${NAME}"
|
|
||||||
DIR="{{ logs_dir }}/objects/cluster/${OBJECT}"
|
|
||||||
mkdir -p ${DIR}
|
|
||||||
kubectl get ${OBJECT} ${NAME} -o yaml > "${DIR}/${NAME}.yaml"
|
|
||||||
kubectl describe ${OBJECT} ${NAME} > "${DIR}/${NAME}.txt"
|
|
||||||
}
|
|
||||||
export -f get_objects
|
|
||||||
|
|
||||||
list_objects | \
|
|
||||||
xargs -r -n 1 -P ${PARALLELISM_FACTOR} -I {} bash -c 'name_objects "$@"' _ {} | \
|
|
||||||
xargs -r -n 1 -P ${PARALLELISM_FACTOR} -I {} bash -c 'get_objects "$@"' _ {}
|
|
||||||
args:
|
|
||||||
executable: /bin/bash
|
|
||||||
ignore_errors: True
|
|
||||||
|
|
||||||
- name: "creating directory for namespace scoped objects"
|
|
||||||
file:
|
|
||||||
path: "{{ logs_dir }}/objects/namespaced"
|
|
||||||
state: directory
|
|
||||||
|
|
||||||
- name: "Gathering descriptions for namespace scoped objects"
|
|
||||||
shell: |-
|
|
||||||
set -e
|
|
||||||
export OBJECT_TYPE=configmaps,cronjobs,daemonsets,deployment,endpoints,ingresses,jobs,networkpolicies,pods,podsecuritypolicies,persistentvolumeclaims,rolebindings,roles,secrets,serviceaccounts,services,statefulsets
|
|
||||||
export PARALLELISM_FACTOR=2
|
|
||||||
function get_namespaces () {
|
|
||||||
kubectl get namespaces -o name | awk -F '/' '{ print $NF }'
|
|
||||||
}
|
|
||||||
|
|
||||||
function list_namespaced_objects () {
|
|
||||||
export NAMESPACE=$1
|
|
||||||
printf ${OBJECT_TYPE} | xargs -d ',' -I {} -P1 -n1 bash -c 'echo "${NAMESPACE} $@"' _ {}
|
|
||||||
}
|
|
||||||
export -f list_namespaced_objects
|
|
||||||
|
|
||||||
function name_objects () {
|
|
||||||
input=($1)
|
|
||||||
export NAMESPACE=${input[0]}
|
|
||||||
export OBJECT=${input[1]}
|
|
||||||
kubectl get -n ${NAMESPACE} ${OBJECT} -o name | xargs -L1 -I {} -P1 -n1 bash -c 'echo "${NAMESPACE} ${OBJECT} $@"' _ {}
|
|
||||||
}
|
|
||||||
export -f name_objects
|
|
||||||
|
|
||||||
function get_objects () {
|
|
||||||
input=($1)
|
|
||||||
export NAMESPACE=${input[0]}
|
|
||||||
export OBJECT=${input[1]}
|
|
||||||
export NAME=${input[2]#*/}
|
|
||||||
echo "${NAMESPACE}/${OBJECT}/${NAME}"
|
|
||||||
DIR="{{ logs_dir }}/objects/namespaced/${NAMESPACE}/${OBJECT}"
|
|
||||||
mkdir -p ${DIR}
|
|
||||||
kubectl get -n ${NAMESPACE} ${OBJECT} ${NAME} -o yaml > "${DIR}/${NAME}.yaml"
|
|
||||||
kubectl describe -n ${NAMESPACE} ${OBJECT} ${NAME} > "${DIR}/${NAME}.txt"
|
|
||||||
}
|
|
||||||
export -f get_objects
|
|
||||||
|
|
||||||
get_namespaces | \
|
|
||||||
xargs -r -n 1 -P ${PARALLELISM_FACTOR} -I {} bash -c 'list_namespaced_objects "$@"' _ {} | \
|
|
||||||
xargs -r -n 1 -P ${PARALLELISM_FACTOR} -I {} bash -c 'name_objects "$@"' _ {} | \
|
|
||||||
xargs -r -n 1 -P ${PARALLELISM_FACTOR} -I {} bash -c 'get_objects "$@"' _ {}
|
|
||||||
args:
|
|
||||||
executable: /bin/bash
|
|
||||||
ignore_errors: True
|
|
||||||
|
|
||||||
- name: "Downloads logs to executor"
|
|
||||||
synchronize:
|
|
||||||
src: "{{ logs_dir }}/objects"
|
|
||||||
dest: "{{ zuul.executor.log_root }}/{{ inventory_hostname }}"
|
|
||||||
mode: pull
|
|
||||||
ignore_errors: yes
|
|
@ -1,39 +0,0 @@
|
|||||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
# you may not use this file except in compliance with the License.
|
|
||||||
# You may obtain a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
# See the License for the specific language governing permissions and
|
|
||||||
# limitations under the License.
|
|
||||||
|
|
||||||
- name: "creating directory for system status"
|
|
||||||
file:
|
|
||||||
path: "{{ logs_dir }}/system"
|
|
||||||
state: directory
|
|
||||||
|
|
||||||
- name: "Get logs for each host"
|
|
||||||
become: yes
|
|
||||||
shell: |-
|
|
||||||
set -x
|
|
||||||
systemd-cgls --full --all --no-pager > {{ logs_dir }}/system/systemd-cgls.txt
|
|
||||||
ip addr > {{ logs_dir }}/system/ip-addr.txt
|
|
||||||
ip route > {{ logs_dir }}/system/ip-route.txt
|
|
||||||
lsblk > {{ logs_dir }}/system/lsblk.txt
|
|
||||||
mount > {{ logs_dir }}/system/mount.txt
|
|
||||||
docker images > {{ logs_dir }}/system/docker-images.txt
|
|
||||||
brctl show > {{ logs_dir }}/system/brctl-show.txt
|
|
||||||
ps aux --sort=-%mem > {{ logs_dir }}/system/ps.txt
|
|
||||||
args:
|
|
||||||
executable: /bin/bash
|
|
||||||
ignore_errors: True
|
|
||||||
|
|
||||||
- name: "Downloads logs to executor"
|
|
||||||
synchronize:
|
|
||||||
src: "{{ logs_dir }}/system"
|
|
||||||
dest: "{{ zuul.executor.log_root }}/{{ inventory_hostname }}"
|
|
||||||
mode: pull
|
|
||||||
ignore_errors: True
|
|
@ -1,54 +0,0 @@
|
|||||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
# you may not use this file except in compliance with the License.
|
|
||||||
# You may obtain a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
# See the License for the specific language governing permissions and
|
|
||||||
# limitations under the License.
|
|
||||||
|
|
||||||
- name: "creating directory for pod logs"
|
|
||||||
file:
|
|
||||||
path: "{{ logs_dir }}/pod-logs"
|
|
||||||
state: directory
|
|
||||||
|
|
||||||
- name: "retrieve all container logs"
|
|
||||||
shell: |-
|
|
||||||
set -e
|
|
||||||
PARALLELISM_FACTOR=2
|
|
||||||
function get_namespaces () {
|
|
||||||
kubectl get namespaces -o name | awk -F '/' '{ print $NF }'
|
|
||||||
}
|
|
||||||
function get_pods () {
|
|
||||||
NAMESPACE=$1
|
|
||||||
kubectl get pods -n ${NAMESPACE} -o name --show-all | awk -F '/' '{ print $NF }' | xargs -L1 -P 1 -I {} echo ${NAMESPACE} {}
|
|
||||||
}
|
|
||||||
export -f get_pods
|
|
||||||
function get_pod_logs () {
|
|
||||||
NAMESPACE=${1% *}
|
|
||||||
POD=${1#* }
|
|
||||||
INIT_CONTAINERS=$(kubectl get pod $POD -n ${NAMESPACE} -o json | jq -r '.spec.initContainers[]?.name')
|
|
||||||
CONTAINERS=$(kubectl get pod $POD -n ${NAMESPACE} -o json | jq -r '.spec.containers[].name')
|
|
||||||
for CONTAINER in ${INIT_CONTAINERS} ${CONTAINERS}; do
|
|
||||||
echo "${NAMESPACE}/${POD}/${CONTAINER}"
|
|
||||||
mkdir -p "{{ logs_dir }}/pod-logs/${NAMESPACE}/${POD}"
|
|
||||||
kubectl logs ${POD} -n ${NAMESPACE} -c ${CONTAINER} > "{{ logs_dir }}/pod-logs/${NAMESPACE}/${POD}/${CONTAINER}.txt"
|
|
||||||
done
|
|
||||||
}
|
|
||||||
export -f get_pod_logs
|
|
||||||
get_namespaces | \
|
|
||||||
xargs -r -n 1 -P ${PARALLELISM_FACTOR} -I {} bash -c 'get_pods "$@"' _ {} | \
|
|
||||||
xargs -r -n 2 -P ${PARALLELISM_FACTOR} -I {} bash -c 'get_pod_logs "$@"' _ {}
|
|
||||||
args:
|
|
||||||
executable: /bin/bash
|
|
||||||
ignore_errors: True
|
|
||||||
|
|
||||||
- name: "Downloads logs to executor"
|
|
||||||
synchronize:
|
|
||||||
src: "{{ logs_dir }}/pod-logs"
|
|
||||||
dest: "{{ zuul.executor.log_root }}/{{ inventory_hostname }}"
|
|
||||||
mode: pull
|
|
||||||
ignore_errors: True
|
|
@ -1,44 +0,0 @@
|
|||||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
# you may not use this file except in compliance with the License.
|
|
||||||
# You may obtain a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
# See the License for the specific language governing permissions and
|
|
||||||
# limitations under the License.
|
|
||||||
|
|
||||||
- name: "creating directory for helm release descriptions"
|
|
||||||
file:
|
|
||||||
path: "{{ logs_dir }}/prometheus"
|
|
||||||
state: directory
|
|
||||||
|
|
||||||
- name: "Get prometheus metrics from exporters in all namespaces"
|
|
||||||
shell: |-
|
|
||||||
set -e
|
|
||||||
NAMESPACES=$(kubectl get namespaces -o json | jq -r '.items[].metadata.name')
|
|
||||||
for NS in $NAMESPACES; do
|
|
||||||
SERVICES=$(kubectl get svc -l component=metrics -n $NS -o json | jq -r '.items[].metadata.name')
|
|
||||||
for SVC in $SERVICES; do
|
|
||||||
PORT=$(kubectl get svc $SVC -n $NS -o json | jq -r '.spec.ports[].port')
|
|
||||||
curl "$SVC.$NS:$PORT/metrics" >> "{{ logs_dir }}"/prometheus/$NS-$SVC.txt
|
|
||||||
done
|
|
||||||
done
|
|
||||||
args:
|
|
||||||
executable: /bin/bash
|
|
||||||
|
|
||||||
- name: "Get prometheus metrics from tiller-deploy"
|
|
||||||
shell: |-
|
|
||||||
set -e
|
|
||||||
curl tiller-deploy.kube-system:44135/metrics >> "{{ logs_dir }}"/prometheus/kube-system-tiller-deploy.txt
|
|
||||||
args:
|
|
||||||
executable: /bin/bash
|
|
||||||
|
|
||||||
- name: "Downloads logs to executor"
|
|
||||||
synchronize:
|
|
||||||
src: "{{ logs_dir }}/prometheus"
|
|
||||||
dest: "{{ zuul.executor.log_root }}/{{ inventory_hostname }}"
|
|
||||||
mode: pull
|
|
||||||
ignore_errors: True
|
|
@ -1,44 +0,0 @@
|
|||||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
# you may not use this file except in compliance with the License.
|
|
||||||
# You may obtain a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
# See the License for the specific language governing permissions and
|
|
||||||
# limitations under the License.
|
|
||||||
|
|
||||||
- name: "creating directory for helm release status"
|
|
||||||
file:
|
|
||||||
path: "{{ logs_dir }}/helm"
|
|
||||||
state: directory
|
|
||||||
|
|
||||||
- name: "retrieve all deployed charts"
|
|
||||||
shell: |-
|
|
||||||
set -e
|
|
||||||
helm ls --short
|
|
||||||
args:
|
|
||||||
executable: /bin/bash
|
|
||||||
register: helm_releases
|
|
||||||
|
|
||||||
- name: "Gather get release status for helm charts"
|
|
||||||
shell: |-
|
|
||||||
set -e
|
|
||||||
helm status {{ helm_released }} >> {{ logs_dir }}/helm/{{ helm_release }}.txt
|
|
||||||
args:
|
|
||||||
executable: /bin/bash
|
|
||||||
ignore_errors: True
|
|
||||||
vars:
|
|
||||||
helm_release: "{{ helm_released }}"
|
|
||||||
loop_control:
|
|
||||||
loop_var: helm_released
|
|
||||||
with_items: "{{ helm_releases.stdout_lines }}"
|
|
||||||
|
|
||||||
- name: "Downloads logs to executor"
|
|
||||||
synchronize:
|
|
||||||
src: "{{ logs_dir }}/helm"
|
|
||||||
dest: "{{ zuul.executor.log_root }}/{{ inventory_hostname }}"
|
|
||||||
mode: pull
|
|
||||||
ignore_errors: True
|
|
@ -1,26 +0,0 @@
|
|||||||
# Copyright 2017 The Openstack-Helm Authors.
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
# you may not use this file except in compliance with the License.
|
|
||||||
# You may obtain a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
# See the License for the specific language governing permissions and
|
|
||||||
# limitations under the License.
|
|
||||||
|
|
||||||
- name: Ensure docker python packages deployed
|
|
||||||
include_role:
|
|
||||||
name: deploy-package
|
|
||||||
tasks_from: pip
|
|
||||||
vars:
|
|
||||||
packages:
|
|
||||||
- yq
|
|
||||||
|
|
||||||
- name: pull all images used in repo
|
|
||||||
make:
|
|
||||||
chdir: "{{ work_dir }}"
|
|
||||||
target: pull-all-images
|
|
@ -1,29 +0,0 @@
|
|||||||
# Copyright 2017 The Openstack-Helm Authors.
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
# you may not use this file except in compliance with the License.
|
|
||||||
# You may obtain a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
# See the License for the specific language governing permissions and
|
|
||||||
# limitations under the License.
|
|
||||||
|
|
||||||
#NOTE(portdirect): This needs refinement but drops the firewall on zuul nodes
|
|
||||||
- name: deploy iptables packages
|
|
||||||
include_role:
|
|
||||||
name: deploy-package
|
|
||||||
tasks_from: dist
|
|
||||||
vars:
|
|
||||||
packages:
|
|
||||||
deb:
|
|
||||||
- iptables
|
|
||||||
rpm:
|
|
||||||
- iptables
|
|
||||||
- command: iptables -S
|
|
||||||
- command: iptables -F
|
|
||||||
- command: iptables -P INPUT ACCEPT
|
|
||||||
- command: iptables -S
|
|
@ -1,42 +0,0 @@
|
|||||||
# Copyright 2017 The Openstack-Helm Authors.
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
# you may not use this file except in compliance with the License.
|
|
||||||
# You may obtain a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
# See the License for the specific language governing permissions and
|
|
||||||
# limitations under the License.
|
|
||||||
|
|
||||||
- name: Upgrade to HWE kernel on Ubuntu Hosts
|
|
||||||
when: ansible_distribution == 'Ubuntu'
|
|
||||||
block:
|
|
||||||
- name: Deploy HWE kernel on Ubuntu Hosts
|
|
||||||
include_role:
|
|
||||||
name: deploy-package
|
|
||||||
tasks_from: dist
|
|
||||||
vars:
|
|
||||||
packages:
|
|
||||||
deb:
|
|
||||||
- linux-generic-hwe-16.04
|
|
||||||
- name: Reboot Host following kernel upgrade
|
|
||||||
shell: sleep 2 && reboot
|
|
||||||
sudo: yes
|
|
||||||
async: 30
|
|
||||||
poll: 0
|
|
||||||
ignore_errors: true
|
|
||||||
args:
|
|
||||||
executable: /bin/bash
|
|
||||||
- name: Wait for hosts to come up following reboot
|
|
||||||
wait_for:
|
|
||||||
host: '{{ hostvars[item].ansible_host }}'
|
|
||||||
port: 22
|
|
||||||
state: started
|
|
||||||
delay: 60
|
|
||||||
timeout: 240
|
|
||||||
with_items: '{{ play_hosts }}'
|
|
||||||
connection: local
|
|
@ -52,18 +52,6 @@
|
|||||||
dest: /etc/systemd/system/docker.service.d/http-proxy.conf
|
dest: /etc/systemd/system/docker.service.d/http-proxy.conf
|
||||||
mode: 0640
|
mode: 0640
|
||||||
|
|
||||||
- name: centos | add docker-ce repository
|
|
||||||
when: ( ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux' ) and ( need_docker | failed )
|
|
||||||
get_url:
|
|
||||||
url: https://download.docker.com/linux/centos/docker-ce.repo
|
|
||||||
dest: /etc/yum.repos.d/docker-ce.repo
|
|
||||||
|
|
||||||
- name: fedora | add docker-ce repository
|
|
||||||
when: ( ansible_distribution == 'Fedora' ) and ( need_docker | failed )
|
|
||||||
get_url:
|
|
||||||
url: https://download.docker.com/linux/fedora/docker-ce.repo
|
|
||||||
dest: /etc/yum.repos.d/docker-ce.repo
|
|
||||||
|
|
||||||
- name: deploy docker packages
|
- name: deploy docker packages
|
||||||
when: need_docker | failed
|
when: need_docker | failed
|
||||||
include_role:
|
include_role:
|
||||||
@ -74,7 +62,7 @@
|
|||||||
deb:
|
deb:
|
||||||
- docker.io
|
- docker.io
|
||||||
rpm:
|
rpm:
|
||||||
- docker-ce
|
- docker
|
||||||
|
|
||||||
- name: restarting docker
|
- name: restarting docker
|
||||||
systemd:
|
systemd:
|
||||||
|
@ -1,8 +1,7 @@
|
|||||||
[Unit]
|
[Unit]
|
||||||
Description=Docker Application Container Engine
|
Description=Docker Application Container Engine
|
||||||
Documentation=https://docs.docker.com
|
Documentation=http://docs.docker.com
|
||||||
After=network-online.target firewalld.service
|
After=network.target
|
||||||
Wants=network-online.target
|
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
Type=notify
|
Type=notify
|
||||||
@ -10,10 +9,13 @@ NotifyAccess=all
|
|||||||
Environment=GOTRACEBACK=crash
|
Environment=GOTRACEBACK=crash
|
||||||
Environment=DOCKER_HTTP_HOST_COMPAT=1
|
Environment=DOCKER_HTTP_HOST_COMPAT=1
|
||||||
Environment=PATH=/usr/libexec/docker:/usr/bin:/usr/sbin
|
Environment=PATH=/usr/libexec/docker:/usr/bin:/usr/sbin
|
||||||
ExecStart=/usr/bin/dockerd \
|
ExecStart=/usr/bin/dockerd-current \
|
||||||
|
--add-runtime docker-runc=/usr/libexec/docker/docker-runc-current \
|
||||||
|
--default-runtime=docker-runc \
|
||||||
--exec-opt native.cgroupdriver=systemd \
|
--exec-opt native.cgroupdriver=systemd \
|
||||||
--userland-proxy-path=/usr/libexec/docker/docker-proxy \
|
--userland-proxy-path=/usr/libexec/docker/docker-proxy-current \
|
||||||
--data-root=/var/lib/docker \
|
--seccomp-profile=/etc/docker/seccomp.json \
|
||||||
|
--graph=/var/lib/docker \
|
||||||
--storage-driver=overlay2 \
|
--storage-driver=overlay2 \
|
||||||
--log-driver=json-file \
|
--log-driver=json-file \
|
||||||
--iptables=false
|
--iptables=false
|
||||||
|
@ -1,19 +1,21 @@
|
|||||||
[Unit]
|
[Unit]
|
||||||
Description=Docker Application Container Engine
|
Description=Docker Application Container Engine
|
||||||
Documentation=https://docs.docker.com
|
Documentation=http://docs.docker.com
|
||||||
After=network-online.target firewalld.service
|
After=network.target docker-containerd.service
|
||||||
Wants=network-online.target
|
Requires=docker-containerd.service
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
Type=notify
|
Type=notify
|
||||||
Environment=GOTRACEBACK=crash
|
Environment=GOTRACEBACK=crash
|
||||||
# the default is not to use systemd for cgroups because the delegate issues still
|
ExecStart=/usr/bin/dockerd-current \
|
||||||
# exists and systemd currently does not support the cgroup feature set required
|
--add-runtime oci=/usr/libexec/docker/docker-runc-current \
|
||||||
# for containers run by docker
|
--default-runtime=oci \
|
||||||
ExecStart=/usr/bin/dockerd \
|
--containerd /run/containerd.sock \
|
||||||
--exec-opt native.cgroupdriver=systemd \
|
--exec-opt native.cgroupdriver=systemd \
|
||||||
--userland-proxy-path=/usr/libexec/docker/docker-proxy \
|
--userland-proxy-path=/usr/libexec/docker/docker-proxy-current \
|
||||||
--data-root=/var/lib/docker \
|
--init-path=/usr/libexec/docker/docker-init-current \
|
||||||
|
--seccomp-profile=/etc/docker/seccomp.json \
|
||||||
|
--graph=/var/lib/docker \
|
||||||
--storage-driver=overlay2 \
|
--storage-driver=overlay2 \
|
||||||
--log-driver=json-file \
|
--log-driver=json-file \
|
||||||
--iptables=false
|
--iptables=false
|
||||||
|
@ -47,6 +47,7 @@ function ansible_install {
|
|||||||
elif [ "x$ID" == "xfedora" ]; then
|
elif [ "x$ID" == "xfedora" ]; then
|
||||||
sudo dnf install -y \
|
sudo dnf install -y \
|
||||||
python-devel \
|
python-devel \
|
||||||
|
libselinux-python \
|
||||||
redhat-rpm-config \
|
redhat-rpm-config \
|
||||||
gcc \
|
gcc \
|
||||||
jq
|
jq
|
||||||
|
Loading…
Reference in New Issue
Block a user