diff --git a/.github/workflows/docs_build.yml b/.github/workflows/docs_build.yml
index e1e81344b..f1006c336 100644
--- a/.github/workflows/docs_build.yml
+++ b/.github/workflows/docs_build.yml
@@ -153,7 +153,7 @@ jobs:
tasktag=task_prepare_cluster
taskname=$(echo ${tasktag} | tr '_' '-')
- for distro in k8s kid; do
+ for distro in k8s; do
ansible-playbook-grapher -t ${tasktag} --skip-tags omit_from_grapher -e kubeinit_cluster_distro=${distro} -e kubeinit_cluster_distro_role=kubeinit_${distro} kubeinit/playbook.yml --include-role-tasks -o docs/src/static/playbook_${distro}_${tasktag} --save-dot-file
sed -e ':again;$!N;$!b again; s/subgraph "Play #[12]:[^"]*"{[^}]*}//g' -e 's/"Play #3: [^"]*"/"'${taskname}'"/g' -e 's/shape=box/shape=octagon/g' -e 's/#[0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f]/#000000/g' -e 's/ style=filled / /' docs/src/static/playbook_${distro}_${tasktag}.dot | dot -Tsvg > docs/src/static/playbook_${distro}_${tasktag}.svg
cat << EOF >> docs/src/playbook_diagrams.rst
@@ -198,7 +198,7 @@ jobs:
tasktag=task_deploy_cluster
taskname=$(echo ${tasktag} | tr '_' '-')
- for distro in k8s kid; do
+ for distro in k8s; do
ansible-playbook-grapher -t ${tasktag} --skip-tags omit_from_grapher -e kubeinit_cluster_distro=${distro} -e kubeinit_cluster_distro_role=kubeinit_${distro} kubeinit/playbook.yml --include-role-tasks -o docs/src/static/playbook_${distro}_${tasktag} --save-dot-file
sed -e ':again;$!N;$!b again; s/subgraph "Play #[12]:[^"]*"{[^}]*}//g' -e 's/"Play #3: [^"]*"/"'${taskname}'"/g' -e 's/shape=box/shape=octagon/g' -e 's/#[0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f]/#000000/g' -e 's/ style=filled / /' docs/src/static/playbook_${distro}_${tasktag}.dot | dot -Tsvg > docs/src/static/playbook_${distro}_${tasktag}.svg
cat << EOF >> docs/src/playbook_diagrams.rst
@@ -241,8 +241,7 @@ jobs:
EOF
- sed -e '/^juju-controller/d' \
- -e '/^hypervisor-04/d' \
+ sed -e '/^hypervisor-04/d' \
-e '/^\[controller_nodes\]$/ acontroller-01 target=hypervisor-01\ncontroller-02 target=hypervisor-02\ncontroller-03 target=hypervisor-03' \
-e '/^\[compute_nodes\]$/ acompute-01 target=hypervisor-01\ncompute-02 target=hypervisor-02' \
-e '/^service /s/ / target=hypervisor-01 /' \
diff --git a/ci/container_sync.sh b/ci/container_sync.sh
index e1e298919..99de9f771 100755
--- a/ci/container_sync.sh
+++ b/ci/container_sync.sh
@@ -50,8 +50,9 @@ declare -a container_images=(
"library registry 2"
"library httpd 2.4"
"library debian 11"
- "library ubuntu focal"
+ "library debian 12"
"library ubuntu jammy"
+ "library ubuntu noble"
"internetsystemsconsortium bind9 9.18"
"sonatype nexus3 3.30.0"
"nginxinc nginx-unprivileged latest"
diff --git a/ci/kubeinit_ci_utils.py b/ci/kubeinit_ci_utils.py
index 13da33b27..7b41243d1 100755
--- a/ci/kubeinit_ci_utils.py
+++ b/ci/kubeinit_ci_utils.py
@@ -339,15 +339,10 @@ def get_periodic_jobs_labels(cluster_type='all', distro='all'):
"k8s-libvirt-1-1-1-h",
"k8s-libvirt-1-0-1-h"]
- kid_configs = ["kid-libvirt-3-1-1-h",
- "kid-libvirt-3-0-2-h",
- "kid-libvirt-1-1-1-h",
- "kid-libvirt-1-0-1-h"]
-
if re.match(r"([a-z|0-9|\.]+-[a-z]+-[1-9]-[0-9]-[1-9]-[c|h],?)+", distro):
print("'kubeinit_ci_utils.py' ==> We are requesting specific job labels")
req_labels = set(distro.split(","))
- all_labels = set(okd_configs + kid_configs + k8s_configs)
+ all_labels = set(okd_configs + k8s_configs)
if (req_labels.issubset(all_labels)):
print("'kubeinit_ci_utils.py' ==> The requested labels are defined correctly")
# We return the labels filtered by cluster_type, multinode or singlenode
@@ -360,7 +355,7 @@ def get_periodic_jobs_labels(cluster_type='all', distro='all'):
elif distro == 'random':
print("'kubeinit_ci_utils.py' ==> Returning 4 random scenarios to test")
# If the distro parameter is random we return 4 random distros to test
- all_scenarios = okd_configs + kid_configs + k8s_configs
+ all_scenarios = okd_configs + k8s_configs
return_labels = random.sample(all_scenarios, 4)
# We return the labels filtered by cluster_type, multinode or singlenode
filtered_return = [lab for lab in return_labels if cluster_pattern.match(lab)]
@@ -368,7 +363,7 @@ def get_periodic_jobs_labels(cluster_type='all', distro='all'):
return filtered_return
elif distro == "all":
print("'kubeinit_ci_utils.py' ==> Appending all configs")
- return_labels = okd_configs + kid_configs + k8s_configs
+ return_labels = okd_configs + k8s_configs
# We return the labels filtered by cluster_type, multinode or singlenode
filtered_return = [lab for lab in return_labels if cluster_pattern.match(lab)]
print("'kubeinit_ci_utils.py' ==> " + str(filtered_return))
@@ -378,9 +373,6 @@ def get_periodic_jobs_labels(cluster_type='all', distro='all'):
if 'okd' in distro and '.' not in distro:
print("'kubeinit_ci_utils.py' ==> Appending OKD configs")
configs = configs + okd_configs
- if 'kid' in distro and '.' not in distro:
- print("'kubeinit_ci_utils.py' ==> Appending KID configs")
- configs = configs + kid_configs
if 'k8s' in distro and '.' not in distro:
print("'kubeinit_ci_utils.py' ==> Appending K8S configs")
configs = configs + k8s_configs
diff --git a/ci/launch_e2e.py b/ci/launch_e2e.py
index 05520582f..11a80d943 100755
--- a/ci/launch_e2e.py
+++ b/ci/launch_e2e.py
@@ -423,8 +423,8 @@ def valid_labels_regex(arg_value, pat=re.compile(r"^all|random|([a-z|0-9|,|\.]+)
#
# launch_e2e.py --job_type=pr
# launch_e2e.py --job_type=pr --pr_id=154
- # launch_e2e.py --job_type=periodic --job_label=eks-libvirt-3-0-1-h
- # launch_e2e.py --job_type=periodic --job_label=eks-libvirt-3-0-1-h,cdk-libvirt-1-0-1-h
+ # launch_e2e.py --job_type=periodic --job_label=k8s-libvirt-3-0-1-h
+ # launch_e2e.py --job_type=periodic --job_label=k8s-libvirt-3-0-1-h,okd-libvirt-1-0-1-h
# launch_e2e.py --job_type=periodic --cluster_type=singlenode --job_label=random
# launch_e2e.py --job_type=periodic --cluster_type=singlenode --job_label=all
# launch_e2e.py --job_type=periodic --cluster_type=singlenode --job_label=okd
@@ -469,7 +469,7 @@ def valid_labels_regex(arg_value, pat=re.compile(r"^all|random|([a-z|0-9|,|\.]+)
if (args.job_label is not None and not re.match(r"([a-z|0-9|\.]+-[a-z]+-[1-9]-[0-9]-[1-9]-[c|h],?)+", args.job_label) and not re.match(r"([a-z|0-9|,|\.]+)?", args.job_label) and args.job_type != 'pr'):
print("'launch_e2e.py' ==> The third argument must be [periodic|pr]")
- print("'launch_e2e.py' ==> periodic, can be periodic|periodic=okd,eks ...")
+ print("'launch_e2e.py' ==> periodic, can be periodic|periodic=okd,k8s ...")
print("'launch_e2e.py' ==> also the periodic job can trigger a specfic label like:")
print("'launch_e2e.py' ==> periodic=okd-libvirt-3-1-1-h")
sys.exit()
diff --git a/ci/launch_e2e.sh b/ci/launch_e2e.sh
index 0608b34d8..88b6b1cbf 100755
--- a/ci/launch_e2e.sh
+++ b/ci/launch_e2e.sh
@@ -232,14 +232,6 @@ echo "(launch_e2e.sh) ==> Deploying the cluster ..."
FAILED="0"
KUBEINIT_SPEC=${KUBEINIT_SPEC//,/$'\n'}
-# We enable having Windows compute nodes by default in the CI
-# for the k8s-1-1-1 spec scenario
-if [[ "$DISTRO" == "k8s" && "$MASTERS" == "1" && "$WORKERS" == "1" && "$HYPERVISORS" == "1" ]]; then
- # For enabling Windows deployments use the cluster_nodes_spec like
- # -e cluster_nodes_spec='[{"when_group":"compute_nodes","os":"windows"}]'
- CLUSTER_NODES='[{"when_group":"compute_nodes","os":"windows"}]'
-fi
-
# This conditional will never be true, this is kept as an example about
# How to wire in extra roles and variables in a deployment
if [[ "$DISTRO" == "okd" && "$MASTERS" == "1" && "$WORKERS" == "1" && "$HYPERVISORS" == "1" && "$HYPERVISORS" == "falsecondition" ]]; then
diff --git a/ci/render_periodic_jobs_page.py b/ci/render_periodic_jobs_page.py
index c407f00fd..9d038e29f 100644
--- a/ci/render_periodic_jobs_page.py
+++ b/ci/render_periodic_jobs_page.py
@@ -48,9 +48,6 @@ def main():
if distro == 'okd':
distro = "Origin Distribution of K8s"
- elif distro == 'kid':
- distro = "KubeInit distro"
- elif distro == 'k8s':
distro = "Vanilla K8s"
elif '.' in distro:
distro = distro.upper().replace('.', '/')
diff --git a/kubeinit/galaxy.yml b/kubeinit/galaxy.yml
index 334c2724f..c1ea6ea70 100644
--- a/kubeinit/galaxy.yml
+++ b/kubeinit/galaxy.yml
@@ -16,10 +16,8 @@ tags:
- openshift
- origin
dependencies:
- ansible.netcommon: '==5.1.1'
ansible.posix: '==1.5.4'
ansible.utils: '==2.10.3'
- ansible.windows: '==1.14.0'
community.crypto: '==2.13.1'
community.general: '==7.0.1'
community.libvirt: '==1.2.0'
diff --git a/kubeinit/group_vars/kubeinit_defaults.yml b/kubeinit/group_vars/kubeinit_defaults.yml
index 3f96bb761..c43fe2c83 100644
--- a/kubeinit/group_vars/kubeinit_defaults.yml
+++ b/kubeinit/group_vars/kubeinit_defaults.yml
@@ -15,18 +15,14 @@ default_network_name: kimgtnet0
#
cluster_node_configurations_docsplaceholder: 'we should have a cluster_node_configuration main key'
-cluster_node_distro:
+cluster_node_default_distro:
k8s:
os: centos
- kid:
- os: debian
ocp:
os: coreos
okd:
os: coreos
-cluster_node_os: "{{ hostvars['kubeinit-defaults'].cluster_node_distro[kubeinit_cluster_distro].os }}"
-
cluster_node_vcpus: 8
cluster_node_maxvcpus: 16
@@ -50,7 +46,7 @@ compute_node_target_order:
# -e cluster_nodes_spec='[{"when_group":"controller_nodes","disk"="35G"}]'
#
default_cluster_nodes_map_list:
-- os: "{{ hostvars['kubeinit-defaults'].cluster_node_os }}"
+- os: "{{ hostvars['kubeinit-defaults'].cluster_node_default_distro[kubeinit_cluster_distro].os }}"
- when_type: virtual
vcpus: "{{ cluster_node_vcpus }}"
maxvcpus: "{{ cluster_node_maxvcpus }}"
@@ -73,8 +69,6 @@ extra_node_maxvcpus: 16
extra_node_disk_size: 20G
extra_node_ram_size: 16777216
-juju_controller_node_ram_size: 8388608
-
extra_node_target_order:
- hypervisor-02
- hypervisor-01
@@ -86,17 +80,13 @@ extra_node_target_order:
# -e extra_nodes_spec='[{"name":"nova-compute","when_distro":["okd"],"os":"centos"}]'
#
default_extra_nodes_map_list:
-- os: "{{ hostvars['kubeinit-defaults'].cluster_node_os }}"
+- os: "{{ hostvars['kubeinit-defaults'].cluster_node_default_distro[kubeinit_cluster_distro].os }}"
- when_type: virtual
vcpus: "{{ cluster_node_vcpus }}"
maxvcpus: "{{ cluster_node_maxvcpus }}"
- disk: "{{ extra_node_disk_size }}"
ram: "{{ extra_node_ram_size }}"
target_order: "{{ extra_node_target_order }}"
-- when_distro:
- - cdk
- name: juju-controller
- ram: "{{ juju_controller_node_ram_size }}"
- when_distro:
- ocp
- okd
@@ -120,7 +110,7 @@ service_node_target_order:
# -e service_nodes_spec='[{"services":["apache","bind","dnsmasq"]}]'
#
default_service_nodes_map_list:
-- os: "{{ hostvars['kubeinit-defaults'].cluster_node_os }}"
+- os: "{{ hostvars['kubeinit-defaults'].cluster_node_default_distro[kubeinit_cluster_distro].os }}"
services:
- bind
- dnsmasq
diff --git a/kubeinit/group_vars/kubeinit_facts.yml b/kubeinit/group_vars/kubeinit_facts.yml
index ba40f2110..b82b3cc14 100644
--- a/kubeinit/group_vars/kubeinit_facts.yml
+++ b/kubeinit/group_vars/kubeinit_facts.yml
@@ -10,11 +10,8 @@ distro_facts:
k8s:
name: 'Vanilla CNCF Kubernetes'
role: kubeinit_k8s
- kid:
- name: 'Kubeinit distro (work-in-progress)'
- role: kubeinit_kid
ocp:
- name: 'Openshift Container Platform'
+ name: 'OpenShift Container Platform'
role: kubeinit_openshift
okd:
name: 'Origin Distribution of Kubernetes'
diff --git a/kubeinit/playbook.yml b/kubeinit/playbook.yml
index faedd6f41..23ecabf6b 100644
--- a/kubeinit/playbook.yml
+++ b/kubeinit/playbook.yml
@@ -18,7 +18,7 @@
hosts: localhost
become: false
gather_subset: "!all,network"
- gather_facts: true
+ gather_facts: false
pre_tasks:
- name: Check if Ansible meets version requirements.
tags: task_gather_facts
@@ -43,7 +43,7 @@
hosts: kubeinit_hypervisors
become: false
gather_subset: "!all,network"
- gather_facts: true
+ gather_facts: false
tasks:
- name: Skip play if playbook_terminated
ansible.builtin.meta: end_play
diff --git a/kubeinit/requirements.yml b/kubeinit/requirements.yml
index 0b3b5364a..b3f2e62e1 100644
--- a/kubeinit/requirements.yml
+++ b/kubeinit/requirements.yml
@@ -4,14 +4,10 @@
---
collections:
- - name: ansible.netcommon
- version: '5.1.1'
- name: ansible.posix
version: '1.5.4'
- name: ansible.utils
version: '2.10.3'
- - name: ansible.windows
- version: '1.14.0'
- name: community.crypto
version: '2.13.1'
- name: community.general
diff --git a/kubeinit/roles/kubeinit_apache/tasks/main.yml b/kubeinit/roles/kubeinit_apache/tasks/main.yml
index c6c675d06..fe5b08814 100644
--- a/kubeinit/roles/kubeinit_apache/tasks/main.yml
+++ b/kubeinit/roles/kubeinit_apache/tasks/main.yml
@@ -18,6 +18,7 @@
ansible.builtin.package:
state: present
name: "buildah"
+ use: "{{ hostvars[kubeinit_deployment_delegate]['ansible_facts']['pkg_mgr'] }}"
- name: Create a new working container image
ansible.builtin.command: buildah from --name {{ kubeinit_cluster_name }}-apache quay.io/kubeinit/httpd:2.4
diff --git a/kubeinit/roles/kubeinit_apps/README.md b/kubeinit/roles/kubeinit_apps/README.md
deleted file mode 100644
index e04e2a9d0..000000000
--- a/kubeinit/roles/kubeinit_apps/README.md
+++ /dev/null
@@ -1,3 +0,0 @@
-Please, refer to the kubeinit_apps role
-[official docs](https://kubeinit.github.io/kubeinit/roles/role-kubeinit_apps.html)
-for further information.
diff --git a/kubeinit/roles/kubeinit_apps/defaults/main.yml b/kubeinit/roles/kubeinit_apps/defaults/main.yml
deleted file mode 100644
index 82dfc5d47..000000000
--- a/kubeinit/roles/kubeinit_apps/defaults/main.yml
+++ /dev/null
@@ -1,24 +0,0 @@
----
-# Copyright kubeinit contributors
-# All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-
-# All variables intended for modification should be placed in this file.
-
-# All variables within this role should have a prefix of "kubeinit_apps_"
-kubeinit_apps_debug: "{{ (ansible_verbosity | int) >= 2 | bool }}"
-kubeinit_apps_hide_sensitive_logs: true
-
-kubeinit_apps_sampleapp_replicas: 1
diff --git a/kubeinit/roles/kubeinit_apps/files/.gitkeep b/kubeinit/roles/kubeinit_apps/files/.gitkeep
deleted file mode 100644
index e69de29bb..000000000
diff --git a/kubeinit/roles/kubeinit_apps/handlers/main.yml b/kubeinit/roles/kubeinit_apps/handlers/main.yml
deleted file mode 100644
index 9490b54cc..000000000
--- a/kubeinit/roles/kubeinit_apps/handlers/main.yml
+++ /dev/null
@@ -1,15 +0,0 @@
----
-# Copyright kubeinit contributors
-# All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
diff --git a/kubeinit/roles/kubeinit_apps/meta/main.yml b/kubeinit/roles/kubeinit_apps/meta/main.yml
deleted file mode 100644
index 8d8f6b555..000000000
--- a/kubeinit/roles/kubeinit_apps/meta/main.yml
+++ /dev/null
@@ -1,44 +0,0 @@
----
-# Copyright kubeinit contributors
-# All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-
-galaxy_info:
- author: KubeInit
- role_name: kubeinit_apps
- namespace: kubeinit
- description: KubeInit Role -- kubeinit_apps
- company: Red Hat
- license: Apache-2.0
- min_ansible_version: 2.9
- #
- # Provide a list of supported platforms, and for each platform a list of versions.
- # If you don't wish to enumerate all versions for a particular platform, use 'all'.
- # To view available platforms and versions (or releases), visit:
- # https://galaxy.ansible.com/api/v1/platforms/
- #
- platforms:
- - name: CentOS
- versions:
- - 7
- - 8
-
- galaxy_tags:
- - kubeinit
-
-
-# List your role dependencies here, one per line. Be sure to remove the '[]' above,
-# if you add dependencies to this list.
-dependencies: []
diff --git a/kubeinit/roles/kubeinit_apps/molecule/default/converge.yml b/kubeinit/roles/kubeinit_apps/molecule/default/converge.yml
deleted file mode 100644
index ba88219d1..000000000
--- a/kubeinit/roles/kubeinit_apps/molecule/default/converge.yml
+++ /dev/null
@@ -1,25 +0,0 @@
----
-# Copyright kubeinit contributors
-# All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-
-- name: Converge
- hosts: all
- # roles:
- # - role: "kubeinit_apps"
- tasks:
- - name: Message for "kubeinit_apps"
- ansible.builtin.debug:
- msg: Finishing molecule for "kubeinit_apps"
diff --git a/kubeinit/roles/kubeinit_apps/molecule/default/molecule.yml b/kubeinit/roles/kubeinit_apps/molecule/default/molecule.yml
deleted file mode 100644
index b5d8023ed..000000000
--- a/kubeinit/roles/kubeinit_apps/molecule/default/molecule.yml
+++ /dev/null
@@ -1,13 +0,0 @@
----
-dependency:
- name: galaxy
-driver:
- name: docker
-platforms:
- - name: instance
- image: quay.io/centos/centos:stream8
- pre_build_image: true
-provisioner:
- name: ansible
-verifier:
- name: ansible
diff --git a/kubeinit/roles/kubeinit_apps/molecule/default/verify.yml b/kubeinit/roles/kubeinit_apps/molecule/default/verify.yml
deleted file mode 100644
index 86afba4ff..000000000
--- a/kubeinit/roles/kubeinit_apps/molecule/default/verify.yml
+++ /dev/null
@@ -1,9 +0,0 @@
----
-# This is an example playbook to execute Ansible tests.
-
-- name: Verify
- hosts: all
- tasks:
- - name: Example assertion
- ansible.builtin.assert:
- that: true
diff --git a/kubeinit/roles/kubeinit_apps/tasks/main.yml b/kubeinit/roles/kubeinit_apps/tasks/main.yml
deleted file mode 100644
index ee0b187c2..000000000
--- a/kubeinit/roles/kubeinit_apps/tasks/main.yml
+++ /dev/null
@@ -1,23 +0,0 @@
----
-# Copyright kubeinit contributors
-# All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-- name: Run the Linux sample application (sampleapp)
- ansible.builtin.include_tasks: sampleapp.yml
- when: not windows_compute_node_exists | default(false)
-
-- name: Run the Windows sample application (sampleapp)
- ansible.builtin.include_tasks: win_sampleapp.yml
- when: windows_compute_node_exists | default(false)
diff --git a/kubeinit/roles/kubeinit_apps/tasks/sampleapp.yml b/kubeinit/roles/kubeinit_apps/tasks/sampleapp.yml
deleted file mode 100644
index 992118242..000000000
--- a/kubeinit/roles/kubeinit_apps/tasks/sampleapp.yml
+++ /dev/null
@@ -1,114 +0,0 @@
----
-# Copyright kubeinit contributors
-# All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-- name: Install the simple app
- block:
- - name: Create the sampleapp template file
- ansible.builtin.template:
- src: "sampleapp.yml.j2"
- dest: "~/sampleapp.yml"
- mode: "0755"
-
- - name: Install the sample app
- ansible.builtin.shell: |
- set -o pipefail
- kubectl create namespace sampleapp
- kubectl apply -f ~/sampleapp.yml
- args:
- executable: /bin/bash
- register: _result
- changed_when: "_result.rc == 0"
- delegate_to: "{{ kubeinit_provision_service_node }}"
-
- - name: Wait until pods are created
- ansible.builtin.shell: |
- set -o pipefail
- kubectl get pods --namespace=sampleapp | grep sampleapp
- args:
- executable: /bin/bash
- register: _result
- changed_when: "_result.rc == 0"
- retries: 60
- delay: 5
- until: _result.stdout_lines | list | length == kubeinit_apps_sampleapp_replicas|int
- delegate_to: "{{ kubeinit_provision_service_node }}"
-
- - name: Wait until pods are running
- ansible.builtin.shell: |
- set -o pipefail
- kubectl get pods --namespace=sampleapp | grep Running
- args:
- executable: /bin/bash
- register: _result
- changed_when: "_result.rc == 0"
- retries: 60
- delay: 5
- until: _result.stdout_lines | list | length == kubeinit_apps_sampleapp_replicas|int
- delegate_to: "{{ kubeinit_provision_service_node }}"
-
- rescue:
- - name: Get some debugging information
- ansible.builtin.shell: |
- set -o pipefail
- echo "********************"
- echo "***"
- echo "*** Describe the first sampleapp container information"
- echo "***"
- echo "********************"
- kubectl describe pod $(kubectl get pods --namespace=sampleapp -o json | jq .items[0].metadata.name | tr -d '"') --namespace=sampleapp
- echo "********************"
- echo "***"
- echo "*** Describe the first sampleapp container logs"
- echo "***"
- echo "********************"
- kubectl logs $(kubectl get pods --namespace=sampleapp -o json | jq .items[0].metadata.name | tr -d '"') --namespace=sampleapp --previous
- echo "********************"
- echo "***"
- echo "*** Get the first controller node name"
- echo "***"
- echo "********************"
- kubectl get nodes -o json | jq .items[0].metadata.name
- echo "********************"
- echo "***"
- echo "*** Get the first controller node taints"
- echo "***"
- echo "********************"
- kubectl get nodes -o json | jq .items[0].spec.taints
- echo "********************"
- echo "***"
- echo "*** Describe the first controller node info"
- echo "***"
- echo "********************"
- kubectl describe node $(kubectl get nodes -o json | jq .items[0].metadata.name | tr -d '"')
- args:
- executable: /bin/bash
- register: _result
- changed_when: "_result.rc == 0"
- delegate_to: "{{ kubeinit_provision_service_node }}"
-
- - name: Force fail
- ansible.builtin.fail:
- msg: The sampleapp deployment failed, the deployment must fail
-
-- name: Delete the sampleapp
- ansible.builtin.shell: |
- set -o pipefail
- kubectl delete namespace sampleapp --force --grace-period=0 --wait=false
- args:
- executable: /bin/bash
- register: _result
- changed_when: "_result.rc == 0"
- delegate_to: "{{ kubeinit_provision_service_node }}"
diff --git a/kubeinit/roles/kubeinit_apps/tasks/win_sampleapp.yml b/kubeinit/roles/kubeinit_apps/tasks/win_sampleapp.yml
deleted file mode 100644
index 6b5333db1..000000000
--- a/kubeinit/roles/kubeinit_apps/tasks/win_sampleapp.yml
+++ /dev/null
@@ -1,116 +0,0 @@
----
-# Copyright kubeinit contributors
-# All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-- name: Install the simple app
- block:
- - name: Create the sampleapp template file
- ansible.builtin.template:
- src: "win_sampleapp.yml.j2"
- dest: "~/win_sampleapp.yml"
- mode: "0755"
-
- - name: Install the Windows sample app
- ansible.builtin.shell: |
- set -o pipefail
- kubectl create namespace windows-sampleapp
- kubectl apply -f ~/win_sampleapp.yml
- args:
- executable: /bin/bash
- register: _result
- changed_when: "_result.rc == 0"
- delegate_to: "{{ kubeinit_provision_service_node }}"
-
- - name: Wait until pods are created
- ansible.builtin.shell: |
- set -o pipefail
- kubectl get pods --namespace=windows-sampleapp | grep windows-sampleapp
- args:
- executable: /bin/bash
- register: _result
- changed_when: "_result.rc == 0"
- retries: 60
- delay: 5
- until: _result.stdout_lines | list | length == kubeinit_apps_sampleapp_replicas|int
- delegate_to: "{{ kubeinit_provision_service_node }}"
-
- - name: Wait until pods are running
- ansible.builtin.shell: |
- set -o pipefail
- kubectl get pods --namespace=windows-sampleapp | grep Running
- args:
- executable: /bin/bash
- register: _result
- changed_when: "_result.rc == 0"
- # This Windows application might take a lot of time to start running,
- # the 2022 server image where it runs on top is fairly heavy.
- retries: 160
- delay: 5
- until: _result.stdout_lines | list | length == kubeinit_apps_sampleapp_replicas|int
- delegate_to: "{{ kubeinit_provision_service_node }}"
-
- rescue:
- - name: Get some debugging information
- ansible.builtin.shell: |
- set -o pipefail
- echo "********************"
- echo "***"
- echo "*** Describe the first windows-sampleapp container information"
- echo "***"
- echo "********************"
- kubectl describe pod $(kubectl get pods --namespace=windows-sampleapp -o json | jq .items[0].metadata.name | tr -d '"') --namespace=windows-sampleapp
- echo "********************"
- echo "***"
- echo "*** Describe the first windows-sampleapp container logs"
- echo "***"
- echo "********************"
- kubectl logs $(kubectl get pods --namespace=windows-sampleapp -o json | jq .items[0].metadata.name | tr -d '"') --namespace=windows-sampleapp --previous
- echo "********************"
- echo "***"
- echo "*** Get the first controller node name"
- echo "***"
- echo "********************"
- kubectl get nodes -o json | jq .items[0].metadata.name
- echo "********************"
- echo "***"
- echo "*** Get the first controller node taints"
- echo "***"
- echo "********************"
- kubectl get nodes -o json | jq .items[0].spec.taints
- echo "********************"
- echo "***"
- echo "*** Describe the first controller node info"
- echo "***"
- echo "********************"
- kubectl describe node $(kubectl get nodes -o json | jq .items[0].metadata.name | tr -d '"')
- args:
- executable: /bin/bash
- register: _result
- changed_when: "_result.rc == 0"
- delegate_to: "{{ kubeinit_provision_service_node }}"
-
- - name: Force fail
- ansible.builtin.fail:
- msg: The windows-sampleapp deployment failed, the deployment must fail
-
-- name: Delete the windows-sampleapp
- ansible.builtin.shell: |
- set -o pipefail
- kubectl delete namespace windows-sampleapp --force --grace-period=0 --wait=false
- args:
- executable: /bin/bash
- register: _result
- changed_when: "_result.rc == 0"
- delegate_to: "{{ kubeinit_provision_service_node }}"
diff --git a/kubeinit/roles/kubeinit_apps/templates/coco_workload.yml.j2 b/kubeinit/roles/kubeinit_apps/templates/coco_workload.yml.j2
deleted file mode 100644
index 1fdf6eef2..000000000
--- a/kubeinit/roles/kubeinit_apps/templates/coco_workload.yml.j2
+++ /dev/null
@@ -1,12 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
- labels:
- run: nginx
- name: nginx
-spec:
- containers:
- - image: quay.io/kubeinit/nginx-unprivileged:latest
- name: nginx
- dnsPolicy: ClusterFirst
- runtimeClassName: kata
diff --git a/kubeinit/roles/kubeinit_apps/templates/sampleapp.yml.j2 b/kubeinit/roles/kubeinit_apps/templates/sampleapp.yml.j2
deleted file mode 100644
index 464d2dbff..000000000
--- a/kubeinit/roles/kubeinit_apps/templates/sampleapp.yml.j2
+++ /dev/null
@@ -1,24 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: sampleapp
- namespace: sampleapp
- labels:
- app: sampleapp
-spec:
- selector:
- matchLabels:
- app: sampleapp
- replicas: {{ kubeinit_apps_sampleapp_replicas }}
- template:
- metadata:
- labels:
- app: sampleapp
- spec:
- containers:
- - name: nginx
- image: quay.io/kubeinit/nginx-unprivileged:latest
- ports:
- - containerPort: 8080
- nodeSelector:
- kubernetes.io/os: linux
diff --git a/kubeinit/roles/kubeinit_apps/templates/win_sampleapp.yml.j2 b/kubeinit/roles/kubeinit_apps/templates/win_sampleapp.yml.j2
deleted file mode 100644
index 77c453770..000000000
--- a/kubeinit/roles/kubeinit_apps/templates/win_sampleapp.yml.j2
+++ /dev/null
@@ -1,43 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
- namespace: windows-sampleapp
- name: windows-sampleapp
- labels:
- app: windows-sampleapp
-spec:
- ports:
- # the port that this service should serve on
- - port: 80
- targetPort: 80
- selector:
- app: windows-sampleapp
- type: NodePort
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- labels:
- app: windows-sampleapp
- name: windows-sampleapp
- namespace: windows-sampleapp
-spec:
- replicas: {{ kubeinit_apps_sampleapp_replicas }}
- selector:
- matchLabels:
- app: windows-sampleapp
- template:
- metadata:
- labels:
- app: windows-sampleapp
- name: windows-sampleapp
- spec:
- containers:
- - name: windowswebserver
- image: mcr.microsoft.com/windows/servercore:ltsc2022
- command:
- - powershell.exe
- - -command
- - "<#code used from https://gist.github.com/19WAS85/5424431#> ; $$listener = New-Object System.Net.HttpListener ; $$listener.Prefixes.Add('http://*:80/') ; $$listener.Start() ; $$callerCounts = @{} ; Write-Host('Listening at http://*:80/') ; while ($$listener.IsListening) { ;$$context = $$listener.GetContext() ;$$requestUrl = $$context.Request.Url ;$$clientIP = $$context.Request.RemoteEndPoint.Address ;$$response = $$context.Response ;Write-Host '' ;Write-Host('> {0}' -f $$requestUrl) ; ;$$count = 1 ;$$k=$$callerCounts.Get_Item($$clientIP) ;if ($$k -ne $$null) { $$count += $$k } ;$$callerCounts.Set_Item($$clientIP, $$count) ;$$ip=(Get-NetAdapter | Get-NetIpAddress); $$header='
Windows Container Web Server
' ;$$callerCountsString='' ;$$callerCounts.Keys | % { $$callerCountsString+='IP {0} callerCount {1} ' -f $$ip[1].IPAddress,$$callerCounts.Item($$_) } ;$$footer='' ;$$content='{0}{1}{2}' -f $$header,$$callerCountsString,$$footer ;Write-Output $$content ;$$buffer = [System.Text.Encoding]::UTF8.GetBytes($$content) ;$$response.ContentLength64 = $$buffer.Length ;$$response.OutputStream.Write($$buffer, 0, $$buffer.Length) ;$$response.Close() ;$$responseStatus = $$response.StatusCode ;Write-Host('< {0}' -f $$responseStatus) } ; "
- nodeSelector:
- kubernetes.io/os: windows
diff --git a/kubeinit/roles/kubeinit_apps/vars/main.yml b/kubeinit/roles/kubeinit_apps/vars/main.yml
deleted file mode 100644
index 1c28fe1b5..000000000
--- a/kubeinit/roles/kubeinit_apps/vars/main.yml
+++ /dev/null
@@ -1,22 +0,0 @@
----
-# Copyright kubeinit contributors
-# All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-
-# While options found within the vars/ path can be overridden using extra
-# vars, items within this path are considered part of the role and not
-# intended to be modified.
-
-# All variables within this role should have a prefix of "kubeinit_apps_"
diff --git a/kubeinit/roles/kubeinit_bind/tasks/main.yml b/kubeinit/roles/kubeinit_bind/tasks/main.yml
index dd80c8441..4007102fb 100644
--- a/kubeinit/roles/kubeinit_bind/tasks/main.yml
+++ b/kubeinit/roles/kubeinit_bind/tasks/main.yml
@@ -33,6 +33,7 @@
ansible.builtin.package:
state: present
name: "buildah"
+ use: "{{ hostvars[kubeinit_deployment_delegate]['ansible_facts']['pkg_mgr'] }}"
- name: Remove any old bind buildah container
ansible.builtin.shell: |
diff --git a/kubeinit/roles/kubeinit_bind/templates/named.conf.local.j2 b/kubeinit/roles/kubeinit_bind/templates/named.conf.local.j2
index 46afe8600..8ab9b5bb0 100644
--- a/kubeinit/roles/kubeinit_bind/templates/named.conf.local.j2
+++ b/kubeinit/roles/kubeinit_bind/templates/named.conf.local.j2
@@ -34,7 +34,7 @@ view "internal" {
{% set cluster_net_name = hostvars[cluster].network_name %}
{% set cluster_nameserver_net = hostvars[cluster_net_name].network %}
{% set cluster_nameserver_offset = hostvars[cluster_net_name].nameserver_offset %}
- {% set cluster_nameserver_addr = cluster_nameserver_net | ansible.netcommon.ipv4(cluster_nameserver_offset|int) | ansible.netcommon.ipv4('address') %}
+ {% set cluster_nameserver_addr = cluster_nameserver_net | ansible.utils.ipv4(cluster_nameserver_offset|int) | ansible.utils.ipv4('address') %}
zone "{{ cluster }}.{{ hostvars[kubeinit_cluster_name].cluster_domain }}" IN {
type forward;
forward only;
diff --git a/kubeinit/roles/kubeinit_dnsmasq/tasks/main.yml b/kubeinit/roles/kubeinit_dnsmasq/tasks/main.yml
index 48493ccaa..063709ec4 100644
--- a/kubeinit/roles/kubeinit_dnsmasq/tasks/main.yml
+++ b/kubeinit/roles/kubeinit_dnsmasq/tasks/main.yml
@@ -40,6 +40,7 @@
ansible.builtin.package:
state: present
name: "buildah"
+ use: "{{ hostvars[kubeinit_deployment_delegate]['ansible_facts']['pkg_mgr'] }}"
- name: Remove any old dnsmasq buildah container
ansible.builtin.shell: |
diff --git a/kubeinit/roles/kubeinit_haproxy/tasks/main.yml b/kubeinit/roles/kubeinit_haproxy/tasks/main.yml
index 1170c6669..031234ebb 100644
--- a/kubeinit/roles/kubeinit_haproxy/tasks/main.yml
+++ b/kubeinit/roles/kubeinit_haproxy/tasks/main.yml
@@ -33,6 +33,7 @@
ansible.builtin.package:
state: present
name: "buildah"
+ use: "{{ hostvars[kubeinit_deployment_delegate]['ansible_facts']['pkg_mgr'] }}"
- name: Remove any old haproxy buildah container
ansible.builtin.shell: |
diff --git a/kubeinit/roles/kubeinit_k8s/defaults/main.yml b/kubeinit/roles/kubeinit_k8s/defaults/main.yml
index 8fb1c1d48..e9b130bd8 100644
--- a/kubeinit/roles/kubeinit_k8s/defaults/main.yml
+++ b/kubeinit/roles/kubeinit_k8s/defaults/main.yml
@@ -21,8 +21,8 @@
kubeinit_k8s_debug: "{{ (ansible_verbosity | int) >= 2 | bool }}"
kubeinit_k8s_hide_sensitive_logs: true
-kubeinit_k8s_kubernetes_version: "1.26"
-kubeinit_k8s_kubernetes_version_full: "1.26.3"
+kubeinit_k8s_kubernetes_version: "1.30"
+kubeinit_k8s_kubernetes_version_full: "1.30.2"
# This is the default container runtime that
# will be deployed when the Vanila k8s cluster
@@ -33,10 +33,10 @@ kubeinit_k8s_kubernetes_version_full: "1.26.3"
kubeinit_k8s_container_runtime: "cri-o"
# kubeinit_k8s_container_runtime: "containerd"
-kubeinit_k8s_flannel_version: "0.22.0"
-kubeinit_k8s_flannel_cni_plugin_version: "1.1.2"
-kubeinit_k8s_flannel_cni_version: "0.3.1"
+kubeinit_k8s_flannel_version: "0.25.4"
+kubeinit_k8s_flannel_cni_plugin_version: "1.4.1"
+kubeinit_k8s_kustomize_version: "5.4.2"
# TODO:FIXME: There must be a bug in the way flannel and cri-o
# is configured. The following parameters can not be changed at the moment.
@@ -46,11 +46,3 @@ kubeinit_k8s_pod_network: 10.244.0.0
# This is the cluster CIDR
kubeinit_k8s_pod_network_cidr: 10.244.0.0/16
kubeinit_k8s_pod_subnet_len: 16
-# Make sure changes are applied to windows machines
-# in the libvirt role in the template PrepareFlannel.ps1.j2
-
-# Cluster CIDR
-# kubectl cluster-info dump | grep -m 1 service-cluster-ip-range
-
-# Service CIDR
-# kubectl cluster-info dump | grep -m 1 cluster-cidr
diff --git a/kubeinit/roles/kubeinit_k8s/tasks/main.yml b/kubeinit/roles/kubeinit_k8s/tasks/main.yml
index 902cda793..865cca329 100644
--- a/kubeinit/roles/kubeinit_k8s/tasks/main.yml
+++ b/kubeinit/roles/kubeinit_k8s/tasks/main.yml
@@ -29,10 +29,20 @@
- name: Setup the first controller node
block:
- - name: Clean kubeadm and initialize Kubernetes cluster
+ - name: Clean kubeadm
ansible.builtin.shell: |
set -eo pipefail
kubeadm reset -f || true
+ kubeadm config images list
+ kubeadm config images list --kubernetes-version latest
+ args:
+ executable: /bin/bash
+ register: _result_kubeadm_init_output
+ changed_when: "_result_kubeadm_init_output.rc == 0"
+
+ - name: Initialize Kubernetes cluster
+ ansible.builtin.shell: |
+ set -eo pipefail
kubeadm init \
--control-plane-endpoint "api.{{ kubeinit_cluster_fqdn }}:6443" \
--upload-certs \
@@ -90,14 +100,8 @@
mode: '0644'
when: kubeinit_controller_count|int > 1
- - name: Render the flannel template
- ansible.builtin.template:
- src: "kube-flannel.yml.j2"
- dest: "~/kube-flannel.yml"
- mode: "0644"
-
- - name: Install the Flannel network Add-on
- ansible.builtin.command: kubectl apply -f ~/kube-flannel.yml
+ - name: Install Network Add-on
+ ansible.builtin.command: kubectl apply -f https://github.com/flannel-io/flannel/releases/download/v{{ kubeinit_k8s_flannel_version }}/kube-flannel.yml
register: _result
changed_when: "_result.rc == 0"
@@ -160,51 +164,8 @@
loop_control:
loop_var: compute_node
delegate_to: "{{ compute_node }}"
- when: hostvars[compute_node].os != 'windows'
-
-# The kubeconfig file is on the controller nodes so we run kubectl label on the first controller
-- name: Label node
- ansible.builtin.command: |
- kubectl label node {{ hostvars[compute_node].fqdn }} node-role.kubernetes.io/worker=
- register: _result
- changed_when: "_result.rc == 0"
- loop: "{{ groups['all_compute_nodes'] | default([]) }}"
- loop_control:
- loop_var: compute_node
- delegate_to: "{{ kubeinit_first_controller_node }}"
- when: hostvars[compute_node].os != 'windows'
-
-- name: Check if there is at least one compute Windows node
- ansible.builtin.set_fact:
- windows_compute_node_exists: true
- loop: "{{ groups['all_compute_nodes'] | default([]) }}"
- loop_control:
- loop_var: compute_node
- when: hostvars[compute_node].os == 'windows'
-
-- name: Allow schedule workloads in controller nodes if there are no compute nodes
- ansible.builtin.shell: |
- set -o pipefail
- dnf install -y jq
- # Deprecated in 1.24
- for node in $(kubectl get nodes -o json | jq -r '.items[] | select(.spec.taints[]?.key=="node-role.kubernetes.io/master") | .metadata.labels."kubernetes.io/hostname"');
- do
- kubectl taint node ${node} node-role.kubernetes.io/master:NoSchedule-
- done
- # Working starting on 1.24
- for node in $(kubectl get nodes -o json | jq -r '.items[] | select(.spec.taints[]?.key=="node-role.kubernetes.io/control-plane") | .metadata.labels."kubernetes.io/hostname"');
- do
- kubectl taint node ${node} node-role.kubernetes.io/control-plane:NoSchedule-
- done
- args:
- executable: /bin/bash
- register: _result
- changed_when: "_result.rc == 0"
- when: not kubeinit_compute_count|int > 0 or (windows_compute_node_exists | default(false))
- delegate_to: "{{ kubeinit_first_controller_node }}"
-# We fetch the kubeconfig from the first controller node
-- name: Copying the kubeconfig to a variable
+- name: Fetch the kubeconfig from the first controller node
ansible.builtin.slurp:
src: ~/.kube/config
register: _result_cluster_kubeconfig
@@ -217,240 +178,46 @@
mode: '0644'
delegate_to: "{{ kubeinit_provision_service_node }}"
-- name: Storing the master kubeconfig to the services machine.
+- name: Store the kubeconfig to the provision services machine.
ansible.builtin.copy:
content: "{{ _result_cluster_kubeconfig.content | default('Empty file') | b64decode }}"
dest: ~/.kube/config
mode: '0644'
delegate_to: "{{ kubeinit_provision_service_node }}"
-- name: Install kustomize
- ansible.builtin.shell: |
- curl -sL https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize%2Fv5.1.0/kustomize_v5.1.0_linux_amd64.tar.gz > kustomize.tar.gz
- tar xzf ./kustomize.tar.gz
- mv ./kustomize /bin/
- args:
- executable: /bin/bash
+- name: Label compute nodes
+ ansible.builtin.command: |
+ kubectl label node {{ hostvars[compute_node].fqdn }} node-role.kubernetes.io/worker=
register: _result
changed_when: "_result.rc == 0"
- delegate_to: "{{ kubeinit_provision_service_node }}"
-
-#
-# Configure additional steps for including the Windows compute nodes
-#
-
-- name: Create the kubeinit folder
- ansible.windows.win_file:
- path: C:\k
- state: directory
- # TODO:FIXME: The following variables should be
- # added as group vars for those compute nodes which the
- # os is equals to 'windows'
- # TODO:FIXME: The usage of ansible_shell_type might
- # be different depending on the win_* task, the
- # supported values are [cmd | powershell]
- vars:
- ansible_shell_type: 'cmd'
- ansible_remote_tmp: 'C:\Windows\Temp'
- delegate_to: "{{ compute_node }}"
- loop: "{{ groups['all_compute_nodes'] | default([]) }}"
- loop_control:
- loop_var: compute_node
- when: hostvars[compute_node].os == 'windows'
-
-- name: Copy the kubeconfig file
- ansible.windows.win_copy:
- content: "{{ _result_cluster_kubeconfig.content | default('Empty file') | b64decode }}"
- dest: C:\k\kube_config
- # TODO:FIXME: The following variables should be
- # added as group vars for those compute nodes which the
- # os is equals to 'windows'
- # TODO:FIXME: The usage of ansible_shell_type might
- # be different depending on the win_* task, the
- # supported values are [cmd | powershell]
- vars:
- ansible_shell_type: 'cmd'
- ansible_remote_tmp: 'C:\Windows\Temp'
- delegate_to: "{{ compute_node }}"
- loop: "{{ groups['all_compute_nodes'] | default([]) }}"
- loop_control:
- loop_var: compute_node
- when: hostvars[compute_node].os == 'windows'
-
-- name: Copy the kubeconfig file
- ansible.windows.win_copy:
- content: "{{ _result_cluster_kubeconfig.content | default('Empty file') | b64decode }}"
- dest: C:\k\Kubeconfig
- # TODO:FIXME: The following variables should be
- # added as group vars for those compute nodes which the
- # os is equals to 'windows'
- # TODO:FIXME: The usage of ansible_shell_type might
- # be different depending on the win_* task, the
- # supported values are [cmd | powershell]
- vars:
- ansible_shell_type: 'cmd'
- ansible_remote_tmp: 'C:\Windows\Temp'
- delegate_to: "{{ compute_node }}"
- loop: "{{ groups['all_compute_nodes'] | default([]) }}"
- loop_control:
- loop_var: compute_node
- when: hostvars[compute_node].os == 'windows'
-
-- name: Copy the kubeconfig file
- ansible.windows.win_copy:
- content: "{{ _result_cluster_kubeconfig.content | default('Empty file') | b64decode }}"
- dest: C:\k\config
- # TODO:FIXME: The following variables should be
- # added as group vars for those compute nodes which the
- # os is equals to 'windows'
- # TODO:FIXME: The usage of ansible_shell_type might
- # be different depending on the win_* task, the
- # supported values are [cmd | powershell]
- vars:
- ansible_shell_type: 'cmd'
- ansible_remote_tmp: 'C:\Windows\Temp'
- delegate_to: "{{ compute_node }}"
- loop: "{{ groups['all_compute_nodes'] | default([]) }}"
- loop_control:
- loop_var: compute_node
- when: hostvars[compute_node].os == 'windows'
-
-- name: Write the join command
- ansible.windows.win_copy:
- content: "{{ _result_join_command.stdout | replace('kubeadm','c:\\k\\kubeadm.exe') }} --node-name {{ compute_node }}.{{ kubeinit_cluster_fqdn }} --cri-socket 'npipe:////./pipe/containerd-containerd' -v=10"
- dest: C:\k\k8s_join_command.ps1
- # TODO:FIXME: The following variables should be
- # added as group vars for those compute nodes which the
- # os is equals to 'windows'
- # TODO:FIXME: The usage of ansible_shell_type might
- # be different depending on the win_* task, the
- # supported values are [cmd | powershell]
- vars:
- ansible_shell_type: 'cmd'
- ansible_remote_tmp: 'C:\Windows\Temp'
- delegate_to: "{{ compute_node }}"
- loop: "{{ groups['all_compute_nodes'] | default([]) }}"
- loop_control:
- loop_var: compute_node
- when: hostvars[compute_node].os == 'windows'
-
-- name: Install prereqs
- ansible.windows.win_powershell:
- script: |
- $env:Path += ";C:\k;C:\Program Files\containerd;C:\Program Files\nssm"
- powershell c:\k\PrepareRequirements.ps1
- # TODO:FIXME: The following variables should be
- # added as group vars for those compute nodes which the
- # os is equals to 'windows'
- # TODO:FIXME: The usage of ansible_shell_type might
- # be different depending on the win_* task, the
- # supported values are [cmd | powershell]
- vars:
- ansible_shell_type: 'cmd'
- ansible_remote_tmp: 'C:\Windows\Temp'
- delegate_to: "{{ compute_node }}"
- loop: "{{ groups['all_compute_nodes'] | default([]) }}"
- loop_control:
- loop_var: compute_node
- when: hostvars[compute_node].os == 'windows'
-
-- name: Install containerd
- ansible.windows.win_powershell:
- script: |
- $env:Path += ";C:\k;C:\Program Files\containerd;C:\Program Files\nssm"
- powershell C:\k\Install-Containerd.ps1 -netAdapterName 'Ethernet' -ContainerDVersion '1.6.6'
- # TODO:FIXME: The following variables should be
- # added as group vars for those compute nodes which the
- # os is equals to 'windows'
- # TODO:FIXME: The usage of ansible_shell_type might
- # be different depending on the win_* task, the
- # supported values are [cmd | powershell]
- vars:
- ansible_shell_type: 'cmd'
- ansible_remote_tmp: 'C:\Windows\Temp'
- delegate_to: "{{ compute_node }}"
- loop: "{{ groups['all_compute_nodes'] | default([]) }}"
- loop_control:
- loop_var: compute_node
- when: hostvars[compute_node].os == 'windows'
-
-- name: Prepare the Windows computes (register containerd and kubelet)
- ansible.windows.win_powershell:
- script: |
- $env:Path += ";C:\k;C:\Program Files\containerd;C:\Program Files\nssm"
- # The prepare node script will start kubelet as an nssm service
- # Make sure is like the following command, otherwise it will fail
- # for example: C:\k\kubelet.exe --container-runtime-endpoint=npipe:////./pipe/containerd-containerd --cert-dir=$env:SYSTEMDRIVE\var\lib\kubelet\pki --config=/var/lib/kubelet/config.yaml --kubeconfig=/k/config --hostname-override=compute-01.k8scluster.kubeinit.local --pod-infra-container-image=`"mcr.microsoft.com/oss/kubernetes/pause:3.6`" --enable-debugging-handlers --cgroups-per-qos=false --enforce-node-allocatable=`"`" --resolv-conf=`"`" --log-dir=/var/log/kubelet --logtostderr=true
- powershell C:\k\PrepareNode.ps1 -KubernetesVersion v1.24.2 -ContainerRuntime containerD
- # TODO:FIXME: The following variables should be
- # added as group vars for those compute nodes which the
- # os is equals to 'windows'
- # TODO:FIXME: The usage of ansible_shell_type might
- # be different depending on the win_* task, the
- # supported values are [cmd | powershell]
- vars:
- ansible_shell_type: 'cmd'
- ansible_remote_tmp: 'C:\Windows\Temp'
- delegate_to: "{{ compute_node }}"
- loop: "{{ groups['all_compute_nodes'] | default([]) }}"
- loop_control:
- loop_var: compute_node
- when: hostvars[compute_node].os == 'windows'
-
-- name: Install prereqs and start script (register flannel)
- ansible.windows.win_powershell:
- script: |
- $env:Path += ";C:\k;C:\Program Files\containerd;C:\Program Files\nssm"
- # Default domain: controller-01.k8scluster.kubeinit.local
- # The management IP is the node's IP not the controller's IP.
- # for example: powershell C:\k\PrepareFlannel.ps1 -ManagementIP 10.0.0.2 -Hostname compute-01.k8scluster.kubeinit.local -NetworkMode overlay
- powershell C:\k\PrepareFlannel.ps1 -ManagementIP {{ hostvars[compute_node].ansible_host }} -Hostname {{ compute_node }}.{{ kubeinit_cluster_fqdn }} -NetworkMode overlay
- # TODO:FIXME: The following variables should be
- # added as group vars for those compute nodes which the
- # os is equals to 'windows'
- # TODO:FIXME: The usage of ansible_shell_type might
- # be different depending on the win_* task, the
- # supported values are [cmd | powershell]
- vars:
- ansible_shell_type: 'cmd'
- ansible_remote_tmp: 'C:\Windows\Temp'
- delegate_to: "{{ compute_node }}"
loop: "{{ groups['all_compute_nodes'] | default([]) }}"
loop_control:
loop_var: compute_node
- when: hostvars[compute_node].os == 'windows'
+ delegate_to: "{{ kubeinit_provision_service_node }}"
-- name: Join the Windows computes in the cluster
- ansible.windows.win_powershell:
- script: |
- $env:Path += ";C:\k;C:\Program Files\containerd;C:\Program Files\nssm"
- # The kubelet service automatically joins the node to the cluster as kubelet is running as an nssm service
- # powershell C:\k\k8s_join_command.ps1
- # TODO:FIXME: The following variables should be
- # added as group vars for those compute nodes which the
- # os is equals to 'windows'
- # TODO:FIXME: The usage of ansible_shell_type might
- # be different depending on the win_* task, the
- # supported values are [cmd | powershell]
+- name: Allow schedule workloads in controller nodes if there are no compute nodes
+ ansible.builtin.shell: |
+ set -o pipefail
+ for node in $(kubectl get nodes -o json | jq -r '.items[] | select(.spec.taints[]?.key=="node-role.kubernetes.io/control-plane") | .metadata.labels."kubernetes.io/hostname"');
+ do
+ kubectl taint node ${node} node-role.kubernetes.io/control-plane:NoSchedule-
+ done
+ args:
+ executable: /bin/bash
+ register: _result
+ changed_when: "_result.rc == 0"
+ when: kubeinit_compute_count|int == 0
vars:
- ansible_shell_type: 'cmd'
- ansible_remote_tmp: 'C:\Windows\Temp'
- delegate_to: "{{ compute_node }}"
- loop: "{{ groups['all_compute_nodes'] | default([]) }}"
- loop_control:
- loop_var: compute_node
- when: hostvars[compute_node].os == 'windows'
+ kubeinit_deployment_node_name: "{{ kubeinit_provision_service_node }}"
+ delegate_to: "{{ kubeinit_deployment_node_name }}"
-- name: Tag Windows compute nodes as workers
+- name: Install kustomize
ansible.builtin.shell: |
- set -o pipefail
- kubectl label node {{ compute_node }}.{{ kubeinit_cluster_fqdn }} node-role.kubernetes.io/worker=worker
+ curl -sL https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize%2Fv{{ kubeinit_k8s_kustomize_version }}/kustomize_v{{ kubeinit_k8s_kustomize_version }}_linux_amd64.tar.gz > kustomize.tar.gz
+ tar xzf ./kustomize.tar.gz
+ mv ./kustomize /bin/
args:
executable: /bin/bash
register: _result
changed_when: "_result.rc == 0"
- loop: "{{ groups['all_compute_nodes'] | default([]) }}"
- loop_control:
- loop_var: compute_node
- when: hostvars[compute_node].os == 'windows'
- delegate_to: "{{ kubeinit_first_controller_node }}"
+ delegate_to: "{{ kubeinit_provision_service_node }}"
diff --git a/kubeinit/roles/kubeinit_k8s/tasks/post_configure_guest.yml b/kubeinit/roles/kubeinit_k8s/tasks/post_configure_guest.yml
deleted file mode 100644
index 03c1536ea..000000000
--- a/kubeinit/roles/kubeinit_k8s/tasks/post_configure_guest.yml
+++ /dev/null
@@ -1,173 +0,0 @@
----
-# Copyright kubeinit contributors
-# All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-- name: Install and configure cri-o
- block:
- #
- # cri-o repos
- #
-
- - name: Download cri-o (kubeinit) repos
- ansible.builtin.shell: |
- curl -L -o /etc/yum.repos.d/kubeinit.repo https://download.opensuse.org/repositories/home:/kubeinit/CentOS_9_Stream/home:kubeinit.repo
- args:
- executable: /bin/bash
- register: _result
- changed_when: "_result.rc == 0"
-
- #
- # cri-o config
- #
-
- - name: Install the latest version of cri-o
- ansible.builtin.package:
- name: cri-o
- state: present
-
- - name: Install the latest version of crun
- ansible.builtin.package:
- name: crun
- state: present
-
- - name: Make sure cri-o binary is reachable and the configuration is correct
- ansible.builtin.shell: |
- yum install -y jq
- # Make sure crio binary is reachable
- ln -s /usr/bin/crio /usr/local/bin/crio
- tmp=$(mktemp)
- crioconf=$(ls /etc/cni/net.d/87-crio-bridge* | xargs realpath)
- jq '.plugins[0].ipam.ranges[0][0].subnet = "{{ kubeinit_k8s_pod_network }}/{{ kubeinit_k8s_pod_subnet_len }}"' "$crioconf" > "$tmp" && mv -f "$tmp" "$crioconf"
- # jq '.type = "flannel"' /etc/cni/net.d/87-crio-bridge.conf > "$tmp" && mv -f "$tmp" /etc/cni/net.d/87-crio-bridge.conf
- # rm -rf /etc/cni/net.d/87-crio-bridge.conf
- # echo '{"name": "crio","type": "flannel"}' > /etc/cni/net.d/10-crio.conf
- cp /etc/crio/crio.conf /etc/crio/crio.conf.backup
- sed -i s/^.*default_runtime\ =\ .*$/default_runtime\ =\ \"crun\"/g /etc/crio/crio.conf
-
- # There is no example config for crun anymore
- #sed -i "s/^\#\[crio\.runtime\.runtimes\.crun.*\]/[crio.runtime.runtimes.crun]/g" /etc/crio/crio.conf
- cat << EOF >> /etc/crio/crio.conf
- [crio.runtime.runtimes.crun]
- runtime_path = "/usr/bin/crun"
- runtime_type = "oci"
- runtime_root = "/run/crun"
- EOF
- args:
- executable: /bin/bash
- register: _result
- changed_when: "_result.rc == 0"
-
- - name: Enable/start/status cri-o
- ansible.builtin.shell: |
- systemctl enable crio
- systemctl start crio
- systemctl status crio
- args:
- executable: /bin/bash
- register: _result
- changed_when: "_result.rc == 0"
- when: kubeinit_k8s_container_runtime == "cri-o"
-
-- name: Install and configure containerd
- block:
- - name: Deploy containerd
- ansible.builtin.shell: |
- set -o pipefail
- modprobe overlay
- modprobe br_netfilter
- cat <= 2 | bool }}"
-kubeinit_kid_hide_sensitive_logs: true
-
-kubeinit_kid_pod_cidr: 10.42.0.0/16
-kubeinit_kid_service_cidr: 10.43.0.0/16
-
-kubeinit_kid_registry_release_tag: v1.2.2
diff --git a/kubeinit/roles/kubeinit_kid/files/.gitkeep b/kubeinit/roles/kubeinit_kid/files/.gitkeep
deleted file mode 100644
index e69de29bb..000000000
diff --git a/kubeinit/roles/kubeinit_kid/handlers/main.yml b/kubeinit/roles/kubeinit_kid/handlers/main.yml
deleted file mode 100644
index 9490b54cc..000000000
--- a/kubeinit/roles/kubeinit_kid/handlers/main.yml
+++ /dev/null
@@ -1,15 +0,0 @@
----
-# Copyright kubeinit contributors
-# All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
diff --git a/kubeinit/roles/kubeinit_kid/meta/main.yml b/kubeinit/roles/kubeinit_kid/meta/main.yml
deleted file mode 100644
index 5e485291b..000000000
--- a/kubeinit/roles/kubeinit_kid/meta/main.yml
+++ /dev/null
@@ -1,44 +0,0 @@
----
-# Copyright kubeinit contributors
-# All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-
-galaxy_info:
- author: KubeInit
- role_name: kubeinit_kid
- namespace: kubeinit
- description: KubeInit Role -- kubeinit_kid
- company: Red Hat
- license: Apache-2.0
- min_ansible_version: 2.9
- #
- # Provide a list of supported platforms, and for each platform a list of versions.
- # If you don't wish to enumerate all versions for a particular platform, use 'all'.
- # To view available platforms and versions (or releases), visit:
- # https://galaxy.ansible.com/api/v1/platforms/
- #
- platforms:
- - name: CentOS
- versions:
- - 7
- - 8
-
- galaxy_tags:
- - kubeinit
-
-
-# List your role dependencies here, one per line. Be sure to remove the '[]' above,
-# if you add dependencies to this list.
-dependencies: []
diff --git a/kubeinit/roles/kubeinit_kid/molecule/default/converge.yml b/kubeinit/roles/kubeinit_kid/molecule/default/converge.yml
deleted file mode 100644
index 5b94e33f4..000000000
--- a/kubeinit/roles/kubeinit_kid/molecule/default/converge.yml
+++ /dev/null
@@ -1,25 +0,0 @@
----
-# Copyright kubeinit contributors
-# All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-
-- name: Converge
- hosts: all
- # roles:
- # - role: "kubeinit_kid"
- tasks:
- - name: Message for "kubeinit_kid"
- ansible.builtin.debug:
- msg: Finishing molecule for "kubeinit_kid"
diff --git a/kubeinit/roles/kubeinit_kid/molecule/default/molecule.yml b/kubeinit/roles/kubeinit_kid/molecule/default/molecule.yml
deleted file mode 100644
index b5d8023ed..000000000
--- a/kubeinit/roles/kubeinit_kid/molecule/default/molecule.yml
+++ /dev/null
@@ -1,13 +0,0 @@
----
-dependency:
- name: galaxy
-driver:
- name: docker
-platforms:
- - name: instance
- image: quay.io/centos/centos:stream8
- pre_build_image: true
-provisioner:
- name: ansible
-verifier:
- name: ansible
diff --git a/kubeinit/roles/kubeinit_kid/molecule/default/verify.yml b/kubeinit/roles/kubeinit_kid/molecule/default/verify.yml
deleted file mode 100644
index 86afba4ff..000000000
--- a/kubeinit/roles/kubeinit_kid/molecule/default/verify.yml
+++ /dev/null
@@ -1,9 +0,0 @@
----
-# This is an example playbook to execute Ansible tests.
-
-- name: Verify
- hosts: all
- tasks:
- - name: Example assertion
- ansible.builtin.assert:
- that: true
diff --git a/kubeinit/roles/kubeinit_kid/tasks/main.yml b/kubeinit/roles/kubeinit_kid/tasks/main.yml
deleted file mode 100644
index 9d4658611..000000000
--- a/kubeinit/roles/kubeinit_kid/tasks/main.yml
+++ /dev/null
@@ -1,65 +0,0 @@
----
-# Copyright kubeinit contributors
-# All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-- name: Deploy the cluster nodes
- ansible.builtin.include_role:
- name: kubeinit.kubeinit.kubeinit_libvirt
- tasks_from: deploy_debian_guest.yml
- public: yes
- loop: "{{ groups['all_cluster_nodes'] }}"
- loop_control:
- loop_var: cluster_node
- vars:
- kubeinit_deployment_node_name: "{{ cluster_node }}"
- kubeinit_deployment_delegate: "{{ hostvars[cluster_node].target }}"
- when: kubeinit_cluster_nodes_deployed is not defined or not kubeinit_cluster_nodes_deployed
-
-- name: Install controller requirements
- ansible.builtin.package:
- name: "{{ kubeinit_kid_controller_dependencies }}"
- state: present
- loop: "{{ groups['all_controller_nodes'] }}"
- loop_control:
- loop_var: controller_node
- vars:
- delegate_to: "{{ controller_node }}"
- when: kubeinit_kid_controller_dependencies is defined
-
-- name: Install compute nodes requirements
- ansible.builtin.package:
- name: "{{ kubeinit_kid_compute_dependencies }}"
- state: present
- loop: "{{ groups['all_compute_nodes'] | default([]) }}"
- loop_control:
- loop_var: compute_node
- delegate_to: "{{ compute_node }}"
- when: kubeinit_kid_compute_dependencies is defined
-
-- name: Create kube directory
- ansible.builtin.file:
- path: ~/.kube
- state: directory
- mode: '0644'
- delegate_to: "{{ kubeinit_provision_service_node }}"
-
-- name: Touch a file
- ansible.builtin.shell: |
- touch ~/.kube/config
- args:
- executable: /bin/bash
- register: _result
- changed_when: "_result.rc == 0"
- delegate_to: "{{ kubeinit_provision_service_node }}"
diff --git a/kubeinit/roles/kubeinit_kid/tasks/post_configure_guest.yml b/kubeinit/roles/kubeinit_kid/tasks/post_configure_guest.yml
deleted file mode 100644
index 952db1abb..000000000
--- a/kubeinit/roles/kubeinit_kid/tasks/post_configure_guest.yml
+++ /dev/null
@@ -1,27 +0,0 @@
----
-# Copyright kubeinit contributors
-# All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-- name: Prepare podman
- ansible.builtin.include_role:
- name: kubeinit.kubeinit.kubeinit_prepare
- tasks_from: prepare_podman.yml
- public: true
-
-- name: Install common requirements
- ansible.builtin.package:
- name: "{{ kubeinit_kid_common_dependencies }}"
- state: present
- when: kubeinit_kid_common_dependencies is defined
diff --git a/kubeinit/roles/kubeinit_kid/tasks/post_deployment_tasks.yml b/kubeinit/roles/kubeinit_kid/tasks/post_deployment_tasks.yml
deleted file mode 100644
index 2c3a6f23a..000000000
--- a/kubeinit/roles/kubeinit_kid/tasks/post_deployment_tasks.yml
+++ /dev/null
@@ -1,42 +0,0 @@
----
-# Copyright kubeinit contributors
-# All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-#
-# Deploy the apps
-#
-# - block:
-# - name: Deploy the apps
-# ansible.builtin.include_role:
-# name: kubeinit.kubeinit.kubeinit_apps
-# public: yes
-# when: "'apps' in kubeinit_cluster_hostvars.services"
-# vars:
-# kubeinit_deployment_node_name: "{{ kubeinit_provision_service_node }}"
-# delegate_to: "{{ kubeinit_deployment_node_name }}"
-
-#
-# Configure NFS
-#
-- name: Configure NFS
- block:
- - name: Configure NFS
- ansible.builtin.include_role:
- name: kubeinit.kubeinit.kubeinit_nfs
- public: true
- when: "'nfs' in kubeinit_cluster_hostvars.services"
- vars:
- kubeinit_deployment_node_name: "{{ kubeinit_provision_service_node }}"
- delegate_to: "{{ kubeinit_deployment_node_name }}"
diff --git a/kubeinit/roles/kubeinit_kid/tasks/prepare_cluster.yml b/kubeinit/roles/kubeinit_kid/tasks/prepare_cluster.yml
deleted file mode 100644
index 5897bacf9..000000000
--- a/kubeinit/roles/kubeinit_kid/tasks/prepare_cluster.yml
+++ /dev/null
@@ -1,40 +0,0 @@
----
-# Copyright kubeinit contributors
-# All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-- name: Setup the cluster provision container
- ansible.builtin.include_role:
- name: kubeinit.kubeinit.kubeinit_services
- tasks_from: create_provision_container.yml
- vars:
- kubeinit_deployment_node_name: "{{ kubeinit_provision_service_node }}"
- kubeinit_deployment_pod_name: "{{ hostvars[kubeinit_provision_service_node].guest_name }}-pod"
- kubeinit_deployment_delegate: "{{ hostvars[kubeinit_provision_service_node].target }}"
- kubeinit_deployment_os: "{{ hostvars[kubeinit_provision_service_node].os }}"
-
-- name: Configure the service node
- block:
-
- - name: "Render net info"
- ansible.builtin.shell: |
- set -o pipefail
- echo "{{ kubeinit_kid_pod_cidr }}" > ~/pod_cidr
- echo "{{ kubeinit_kid_service_cidr }}" > ~/service_cidr
- args:
- executable: /bin/bash
- register: _result
- changed_when: "_result.rc == 0"
-
- delegate_to: "{{ kubeinit_provision_service_node }}"
diff --git a/kubeinit/roles/kubeinit_kid/vars/main.yml b/kubeinit/roles/kubeinit_kid/vars/main.yml
deleted file mode 100644
index f5d7a7b12..000000000
--- a/kubeinit/roles/kubeinit_kid/vars/main.yml
+++ /dev/null
@@ -1,22 +0,0 @@
----
-# Copyright kubeinit contributors
-# All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-
-# While options found within the vars/ path can be overridden using extra
-# vars, items within this path are considered part of the role and not
-# intended to be modified.
-
-# All variables within this role should have a prefix of "kubeinit_kid_"
diff --git a/kubeinit/roles/kubeinit_libvirt/defaults/main.yml b/kubeinit/roles/kubeinit_libvirt/defaults/main.yml
index 78a0452b5..33d0a6329 100644
--- a/kubeinit/roles/kubeinit_libvirt/defaults/main.yml
+++ b/kubeinit/roles/kubeinit_libvirt/defaults/main.yml
@@ -37,46 +37,24 @@ kubeinit_libvirt_cloud_user_password: asdfasdf
kubeinit_libvirt_source_keystore_dir: "/home/{{ kubeinit_libvirt_cloud_user }}/.ssh"
kubeinit_libvirt_source_pubkey_file: "id_{{ kubeinit_ssh_keytype }}.pub"
-kubeinit_libvirt_centos_release: "20230327.0"
+kubeinit_libvirt_centos_release: "20240703.1"
+#kubeinit_libvirt_debian_release: "12"
+#kubeinit_libvirt_debian_codename: "bookworm"
kubeinit_libvirt_debian_release: "11"
kubeinit_libvirt_debian_codename: "bullseye"
+kubeinit_libvirt_ubuntu_release: "jammy"
kubeinit_libvirt_cloud_images:
- cdk:
+ ubuntu:
uri: "https://cloud-images.ubuntu.com/jammy/current/"
image: "jammy-server-cloudimg-amd64.img"
- rke:
- uri: "https://cloud-images.ubuntu.com/jammy/current/"
- image: "jammy-server-cloudimg-amd64.img"
- kid:
- uri: "https://cloud.debian.org/images/cloud/bullseye/daily/latest/"
+ debian:
+ uri: "https://cloud.debian.org/images/cloud/{{ kubeinit_libvirt_debian_codename }}/daily/latest/"
image: "debian-{{ kubeinit_libvirt_debian_release }}-genericcloud-amd64-daily.qcow2"
- eks:
- uri: "https://cloud.centos.org/centos/9-stream/x86_64/images/"
- image: "CentOS-Stream-GenericCloud-9-{{ kubeinit_libvirt_centos_release }}.x86_64.qcow2"
- k8s:
- uri: "https://cloud.centos.org/centos/9-stream/x86_64/images/"
- image: "CentOS-Stream-GenericCloud-9-{{ kubeinit_libvirt_centos_release }}.x86_64.qcow2"
- okd:
- uri: "https://cloud.centos.org/centos/9-stream/x86_64/images/"
- image: "CentOS-Stream-GenericCloud-9-{{ kubeinit_libvirt_centos_release }}.x86_64.qcow2"
- ocp:
+ centos:
uri: "https://cloud.centos.org/centos/9-stream/x86_64/images/"
image: "CentOS-Stream-GenericCloud-9-{{ kubeinit_libvirt_centos_release }}.x86_64.qcow2"
-kubeinit_libvirt_virtio_version: "virtio-win-0.1.229"
-kubeinit_libvirt_virtio_image_format: 'iso'
-kubeinit_libvirt_virtio_folder_name: "{{ kubeinit_libvirt_virtio_version }}-1"
-kubeinit_libvirt_virtio_image_name: "{{ kubeinit_libvirt_virtio_version }}.{{ kubeinit_libvirt_virtio_image_format }}"
-
-kubeinit_libvirt_extra_cloud_images:
- - description: 'Windows Server 2022 preview (EVAL)'
- uri: "https://software-static.download.prss.microsoft.com/sg/download/888969d5-f34g-4e03-ac9d-1f9786c66749/"
- image: "SERVER_EVAL_x64FRE_en-us.iso"
- - description: 'VirtIO drivers for Windows guests'
- uri: "https://fedorapeople.org/groups/virt/virtio-win/direct-downloads/archive-virtio/{{ kubeinit_libvirt_virtio_folder_name }}/"
- image: "{{ kubeinit_libvirt_virtio_image_name }}"
-
kubeinit_libvirt_destroy_all_guests: False
kubeinit_libvirt_hypervisor_tmp_dir: /tmp
@@ -126,7 +104,7 @@ kubeinit_libvirt_hypervisor_dependencies:
debian:
- sudo
- numad
- - qemu
+ #- qemu
- qemu-kvm
- qemu-system
- libvirt-clients
diff --git a/kubeinit/roles/kubeinit_libvirt/tasks/cleanup_hypervisors.yml b/kubeinit/roles/kubeinit_libvirt/tasks/cleanup_hypervisors.yml
index 166d675a3..5703c3e17 100644
--- a/kubeinit/roles/kubeinit_libvirt/tasks/cleanup_hypervisors.yml
+++ b/kubeinit/roles/kubeinit_libvirt/tasks/cleanup_hypervisors.yml
@@ -55,21 +55,27 @@
# register: _result
# changed_when: "_result.rc == 0"
-- name: Reset local ssh keys
+- name: Remove all host ssh_connection_address entries from known_hosts
ansible.builtin.known_hosts:
- name: "{{ item[1] }}"
+ name: "{{ hostvars[item].ssh_connection_address }}"
state: absent
- loop: "{{ kubeinit_cluster_hostvars.node_aliases }}"
+ loop: "{{ groups['all_hosts'] }}"
-- name: Reset ssh keys in hypervisors
- ansible.builtin.known_hosts:
- name: "{{ node_alias }}"
- state: absent
- loop: "{{ groups['all_hosts'] | product(kubeinit_cluster_hostvars.node_aliases | flatten | unique) }}"
- vars:
- kubeinit_deployment_node_name: "{{ item[0] }}"
- node_alias: "{{ item[1] }}"
- delegate_to: "{{ kubeinit_deployment_node_name }}"
+# - name: Reset ssh keys on localhost
+# ansible.builtin.known_hosts:
+# name: "{{ item[1] }}"
+# state: absent
+# loop: "{{ kubeinit_cluster_hostvars.node_aliases }}"
+
+# - name: Reset ssh keys in hypervisors
+# ansible.builtin.known_hosts:
+# name: "{{ node_alias }}"
+# state: absent
+# loop: "{{ groups['all_hosts'] | product(kubeinit_cluster_hostvars.node_aliases | flatten | unique) }}"
+# vars:
+# kubeinit_deployment_node_name: "{{ item[0] }}"
+# node_alias: "{{ item[1] }}"
+# delegate_to: "{{ kubeinit_deployment_node_name }}"
- name: Remove any existing ssh tunnels on bastion host
ansible.builtin.shell: |
diff --git a/kubeinit/roles/kubeinit_libvirt/tasks/deploy_centos_guest.yml b/kubeinit/roles/kubeinit_libvirt/tasks/deploy_centos_guest.yml
index 38788a138..ceb5193da 100644
--- a/kubeinit/roles/kubeinit_libvirt/tasks/deploy_centos_guest.yml
+++ b/kubeinit/roles/kubeinit_libvirt/tasks/deploy_centos_guest.yml
@@ -42,15 +42,14 @@
- name: Grow the partitions
ansible.builtin.shell: |
- qemu-img convert -f qcow2 '{{ kubeinit_libvirt_target_image_dir }}/{{ kubeinit_libvirt_cloud_images[kubeinit_cluster_distro].image }}' -O qcow2 '{{ kubeinit_libvirt_target_image_dir }}/{{ hostvars[kubeinit_deployment_node_name].guest_name }}.qcow2'
+ qemu-img convert -f qcow2 '{{ kubeinit_libvirt_target_image_dir }}/{{ kubeinit_libvirt_cloud_images['centos'].image }}' -O qcow2 '{{ kubeinit_libvirt_target_image_dir }}/{{ hostvars[kubeinit_deployment_node_name].guest_name }}.qcow2'
qemu-img resize {{ kubeinit_libvirt_target_image_dir }}/{{ hostvars[kubeinit_deployment_node_name].guest_name }}.qcow2 +{{ hostvars[kubeinit_deployment_node_name].disk }}
args:
executable: /bin/bash
register: _result
changed_when: "_result.rc == 0"
- # This will inject the VM configuration in the case of a CentOS machine
- - name: "Inject virt-customize assets in {{ kubeinit_deployment_node_name }}"
+ - name: "Inject virt-customize assets"
ansible.builtin.shell: |
virt-customize -a {{ kubeinit_libvirt_target_image_dir }}/{{ hostvars[kubeinit_deployment_node_name].guest_name }}.qcow2 \
--install python3 \
@@ -94,7 +93,7 @@
register: _result
changed_when: "_result.rc == 0"
- - name: "Wait until it is running {{ kubeinit_deployment_node_name }}"
+ - name: "Wait until guest is running {{ kubeinit_deployment_node_name }}"
community.libvirt.virt:
command: list_vms
state: running
@@ -180,16 +179,195 @@
register: _result
changed_when: "_result.rc == 0"
- - name: Perform any distro-specific post-deployment guest configuration
- ansible.builtin.include_role:
- name: "kubeinit.kubeinit.{{ kubeinit_cluster_distro_role }}"
- tasks_from: post_configure_guest.yml
- public: true
+ - name: Install official package dependencies
+ ansible.builtin.package:
+ name:
+ - conntrack
+ - container-selinux
+ - ebtables
+ - ethtool
+ - iptables
+ - socat
+ state: present
+ use: dnf
+
+ - name: Install and configure cri-o
+ block:
+ #
+ # cri-o repos
+ #
+
+ - name: Remove repo before adding it
+ ansible.builtin.file:
+ path: /etc/yum.repos.d/cri-o.repo
+ state: absent
+
+ - name: Creating a repository file for Kubernetes
+ ansible.builtin.file:
+ path: /etc/yum.repos.d/cri-o.repo
+ state: touch
+ mode: '0644'
+
+ - name: Adding repository details in Kubernetes repo file.
+ ansible.builtin.blockinfile:
+ path: /etc/yum.repos.d/cri-o.repo
+ block: |
+ [cri-o]
+ name=CRI-O
+ baseurl=https://pkgs.k8s.io/addons:/cri-o:/prerelease:/main/rpm/
+ enabled=1
+ gpgcheck=1
+ gpgkey=https://pkgs.k8s.io/addons:/cri-o:/prerelease:/main/rpm/repodata/repomd.xml.key
+
+ #
+ # cri-o config
+ #
+
+ - name: Install the latest version of cri-o
+ ansible.builtin.package:
+ name: cri-o
+ state: present
+ use: dnf
+
+ - name: Install the latest version of crun
+ ansible.builtin.package:
+ name: crun
+ state: present
+ use: dnf
+
+ - name: Make sure cri-o binary is reachable and the configuration is correct
+ ansible.builtin.shell: |
+ yum install -y jq
+ # Make sure crio binary is reachable
+ ln -s /usr/bin/crio /usr/local/bin/crio
+ tmp=$(mktemp)
+ crioconf=$(ls /etc/cni/net.d/87-crio-bridge* | xargs realpath)
+ jq '.plugins[0].ipam.ranges[0][0].subnet = "{{ kubeinit_k8s_pod_network }}/{{ kubeinit_k8s_pod_subnet_len }}"' "$crioconf" > "$tmp" && mv -f "$tmp" "$crioconf"
+ # jq '.type = "flannel"' /etc/cni/net.d/87-crio-bridge.conf > "$tmp" && mv -f "$tmp" /etc/cni/net.d/87-crio-bridge.conf
+ # rm -rf /etc/cni/net.d/87-crio-bridge.conf
+ # echo '{"name": "crio","type": "flannel"}' > /etc/cni/net.d/10-crio.conf
+ cp /etc/crio/crio.conf /etc/crio/crio.conf.backup
+ sed -i s/^.*default_runtime\ =\ .*$/default_runtime\ =\ \"crun\"/g /etc/crio/crio.conf
+
+ # There is no example config for crun anymore
+ #sed -i "s/^\#\[crio\.runtime\.runtimes\.crun.*\]/[crio.runtime.runtimes.crun]/g" /etc/crio/crio.conf
+ cat << EOF >> /etc/crio/crio.conf
+ [crio.runtime.runtimes.crun]
+ runtime_path = "/usr/bin/crun"
+ runtime_type = "oci"
+ runtime_root = "/run/crun"
+ EOF
+ args:
+ executable: /bin/bash
+ register: _result
+ changed_when: "_result.rc == 0"
+
+ - name: Enable/start/status cri-o
+ ansible.builtin.shell: |
+ systemctl enable crio
+ systemctl start crio
+ systemctl status crio
+ args:
+ executable: /bin/bash
+ register: _result
+ changed_when: "_result.rc == 0"
+ when: kubeinit_k8s_container_runtime == "cri-o"
+
+ - name: Install and configure containerd
+ block:
+ - name: Deploy containerd
+ ansible.builtin.shell: |
+ set -o pipefail
+ modprobe overlay
+ modprobe br_netfilter
+ cat < /etc/sudoers.d/{{ kubeinit_libvirt_cloud_user }}' \
- --run-command 'mkdir -p {{ kubeinit_libvirt_source_keystore_dir }}' \
- --ssh-inject {{ kubeinit_libvirt_cloud_user }}:file:{{ kubeinit_libvirt_source_keystore_dir }}/{{ kubeinit_libvirt_source_pubkey_file }} \
+ --run-command 'useradd -s /bin/bash -u 1000 -p "$(openssl passwd -1 {{ kubeinit_libvirt_cloud_user_password }})" {{ kubeinit_libvirt_cloud_user }}' \
+ --run-command 'echo "{{ kubeinit_libvirt_cloud_user }} ALL=(root) NOPASSWD:ALL" > /etc/sudoers.d/{{ kubeinit_libvirt_cloud_user }}' \
+ --run-command 'mkdir -p {{ kubeinit_libvirt_source_keystore_dir }}' \
+ --ssh-inject {{ kubeinit_libvirt_cloud_user }}:file:{{ kubeinit_libvirt_source_keystore_dir }}/{{ kubeinit_libvirt_source_pubkey_file }} \
{% endif %}
--copy-in {{ kubeinit_libvirt_hypervisor_tmp_dir }}/{{ hostvars[kubeinit_deployment_node_name].guest_name }}/00-installer-ubuntu-netconfig.yaml:/etc/netplan \
--copy-in {{ kubeinit_libvirt_hypervisor_tmp_dir }}/{{ hostvars[kubeinit_deployment_node_name].guest_name }}/hosts.debian.tmpl:/etc/cloud/templates \
@@ -83,10 +84,10 @@
ansible.builtin.shell: |
virt-install \
--connect qemu:///system \
- --name={{ hostvars[kubeinit_deployment_node_name].guest_name }} \
+ --name {{ hostvars[kubeinit_deployment_node_name].guest_name }} \
--memory memory={{ hostvars[kubeinit_deployment_node_name].ram|int // 1024 }} \
- --vcpus={{ hostvars[kubeinit_deployment_node_name].vcpus }},maxvcpus={{ hostvars[kubeinit_deployment_node_name].maxvcpus }} \
- --os-variant=ubuntu18.04 \
+ --vcpus {{ hostvars[kubeinit_deployment_node_name].vcpus }},maxvcpus={{ hostvars[kubeinit_deployment_node_name].maxvcpus }} \
+ --os-variant ubuntu18.04 \
--autostart \
--network network={{ kubeinit_cluster_hostvars.network_name }},mac={{ hostvars[kubeinit_deployment_node_name].mac }},virtualport.parameters.interfaceid={{ hostvars[kubeinit_deployment_node_name].interfaceid }},target.dev=veth0-{{ hostvars[kubeinit_deployment_node_name].ansible_host | ansible.utils.ip4_hex }},model=virtio \
--graphics none \
@@ -98,7 +99,7 @@
register: _result
changed_when: "_result.rc == 0"
- - name: "Wait until is running: {{ kubeinit_deployment_node_name }}"
+ - name: "Wait until guest is running {{ kubeinit_deployment_node_name }}"
community.libvirt.virt:
command: list_vms
state: running
@@ -118,9 +119,11 @@
- name: Add kubernetes repo for latest kubectl (Ubuntu)
ansible.builtin.shell: |
set -eo pipefail
- apt-get install -y apt-transport-https ca-certificates curl
- curl -fsSLo /usr/share/keyrings/kubernetes-archive-keyring.gpg https://packages.cloud.google.com/apt/doc/apt-key.gpg
- echo "deb [trusted=yes signed-by=/usr/share/keyrings/kubernetes-archive-keyring.gpg] https://apt.kubernetes.io/ kubernetes-xenial main" | tee /etc/apt/sources.list.d/kubernetes.list
+ apt-get install -y apt-transport-https ca-certificates curl gnupg
+ curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.30/deb/Release.key | gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg
+ chmod 644 /etc/apt/keyrings/kubernetes-apt-keyring.gpg # allow unprivileged APT programs to read this keyring
+ echo 'deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.30/deb/ /' | tee /etc/apt/sources.list.d/kubernetes.list
+ chmod 644 /etc/apt/sources.list.d/kubernetes.list # helps tools such as command-not-found to work correctly
apt-get update --allow-insecure-repositories
args:
executable: /bin/bash
@@ -131,6 +134,7 @@
ansible.builtin.package:
name: resolvconf
state: present
+ use: apt
- name: Make sure base file exists
ansible.builtin.copy:
@@ -219,16 +223,11 @@
register: _result
changed_when: "_result.rc == 0"
- - name: Perform any distro-specific post-deployment guest configuration
- ansible.builtin.include_role:
- name: "kubeinit.kubeinit.{{ kubeinit_cluster_distro_role }}"
- tasks_from: post_configure_guest.yml
- public: true
-
- name: Update packages
ansible.builtin.package:
name: "*"
state: latest
+ use: apt
register: _result_update_packages
- name: Reboot immediately after the package update
diff --git a/kubeinit/roles/kubeinit_libvirt/tasks/deploy_windows_guest.yml b/kubeinit/roles/kubeinit_libvirt/tasks/deploy_windows_guest.yml
deleted file mode 100644
index f26896943..000000000
--- a/kubeinit/roles/kubeinit_libvirt/tasks/deploy_windows_guest.yml
+++ /dev/null
@@ -1,272 +0,0 @@
----
-# Copyright kubeinit contributors
-# All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-- name: Deploy a Windows server guest
- block:
- - name: Print Windows EULA so users accept it
- ansible.builtin.debug:
- msg: |
- *********************************************************************************************************************
- * Please read: https://docs.microsoft.com/en-us/legal/windows-server/system-insights-eula *
- *********************************************************************************************************************
- * MICROSOFT.WINDOWSSERVER.SYSTEMINSIGHTS *
- * These license terms are an agreement between you and Microsoft Corporation (or one of its affiliates). *
- * They apply to the software named above and any Microsoft services or software updates (except to the *
- * extent such services or updates are accompanied by new or additional terms, in which case those *
- * different terms apply prospectively and do not alter your or Microsoft's rights relating to pre-updated *
- * software or services). *
- * IF YOU COMPLY WITH THESE LICENSE TERMS, YOU HAVE THE RIGHTS BELOW. BY USING THE SOFTWARE, YOU ACCEPT THESE TERMS. *
- *********************************************************************************************************************
- * If you do not comply with these license terms, please stop this deployment right now. *
- *********************************************************************************************************************
-
- - name: Wait 1 minute for displaying the EULA text
- ansible.builtin.pause:
- minutes: 1
-
- - name: Remove old disk images
- ansible.builtin.file:
- path: "{{ kubeinit_libvirt_target_image_dir }}/{{ hostvars[kubeinit_deployment_node_name].guest_name }}.qcow2"
- state: absent
-
- - name: Create the config data folder
- ansible.builtin.file:
- path: "{{ kubeinit_libvirt_hypervisor_tmp_dir }}/{{ hostvars[kubeinit_deployment_node_name].guest_name }}/config/"
- state: directory
- mode: 0775
- recurse: yes
-
- - name: Create the config data folder template
- ansible.builtin.template:
- src: "autounattend.xml.j2"
- dest: "{{ kubeinit_libvirt_hypervisor_tmp_dir }}/{{ hostvars[kubeinit_deployment_node_name].guest_name }}/config/autounattend.xml"
- mode: "0644"
-
- - name: Render the authorized keys file
- ansible.builtin.template:
- src: "authorized_keys.j2"
- dest: "{{ kubeinit_libvirt_hypervisor_tmp_dir }}/{{ hostvars[kubeinit_deployment_node_name].guest_name }}/config/authorized_keys"
- mode: "0644"
-
- - name: Render the setup scripts
- ansible.builtin.template:
- src: "{{ item }}.j2"
- dest: "{{ kubeinit_libvirt_hypervisor_tmp_dir }}/{{ hostvars[kubeinit_deployment_node_name].guest_name }}/config/{{ item }}"
- mode: "0644"
- loop:
- - SetNet.ps1
- - Install-Openssh.ps1
- - PrepareRequirements.ps1
- - Install-Containerd.ps1
- - PrepareNode.ps1
- - PrepareFlannel.ps1
-
- - name: Create the .iso disk with the install assets
- ansible.builtin.shell: |
- # We create an iso file with the config unnatended data
- mkisofs -o {{ kubeinit_libvirt_target_image_dir }}/{{ hostvars[kubeinit_deployment_node_name].guest_name }}_config.iso -r -J {{ kubeinit_libvirt_hypervisor_tmp_dir }}/{{ hostvars[kubeinit_deployment_node_name].guest_name }}/config/
- args:
- executable: /bin/bash
- register: _result
- changed_when: "_result.rc == 0"
-
- - name: Create a qcow empty disk to install the OS
- ansible.builtin.shell: |
- # We create the server disk image
- qemu-img create -f qcow2 {{ kubeinit_libvirt_target_image_dir }}/{{ hostvars[kubeinit_deployment_node_name].guest_name }}.qcow2 {{ hostvars[kubeinit_deployment_node_name].disk }}
- args:
- executable: /bin/bash
- register: _result
- changed_when: "_result.rc == 0"
-
- - name: Install Windows
- ansible.builtin.shell: |
- virt-install \
- --name={{ hostvars[kubeinit_deployment_node_name].guest_name }} \
- --memory memory={{ hostvars[kubeinit_deployment_node_name].ram|int // 1024 }} \
- --vcpus={{ hostvars[kubeinit_deployment_node_name].vcpus }},maxvcpus={{ hostvars[kubeinit_deployment_node_name].maxvcpus }} \
- --network network={{ kubeinit_cluster_hostvars.network_name }},mac={{ hostvars[kubeinit_deployment_node_name].mac }},virtualport.parameters.interfaceid={{ hostvars[kubeinit_deployment_node_name].interfaceid }},target.dev=veth0-{{ hostvars[kubeinit_deployment_node_name].ansible_host | ansible.utils.ip4_hex }},model=virtio \
- --disk path={{ kubeinit_libvirt_target_image_dir }}/{{ hostvars[kubeinit_deployment_node_name].guest_name }}.qcow2,format=qcow2,bus=virtio \
- --cdrom {{ kubeinit_libvirt_target_image_dir }}/SERVER_EVAL_x64FRE_en-us.iso \
- --disk path={{ kubeinit_libvirt_target_image_dir }}/{{ kubeinit_libvirt_virtio_image_name }},device=cdrom \
- --disk path={{ kubeinit_libvirt_target_image_dir }}/{{ hostvars[kubeinit_deployment_node_name].guest_name }}_config.iso,device=cdrom \
- --os-variant win2k8 \
- --vnc \
- --autostart \
- --console pty \
- --connect qemu:///system \
- --import \
- --noautoconsole
- args:
- executable: /bin/bash
- register: _result
- changed_when: "_result.rc == 0"
-
- - name: "Wait until is running {{ hostvars[kubeinit_deployment_node_name].guest_name }}"
- community.libvirt.virt:
- command: list_vms
- state: running
- register: _result
- retries: 30
- delay: 10
- until: hostvars[kubeinit_deployment_node_name].guest_name in _result.list_vms
-
- - name: "Wait until setup finish and the guest is shut down for {{ hostvars[kubeinit_deployment_node_name].guest_name }}"
- community.libvirt.virt:
- command: list_vms
- state: shutdown
- register: _result
- retries: 100
- delay: 10
- until: hostvars[kubeinit_deployment_node_name].guest_name in _result.list_vms
-
- - name: "Re-start {{ hostvars[kubeinit_deployment_node_name].guest_name }}"
- community.libvirt.virt:
- name: "{{ hostvars[kubeinit_deployment_node_name].guest_name }}"
- state: running
-
- - name: "Wait until is running {{ hostvars[kubeinit_deployment_node_name].guest_name }}"
- community.libvirt.virt:
- command: list_vms
- state: running
- register: _result
- retries: 30
- delay: 10
- until: hostvars[kubeinit_deployment_node_name].guest_name in _result.list_vms
-
- - name: Show some information for connecting with VNC
- ansible.builtin.debug:
- msg: |
- Make sure the VNC session is up and running with:
- virsh vncdisplay {{ hostvars[kubeinit_deployment_node_name].guest_name }}
- Create a tunnel from your machine to the hypervisor hosting the Windows guest
- ssh root@tyto -L 5900:127.0.0.1:5900
- from your machine connect to the VNC server at 127.0.0.1
-
- - name: "Make sure we can execute SSH remote commands in {{ hostvars[kubeinit_deployment_node_name].guest_name }}"
- ansible.builtin.shell: |
- set -o pipefail
- ssh {{ hostvars[kubeinit_deployment_node_name].ansible_ssh_common_args }} \
- {{ _param_guest_user | default('root') }}@{{ hostvars[kubeinit_deployment_node_name].ansible_host }} 'echo connected' || true
- args:
- executable: /bin/bash
- register: _result
- retries: 60
- delay: 10
- until: "'connected' in _result.stdout"
- changed_when: "_result.rc == 0"
-
- delegate_to: "{{ kubeinit_deployment_delegate }}"
-
-- name: Configure common requirements in Windows guests
- block:
- - name: Make sure there is enough RAM for Windows computes
- ansible.builtin.assert:
- that:
- - compute_node_ram_size | int >= 16777216
- fail_msg: "'compute_node_ram_size' must be greater than 16777216, that is, 16GB RAM"
- success_msg: "'compute_node_ram_size' is more than 16GB RAM, OK"
-
- - name: Ping
- ansible.windows.win_ping:
-
- - name: Create the k folder
- ansible.windows.win_file:
- path: C:\k
- state: directory
-
- - name: Copy all the ISO resources to a writable folder
- ansible.windows.win_copy:
- src: F:\
- dest: C:\k
- remote_src: yes
-
- - name: Install KB5012637
- ansible.windows.win_powershell:
- script: |
- $patchFile = "windows10.0-kb5012637-x64_6a7459b60e226b0ad0d30b34a4be069bee4d2867.msu"
- $url = "https://catalog.s.download.windowsupdate.com/c/msdownload/update/software/updt/2022/04/$patchFile"
- $dest = "C:\Windows\Temp\$patchFile"
- Invoke-WebRequest -Uri $url -OutFile $dest
- # Install the patch, bypassing any prompts
- cmd.exe /c wusa.exe $dest /quiet /norestart
- register: _result
- changed_when: "_result.host_err == ''"
-
- - name: Enable the required container features and required modules
- ansible.windows.win_powershell:
- script: |
- Install-WindowsFeature Containers
- Install-WindowsFeature Hyper-V
- Install-WindowsFeature Hyper-V-PowerShell
- register: _result
- changed_when: "_result.host_err == ''"
-
- - name: Reboot the server after installing the new features
- # This might take a lot of time depending on updates,
- # and finishing to enable the container features.
- ansible.windows.win_reboot:
- reboot_timeout: 3600
-
- - name: Configure Overlay HNSNetwork for the overlay network
- # This task MUST be executed after the initial guest reboot
- ansible.windows.win_powershell:
- script: |
- # We do this when there is no network created, this will create a network glitch
- # as there must be created a new virtual switch where each pod will be connected to
- # Note: RDP connection will hiccup when running this command (New-HNSNetwork).
- New-Item C:\k -Force -ItemType Directory | Out-Null
- curl.exe --silent --fail -Lo C:\k\hns.psm1 https://github.com/Microsoft/SDN/raw/master/Kubernetes/windows/hns.psm1
- Import-Module "c:\k\hns.psm1"
- # There is no need to remove the nhs nets as this is a new environment
- # get-hnsnetwork | remove-hnsnetwork
- New-HNSNetwork -Type "Overlay" `
- -AddressPrefix "10.244.0.0/16" `
- -Gateway "10.244.0.1" `
- -Name "vxlan0" `
- -AdapterName "$((Get-NetAdapter -Physical).Name)" `
- -SubnetPolicies @(@{Type = "VSID"; VSID = 4096; }) `
- -Verbose
- # This task will make Ansible to hang, there is a connection hiccup
- # and then we are not able to continue, so we trigger this as async
- # and then we ping again the machine to see we can communicate over SSH
- async: 60
- poll: 0
-
- - name: Ping
- ansible.windows.win_ping:
- # TODO:FIXME: The following variables should be
- # added as group vars for those compute nodes which the
- # os is equals to 'windows'
- # TODO:FIXME: The usage of ansible_shell_type might
- # be different depending on the win_* task, the
- # supported values are [cmd | powershell]
- vars:
- ansible_shell_type: 'cmd'
- ansible_remote_tmp: 'C:\Windows\Temp'
- delegate_to: "{{ kubeinit_deployment_node_name }}"
-
-# TODO:FIXME: Do we need a Windows gather facts?
-# - name: Gather guest network facts
-# block:
-# - name: Gather network and host facts for guest
-# ansible.builtin.include_role:
-# name: kubeinit.kubeinit.kubeinit_prepare
-# tasks_from: gather_host_facts.yml
-# public: yes
-# vars:
-# _param_gather_host: "{{ kubeinit_deployment_node_name }}"
-# tags: omit_from_grapher
diff --git a/kubeinit/roles/kubeinit_libvirt/tasks/download_cloud_images.yml b/kubeinit/roles/kubeinit_libvirt/tasks/download_cloud_images.yml
index 5513e4446..be0d16f35 100644
--- a/kubeinit/roles/kubeinit_libvirt/tasks/download_cloud_images.yml
+++ b/kubeinit/roles/kubeinit_libvirt/tasks/download_cloud_images.yml
@@ -61,11 +61,12 @@
- name: Create tuples for hosts and cloud images
ansible.builtin.set_fact:
- all_hosts_cloud_images: "{{ (all_hosts_cloud_images | default([])) + ([hypervisor] | product([kubeinit_libvirt_cloud_images[kubeinit_cluster_distro]])) }}"
+ all_hosts_cloud_images: "{{ (all_hosts_cloud_images | default([])) + ([hypervisor] | product([kubeinit_libvirt_cloud_images[_cluster_node_os]])) }}"
loop: "{{ all_hosts_guest_vms }}"
vars:
hypervisor: "{{ item[0] }}"
- when: kubeinit_libvirt_cloud_images[kubeinit_cluster_distro] is defined
+ _cluster_node_os: "{{ hostvars['kubeinit-defaults'].cluster_node_default_distro[kubeinit_cluster_distro].os }}"
+ when: kubeinit_libvirt_cloud_images[_cluster_node_os] is defined
- name: Remove duplicates
ansible.builtin.set_fact:
@@ -75,7 +76,7 @@
ansible.builtin.get_url:
validate_certs: False
use_proxy: True
- url: "{{ cloud_image.uri }}{{ cloud_image.image }}"
+ url: "{{ cloud_image.uri + cloud_image.image }}"
dest: "{{ kubeinit_libvirt_target_image_dir }}/{{ cloud_image.image }}"
force: no
mode: '0666'
@@ -86,50 +87,6 @@
cloud_image: "{{ item[1] }}"
delegate_to: "{{ kubeinit_deployment_node_name }}"
-#
-# TODO:FIXME: Make sure the kernel update do not break the Guest from booting
-#
-
-- name: Update packages in cloud images
- ansible.builtin.command: |
- virt-customize -a {{ kubeinit_libvirt_target_image_dir }}/{{ cloud_image.image }} {% if (kubeinit_cluster_distro == 'cdk' or kubeinit_cluster_distro == 'rke') %}--run-command 'env DEBIAN_FRONTEND=noninteractive apt-get -y --allow-remove-essential purge shim-signed'{% endif %} --update
- loop: "{{ all_hosts_cloud_images }}"
- vars:
- kubeinit_deployment_node_name: "{{ item[0] }}"
- cloud_image: "{{ item[1] }}"
- register: _result
- changed_when: "_result.rc == 0"
- delegate_to: "{{ kubeinit_deployment_node_name }}"
- # This is dangerous,do not run packages upgrades with virt-customize
- when: false
-
-#
-# Download extra cloud images for Windows compute nodes or any miscelaneous image requirement
-#
-
-- name: Create tuples for hosts and extra cloud images
- ansible.builtin.set_fact:
- all_hosts_extra_cloud_images: "{{ (all_hosts_extra_cloud_images | default([])) + ([hypervisor] | product(kubeinit_libvirt_extra_cloud_images)) }}"
- loop: "{{ all_hosts_guest_vms }}"
- vars:
- hypervisor: "{{ item[0] }}"
-
-- name: Download extra cloud images
- ansible.builtin.get_url:
- validate_certs: False
- use_proxy: True
- url: "{{ cloud_image.uri }}{{ cloud_image.image }}"
- dest: "{{ kubeinit_libvirt_target_image_dir }}/{{ cloud_image.image }}"
- force: no
- mode: '0666'
- owner: "{{ hostvars[kubeinit_deployment_node_name].libvirt_qemu_user }}"
- loop: "{{ all_hosts_extra_cloud_images }}"
- vars:
- kubeinit_deployment_node_name: "{{ item[0] }}"
- cloud_image: "{{ item[1] }}"
- delegate_to: "{{ kubeinit_deployment_node_name }}"
-
-
- name: Add hosts and stop if required
block:
- name: Add task-download-images to tasks_completed
diff --git a/kubeinit/roles/kubeinit_libvirt/tasks/gather_host_facts.yml b/kubeinit/roles/kubeinit_libvirt/tasks/gather_host_facts.yml
index 4c9e40b00..d2863d280 100644
--- a/kubeinit/roles/kubeinit_libvirt/tasks/gather_host_facts.yml
+++ b/kubeinit/roles/kubeinit_libvirt/tasks/gather_host_facts.yml
@@ -81,6 +81,7 @@
ansible.builtin.package_facts:
manager: "{{ hostvars[_param_gather_host].package_manager }}"
register: _result_packages
+ no_log: "{{ not ((lookup('env', 'KUBEINIT_SHOW_PACKAGE_FACTS') | bool) or false) }}"
- name: Set podman_is_installed
ansible.builtin.set_fact:
@@ -89,6 +90,7 @@
- name: Gather the services facts
ansible.builtin.service_facts:
register: _result_services
+ no_log: "{{ not ((lookup('env', 'KUBEINIT_SHOW_SERVICE_FACTS') | bool) or false) }}"
- name: Set _service_state to unknown
ansible.builtin.set_fact:
@@ -172,7 +174,8 @@
- name: Clear results
ansible.builtin.set_fact:
- ansible_facts: {}
+ ansible_facts:
+ pkg_mgr: "{{ _result_facts.ansible_facts.ansible_pkg_mgr }}"
packages: {}
services: {}
_result_facts: {}
diff --git a/kubeinit/roles/kubeinit_libvirt/tasks/main.yml b/kubeinit/roles/kubeinit_libvirt/tasks/main.yml
index 4c86ad6d6..3057a0941 100644
--- a/kubeinit/roles/kubeinit_libvirt/tasks/main.yml
+++ b/kubeinit/roles/kubeinit_libvirt/tasks/main.yml
@@ -40,19 +40,25 @@
when: (hostvars[kubeinit_deployment_node_name].ansible_distribution == 'CentOS' and hostvars[kubeinit_deployment_node_name].ansible_distribution_major_version == "7")
- name: Fix libvirt qemu bug
- ansible.builtin.shell: |
- set -eo pipefail
- mkdir -p /etc/qemu/firmware
- touch /etc/qemu/firmware/50-edk2-ovmf-cc.json
- args:
- executable: /bin/bash
- register: _result
- changed_when: "_result.rc == 0"
+ block:
+
+ - name: Create folder if missing
+ ansible.builtin.file:
+ path: /etc/qemu/firmware
+ state: directory
+ mode: '0755'
+
+ - name: Touch firmware file
+ ansible.builtin.file:
+ path: /etc/qemu/firmware/50-edk2-ovmf-cc.json
+ state: touch
+ mode: '0644'
- name: Install CentOS based requirements
ansible.builtin.package:
name: "{{ kubeinit_libvirt_hypervisor_dependencies.centos }}"
state: present
+ use: "{{ hostvars[inventory_hostname]['ansible_facts']['pkg_mgr'] }}"
when: hostvars[kubeinit_deployment_node_name].distribution_family == 'CentOS' or hostvars[kubeinit_deployment_node_name].distribution_family == 'Fedora'
register: _result_installed_packages_centos
@@ -60,18 +66,18 @@
# BEGIN:TODO:FIXME: Remove this testing repo after OVN is in the stable branch.
# This should be applicable only to Debian and not to Ubuntu
#
-- name: Enable the testing repo in Debian
- ansible.builtin.lineinfile:
- state: present
- path: "/etc/apt/sources.list"
- line: "deb http://http.us.debian.org/debian/ testing non-free contrib main"
- when: hostvars[kubeinit_deployment_node_name].os == 'debian'
-
-- name: Update packages list
- ansible.builtin.command: apt-get update
- when: hostvars[kubeinit_deployment_node_name].os == 'debian'
- changed_when: false
-
+#- name: Enable the testing repo in Debian
+# ansible.builtin.lineinfile:
+# state: present
+# path: "/etc/apt/sources.list"
+# line: "deb http://http.us.debian.org/debian/ testing non-free contrib main"
+# when: hostvars[kubeinit_deployment_node_name].os == 'debian'
+#
+#- name: Update packages list
+# ansible.builtin.command: apt-get update
+# when: hostvars[kubeinit_deployment_node_name].os == 'debian'
+# changed_when: false
+#
#
# END:TODO:FIXME
#
@@ -80,6 +86,7 @@
ansible.builtin.package:
name: "{{ kubeinit_libvirt_hypervisor_dependencies.debian }}"
state: present
+ use: "{{ hostvars[inventory_hostname]['ansible_facts']['pkg_mgr'] }}"
when: hostvars[kubeinit_deployment_node_name].distribution_family == 'Debian'
register: _result_installed_packages_debian
diff --git a/kubeinit/roles/kubeinit_libvirt/templates/Install-Containerd.ps1.j2 b/kubeinit/roles/kubeinit_libvirt/templates/Install-Containerd.ps1.j2
deleted file mode 100644
index b2863034a..000000000
--- a/kubeinit/roles/kubeinit_libvirt/templates/Install-Containerd.ps1.j2
+++ /dev/null
@@ -1,260 +0,0 @@
-<#
-.SYNOPSIS
-Installs ContainerD on a Windows machines in preperation for joining the node to a Kubernetes cluster.
-
-.DESCRIPTION
-This script
-- Verifies that Windows Features requried for running contianers are enabled (and enables then if they are not)
-- Downloads ContainerD binaries from from at the version specified.
-- Downloads Windows SND CNI plugins.
-- Sets up a basic nat networking config for ContainerD to use until another CNI is configured
-- Registers ContainerD as a windows service.
-
-.PARAMETER ContainerDVersion
-ContainerD version to download and use.
-
-.PARAMETER netAdapterName
-Name of network adapter to use when configuring basic nat network.
-
-# From: https://github.com/kubernetes-sigs/sig-windows-tools/blob/master/kubeadm/scripts/Install-Containerd.ps1
-
-.EXAMPLE
-PS> .\Install-Conatinerd.ps1
-
-#>
-
-Param(
- [parameter(HelpMessage = "ContainerD version to use")]
- [string] $ContainerDVersion = "1.4.1",
- [parameter(HelpMessage = "Name of network adapter to use when configuring basic nat network")]
- [string] $netAdapterName = "Ethernet"
-)
-
-$ErrorActionPreference = 'Stop'
-
-function DownloadFile($destination, $source) {
- Write-Host("Downloading $source to $destination")
- curl.exe --silent --fail -Lo $destination $source
-
- if (!$?) {
- Write-Error "Download $source failed"
- exit 1
- }
-}
-
-<#
-.DESCRIPTION
-Computes a subnet for a gateway from the IPv4 IPAddress and PrefixLength properties
-for a given network adapter. This value is used for IPAM in a nat CNI config required for
-containerd.
-
-.NOTES
-This logic is adapted from
-https://github.com/containerd/containerd/blob/4a6b47d470d9f2dfc3d49f2819b968861dfa123e/script/setup/install-cni-windows
-
-.EXAMPLE
-PS> CalculateSubNet -gateway 172.16.5.8 -prefixLength 24
-172.16.5.0/8
-#>
-function CalculateSubNet {
- param (
- [string]$gateway,
- [int]$prefixLength
- )
- $len = $prefixLength
- $parts = $gateway.Split('.')
- $result = @()
- for ($i = 0; $i -le 3; $i++) {
- if ($len -ge 8) {
- $mask = 255
-
- }
- elseif ($len -gt 0) {
- $mask = ((256 - 2 * (8 - $len)))
- }
- else {
- $mask = 0
- }
- $len -= 8
- $result += ([int]$parts[$i] -band $mask)
- }
-
- $subnetIp = [string]::Join('.', $result)
- $cidr = 32 - $prefixLength
- return "${subnetIp}/$cidr"
-}
-
-$requiredWindowsFeatures = @(
- "Containers",
- "Hyper-V",
- "Hyper-V-PowerShell")
-
-function ValidateWindowsFeatures {
- $allFeaturesInstalled = $true
- foreach ($feature in $requiredWindowsFeatures) {
- $f = Get-WindowsFeature -Name $feature
- if (-not $f.Installed) {
- Write-Warning "Windows feature: '$feature' is not installed."
- $allFeaturesInstalled = $false
- }
- }
- return $allFeaturesInstalled
-}
-
-if (-not (ValidateWindowsFeatures)) {
- Write-Output "Installing required windows features..."
-
- foreach ($feature in $requiredWindowsFeatures) {
- Install-WindowsFeature -Name $feature
- }
-
- Write-Output "Please reboot and re-run this script."
- exit 0
-}
-
-Write-Output "Getting ContainerD binaries"
-$global:ConainterDPath = "$env:ProgramFiles\containerd"
-mkdir -Force $global:ConainterDPath | Out-Null
-DownloadFile "$global:ConainterDPath\containerd.tar.gz" https://github.com/containerd/containerd/releases/download/v${ContainerDVersion}/containerd-${ContainerDVersion}-windows-amd64.tar.gz
-tar.exe -xvf "$global:ConainterDPath\containerd.tar.gz" --strip=1 -C $global:ConainterDPath
-$env:Path += ";$global:ConainterDPath"
-[Environment]::SetEnvironmentVariable("Path", $env:Path, [System.EnvironmentVariableTarget]::Machine)
-containerd.exe config default | Out-File "$global:ConainterDPath\config.toml" -Encoding ascii
-
-# Config file fixups
-
-$config = Get-Content "$global:ConainterDPath\config.toml"
-$config = $config -replace "bin_dir = (.)*$", "bin_dir = `"c:/opt/cni/bin`""
-$config = $config -replace "conf_dir = (.)*$", "conf_dir = `"c:/etc/cni/net.d`""
-$config | Set-Content "$global:ConainterDPath\config.toml" -Force
-
-mkdir -Force c:\opt\cni\bin | Out-Null
-mkdir -Force c:\etc\cni\net.d | Out-Null
-
-Write-Output "Getting SDN CNI binaries from Microsoft"
-DownloadFile "c:\opt\cni\cni-plugins.zip" https://github.com/microsoft/windows-container-networking/releases/download/v0.3.0/windows-container-networking-cni-amd64-v0.3.0.zip
-Expand-Archive -Path "c:\opt\cni\cni-plugins.zip" -DestinationPath "c:\opt\cni\bin" -Force
-
-Write-Output "Getting SDN CNI binaries from CNI"
-# TODO:FIXME: We should use the ones from CNI but they do not work with containerd in 1.1.1
-# there should be released a new version supporting containerD
-curl.exe -OL https://github.com/containernetworking/plugins/releases/download/v1.1.1/cni-plugins-windows-amd64-v1.1.1.tgz
-tar.exe xvf .\cni-plugins-windows-amd64-v1.1.1.tgz -C C:\opt\cni\bin
-
-<#
-# We are not using NAT anymore
-Write-Output "Creating network config for nat network"
-$gateway = (Get-NetIPAddress -InterfaceAlias $netAdapterName -AddressFamily IPv4).IPAddress
-$prefixLength = (Get-NetIPAddress -InterfaceAlias $netAdapterName -AddressFamily IPv4).PrefixLength
-$subnet = CalculateSubNet -gateway $gateway -prefixLength $prefixLength
-
-@"
-{
- "cniVersion": "0.2.0",
- "name": "nat",
- "type": "nat",
- "master": "Ethernet",
- "ipam": {
- "subnet": "$subnet",
- "routes": [
- {
- "GW": "$gateway"
- }
- ]
- },
- "capabilities": {
- "portMappings": true,
- "dns": true
- }
-}
-"@ | Set-Content "c:\etc\cni\net.d\0-containerd-nat.json" -Force
-#>
-
-#
-# TODO:FIXME:CHECK
-#
-# What's the difference between sdnoverlay from
-# https://github.com/microsoft/windows-container-networking/releases/download/v0.3.0/windows-container-networking-cni-amd64-v0.3.0.zip
-# and win-overlay from
-# https://github.com/containernetworking/plugins/releases/download/v1.1.1/cni-plugins-windows-amd64-v1.1.1.tgz ?
-# we use the ones from
-# "type":"win-overlay",,.
-
-@"
-{
- "cniVersion": "0.3.0",
- "name": "vxlan0",
- "type": "sdnoverlay",
- "ipam": {
- "type": "host-local",
- "subnet": "10.244.0.0/16"
- },
- "apiVersion": 2,
- "capabilities": {
- "portMappings": true,
- "dns": true
- },
- "policies": [
- {
- "name": "EndpointPolicy",
- "value": {
- "Type": "OutBoundNAT",
- "Settings": {
- "Exceptions": [
- "10.244.0.0/16"
- ]
- }
- }
- },
- {
- "name": "EndpointPolicy",
- "value": {
- "Type": "SDNRoute",
- "Settings": {
- "DestinationPrefix": "10.244.0.0/16",
- "NeedEncap": true
- }
- }
- },
- {
- "name": "EndpointPolicy",
- "value": {
- "Type": "ProviderAddress",
- "Settings": {
- "ProviderAddress": "10.0.0.1"
- }
- }
- }
- ]
-}
-"@ | Set-Content "c:\etc\cni\net.d\net.json" -Force
-
-Add-MpPreference -ExclusionProcess "$global:ConainterDPath\containerd.exe"
-
-Write-Output "Registering ContainerD as a service"
-containerd.exe --register-service
-
-Write-Output "Starting ContainerD service"
-Start-Service containerd
-
-Write-Output "Done - please remember to add '--cri-socket `"npipe:////./pipe/containerd-containerd`"' to your kubeadm join command"
-
-# Install CriCtl and test it
-
-$CriCtlVersion = '1.24.2'
-curl.exe -LO "https://github.com/kubernetes-sigs/cri-tools/releases/download/v${CriCtlVersion}/crictl-v${CriCtlVersion}-windows-amd64.tar.gz"
-tar.exe xvzf ".\crictl-v${CriCtlVersion}-windows-amd64.tar.gz"
-mv crictl.exe "C:\Program Files\containerd"
-del ".\crictl-v${CriCtlVersion}-windows-amd64.tar.gz"
-
-mkdir -Force "$home\.crictl"
-@"
-runtime-endpoint: npipe://./pipe/containerd-containerd
-image-endpoint: npipe://./pipe/containerd-containerd
-timeout: 10
-"@ | Set-Content "$home\.crictl\crictl.yaml" -Force
-
-crictl -r "npipe:////./pipe/containerd-containerd" info
-crictl info
-
-Write-Host "Finishing Script"
diff --git a/kubeinit/roles/kubeinit_libvirt/templates/Install-Openssh.ps1.j2 b/kubeinit/roles/kubeinit_libvirt/templates/Install-Openssh.ps1.j2
deleted file mode 100644
index 40092d4fe..000000000
--- a/kubeinit/roles/kubeinit_libvirt/templates/Install-Openssh.ps1.j2
+++ /dev/null
@@ -1,55 +0,0 @@
-# From: https://github.com/openshift/windows-machine-config-operator/blob/master/docs/vsphere_ci/scripts/install-openssh.ps1
-
-# Powershell script to configure OpenSSH Server in Windows Server 1809 and later.
-#
-# USAGE
-# ./install-openssh.ps1
-# ./install-openssh.ps1
-# ./install-openssh.ps1 -keyfile=
-#
-# OPTIONS
-# $1 Path to public key file (Default: authorized_keys)
-
-# define param for key file path
-param ($keyfile='authorized_keys')
-# validate given keyfile
-if (-not(Test-Path -Path $keyfile -PathType Leaf)) {
- # log error and stop
- Write-Error -ErrorAction Stop -Message "Cannot find file: $keyfile"
-}
-
-# install OpenSSH server (See: https://docs.microsoft.com/en-us/windows-server/administration/openssh/openssh_install_firstuse)
-Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0
-# set service startup type
-Set-Service -Name ssh-agent -StartupType 'Automatic'
-Set-Service -Name sshd -StartupType 'Automatic'
-# start service
-Start-Service ssh-agent
-Start-Service sshd
-# configure key based-authentication
-$sshdConfigFilePath = "$env:ProgramData\ssh\sshd_config"
-$pubKeyConf = (Get-Content -path $sshdConfigFilePath) -replace '#PubkeyAuthentication yes','PubkeyAuthentication yes'
-$pubKeyConf | Set-Content -Path $sshdConfigFilePath
-$passwordConf = (Get-Content -path $sshdConfigFilePath) -replace '#PasswordAuthentication yes','PasswordAuthentication yes'
-$passwordConf | Set-Content -Path $sshdConfigFilePath
-# create key file in configuration
-$authorizedKeyConf = "$env:ProgramData\ssh\administrators_authorized_keys"
-New-Item -Force $authorizedKeyConf
-# setup the provided authorized public key
-Get-Content $keyfile | Out-File $authorizedKeyConf -Encoding ascii
-# configure file acl
-$acl = Get-Acl $authorizedKeyConf
-# disable inheritance
-$acl.SetAccessRuleProtection($true, $false)
-# set full control for Administrators
-$administratorsRule = New-Object system.security.accesscontrol.filesystemaccessrule("Administrators","FullControl","Allow")
-$acl.SetAccessRule($administratorsRule)
-# set full control for SYSTEM
-$systemRule = New-Object system.security.accesscontrol.filesystemaccessrule("SYSTEM","FullControl","Allow")
-$acl.SetAccessRule($systemRule)
-# apply file acl
-$acl | Set-Acl
-# restart service
-Restart-Service sshd
-# success
-exit 0
diff --git a/kubeinit/roles/kubeinit_libvirt/templates/PrepareFlannel.ps1.j2 b/kubeinit/roles/kubeinit_libvirt/templates/PrepareFlannel.ps1.j2
deleted file mode 100644
index 6dac813d2..000000000
--- a/kubeinit/roles/kubeinit_libvirt/templates/PrepareFlannel.ps1.j2
+++ /dev/null
@@ -1,168 +0,0 @@
-Param(
- [parameter(Mandatory = $true)] $ManagementIP,
- [parameter(Mandatory = $true)] $Hostname,
- [ValidateSet("l2bridge", "overlay",IgnoreCase = $true)] $NetworkMode="l2bridge",
- [parameter(Mandatory = $false)] $ClusterCIDR="10.244.0.0/16",
- [parameter(Mandatory = $false)] $KubeDnsServiceIP="10.96.0.10",
- [parameter(Mandatory = $false)] $LogDir="C:\k",
- [parameter(Mandatory = $false)] $KubeletSvc="kubelet",
- [parameter(Mandatory = $false)] $KubeProxySvc="kube-proxy",
- [parameter(Mandatory = $false)] $FlanneldSvc="flanneld"
-)
-
-# $ManagementIP: is the nodes host IP not the cluster's controller IP
-
-# nssm is already installed
-$global:NssmInstallDirectory = "$env:ProgramFiles\nssm"
-$env:path += ";$global:NssmInstallDirectory"
-$newPath = "$global:NssmInstallDirectory;" +
-[Environment]::GetEnvironmentVariable("PATH", [EnvironmentVariableTarget]::Machine)
-
-[Environment]::SetEnvironmentVariable("PATH", $newPath, [EnvironmentVariableTarget]::Machine)
-
-# From: https://raw.githubusercontent.com/microsoft/SDN/master/Kubernetes/flannel/register-svc.ps1
-
-$GithubSDNRepository = 'Microsoft/SDN'
-if ((Test-Path env:GITHUB_SDN_REPOSITORY) -and ($env:GITHUB_SDN_REPOSITORY -ne ''))
-{
- $GithubSDNRepository = $env:GITHUB_SDN_REPOSITORY
-}
-
-$helper = "c:\k\helper.psm1"
-if (!(Test-Path $helper))
-{
- curl.exe -L "https://raw.githubusercontent.com/$GithubSDNRepository/master/Kubernetes/windows/helper.psm1" -o c:\k\helper.psm1
-}
-ipmo $helper
-
-# $Hostname="{{ kubeinit_deployment_node_name }}.{{ kubeinit_cluster_fqdn }}"
-$NetworkMode = $NetworkMode.ToLower()
-cd c:\k
-
-# This is done at the PrepareRequirements.ps1 step
-<#
-@"
-{
- "Network": "10.244.0.0/16",
- "Backend": {
- "name": "vxlan0",
- "type": "vxlan"
- }
-}
-"@ | Set-Content "C:\etc\kube-flannel\net-conf.json" -Force
-#>
-
-Write-Host "Registering flanneld"
-# register flanneld
-$Env:NODE_NAME = "$Hostname"
-nssm install $FlanneldSvc C:\opt\cni\bin\flanneld.exe
-nssm set $FlanneldSvc AppParameters --kubeconfig-file=c:\k\config --iface=$ManagementIP --ip-masq=1 --kube-subnet-mgr=1
-nssm set $FlanneldSvc AppEnvironmentExtra NODE_NAME=$Hostname
-nssm set $FlanneldSvc AppDirectory C:\etc\kube-flannel\
-nssm start $FlanneldSvc
-
-# Running something like:
-# $Env:NODE_NAME = "compute-01.k8scluster.kubeinit.local"
-# c:\opt\cni\bin\flanneld.exe --kubeconfig-file=c:\k\config --iface=10.0.0.2 --ip-masq=1 --kube-subnet-mgr=1
-
-
-Write-Host "Registering kube-proxy"
-# register kube-proxy
-nssm install $KubeProxySvc C:\k\kube-proxy.exe
-nssm set $KubeProxySvc AppDirectory c:\k
-
-if ($NetworkMode -eq "l2bridge")
-{
- nssm set $KubeProxySvc AppEnvironmentExtra KUBE_NETWORK=cbr0
- nssm set $KubeProxySvc AppParameters --v=4 --proxy-mode=kernelspace --hostname-override=$Hostname --kubeconfig=c:\k\config --cluster-cidr=$ClusterCIDR --log-dir=$LogDir --logtostderr=false
-}
-elseif ($NetworkMode -eq "overlay")
-{
- if((Test-Path c:/k/sourceVip.json))
- {
- $sourceVipJSON = Get-Content sourceVip.json | ConvertFrom-Json
- $sourceVip = $sourceVipJSON.ip4.ip.Split("/")[0]
- }
- nssm set $KubeProxySvc AppParameters --v=4 --proxy-mode=kernelspace --feature-gates="WinOverlay=true" --hostname-override=$Hostname --kubeconfig=c:\k\config --network-name=vxlan0 --source-vip=$sourceVip --enable-dsr=false --cluster-cidr=$ClusterCIDR --log-dir=$LogDir --logtostderr=false
-}
-nssm set $KubeProxySvc DependOnService $KubeletSvc
-nssm start $KubeProxySvc
-
-<#
-$env:Path += ";C:\k;C:\Program Files\containerd;C:\Program Files\nssm"
-
-nssm stop containerd
-Import-Module "c:\k\hns.psm1"
-Get-NetAdapter
-get-hnsnetwork | remove-hnsnetwork
-Get-NetAdapter
-
-# This will drop the connection for a second
-Import-Module "c:\k\hns.psm1"
-# We do this when the guest is created
-#New-HNSNetwork -Type 'Overlay' -AddressPrefix "10.244.0.0/16" -Gateway "10.244.0.1" -Name "vxlan0" -AdapterName "$((Get-NetAdapter -Physical).Name)" -SubnetPolicies @(@{Type = "VSID"; VSID = 4096; }) -Verbose
-
-
-$env:Path += ";C:\k;C:\Program Files\containerd;C:\Program Files\nssm"
-Remove-Item c:\etc\cni\net.d\0-containerd-nat.json
-
-#"search": [
-# "svc.k8scluster.kubeinit.local"
-#]
-
-
-@"
-{
- "cniVersion": "0.3.0",
- "name": "vxlan0",
- "type": "sdnoverlay",
- "ipam": {
- "type": "host-local",
- "subnet": "10.244.0.0/16"
- },
- "apiVersion": 2,
- "capabilities": {
- "portMappings": true,
- "dns": true
- },
- "policies": [
- {
- "name": "EndpointPolicy",
- "value": {
- "Type": "OutBoundNAT",
- "Settings": {
- "Exceptions": [
- "10.244.0.0/16"
- ]
- }
- }
- },
- {
- "name": "EndpointPolicy",
- "value": {
- "Type": "SDNRoute",
- "Settings": {
- "DestinationPrefix": "10.244.0.0/16",
- "NeedEncap": true
- }
- }
- },
- {
- "name": "EndpointPolicy",
- "value": {
- "Type": "ProviderAddress",
- "Settings": {
- "ProviderAddress": "10.0.0.1"
- }
- }
- }
- ]
-}
-"@ | Set-Content "c:\etc\cni\net.d\net.json" -Force
-
-
-nssm restart containerd
-nssm restart flanneld
-#>
-
-Write-Host "Finishing Script"
diff --git a/kubeinit/roles/kubeinit_libvirt/templates/PrepareNode.ps1.j2 b/kubeinit/roles/kubeinit_libvirt/templates/PrepareNode.ps1.j2
deleted file mode 100644
index bd7529646..000000000
--- a/kubeinit/roles/kubeinit_libvirt/templates/PrepareNode.ps1.j2
+++ /dev/null
@@ -1,228 +0,0 @@
-<#
-.SYNOPSIS
-Assists with preparing a Windows VM prior to calling kubeadm join
-
-.DESCRIPTION
-This script assists with joining a Windows node to a cluster.
-- Downloads Kubernetes binaries (kubelet, kubeadm) at the version specified
-- Registers wins as a service in order to run kube-proxy and cni as DaemonSets.
-- Registers kubelet as an nssm service. More info on nssm: https://nssm.cc/
-
-.PARAMETER KubernetesVersion
-Kubernetes version to download and use
-
-.PARAMETER ContainerRuntime
-Container that Kubernetes will use. (Docker or containerD)
-
-.EXAMPLE
-PS> .\PrepareNode.ps1 -KubernetesVersion v1.19.3 -ContainerRuntime containerD
-
-#>
-
-Param(
- [parameter(Mandatory = $true, HelpMessage="Kubernetes version to use")]
- [string] $KubernetesVersion,
- [parameter(HelpMessage="Container runtime that Kubernets will use")]
- [ValidateSet("containerD", "Docker")]
- [string] $ContainerRuntime = "Docker"
-)
-$ErrorActionPreference = 'Stop'
-
-function DownloadFile($destination, $source) {
- Write-Host("Downloading $source to $destination")
- curl.exe --silent --fail -Lo $destination $source
-
- if (!$?) {
- Write-Error "Download $source failed"
- exit 1
- }
-}
-
-if ($ContainerRuntime -eq "Docker") {
- if (-not(Test-Path "//./pipe/docker_engine")) {
- Write-Error "Docker service was not detected - please install start Docker before calling PrepareNode.ps1 with -ContainerRuntime Docker"
- exit 1
- }
-} elseif ($ContainerRuntime -eq "containerD") {
- if (-not(Test-Path "//./pipe/containerd-containerd")) {
- Write-Error "ContainerD service was not detected - please install and start containerD before calling PrepareNode.ps1 with -ContainerRuntime containerD"
- exit 1
- }
-}
-
-if (!$KubernetesVersion.StartsWith("v")) {
- $KubernetesVersion = "v" + $KubernetesVersion
-}
-Write-Host "Using Kubernetes version: $KubernetesVersion"
-$global:Powershell = (Get-Command powershell).Source
-$global:PowershellArgs = "-ExecutionPolicy Bypass -NoProfile"
-$global:KubernetesPath = "$env:SystemDrive\k"
-$global:StartKubeletScript = "$global:KubernetesPath\StartKubelet.ps1"
-$global:NssmInstallDirectory = "$env:ProgramFiles\nssm"
-$kubeletBinPath = "$global:KubernetesPath\kubelet.exe"
-
-mkdir -force "$global:KubernetesPath"
-$env:Path += ";$global:KubernetesPath"
-[Environment]::SetEnvironmentVariable("Path", $env:Path, [System.EnvironmentVariableTarget]::Machine)
-
-DownloadFile $kubeletBinPath https://dl.k8s.io/$KubernetesVersion/bin/windows/amd64/kubelet.exe
-DownloadFile "$global:KubernetesPath\kubeadm.exe" https://dl.k8s.io/$KubernetesVersion/bin/windows/amd64/kubeadm.exe
-DownloadFile "$global:KubernetesPath\wins.exe" https://github.com/rancher/wins/releases/download/v0.0.4/wins.exe
-
-if ($ContainerRuntime -eq "Docker") {
- # Create host network to allow kubelet to schedule hostNetwork pods
- # NOTE: For containerd the 0-containerd-nat.json network config template added by
- # Install-containerd.ps1 joins pods to the host network.
- Write-Host "Creating Docker host network"
- docker network create -d nat host
-} elseif ($ContainerRuntime -eq "containerD") {
- DownloadFile "c:\k\hns.psm1" https://github.com/Microsoft/SDN/raw/master/Kubernetes/windows/hns.psm1
- Import-Module "c:\k\hns.psm1"
- # TODO(marosset): check if network already exists before creatation
- # New-HnsNetwork -Type NAT -Name nat
- # We do this at deploy_windows_guest.yml
- <#
- Import-Module "c:\k\hns.psm1"
- New-HNSNetwork -Type "Overlay" `
- -AddressPrefix "10.244.0.0/16" `
- -Gateway "10.244.0.1" `
- -Name "vxlan0" `
- -AdapterName "$((Get-NetAdapter -Physical).Name)" `
- -SubnetPolicies @(@{Type = "VSID"; VSID = 4096; }) `
- -Verbose
- #>
-}
-
-Write-Host "Registering wins service"
-wins.exe srv app run --register
-start-service rancher-wins
-
-mkdir -force C:\var\log\kubelet
-mkdir -force C:\var\lib\kubelet\etc\kubernetes
-mkdir -force C:\etc\kubernetes\pki
-New-Item -path C:\var\lib\kubelet\etc\kubernetes\pki -type SymbolicLink -value C:\etc\kubernetes\pki\
-
-# The following parameters are deprecated when starting the kubelet service
-# --network-plugin=cni
-# --image-pull-progress-deadline=20m
-# The following files do not exist
-# --bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf
-# --config=/var/lib/kubelet/config.yaml
-
-#
-# This pattern will build a startup script for the kubelet nssm service to start
-#
-$StartKubeletFileContent = '
-if (Test-Path -Path /var/lib/kubelet/kubeadm-flags.env ) {
- $FileContent = Get-Content -Path "/var/lib/kubelet/kubeadm-flags.env"
- $global:KubeletArgs = $FileContent.TrimStart(''KUBELET_KUBEADM_ARGS='').Trim(''"'')
-}else{
- $global:KubeletArgs = ""
-}
-
-$global:containerRuntime = {% raw %}{{CONTAINER_RUNTIME}}{% endraw %}
-
-if ($global:containerRuntime -eq "Docker") {
- $netId = docker network ls -f name=host --format "{% raw %}{{ .ID }}{% endraw %}"
-
- if ($netId.Length -lt 1) {
- docker network create -d nat host
- }
-}
-
-$cmd = "C:\k\kubelet.exe $global:KubeletArgs --container-runtime-endpoint=npipe:////./pipe/containerd-containerd --cert-dir=$env:SYSTEMDRIVE\var\lib\kubelet\pki --kubeconfig=/k/config --hostname-override={{ kubeinit_deployment_node_name }}.{{ kubeinit_cluster_fqdn }} --pod-infra-container-image=`"mcr.microsoft.com/oss/kubernetes/pause:3.6`" --enable-debugging-handlers --cgroups-per-qos=false --enforce-node-allocatable=`"`" --resolv-conf=`"`" --log-dir=/var/log/kubelet --logtostderr=true"
-
-Invoke-Expression $cmd'
-#
-# End script rendering
-#
-
-$StartKubeletFileContent = $StartKubeletFileContent -replace "{% raw %}{{CONTAINER_RUNTIME}}{% endraw %}", "`"$ContainerRuntime`""
-Set-Content -Path $global:StartKubeletScript -Value $StartKubeletFileContent
-
-Write-Host "Installing nssm"
-$arch = "win32"
-if ([Environment]::Is64BitOperatingSystem) {
- $arch = "win64"
-}
-
-mkdir -Force $global:NssmInstallDirectory
-DownloadFile nssm.zip https://k8stestinfrabinaries.blob.core.windows.net/nssm-mirror/nssm-2.24.zip
-tar C $global:NssmInstallDirectory -xvf .\nssm.zip --strip-components 2 */$arch/*.exe
-Remove-Item -Force .\nssm.zip
-
-$env:path += ";$global:NssmInstallDirectory"
-$newPath = "$global:NssmInstallDirectory;" +
-[Environment]::GetEnvironmentVariable("PATH", [EnvironmentVariableTarget]::Machine)
-
-[Environment]::SetEnvironmentVariable("PATH", $newPath, [EnvironmentVariableTarget]::Machine)
-
-Write-Host "Registering kubelet service"
-
-# This nssm service will run the script defined in c:\k\StartKubelet.ps1
-# In the case is not working run the script directly
-nssm install kubelet $global:Powershell $global:PowershellArgs $global:StartKubeletScript
-
-if ($ContainerRuntime -eq "Docker") {
- nssm set kubelet DependOnService docker
-} elseif ($ContainerRuntime -eq "containerD") {
- nssm set kubelet DependOnService containerd
-}
-
-<#
-# Testing containerD with crictl
-# All the following commands should work
-$env:Path += ";C:\k;C:\Program Files\containerd;C:\Program Files\nssm"
-cd 'C:\Program Files\containerd\'
-crictl pull k8s.gcr.io/pause:3.6
-crictl pull mcr.microsoft.com/windows/servercore:ltsc2022
-
-# Creating a sandbox / Pod
-@"
-{
- "metadata": {
- "name": "pause-sandbox",
- "namespace": "default",
- "attempt": 1,
- "uid": "hdishd83djaihhhduwk28bcsb"
- },
- "log_directory": "/tmp",
- "linux": {
- }
-}
-"@ | Set-Content "pod-config.json" -Force
-$POD_ID=(crictl runp .\pod-config.json)
-@"
-{
- "metadata": {
- "name": "mycont"
- },
- "image":{
- "image": "mcr.microsoft.com/windows/servercore:ltsc2022"
- },
- "command": ["cmd", "/c", "ping -t 127.0.0.1"]
-}
-"@ | Set-Content "container-config.json" -Force
-
-$CONTAINER_ID=(crictl create $POD_ID .\container-config.json .\pod-config.json)
-crictl start $CONTAINER_ID
-crictl exec $CONTAINER_ID ipconfig
-hcsdiag list
-
-# Run the pod
-crictl runp .\pod-config.json
-
-# Get the pods
-crictl pods
-
-# Get Hns network information
-Get-HnsNetwork
-
-# Inspect the pod ID:
-crictl inspect --output table $CONTAINER_ID
-
-# This should return a table with all the pods created (their interfaces)
-Get-NetAdapter
-#>
-
-Write-Host "Finishing Script"
diff --git a/kubeinit/roles/kubeinit_libvirt/templates/PrepareRequirements.ps1.j2 b/kubeinit/roles/kubeinit_libvirt/templates/PrepareRequirements.ps1.j2
deleted file mode 100644
index c2f9a45ac..000000000
--- a/kubeinit/roles/kubeinit_libvirt/templates/PrepareRequirements.ps1.j2
+++ /dev/null
@@ -1,29 +0,0 @@
-$KubernetesVersion = "v1.24.2"
-$global:KubernetesPath = "$env:SystemDrive\k"
-New-Item $global:KubernetesPath -Force -ItemType Directory | Out-Null
-
-curl.exe -L https://github.com/Microsoft/SDN/raw/master/Kubernetes/windows/hns.psm1 -o $global:KubernetesPath\hns.psm1
-curl.exe -L https://github.com/rancher/wins/releases/download/v0.2.10/wins.exe -o $global:KubernetesPath\wins.exe
-curl.exe -L https://dl.k8s.io/$KubernetesVersion/bin/windows/amd64/kubeadm.exe -o $global:KubernetesPath\kubeadm.exe
-curl.exe -L https://dl.k8s.io/$KubernetesVersion/bin/windows/amd64/kubectl.exe -o $global:KubernetesPath\kubectl.exe
-curl.exe -L https://dl.k8s.io/$KubernetesVersion/bin/windows/amd64/kubelet.exe -o $global:KubernetesPath\kubelet.exe
-curl.exe -L https://dl.k8s.io/$KubernetesVersion/bin/windows/amd64/kube-proxy.exe -o $global:KubernetesPath\kube-proxy.exe
-
-New-Item C:\opt\cni\bin -Force -ItemType Directory | Out-Null
-# TODO:FIXME:The flanneld binary shouldn't be stored in C:\opt\cni\bin\
-curl.exe -L https://github.com/coreos/flannel/releases/download/v0.18.1/flanneld.exe -o C:\opt\cni\bin\flanneld.exe
-
-# setup flannel config
-New-Item C:\etc\kube-flannel\ -Force -ItemType Directory | Out-Null
-@"
-{
- "Network": "10.244.0.0/16",
- "Backend": {
- "Type": "vxlan",
- "VNI": 4096,
- "Port": 4789
- }
-}
-"@ | Set-Content C:\etc\kube-flannel\net-conf.json -Force | Out-Null
-
-Write-Host "Finishing Script"
diff --git a/kubeinit/roles/kubeinit_libvirt/templates/SetNet.ps1.j2 b/kubeinit/roles/kubeinit_libvirt/templates/SetNet.ps1.j2
deleted file mode 100644
index 6dbc792cb..000000000
--- a/kubeinit/roles/kubeinit_libvirt/templates/SetNet.ps1.j2
+++ /dev/null
@@ -1,30 +0,0 @@
-# Initial steps that will run from the autounattend.xml file the first time the guest boots up
-Rename-NetAdapter -Name "Ethernet Instance 0" -NewName "Ethernet"
-
-# We disable the firewall completely
-Set-NetFirewallProfile -All -Enabled False
-
-<#
-# This step didnt work, the hns network is not created and there are no logs about the error
-New-Item C:\k -Force -ItemType Directory | Out-Null
-curl.exe --silent --fail -Lo C:\k\hns.psm1 https://github.com/Microsoft/SDN/raw/master/Kubernetes/windows/hns.psm1
-Import-Module "C:\k\hns.psm1"
-New-HNSNetwork -Type "Overlay" `
- -AddressPrefix "10.244.0.0/16" `
- -Gateway "10.244.0.1" `
- -Name "vxlan0" `
- -AdapterName "$((Get-NetAdapter -Physical).Name)" `
- -SubnetPolicies @(@{Type = "VSID"; VSID = 4096; }) `
- -Verbose
-
-# We could open specific ports instead of disabling the firewall
-New-NetFirewallRule -Name kubelet2379 -DisplayName "Kubelet2379" -LocalPort 2379 -Enabled True -Direction Inbound -Protocol TCP -Action Allow -EdgeTraversalPolicy Allow
-New-NetFirewallRule -Name kubelet2380 -DisplayName "Kubelet2380" -LocalPort 2380 -Enabled True -Direction Inbound -Protocol TCP -Action Allow -EdgeTraversalPolicy Allow
-New-NetFirewallRule -Name kubelet4789 -DisplayName "Kubelet4789" -LocalPort 4789 -Enabled True -Direction Inbound -Protocol TCP -Action Allow -EdgeTraversalPolicy Allow
-New-NetFirewallRule -Name kubelet6443 -DisplayName "Kubelet6443" -LocalPort 6443 -Enabled True -Direction Inbound -Protocol TCP -Action Allow -EdgeTraversalPolicy Allow
-New-NetFirewallRule -Name kubelet10248 -DisplayName "Kubelet10248" -LocalPort 10248 -Enabled True -Direction Inbound -Protocol TCP -Action Allow -EdgeTraversalPolicy Allow
-New-NetFirewallRule -Name kubelet10250 -DisplayName "Kubelet10250" -LocalPort 10250 -Enabled True -Direction Inbound -Protocol TCP -Action Allow -EdgeTraversalPolicy Allow
-New-NetFirewallRule -Name kubelet10251 -DisplayName "Kubelet10251" -LocalPort 10251 -Enabled True -Direction Inbound -Protocol TCP -Action Allow -EdgeTraversalPolicy Allow
-New-NetFirewallRule -Name kubelet10252 -DisplayName "Kubelet10252" -LocalPort 10252 -Enabled True -Direction Inbound -Protocol TCP -Action Allow -EdgeTraversalPolicy Allow
-New-NetFirewallRule -Name kubelet10255 -DisplayName "Kubelet10254" -LocalPort 10255 -Enabled True -Direction Inbound -Protocol TCP -Action Allow -EdgeTraversalPolicy Allow
-#>
diff --git a/kubeinit/roles/kubeinit_libvirt/templates/autounattend.xml.j2 b/kubeinit/roles/kubeinit_libvirt/templates/autounattend.xml.j2
deleted file mode 100644
index f75329f76..000000000
--- a/kubeinit/roles/kubeinit_libvirt/templates/autounattend.xml.j2
+++ /dev/null
@@ -1,315 +0,0 @@
-
-
-
-
-
-
- en-US
-
- en-US
- en-US
- en-US
- en-US
-
-
-
-
-
-
- E:\amd64\2k22
-
-
- E:\Balloon\2k22
-
-
- E:\NetKVM\2k22
-
-
- E:\smbus\2k22
-
-
-
-
-
-
-
- OnError
-
-
-
- 250
- 1
- Primary
-
-
- 2
- true
- Primary
-
-
-
-
-
- 1
- 1
- NTFS
-
- true
-
-
- 2
- 2
- NTFS
-
-
-
-
- 0
- true
-
-
-
-
-
-
-
-
- /IMAGE/NAME
- Windows Server 2022 SERVERDATACENTER
-
-
-
- 0
- 2
-
- OnError
- false
-
-
-
-
-
- true
-
- OnError
-
-
-
-
-
-
-
-
-
- Central Standard Time
- {{ kubeinit_deployment_node_name }}
-
-
-
-
- {{ hostvars[kubeinit_cluster_name].cluster_domain }}
-
-
-
-
- false
-
-
-
-
-
- true
- Remote Desktop
- all
-
-
-
-
-
- 2
- 1
-
-
-
- true
-
-
-
-
-
-
-
-
- true
- true
- true
- true
- true
- Home
- 3
-
-
-
-
-
- Passw0rd
- true
-
-
-
-
- Passw0rd
- true
-
- root
- root
- administrators
- root
-
-
-
-
-
-
- Passw0rd
- true
-
- true
- 50
- Administrator
-
-
-
-
-
- 1
- Set Execution Policy 64 Bit
- cmd.exe /c powershell -Command "Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Force"
- true
-
-
- 2
- Set Execution Policy 32 Bit
- C:\Windows\SysWOW64\cmd.exe /c powershell -Command "Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Force"
- true
-
-
- 3
- Install and configure OpenSSH Server
- cmd.exe /c powershell.exe -File F:\Install-Openssh.ps1 "F:\authorized_keys"
-
-
- 4
- Create a L2Bridge to trigger a vSwitch creation. Do this only once
- cmd.exe /c powershell.exe -File F:\SetNet.ps1
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/kubeinit/roles/kubeinit_nexus/README.md b/kubeinit/roles/kubeinit_nexus/README.md
deleted file mode 100644
index 1c15095e2..000000000
--- a/kubeinit/roles/kubeinit_nexus/README.md
+++ /dev/null
@@ -1,3 +0,0 @@
-Please, refer to the kubeinit_nexus role
-[official docs](https://kubeinit.github.io/kubeinit/roles/role-kubeinit_nexus.html)
-for further information.
diff --git a/kubeinit/roles/kubeinit_nexus/defaults/main.yml b/kubeinit/roles/kubeinit_nexus/defaults/main.yml
deleted file mode 100644
index b487d8c2b..000000000
--- a/kubeinit/roles/kubeinit_nexus/defaults/main.yml
+++ /dev/null
@@ -1,28 +0,0 @@
----
-# Copyright kubeinit contributors
-# All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-
-# All variables intended for modification should be placed in this file.
-
-# All variables within this role should have a prefix of "kubeinit_nexus_"
-kubeinit_nexus_debug: "{{ (ansible_verbosity | int) >= 2 | bool }}"
-kubeinit_nexus_hide_sensitive_logs: true
-
-kubeinit_nexus_directory: /var/kubeinit/nexus
-kubeinit_nexus_directory_data: "{{ kubeinit_nexus_directory }}/data"
-
-kubeinit_nexus_directories:
- - "{{ kubeinit_nexus_directory_data }}"
diff --git a/kubeinit/roles/kubeinit_nexus/files/.gitkeep b/kubeinit/roles/kubeinit_nexus/files/.gitkeep
deleted file mode 100644
index e69de29bb..000000000
diff --git a/kubeinit/roles/kubeinit_nexus/handlers/main.yml b/kubeinit/roles/kubeinit_nexus/handlers/main.yml
deleted file mode 100644
index 9490b54cc..000000000
--- a/kubeinit/roles/kubeinit_nexus/handlers/main.yml
+++ /dev/null
@@ -1,15 +0,0 @@
----
-# Copyright kubeinit contributors
-# All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
diff --git a/kubeinit/roles/kubeinit_nexus/meta/main.yml b/kubeinit/roles/kubeinit_nexus/meta/main.yml
deleted file mode 100644
index 461c90b5f..000000000
--- a/kubeinit/roles/kubeinit_nexus/meta/main.yml
+++ /dev/null
@@ -1,44 +0,0 @@
----
-# Copyright kubeinit contributors
-# All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-
-galaxy_info:
- author: KubeInit
- role_name: kubeinit_nexus
- namespace: kubeinit
- description: KubeInit Role -- kubeinit_nexus
- company: Red Hat
- license: Apache-2.0
- min_ansible_version: 2.9
- #
- # Provide a list of supported platforms, and for each platform a list of versions.
- # If you don't wish to enumerate all versions for a particular platform, use 'all'.
- # To view available platforms and versions (or releases), visit:
- # https://galaxy.ansible.com/api/v1/platforms/
- #
- platforms:
- - name: CentOS
- versions:
- - 7
- - 8
-
- galaxy_tags:
- - kubeinit
-
-
-# List your role dependencies here, one per line. Be sure to remove the '[]' above,
-# if you add dependencies to this list.
-dependencies: []
diff --git a/kubeinit/roles/kubeinit_nexus/molecule/default/converge.yml b/kubeinit/roles/kubeinit_nexus/molecule/default/converge.yml
deleted file mode 100644
index ccb72715a..000000000
--- a/kubeinit/roles/kubeinit_nexus/molecule/default/converge.yml
+++ /dev/null
@@ -1,25 +0,0 @@
----
-# Copyright kubeinit contributors
-# All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-
-- name: Converge
- hosts: all
- # roles:
- # - role: "kubeinit_nexus"
- tasks:
- - name: Message for "kubeinit_nexus"
- ansible.builtin.debug:
- msg: Finishing molecule for "kubeinit_nexus"
diff --git a/kubeinit/roles/kubeinit_nexus/molecule/default/molecule.yml b/kubeinit/roles/kubeinit_nexus/molecule/default/molecule.yml
deleted file mode 100644
index b5d8023ed..000000000
--- a/kubeinit/roles/kubeinit_nexus/molecule/default/molecule.yml
+++ /dev/null
@@ -1,13 +0,0 @@
----
-dependency:
- name: galaxy
-driver:
- name: docker
-platforms:
- - name: instance
- image: quay.io/centos/centos:stream8
- pre_build_image: true
-provisioner:
- name: ansible
-verifier:
- name: ansible
diff --git a/kubeinit/roles/kubeinit_nexus/molecule/default/verify.yml b/kubeinit/roles/kubeinit_nexus/molecule/default/verify.yml
deleted file mode 100644
index 86afba4ff..000000000
--- a/kubeinit/roles/kubeinit_nexus/molecule/default/verify.yml
+++ /dev/null
@@ -1,9 +0,0 @@
----
-# This is an example playbook to execute Ansible tests.
-
-- name: Verify
- hosts: all
- tasks:
- - name: Example assertion
- ansible.builtin.assert:
- that: true
diff --git a/kubeinit/roles/kubeinit_nexus/tasks/main.yml b/kubeinit/roles/kubeinit_nexus/tasks/main.yml
deleted file mode 100644
index 1a050e432..000000000
--- a/kubeinit/roles/kubeinit_nexus/tasks/main.yml
+++ /dev/null
@@ -1,231 +0,0 @@
----
-# Copyright kubeinit contributors
-# All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-
-- name: Create Nexus folders
- ansible.builtin.file:
- path: "{{ item | safe | trim }}"
- state: directory
- recurse: yes
- mode: '0755'
- loop: "{{ kubeinit_nexus_directories }}"
-
-- name: Create nexus-data subfolders
- ansible.builtin.file:
- path: "{{ item | safe | trim }}"
- state: directory
- recurse: yes
- mode: '0755'
- loop:
- - "{{ kubeinit_nexus_directory_data }}/etc/ssl"
- - "{{ kubeinit_nexus_directory_data }}/log"
- - "{{ kubeinit_nexus_directory_data }}/tmp"
-
-- name: Create the property file update script
- ansible.builtin.copy:
- content: |
- #!/bin/bash
- set -eo pipefail
- cp /opt/sonatype/nexus/etc/nexus-default.properties /nexus-data/etc/nexus.properties
- sed -i -e 's/^\([^#]\)/# \1/' -e 's/^# nexus-args=/nexus-args=/' -e 's/jetty-http/jetty-https/' -e 's/# application-port=8081/application-port-ssl=8443/' -e '$ a ssl.etc=${karaf.data}/etc/ssl' -e '$ a nexus.scripts.allowCreation=true' /nexus-data/etc/nexus.properties
- sed -i -e '/New id="sslContextFactory"/ a REPLACE_ME' -e 's;REPLACE_ME; {{ kubeinit_cluster_name }}-nexus;' /opt/sonatype/nexus/etc/jetty/jetty-https.xml
- dest: "{{ kubeinit_nexus_directory_data }}/update-props.sh"
- mode: '0644'
-
-- name: Install buildah if required
- ansible.builtin.package:
- state: present
- name: "buildah"
-
-- name: Remove any old nexus buildah container
- ansible.builtin.shell: |
- set -o pipefail
- buildah rm {{ kubeinit_cluster_name }}-nexus || true
- args:
- executable: /bin/bash
- register: _result
- changed_when: "_result.rc == 0"
-
-- name: Create a new working container image
- ansible.builtin.command: buildah from --name {{ kubeinit_cluster_name }}-nexus --volume "{{ kubeinit_nexus_directory_data }}:/nexus-data" quay.io/kubeinit/nexus3:3.30.0
- register: _result
- changed_when: "_result.rc == 0"
-
-- name: Set working directory inside container
- ansible.builtin.command: buildah config --workingdir /nexus-data/tmp {{ kubeinit_cluster_name }}-nexus
- register: _result
- changed_when: "_result.rc == 0"
-
-- name: Update image
- ansible.builtin.command: buildah run --user root:root {{ kubeinit_cluster_name }}-nexus -- dnf update -q -y
- register: _result
- changed_when: "_result.rc == 0"
-
-- name: Create java keystore
- ansible.builtin.command: buildah run --user root:root {{ kubeinit_cluster_name }}-nexus -- keytool -genkeypair -keystore keystore.jks -storepass password -keypass password -alias {{ kubeinit_cluster_name }}-nexus -keyalg RSA -keysize 2048 -validity 5000 -dname "CN=*.{{ kubeinit_cluster_fqdn }}, OU={{ hostvars['kubeinit-env'].certificate_organizational_unit }}, O={{ hostvars['kubeinit-env'].certificate_organization }}, L={{ hostvars['kubeinit-env'].certificate_locality }}, ST={{ hostvars['kubeinit-env'].certificate_state }}, C={{ hostvars['kubeinit-env'].certificate_country }}" -ext "SAN=DNS:{{ kubeinit_nexus_fqdn }},IP:{{ kubeinit_nexus_service_address }}" -ext "BC=ca:true"
- register: _result
- changed_when: "_result.rc == 0"
-
-- name: Copy keystore file
- ansible.builtin.command: buildah run --user root:root {{ kubeinit_cluster_name }}-nexus -- keytool -importkeystore -srckeystore keystore.jks -srcstorepass password -destkeystore keystore.jks -deststoretype pkcs12
- register: _result
- changed_when: "_result.rc == 0"
-
-- name: Copy keystore file
- ansible.builtin.command: buildah run --user root:root {{ kubeinit_cluster_name }}-nexus -- keytool -export -alias {{ kubeinit_cluster_name }}-nexus -keystore keystore.jks -storepass password -rfc -file public.cert
- register: _result
- changed_when: "_result.rc == 0"
-
-- name: Copy keystore file
- ansible.builtin.command: buildah run --user root:root {{ kubeinit_cluster_name }}-nexus -- cp keystore.jks public.cert /nexus-data/etc/ssl/
- register: _result
- changed_when: "_result.rc == 0"
-
-- name: Link keystore file to alternate location
- ansible.builtin.command: buildah run --user root:root {{ kubeinit_cluster_name }}-nexus -- ln -s /nexus-data/etc/ssl/keystore.jks /opt/sonatype/nexus/etc/ssl/keystore.jks
- register: _result
- changed_when: "_result.rc == 0"
-
-- name: Run script to update properties
- ansible.builtin.command: buildah run --user root:root {{ kubeinit_cluster_name }}-nexus -- bash /nexus-data/update-props.sh
- register: _result
- changed_when: "_result.rc == 0"
-
-- name: Set owner of nexus data to nexus
- ansible.builtin.command: buildah run --user root:root {{ kubeinit_cluster_name }}-nexus -- chown -R nexus:nexus /nexus-data
- register: _result
- changed_when: "_result.rc == 0"
-
-- name: Set kubeinit-cluster-name label
- ansible.builtin.command: buildah config --label kubeinit-cluster-name={{ kubeinit_cluster_name }} {{ kubeinit_cluster_name }}-nexus
- register: _result
- changed_when: "_result.rc == 0"
-
-- name: Commit the container image
- ansible.builtin.command: buildah commit {{ kubeinit_cluster_name }}-nexus kubeinit/{{ kubeinit_cluster_name }}-nexus:latest
- register: _result
- changed_when: "_result.rc == 0"
-
-- name: Remove the buildah container
- ansible.builtin.command: buildah rm {{ kubeinit_cluster_name }}-nexus
- register: _result
- changed_when: "_result.rc == 0"
-
-- name: Create a podman volume for nexus data
- containers.podman.podman_volume:
- name: "{{ kubeinit_cluster_name }}-nexus-data"
- state: present
- recreate: yes
-
-- name: Set nexus as owner of the volume root
- containers.podman.podman_container:
- name: "{{ kubeinit_nexus_service_name }}-set-owner"
- image: kubeinit/{{ kubeinit_cluster_name }}-nexus:latest
- state: started
- detach: no
- remove: yes
- user: root
- command: chown nexus:nexus /mnt
- volumes:
- - "{{ kubeinit_cluster_name }}-nexus-data:/mnt"
-
-- name: Copy data into nexus-data volume
- containers.podman.podman_container:
- name: "{{ kubeinit_nexus_service_name }}-copy-data"
- image: kubeinit/{{ kubeinit_cluster_name }}-nexus:latest
- state: started
- detach: no
- remove: yes
- command: cp -pr /mnt/etc /nexus-data/
- volumes:
- - "{{ kubeinit_cluster_name }}-nexus-data:/nexus-data"
- - "{{ kubeinit_nexus_directory_data }}:/mnt"
-
-- name: Create a podman container to serve nexus
- containers.podman.podman_container:
- name: "{{ kubeinit_nexus_service_name }}"
- image: kubeinit/{{ kubeinit_cluster_name }}-nexus:latest
- pod: "{{ kubeinit_deployment_pod_name }}"
- state: stopped
- volumes:
- - "{{ kubeinit_cluster_name }}-nexus-data:/nexus-data"
- - "{{ kubeinit_services_data_volume }}:/var/kubeinit"
- register: _result_container_info
-
-- name: Create systemd service for podman container
- ansible.builtin.include_role:
- name: kubeinit.kubeinit.kubeinit_services
- tasks_from: create_managed_service.yml
- public: true
- vars:
- _param_service_user_dir: "{{ kubeinit_service_user_dir }}"
- _param_service_user: "{{ kubeinit_service_user }}"
- _param_systemd_service_name: "{{ kubeinit_nexus_service_name }}"
- _param_podman_container_name: "{{ _result_container_info.container.Name }}"
- _param_podman_container_pidfile: "{{ _result_container_info.container.ConmonPidFile }}"
-
-- name: Clear temp facts
- ansible.builtin.set_fact:
- _result_container_info: null
-
-- name: Wait for service to be available
- ansible.builtin.shell: |
- set -eo pipefail
- while [[ "$(curl --cacert {{ kubeinit_nexus_directory_data }}/etc/ssl/public.cert -s -o /dev/null -w '%{http_code}' https://{{ kubeinit_nexus_service_address }}:8443)" != "200" ]]; do sleep 5; done
- args:
- executable: /bin/bash
- register: _result
- changed_when: "_result.rc == 0"
-
-- name: Copy out admin password
- ansible.builtin.command: |
- podman cp {{ kubeinit_cluster_name }}-nexus:/nexus-data/admin.password "{{ kubeinit_nexus_directory_data }}/admin.password"
- register: _result
- changed_when: "_result.rc == 0"
-
-- name: Read admin password into a var
- ansible.builtin.slurp:
- src: "{{ kubeinit_nexus_directory_data }}/admin.password"
- register: _result_admin_password
-
-- name: Setup server using nexus3 cli
- block:
- - name: Install the nexus3 cli
- ansible.builtin.command: |
- python3 -m pip install -q cryptography==3.3.2 nexus3-cli
- register: _result
- changed_when: "_result.rc == 0"
-
- - name: Login to nexus3 cli
- ansible.builtin.command: |
- env LC_ALL=C.UTF-8 LANG=C.UTF-8 nexus3 login -u admin -p {{ _result_admin_password.content | b64decode }} -U "https://{{ kubeinit_nexus_service_address }}:8443" --x509_verify
- register: _result
- changed_when: "_result.rc == 0"
- no_log: true
-
- - name: Create docker repository
- ansible.builtin.command: |
- env LC_ALL=C.UTF-8 LANG=C.UTF-8 REQUESTS_CA_BUNDLE="{{ kubeinit_nexus_directory_data }}/etc/ssl/public.cert" nexus3 repository create hosted docker --https-port {{ kubeinit_nexus_port }} --v1-enabled origin
- register: _result
- changed_when: "_result.rc == 0"
-
- - name: Activate security realm for docker tokens
- ansible.builtin.command: |
- env LC_ALL=C.UTF-8 LANG=C.UTF-8 REQUESTS_CA_BUNDLE="{{ kubeinit_nexus_directory_data }}/etc/ssl/public.cert" nexus3 security realm activate DockerToken
- register: _result
- changed_when: "_result.rc == 0"
-
- delegate_to: "{{ kubeinit_nexus_service_address }}"
diff --git a/kubeinit/roles/kubeinit_nexus/vars/main.yml b/kubeinit/roles/kubeinit_nexus/vars/main.yml
deleted file mode 100644
index c6c9c6210..000000000
--- a/kubeinit/roles/kubeinit_nexus/vars/main.yml
+++ /dev/null
@@ -1,22 +0,0 @@
----
-# Copyright kubeinit contributors
-# All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-
-# While options found within the vars/ path can be overridden using extra
-# vars, items within this path are considered part of the role and not
-# intended to be modified.
-
-# All variables within this role should have a prefix of "kubeinit_nexus_"
diff --git a/kubeinit/roles/kubeinit_nfs/README.md b/kubeinit/roles/kubeinit_nfs/README.md
deleted file mode 100644
index cce377091..000000000
--- a/kubeinit/roles/kubeinit_nfs/README.md
+++ /dev/null
@@ -1,3 +0,0 @@
-Please, refer to the kubeinit_nfs role
-[official docs](https://kubeinit.github.io/kubeinit/roles/role-kubeinit_nfs.html)
-for further information.
diff --git a/kubeinit/roles/kubeinit_nfs/defaults/main.yml b/kubeinit/roles/kubeinit_nfs/defaults/main.yml
deleted file mode 100644
index 0ec695633..000000000
--- a/kubeinit/roles/kubeinit_nfs/defaults/main.yml
+++ /dev/null
@@ -1,22 +0,0 @@
----
-# Copyright kubeinit contributors
-# All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-
-# All variables intended for modification should be placed in this file.
-
-# All variables within this role should have a prefix of "kubeinit_nfs_"
-kubeinit_nfs_debug: "{{ (ansible_verbosity | int) >= 2 | bool }}"
-kubeinit_nfs_hide_sensitive_logs: true
diff --git a/kubeinit/roles/kubeinit_nfs/files/.gitkeep b/kubeinit/roles/kubeinit_nfs/files/.gitkeep
deleted file mode 100644
index e69de29bb..000000000
diff --git a/kubeinit/roles/kubeinit_nfs/handlers/main.yml b/kubeinit/roles/kubeinit_nfs/handlers/main.yml
deleted file mode 100644
index 9490b54cc..000000000
--- a/kubeinit/roles/kubeinit_nfs/handlers/main.yml
+++ /dev/null
@@ -1,15 +0,0 @@
----
-# Copyright kubeinit contributors
-# All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
diff --git a/kubeinit/roles/kubeinit_nfs/meta/main.yml b/kubeinit/roles/kubeinit_nfs/meta/main.yml
deleted file mode 100644
index d8489d368..000000000
--- a/kubeinit/roles/kubeinit_nfs/meta/main.yml
+++ /dev/null
@@ -1,44 +0,0 @@
----
-# Copyright kubeinit contributors
-# All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-
-galaxy_info:
- author: KubeInit
- role_name: kubeinit_nfs
- namespace: kubeinit
- description: KubeInit Role -- kubeinit_nfs
- company: Red Hat
- license: Apache-2.0
- min_ansible_version: 2.9
- #
- # Provide a list of supported platforms, and for each platform a list of versions.
- # If you don't wish to enumerate all versions for a particular platform, use 'all'.
- # To view available platforms and versions (or releases), visit:
- # https://galaxy.ansible.com/api/v1/platforms/
- #
- platforms:
- - name: CentOS
- versions:
- - 7
- - 8
-
- galaxy_tags:
- - kubeinit
-
-
-# List your role dependencies here, one per line. Be sure to remove the '[]' above,
-# if you add dependencies to this list.
-dependencies: []
diff --git a/kubeinit/roles/kubeinit_nfs/molecule/default/converge.yml b/kubeinit/roles/kubeinit_nfs/molecule/default/converge.yml
deleted file mode 100644
index 21bc12fcc..000000000
--- a/kubeinit/roles/kubeinit_nfs/molecule/default/converge.yml
+++ /dev/null
@@ -1,24 +0,0 @@
----
-# Copyright kubeinit contributors
-# All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-- name: Converge
- hosts: all
- # roles:
- # - role: "kubeinit_nfs"
- tasks:
- - name: Message for "kubeinit_nfs"
- ansible.builtin.debug:
- msg: Finishing molecule for "kubeinit_nfs"
diff --git a/kubeinit/roles/kubeinit_nfs/molecule/default/molecule.yml b/kubeinit/roles/kubeinit_nfs/molecule/default/molecule.yml
deleted file mode 100644
index b5d8023ed..000000000
--- a/kubeinit/roles/kubeinit_nfs/molecule/default/molecule.yml
+++ /dev/null
@@ -1,13 +0,0 @@
----
-dependency:
- name: galaxy
-driver:
- name: docker
-platforms:
- - name: instance
- image: quay.io/centos/centos:stream8
- pre_build_image: true
-provisioner:
- name: ansible
-verifier:
- name: ansible
diff --git a/kubeinit/roles/kubeinit_nfs/molecule/default/verify.yml b/kubeinit/roles/kubeinit_nfs/molecule/default/verify.yml
deleted file mode 100644
index 86afba4ff..000000000
--- a/kubeinit/roles/kubeinit_nfs/molecule/default/verify.yml
+++ /dev/null
@@ -1,9 +0,0 @@
----
-# This is an example playbook to execute Ansible tests.
-
-- name: Verify
- hosts: all
- tasks:
- - name: Example assertion
- ansible.builtin.assert:
- that: true
diff --git a/kubeinit/roles/kubeinit_nfs/tasks/main.yml b/kubeinit/roles/kubeinit_nfs/tasks/main.yml
deleted file mode 100644
index 214052e95..000000000
--- a/kubeinit/roles/kubeinit_nfs/tasks/main.yml
+++ /dev/null
@@ -1,212 +0,0 @@
----
-# Copyright kubeinit contributors
-# All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-### DOCUMENTATION
-#
-# title: Deploy a network share
-#
-# description: |-
-# The NFS-client provisioner is part of the Kubernetes Incubator project. In a Kubernetes cluster,
-# this provisioner runs in a container that mounts an NFS export from an existing NFS server—it does not
-# run an NFS server itself. With the container, it listens for PVCs that match its storage class, creates
-# directories within the NFS export, and reports each directory to Kubernetes as a persistent volume.
-# Kubernetes can then mount the volume into a container that uses the volumes from that PVC.
-#
-# examples: |-
-# - name: Configure NFS
-# ansible.builtin.include_role:
-# name: kubeinit.kubeinit.kubeinit_nfs
-# public: true
-# when: "'nfs' in kubeinit_cluster_hostvars.services"
-
-- name: Install NFS packages
- ansible.builtin.package:
- name: "{{ ['nfs-kernel-server', 'nfs-common'] if (hostvars[kubeinit_deployment_node_name].distribution_family == 'Debian') else ['nfs-utils'] }}"
- state: present
-
-- name: "Configure NFS shares of CentOS based guests"
- ansible.builtin.shell: |
- set -o pipefail
- systemctl enable nfs-server rpcbind
- systemctl start nfs-server rpcbind
- mkdir -p /var/nfsshare
- chmod -R 777 /var/nfsshare
- chown -R nobody:nobody /var/nfsshare
- echo '/var/nfsshare {{ kubeinit_cluster_network }}(rw,sync,no_root_squash,no_all_squash,no_wdelay)' | tee /etc/exports
- setsebool -P nfs_export_all_rw 1
- systemctl restart nfs-server
- args:
- executable: /bin/bash
- register: _result
- changed_when: "_result.rc == 0"
- when: hostvars[kubeinit_deployment_node_name].os == 'centos'
-
-- name: "Configure NFS shares of Ubuntu based guests"
- ansible.builtin.shell: |
- set -o pipefail
- mkdir -p /var/nfsshare
- chmod -R 777 /var/nfsshare
- chown -R nobody:nogroup /var/nfsshare
- echo '/var/nfsshare {{ kubeinit_cluster_network }}(rw,sync,no_root_squash,no_all_squash,no_wdelay)' | tee /etc/exports
- exportfs -a
- systemctl restart nfs-kernel-server
- args:
- executable: /bin/bash
- register: _result
- changed_when: "_result.rc == 0"
- when: hostvars[kubeinit_deployment_node_name].os == 'ubuntu' or hostvars[kubeinit_deployment_node_name].os == 'debian'
-
-#
-# Add nfs dynamic provisioning
-#
-
-- name: Add nfs provisioning role
- ansible.builtin.shell: |
- cat << EOF > ~/nfs_rbac.yaml
- apiVersion: v1
- kind: ServiceAccount
- metadata:
- name: nfs-client-provisioner
- ---
- kind: ClusterRole
- apiVersion: rbac.authorization.k8s.io/v1
- metadata:
- name: nfs-client-provisioner-runner
- rules:
- - apiGroups: [""]
- resources: ["persistentvolumes"]
- verbs: ["get", "list", "watch", "create", "delete"]
- - apiGroups: [""]
- resources: ["persistentvolumeclaims"]
- verbs: ["get", "list", "watch", "update"]
- - apiGroups: ["storage.k8s.io"]
- resources: ["storageclasses"]
- verbs: ["get", "list", "watch"]
- - apiGroups: [""]
- resources: ["events"]
- verbs: ["create", "update", "patch"]
- ---
- kind: ClusterRoleBinding
- apiVersion: rbac.authorization.k8s.io/v1
- metadata:
- name: run-nfs-client-provisioner
- subjects:
- - kind: ServiceAccount
- name: nfs-client-provisioner
- namespace: default
- roleRef:
- kind: ClusterRole
- name: nfs-client-provisioner-runner
- apiGroup: rbac.authorization.k8s.io
- ---
- kind: Role
- apiVersion: rbac.authorization.k8s.io/v1
- metadata:
- name: leader-locking-nfs-client-provisioner
- rules:
- - apiGroups: [""]
- resources: ["endpoints"]
- verbs: ["get", "list", "watch", "create", "update", "patch"]
- ---
- kind: RoleBinding
- apiVersion: rbac.authorization.k8s.io/v1
- metadata:
- name: leader-locking-nfs-client-provisioner
- subjects:
- - kind: ServiceAccount
- name: nfs-client-provisioner
- # replace with namespace where provisioner is deployed
- namespace: default
- roleRef:
- kind: Role
- name: leader-locking-nfs-client-provisioner
- apiGroup: rbac.authorization.k8s.io
- EOF
- export KUBECONFIG=~/.kube/config
- kubectl apply -f ~/nfs_rbac.yaml --request-timeout=1800s
- register: _result
- retries: 5
- delay: 20
- until: _result.rc == 0
- changed_when: "_result.rc == 0"
- args:
- executable: /bin/bash
-
-- name: Add nfs client provisioner deployment
- ansible.builtin.shell: |
- cat << EOF > ~/nfs_client_prov_deployment.yaml
- kind: Deployment
- apiVersion: apps/v1
- metadata:
- name: nfs-client-provisioner
- spec:
- replicas: 1
- strategy:
- type: Recreate
- selector:
- matchLabels:
- app: nfs-client-provisioner
- template:
- metadata:
- labels:
- app: nfs-client-provisioner
- spec:
- serviceAccountName: nfs-client-provisioner
- containers:
- - name: nfs-client-provisioner
- image: gcr.io/k8s-staging-sig-storage/nfs-subdir-external-provisioner:v4.0.0
- volumeMounts:
- - name: nfs-client-root
- mountPath: /persistentvolumes
- env:
- - name: PROVISIONER_NAME
- value: k8s-sigs.io/nfs-subdir-external-provisioner
- - name: NFS_SERVER
- value: {{ kubeinit_nfs_service_address }}
- - name: NFS_PATH
- value: /var/nfsshare
- volumes:
- - name: nfs-client-root
- nfs:
- server: {{ kubeinit_nfs_service_address }}
- path: /var/nfsshare
- EOF
- export KUBECONFIG=~/.kube/config
- kubectl apply -f ~/nfs_client_prov_deployment.yaml --request-timeout=1800s
- register: _result
- changed_when: "_result.rc == 0"
- args:
- executable: /bin/bash
-
-- name: Add default nfs storage class
- ansible.builtin.shell: |
- cat << EOF > ~/nfs_storage_class.yaml
- apiVersion: storage.k8s.io/v1
- kind: StorageClass
- metadata:
- name: managed-nfs-storage
- annotations:
- storageclass.kubernetes.io/is-default-class: "true"
- provisioner: k8s-sigs.io/nfs-subdir-external-provisioner
- parameters:
- archiveOnDelete: "false"
- EOF
- export KUBECONFIG=~/.kube/config
- kubectl apply -f ~/nfs_storage_class.yaml --request-timeout=1800s
- register: _result
- changed_when: "_result.rc == 0"
- args:
- executable: /bin/bash
diff --git a/kubeinit/roles/kubeinit_nfs/vars/main.yml b/kubeinit/roles/kubeinit_nfs/vars/main.yml
deleted file mode 100644
index 128ab0e0e..000000000
--- a/kubeinit/roles/kubeinit_nfs/vars/main.yml
+++ /dev/null
@@ -1,22 +0,0 @@
----
-# Copyright kubeinit contributors
-# All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-
-# While options found within the vars/ path can be overridden using extra
-# vars, items within this path are considered part of the role and not
-# intended to be modified.
-
-# All variables within this role should have a prefix of "kubeinit_nfs_"
diff --git a/kubeinit/roles/kubeinit_openshift/defaults/main.yml b/kubeinit/roles/kubeinit_openshift/defaults/main.yml
index f8a11426a..ce4fbdd2a 100644
--- a/kubeinit/roles/kubeinit_openshift/defaults/main.yml
+++ b/kubeinit/roles/kubeinit_openshift/defaults/main.yml
@@ -29,14 +29,6 @@ kubeinit_openshift_network_type: "OVNKubernetes"
kubeinit_openshift_registry_pullsecret: "{{ '{\"auths\": {}}' | from_json }}"
kubeinit_openshift_registry_pullsecret_empty: "{{ '{\"auths\": {}}' | from_json }}"
-kubeinit_openshift_release:
- okd:
- tag: 4.13.0-0.okd-2023-09-30-084937
- ocp:
- tag: 4.12.0
-
-kubeinit_openshift_release_tag: "{{ kubeinit_openshift_release[kubeinit_cluster_distro].tag }}"
-
kubeinit_openshift_registry:
okd:
organization: openshift
@@ -49,6 +41,14 @@ kubeinit_openshift_registry_site: quay.io
kubeinit_openshift_registry_organization: "{{ kubeinit_openshift_registry[kubeinit_cluster_distro].organization }}"
kubeinit_openshift_registry_repository: "{{ kubeinit_openshift_registry[kubeinit_cluster_distro].repository }}"
+kubeinit_openshift_release:
+ okd:
+ tag: 4.15.0-0.okd-2024-03-10-010116
+ ocp:
+ tag: 4.16.2
+
+kubeinit_openshift_release_tag: "{{ kubeinit_openshift_release[kubeinit_cluster_distro].tag }}"
+
kubeinit_openshift_download:
okd:
baseurl: "https://github.com/openshift/okd/releases/download/{{ kubeinit_openshift_release_tag }}"
diff --git a/kubeinit/roles/kubeinit_openshift/tasks/main.yml b/kubeinit/roles/kubeinit_openshift/tasks/main.yml
index c1ed559b2..10b013bd0 100644
--- a/kubeinit/roles/kubeinit_openshift/tasks/main.yml
+++ b/kubeinit/roles/kubeinit_openshift/tasks/main.yml
@@ -96,7 +96,7 @@
delegate_to: localhost
- name: Restart haproxy container
- ansible.builtin.systemd:
+ ansible.builtin.systemd_service:
name: "{{ kubeinit_haproxy_service_name }}"
state: restarted
enabled: yes
diff --git a/kubeinit/roles/kubeinit_openshift/tasks/post_configure_guest.yml b/kubeinit/roles/kubeinit_openshift/tasks/post_configure_guest.yml
deleted file mode 100644
index 9490b54cc..000000000
--- a/kubeinit/roles/kubeinit_openshift/tasks/post_configure_guest.yml
+++ /dev/null
@@ -1,15 +0,0 @@
----
-# Copyright kubeinit contributors
-# All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
diff --git a/kubeinit/roles/kubeinit_openshift/tasks/post_deployment_tasks.yml b/kubeinit/roles/kubeinit_openshift/tasks/post_deployment_tasks.yml
index 18a4ebd78..72ce59bd3 100644
--- a/kubeinit/roles/kubeinit_openshift/tasks/post_deployment_tasks.yml
+++ b/kubeinit/roles/kubeinit_openshift/tasks/post_deployment_tasks.yml
@@ -14,142 +14,6 @@
# License for the specific language governing permissions and limitations
# under the License.
-#
-# Configure NFS
-#
-- name: Delegate to provision service node
- block:
-
- - name: Configure NFS
- ansible.builtin.include_role:
- name: kubeinit.kubeinit.kubeinit_nfs
- public: true
- when: "'nfs' in kubeinit_cluster_hostvars.services"
-
- - name: Add security context constraint for nfs provisioner
- ansible.builtin.shell: |
- cat << EOF > ~/nfs_scc.yaml
- apiVersion: security.openshift.io/v1
- kind: SecurityContextConstraints
- metadata:
- name: nfs-provisioner
- allowHostDirVolumePlugin: true
- allowHostIPC: false
- allowHostNetwork: false
- allowHostPID: false
- allowHostPorts: false
- allowPrivilegedContainer: false
- allowedCapabilities:
- - DAC_READ_SEARCH
- - SYS_RESOURCE
- defaultAddCapabilities: null
- fsGroup:
- type: MustRunAs
- priority: null
- readOnlyRootFilesystem: false
- requiredDropCapabilities:
- - KILL
- - MKNOD
- - SYS_CHROOT
- runAsUser:
- type: RunAsAny
- seLinuxContext:
- type: MustRunAs
- supplementalGroups:
- type: RunAsAny
- volumes:
- - configMap
- - downwardAPI
- - emptyDir
- - hostPath
- - nfs
- - persistentVolumeClaim
- - secret
- EOF
- export KUBECONFIG=~/.kube/config
- kubectl apply -f ~/nfs_scc.yaml --request-timeout=1800s
- args:
- executable: /bin/bash
- register: _result
- changed_when: "_result.rc == 0"
- when: "'nfs' in kubeinit_cluster_hostvars.services"
-
- - name: Apply nfs security policy to nfs user
- ansible.builtin.shell: |
- export KUBECONFIG=~/.kube/config
- oc adm policy add-scc-to-user nfs-provisioner -z nfs-client-provisioner
- args:
- executable: /bin/bash
- register: _result
- changed_when: "_result.rc == 0"
- when: "'nfs' in kubeinit_cluster_hostvars.services"
-
- - name: Wait for the image registry operator to start its components
- ansible.builtin.shell: |
- export KUBECONFIG=~/.kube/config
- oc get configs.imageregistry.operator.openshift.io cluster
- args:
- executable: /bin/bash
- register: _result
- changed_when: "_result.rc == 0"
- retries: 60
- delay: 20
- until: _result.rc == 0
- when: "'nfs' in kubeinit_cluster_hostvars.services"
-
- - name: Patch imageregistry operator to claim storage
- ansible.builtin.shell: |
- # We patch the imageregistry operator to create a claim that managed-nfs-storage will satisfy
- export KUBECONFIG=~/.kube/config
- oc patch --request-timeout=1800s configs.imageregistry.operator.openshift.io cluster --type merge --patch '{"spec": {"storage": {"pvc": {"claim": "" }}}}'
- args:
- executable: /bin/bash
- register: _result
- changed_when: "_result.rc == 0"
- when: "'nfs' in kubeinit_cluster_hostvars.services"
-
- - name: Patch imageregistry operator to move to Managed state
- ansible.builtin.shell: |
- export KUBECONFIG=~/.kube/config
- oc patch --request-timeout=1800s configs.imageregistry.operator.openshift.io cluster --type merge --patch '{"spec": {"managementState": "Managed" }}'
- args:
- executable: /bin/bash
- register: _result
- changed_when: "_result.rc == 0"
- when: "'nfs' in kubeinit_cluster_hostvars.services"
-
- vars:
- kubeinit_deployment_node_name: "{{ kubeinit_provision_service_node }}"
- delegate_to: "{{ kubeinit_deployment_node_name }}"
-
-#
-# Deploy the apps
-#
-- name: Deploy the apps
- block:
- - name: Deploy the apps
- ansible.builtin.include_role:
- name: kubeinit.kubeinit.kubeinit_apps
- public: yes
- when: "'apps' in kubeinit_cluster_hostvars.services"
- vars:
- kubeinit_deployment_node_name: "{{ kubeinit_provision_service_node }}"
- delegate_to: "{{ kubeinit_deployment_node_name }}"
-
-#
-# Deploy KubeVirt
-#
-- name: Deploy KubeVirt
- block:
- - name: Deploy KubeVirt
- ansible.builtin.include_role:
- name: kubeinit.kubeinit.kubeinit_kubevirt
- public: yes
- when: "'kubevirt' in (kubeinit_cluster_hostvars['post_deployment_services'] | default([]))"
- vars:
- kubeinit_deployment_node_name: "{{ kubeinit_provision_service_node }}"
- delegate_to: "{{ kubeinit_deployment_node_name }}"
-
#
# Deploy extra roles
#
diff --git a/kubeinit/roles/kubeinit_openstack/README.md b/kubeinit/roles/kubeinit_openstack/README.md
deleted file mode 100644
index 3856cae58..000000000
--- a/kubeinit/roles/kubeinit_openstack/README.md
+++ /dev/null
@@ -1,3 +0,0 @@
-Please, refer to the kubeinit_openstack role
-[official docs](https://kubeinit.github.io/kubeinit/roles/role-kubeinit_openstack.html)
-for further information.
diff --git a/kubeinit/roles/kubeinit_openstack/defaults/main.yml b/kubeinit/roles/kubeinit_openstack/defaults/main.yml
deleted file mode 100644
index 5c2535371..000000000
--- a/kubeinit/roles/kubeinit_openstack/defaults/main.yml
+++ /dev/null
@@ -1,22 +0,0 @@
----
-# Copyright kubeinit contributors
-# All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-
-# All variables intended for modification should be placed in this file.
-
-# All variables within this role should have a prefix of "kubeinit_openstack_"
-kubeinit_openstack_debug: "{{ (ansible_verbosity | int) >= 2 | bool }}"
-kubeinit_openstack_hide_sensitive_logs: true
diff --git a/kubeinit/roles/kubeinit_openstack/files/.gitkeep b/kubeinit/roles/kubeinit_openstack/files/.gitkeep
deleted file mode 100644
index e69de29bb..000000000
diff --git a/kubeinit/roles/kubeinit_openstack/handlers/main.yml b/kubeinit/roles/kubeinit_openstack/handlers/main.yml
deleted file mode 100644
index 9490b54cc..000000000
--- a/kubeinit/roles/kubeinit_openstack/handlers/main.yml
+++ /dev/null
@@ -1,15 +0,0 @@
----
-# Copyright kubeinit contributors
-# All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
diff --git a/kubeinit/roles/kubeinit_openstack/meta/main.yml b/kubeinit/roles/kubeinit_openstack/meta/main.yml
deleted file mode 100644
index a0277d786..000000000
--- a/kubeinit/roles/kubeinit_openstack/meta/main.yml
+++ /dev/null
@@ -1,44 +0,0 @@
----
-# Copyright kubeinit contributors
-# All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-
-galaxy_info:
- author: KubeInit
- role_name: kubeinit_openstack
- namespace: kubeinit
- description: KubeInit Role -- kubeinit_openstack
- company: Red Hat
- license: Apache-2.0
- min_ansible_version: 2.9
- #
- # Provide a list of supported platforms, and for each platform a list of versions.
- # If you don't wish to enumerate all versions for a particular platform, use 'all'.
- # To view available platforms and versions (or releases), visit:
- # https://galaxy.ansible.com/api/v1/platforms/
- #
- platforms:
- - name: CentOS
- versions:
- - 7
- - 8
-
- galaxy_tags:
- - kubeinit
-
-
-# List your role dependencies here, one per line. Be sure to remove the '[]' above,
-# if you add dependencies to this list.
-dependencies: []
diff --git a/kubeinit/roles/kubeinit_openstack/molecule/default/converge.yml b/kubeinit/roles/kubeinit_openstack/molecule/default/converge.yml
deleted file mode 100644
index 7cb7cd2fb..000000000
--- a/kubeinit/roles/kubeinit_openstack/molecule/default/converge.yml
+++ /dev/null
@@ -1,25 +0,0 @@
----
-# Copyright kubeinit contributors
-# All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-
-- name: Converge
- hosts: all
- # roles:
- # - role: "kubeinit_openstack"
- tasks:
- - name: Message for "kubeinit_openstack"
- ansible.builtin.debug:
- msg: Finishing molecule for "kubeinit_openstack"
diff --git a/kubeinit/roles/kubeinit_openstack/molecule/default/molecule.yml b/kubeinit/roles/kubeinit_openstack/molecule/default/molecule.yml
deleted file mode 100644
index b5d8023ed..000000000
--- a/kubeinit/roles/kubeinit_openstack/molecule/default/molecule.yml
+++ /dev/null
@@ -1,13 +0,0 @@
----
-dependency:
- name: galaxy
-driver:
- name: docker
-platforms:
- - name: instance
- image: quay.io/centos/centos:stream8
- pre_build_image: true
-provisioner:
- name: ansible
-verifier:
- name: ansible
diff --git a/kubeinit/roles/kubeinit_openstack/molecule/default/verify.yml b/kubeinit/roles/kubeinit_openstack/molecule/default/verify.yml
deleted file mode 100644
index 86afba4ff..000000000
--- a/kubeinit/roles/kubeinit_openstack/molecule/default/verify.yml
+++ /dev/null
@@ -1,9 +0,0 @@
----
-# This is an example playbook to execute Ansible tests.
-
-- name: Verify
- hosts: all
- tasks:
- - name: Example assertion
- ansible.builtin.assert:
- that: true
diff --git a/kubeinit/roles/kubeinit_openstack/tasks/main.yml b/kubeinit/roles/kubeinit_openstack/tasks/main.yml
deleted file mode 100644
index 4e3576348..000000000
--- a/kubeinit/roles/kubeinit_openstack/tasks/main.yml
+++ /dev/null
@@ -1,20 +0,0 @@
----
-# Copyright kubeinit contributors
-# All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-
-#
-# "kubeinit_openstack" tasks
-#
diff --git a/kubeinit/roles/kubeinit_openstack/tasks/prepare_auth.yml b/kubeinit/roles/kubeinit_openstack/tasks/prepare_auth.yml
deleted file mode 100644
index 74d18cbe0..000000000
--- a/kubeinit/roles/kubeinit_openstack/tasks/prepare_auth.yml
+++ /dev/null
@@ -1,22 +0,0 @@
----
-# Copyright kubeinit contributors
-# All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-
-#
-# "kubeinit_openstack" prepare_auth.yml tasks
-#
-
-# Load clouds.yml
diff --git a/kubeinit/roles/kubeinit_openstack/tasks/seed_deployment.yml b/kubeinit/roles/kubeinit_openstack/tasks/seed_deployment.yml
deleted file mode 100644
index e54d6fc98..000000000
--- a/kubeinit/roles/kubeinit_openstack/tasks/seed_deployment.yml
+++ /dev/null
@@ -1,218 +0,0 @@
----
-# Copyright kubeinit contributors
-# All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-
-#
-# "kubeinit_openstack" seed_deployment.yml tasks
-#
-
-#
-# Creates a key pair with the current user public key
-#
-- name: Create the cluster access key
- openstack.cloud.keypair:
- auth: "{{ kubeinit_openstack_auth }}"
- state: present
- name: kubeinit_kp_inittest
- public_key_file: /home/kubeinit/.ssh/kubeinit_inittest_id_rsa.pub
-
-#
-# Network resources
-#
-- name: Create the cluster network
- openstack.cloud.network:
- auth: "{{ kubeinit_openstack_auth }}"
- name: kubeinit_net_inittest
-
-- name: Create the cluster subnet
- openstack.cloud.subnet:
- auth: "{{ kubeinit_openstack_auth }}"
- network_name: kubeinit_net_inittest
- name: kubeinit_subnet_inittest
- cidr: 10.0.0.0/24
- dns_nameservers:
- - 8.8.8.8
- - 8.8.4.4
-
-- name: Create the cluster router
- openstack.cloud.router:
- auth: "{{ kubeinit_openstack_auth }}"
- name: kubeinit_router_inittest
- enable_snat: true
- interfaces:
- - kubeinit_net_inittest
-
-#
-# Flavors
-#
-
-- name: Create a custom flavor
- openstack.cloud.compute_flavor:
- auth: "{{ kubeinit_openstack_auth }}"
- state: present
- name: kubeinit_flavor_inittest
- ram: 32000
- vcpus: 4
- disk: 40
- ephemeral: 40
-
-#
-# Images
-#
-- name: Create the cluster nodes image
- openstack.cloud.image:
- auth: "{{ kubeinit_openstack_auth }}"
- name: kubeinit_image_cs9_inittest
- container_format: bare
- disk_format: qcow2
- state: present
- filename: cirros-0.3.0-x86_64-disk.img
- kernel: cirros-vmlinuz
- ramdisk: cirros-initrd
- tags:
- - custom
- properties:
- deployed_by: kubeinit
- cpu_arch: x86_64
- distro: CentOS
-
-#
-# Security groups and rules
-#
-
-- name: Create controlplane security group
- openstack.cloud.security_group:
- auth: "{{ kubeinit_openstack_auth }}"
- name: "kubeinit_sg_inittest"
- state: present
-
-- name: Allow SSH to master from anywhere IPv4
- openstack.cloud.security_group_rule:
- auth: "{{ kubeinit_openstack_auth }}"
- security_group: "kubeinit_sg_inittest"
- protocol: tcp
- port_range_min: 22
- port_range_max: 22
- remote_ip_prefix: 0.0.0.0/0
-
-- name: Allow SSH to master from anywhere IPv6
- openstack.cloud.security_group_rule:
- auth: "{{ kubeinit_openstack_auth }}"
- security_group: "kubeinit_sg_inittest"
- ethertype: IPv6
- protocol: tcp
- port_range_min: 22
- port_range_max: 22
- remote_ip_prefix: ::/0
-
-- name: Allow K8S API to master from anywhere IPv4
- openstack.cloud.security_group_rule:
- auth: "{{ kubeinit_openstack_auth }}"
- security_group: "kubeinit_sg_inittest"
- protocol: tcp
- port_range_min: 6443
- port_range_max: 6443
- remote_ip_prefix: 0.0.0.0/0
-
-- name: Allow K8S API to master from anywhere IPv6
- openstack.cloud.security_group_rule:
- auth: "{{ kubeinit_openstack_auth }}"
- security_group: "kubeinit_sg_inittest"
- ethertype: IPv6
- protocol: tcp
- port_range_min: 6443
- port_range_max: 6443
- remote_ip_prefix: ::/0
-
-- name: Allow HTTP to master from anywhere IPv4
- openstack.cloud.security_group_rule:
- auth: "{{ kubeinit_openstack_auth }}"
- security_group: "kubeinit_sg_inittest"
- protocol: tcp
- port_range_min: 80
- port_range_max: 80
- remote_ip_prefix: 0.0.0.0/0
-
-- name: Allow HTTP to master from anywhere IPv6
- openstack.cloud.security_group_rule:
- auth: "{{ kubeinit_openstack_auth }}"
- security_group: "kubeinit_sg_inittest"
- ethertype: IPv6
- protocol: tcp
- port_range_min: 80
- port_range_max: 80
- remote_ip_prefix: ::/0
-
-- name: Allow HTTPS to master from anywhere IPv4
- openstack.cloud.security_group_rule:
- auth: "{{ kubeinit_openstack_auth }}"
- security_group: "kubeinit_sg_inittest"
- protocol: tcp
- port_range_min: 443
- port_range_max: 443
- remote_ip_prefix: 0.0.0.0/0
-
-- name: Allow HTTPS to master from anywhere IPv6
- openstack.cloud.security_group_rule:
- auth: "{{ kubeinit_openstack_auth }}"
- security_group: "kubeinit_sg_inittest"
- ethertype: IPv6
- protocol: tcp
- port_range_min: 443
- port_range_max: 443
- remote_ip_prefix: ::/0
-
-- name: Allow load balancer traffic to nodes
- openstack.cloud.security_group_rule:
- auth: "{{ kubeinit_openstack_auth }}"
- security_group: "kubeinit_sg_inittest"
- remote_ip_prefix: 10.0.0.0/24
- protocol: tcp
- port_range_min: 30000
- port_range_max: 32767
-
-- name: Allow traffic between nodes
- openstack.cloud.security_group_rule:
- auth: "{{ kubeinit_openstack_auth }}"
- security_group: "kubeinit_sg_inittest"
- remote_group: "kubeinit_sg_inittest"
-
-#
-# Workloads resources
-#
-- name: Create a cluster's node instance
- openstack.cloud.server:
- auth: "{{ kubeinit_openstack_auth }}"
- security_groups: "kubeinit_sg_inittest"
- name: "kubeinit_server_inittest"
- image: "{{ master_image }}"
- boot_from_volume: "{{ master_boot_from_volume }}"
- terminate_volume: "{{ master_terminate_volume }}"
- volume_size: "{{ master_volume_size }}"
- key_name: "{{ key_name }}"
- flavor_ram: "{{ master_flavor_ram if not master_flavor_name else omit }}"
- flavor: "{{ master_flavor_name if master_flavor_name else omit }}"
- nics:
- - net-name: "{{ network_name }}"
- auto_ip: yes
- userdata: |
- #cloud-config
- package_upgrade: true
- hostname: "{{ master_name }}"
- manage_etc_hosts: false
- packages:
- - python
- - python-simplejson
diff --git a/kubeinit/roles/kubeinit_openstack/vars/main.yml b/kubeinit/roles/kubeinit_openstack/vars/main.yml
deleted file mode 100644
index ba5a30f89..000000000
--- a/kubeinit/roles/kubeinit_openstack/vars/main.yml
+++ /dev/null
@@ -1,22 +0,0 @@
----
-# Copyright kubeinit contributors
-# All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-
-# While options found within the vars/ path can be overridden using extra
-# vars, items within this path are considered part of the role and not
-# intended to be modified.
-
-# All variables within this role should have a prefix of "kubeinit_openstack_"
diff --git a/kubeinit/roles/kubeinit_prepare/defaults/main.yml b/kubeinit/roles/kubeinit_prepare/defaults/main.yml
index 513063e84..4fb9713f0 100644
--- a/kubeinit/roles/kubeinit_prepare/defaults/main.yml
+++ b/kubeinit/roles/kubeinit_prepare/defaults/main.yml
@@ -25,3 +25,4 @@ kubeinit_prepare_podman_dependencies:
- podman
- buildah
- skopeo
+ - netavark
diff --git a/kubeinit/roles/kubeinit_prepare/tasks/build_hypervisors_group.yml b/kubeinit/roles/kubeinit_prepare/tasks/build_hypervisors_group.yml
index 58bb7ddf7..fbf6a6657 100644
--- a/kubeinit/roles/kubeinit_prepare/tasks/build_hypervisors_group.yml
+++ b/kubeinit/roles/kubeinit_prepare/tasks/build_hypervisors_group.yml
@@ -14,17 +14,10 @@
# License for the specific language governing permissions and limitations
# under the License.
-- name: Omit from documentation grapher
- block:
- - name: Stop the deployment if required
- block:
- - name: "Stop before 'task-gather-facts' when requested"
- ansible.builtin.add_host:
- name: "kubeinit-facts"
- playbook_terminated: true
- - name: End play
- ansible.builtin.meta: end_play
- when: kubeinit_stop_before_task is defined and kubeinit_stop_before_task == 'task-gather-facts'
+- name: Stop the deployment if requested
+ ansible.builtin.assert:
+ msg: 'Stopping before task-gather-facts'
+ that: (kubeinit_stop_before_task | default('')) != 'task-gather-facts'
tags: omit_from_grapher
#
@@ -51,6 +44,14 @@
_param_secret_names:
- kubeinit-ssh-key
+- name: Gather additional facts from localhost for kubeinit
+ ansible.builtin.include_role:
+ name: kubeinit.kubeinit.kubeinit_libvirt
+ tasks_from: gather_host_facts.yml
+ public: true
+ vars:
+ _param_gather_host: 'localhost'
+
- name: Lookup remote_user from command-line
ansible.builtin.set_fact:
kubeinit_cli_remote_user: "{{ lookup('kubeinit.kubeinit.cli_args', 'remote_user') }}"
@@ -63,12 +64,14 @@
that: not hostvars['kubeinit-facts'].container_run or kubeinit_cli_remote_user|length > 0
- name: Define kubeinit remote_user
- ansible.builtin.add_host:
- name: "kubeinit-facts"
- local_user: "{{ ansible_facts.user_id }}"
- local_home: "{{ ansible_facts.user_dir }}"
- remote_user: "{{ kubeinit_cli_remote_user if (kubeinit_cli_remote_user|length > 0) else ansible_facts.user_id }}"
+ ansible.builtin.set_fact:
+ local_user: "{{ ansible_user_id }}"
+ local_home: "{{ ansible_user_dir }}"
+ local_ssh_dir: "{{ ansible_user_dir + '/.ssh' }}"
+ remote_user: "{{ kubeinit_cli_remote_user if (kubeinit_cli_remote_user|length > 0) else ansible_user_id }}"
ssh_keytype: "{{ hostvars['kubeinit-env'].ssh_keytype }}"
+ delegate_to: 'kubeinit-facts'
+ delegate_facts: true
- name: Prepare cluster topology using kubeinit_spec command-line specification
ansible.builtin.set_fact:
@@ -117,9 +120,10 @@
kubeinit_cluster_name: "{{ kubeinit_cluster_map['cluster_name'] | default(groups['kubeinit_cluster'][0]) | default(kubeinit_spec_distro + 'cluster') }}"
- name: Add kubeinit_cluster_name to kubeinit-facts
- ansible.builtin.add_host:
- name: "kubeinit-facts"
+ ansible.builtin.set_fact:
cluster_name: "{{ kubeinit_cluster_name }}"
+ delegate_to: 'kubeinit-facts'
+ delegate_facts: true
- name: Create kubeinit_cluster group
ansible.builtin.add_host:
@@ -127,43 +131,14 @@
group: 'kubeinit_cluster'
when: groups['kubeinit_cluster'] | default([]) | length == 0
-- name: Create .ssh folder if needed
- ansible.builtin.file:
- path: "{{ hostvars['kubeinit-facts'].local_home + '/.ssh' }}"
- state: directory
- mode: 0700
-
-- name: Gather additional facts from localhost for kubeinit
- ansible.builtin.include_role:
- name: kubeinit.kubeinit.kubeinit_libvirt
- tasks_from: gather_host_facts.yml
- public: true
- vars:
- _param_gather_host: 'localhost'
-
-- name: Generate an OpenSSH keypair on localhost
- community.crypto.openssh_keypair:
- path: "~/.ssh/{{ hostvars['kubeinit-facts'].cluster_name }}_id_{{ hostvars['kubeinit-facts'].ssh_keytype }}"
- type: "{{ hostvars['kubeinit-facts'].ssh_keytype }}"
- comment: "{{ hostvars['kubeinit-facts'].cluster_name }} ansible-controller"
- regenerate: 'never'
- register: _result_keypair
- delegate_to: 'localhost'
-
-- name: Create authorized_key from keypair
- ansible.builtin.set_fact:
- authorized_key: "{{ _result_keypair.public_key + ' ' + _result_keypair.comment }}"
- delegate_to: 'localhost'
- delegate_facts: true
-
- name: Add kubeinit_cluster_map entries to kubeinit_cluster group
- ansible.builtin.add_host:
- name: "{{ kubeinit_cluster_name }}"
- groups: 'kubeinit_cluster'
+ ansible.builtin.set_fact:
cluster_domain: "{{ kubeinit_cluster_map['cluster_domain'] | default(omit) }}"
hypervisor_name_pattern: "{{ kubeinit_cluster_map['hypervisor_name_pattern'] | default(omit) }}"
controller_name_pattern: "{{ kubeinit_cluster_map['controller_name_pattern'] | default(omit) }}"
compute_name_pattern: "{{ kubeinit_cluster_map['compute_name_pattern'] | default(omit) }}"
+ delegate_to: "{{ kubeinit_cluster_name }}"
+ delegate_facts: true
when: kubeinit_cluster_map is defined
- name: Load post_deployment_services_spec from yaml into a list
@@ -172,10 +147,10 @@
when: post_deployment_services_spec is defined
- name: Add post_deployment_services_list to kubeinit_cluster group
- ansible.builtin.add_host:
- name: "{{ kubeinit_cluster_name }}"
- groups: 'kubeinit_cluster'
+ ansible.builtin.set_fact:
post_deployment_services: "{{ post_deployment_services_list }}"
+ delegate_to: "{{ kubeinit_cluster_name }}"
+ delegate_facts: true
when: post_deployment_services_list | default([]) | length > 0
- name: Load extra_roles_spec from yaml into a list
@@ -184,10 +159,10 @@
when: extra_roles_spec is defined
- name: Add extra_roles_list to kubeinit_cluster group
- ansible.builtin.add_host:
- name: "{{ kubeinit_cluster_name }}"
- groups: 'kubeinit_cluster'
+ ansible.builtin.set_fact:
extra_roles: "{{ extra_roles_list }}"
+ delegate_to: "{{ kubeinit_cluster_name }}"
+ delegate_facts: true
when: extra_roles_list | default([]) | length > 0
- name: Load hypervisor_hosts_spec from yaml into a list of dictionaries
@@ -204,83 +179,103 @@
extended: true
when: hypervisor_hosts_map_list[ansible_loop.index0]['host'] | default('') | length > 0 and groups['hypervisor_hosts'][ansible_loop.index0] | default('') | length > 0
-- name: Create names and defaults for new cluster hypervisors
+- name: Create hypervisor hosts for undefined cluster hypervisors
ansible.builtin.add_host:
name: "{{ hypervisor_hosts_map_list[ansible_loop.index0]['host'] | default(hostvars[kubeinit_cluster_name].hypervisor_name_pattern | format(ansible_loop.index)) }}"
groups:
- 'hypervisor_hosts'
- 'kubeinit_hypervisors'
- ansible_connection: 'smart'
- ansible_user: "{{ hostvars['kubeinit-facts'].remote_user }}"
loop: "{{ range(kubeinit_spec_hypervisor_count|int) | list }}"
loop_control:
extended: true
when: groups['hypervisor_hosts'] | default([]) | length == 0
- name: Assign defaults to existing cluster hypervisors
- ansible.builtin.add_host:
- name: "{{ groups['hypervisor_hosts'][ansible_loop.index0] }}"
- groups: 'kubeinit_hypervisors'
+ ansible.builtin.set_fact:
ansible_connection: 'smart'
ansible_user: "{{ hostvars['kubeinit-facts'].remote_user }}"
loop: "{{ range(kubeinit_spec_hypervisor_count|int) | list }}"
loop_control:
extended: true
+ delegate_to: "{{ groups['hypervisor_hosts'][ansible_loop.index0] }}"
+ delegate_facts: true
- name: Add remaining spec vars to kubeinit_hypervisors group
- ansible.builtin.add_host:
- name: "{{ item }}"
- groups: 'kubeinit_hypervisors'
+ ansible.builtin.set_fact:
ansible_host: "{{ hypervisor_hosts_map_list[ansible_loop.index0]['ansible_host'] | default(omit) }}"
ssh_hostname: "{{ hypervisor_hosts_map_list[ansible_loop.index0]['ssh_hostname'] | default(omit) }}"
ssh_username: "{{ hypervisor_hosts_map_list[ansible_loop.index0]['ssh_username'] | default(omit) }}"
loop: "{{ groups['kubeinit_hypervisors'] }}"
loop_control:
extended: true
+ delegate_to: "{{ item }}"
+ delegate_facts: true
when: hypervisor_hosts_map_list is defined
- name: Add kubeinit_spec facts to cluster facts
- ansible.builtin.add_host:
- name: "{{ kubeinit_cluster_name }}"
- groups: 'kubeinit_cluster'
+ ansible.builtin.set_fact:
distro: "{{ kubeinit_spec_distro }}"
distro_role: "{{ kubeinit_distro_role }}"
controller_count: "{{ kubeinit_spec_controller_count }}"
compute_count: "{{ kubeinit_spec_compute_count }}"
+ delegate_to: "{{ kubeinit_cluster_name }}"
+ delegate_facts: true
- name: Set more cluster facts from inventory groups and kubeinit_spec
ansible.builtin.set_fact:
kubeinit_cluster_distro: "{{ kubeinit_spec_distro }}"
kubeinit_cluster_distro_role: "{{ kubeinit_distro_role }}"
- kubeinit_cluster_fqdn: "{{ kubeinit_cluster_name }}.{{ hostvars[kubeinit_cluster_name].cluster_domain }}"
+ kubeinit_cluster_domain: "{{ hostvars[kubeinit_cluster_name].cluster_domain }}"
+ kubeinit_cluster_fqdn: "{{ kubeinit_cluster_name + '.' + hostvars[kubeinit_cluster_name].cluster_domain }}"
-- name: Set kubeinit_cluster_ssh_config fact
- ansible.builtin.set_fact:
- kubeinit_cluster_ssh_config: "{{ hostvars['kubeinit-facts'].local_home + '/.ssh/' + kubeinit_cluster_name + '_config' }}"
- kubeinit_cluster_keypair_path: "{{ hostvars['kubeinit-facts'].local_home + '/.ssh/kubeinit_id_' + hostvars['kubeinit-facts'].ssh_keytype }}"
-
-- name: Add ansible_ssh_extra_args to kubeinit_hypervisors group
- ansible.builtin.add_host:
- name: "{{ item }}"
- groups: 'kubeinit_hypervisors'
- ansible_ssh_extra_args: "-i {{ kubeinit_cluster_keypair_path }} -F {{ kubeinit_cluster_ssh_config }}"
- loop: "{{ groups['kubeinit_hypervisors'] }}"
+- name: Create local_ssh_dir folder if needed
+ ansible.builtin.file:
+ path: "{{ hostvars['kubeinit-facts'].local_ssh_dir }}"
+ state: directory
+ mode: '0700'
-- name: Copy ssh key secret into ~/.ssh
+- name: Copy kubeinit-ssh-key secret into local_ssh_dir
ansible.builtin.copy:
content: "{{ lookup('unvault', hostvars['kubeinit-secrets'].secrets['kubeinit-ssh-key']) }}"
- dest: "~/.ssh/kubeinit_id_{{ hostvars['kubeinit-facts'].ssh_keytype }}"
+ dest: "{{ hostvars['kubeinit-facts'].local_ssh_dir + '/id_' + hostvars['kubeinit-facts'].ssh_keytype }}"
mode: '0600'
when: hostvars['kubeinit-facts'].container_run|bool
+- name: Set kubeinit_cluster_keypair_path fact
+ ansible.builtin.set_fact:
+ kubeinit_cluster_keypair_path: "{{ hostvars['kubeinit-facts'].local_ssh_dir + '/' + hostvars['kubeinit-facts'].cluster_name + '_id_' + hostvars['kubeinit-facts'].ssh_keytype }}"
+
+- name: Generate an OpenSSH keypair for the cluster
+ community.crypto.openssh_keypair:
+ path: "{{ kubeinit_cluster_keypair_path }}"
+ type: "{{ hostvars['kubeinit-facts'].ssh_keytype }}"
+ comment: "{{ hostvars['kubeinit-facts'].cluster_name + ' ansible-controller' }}"
+ regenerate: 'never'
+ register: _result_keypair
+
+- name: Set authorized_key fact from keypair
+ ansible.builtin.set_fact:
+ authorized_key: "{{ _result_keypair.public_key + ' ' + _result_keypair.comment }}"
+
+- name: Add cluster authorized_key to root account of all hypervisors
+ ansible.posix.authorized_key:
+ user: root
+ key: "{{ authorized_key }}"
+ state: present
+ become: true
+ become_user: root
+ loop: "{{ groups['kubeinit_hypervisors'] }}"
+ delegate_to: "{{ item }}"
+ delegate_facts: true
+
- name: Check if kubeinit ssh config exists
ansible.builtin.stat:
- path: "{{ hostvars['kubeinit-facts'].local_home + '/.ssh/kubeinit_config' }}"
+ path: "{{ hostvars['kubeinit-facts'].local_ssh_dir + '/kubeinit_config' }}"
register: _result_kubeinit_ssh_config_stat
- name: Check if ssh config exists
ansible.builtin.stat:
- path: "{{ hostvars['kubeinit-facts'].local_home + '/.ssh/config' }}"
+ path: "{{ hostvars['kubeinit-facts'].local_ssh_dir + '/config' }}"
register: _result_ssh_config_stat
when: not _result_kubeinit_ssh_config_stat.stat.exists
@@ -289,6 +284,10 @@
kubeinit_cluster_ssh_include_paths:
"{{ [_result_kubeinit_ssh_config_stat.stat.path] if (_result_kubeinit_ssh_config_stat.stat.exists) else [_result_ssh_config_stat.stat.path] if (_result_ssh_config_stat.stat.exists) else [] }}"
+- name: Set kubeinit_cluster_ssh_config fact
+ ansible.builtin.set_fact:
+ kubeinit_cluster_ssh_config: "{{ hostvars['kubeinit-facts'].local_ssh_dir + '/' + hostvars['kubeinit-facts'].cluster_name + '_config' }}"
+
- name: Create ssh config file from template
ansible.builtin.include_role:
name: kubeinit.kubeinit.kubeinit_prepare
@@ -300,3 +299,23 @@
_param_keypair_path: "{{ kubeinit_cluster_keypair_path }}"
_param_dest_path: "{{ kubeinit_cluster_ssh_config }}"
_param_include_paths: "{{ kubeinit_cluster_ssh_include_paths }}"
+
+- name: Ensure kubeinit remote_user fact is set to root
+ ansible.builtin.set_fact:
+ remote_user: 'root'
+ delegate_to: 'kubeinit-facts'
+ delegate_facts: true
+
+- name: Add ansible_ssh_extra_args to hypervisors
+ ansible.builtin.set_fact:
+ ansible_ssh_extra_args: "{{ '-i ' + kubeinit_cluster_keypair_path + ' -F ' + kubeinit_cluster_ssh_config }}"
+ ansible_user: "{{ hostvars['kubeinit-facts'].remote_user }}"
+ loop: "{{ groups['kubeinit_hypervisors'] }}"
+ delegate_to: "{{ item }}"
+ delegate_facts: true
+
+- name: Confirm that we have ansible host connectivity
+ ansible.builtin.ping:
+ loop: "{{ groups['kubeinit_hypervisors'] }}"
+ delegate_to: "{{ item }}"
+ delegate_facts: true
diff --git a/kubeinit/roles/kubeinit_prepare/tasks/gather_kubeinit_facts.yml b/kubeinit/roles/kubeinit_prepare/tasks/gather_kubeinit_facts.yml
index b1696aa86..90bb18e07 100644
--- a/kubeinit/roles/kubeinit_prepare/tasks/gather_kubeinit_facts.yml
+++ b/kubeinit/roles/kubeinit_prepare/tasks/gather_kubeinit_facts.yml
@@ -93,6 +93,7 @@
group: ['controller_nodes', 'cluster_nodes']
ansible_connection: 'ssh'
ansible_host: "{{ kubeinit_cluster_next_available | ansible.utils.ipmath(ansible_loop.index0) | ansible.utils.ipv4('address') }}"
+ ansible_user: root
type: 'virtual'
loop: "{{ range(kubeinit_spec_controller_count|int) | list }}"
loop_control:
@@ -110,6 +111,7 @@
group: ['compute_nodes', 'cluster_nodes']
ansible_connection: 'ssh'
ansible_host: "{{ kubeinit_cluster_next_available | ansible.utils.ipmath(ansible_loop.index0) | ansible.utils.ipv4('address') }}"
+ ansible_user: root
type: 'virtual'
loop: "{{ range(kubeinit_spec_compute_count|int) | list }}"
loop_control:
@@ -148,6 +150,7 @@
group: 'extra_nodes'
ansible_connection: 'ssh'
ansible_host: "{{ kubeinit_cluster_next_available | ansible.utils.ipmath(ansible_loop.index0) | ansible.utils.ipv4('address') }}"
+ ansible_user: root
type: 'virtual'
loop: "{{ groups['extra_nodes'] | default([]) }}"
loop_control:
@@ -186,6 +189,7 @@
group: 'service_nodes'
ansible_connection: 'ssh'
ansible_host: "{{ kubeinit_cluster_last_available | ansible.utils.ipmath(0 - ansible_loop.index0) | ansible.utils.ipv4('address') }}"
+ ansible_user: root
type: 'container'
loop: "{{ groups['service_nodes'] }}"
loop_control:
@@ -358,13 +362,6 @@
ansible.builtin.set_fact:
kubeinit_dns_public: "{{ hostvars['kubeinit-env'].dns_public }}"
-- name: Set libvirt release facts
- ansible.builtin.set_fact:
- kubeinit_libvirt_debian_release: "11"
- # It is possible to configure different versions of the OS depending on the distribution
- # kubeinit_libvirt_ubuntu_release: "{{ 'focal' if (kubeinit_cluster_distro == 'cdk') else 'jammy' }}"
- kubeinit_libvirt_ubuntu_release: "jammy"
-
- name: Set registry authentication facts
ansible.builtin.set_fact:
kubeinit_registry_user: registryusername
diff --git a/kubeinit/roles/kubeinit_prepare/tasks/main.yml b/kubeinit/roles/kubeinit_prepare/tasks/main.yml
index 03b4259ff..d45e95876 100644
--- a/kubeinit/roles/kubeinit_prepare/tasks/main.yml
+++ b/kubeinit/roles/kubeinit_prepare/tasks/main.yml
@@ -173,6 +173,7 @@
ansible.builtin.package:
state: present
name: "podman"
+ use: "{{ hostvars['localhost']['ansible_facts']['pkg_mgr'] }}"
when: not hostvars['localhost'].podman_is_installed
- name: Define service node facts
diff --git a/kubeinit/roles/kubeinit_prepare/tasks/prepare_podman.yml b/kubeinit/roles/kubeinit_prepare/tasks/prepare_podman.yml
index e3d115b24..95a4e1b0c 100644
--- a/kubeinit/roles/kubeinit_prepare/tasks/prepare_podman.yml
+++ b/kubeinit/roles/kubeinit_prepare/tasks/prepare_podman.yml
@@ -20,6 +20,14 @@
- name: Setup kubeinit repo for Debian distribution
block:
+ - name: Create folder if missing
+ ansible.builtin.file:
+ path: '/etc/containers'
+ state: directory
+ mode: '0755'
+ become: true
+ become_user: root
+
- name: Set cgroup_manager for debian release
ansible.builtin.copy:
content: |
@@ -32,15 +40,15 @@
- name: Set version facts
ansible.builtin.set_fact:
- _version: "{{ _param_hostvars.ansible_distribution_version.split('-')[0] }}"
+ _version: "{{ _param_hostvars.ansible_distribution_version.split('.')[0] }}"
- name: Set version facts
ansible.builtin.set_fact:
- _stability: "{{ 'stable' if (_version is version('11', 'le')) else 'testing' }}"
+ _stability: "{{ 'stable' if ((_version | int) is version('12', 'le')) else 'testing' }}"
- name: Set version facts
ansible.builtin.set_fact:
- _path_element: "{{ _param_hostvars.ansible_distribution + '_' + _version if (_stability is 'stable') else _param_hostvars.ansible_distribution + '_testing' }}"
+ _path_element: "{{ _param_hostvars.ansible_distribution + '_' + (_version if (_stability == 'stable') else 'testing') }}"
when: _param_hostvars.ansible_distribution == 'Debian'
@@ -65,14 +73,15 @@
ansible.builtin.package:
name: curl
state: present
+ use: apt
become: true
become_user: root
- name: Add the Podman kubeinit package repository to Apt
ansible.builtin.shell: |
set -eo pipefail
- echo "deb https://download.opensuse.org/repositories/home:/kubeinit/{{ _path_element }}/ /" > /etc/apt/sources.list.d/kubeinit.list
- curl -L "https://download.opensuse.org/repositories/home:/kubeinit/{{ _path_element }}/Release.key" | apt-key add -
+ echo "deb https://download.opensuse.org/repositories/home:/kubeinit/{{ _path_element }}/ /" | tee /etc/apt/sources.list.d/kubeinit.list
+ curl -L "https://download.opensuse.org/repositories/home:/kubeinit/{{ _path_element }}/Release.key" | tee /etc/apt/trusted.gpg.d/kubeinit.asc
apt-get update
args:
executable: /bin/bash
@@ -87,6 +96,7 @@
ansible.builtin.package:
name: "{{ kubeinit_prepare_podman_dependencies }}"
state: present
+ use: "{{ _param_hostvars['ansible_facts']['pkg_mgr'] }}"
become: true
become_user: root
diff --git a/kubeinit/roles/kubeinit_registry/tasks/main.yml b/kubeinit/roles/kubeinit_registry/tasks/main.yml
index 3aea436c7..3e852315c 100644
--- a/kubeinit/roles/kubeinit_registry/tasks/main.yml
+++ b/kubeinit/roles/kubeinit_registry/tasks/main.yml
@@ -18,6 +18,7 @@
ansible.builtin.package:
state: present
name: "buildah"
+ use: "{{ hostvars[kubeinit_deployment_delegate]['ansible_facts']['pkg_mgr'] }}"
- name: Create a new working container image
ansible.builtin.command: buildah from --name {{ kubeinit_cluster_name }}-registry quay.io/kubeinit/registry:2
diff --git a/kubeinit/roles/kubeinit_services/defaults/main.yml b/kubeinit/roles/kubeinit_services/defaults/main.yml
index 62dd07d24..e72d71457 100644
--- a/kubeinit/roles/kubeinit_services/defaults/main.yml
+++ b/kubeinit/roles/kubeinit_services/defaults/main.yml
@@ -35,9 +35,4 @@ kubeinit_registry_directories:
kubeinit_registry_pullsecret: "{{ '{\"auths\": {}}' | from_json }}"
-kubeinit_registry_required_packages:
- - python3
- - python3-dns
- - jq
-
kubeinit_registry_auth_file: registry-auths.json
diff --git a/kubeinit/roles/kubeinit_services/tasks/00_create_service_pod.yml b/kubeinit/roles/kubeinit_services/tasks/00_create_service_pod.yml
index 9d79c61db..0d7c4c527 100644
--- a/kubeinit/roles/kubeinit_services/tasks/00_create_service_pod.yml
+++ b/kubeinit/roles/kubeinit_services/tasks/00_create_service_pod.yml
@@ -40,14 +40,14 @@
changed_when: "_result_systemd_runtime_path.rc == 0"
- name: Enable and start podman.socket
- ansible.builtin.systemd:
+ ansible.builtin.systemd_service:
name: podman.socket
enabled: yes
state: started
scope: user
- name: Start podman.service
- ansible.builtin.systemd:
+ ansible.builtin.systemd_service:
name: podman.service
state: started
scope: user
diff --git a/kubeinit/roles/kubeinit_services/tasks/create_managed_service.yml b/kubeinit/roles/kubeinit_services/tasks/create_managed_service.yml
index 55e953715..9014c8daa 100644
--- a/kubeinit/roles/kubeinit_services/tasks/create_managed_service.yml
+++ b/kubeinit/roles/kubeinit_services/tasks/create_managed_service.yml
@@ -52,14 +52,14 @@
mode: '0644'
- name: Reload systemd service
- ansible.builtin.systemd:
+ ansible.builtin.systemd_service:
daemon_reexec: yes
scope: user
environment:
DBUS_SESSION_BUS_ADDRESS: "{{ ansible_env.DBUS_SESSION_BUS_ADDRESS|default('unix:path=/run/user/' + ansible_effective_user_id|string + '/bus') }}"
- name: "Enable the service {{ _param_systemd_service_name }}"
- ansible.builtin.systemd:
+ ansible.builtin.systemd_service:
name: "{{ _param_systemd_service_name }}"
enabled: yes
scope: user
@@ -67,7 +67,7 @@
DBUS_SESSION_BUS_ADDRESS: "{{ ansible_env.DBUS_SESSION_BUS_ADDRESS|default('unix:path=/run/user/' + ansible_effective_user_id|string + '/bus') }}"
- name: "Start the service: {{ _param_systemd_service_name }}"
- ansible.builtin.systemd:
+ ansible.builtin.systemd_service:
name: "{{ _param_systemd_service_name }}"
state: started
scope: user
diff --git a/kubeinit/roles/kubeinit_services/tasks/create_provision_container.yml b/kubeinit/roles/kubeinit_services/tasks/create_provision_container.yml
index d2c8b01f0..6ed7a0cb1 100644
--- a/kubeinit/roles/kubeinit_services/tasks/create_provision_container.yml
+++ b/kubeinit/roles/kubeinit_services/tasks/create_provision_container.yml
@@ -21,6 +21,7 @@
ansible.builtin.package:
state: present
name: "buildah"
+ use: "{{ hostvars[kubeinit_deployment_delegate]['ansible_facts']['pkg_mgr'] }}"
- name: Remove any old buildah container
ansible.builtin.shell: |
@@ -45,7 +46,7 @@
register: _result
changed_when: "_result.rc == 0"
- name: Install commands and services we will need
- ansible.builtin.command: buildah run {{ kubeinit_cluster_name }}-provision -- dnf install -q -y systemd openssh openssh-server openssh-clients procps iproute iputils net-tools python3 python3-pip jq
+ ansible.builtin.command: buildah run {{ kubeinit_cluster_name }}-provision -- dnf install -q -y systemd openssh openssh-server openssh-clients procps iproute iputils net-tools python3 python3-pip python3-dns jq
register: _result
changed_when: "_result.rc == 0"
when: kubeinit_deployment_os == 'centos'
@@ -61,7 +62,7 @@
register: _result
changed_when: "_result.rc == 0"
- name: Install commands and services we will need
- ansible.builtin.command: buildah run {{ kubeinit_cluster_name }}-provision -- env DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true apt-get install -q -y systemd openssh-server openssh-client procps iproute2 iputils-ping net-tools python3 python3-pip jq curl
+ ansible.builtin.command: buildah run {{ kubeinit_cluster_name }}-provision -- env DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true apt-get install -q -y systemd openssh-server openssh-client procps iproute2 iputils-ping net-tools python3 python3-pip python3-dns jq curl
register: _result
changed_when: "_result.rc == 0"
- name: Missing privilege separation directory
@@ -81,7 +82,7 @@
register: _result
changed_when: "_result.rc == 0"
- name: Install commands and services we will need
- ansible.builtin.command: buildah run {{ kubeinit_cluster_name }}-provision -- env DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true apt-get install -q -y systemd openssh-server openssh-client procps iproute2 iputils-ping net-tools python3 python3-pip jq curl
+ ansible.builtin.command: buildah run {{ kubeinit_cluster_name }}-provision -- env DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true apt-get install -q -y systemd openssh-server openssh-client procps iproute2 iputils-ping net-tools python3 python3-pip python3-dns jq curl
register: _result
changed_when: "_result.rc == 0"
- name: Create folder normally done by service ssh start
@@ -162,6 +163,7 @@
ansible_connection: containers.podman.podman
ansible_python_interpreter: /usr/bin/python3
ansible_podman_extra_args: --remote --connection "{{ hostvars[kubeinit_deployment_node_name].target }}"
+ ansible_user: root
- name: Disable pipelining while using podman connector
block:
@@ -191,19 +193,25 @@
changed_when: "_result.rc == 0"
when: "'registry' in kubeinit_cluster_hostvars.services"
- - name: Make sure packages to generate registry credentials are installed
- ansible.builtin.package:
- state: present
- name: "{{ kubeinit_registry_required_packages | default([]) }}"
+ - name: Install cryptography and passlib
+ ansible.builtin.shell: |
+ set -o pipefail
+ python3 -m pip install -q cryptography passlib
+ args:
+ executable: /bin/bash
+ register: _result
+ changed_when: "_result.rc == 0"
+ when: kubeinit_deployment_os == 'centos'
- - name: Install cryptography, passlib and nexus3-cli
+ - name: Install cryptography, passlib and apt
ansible.builtin.shell: |
set -o pipefail
- python3 -m pip install -q cryptography==3.3.2 passlib nexus3-cli
+ apt install -y python3-cryptography python3-passlib python3-apt
args:
executable: /bin/bash
register: _result
changed_when: "_result.rc == 0"
+ when: kubeinit_deployment_os == 'ubuntu' or kubeinit_deployment_os == 'debian'
- name: Remove nologin marker
ansible.builtin.file:
diff --git a/kubeinit/roles/kubeinit_services/tasks/prepare_credentials.yml b/kubeinit/roles/kubeinit_services/tasks/prepare_credentials.yml
index 6a264b787..e9c5d7684 100644
--- a/kubeinit/roles/kubeinit_services/tasks/prepare_credentials.yml
+++ b/kubeinit/roles/kubeinit_services/tasks/prepare_credentials.yml
@@ -21,6 +21,7 @@
ansible.builtin.package:
state: present
name: "buildah"
+ use: "{{ hostvars[kubeinit_deployment_delegate]['ansible_facts']['pkg_mgr'] }}"
- name: Remove any old buildah container
ansible.builtin.shell: |
@@ -45,7 +46,7 @@
changed_when: "_result.rc == 0"
- name: Install commands and services we will need
- ansible.builtin.command: buildah run {{ kubeinit_cluster_name }}-credentials -- dnf install -q -y python3 python3-pip procps iproute iputils net-tools bind-utils
+ ansible.builtin.command: buildah run {{ kubeinit_cluster_name }}-credentials -- dnf install -q -y python3 python3-pip python3-dns jq procps iproute iputils net-tools bind-utils
register: _result
changed_when: "_result.rc == 0"
@@ -99,6 +100,7 @@
ansible_connection: containers.podman.podman
ansible_python_interpreter: /usr/bin/python3
ansible_podman_extra_args: --remote --connection "{{ hostvars[kubeinit_deployment_node_name].target }}"
+ ansible_user: root
- name: Disable pipelining while using podman connector
block:
@@ -116,15 +118,10 @@
state: directory
mode: '0755'
- - name: Make sure packages to generate registry credentials are installed
- ansible.builtin.package:
- state: present
- name: "{{ kubeinit_registry_required_packages | default([]) }}"
-
- name: Install cryptography and passlib
ansible.builtin.shell: |
set -o pipefail
- python3 -m pip install cryptography==3.3.2 passlib
+ python3 -m pip install cryptography passlib
args:
executable: /bin/bash
register: _result
diff --git a/periodic_jobs.md b/periodic_jobs.md
index e15ccbf75..5a56383cc 100644
--- a/periodic_jobs.md
+++ b/periodic_jobs.md
@@ -18,10 +18,6 @@
| Origin Distribution of K8s | | libvirt | 3 | 0 | 2 | Host |
| Origin Distribution of K8s | | libvirt | 1 | 1 | 1 | Host |
| Origin Distribution of K8s | | libvirt | 1 | 0 | 1 | Host |
-| KubeInit distro | | libvirt | 3 | 1 | 1 | Host |
-| KubeInit distro | | libvirt | 3 | 0 | 2 | Host |
-| KubeInit distro | | libvirt | 1 | 1 | 1 | Host |
-| KubeInit distro | | libvirt | 1 | 0 | 1 | Host |
| Vanilla K8s | | libvirt | 3 | 1 | 1 | Host |
| Vanilla K8s | | libvirt | 3 | 0 | 2 | Host |
| Vanilla K8s | | libvirt | 1 | 1 | 1 | Host |
@@ -33,4 +29,4 @@ processed in the
[render_periodic_jobs_page.py](https://github.com/Kubeinit/kubeinit/blob/main/ci/render_periodic_jobs_page.py) script.
After every merge, changes to this file will be verified by the
[render_periodic_jobs_status_page](https://github.com/Kubeinit/kubeinit/blob/main/.github/workflows/render_periodic_jobs_status_page.yml)
-job, if there are changes, a new PR will be pushed automatically.
\ No newline at end of file
+job, if there are changes, a new PR will be pushed automatically.