mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-08-03 17:30:00 +00:00
Ansible: start to support debian
This commit is contained in:
Eric Paris
parent
a25b34e1a4
commit
1253ca52cd
@ -27,6 +27,14 @@
|
|||||||
has_rpm: true
|
has_rpm: true
|
||||||
when: s.stat.exists
|
when: s.stat.exists
|
||||||
|
|
||||||
|
- name: Init the has_firewalld fact
|
||||||
|
set_fact:
|
||||||
|
has_firewalld: false
|
||||||
|
|
||||||
|
- name: Init the has_iptables fact
|
||||||
|
set_fact:
|
||||||
|
has_iptables: false
|
||||||
|
|
||||||
# collect information about what packages are installed
|
# collect information about what packages are installed
|
||||||
- include: rpm.yml
|
- include: rpm.yml
|
||||||
when: has_rpm
|
when: has_rpm
|
||||||
|
|||||||
@ -5,10 +5,6 @@
|
|||||||
changed_when: false
|
changed_when: false
|
||||||
failed_when: false
|
failed_when: false
|
||||||
|
|
||||||
- name: Init the has_firewalld fact
|
|
||||||
set_fact:
|
|
||||||
has_firewalld: false
|
|
||||||
|
|
||||||
- name: Set the has_firewalld fact
|
- name: Set the has_firewalld fact
|
||||||
set_fact:
|
set_fact:
|
||||||
has_firewalld: true
|
has_firewalld: true
|
||||||
@ -20,10 +16,6 @@
|
|||||||
changed_when: false
|
changed_when: false
|
||||||
failed_when: false
|
failed_when: false
|
||||||
|
|
||||||
- name: Init the has_iptables fact
|
|
||||||
set_fact:
|
|
||||||
has_iptables: false
|
|
||||||
|
|
||||||
- name: Set the has_iptables fact
|
- name: Set the has_iptables fact
|
||||||
set_fact:
|
set_fact:
|
||||||
has_iptables: true
|
has_iptables: true
|
||||||
|
|||||||
10
contrib/ansible/roles/docker/tasks/debian-install.yml
Normal file
10
contrib/ansible/roles/docker/tasks/debian-install.yml
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
---
|
||||||
|
- name: DEBIAN | Make sure this is stretch or sid, jessies does not have docker
|
||||||
|
fail: msg="Docker.io only available in sid and stretch, https://wiki.debian.org/Docker"
|
||||||
|
when: ansible_lsb.codename != "stretch" and ansible_lsb.codename != "sid"
|
||||||
|
|
||||||
|
- name: DEBIAN | Install Docker
|
||||||
|
action: "{{ ansible_pkg_mgr }}"
|
||||||
|
args:
|
||||||
|
name: docker.io
|
||||||
|
state: latest
|
||||||
@ -4,3 +4,4 @@
|
|||||||
args:
|
args:
|
||||||
name: docker
|
name: docker
|
||||||
state: latest
|
state: latest
|
||||||
|
when: not is_atomic
|
||||||
|
|||||||
@ -1,32 +1,51 @@
|
|||||||
---
|
---
|
||||||
|
- include: debian-install.yml
|
||||||
|
when: ansible_distribution == "Debian"
|
||||||
|
|
||||||
- include: generic-install.yml
|
- include: generic-install.yml
|
||||||
when: not is_atomic
|
when: ansible_distribution != "Debian"
|
||||||
|
|
||||||
|
- name: Set docker config file directory
|
||||||
|
set_fact:
|
||||||
|
docker_config_dir: "/etc/sysconfig"
|
||||||
|
|
||||||
|
- name: Override docker config file directory for Debian
|
||||||
|
set_fact:
|
||||||
|
docker_config_dir: "/etc/default"
|
||||||
|
when: ansible_distribution == "Debian"
|
||||||
|
|
||||||
|
- name: Verify docker config files exists
|
||||||
|
file: path={{ docker_config_dir }}/{{ item }} state=touch
|
||||||
|
changed_when: false
|
||||||
|
with_items:
|
||||||
|
- docker
|
||||||
|
- docker-network
|
||||||
|
|
||||||
- name: Turn down docker logging
|
- name: Turn down docker logging
|
||||||
lineinfile: dest=/etc/sysconfig/docker regexp=^OPTIONS= line=OPTIONS="--selinux-enabled --log-level=warn"
|
lineinfile: dest={{ docker_config_dir }}/docker regexp=^OPTIONS= line=OPTIONS="--selinux-enabled --log-level=warn"
|
||||||
notify:
|
notify:
|
||||||
- restart docker
|
- restart docker
|
||||||
|
|
||||||
- name: Install http_proxy into docker-network
|
- name: Install http_proxy into docker-network
|
||||||
lineinfile: dest=/etc/sysconfig/docker-network regexp=^HTTP_PROXY= line=HTTP_PROXY="{{ http_proxy }}"
|
lineinfile: dest={{ docker_config_dir }}/docker-network regexp=^HTTP_PROXY= line=HTTP_PROXY="{{ http_proxy }}"
|
||||||
when: http_proxy is defined
|
when: http_proxy is defined
|
||||||
notify:
|
notify:
|
||||||
- restart docker
|
- restart docker
|
||||||
|
|
||||||
- name: Install https_proxy into docker-network
|
- name: Install https_proxy into docker-network
|
||||||
lineinfile: dest=/etc/sysconfig/docker-network regexp=^HTTPS_PROXY= line=HTTPS_PROXY="{{ https_proxy }}"
|
lineinfile: dest={{ docker_config_dir }}/docker-network regexp=^HTTPS_PROXY= line=HTTPS_PROXY="{{ https_proxy }}"
|
||||||
when: https_proxy is defined
|
when: https_proxy is defined
|
||||||
notify:
|
notify:
|
||||||
- restart docker
|
- restart docker
|
||||||
|
|
||||||
- name: Install no-proxy into docker-network
|
- name: Install no-proxy into docker-network
|
||||||
lineinfile: dest=/etc/sysconfig/docker-network regexp=^NO_PROXY= line=NO_PROXY="{{ no_proxy }}"
|
lineinfile: dest={{ docker_config_dir }}/docker-network regexp=^NO_PROXY= line=NO_PROXY="{{ no_proxy }}"
|
||||||
when: no_proxy is defined
|
when: no_proxy is defined
|
||||||
notify:
|
notify:
|
||||||
- restart docker
|
- restart docker
|
||||||
|
|
||||||
- name: Add any insecure registrys to docker config
|
- name: Add any insecure registrys to docker config
|
||||||
lineinfile: dest=/etc/sysconfig/docker regexp=^INSECURE_REGISTRY= line=INSECURE_REGISTRY='{% for reg in insecure_registrys %}--insecure-registry="{{ reg }}" {% endfor %}'
|
lineinfile: dest={{ docker_config_dir }}/docker regexp=^INSECURE_REGISTRY= line=INSECURE_REGISTRY='{% for reg in insecure_registrys %}--insecure-registry="{{ reg }}" {% endfor %}'
|
||||||
when: insecure_registrys is defined and insecure_registrys > 0
|
when: insecure_registrys is defined and insecure_registrys > 0
|
||||||
notify:
|
notify:
|
||||||
- restart docker
|
- restart docker
|
||||||
|
|||||||
15
contrib/ansible/roles/etcd/files/etcd.service
Normal file
15
contrib/ansible/roles/etcd/files/etcd.service
Normal file
@ -0,0 +1,15 @@
|
|||||||
|
[Unit]
|
||||||
|
Description=Etcd Server
|
||||||
|
After=network.target
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Type=simple
|
||||||
|
WorkingDirectory=/var/lib/etcd/
|
||||||
|
EnvironmentFile=-/etc/etcd/etcd.conf
|
||||||
|
User=etcd
|
||||||
|
ExecStart=/usr/bin/etcd
|
||||||
|
Restart=on-failure
|
||||||
|
LimitNOFILE=65536
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
||||||
@ -1,4 +1,7 @@
|
|||||||
---
|
---
|
||||||
|
- name: reload systemd
|
||||||
|
command: systemctl --system daemon-reload
|
||||||
|
|
||||||
- name: restart etcd
|
- name: restart etcd
|
||||||
service: name=etcd state=restarted
|
service: name=etcd state=restarted
|
||||||
when: etcd_started.changed == false
|
when: etcd_started.changed == false
|
||||||
|
|||||||
@ -13,6 +13,13 @@
|
|||||||
notify:
|
notify:
|
||||||
- restart etcd
|
- restart etcd
|
||||||
|
|
||||||
|
- name: Write etcd systemd unit file for Debian
|
||||||
|
copy: src=etcd.service dest=/etc/systemd/system
|
||||||
|
notify:
|
||||||
|
- reload systemd
|
||||||
|
- restart etcd
|
||||||
|
when: ansible_distribution == "Debian"
|
||||||
|
|
||||||
- name: Enable etcd
|
- name: Enable etcd
|
||||||
service: name=etcd enabled=yes
|
service: name=etcd enabled=yes
|
||||||
|
|
||||||
|
|||||||
@ -1,6 +1,6 @@
|
|||||||
---
|
---
|
||||||
- name: reload and restart kube-addons
|
- name: reload and restart kube-addons
|
||||||
command: systemctl daemon-reload
|
command: systemctl --system daemon-reload
|
||||||
notify:
|
notify:
|
||||||
- restart kube-addons
|
- restart kube-addons
|
||||||
|
|
||||||
|
|||||||
@ -1,5 +1,14 @@
|
|||||||
- name: Install PyYAML
|
- name: Set pyyaml package name
|
||||||
|
set_fact:
|
||||||
|
pyyaml_name: python-yaml
|
||||||
|
|
||||||
|
- name: Overwrite pyyaml package name for non-Debian
|
||||||
|
set_fact:
|
||||||
|
pyyaml_name: PyYAML
|
||||||
|
when: ansible_distribution != "Debian"
|
||||||
|
|
||||||
|
- name: Install PyYAML for non-debian
|
||||||
action: "{{ ansible_pkg_mgr }}"
|
action: "{{ ansible_pkg_mgr }}"
|
||||||
args:
|
args:
|
||||||
name: PyYAML
|
name: "{{ pyyaml_name }}"
|
||||||
state: latest
|
state: latest
|
||||||
|
|||||||
@ -2,8 +2,11 @@
|
|||||||
- name: Install openssl for easy-rsa stuff
|
- name: Install openssl for easy-rsa stuff
|
||||||
action: "{{ ansible_pkg_mgr }}"
|
action: "{{ ansible_pkg_mgr }}"
|
||||||
args:
|
args:
|
||||||
name: openssl
|
name: "{{ item }}"
|
||||||
state: latest
|
state: latest
|
||||||
|
with_items:
|
||||||
|
- openssl
|
||||||
|
- curl
|
||||||
|
|
||||||
#- name: Get create ca cert script from Kubernetes
|
#- name: Get create ca cert script from Kubernetes
|
||||||
# get_url:
|
# get_url:
|
||||||
|
|||||||
@ -1,6 +1,6 @@
|
|||||||
---
|
---
|
||||||
- name: reload systemd
|
- name: reload systemd
|
||||||
command: /usr/bin/systemctl --system daemon-reload
|
command: systemctl --system daemon-reload
|
||||||
notify:
|
notify:
|
||||||
- restart daemons
|
- restart daemons
|
||||||
|
|
||||||
|
|||||||
@ -1,6 +1,6 @@
|
|||||||
---
|
---
|
||||||
- name: reload systemd
|
- name: reload systemd
|
||||||
command: /usr/bin/systemctl --system daemon-reload
|
command: systemctl --system daemon-reload
|
||||||
notify:
|
notify:
|
||||||
- restart daemons
|
- restart daemons
|
||||||
|
|
||||||
|
|||||||
@ -3,10 +3,11 @@
|
|||||||
command: getenforce
|
command: getenforce
|
||||||
register: selinux
|
register: selinux
|
||||||
changed_when: false
|
changed_when: false
|
||||||
|
when: ansible_selinux
|
||||||
|
|
||||||
- name: Set selinux permissive because tokens and selinux don't work together
|
- name: Set selinux permissive because tokens and selinux don't work together
|
||||||
selinux: state=permissive policy=targeted
|
selinux: state=permissive policy=targeted
|
||||||
when: "'Enforcing' in selinux.stdout"
|
when: ansible_selinux and 'Enforcing' in selinux.stdout
|
||||||
|
|
||||||
- include: packageManagerInstall.yml
|
- include: packageManagerInstall.yml
|
||||||
when: source_type == "packageManager"
|
when: source_type == "packageManager"
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user