Merge pull request #132 from Smana/net_plugins_distinct_roles

split network plugins into distinct roles

Merge pull request #132 from Smana/net_plugins_distinct_roles
03dd43e9 · Smaine Kahlouch · 3016ab79 · 4f92417a · 03dd43e9 · 03dd43e9
Commit 03dd43e9 authored 9 years ago by Smaine Kahlouch
--- a/roles/network_plugin/tasks/calico.yml
+++ b/roles/network_plugin/tasks/calico.yml
 ---
+- name: Calico | Set docker daemon options
+  template:
+    src: docker
+    dest: "/etc/default/docker"
+    owner: root
+    group: root
+    mode: 0644
+  notify:
+    - restart docker
+- name: Calico | Write docker.service systemd file
+  template:
+    src: systemd-docker.service
+    dest: /lib/systemd/system/docker.service
+  notify: restart docker
+  when: init_system == "systemd"
+- meta: flush_handlers
 - name: Calico | Install calicoctl bin
  command: rsync -piu "{{ local_release_dir }}/calico/bin/calicoctl" "{{ bin_dir }}/calicoctl"
  register: calico_copy
  changed_when: false
+- name: Calico | Install calico cni bin
+  command: rsync -piu "{{ local_release_dir }}/calico/bin/calico" "/opt/cni/bin/calico"
+  changed_when: false
+- name: Calico | Install calico-ipam cni bin
+  command: rsync -piu "{{ local_release_dir }}/calico/bin/calico" "/opt/cni/bin/calico-ipam"
+  changed_when: false
 - name: Calico | install calicoctl
  file: path={{ bin_dir }}/calicoctl mode=0755 state=file
@@ -51,33 +78,32 @@
        ( not calico_pools.json['node']['nodes'][0]['key'] | search(".*{{ kube_pods_subnet | ipaddr('network') }}.*") )
  run_once: true
- name: Calico | Write calico-node configuration
-  template: src=calico/calico.conf.j2 dest=/usr/libexec/kubernetes/kubelet-plugins/net/exec/calico/calico_kubernetes.ini
-  notify: restart calico-node
 - name: Calico | Write /etc/network-environment
-  template: src=calico/network-environment.j2 dest=/etc/network-environment
+  template: src=network-environment.j2 dest=/etc/network-environment
  when: init_system == "sysvinit"
 - name: Calico | Write calico-node systemd init file
-  template: src=calico/calico-node.service.j2 dest=/etc/systemd/system/calico-node.service
+  template: src=calico-node.service.j2 dest=/etc/systemd/system/calico-node.service
  when: init_system == "systemd"
  notify: restart calico-node
 - name: Calico | Write calico-node initd script
-  template: src=calico/deb-calico.initd.j2 dest=/etc/init.d/calico-node owner=root mode=0755
+  template: src=deb-calico.initd.j2 dest=/etc/init.d/calico-node owner=root mode=0755
  when: init_system == "sysvinit" and ansible_os_family == "Debian"
  notify: restart calico-node
 - name: Calico | Write calico-node initd script
-  template: src=calico/rh-calico.initd.j2 dest=/etc/init.d/calico-node owner=root mode=0755
+  template: src=rh-calico.initd.j2 dest=/etc/init.d/calico-node owner=root mode=0755
  when: init_system == "sysvinit" and ansible_os_family == "RedHat"
  notify: restart calico-node
 - meta: flush_handlers
 - name: Calico | Enable calico-node
-  service: name=calico-node enabled=yes state=started
+  service:
+    name: calico-node
+    state: started
+    enabled: yes
 - name: Calico | Restart calico if binary changed
  service:

--- a/roles/network_plugin/templates/calico/calico-node.service.j2
+++ b/roles/network_plugin/templates/calico/calico-node.service.j2
@@ -8,9 +8,9 @@ After=docker.service etcd.service
 User=root
 PermissionsStartOnly=true
 {% if inventory_hostname in groups['kube-node'] and peer_with_router|default(false)%}
-ExecStart={{ bin_dir }}/calicoctl node --kubernetes --ip={{ip | default(ansible_default_ipv4.address) }} --as={{ local_as }} --detach=false
+ExecStart={{ bin_dir }}/calicoctl node --ip={{ip | default(ansible_default_ipv4.address) }} --as={{ local_as }} --detach=false
 {%     else %}
-ExecStart={{ bin_dir }}/calicoctl node --kubernetes --ip={{ip | default(ansible_default_ipv4.address) }} --detach=false
+ExecStart={{ bin_dir }}/calicoctl node --ip={{ip | default(ansible_default_ipv4.address) }} --detach=false
 {%     endif %}
 Restart=always
 Restart=10

--- a/roles/network_plugin/templates/calico/deb-calico.initd.j2
+++ b/roles/network_plugin/templates/calico/deb-calico.initd.j2
--- a/roles/network_plugin/templates/docker
+++ b/roles/network_plugin/templates/docker
--- a/roles/network_plugin/calico/templates/network-environment.j2
+++ b/roles/network_plugin/calico/templates/network-environment.j2
+# This host's IPv4 address (the source IP address used to reach other nodes
+# in the Kubernetes cluster).
+DEFAULT_IPV4={{ip | default(ansible_default_ipv4.address) }}
+# The Kubernetes master IP
+KUBERNETES_MASTER={{ hostvars[groups['kube-master'][0]]['access_ip'] | default(hostvars[groups['kube-master'][0]]['ip'] | default(hostvars[groups['kube-master'][0]]['ansible_default_ipv4']['address'])) }}
+# IP and port of etcd instance used by Calico
+ETCD_AUTHORITY=127.0.0.1:2379
--- a/roles/network_plugin/templates/calico/rh-calico.initd.j2
+++ b/roles/network_plugin/templates/calico/rh-calico.initd.j2
--- a/roles/network_plugin/templates/systemd-docker.service
+++ b/roles/network_plugin/templates/systemd-docker.service
--- a/roles/network_plugin/defaults/main.yml
+++ b/roles/network_plugin/defaults/main.yml
 ---
 # Flannel public IP
 # The address that flannel should advertise as how to access the system
 flannel_public_ip: "{{ access_ip|default(ip|default(ansible_default_ipv4.address)) }}"
@@ -7,5 +6,3 @@ flannel_public_ip: "{{ access_ip|default(ip|default(ansible_default_ipv4.address
 ## interface that should be used for flannel operations
 ## This is actually an inventory node-level item
 # flannel_interface:
-# cloud_provider: no
\ No newline at end of file
--- a/roles/network_plugin/handlers/main.yml
+++ b/roles/network_plugin/handlers/main.yml
 ---
- name: restart calico-node
-  command: /bin/true
-  notify:
-    - reload systemd
-    - reload calico-node
 - name: restart docker
  command: /bin/true
  notify:
@@ -21,11 +15,6 @@
  shell: systemctl daemon-reload
  when: init_system == "systemd"
- name: reload calico-node
-  service:
-    name: calico-node
-    state: restarted
 - name: reload docker
  service:
    name: docker

--- a/roles/network_plugin/tasks/flannel.yml
+++ b/roles/network_plugin/tasks/flannel.yml
 ---
 - name: Flannel | Write flannel configuration
  template:
-    src: flannel/network.json
+    src: network.json
    dest: /etc/flannel-network.json
    backup: yes
 - name: Flannel | Create flannel pod manifest
  template:
-    src: flannel/flannel-pod.yml
+    src: flannel-pod.yml
    dest: /etc/kubernetes/manifests/flannel-pod.manifest
  notify: delete default docker bridge
@@ -16,7 +16,7 @@
    path: /run/flannel/subnet.env
    delay: 5
- name: Get flannel_subnet from subnet.env
+- name: Flannel | Get flannel_subnet from subnet.env
  shell: cat /run/flannel/subnet.env | awk -F'=' '$1 == "FLANNEL_SUBNET" {print $2}'
  register: flannel_subnet_output
  changed_when: false
@@ -24,10 +24,29 @@
 - set_fact:
    flannel_subnet: "{{ flannel_subnet_output.stdout }}"
- name: Get flannel_mtu from subnet.env
+- name: Flannel | Get flannel_mtu from subnet.env
  shell: cat /run/flannel/subnet.env | awk -F'=' '$1 == "FLANNEL_MTU" {print $2}'
  register: flannel_mtu_output
  changed_when: false
 - set_fact:
    flannel_mtu: "{{ flannel_mtu_output.stdout }}"
+- name: Flannel | Set docker daemon options
+  template:
+    src: docker
+    dest: "/etc/default/docker"
+    owner: root
+    group: root
+    mode: 0644
+  notify:
+    - restart docker
+- name: Flannel | Write docker.service systemd file
+  template:
+    src: systemd-docker.service
+    dest: /lib/systemd/system/docker.service
+  notify: restart docker
+  when: init_system == "systemd"
+- meta: flush_handlers
--- a/roles/network_plugin/flannel/templates/docker
+++ b/roles/network_plugin/flannel/templates/docker
+# Deployed by Ansible
+{% if init_system == "sysvinit" and kube_network_plugin == "flannel" and ansible_os_family == "Debian" %}
+DOCKER_OPTS="--bip={{ flannel_subnet }} --mtu={{ flannel_mtu }}"
+{% elif kube_network_plugin == "flannel" %}
+OPTIONS="--bip={{ flannel_subnet }} --mtu={{ flannel_mtu }}"
+{% endif %}
--- a/roles/network_plugin/templates/flannel/flannel-pod.yml
+++ b/roles/network_plugin/templates/flannel/flannel-pod.yml
--- a/roles/network_plugin/templates/flannel/network.json
+++ b/roles/network_plugin/templates/flannel/network.json
--- a/roles/network_plugin/flannel/templates/systemd-docker.service
+++ b/roles/network_plugin/flannel/templates/systemd-docker.service
+[Unit]
+Description=Docker Application Container Engine
+Documentation=http://docs.docker.com
+{% if ansible_os_family == "RedHat" %}
+After=network.target
+Wants=docker-storage-setup.service
+{% elif ansible_os_family == "Debian" %}
+After=network.target docker.socket
+Requires=docker.socket
+{% endif %}
+[Service]
+Type=notify
+EnvironmentFile=-/etc/default/docker
+Environment=GOTRACEBACK=crash
+ExecStart=/usr/bin/docker daemon \
+          $OPTIONS \
+          $DOCKER_STORAGE_OPTIONS \
+          $DOCKER_NETWORK_OPTIONS \
+          $INSECURE_REGISTRY
+LimitNOFILE=1048576
+LimitNPROC=1048576
+LimitCORE=infinity
+MountFlags=slave
+TimeoutStartSec=1min
+[Install]
+WantedBy=multi-user.target
--- a/roles/network_plugin/meta/main.yml
+++ b/roles/network_plugin/meta/main.yml
+---
+dependencies:
+ - role: network_plugin/calico
+   when: kube_network_plugin == 'calico'
+ - role: network_plugin/flannel
+   when: kube_network_plugin == 'flannel'
--- a/roles/network_plugin/tasks/main.yml
+++ b/roles/network_plugin/tasks/main.yml
---
- name: "Test if network plugin is defined"
-  fail: msg="ERROR, One network_plugin variable must be defined (Flannel or Calico)"
-  when: ( kube_network_plugin is defined and kube_network_plugin == "calico" and kube_network_plugin == "flannel" ) or
-        kube_network_plugin is not defined
- include: flannel.yml
-  when: kube_network_plugin == "flannel"
- name: Set docker daemon options
-  template:
-    src: docker
-    dest: "{{ '/etc/sysconfig/docker-network' if ansible_os_family == 'RedHat' else '/etc/default/docker' }}"
-    owner: root
-    group: root
-    mode: 0644
-  notify:
-    - restart docker
- name: Write docker.service systemd file
-  template:
-    src: systemd-docker.service
-    dest: /lib/systemd/system/docker.service
-  notify: restart docker
-  when: init_system == "systemd"
- meta: flush_handlers
- include: calico.yml
-  when: kube_network_plugin == "calico"
--- a/roles/network_plugin/templates/calico/calico.conf.j2
+++ b/roles/network_plugin/templates/calico/calico.conf.j2
-[config]
-CALICO_IPAM=true
-# Location of etcd cluster used by Calico.  By default, this uses the etcd
-# instance running on the Kubernetes Master
-ETCD_AUTHORITY=127.0.0.1:2379
-# The kubernetes-apiserver location - used by the calico plugin
-{% if loadbalancer_apiserver is defined and apiserver_loadbalancer_domain_name is defined %}
-KUBE_API_ROOT=https://{{ apiserver_loadbalancer_domain_name }}:{{ loadbalancer_apiserver.port }}/api/v1/
-{% else %}
-KUBE_API_ROOT=https://{{ hostvars[groups['kube-master'][0]]['access_ip'] | default(hostvars[groups['kube-master'][0]]['ip'] | default(hostvars[groups['kube-master'][0]]['ansible_default_ipv4']['address'])) }}:{{kube_apiserver_port}}/api/v1/
-{% endif %}
-# Kubernetes authentication token
-{% if calico_token is defined | default('') %}
-KUBE_AUTH_TOKEN={{ calico_token.content|b64decode }}
-{% endif %}
--- a/roles/network_plugin/templates/calico/network-environment.j2
+++ b/roles/network_plugin/templates/calico/network-environment.j2
-DEFAULT_IPV4={{ip | default(ansible_default_ipv4.address) }}
-ETCD_AUTHORITY=127.0.0.1:2379