openstack/tripleo-heat-templates
Code Issues Proposed changes
27b2cd8900
tripleo-heat-templates/extraconfig/services/kubernetes-master.yaml
Jiri Stransky cb17631829 Don't fail Kubespray scenario if swap is enabled 
We have swap enabled in CI, by default Kubespray refuses to run with
swap, and so does Kubelet. Make this behavior configurable and allow
swap in the Kubespray scenario env file. It should be fine to run with
swap for development/testing [1].

[1] https://github.com/kubernetes-incubator/kubespray/issues/1787#issuecomment-336159788

Depends-On: I7a02134970c1b1754d42c4e85ed0a2188a5ecdb6
Change-Id: I023824a31f1278b01c33ce81d4af81247dd5f672
2017-11-29 13:40:20 +01:00

188 lines
7.4 KiB
YAML
Raw Blame History

heat_template_version: ocata
description: Triggers a Mistral workflow for the deployment of Kubernetes
parameters:
RoleNetIpMap:
default: {}
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
KubesprayIgnoreAssertErrors:
default: false
description: Ignore kubespray pre-flight checks. Useful for deploying
on environments with swap enabled.
type: boolean
outputs:
role_data:
description: Role data for the Kubernetes Service
value:
service_name: kubernetes_master
config_settings:
tripleo.kubernetes_master.firewall_rules:
'200 kubernetes-master api':
dport: 6443
proto: tcp
'200 kubernetes-master etcd':
dport:
- 2379
- 2380
proto: tcp
'200 kubernetes-master flannel':
dport:
- 8285
- 8472
proto: udp
upgrade_tasks: []
step_config: ''
external_deploy_tasks:
# FIXME: remove this block when kubespray is packaged
- name: kubernetes_master step 2 kubespray repository
when: step == '2'
block:
- name: check kubespray directory existence
stat:
path: /usr/share/kubespray
register: kubespray_stat
- set_fact:
kubespray_dir: >-
{%- if kubespray_stat.stat.exists -%}
/usr/share/kubespray
{%- elif ansible_user_id == 'mistral' -%}
/var/lib/mistral/kubespray
{%- else -%}
{{ ansible_user_dir }}/kubespray
{%- endif -%}
- name: check cloned kubespray directory existence
stat:
path: "{{ kubespray_dir }}"
register: kubespray_cloned_stat
when: not kubespray_stat.stat.exists
- name: download kubespray source
shell: |
set -eux
mkdir '{{ kubespray_dir }}'
cd '{{ kubespray_dir }}'
curl -Lo kubespray.tar.gz 'https://github.com/kubernetes-incubator/kubespray/archive/master.tar.gz'
tar --strip-components 1 -xzvf kubespray.tar.gz
# do not overwrite existing contents
when: not kubespray_stat.stat.exists and not kubespray_cloned_stat.stat.exists
- name: kubernetes_master step 2
when: step == '2'
block:
- name: create kubespray temp dirs
file:
path: "{{item}}"
state: directory
with_items:
- "{{playbook_dir}}/kubespray"
- "{{playbook_dir}}/kubespray/artifacts"
- name: generate kubespray inventory
copy:
dest: "{{playbook_dir}}/kubespray/inventory.yml"
content: |
kube-master:
hosts:
{% for host in groups['kubernetes_master'] -%}
{{ hostvars.raw_get(host)['ansible_hostname'] }}:
ansible_user: {{ hostvars.raw_get(host)['ansible_user'] | default(hostvars.raw_get(host)['ansible_ssh_user']) | default('root') }}
ansible_host: {{ hostvars.raw_get(host)['ansible_host'] | default(host) }}
ansible_become: true
{% endfor %}
kube-node:
hosts:
{% for host in groups['kubernetes_worker'] -%}
{{ hostvars.raw_get(host)['ansible_hostname'] }}:
ansible_user: {{ hostvars.raw_get(host)['ansible_user'] | default(hostvars.raw_get(host)['ansible_ssh_user']) | default('root') }}
ansible_host: {{ hostvars.raw_get(host)['ansible_host'] | default(host) }}
ansible_become: true
{% endfor %}
etcd:
children:
kube-master: {}
k8s-cluster:
children:
kube-master: {}
kube-node: {}
- name: generate kubespray global vars
copy:
dest: "{{playbook_dir}}/kubespray/global_vars.yml"
content:
str_replace:
template: |
kubeconfig_localhost: true
artifacts_dir: '{{playbook_dir}}/kubespray/artifacts'
ignore_assert_errors: IGNORE_ASSERT_ERRORS
kubelet_fail_swap_on: KUBELET_FAIL_SWAP_ON
params:
IGNORE_ASSERT_ERRORS: {get_param: KubesprayIgnoreAssertErrors}
KUBELET_FAIL_SWAP_ON:
yaql:
expression: not $.data
data: {get_param: KubesprayIgnoreAssertErrors}
- name: generate kubespray playbook
copy:
dest: "{{playbook_dir}}/kubespray/playbook.yml"
content: |
- include: {{ kubespray_dir|default('/usr/share/kubespray') }}/cluster.yml
- name: set kubespray command
set_fact:
# NOTE: We could let kubespray configure docker
# (remove --skip-tags docker) and run it in step 1
# when this RFE is implemented:
# https://github.com/kubernetes-incubator/kubespray/issues/1836
kubespray_command: >-
{%- if kubespray_command is defined -%}
{{kubespray_command}}
{%- else -%}
ANSIBLE_HOST_KEY_CHECKING=False
ansible-playbook
-i '{{playbook_dir}}/kubespray/inventory.yml'
--skip-tags docker,bastion-ssh-config
--extra-vars '@{{playbook_dir}}/kubespray/global_vars.yml'
--private-key '{{ansible_ssh_private_key_file}}'
'{{playbook_dir}}/kubespray/playbook.yml'
{%- endif -%}
- name: print kubespray command
debug:
var: kubespray_command
- name: run kubespray (immediate log at {{playbook_dir}}/kubespray/playbook.log)
shell: |
{{kubespray_command}} 2>&1 | tee {{playbook_dir}}/kubespray/playbook.log
exit ${PIPESTATUS[0]}
register: outputs
- name: print kubespray outputs
debug:
var: (outputs.stderr|default('')).split('\n')|union(outputs.stdout_lines|default([]))
failed_when: outputs.rc != 0
when: outputs.rc is defined
View Git Blame Copy Permalink