Newer
Older
---
tags:
- asserts
- name: Force binaries directory for Container Linux by CoreOS
set_fact:
bin_dir: "/opt/bin"
when: ansible_os_family in ["CoreOS", "Container Linux by CoreOS"]
tags:
- facts
- name: check bin dir exists
file:
path: "{{bin_dir}}"
state: directory
owner: root
become: true
tags:
- bootstrap-os
tags:
- facts
- name: gather os specific variables
include_vars: "{{ item }}"
with_first_found:
- files:
- "{{ ansible_distribution|lower }}-{{ ansible_distribution_version|lower|replace('/', '_') }}.yml"
- "{{ ansible_distribution|lower }}-{{ ansible_distribution_release }}.yml"
- "{{ ansible_distribution|lower }}-{{ ansible_distribution_major_version|lower|replace('/', '_') }}.yml"
- "{{ ansible_distribution|lower }}.yml"
- "{{ ansible_os_family|lower }}.yml"
- defaults.yml
tags:
- facts
when: inventory_hostname in groups['k8s-cluster']
tags:
- kubelet
- k8s-secrets
- kube-controller-manager
- kube-apiserver
- bootstrap-os
- apps
- network
- master
- node
with_items:
- "{{ kube_config_dir }}"
- "{{ kube_config_dir }}/ssl"
- "{{ kube_manifest_dir }}"
- "{{ kube_script_dir }}"
- name: check cloud_provider value
fail:
msg: "If set the 'cloud_provider' var must be set either to 'generic', 'gce', 'aws', 'azure', 'openstack', 'vsphere', or external"
- cloud_provider not in ['generic', 'gce', 'aws', 'azure', 'openstack', 'vsphere', 'external']
tags:
- cloud-provider
- facts
- include_tasks: "{{ cloud_provider }}-credential-check.yml"
when:
- cloud_provider is defined
- cloud_provider in [ 'openstack', 'azure', 'vsphere' ]
tags:
- cloud-provider
- facts
- name: Create cni directories
file:
path: "{{ item }}"
state: directory
with_items:
- "/etc/cni/net.d"
- "/opt/cni/bin"
- kube_network_plugin in ["calico", "weave", "canal", "flannel", "contiv", "cilium"]
tags:
- network
- calico
- weave
- canal
- bootstrap-os
when:
- dns_mode != 'none'
- resolvconf_mode == 'host_resolvconf'
tags:
- bootstrap-os
- resolvconf
- name: Update package management cache (YUM)
yum:
update_cache: yes
name: '*'
register: yum_task_result
until: yum_task_result|succeeded
retries: 4
delay: "{{ retry_stagger | random + 3 }}"
- ansible_distribution != 'RedHat'
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
tags: bootstrap-os
- name: Expire management cache (YUM) for Updation - Redhat
shell: yum clean expire-cache
register: expire_cache_output
until: expire_cache_output|succeeded
retries: 4
delay: "{{ retry_stagger | random + 3 }}"
when:
- ansible_pkg_mgr == 'yum'
- ansible_distribution == 'RedHat'
- not is_atomic
tags: bootstrap-os
- name: Update package management cache (YUM) - Redhat
shell: yum makecache
register: make_cache_output
until: make_cache_output|succeeded
retries: 4
delay: "{{ retry_stagger | random + 3 }}"
when:
- ansible_pkg_mgr == 'yum'
- ansible_distribution == 'RedHat'
- expire_cache_output.rc == 0
- not is_atomic
tags: bootstrap-os
- name: Update package management cache (APT)
apt:
update_cache: yes
cache_valid_time: 3600
when: ansible_os_family == "Debian"
tags:
- bootstrap-os
- name: Install python-dnf for latest RedHat versions
register: dnf_task_result
until: dnf_task_result|succeeded
retries: 4
delay: "{{ retry_stagger | random + 3 }}"
when:
- ansible_distribution == "Fedora"
- ansible_distribution_major_version > 21
tags:
- bootstrap-os
yum:
name: epel-release
state: present
when:
- ansible_distribution in ["CentOS","RedHat"]
- not is_atomic
- epel_enabled|bool
tags:
- bootstrap-os
action:
module: "{{ ansible_pkg_mgr }}"
name: "{{ item }}"
state: latest
until: pkgs_task_result|succeeded
delay: "{{ retry_stagger | random + 3 }}"
with_items: "{{required_pkgs | default([]) | union(common_required_pkgs|default([]))}}"
when: not (ansible_os_family in ["CoreOS", "Container Linux by CoreOS"] or is_atomic)
tags:
- bootstrap-os
# Todo : selinux configuration
- name: Confirm selinux deployed
stat:
path: /etc/selinux/config
when: ansible_os_family == "RedHat"
register: slc
- name: Set selinux policy
selinux:
policy: targeted
state: "{{ preinstall_selinux_state }}"
when:
- ansible_os_family == "RedHat"
- slc.stat.exists == True
changed_when: False
tags:
- bootstrap-os
- name: Disable IPv6 DNS lookup
lineinfile:
dest: /etc/gai.conf
line: "precedence ::ffff:0:0/96 100"
state: present
backup: yes
when:
- disable_ipv6_dns
- not ansible_os_family in ["CoreOS", "Container Linux by CoreOS"]
tags:
- bootstrap-os
- name: set default sysctl file path
set_fact:
sysctl_file_path: "/etc/sysctl.d/99-sysctl.conf"
tags:
- bootstrap-os
- name: Stat sysctl file configuration
stat:
path: "{{sysctl_file_path}}"
tags:
- bootstrap-os
- name: Change sysctl file path to link source if linked
set_fact:
sysctl_file_path: "{{sysctl_file_stat.stat.lnk_source}}"
when:
- sysctl_file_stat.stat.islnk is defined
- sysctl_file_stat.stat.islnk
tags:
- bootstrap-os
- name: Enable ip forwarding
sysctl_file: "{{sysctl_file_path}}"
name: net.ipv4.ip_forward
value: 1
state: present
tags:
- bootstrap-os
tags:
- bootstrap-os
- etchosts
when:
- dns_mode != 'none'
- resolvconf_mode == 'host_resolvconf'
- not ansible_os_family in ["CoreOS", "Container Linux by CoreOS"]
tags:
- bootstrap-os
- resolvconf
- import_tasks: dhclient-hooks-undo.yml
when:
- dns_mode != 'none'
- resolvconf_mode != 'host_resolvconf'
- not ansible_os_family in ["CoreOS", "Container Linux by CoreOS"]
tags:
- bootstrap-os
- resolvconf
- name: Check if we are running inside a Azure VM
stat:
path: /var/lib/waagent/
tags:
- bootstrap-os
- import_tasks: growpart-azure-centos-7.yml
when:
- azure_check.stat.exists
- ansible_distribution in ["CentOS","RedHat"]
tags:
- bootstrap-os