Merge pull request #700 from bogdando/tags

Add tags

docs/ansible.md

@@ -48,3 +48,63 @@ etcd
 Group vars
 --------------
 The main variables to change are located in the directory ```inventory/group_vars/all.yml```.
+
+Ansible tags
+------------
+
+The following tags are defined in playbooks:
+
+|                 Tag name | Used for
+|--------------------------|---------
+|                     apps | K8s apps definitions
+|                    azure | Cloud-provider Azure
+|             bootstrap-os | Anything related to host OS configuration
+|                   calico | Network plugin Calico
+|                    canal | Network plugin Canal
+|           cloud-provider | Cloud-provider related tasks
+|                  dnsmasq | Configuring DNS stack for hosts and K8s apps
+|                 download | Fetching container images
+|                     etcd | Configuring etcd cluster
+|         etcd-pre-upgrade | Upgrading etcd cluster
+|             etcd-secrets | Configuring etcd certs/keys
+|                 etchosts | Configuring /etc/hosts entries for hosts
+|                    facts | Gathering facts and misc check results
+|                  flannel | Network plugin flannel
+|                      gce | Cloud-provider GCP
+|                hyperkube | Manipulations with K8s hyperkube image
+|          k8s-pre-upgrade | Upgrading K8s cluster
+|              k8s-secrets | Configuring K8s certs/keys
+|                      kpm | Installing K8s apps definitions with KPM
+|           kube-apiserver | Configuring self-hosted kube-apiserver
+|  kube-controller-manager | Configuring self-hosted kube-controller-manager
+|                  kubectl | Installing kubectl and bash completion
+|                  kubelet | Configuring kubelet service
+|               kube-proxy | Configuring self-hosted kube-proxy
+|           kube-scheduler | Configuring self-hosted kube-scheduler
+|                   master | Configuring K8s master node role
+|               netchecker | Installing netchecker K8s app
+|                  network | Configuring networking plugins for K8s
+|                    nginx | Configuring LB for kube-apiserver instances
+|                     node | Configuring K8s minion (compute) node role
+|                openstack | Cloud-provider OpenStack
+|               preinstall | Preliminary configuration steps
+|               resolvconf | Configuring /etc/resolv.conf for hosts/apps
+|                  upgrade | Upgrading, f.e. container images/binaries
+|                    weave | Network plugin Weave
+
+Note: Use the ``bash scripts/gen_tags.sh`` command to generate a list of all
+tags found in the codebase. New tags will be listed with the empty "Used for"
+field.
+
+Example command to filter and apply only DNS configuration tasks and skip
+everything else related to host OS configuration and downloading images of containers:
+
+```
+ansible-playbook -i inventory/inventory.ini cluster.yml  --tags preinstall,dnsmasq,facts --skip-tags=download,bootstrap-os
+```
+And this play only removes the K8s cluster DNS resolver IP from hosts' /etc/resolv.conf files:
+```
+ansible-playbook -i inventory/inventory.ini -e dns_server='' cluster.yml --tags resolvconf
+```
+
+Note: use `--tags` and `--skip-tags` wise and only if you're 100% sure what you're doing.

roles/bootstrap-os/tasks/bootstrap-coreos.yml

@@ -3,7 +3,7 @@
   raw: stat /opt/bin/.bootstrapped
   register: need_bootstrap
   ignore_errors: True
-
+  tags: facts
 
 - name: Bootstrap | Run bootstrap.sh
   script: bootstrap.sh
@@ -11,6 +11,7 @@
 
 - set_fact:
     ansible_python_interpreter: "/opt/bin/python"
+  tags: facts
 
 - name: Bootstrap | Check if we need to install pip
   shell: "{{ansible_python_interpreter}} -m pip --version"
@@ -18,6 +19,7 @@
   ignore_errors: True
   changed_when: false
   when: (need_bootstrap | failed)
+  tags: facts
 
 - name: Bootstrap | Copy get-pip.py
   copy: src=get-pip.py dest=~/get-pip.py

roles/bootstrap-os/tasks/bootstrap-ubuntu.yml

@@ -5,6 +5,7 @@
   raw: which python
   register: need_bootstrap
   ignore_errors: True
+  tags: facts
 
 - name: Bootstrap | Install python 2.x
   raw: apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y python-minimal
@@ -12,3 +13,4 @@
 
 - set_fact:
     ansible_python_interpreter: "/usr/bin/python"
+  tags: facts

roles/dnsmasq/meta/main.yml

@@ -3,3 +3,4 @@ dependencies:
   - role: download
     file: "{{ downloads.dnsmasq }}"
     when: not skip_dnsmasq|default(false) and download_localhost|default(false)
+    tags: [download, dnsmasq]

roles/dnsmasq/tasks/main.yml

 ---
 - include: dnsmasq.yml
   when: "{{ not skip_dnsmasq_k8s|bool }}"
+  tags: dnsmasq
 
 - include: resolvconf.yml
+  tags: resolvconf

roles/docker/tasks/main.yml

@@ -12,6 +12,7 @@
       paths:
       - ../vars
       skip: true
+  tags: facts
 
 - name: check for minimum kernel version
   fail:
@@ -20,6 +21,7 @@
           {{ docker_kernel_min_version }} on
           {{ ansible_distribution }}-{{ ansible_distribution_version }}
   when: (ansible_os_family != "CoreOS") and (ansible_kernel|version_compare(docker_kernel_min_version, "<"))
+  tags: facts
 
 - name: ensure docker repository public key is installed
   action: "{{ docker_repo_key_info.pkg_key }}"
@@ -76,4 +78,4 @@
     enabled: yes
     state: started
   with_items:
-    - docker
\ No newline at end of file
+    - docker

roles/docker/tasks/non-systemd.yml

@@ -4,19 +4,23 @@
   set_fact:
     docker_options_file: >-
       {%- if ansible_os_family == "Debian" -%}/etc/default/docker{%- elif ansible_os_family == "RedHat" -%}/etc/sysconfig/docker{%- endif -%}
+  tags: facts
 
 - name: Set docker options config variable name
   set_fact:
     docker_options_name: >-
       {%- if ansible_os_family == "Debian" -%}DOCKER_OPTS{%- elif ansible_os_family == "RedHat" -%}other_args{%- endif -%}
+  tags: facts
 
 - name: Set docker options config value to be written
   set_fact:
     docker_options_value: '"{{ docker_options }} $DOCKER_NETWORK_OPTIONS $DOCKER_STORAGE_OPTIONS $INSECURE_REGISTRY"'
+  tags: facts
 
 - name: Set docker options config line to be written
   set_fact:
     docker_options_line: "{{ docker_options_name }}={{ docker_options_value }}"
+  tags: facts
 
 - name: Set docker proxy lines to be written
   set_fact:
@@ -24,6 +28,7 @@
      - { name: "HTTP_PROXY", value: '"{{ http_proxy }}"' }
      - { name: "HTTPS_PROXY", value: '"{{ https_proxy }}"' }
      - { name: "NO_PROXY", value: '"{{ no_proxy }}"' }
+  tags: facts
 
 - name: Remove docker daemon proxy config lines that don't match desired lines
   lineinfile:
@@ -58,4 +63,4 @@
     mode: 0644
   notify: restart docker
 
-- meta: flush_handlers
\ No newline at end of file
+- meta: flush_handlers

roles/download/tasks/main.yml

@@ -45,6 +45,7 @@
 
 - set_fact:
     download_delegate: "{% if download_localhost %}localhost{% else %}{{groups['kube-master'][0]}}{% endif %}"
+  tags: facts
 
 - name: Create dest directory for saved/loaded container images
   file: path="{{local_release_dir}}/containers" state=directory recurse=yes mode=0755 owner={{ansible_ssh_user|default(ansible_user_id)}}
@@ -78,6 +79,7 @@
 
 - set_fact:
     fname: "{{local_release_dir}}/containers/{{download.repo|regex_replace('/|\0|:', '_')}}:{{download.tag|regex_replace('/|\0|:', '_')}}.tar"
+  tags: facts
 
 - name: "Set default value for 'container_changed' to false"
   set_fact:
@@ -89,6 +91,7 @@
   when: "{{ download.enabled|bool and download.container|bool }}"
   delegate_to: "{{ download_delegate if download_run_once|bool else inventory_hostname }}"
   run_once: "{{ download_run_once|bool }}"
+  tags: facts
 
 - name: Stat saved container image
   stat: path="{{fname}}"

roles/etcd/meta/main.yml

@@ -7,3 +7,4 @@ dependencies:
     when: (ansible_os_family != "CoreOS" and etcd_deployment_type == "docker" or inventory_hostname in groups['k8s-cluster'])
   - role: download
     file: "{{ downloads.etcd }}"
+    tags: download

roles/etcd/tasks/configure.yml

@@ -5,6 +5,7 @@
   ignore_errors: true
   changed_when: false
   when: is_etcd_master
+  tags: facts
 
 - name: Configure | Add member to the cluster if it is not there
   when: is_etcd_master and etcd_member_in_cluster.rc != 0 and etcd_cluster_is_healthy.rc == 0

roles/etcd/tasks/gen_certs.yml

@@ -42,6 +42,7 @@
 - set_fact:
     master_certs: ['ca-key.pem', 'admin.pem', 'admin-key.pem', 'member.pem', 'member-key.pem']
     node_certs: ['ca.pem', 'node.pem', 'node-key.pem']
+  tags: facts
 
 - name: Gen_certs | Gather etcd master certs
   shell: "tar cfz - -C {{ etcd_cert_dir }} {{ master_certs|join(' ') }} {{ node_certs|join(' ') }}| base64 --wrap=0"
@@ -78,6 +79,7 @@
     state=directory
     owner=kube
     recurse=yes
+  tags: facts
 
 - name: Gen_certs | set permissions on keys
   shell: chmod 0600 {{ etcd_cert_dir}}/*key.pem
@@ -94,6 +96,7 @@
       {%- elif ansible_os_family == "CoreOS" -%}
       /etc/ssl/certs/etcd-ca.pem
       {%- endif %}
+  tags: facts
 
 - name: Gen_certs | add CA to trusted CA dir
   copy:

roles/etcd/tasks/main.yml

 ---
 - include: pre_upgrade.yml
+  tags: etcd-pre-upgrade
 - include: check_certs.yml
+  tags: [etcd-secrets, facts]
 - include: gen_certs.yml
+  tags: etcd-secrets
 - include: install.yml
   when: is_etcd_master
+  tags: upgrade
 - include: set_cluster_health.yml
   when: is_etcd_master
 - include: configure.yml

roles/etcd/tasks/pre_upgrade.yml

@@ -2,11 +2,13 @@
   stat:
     path: /etc/systemd/system/etcd-proxy.service
   register: kube_apiserver_service_file
+  tags: facts
 
 - name: "Pre-upgrade | check for etcd-proxy init script"
   stat:
     path: /etc/init.d/etcd-proxy
   register: kube_apiserver_init_script
+  tags: facts
 
 - name: "Pre-upgrade | stop etcd-proxy if service defined"
   service:

roles/etcd/tasks/set_cluster_health.yml

@@ -5,3 +5,4 @@
   ignore_errors: true
   changed_when: false
   when: is_etcd_master
+  tags: facts

roles/kubernetes-apps/ansible/tasks/main.yaml

@@ -6,6 +6,7 @@
     - {file: kubedns-svc.yml, type: svc}
   register: manifests
   when: inventory_hostname == groups['kube-master'][0]
+  tags: dnsmasq
 
 - name: Kubernetes Apps | Start Resources
   kube:
@@ -17,11 +18,14 @@
     state: "{{item.changed | ternary('latest','present') }}"
   with_items: "{{ manifests.results }}"
   when: inventory_hostname == groups['kube-master'][0]
+  tags: dnsmasq
 
 - include: tasks/calico-policy-controller.yml
   when: ( enable_network_policy is defined and enable_network_policy == True ) or
     ( kube_network_plugin == 'canal' )
+  tags: [network, canal]
 
 - name: Kubernetes Apps | Netchecker
   include: tasks/netchecker.yml
   when: deploy_netchecker
+  tags: netchecker

roles/kubernetes-apps/network_plugin/meta/main.yml

@@ -2,3 +2,4 @@
 dependencies:
  - role: kubernetes-apps/network_plugin/canal
    when: kube_network_plugin == 'canal'
+   tags: canal

roles/kubernetes/master/meta/main.yml

@@ -2,3 +2,4 @@
 dependencies:
   - role: download
     file: "{{ downloads.hyperkube }}"
+    tags: [download, hyperkube]

roles/kubernetes/master/tasks/main.yml

 ---
 - include: pre-upgrade.yml
-
+  tags: k8s-pre-upgrade
 
 - name: Copy kubectl from hyperkube container
   command: "/usr/bin/docker run --rm -v {{ bin_dir }}:/systembindir {{ hyperkube_image_repo }}:{{ hyperkube_image_tag }} /bin/cp /hyperkube /systembindir/kubectl"
@@ -9,12 +9,14 @@
   retries: 4
   delay: "{{ retry_stagger | random + 3 }}"
   changed_when: false
+  tags: [hyperkube, kubectl, upgrade]
 
 - name: Gather kubectl bash completion
   command: "{{ bin_dir }}/kubectl completion bash"
   no_log: true
   register: kubectl_bash_completion
   when: ansible_os_family in ["Debian","RedHat"]
+  tags: kubectl
 
 - name: Write kubectl bash completion
   copy:
@@ -24,12 +26,14 @@
     group: root
     mode: 0755
   when: ansible_os_family in ["Debian","RedHat"] and kubectl_bash_completion.changed
+  tags: [kubectl, upgrade]
 
 - name: Write kube-apiserver manifest
   template:
     src: manifests/kube-apiserver.manifest.j2
     dest: "{{ kube_manifest_dir }}/kube-apiserver.manifest"
   notify: Master | wait for the apiserver to be running
+  tags: kube-apiserver
 
 - meta: flush_handlers
 # Create kube-system namespace
@@ -37,6 +41,7 @@
   copy: src=namespace.yml dest=/etc/kubernetes/kube-system-ns.yml
   run_once: yes
   when: inventory_hostname == groups['kube-master'][0]
+  tags: apps
 
 - name: Check if kube-system exists
   command: "{{ bin_dir }}/kubectl get ns kube-system"
@@ -44,11 +49,13 @@
   changed_when: False
   failed_when: False
   run_once: yes
+  tags: apps
 
 - name: Create 'kube-system' namespace
   command: "{{ bin_dir }}/kubectl create -f /etc/kubernetes/kube-system-ns.yml"
   changed_when: False
   when: kubesystem|failed and inventory_hostname == groups['kube-master'][0]
+  tags: apps
 
 # Write other manifests
 - name: Write kube-controller-manager manifest
@@ -56,9 +63,11 @@
     src: manifests/kube-controller-manager.manifest.j2
     dest: "{{ kube_manifest_dir }}/kube-controller-manager.manifest"
   notify: Master | wait for kube-controller-manager
+  tags: kube-controller-manager
 
 - name: Write kube-scheduler manifest
   template:
     src: manifests/kube-scheduler.manifest.j2
     dest: "{{ kube_manifest_dir }}/kube-scheduler.manifest"
   notify: Master | wait for kube-scheduler
+  tags: kube-scheduler

roles/kubernetes/master/tasks/pre-upgrade.yml

@@ -3,17 +3,20 @@
   stat:
     path: /etc/systemd/system/kube-apiserver.service
   register: kube_apiserver_service_file
+  tags: [facts, kube-apiserver]
 
 - name: "Pre-upgrade | check for kube-apiserver init script"
   stat:
     path: /etc/init.d/kube-apiserver
   register: kube_apiserver_init_script
+  tags: [facts, kube-apiserver]
 
 - name: "Pre-upgrade | stop kube-apiserver if service defined"
   service:
     name: kube-apiserver
     state: stopped
   when: (kube_apiserver_service_file.stat.exists|default(False) or kube_apiserver_init_script.stat.exists|default(False))
+  tags: kube-apiserver
 
 - name: "Pre-upgrade | remove kube-apiserver service definition"
   file:
@@ -23,3 +26,4 @@
   with_items:
     - /etc/systemd/system/kube-apiserver.service
     - /etc/init.d/kube-apiserver
+  tags: kube-apiserver

roles/kubernetes/node/meta/main.yml

@@ -2,28 +2,39 @@
 dependencies:
   - role: download
     file: "{{ downloads.hyperkube }}"
+    tags: [download, hyperkube, kubelet, network, canal, calico, weave, kube-controller-manager, kube-scheduler, kube-apiserver, kube-proxy, kubectl]
   - role: download
     file: "{{ downloads.pod_infra }}"
+    tags: [download, kubelet]
   - role: kubernetes/secrets
+    tags: k8s-secrets
   - role: download
     file: "{{ downloads.nginx }}"
+    tags: [download, nginx]
   - role: download
     file: "{{ downloads.testbox }}"
+    tags: download
   - role: download
     file: "{{ downloads.netcheck_server }}"
     when: deploy_netchecker
+    tags: [download, netchecker]
   - role: download
     file: "{{ downloads.netcheck_agent }}"
     when: deploy_netchecker
+    tags: [download, netchecker]
   - role: download
     file: "{{ downloads.netcheck_kubectl }}"
     when: deploy_netchecker
+    tags: [download, netchecker]
   - role: download
     file: "{{ downloads.kubednsmasq }}"
     when: not skip_dnsmasq_k8s|default(false)
+    tags: [download, dnsmasq]
   - role: download
     file: "{{ downloads.kubedns }}"
     when: not skip_dnsmasq_k8s|default(false)
+    tags: [download, dnsmasq]
   - role: download
     file: "{{ downloads.exechealthz }}"
     when: not skip_dnsmasq_k8s|default(false)
+    tags: [download, dnsmasq]