Split deploy steps in separate playbooks: part1 (#3451)

* Fix bootstrap_os/ubuntu idempotency

* Update bastion role

* move container_engine in sub-roles

* requires ansible 2.5

* ubuntu18 as first CI job

.gitlab-ci.yml

@@ -42,7 +42,7 @@ before_script:
   tags:
     - kubernetes
     - docker
-  image: quay.io/kubespray/kubespray:latest
+  image: quay.io/kubespray/kubespray:v2.7
 
 .docker_service: &docker_service
   services:
@@ -323,12 +323,13 @@ before_script:
 
 # Builds for PRs only (premoderated by unit-tests step) and triggers (auto)
 ### PR JOBS PART1
-gce_coreos-calico-aio:
+
+gce_ubuntu18-flannel-aio:
   stage: deploy-part1
   <<: *job
   <<: *gce
   variables:
-    <<: *coreos_calico_aio_variables
+    <<: *ubuntu18_flannel_aio_variables
     <<: *gce_variables
   when: on_success
   except: ['triggers']
@@ -336,14 +337,14 @@ gce_coreos-calico-aio:
 
 ### PR JOBS PART2
 
-gce_ubuntu18-flannel-aio:
+gce_coreos-calico-aio:
   stage: deploy-part2
   <<: *job
   <<: *gce
   variables:
-    <<: *ubuntu18_flannel_aio_variables
+    <<: *coreos_calico_aio_variables
     <<: *gce_variables
-  when: manual
+  when: on_success
   except: ['triggers']
   only: [/^pr-.*$/]
 
@@ -358,7 +359,7 @@ gce_centos7-flannel-addons:
   except: ['triggers']
   only: [/^pr-.*$/]
 
-gce_centos-weave-kubeadm:
+gce_centos-weave-kubeadm-sep:
   stage: deploy-part2
   <<: *job
   <<: *gce
@@ -369,6 +370,8 @@ gce_centos-weave-kubeadm:
   except: ['triggers']
   only: [/^pr-.*$/]
 
+### MANUAL JOBS
+
 gce_ubuntu-weave-sep:
   stage: deploy-part2
   <<: *job
@@ -376,11 +379,10 @@ gce_ubuntu-weave-sep:
   variables:
     <<: *gce_variables
     <<: *ubuntu_weave_sep_variables
-  when: on_success
+  when: manual
   except: ['triggers']
   only: [/^pr-.*$/]
 
-### MANUAL JOBS
 gce_coreos-calico-sep-triggers:
   stage: deploy-part2
   <<: *job

cluster.yml

 ---
-- hosts: localhost
+- hosts: bastion[0]
   gather_facts: False
   roles:
     - { role: kubespray-defaults}
@@ -33,11 +33,7 @@
   roles:
     - { role: kubespray-defaults}
     - { role: kubernetes/preinstall, tags: preinstall }
-    - { role: docker, tags: docker, when: container_manager == 'docker' }
-    - { role: cri-o, tags: crio, when: container_manager == 'crio' }
-    - role: rkt
-      tags: rkt
-      when: "'rkt' in [etcd_deployment_type, kubelet_deployment_type, vault_deployment_type]"
+    - { role: "container-engine", tags: "container-engine" }
     - { role: download, tags: download, when: "not skip_downloads" }
   environment: "{{proxy_env}}"
 

requirements.txt

-ansible>=2.4.0
+ansible>=2.5.0
 jinja2>=2.9.6
 netaddr
 pbr>=1.6

roles/bastion-ssh-config/tasks/main.yml

 ---
 - set_fact:
-    has_bastion: "{{ 'bastion' in groups['all'] }}"
-
-- set_fact:
-    bastion_ip: "{{ hostvars['bastion']['ansible_host'] }}"
-  when: has_bastion
+    bastion_ip: "{{ hostvars[groups['bastion'][0]]['ansible_host'] | d(hostvars[groups['bastion'][0]]['ansible_ssh_host']) }}"
+  delegate_to: localhost
 
 # As we are actually running on localhost, the ansible_ssh_user is your local user when you try to use it directly
 # To figure out the real ssh user, we delegate this task to the bastion and store the ansible_user in real_user
 - set_fact:
     real_user: "{{ ansible_user }}"
-  delegate_to: bastion
-  when: has_bastion
 
 - name: create ssh bastion conf
   become: false
+  delegate_to: localhost
   template:
     src: ssh-bastion.conf
     dest: "{{ playbook_dir }}/ssh-bastion.conf"
-  when: has_bastion

roles/bastion-ssh-config/templates/ssh-bastion.conf

-{% if has_bastion %}
 {% set vars={'hosts': ''} %}
 {% set user='' %}
 
 {% for h in groups['all'] %}
-{% if h != 'bastion' %}
+{% if h not in groups['bastion'] %}
 {% if vars.update({'hosts': vars['hosts'] + ' ' + (hostvars[h].get('ansible_ssh_host') or hostvars[h]['ansible_host'])}) %}{% endif %}
 {% endif %}
 {% endfor %}
@@ -17,4 +16,3 @@ Host {{ bastion_ip }}
 
 Host {{ vars['hosts'] }}
   ProxyCommand ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -W %h:%p {{ real_user }}@{{ bastion_ip }} {% if ansible_ssh_private_key_file is defined %}-i {{ ansible_ssh_private_key_file }}{% endif %}
-{% endif %}

roles/bootstrap-os/defaults/main.yml

 ---
+bootstrap_os:
+os_family: "{{bootstrap_os}}"
+
 pip_python_coreos_modules:
   - httplib2
   - six
 
 override_system_hostname: true
-
-
 coreos_auto_upgrade: true

roles/bootstrap-os/tasks/bootstrap-ubuntu.yml

 ---
 #  raw: cat /etc/issue.net | grep '{{ bootstrap_versions }}'
 
+- name: List ubuntu_packages
+  set_fact:
+    ubuntu_packages:
+      - python
+      - python-apt
+      - python-pip
+      - dbus
+
 - name: Bootstrap | Check if bootstrap is needed
-  raw: which "{{ item }}"
+  raw: dpkg -l | cut -d' ' -f3 |grep -e ^{{item}}$
   register: need_bootstrap
   failed_when: false
   changed_when: false
-  with_items:
-    - python
-    - python-apt
-    - pip
-    - dbus-daemon
+  with_items: "{{ubuntu_packages}}"
+
   tags:
     - facts
 
 - name: Bootstrap | Install python 2.x and pip
   raw:
     apt-get update && \
-    DEBIAN_FRONTEND=noninteractive apt-get install -y python-minimal python-pip dbus
+    DEBIAN_FRONTEND=noninteractive apt-get install -y {{ubuntu_packages | join(" ")}}
   when:
-    "{{ need_bootstrap.results | map(attribute='rc') | sort | last | bool }}"
+    - need_bootstrap.results | map(attribute='rc') | sort | last | bool
 
 - set_fact:
     ansible_python_interpreter: "/usr/bin/python"

roles/bootstrap-os/tasks/main.yml

 ---
-- import_tasks: bootstrap-ubuntu.yml
-  when: bootstrap_os == "ubuntu"
 
-- import_tasks: bootstrap-debian.yml
-  when: bootstrap_os == "debian"
+- include_tasks: bootstrap-ubuntu.yml
+  when: os_family == "ubuntu"
 
-- import_tasks: bootstrap-coreos.yml
-  when: bootstrap_os == "coreos"
+- include_tasks: bootstrap-debian.yml
+  when: os_family == "debian"
 
-- import_tasks: bootstrap-fedora.yml
-  when: bootstrap_os == "fedora"
+- include_tasks: bootstrap-coreos.yml
+  when: os_family == "coreos"
 
-- import_tasks: bootstrap-centos.yml
-  when: bootstrap_os == "centos"
+- include_tasks: bootstrap-fedora.yml
+  when: os_family == "fedora"
 
-- import_tasks: bootstrap-opensuse.yml
-  when: bootstrap_os == "opensuse"
+- include_tasks: bootstrap-centos.yml
+  when: os_family == "centos"
 
-- import_tasks: setup-pipelining.yml
-
-- name: check if atomic host
-  stat:
-    path: /run/ostree-booted
-  register: ostree
+- include_tasks: bootstrap-opensuse.yml
+  when: os_family == "opensuse"
 
-- set_fact:
-    is_atomic: "{{ ostree.stat.exists }}"
+- import_tasks: setup-pipelining.yml
 
 - name: Gather nodes hostnames
   setup:

roles/container-engine/defaults/main.yml

+---
+## DNS
+dns_domain: cluster.local
+dns_servers: []
+upstream_dns_servers: []
+searchdomains: []

roles/docker/defaults/main.yml → roles/container-engine/docker/defaults/main.yml

@@ -43,3 +43,4 @@ dockerproject_rh_repo_base_url: 'https://yum.dockerproject.org/repo/main/centos/
 dockerproject_rh_repo_gpgkey: 'https://yum.dockerproject.org/gpg'
 dockerproject_apt_repo_base_url: 'https://apt.dockerproject.org/repo'
 dockerproject_apt_repo_gpgkey: 'https://apt.dockerproject.org/gpg'
+docker_bin_dir: "/usr/bin"