heat_template_version: ocata description: Triggers a Mistral workflow for the deployment of Kubernetes parameters: RoleNetIpMap: default: {} type: json ServiceData: default: {} description: Dictionary packing service data type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set via parameter_defaults in the resource registry. This mapping overrides those in ServiceNetMapDefaults. type: json DefaultPasswords: default: {} type: json RoleName: default: '' description: Role name on which the service is applied type: string RoleParameters: default: {} description: Parameters specific to the role type: json EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json outputs: role_data: description: Role data for the Kubernetes Service value: service_name: kubernetes_master config_settings: tripleo.kubernetes_master.firewall_rules: '200 kubernetes-master api': dport: 6443 proto: tcp '200 kubernetes-master etcd': dport: - 2379 - 2380 proto: tcp '200 kubernetes-master flannel': dport: - 8285 - 8472 proto: udp upgrade_tasks: [] step_config: '' external_deploy_tasks: # FIXME: remove this block when kubespray is packaged - name: kubernetes_master step 2 kubespray repository when: step == '2' block: - name: check kubespray directory existence stat: path: /usr/share/kubespray register: kubespray_stat - name: clone kubespray repo git: repo: https://github.com/kubernetes-incubator/kubespray dest: /usr/share/kubespray update: no become: yes become_user: root when: not kubespray_stat.stat.exists - name: kubernetes_master step 2 when: step == '2' block: - name: create kubespray temp dirs file: path: "{{item}}" state: directory with_items: - "{{playbook_dir}}/kubespray" - "{{playbook_dir}}/kubespray/artifacts" - name: generate kubespray inventory copy: dest: "{{playbook_dir}}/kubespray/inventory.yml" content: | kube-master: hosts: {% for host in groups['kubernetes_master'] -%} {{ hostvars.raw_get(host)['ansible_hostname'] }}: ansible_user: {{ hostvars.raw_get(host)['ansible_user'] | default(hostvars.raw_get(host)['ansible_ssh_user']) | default('root') }} ansible_host: {{ hostvars.raw_get(host)['ansible_host'] | default(host) }} {% endfor %} kube-node: hosts: {% for host in groups['kubernetes_worker'] -%} {{ hostvars.raw_get(host)['ansible_hostname'] }}: ansible_user: {{ hostvars.raw_get(host)['ansible_user'] | default(hostvars.raw_get(host)['ansible_ssh_user']) | default('root') }} ansible_host: {{ hostvars.raw_get(host)['ansible_host'] | default(host) }} {% endfor %} etcd: children: kube-master: {} k8s-cluster: children: kube-master: {} kube-node: {} - name: generate kubespray global vars copy: dest: "{{playbook_dir}}/kubespray/global_vars.yml" content: | kubeconfig_localhost: true kubectl_localhost: true artifacts_dir: '{{playbook_dir}}/kubespray/artifacts' - name: generate kubespray playbook copy: dest: "{{playbook_dir}}/kubespray/playbook.yml" content: | - include: /usr/share/kubespray/cluster.yml - name: set kubespray command set_fact: # NOTE: We could let kubespray configure docker # (remove --skip-tags docker) and run it in step 1 # when this RFE is implemented: # https://github.com/kubernetes-incubator/kubespray/issues/1836 kubespray_command: >- {%- if kubespray_command is defined -%} {{kubespray_command}} {%- else -%} ansible-playbook -b -i '{{playbook_dir}}/kubespray/inventory.yml' --skip-tags docker,bastion-ssh-config --extra-vars '@{{playbook_dir}}/kubespray/global_vars.yml' '{{playbook_dir}}/kubespray/playbook.yml' {%- endif -%} - name: print kubespray command debug: var: kubespray_command - name: run kubespray (immediate log at {{playbook_dir}}/kubespray/playbook.log) shell: | {{kubespray_command}} 2>&1 | tee {{playbook_dir}}/kubespray/playbook.log exit ${PIPESTATUS[0]} register: outputs - name: print kubespray outputs debug: var: (outputs.stderr|default('')).split('\n')|union(outputs.stdout_lines|default([])) failed_when: outputs|failed when: outputs is defined