mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-29 22:46:12 +00:00
Ansible: start to support debian
This commit is contained in:
Eric Paris
parent
a25b34e1a4
commit
1253ca52cd
@ -27,6 +27,14 @@
|
||||
has_rpm: true
|
||||
when: s.stat.exists
|
||||
|
||||
- name: Init the has_firewalld fact
|
||||
set_fact:
|
||||
has_firewalld: false
|
||||
|
||||
- name: Init the has_iptables fact
|
||||
set_fact:
|
||||
has_iptables: false
|
||||
|
||||
# collect information about what packages are installed
|
||||
- include: rpm.yml
|
||||
when: has_rpm
|
||||
|
||||
@ -5,10 +5,6 @@
|
||||
changed_when: false
|
||||
failed_when: false
|
||||
|
||||
- name: Init the has_firewalld fact
|
||||
set_fact:
|
||||
has_firewalld: false
|
||||
|
||||
- name: Set the has_firewalld fact
|
||||
set_fact:
|
||||
has_firewalld: true
|
||||
@ -20,10 +16,6 @@
|
||||
changed_when: false
|
||||
failed_when: false
|
||||
|
||||
- name: Init the has_iptables fact
|
||||
set_fact:
|
||||
has_iptables: false
|
||||
|
||||
- name: Set the has_iptables fact
|
||||
set_fact:
|
||||
has_iptables: true
|
||||
|
||||
10
contrib/ansible/roles/docker/tasks/debian-install.yml
Normal file
10
contrib/ansible/roles/docker/tasks/debian-install.yml
Normal file
@ -0,0 +1,10 @@
|
||||
---
|
||||
- name: DEBIAN | Make sure this is stretch or sid, jessies does not have docker
|
||||
fail: msg="Docker.io only available in sid and stretch, https://wiki.debian.org/Docker"
|
||||
when: ansible_lsb.codename != "stretch" and ansible_lsb.codename != "sid"
|
||||
|
||||
- name: DEBIAN | Install Docker
|
||||
action: "{{ ansible_pkg_mgr }}"
|
||||
args:
|
||||
name: docker.io
|
||||
state: latest
|
||||
@ -4,3 +4,4 @@
|
||||
args:
|
||||
name: docker
|
||||
state: latest
|
||||
when: not is_atomic
|
||||
|
||||
@ -1,32 +1,51 @@
|
||||
---
|
||||
- include: debian-install.yml
|
||||
when: ansible_distribution == "Debian"
|
||||
|
||||
- include: generic-install.yml
|
||||
when: not is_atomic
|
||||
when: ansible_distribution != "Debian"
|
||||
|
||||
- name: Set docker config file directory
|
||||
set_fact:
|
||||
docker_config_dir: "/etc/sysconfig"
|
||||
|
||||
- name: Override docker config file directory for Debian
|
||||
set_fact:
|
||||
docker_config_dir: "/etc/default"
|
||||
when: ansible_distribution == "Debian"
|
||||
|
||||
- name: Verify docker config files exists
|
||||
file: path={{ docker_config_dir }}/{{ item }} state=touch
|
||||
changed_when: false
|
||||
with_items:
|
||||
- docker
|
||||
- docker-network
|
||||
|
||||
- name: Turn down docker logging
|
||||
lineinfile: dest=/etc/sysconfig/docker regexp=^OPTIONS= line=OPTIONS="--selinux-enabled --log-level=warn"
|
||||
lineinfile: dest={{ docker_config_dir }}/docker regexp=^OPTIONS= line=OPTIONS="--selinux-enabled --log-level=warn"
|
||||
notify:
|
||||
- restart docker
|
||||
|
||||
- name: Install http_proxy into docker-network
|
||||
lineinfile: dest=/etc/sysconfig/docker-network regexp=^HTTP_PROXY= line=HTTP_PROXY="{{ http_proxy }}"
|
||||
lineinfile: dest={{ docker_config_dir }}/docker-network regexp=^HTTP_PROXY= line=HTTP_PROXY="{{ http_proxy }}"
|
||||
when: http_proxy is defined
|
||||
notify:
|
||||
- restart docker
|
||||
|
||||
- name: Install https_proxy into docker-network
|
||||
lineinfile: dest=/etc/sysconfig/docker-network regexp=^HTTPS_PROXY= line=HTTPS_PROXY="{{ https_proxy }}"
|
||||
lineinfile: dest={{ docker_config_dir }}/docker-network regexp=^HTTPS_PROXY= line=HTTPS_PROXY="{{ https_proxy }}"
|
||||
when: https_proxy is defined
|
||||
notify:
|
||||
- restart docker
|
||||
|
||||
- name: Install no-proxy into docker-network
|
||||
lineinfile: dest=/etc/sysconfig/docker-network regexp=^NO_PROXY= line=NO_PROXY="{{ no_proxy }}"
|
||||
lineinfile: dest={{ docker_config_dir }}/docker-network regexp=^NO_PROXY= line=NO_PROXY="{{ no_proxy }}"
|
||||
when: no_proxy is defined
|
||||
notify:
|
||||
- restart docker
|
||||
|
||||
- name: Add any insecure registrys to docker config
|
||||
lineinfile: dest=/etc/sysconfig/docker regexp=^INSECURE_REGISTRY= line=INSECURE_REGISTRY='{% for reg in insecure_registrys %}--insecure-registry="{{ reg }}" {% endfor %}'
|
||||
lineinfile: dest={{ docker_config_dir }}/docker regexp=^INSECURE_REGISTRY= line=INSECURE_REGISTRY='{% for reg in insecure_registrys %}--insecure-registry="{{ reg }}" {% endfor %}'
|
||||
when: insecure_registrys is defined and insecure_registrys > 0
|
||||
notify:
|
||||
- restart docker
|
||||
|
||||
15
contrib/ansible/roles/etcd/files/etcd.service
Normal file
15
contrib/ansible/roles/etcd/files/etcd.service
Normal file
@ -0,0 +1,15 @@
|
||||
[Unit]
|
||||
Description=Etcd Server
|
||||
After=network.target
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
WorkingDirectory=/var/lib/etcd/
|
||||
EnvironmentFile=-/etc/etcd/etcd.conf
|
||||
User=etcd
|
||||
ExecStart=/usr/bin/etcd
|
||||
Restart=on-failure
|
||||
LimitNOFILE=65536
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
@ -1,4 +1,7 @@
|
||||
---
|
||||
- name: reload systemd
|
||||
command: systemctl --system daemon-reload
|
||||
|
||||
- name: restart etcd
|
||||
service: name=etcd state=restarted
|
||||
when: etcd_started.changed == false
|
||||
|
||||
@ -13,6 +13,13 @@
|
||||
notify:
|
||||
- restart etcd
|
||||
|
||||
- name: Write etcd systemd unit file for Debian
|
||||
copy: src=etcd.service dest=/etc/systemd/system
|
||||
notify:
|
||||
- reload systemd
|
||||
- restart etcd
|
||||
when: ansible_distribution == "Debian"
|
||||
|
||||
- name: Enable etcd
|
||||
service: name=etcd enabled=yes
|
||||
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
---
|
||||
- name: reload and restart kube-addons
|
||||
command: systemctl daemon-reload
|
||||
command: systemctl --system daemon-reload
|
||||
notify:
|
||||
- restart kube-addons
|
||||
|
||||
|
||||
@ -1,5 +1,14 @@
|
||||
- name: Install PyYAML
|
||||
- name: Set pyyaml package name
|
||||
set_fact:
|
||||
pyyaml_name: python-yaml
|
||||
|
||||
- name: Overwrite pyyaml package name for non-Debian
|
||||
set_fact:
|
||||
pyyaml_name: PyYAML
|
||||
when: ansible_distribution != "Debian"
|
||||
|
||||
- name: Install PyYAML for non-debian
|
||||
action: "{{ ansible_pkg_mgr }}"
|
||||
args:
|
||||
name: PyYAML
|
||||
name: "{{ pyyaml_name }}"
|
||||
state: latest
|
||||
|
||||
@ -2,8 +2,11 @@
|
||||
- name: Install openssl for easy-rsa stuff
|
||||
action: "{{ ansible_pkg_mgr }}"
|
||||
args:
|
||||
name: openssl
|
||||
name: "{{ item }}"
|
||||
state: latest
|
||||
with_items:
|
||||
- openssl
|
||||
- curl
|
||||
|
||||
#- name: Get create ca cert script from Kubernetes
|
||||
# get_url:
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
---
|
||||
- name: reload systemd
|
||||
command: /usr/bin/systemctl --system daemon-reload
|
||||
command: systemctl --system daemon-reload
|
||||
notify:
|
||||
- restart daemons
|
||||
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
---
|
||||
- name: reload systemd
|
||||
command: /usr/bin/systemctl --system daemon-reload
|
||||
command: systemctl --system daemon-reload
|
||||
notify:
|
||||
- restart daemons
|
||||
|
||||
|
||||
@ -3,10 +3,11 @@
|
||||
command: getenforce
|
||||
register: selinux
|
||||
changed_when: false
|
||||
when: ansible_selinux
|
||||
|
||||
- name: Set selinux permissive because tokens and selinux don't work together
|
||||
selinux: state=permissive policy=targeted
|
||||
when: "'Enforcing' in selinux.stdout"
|
||||
when: ansible_selinux and 'Enforcing' in selinux.stdout
|
||||
|
||||
- include: packageManagerInstall.yml
|
||||
when: source_type == "packageManager"
|
||||
|
||||
Loading…
Reference in New Issue
Block a user