github.com/jlmeeker/kismatic@v1.10.1-0.20180612190640-57f9005a1f1a/ansible/roles/contiv/tasks/main.yaml

github.com/jlmeeker/kismatic@v1.10.1-0.20180612190640-57f9005a1f1a/ansible/roles/contiv/tasks/main.yaml (about)

     1  ---
     2    # Pre-download contiv images
     3    - name: download contiv container images
     4      command: docker pull {{ images.contiv_netplugin }}
     5      register: result
     6      until: result|succeeded
     7      retries: 2
     8      delay: 1
     9  
    10    # Create a secret that contains the contiv certificates.
    11    # Runs on the first master node if we find that the secret does 
    12    # not exist
    13    - name: check if contiv proxy server certs secert exists
    14      command: kubectl --kubeconfig {{ kubernetes_kubeconfig.kubectl }} -n kube-system get secret {{ contiv.proxy_server_certs_secret_name }} -o jsonpath='{.metadata.name}' --ignore-not-found 
    15      register: certs_check_result
    16  
    17    - block:
    18      - name: create tmp dir for contiv certs
    19        file:
    20          path: "/tmp/contiv-certs"
    21          state: directory
    22  
    23      - name: copy contiv proxy server certificates
    24        copy:
    25          src: "{{ tls_directory }}/{{ item }}"
    26          dest: "/tmp/contiv-certs/{{ item }}"
    27          owner: "{{ kubernetes_owner }}"
    28          group: "{{ kubernetes_group }}"
    29          mode: "{{ kubernetes_service_mode }}"
    30        with_items:
    31          - "{{ contiv.certs.proxy_server_key_filename }}"
    32          - "{{ contiv.certs.proxy_server_cert_filename }}"
    33  
    34      - name: create secret for contiv proxy server certificates
    35        command: kubectl --kubeconfig {{ kubernetes_kubeconfig.kubectl }} -n kube-system create secret tls {{ contiv.proxy_server_certs_secret_name }} --key=/tmp/contiv-certs/{{ contiv.certs.proxy_server_key_filename }} --cert=/tmp/contiv-certs/{{ contiv.certs.proxy_server_cert_filename }}
    36  
    37      - name: delete temp contiv certs
    38        file:
    39          path: "/tmp/contiv-certs"
    40          state: absent
    41      when: inventory_hostname == groups['master'][0] and certs_check_result.stdout != contiv.proxy_server_certs_secret_name
    42  
    43    # Deploy and configure contiv.
    44    # Runs on master nodes so that the netctl utility is available to operators if they
    45    # ever need it.
    46    - block:
    47      - name: create /etc/contiv directory
    48        file:
    49          path: "{{ contiv.dir.config }}"
    50          state: directory
    51  
    52      - name: copy deployment files to remote
    53        template:
    54          src: "{{ item }}"
    55          dest: "{{ contiv.dir.config }}/{{ item }}"
    56          owner: "{{ kubernetes_owner }}"
    57          group: "{{ kubernetes_group }}"
    58          mode: "{{ kubernetes_service_mode }}"
    59        with_items:
    60          - "configmap.yaml"
    61          - "netmaster.yaml"
    62          - "netplugin.yaml"
    63  
    64      - name: deploy contiv components
    65        command: kubectl --kubeconfig {{ kubernetes_kubeconfig.kubectl }} apply -f /etc/contiv
    66        run_once: true
    67      
    68      # Wait until netmaster pods are up
    69      - name: get desired number of netmaster pods
    70        command: kubectl --kubeconfig {{ kubernetes_kubeconfig.kubectl }} get ds contiv-netmaster -o=jsonpath='{.status.desiredNumberScheduled}' --namespace=kube-system
    71        register: desiredPods
    72        until: desiredPods|success
    73        retries: 20
    74        delay: 6
    75        run_once: true
    76  
    77      - name: wait until all netmaster pods are ready
    78        command: kubectl --kubeconfig {{ kubernetes_kubeconfig.kubectl }} get ds contiv-netmaster -o=jsonpath='{.status.numberAvailable}' --namespace=kube-system
    79        register: readyPods
    80        until: desiredPods.stdout|int == readyPods.stdout|int
    81        retries: 20
    82        delay: 6
    83        failed_when: false # We don't want this task to actually fail (We catch the failure with a custom msg in the next task)
    84        run_once: true
    85  
    86      - name: fail if any netmaster pods are not ready
    87        fail:
    88          msg: "Timed out waiting for all contiv netmaster pods to be ready."
    89        run_once: true
    90        when: desiredPods.stdout|int != readyPods.stdout|int
    91      
    92      - name: set forwarding mode to routed
    93        command: docker run --net host --rm --entrypoint /contiv/bin/netctl {{ images.contiv_netplugin }} --netmaster http://localhost:9999 global set --fwd-mode routing
    94        run_once: true
    95  
    96      - name: list existing contiv networks
    97        command: docker run --net host --rm --entrypoint /contiv/bin/netctl {{ images.contiv_netplugin }} --netmaster http://localhost:9999 net ls
    98        register: contiv_networks
    99        run_once: true
   100  
   101      - name: create infra network if missing
   102        command: docker run --net host --rm --entrypoint /contiv/bin/netctl {{ images.contiv_netplugin }} --netmaster http://localhost:9999 net create -n infra -s 132.1.1.0/24 -g 132.1.1.1 contivh1 # using defaults from installation script
   103        when: "'contivh1' not in contiv_networks.stdout"
   104        run_once: true
   105  
   106      - name: restart netplugin to propagate forwarding mode change
   107        command: kubectl --kubeconfig {{ kubernetes_kubeconfig.kubectl }} -n kube-system delete pod --selector k8s-app=contiv-netplugin
   108        run_once: true
   109  
   110      # Wait until netplugins pods are up
   111      - name: get desired number of netplugin pods
   112        command: kubectl --kubeconfig {{ kubernetes_kubeconfig.kubectl }} get ds contiv-netplugin -o=jsonpath='{.status.desiredNumberScheduled}' --namespace=kube-system
   113        register: desiredPods
   114        until: desiredPods|success
   115        retries: 20
   116        delay: 6
   117        run_once: true
   118  
   119      - name: wait until all netplugin pods are ready
   120        command: kubectl --kubeconfig {{ kubernetes_kubeconfig.kubectl }} get ds contiv-netplugin -o=jsonpath='{.status.numberReady}' --namespace=kube-system
   121        register: readyPods
   122        until: desiredPods.stdout|int == readyPods.stdout|int
   123        retries: 20
   124        delay: 6
   125        failed_when: false # We don't want this task to actually fail (We catch the failure with a custom msg in the next task)
   126        run_once: true
   127  
   128      - name: fail if any netplugin pods are not ready
   129        fail:
   130          msg: "Timed out waiting for all contiv netplugin pods to be ready."
   131        run_once: true
   132        when: desiredPods.stdout|int != readyPods.stdout|int
   133  
   134      - name: list existing contiv networks
   135        command: docker run --net host --rm --entrypoint /contiv/bin/netctl {{ images.contiv_netplugin }} --netmaster http://localhost:9999 net ls
   136        register: contiv_networks
   137        run_once: true
   138  
   139      - name: create pod network # the name of the network, 'default-net', is a magic string. don't change.
   140        command: docker run --net host --rm --entrypoint /contiv/bin/netctl {{ images.contiv_netplugin }} --netmaster http://localhost:9999 net create -t default --subnet={{ kubernetes_pods_cidr }} --gateway {{ kubernetes_pods_cidr | ipaddr('net') | ipaddr('1') | ipaddr('address') }} default-net
   141        run_once: true
   142        when:  "'default-net' not in contiv_networks.stdout"
   143  
   144      when: "'master' in group_names"
   145