From aef8d86e4b1fc2970e27e578a6dd92ae3024f933 Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Thu, 24 May 2018 23:53:00 +0200 Subject: move kubernetes roles to subdir --- roles/kubernetes/net/tasks/add.yml | 114 +++++++++++++++++++++++++++++++++++++ 1 file changed, 114 insertions(+) create mode 100644 roles/kubernetes/net/tasks/add.yml (limited to 'roles/kubernetes/net/tasks/add.yml') diff --git a/roles/kubernetes/net/tasks/add.yml b/roles/kubernetes/net/tasks/add.yml new file mode 100644 index 00000000..f4e422c6 --- /dev/null +++ b/roles/kubernetes/net/tasks/add.yml @@ -0,0 +1,114 @@ +--- +- name: create docker config directory + file: + name: /etc/docker + state: directory + mode: 0700 + +- name: disable docker iptables and bridge + copy: + src: daemon.json + dest: /etc/docker/daemon.json + +- name: create network config directory + file: + name: /var/lib/kubenet/ + state: directory + +- name: configure wireguard port + set_fact: + kubenet_wireguard_port: "{{ kubernetes.wireguard_port | default(51820) }}" + +- name: install ifupdown script + template: + src: ifupdown.sh.j2 + dest: /var/lib/kubenet/ifupdown.sh + mode: 0755 + # TODO: notify reload... this is unfortunately already to late because + # it must probably be brought down by the old version of the script + +- name: generate wireguard private key + shell: "umask 077; wg genkey > /var/lib/kubenet/kube-wg0.privatekey" + args: + creates: /var/lib/kubenet/kube-wg0.privatekey + +- name: fetch wireguard public key + shell: "wg pubkey < /var/lib/kubenet/kube-wg0.privatekey" + register: kubenet_wireguard_pubkey + changed_when: false + check_mode: no + +- name: install systemd service unit for network interfaces + copy: + src: kubenet-interfaces.service + dest: /etc/systemd/system/kubenet-interfaces.service + # TODO: notify: reload??? + +- name: make sure kubenet interfaces service is started and enabled + systemd: + daemon_reload: yes + name: kubenet-interfaces.service + state: started + enabled: yes + +- name: get list of currently installed kubenet peers + find: + path: /etc/systemd/system/ + pattern: "kubenet-peer-*.service" + register: kubenet_peers_installed + +- name: compute list of peers to be added + set_fact: + kubenet_peers_to_add: "{{ kubernetes_nodes | difference(inventory_hostname) }}" + +- name: compute list of peers to be removed + set_fact: + kubenet_peers_to_remove: "{{ kubenet_peers_installed.files | map(attribute='path') | map('replace', '/etc/systemd/system/kubenet-peer-', '') | map('replace', '.service', '') | difference(kubenet_peers_to_add) }}" + +- name: stop/disable systemd units for stale kubenet peers + with_items: "{{ kubenet_peers_to_remove }}" + systemd: + name: "kubenet-peer-{{ item }}.service" + state: stopped + enabled: no + +- name: remove systemd units for stale kubenet peers + with_items: "{{ kubenet_peers_to_remove }}" + file: + name: "/etc/systemd/system/kubenet-peer-{{ item }}.service" + state: absent + +- name: install systemd units for every kubenet peer + with_items: "{{ kubenet_peers_to_add }}" + loop_control: + loop_var: peer + template: + src: kubenet-peer.service.j2 + dest: "/etc/systemd/system/kubenet-peer-{{ peer }}.service" + # TODO: notify restart for peers that change... + +- name: make sure kubenet peer services are started and enabled + with_items: "{{ kubenet_peers_to_add }}" + systemd: + daemon_reload: yes + name: "kubenet-peer-{{ item }}.service" + state: started + enabled: yes + +- name: enable IPv4 forwarding + sysctl: + name: net.ipv4.ip_forward + value: 1 + sysctl_set: yes + state: present + reload: yes + +- name: create cni config directory + file: + name: /etc/cni/net.d + state: directory + +- name: install cni config + template: + src: k8s.json.j2 + dest: /etc/cni/net.d/k8s.json -- cgit v1.2.3