diff --git a/contrib/ansible/roles/common/tasks/main.yml b/contrib/ansible/roles/common/tasks/main.yml index f35b503d7ff..809b0d708cd 100644 --- a/contrib/ansible/roles/common/tasks/main.yml +++ b/contrib/ansible/roles/common/tasks/main.yml @@ -27,6 +27,14 @@ has_rpm: true when: s.stat.exists +- name: Init the has_firewalld fact + set_fact: + has_firewalld: false + +- name: Init the has_iptables fact + set_fact: + has_iptables: false + # collect information about what packages are installed - include: rpm.yml when: has_rpm diff --git a/contrib/ansible/roles/common/tasks/rpm.yml b/contrib/ansible/roles/common/tasks/rpm.yml index 9206e07e4e7..0cb21ea81da 100644 --- a/contrib/ansible/roles/common/tasks/rpm.yml +++ b/contrib/ansible/roles/common/tasks/rpm.yml @@ -5,10 +5,6 @@ changed_when: false failed_when: false -- name: Init the has_firewalld fact - set_fact: - has_firewalld: false - - name: Set the has_firewalld fact set_fact: has_firewalld: true @@ -20,10 +16,6 @@ changed_when: false failed_when: false -- name: Init the has_iptables fact - set_fact: - has_iptables: false - - name: Set the has_iptables fact set_fact: has_iptables: true diff --git a/contrib/ansible/roles/docker/tasks/debian-install.yml b/contrib/ansible/roles/docker/tasks/debian-install.yml new file mode 100644 index 00000000000..79d13c11ae4 --- /dev/null +++ b/contrib/ansible/roles/docker/tasks/debian-install.yml @@ -0,0 +1,10 @@ +--- +- name: DEBIAN | Make sure this is stretch or sid, jessies does not have docker + fail: msg="Docker.io only available in sid and stretch, https://wiki.debian.org/Docker" + when: ansible_lsb.codename != "stretch" and ansible_lsb.codename != "sid" + +- name: DEBIAN | Install Docker + action: "{{ ansible_pkg_mgr }}" + args: + name: docker.io + state: latest diff --git a/contrib/ansible/roles/docker/tasks/generic-install.yml b/contrib/ansible/roles/docker/tasks/generic-install.yml index 694d54db591..17a4fb73ce0 100644 --- a/contrib/ansible/roles/docker/tasks/generic-install.yml +++ b/contrib/ansible/roles/docker/tasks/generic-install.yml @@ -4,3 +4,4 @@ args: name: docker state: latest + when: not is_atomic diff --git a/contrib/ansible/roles/docker/tasks/main.yml b/contrib/ansible/roles/docker/tasks/main.yml index 86e8d115982..c700ba0b7de 100644 --- a/contrib/ansible/roles/docker/tasks/main.yml +++ b/contrib/ansible/roles/docker/tasks/main.yml @@ -1,32 +1,51 @@ --- +- include: debian-install.yml + when: ansible_distribution == "Debian" + - include: generic-install.yml - when: not is_atomic + when: ansible_distribution != "Debian" + +- name: Set docker config file directory + set_fact: + docker_config_dir: "/etc/sysconfig" + +- name: Override docker config file directory for Debian + set_fact: + docker_config_dir: "/etc/default" + when: ansible_distribution == "Debian" + +- name: Verify docker config files exists + file: path={{ docker_config_dir }}/{{ item }} state=touch + changed_when: false + with_items: + - docker + - docker-network - name: Turn down docker logging - lineinfile: dest=/etc/sysconfig/docker regexp=^OPTIONS= line=OPTIONS="--selinux-enabled --log-level=warn" + lineinfile: dest={{ docker_config_dir }}/docker regexp=^OPTIONS= line=OPTIONS="--selinux-enabled --log-level=warn" notify: - restart docker - name: Install http_proxy into docker-network - lineinfile: dest=/etc/sysconfig/docker-network regexp=^HTTP_PROXY= line=HTTP_PROXY="{{ http_proxy }}" + lineinfile: dest={{ docker_config_dir }}/docker-network regexp=^HTTP_PROXY= line=HTTP_PROXY="{{ http_proxy }}" when: http_proxy is defined notify: - restart docker - name: Install https_proxy into docker-network - lineinfile: dest=/etc/sysconfig/docker-network regexp=^HTTPS_PROXY= line=HTTPS_PROXY="{{ https_proxy }}" + lineinfile: dest={{ docker_config_dir }}/docker-network regexp=^HTTPS_PROXY= line=HTTPS_PROXY="{{ https_proxy }}" when: https_proxy is defined notify: - restart docker - name: Install no-proxy into docker-network - lineinfile: dest=/etc/sysconfig/docker-network regexp=^NO_PROXY= line=NO_PROXY="{{ no_proxy }}" + lineinfile: dest={{ docker_config_dir }}/docker-network regexp=^NO_PROXY= line=NO_PROXY="{{ no_proxy }}" when: no_proxy is defined notify: - restart docker - name: Add any insecure registrys to docker config - lineinfile: dest=/etc/sysconfig/docker regexp=^INSECURE_REGISTRY= line=INSECURE_REGISTRY='{% for reg in insecure_registrys %}--insecure-registry="{{ reg }}" {% endfor %}' + lineinfile: dest={{ docker_config_dir }}/docker regexp=^INSECURE_REGISTRY= line=INSECURE_REGISTRY='{% for reg in insecure_registrys %}--insecure-registry="{{ reg }}" {% endfor %}' when: insecure_registrys is defined and insecure_registrys > 0 notify: - restart docker diff --git a/contrib/ansible/roles/etcd/files/etcd.service b/contrib/ansible/roles/etcd/files/etcd.service new file mode 100644 index 00000000000..3d9ab4c453e --- /dev/null +++ b/contrib/ansible/roles/etcd/files/etcd.service @@ -0,0 +1,15 @@ +[Unit] +Description=Etcd Server +After=network.target + +[Service] +Type=simple +WorkingDirectory=/var/lib/etcd/ +EnvironmentFile=-/etc/etcd/etcd.conf +User=etcd +ExecStart=/usr/bin/etcd +Restart=on-failure +LimitNOFILE=65536 + +[Install] +WantedBy=multi-user.target diff --git a/contrib/ansible/roles/etcd/handlers/main.yml b/contrib/ansible/roles/etcd/handlers/main.yml index 11ec38485fb..6936cefd04d 100644 --- a/contrib/ansible/roles/etcd/handlers/main.yml +++ b/contrib/ansible/roles/etcd/handlers/main.yml @@ -1,4 +1,7 @@ --- +- name: reload systemd + command: systemctl --system daemon-reload + - name: restart etcd service: name=etcd state=restarted when: etcd_started.changed == false diff --git a/contrib/ansible/roles/etcd/tasks/main.yml b/contrib/ansible/roles/etcd/tasks/main.yml index d5540f5af0f..70f738c74e9 100644 --- a/contrib/ansible/roles/etcd/tasks/main.yml +++ b/contrib/ansible/roles/etcd/tasks/main.yml @@ -13,6 +13,13 @@ notify: - restart etcd +- name: Write etcd systemd unit file for Debian + copy: src=etcd.service dest=/etc/systemd/system + notify: + - reload systemd + - restart etcd + when: ansible_distribution == "Debian" + - name: Enable etcd service: name=etcd enabled=yes diff --git a/contrib/ansible/roles/kubernetes-addons/handlers/main.yml b/contrib/ansible/roles/kubernetes-addons/handlers/main.yml index d4ed09da21d..8ef7feb774e 100644 --- a/contrib/ansible/roles/kubernetes-addons/handlers/main.yml +++ b/contrib/ansible/roles/kubernetes-addons/handlers/main.yml @@ -1,6 +1,6 @@ --- - name: reload and restart kube-addons - command: systemctl daemon-reload + command: systemctl --system daemon-reload notify: - restart kube-addons diff --git a/contrib/ansible/roles/kubernetes-addons/tasks/generic-install.yml b/contrib/ansible/roles/kubernetes-addons/tasks/generic-install.yml index 4cca068e489..e2466796e99 100644 --- a/contrib/ansible/roles/kubernetes-addons/tasks/generic-install.yml +++ b/contrib/ansible/roles/kubernetes-addons/tasks/generic-install.yml @@ -1,5 +1,14 @@ -- name: Install PyYAML +- name: Set pyyaml package name + set_fact: + pyyaml_name: python-yaml + +- name: Overwrite pyyaml package name for non-Debian + set_fact: + pyyaml_name: PyYAML + when: ansible_distribution != "Debian" + +- name: Install PyYAML for non-debian action: "{{ ansible_pkg_mgr }}" args: - name: PyYAML + name: "{{ pyyaml_name }}" state: latest diff --git a/contrib/ansible/roles/kubernetes/tasks/gen_certs.yml b/contrib/ansible/roles/kubernetes/tasks/gen_certs.yml index b17a92d5d77..3c94409ea22 100644 --- a/contrib/ansible/roles/kubernetes/tasks/gen_certs.yml +++ b/contrib/ansible/roles/kubernetes/tasks/gen_certs.yml @@ -2,8 +2,11 @@ - name: Install openssl for easy-rsa stuff action: "{{ ansible_pkg_mgr }}" args: - name: openssl + name: "{{ item }}" state: latest + with_items: + - openssl + - curl #- name: Get create ca cert script from Kubernetes # get_url: diff --git a/contrib/ansible/roles/master/handlers/main.yml b/contrib/ansible/roles/master/handlers/main.yml index 7d927dd3b39..229fffdd018 100644 --- a/contrib/ansible/roles/master/handlers/main.yml +++ b/contrib/ansible/roles/master/handlers/main.yml @@ -1,6 +1,6 @@ --- - name: reload systemd - command: /usr/bin/systemctl --system daemon-reload + command: systemctl --system daemon-reload notify: - restart daemons diff --git a/contrib/ansible/roles/node/handlers/main.yml b/contrib/ansible/roles/node/handlers/main.yml index 608d9497304..14b9bf10d0a 100644 --- a/contrib/ansible/roles/node/handlers/main.yml +++ b/contrib/ansible/roles/node/handlers/main.yml @@ -1,6 +1,6 @@ --- - name: reload systemd - command: /usr/bin/systemctl --system daemon-reload + command: systemctl --system daemon-reload notify: - restart daemons diff --git a/contrib/ansible/roles/node/tasks/main.yml b/contrib/ansible/roles/node/tasks/main.yml index 50344a329e0..7744d0dc343 100644 --- a/contrib/ansible/roles/node/tasks/main.yml +++ b/contrib/ansible/roles/node/tasks/main.yml @@ -3,10 +3,11 @@ command: getenforce register: selinux changed_when: false + when: ansible_selinux - name: Set selinux permissive because tokens and selinux don't work together selinux: state=permissive policy=targeted - when: "'Enforcing' in selinux.stdout" + when: ansible_selinux and 'Enforcing' in selinux.stdout - include: packageManagerInstall.yml when: source_type == "packageManager"