From e9a6e671adbb6f2b923938f9dfb6e52bd2295b04 Mon Sep 17 00:00:00 2001 From: Glenn Marcy Date: Mon, 29 Jul 2024 09:12:12 -0400 Subject: [PATCH] chore: remove more unused artifacts Signed-off-by: Glenn Marcy --- .github/workflows/docs_build.yml | 7 +- ci/container_sync.sh | 8 +- ci/kubeinit_ci_utils.py | 14 +- ci/launch_e2e.py | 6 +- ci/launch_e2e.sh | 8 - ci/render_periodic_jobs_page.py | 2 - docs/src/roles/role-kubeinit_apps.rst | 6 - docs/src/roles/role-kubeinit_dnsmasq.rst | 0 docs/src/roles/role-kubeinit_kid.rst | 6 - docs/src/roles/role-kubeinit_kubevirt.rst | 6 - docs/src/roles/role-kubeinit_nexus.rst | 6 - docs/src/roles/role-kubeinit_nfs.rst | 6 - docs/src/roles/role-kubeinit_openstack.rst | 6 - kubeinit/galaxy.yml | 2 - kubeinit/group_vars/kubeinit_defaults.yml | 20 +- kubeinit/group_vars/kubeinit_facts.yml | 5 +- kubeinit/playbook.yml | 4 +- kubeinit/requirements.yml | 4 - kubeinit/roles/kubeinit_apache/tasks/main.yml | 1 + kubeinit/roles/kubeinit_apps/README.md | 3 - .../roles/kubeinit_apps/defaults/main.yml | 24 -- kubeinit/roles/kubeinit_apps/files/.gitkeep | 0 .../roles/kubeinit_apps/handlers/main.yml | 15 - kubeinit/roles/kubeinit_apps/meta/main.yml | 44 --- .../molecule/default/converge.yml | 25 -- .../molecule/default/molecule.yml | 13 - .../kubeinit_apps/molecule/default/verify.yml | 9 - kubeinit/roles/kubeinit_apps/tasks/main.yml | 23 -- .../roles/kubeinit_apps/tasks/sampleapp.yml | 114 ------- .../kubeinit_apps/tasks/win_sampleapp.yml | 116 ------- .../templates/coco_workload.yml.j2 | 12 - .../kubeinit_apps/templates/sampleapp.yml.j2 | 24 -- .../templates/win_sampleapp.yml.j2 | 43 --- kubeinit/roles/kubeinit_apps/vars/main.yml | 22 -- kubeinit/roles/kubeinit_bind/tasks/main.yml | 1 + .../templates/named.conf.local.j2 | 2 +- .../roles/kubeinit_dnsmasq/tasks/main.yml | 1 + .../roles/kubeinit_haproxy/tasks/main.yml | 1 + kubeinit/roles/kubeinit_k8s/defaults/main.yml | 25 +- kubeinit/roles/kubeinit_k8s/tasks/main.yml | 309 +++-------------- .../tasks/post_configure_guest.yml | 173 ---------- .../tasks/post_deployment_tasks.yml | 33 +- .../kubeinit_k8s/tasks/prepare_cluster.yml | 192 +++++++++-- .../templates/kube-flannel.yml.j2 | 215 ------------ kubeinit/roles/kubeinit_kid/README.md | 3 - kubeinit/roles/kubeinit_kid/defaults/main.yml | 27 -- kubeinit/roles/kubeinit_kid/files/.gitkeep | 0 kubeinit/roles/kubeinit_kid/handlers/main.yml | 15 - kubeinit/roles/kubeinit_kid/meta/main.yml | 44 --- .../molecule/default/converge.yml | 25 -- .../molecule/default/molecule.yml | 13 - .../kubeinit_kid/molecule/default/verify.yml | 9 - kubeinit/roles/kubeinit_kid/tasks/main.yml | 65 ---- .../tasks/post_configure_guest.yml | 27 -- .../tasks/post_deployment_tasks.yml | 42 --- .../kubeinit_kid/tasks/prepare_cluster.yml | 40 --- kubeinit/roles/kubeinit_kid/vars/main.yml | 22 -- kubeinit/roles/kubeinit_kubevirt/README.md | 3 - .../roles/kubeinit_kubevirt/defaults/main.yml | 22 -- .../roles/kubeinit_kubevirt/files/.gitkeep | 0 .../roles/kubeinit_kubevirt/handlers/main.yml | 15 - .../roles/kubeinit_kubevirt/meta/main.yml | 44 --- .../molecule/default/converge.yml | 29 -- .../molecule/default/molecule.yml | 13 - .../molecule/default/verify.yml | 9 - .../roles/kubeinit_kubevirt/tasks/main.yml | 72 ---- .../roles/kubeinit_kubevirt/vars/main.yml | 22 -- .../roles/kubeinit_libvirt/defaults/main.yml | 40 +-- .../tasks/cleanup_hypervisors.yml | 30 +- .../tasks/deploy_centos_guest.yml | 175 +++++++++- .../tasks/deploy_debian_guest.yml | 22 +- .../tasks/deploy_ubuntu_guest.yml | 37 +- .../tasks/deploy_windows_guest.yml | 272 --------------- .../tasks/download_cloud_images.yml | 51 +-- .../tasks/gather_host_facts.yml | 5 +- .../roles/kubeinit_libvirt/tasks/main.yml | 47 +-- .../templates/Install-Containerd.ps1.j2 | 260 --------------- .../templates/Install-Openssh.ps1.j2 | 55 --- .../templates/PrepareFlannel.ps1.j2 | 168 ---------- .../templates/PrepareNode.ps1.j2 | 228 ------------- .../templates/PrepareRequirements.ps1.j2 | 29 -- .../kubeinit_libvirt/templates/SetNet.ps1.j2 | 30 -- .../templates/autounattend.xml.j2 | 315 ------------------ kubeinit/roles/kubeinit_nexus/README.md | 3 - .../roles/kubeinit_nexus/defaults/main.yml | 28 -- kubeinit/roles/kubeinit_nexus/files/.gitkeep | 0 .../roles/kubeinit_nexus/handlers/main.yml | 15 - kubeinit/roles/kubeinit_nexus/meta/main.yml | 44 --- .../molecule/default/converge.yml | 25 -- .../molecule/default/molecule.yml | 13 - .../molecule/default/verify.yml | 9 - kubeinit/roles/kubeinit_nexus/tasks/main.yml | 231 ------------- kubeinit/roles/kubeinit_nexus/vars/main.yml | 22 -- kubeinit/roles/kubeinit_nfs/README.md | 3 - kubeinit/roles/kubeinit_nfs/defaults/main.yml | 22 -- kubeinit/roles/kubeinit_nfs/files/.gitkeep | 0 kubeinit/roles/kubeinit_nfs/handlers/main.yml | 15 - kubeinit/roles/kubeinit_nfs/meta/main.yml | 44 --- .../molecule/default/converge.yml | 24 -- .../molecule/default/molecule.yml | 13 - .../kubeinit_nfs/molecule/default/verify.yml | 9 - kubeinit/roles/kubeinit_nfs/tasks/main.yml | 212 ------------ kubeinit/roles/kubeinit_nfs/vars/main.yml | 22 -- .../kubeinit_openshift/defaults/main.yml | 16 +- .../tasks/post_configure_guest.yml | 15 - .../tasks/post_deployment_tasks.yml | 136 -------- kubeinit/roles/kubeinit_openstack/README.md | 3 - .../kubeinit_openstack/defaults/main.yml | 22 -- .../roles/kubeinit_openstack/files/.gitkeep | 0 .../kubeinit_openstack/handlers/main.yml | 15 - .../roles/kubeinit_openstack/meta/main.yml | 44 --- .../molecule/default/converge.yml | 25 -- .../molecule/default/molecule.yml | 13 - .../molecule/default/verify.yml | 9 - .../roles/kubeinit_openstack/tasks/main.yml | 20 -- .../kubeinit_openstack/tasks/prepare_auth.yml | 22 -- .../tasks/seed_deployment.yml | 218 ------------ .../roles/kubeinit_openstack/vars/main.yml | 22 -- .../roles/kubeinit_prepare/defaults/main.yml | 1 + .../tasks/build_hypervisors_group.yml | 187 ++++++----- .../tasks/gather_kubeinit_facts.yml | 11 +- .../roles/kubeinit_prepare/tasks/main.yml | 8 +- .../kubeinit_prepare/tasks/prepare_podman.yml | 67 +--- .../roles/kubeinit_registry/tasks/main.yml | 1 + .../roles/kubeinit_services/defaults/main.yml | 5 - .../tasks/00_create_service_pod.yml | 6 +- .../tasks/create_provision_container.yml | 26 +- .../tasks/prepare_credentials.yml | 11 +- .../tasks/start_services_containers.yml | 9 - periodic_jobs.md | 6 +- 130 files changed, 633 insertions(+), 4920 deletions(-) delete mode 100755 docs/src/roles/role-kubeinit_apps.rst mode change 100755 => 100644 docs/src/roles/role-kubeinit_dnsmasq.rst delete mode 100755 docs/src/roles/role-kubeinit_kid.rst delete mode 100644 docs/src/roles/role-kubeinit_kubevirt.rst delete mode 100644 docs/src/roles/role-kubeinit_nexus.rst delete mode 100644 docs/src/roles/role-kubeinit_nfs.rst delete mode 100755 docs/src/roles/role-kubeinit_openstack.rst delete mode 100644 kubeinit/roles/kubeinit_apps/README.md delete mode 100644 kubeinit/roles/kubeinit_apps/defaults/main.yml delete mode 100644 kubeinit/roles/kubeinit_apps/files/.gitkeep delete mode 100644 kubeinit/roles/kubeinit_apps/handlers/main.yml delete mode 100644 kubeinit/roles/kubeinit_apps/meta/main.yml delete mode 100644 kubeinit/roles/kubeinit_apps/molecule/default/converge.yml delete mode 100644 kubeinit/roles/kubeinit_apps/molecule/default/molecule.yml delete mode 100644 kubeinit/roles/kubeinit_apps/molecule/default/verify.yml delete mode 100644 kubeinit/roles/kubeinit_apps/tasks/main.yml delete mode 100644 kubeinit/roles/kubeinit_apps/tasks/sampleapp.yml delete mode 100644 kubeinit/roles/kubeinit_apps/tasks/win_sampleapp.yml delete mode 100644 kubeinit/roles/kubeinit_apps/templates/coco_workload.yml.j2 delete mode 100644 kubeinit/roles/kubeinit_apps/templates/sampleapp.yml.j2 delete mode 100644 kubeinit/roles/kubeinit_apps/templates/win_sampleapp.yml.j2 delete mode 100644 kubeinit/roles/kubeinit_apps/vars/main.yml delete mode 100644 kubeinit/roles/kubeinit_k8s/tasks/post_configure_guest.yml delete mode 100644 kubeinit/roles/kubeinit_k8s/templates/kube-flannel.yml.j2 delete mode 100644 kubeinit/roles/kubeinit_kid/README.md delete mode 100644 kubeinit/roles/kubeinit_kid/defaults/main.yml delete mode 100644 kubeinit/roles/kubeinit_kid/files/.gitkeep delete mode 100644 kubeinit/roles/kubeinit_kid/handlers/main.yml delete mode 100644 kubeinit/roles/kubeinit_kid/meta/main.yml delete mode 100644 kubeinit/roles/kubeinit_kid/molecule/default/converge.yml delete mode 100644 kubeinit/roles/kubeinit_kid/molecule/default/molecule.yml delete mode 100644 kubeinit/roles/kubeinit_kid/molecule/default/verify.yml delete mode 100644 kubeinit/roles/kubeinit_kid/tasks/main.yml delete mode 100644 kubeinit/roles/kubeinit_kid/tasks/post_configure_guest.yml delete mode 100644 kubeinit/roles/kubeinit_kid/tasks/post_deployment_tasks.yml delete mode 100644 kubeinit/roles/kubeinit_kid/tasks/prepare_cluster.yml delete mode 100644 kubeinit/roles/kubeinit_kid/vars/main.yml delete mode 100644 kubeinit/roles/kubeinit_kubevirt/README.md delete mode 100644 kubeinit/roles/kubeinit_kubevirt/defaults/main.yml delete mode 100644 kubeinit/roles/kubeinit_kubevirt/files/.gitkeep delete mode 100644 kubeinit/roles/kubeinit_kubevirt/handlers/main.yml delete mode 100644 kubeinit/roles/kubeinit_kubevirt/meta/main.yml delete mode 100644 kubeinit/roles/kubeinit_kubevirt/molecule/default/converge.yml delete mode 100644 kubeinit/roles/kubeinit_kubevirt/molecule/default/molecule.yml delete mode 100644 kubeinit/roles/kubeinit_kubevirt/molecule/default/verify.yml delete mode 100644 kubeinit/roles/kubeinit_kubevirt/tasks/main.yml delete mode 100644 kubeinit/roles/kubeinit_kubevirt/vars/main.yml delete mode 100644 kubeinit/roles/kubeinit_libvirt/tasks/deploy_windows_guest.yml delete mode 100644 kubeinit/roles/kubeinit_libvirt/templates/Install-Containerd.ps1.j2 delete mode 100644 kubeinit/roles/kubeinit_libvirt/templates/Install-Openssh.ps1.j2 delete mode 100644 kubeinit/roles/kubeinit_libvirt/templates/PrepareFlannel.ps1.j2 delete mode 100644 kubeinit/roles/kubeinit_libvirt/templates/PrepareNode.ps1.j2 delete mode 100644 kubeinit/roles/kubeinit_libvirt/templates/PrepareRequirements.ps1.j2 delete mode 100644 kubeinit/roles/kubeinit_libvirt/templates/SetNet.ps1.j2 delete mode 100644 kubeinit/roles/kubeinit_libvirt/templates/autounattend.xml.j2 delete mode 100644 kubeinit/roles/kubeinit_nexus/README.md delete mode 100644 kubeinit/roles/kubeinit_nexus/defaults/main.yml delete mode 100644 kubeinit/roles/kubeinit_nexus/files/.gitkeep delete mode 100644 kubeinit/roles/kubeinit_nexus/handlers/main.yml delete mode 100644 kubeinit/roles/kubeinit_nexus/meta/main.yml delete mode 100644 kubeinit/roles/kubeinit_nexus/molecule/default/converge.yml delete mode 100644 kubeinit/roles/kubeinit_nexus/molecule/default/molecule.yml delete mode 100644 kubeinit/roles/kubeinit_nexus/molecule/default/verify.yml delete mode 100644 kubeinit/roles/kubeinit_nexus/tasks/main.yml delete mode 100644 kubeinit/roles/kubeinit_nexus/vars/main.yml delete mode 100644 kubeinit/roles/kubeinit_nfs/README.md delete mode 100644 kubeinit/roles/kubeinit_nfs/defaults/main.yml delete mode 100644 kubeinit/roles/kubeinit_nfs/files/.gitkeep delete mode 100644 kubeinit/roles/kubeinit_nfs/handlers/main.yml delete mode 100644 kubeinit/roles/kubeinit_nfs/meta/main.yml delete mode 100644 kubeinit/roles/kubeinit_nfs/molecule/default/converge.yml delete mode 100644 kubeinit/roles/kubeinit_nfs/molecule/default/molecule.yml delete mode 100644 kubeinit/roles/kubeinit_nfs/molecule/default/verify.yml delete mode 100644 kubeinit/roles/kubeinit_nfs/tasks/main.yml delete mode 100644 kubeinit/roles/kubeinit_nfs/vars/main.yml delete mode 100644 kubeinit/roles/kubeinit_openshift/tasks/post_configure_guest.yml delete mode 100644 kubeinit/roles/kubeinit_openstack/README.md delete mode 100644 kubeinit/roles/kubeinit_openstack/defaults/main.yml delete mode 100644 kubeinit/roles/kubeinit_openstack/files/.gitkeep delete mode 100644 kubeinit/roles/kubeinit_openstack/handlers/main.yml delete mode 100644 kubeinit/roles/kubeinit_openstack/meta/main.yml delete mode 100644 kubeinit/roles/kubeinit_openstack/molecule/default/converge.yml delete mode 100644 kubeinit/roles/kubeinit_openstack/molecule/default/molecule.yml delete mode 100644 kubeinit/roles/kubeinit_openstack/molecule/default/verify.yml delete mode 100644 kubeinit/roles/kubeinit_openstack/tasks/main.yml delete mode 100644 kubeinit/roles/kubeinit_openstack/tasks/prepare_auth.yml delete mode 100644 kubeinit/roles/kubeinit_openstack/tasks/seed_deployment.yml delete mode 100644 kubeinit/roles/kubeinit_openstack/vars/main.yml diff --git a/.github/workflows/docs_build.yml b/.github/workflows/docs_build.yml index e1e81344b..f1006c336 100644 --- a/.github/workflows/docs_build.yml +++ b/.github/workflows/docs_build.yml @@ -153,7 +153,7 @@ jobs: tasktag=task_prepare_cluster taskname=$(echo ${tasktag} | tr '_' '-') - for distro in k8s kid; do + for distro in k8s; do ansible-playbook-grapher -t ${tasktag} --skip-tags omit_from_grapher -e kubeinit_cluster_distro=${distro} -e kubeinit_cluster_distro_role=kubeinit_${distro} kubeinit/playbook.yml --include-role-tasks -o docs/src/static/playbook_${distro}_${tasktag} --save-dot-file sed -e ':again;$!N;$!b again; s/subgraph "Play #[12]:[^"]*"{[^}]*}//g' -e 's/"Play #3: [^"]*"/"'${taskname}'"/g' -e 's/shape=box/shape=octagon/g' -e 's/#[0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f]/#000000/g' -e 's/ style=filled / /' docs/src/static/playbook_${distro}_${tasktag}.dot | dot -Tsvg > docs/src/static/playbook_${distro}_${tasktag}.svg cat << EOF >> docs/src/playbook_diagrams.rst @@ -198,7 +198,7 @@ jobs: tasktag=task_deploy_cluster taskname=$(echo ${tasktag} | tr '_' '-') - for distro in k8s kid; do + for distro in k8s; do ansible-playbook-grapher -t ${tasktag} --skip-tags omit_from_grapher -e kubeinit_cluster_distro=${distro} -e kubeinit_cluster_distro_role=kubeinit_${distro} kubeinit/playbook.yml --include-role-tasks -o docs/src/static/playbook_${distro}_${tasktag} --save-dot-file sed -e ':again;$!N;$!b again; s/subgraph "Play #[12]:[^"]*"{[^}]*}//g' -e 's/"Play #3: [^"]*"/"'${taskname}'"/g' -e 's/shape=box/shape=octagon/g' -e 's/#[0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f]/#000000/g' -e 's/ style=filled / /' docs/src/static/playbook_${distro}_${tasktag}.dot | dot -Tsvg > docs/src/static/playbook_${distro}_${tasktag}.svg cat << EOF >> docs/src/playbook_diagrams.rst @@ -241,8 +241,7 @@ jobs: EOF - sed -e '/^juju-controller/d' \ - -e '/^hypervisor-04/d' \ + sed -e '/^hypervisor-04/d' \ -e '/^\[controller_nodes\]$/ acontroller-01 target=hypervisor-01\ncontroller-02 target=hypervisor-02\ncontroller-03 target=hypervisor-03' \ -e '/^\[compute_nodes\]$/ acompute-01 target=hypervisor-01\ncompute-02 target=hypervisor-02' \ -e '/^service /s/ / target=hypervisor-01 /' \ diff --git a/ci/container_sync.sh b/ci/container_sync.sh index e1e298919..567c6a311 100755 --- a/ci/container_sync.sh +++ b/ci/container_sync.sh @@ -50,15 +50,11 @@ declare -a container_images=( "library registry 2" "library httpd 2.4" "library debian 11" - "library ubuntu focal" + "library debian 12" "library ubuntu jammy" + "library ubuntu noble" "internetsystemsconsortium bind9 9.18" - "sonatype nexus3 3.30.0" "nginxinc nginx-unprivileged latest" - "flannel flannel-cni-plugin v1.1.2" - "flannel flannel v0.21.4" - "flannel flannel v0.21.5" - "flannel flannel v0.22.0" ) retry() { diff --git a/ci/kubeinit_ci_utils.py b/ci/kubeinit_ci_utils.py index 13da33b27..7b41243d1 100755 --- a/ci/kubeinit_ci_utils.py +++ b/ci/kubeinit_ci_utils.py @@ -339,15 +339,10 @@ def get_periodic_jobs_labels(cluster_type='all', distro='all'): "k8s-libvirt-1-1-1-h", "k8s-libvirt-1-0-1-h"] - kid_configs = ["kid-libvirt-3-1-1-h", - "kid-libvirt-3-0-2-h", - "kid-libvirt-1-1-1-h", - "kid-libvirt-1-0-1-h"] - if re.match(r"([a-z|0-9|\.]+-[a-z]+-[1-9]-[0-9]-[1-9]-[c|h],?)+", distro): print("'kubeinit_ci_utils.py' ==> We are requesting specific job labels") req_labels = set(distro.split(",")) - all_labels = set(okd_configs + kid_configs + k8s_configs) + all_labels = set(okd_configs + k8s_configs) if (req_labels.issubset(all_labels)): print("'kubeinit_ci_utils.py' ==> The requested labels are defined correctly") # We return the labels filtered by cluster_type, multinode or singlenode @@ -360,7 +355,7 @@ def get_periodic_jobs_labels(cluster_type='all', distro='all'): elif distro == 'random': print("'kubeinit_ci_utils.py' ==> Returning 4 random scenarios to test") # If the distro parameter is random we return 4 random distros to test - all_scenarios = okd_configs + kid_configs + k8s_configs + all_scenarios = okd_configs + k8s_configs return_labels = random.sample(all_scenarios, 4) # We return the labels filtered by cluster_type, multinode or singlenode filtered_return = [lab for lab in return_labels if cluster_pattern.match(lab)] @@ -368,7 +363,7 @@ def get_periodic_jobs_labels(cluster_type='all', distro='all'): return filtered_return elif distro == "all": print("'kubeinit_ci_utils.py' ==> Appending all configs") - return_labels = okd_configs + kid_configs + k8s_configs + return_labels = okd_configs + k8s_configs # We return the labels filtered by cluster_type, multinode or singlenode filtered_return = [lab for lab in return_labels if cluster_pattern.match(lab)] print("'kubeinit_ci_utils.py' ==> " + str(filtered_return)) @@ -378,9 +373,6 @@ def get_periodic_jobs_labels(cluster_type='all', distro='all'): if 'okd' in distro and '.' not in distro: print("'kubeinit_ci_utils.py' ==> Appending OKD configs") configs = configs + okd_configs - if 'kid' in distro and '.' not in distro: - print("'kubeinit_ci_utils.py' ==> Appending KID configs") - configs = configs + kid_configs if 'k8s' in distro and '.' not in distro: print("'kubeinit_ci_utils.py' ==> Appending K8S configs") configs = configs + k8s_configs diff --git a/ci/launch_e2e.py b/ci/launch_e2e.py index 05520582f..11a80d943 100755 --- a/ci/launch_e2e.py +++ b/ci/launch_e2e.py @@ -423,8 +423,8 @@ def valid_labels_regex(arg_value, pat=re.compile(r"^all|random|([a-z|0-9|,|\.]+) # # launch_e2e.py --job_type=pr # launch_e2e.py --job_type=pr --pr_id=154 - # launch_e2e.py --job_type=periodic --job_label=eks-libvirt-3-0-1-h - # launch_e2e.py --job_type=periodic --job_label=eks-libvirt-3-0-1-h,cdk-libvirt-1-0-1-h + # launch_e2e.py --job_type=periodic --job_label=k8s-libvirt-3-0-1-h + # launch_e2e.py --job_type=periodic --job_label=k8s-libvirt-3-0-1-h,okd-libvirt-1-0-1-h # launch_e2e.py --job_type=periodic --cluster_type=singlenode --job_label=random # launch_e2e.py --job_type=periodic --cluster_type=singlenode --job_label=all # launch_e2e.py --job_type=periodic --cluster_type=singlenode --job_label=okd @@ -469,7 +469,7 @@ def valid_labels_regex(arg_value, pat=re.compile(r"^all|random|([a-z|0-9|,|\.]+) if (args.job_label is not None and not re.match(r"([a-z|0-9|\.]+-[a-z]+-[1-9]-[0-9]-[1-9]-[c|h],?)+", args.job_label) and not re.match(r"([a-z|0-9|,|\.]+)?", args.job_label) and args.job_type != 'pr'): print("'launch_e2e.py' ==> The third argument must be [periodic|pr]") - print("'launch_e2e.py' ==> periodic, can be periodic|periodic=okd,eks ...") + print("'launch_e2e.py' ==> periodic, can be periodic|periodic=okd,k8s ...") print("'launch_e2e.py' ==> also the periodic job can trigger a specfic label like:") print("'launch_e2e.py' ==> periodic=okd-libvirt-3-1-1-h") sys.exit() diff --git a/ci/launch_e2e.sh b/ci/launch_e2e.sh index 0608b34d8..88b6b1cbf 100755 --- a/ci/launch_e2e.sh +++ b/ci/launch_e2e.sh @@ -232,14 +232,6 @@ echo "(launch_e2e.sh) ==> Deploying the cluster ..." FAILED="0" KUBEINIT_SPEC=${KUBEINIT_SPEC//,/$'\n'} -# We enable having Windows compute nodes by default in the CI -# for the k8s-1-1-1 spec scenario -if [[ "$DISTRO" == "k8s" && "$MASTERS" == "1" && "$WORKERS" == "1" && "$HYPERVISORS" == "1" ]]; then - # For enabling Windows deployments use the cluster_nodes_spec like - # -e cluster_nodes_spec='[{"when_group":"compute_nodes","os":"windows"}]' - CLUSTER_NODES='[{"when_group":"compute_nodes","os":"windows"}]' -fi - # This conditional will never be true, this is kept as an example about # How to wire in extra roles and variables in a deployment if [[ "$DISTRO" == "okd" && "$MASTERS" == "1" && "$WORKERS" == "1" && "$HYPERVISORS" == "1" && "$HYPERVISORS" == "falsecondition" ]]; then diff --git a/ci/render_periodic_jobs_page.py b/ci/render_periodic_jobs_page.py index c407f00fd..40b573b8d 100644 --- a/ci/render_periodic_jobs_page.py +++ b/ci/render_periodic_jobs_page.py @@ -48,8 +48,6 @@ def main(): if distro == 'okd': distro = "Origin Distribution of K8s" - elif distro == 'kid': - distro = "KubeInit distro" elif distro == 'k8s': distro = "Vanilla K8s" elif '.' in distro: diff --git a/docs/src/roles/role-kubeinit_apps.rst b/docs/src/roles/role-kubeinit_apps.rst deleted file mode 100755 index 88c399a85..000000000 --- a/docs/src/roles/role-kubeinit_apps.rst +++ /dev/null @@ -1,6 +0,0 @@ -========================= -Role - kubeinit_apps -========================= - -.. ansibleautoplugin:: - :role: kubeinit/roles/kubeinit_apps diff --git a/docs/src/roles/role-kubeinit_dnsmasq.rst b/docs/src/roles/role-kubeinit_dnsmasq.rst old mode 100755 new mode 100644 diff --git a/docs/src/roles/role-kubeinit_kid.rst b/docs/src/roles/role-kubeinit_kid.rst deleted file mode 100755 index 888009ec6..000000000 --- a/docs/src/roles/role-kubeinit_kid.rst +++ /dev/null @@ -1,6 +0,0 @@ -=================== -Role - kubeinit_kid -=================== - -.. ansibleautoplugin:: - :role: kubeinit/roles/kubeinit_kid diff --git a/docs/src/roles/role-kubeinit_kubevirt.rst b/docs/src/roles/role-kubeinit_kubevirt.rst deleted file mode 100644 index 4f3eb8de6..000000000 --- a/docs/src/roles/role-kubeinit_kubevirt.rst +++ /dev/null @@ -1,6 +0,0 @@ -======================== -Role - kubeinit_kubevirt -======================== - -.. ansibleautoplugin:: - :role: kubeinit/roles/kubeinit_kubevirt diff --git a/docs/src/roles/role-kubeinit_nexus.rst b/docs/src/roles/role-kubeinit_nexus.rst deleted file mode 100644 index 3cb591d06..000000000 --- a/docs/src/roles/role-kubeinit_nexus.rst +++ /dev/null @@ -1,6 +0,0 @@ -===================== -Role - kubeinit_nexus -===================== - -.. ansibleautoplugin:: - :role: kubeinit/roles/kubeinit_nexus diff --git a/docs/src/roles/role-kubeinit_nfs.rst b/docs/src/roles/role-kubeinit_nfs.rst deleted file mode 100644 index ba2314834..000000000 --- a/docs/src/roles/role-kubeinit_nfs.rst +++ /dev/null @@ -1,6 +0,0 @@ -=================== -Role - kubeinit_nfs -=================== - -.. ansibleautoplugin:: - :role: kubeinit/roles/kubeinit_nfs diff --git a/docs/src/roles/role-kubeinit_openstack.rst b/docs/src/roles/role-kubeinit_openstack.rst deleted file mode 100755 index a514a3490..000000000 --- a/docs/src/roles/role-kubeinit_openstack.rst +++ /dev/null @@ -1,6 +0,0 @@ -========================= -Role - kubeinit_openstack -========================= - -.. ansibleautoplugin:: - :role: kubeinit/roles/kubeinit_openstack diff --git a/kubeinit/galaxy.yml b/kubeinit/galaxy.yml index 334c2724f..c1ea6ea70 100644 --- a/kubeinit/galaxy.yml +++ b/kubeinit/galaxy.yml @@ -16,10 +16,8 @@ tags: - openshift - origin dependencies: - ansible.netcommon: '==5.1.1' ansible.posix: '==1.5.4' ansible.utils: '==2.10.3' - ansible.windows: '==1.14.0' community.crypto: '==2.13.1' community.general: '==7.0.1' community.libvirt: '==1.2.0' diff --git a/kubeinit/group_vars/kubeinit_defaults.yml b/kubeinit/group_vars/kubeinit_defaults.yml index 3f96bb761..3c7b32817 100644 --- a/kubeinit/group_vars/kubeinit_defaults.yml +++ b/kubeinit/group_vars/kubeinit_defaults.yml @@ -15,18 +15,14 @@ default_network_name: kimgtnet0 # cluster_node_configurations_docsplaceholder: 'we should have a cluster_node_configuration main key' -cluster_node_distro: +cluster_node_default_distro: k8s: os: centos - kid: - os: debian ocp: os: coreos okd: os: coreos -cluster_node_os: "{{ hostvars['kubeinit-defaults'].cluster_node_distro[kubeinit_cluster_distro].os }}" - cluster_node_vcpus: 8 cluster_node_maxvcpus: 16 @@ -50,7 +46,7 @@ compute_node_target_order: # -e cluster_nodes_spec='[{"when_group":"controller_nodes","disk"="35G"}]' # default_cluster_nodes_map_list: -- os: "{{ hostvars['kubeinit-defaults'].cluster_node_os }}" +- os: "{{ hostvars['kubeinit-defaults'].cluster_node_default_distro[kubeinit_cluster_distro].os }}" - when_type: virtual vcpus: "{{ cluster_node_vcpus }}" maxvcpus: "{{ cluster_node_maxvcpus }}" @@ -73,8 +69,6 @@ extra_node_maxvcpus: 16 extra_node_disk_size: 20G extra_node_ram_size: 16777216 -juju_controller_node_ram_size: 8388608 - extra_node_target_order: - hypervisor-02 - hypervisor-01 @@ -86,17 +80,13 @@ extra_node_target_order: # -e extra_nodes_spec='[{"name":"nova-compute","when_distro":["okd"],"os":"centos"}]' # default_extra_nodes_map_list: -- os: "{{ hostvars['kubeinit-defaults'].cluster_node_os }}" +- os: "{{ hostvars['kubeinit-defaults'].cluster_node_default_distro[kubeinit_cluster_distro].os }}" - when_type: virtual vcpus: "{{ cluster_node_vcpus }}" maxvcpus: "{{ cluster_node_maxvcpus }}" - disk: "{{ extra_node_disk_size }}" ram: "{{ extra_node_ram_size }}" target_order: "{{ extra_node_target_order }}" -- when_distro: - - cdk - name: juju-controller - ram: "{{ juju_controller_node_ram_size }}" - when_distro: - ocp - okd @@ -120,15 +110,13 @@ service_node_target_order: # -e service_nodes_spec='[{"services":["apache","bind","dnsmasq"]}]' # default_service_nodes_map_list: -- os: "{{ hostvars['kubeinit-defaults'].cluster_node_os }}" +- os: "{{ hostvars['kubeinit-defaults'].cluster_node_default_distro[kubeinit_cluster_distro].os }}" services: - bind - dnsmasq - haproxy - apache - registry - - apps - # - nexus target_order: "{{ service_node_target_order }}" - when_distro: - ocp diff --git a/kubeinit/group_vars/kubeinit_facts.yml b/kubeinit/group_vars/kubeinit_facts.yml index ba40f2110..b82b3cc14 100644 --- a/kubeinit/group_vars/kubeinit_facts.yml +++ b/kubeinit/group_vars/kubeinit_facts.yml @@ -10,11 +10,8 @@ distro_facts: k8s: name: 'Vanilla CNCF Kubernetes' role: kubeinit_k8s - kid: - name: 'Kubeinit distro (work-in-progress)' - role: kubeinit_kid ocp: - name: 'Openshift Container Platform' + name: 'OpenShift Container Platform' role: kubeinit_openshift okd: name: 'Origin Distribution of Kubernetes' diff --git a/kubeinit/playbook.yml b/kubeinit/playbook.yml index faedd6f41..23ecabf6b 100644 --- a/kubeinit/playbook.yml +++ b/kubeinit/playbook.yml @@ -18,7 +18,7 @@ hosts: localhost become: false gather_subset: "!all,network" - gather_facts: true + gather_facts: false pre_tasks: - name: Check if Ansible meets version requirements. tags: task_gather_facts @@ -43,7 +43,7 @@ hosts: kubeinit_hypervisors become: false gather_subset: "!all,network" - gather_facts: true + gather_facts: false tasks: - name: Skip play if playbook_terminated ansible.builtin.meta: end_play diff --git a/kubeinit/requirements.yml b/kubeinit/requirements.yml index 0b3b5364a..b3f2e62e1 100644 --- a/kubeinit/requirements.yml +++ b/kubeinit/requirements.yml @@ -4,14 +4,10 @@ --- collections: - - name: ansible.netcommon - version: '5.1.1' - name: ansible.posix version: '1.5.4' - name: ansible.utils version: '2.10.3' - - name: ansible.windows - version: '1.14.0' - name: community.crypto version: '2.13.1' - name: community.general diff --git a/kubeinit/roles/kubeinit_apache/tasks/main.yml b/kubeinit/roles/kubeinit_apache/tasks/main.yml index c6c675d06..fe5b08814 100644 --- a/kubeinit/roles/kubeinit_apache/tasks/main.yml +++ b/kubeinit/roles/kubeinit_apache/tasks/main.yml @@ -18,6 +18,7 @@ ansible.builtin.package: state: present name: "buildah" + use: "{{ hostvars[kubeinit_deployment_delegate]['ansible_facts']['pkg_mgr'] }}" - name: Create a new working container image ansible.builtin.command: buildah from --name {{ kubeinit_cluster_name }}-apache quay.io/kubeinit/httpd:2.4 diff --git a/kubeinit/roles/kubeinit_apps/README.md b/kubeinit/roles/kubeinit_apps/README.md deleted file mode 100644 index e04e2a9d0..000000000 --- a/kubeinit/roles/kubeinit_apps/README.md +++ /dev/null @@ -1,3 +0,0 @@ -Please, refer to the kubeinit_apps role -[official docs](https://kubeinit.github.io/kubeinit/roles/role-kubeinit_apps.html) -for further information. diff --git a/kubeinit/roles/kubeinit_apps/defaults/main.yml b/kubeinit/roles/kubeinit_apps/defaults/main.yml deleted file mode 100644 index 82dfc5d47..000000000 --- a/kubeinit/roles/kubeinit_apps/defaults/main.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- -# Copyright kubeinit contributors -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# All variables intended for modification should be placed in this file. - -# All variables within this role should have a prefix of "kubeinit_apps_" -kubeinit_apps_debug: "{{ (ansible_verbosity | int) >= 2 | bool }}" -kubeinit_apps_hide_sensitive_logs: true - -kubeinit_apps_sampleapp_replicas: 1 diff --git a/kubeinit/roles/kubeinit_apps/files/.gitkeep b/kubeinit/roles/kubeinit_apps/files/.gitkeep deleted file mode 100644 index e69de29bb..000000000 diff --git a/kubeinit/roles/kubeinit_apps/handlers/main.yml b/kubeinit/roles/kubeinit_apps/handlers/main.yml deleted file mode 100644 index 9490b54cc..000000000 --- a/kubeinit/roles/kubeinit_apps/handlers/main.yml +++ /dev/null @@ -1,15 +0,0 @@ ---- -# Copyright kubeinit contributors -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. diff --git a/kubeinit/roles/kubeinit_apps/meta/main.yml b/kubeinit/roles/kubeinit_apps/meta/main.yml deleted file mode 100644 index 8d8f6b555..000000000 --- a/kubeinit/roles/kubeinit_apps/meta/main.yml +++ /dev/null @@ -1,44 +0,0 @@ ---- -# Copyright kubeinit contributors -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -galaxy_info: - author: KubeInit - role_name: kubeinit_apps - namespace: kubeinit - description: KubeInit Role -- kubeinit_apps - company: Red Hat - license: Apache-2.0 - min_ansible_version: 2.9 - # - # Provide a list of supported platforms, and for each platform a list of versions. - # If you don't wish to enumerate all versions for a particular platform, use 'all'. - # To view available platforms and versions (or releases), visit: - # https://galaxy.ansible.com/api/v1/platforms/ - # - platforms: - - name: CentOS - versions: - - 7 - - 8 - - galaxy_tags: - - kubeinit - - -# List your role dependencies here, one per line. Be sure to remove the '[]' above, -# if you add dependencies to this list. -dependencies: [] diff --git a/kubeinit/roles/kubeinit_apps/molecule/default/converge.yml b/kubeinit/roles/kubeinit_apps/molecule/default/converge.yml deleted file mode 100644 index ba88219d1..000000000 --- a/kubeinit/roles/kubeinit_apps/molecule/default/converge.yml +++ /dev/null @@ -1,25 +0,0 @@ ---- -# Copyright kubeinit contributors -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Converge - hosts: all - # roles: - # - role: "kubeinit_apps" - tasks: - - name: Message for "kubeinit_apps" - ansible.builtin.debug: - msg: Finishing molecule for "kubeinit_apps" diff --git a/kubeinit/roles/kubeinit_apps/molecule/default/molecule.yml b/kubeinit/roles/kubeinit_apps/molecule/default/molecule.yml deleted file mode 100644 index b5d8023ed..000000000 --- a/kubeinit/roles/kubeinit_apps/molecule/default/molecule.yml +++ /dev/null @@ -1,13 +0,0 @@ ---- -dependency: - name: galaxy -driver: - name: docker -platforms: - - name: instance - image: quay.io/centos/centos:stream8 - pre_build_image: true -provisioner: - name: ansible -verifier: - name: ansible diff --git a/kubeinit/roles/kubeinit_apps/molecule/default/verify.yml b/kubeinit/roles/kubeinit_apps/molecule/default/verify.yml deleted file mode 100644 index 86afba4ff..000000000 --- a/kubeinit/roles/kubeinit_apps/molecule/default/verify.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -# This is an example playbook to execute Ansible tests. - -- name: Verify - hosts: all - tasks: - - name: Example assertion - ansible.builtin.assert: - that: true diff --git a/kubeinit/roles/kubeinit_apps/tasks/main.yml b/kubeinit/roles/kubeinit_apps/tasks/main.yml deleted file mode 100644 index ee0b187c2..000000000 --- a/kubeinit/roles/kubeinit_apps/tasks/main.yml +++ /dev/null @@ -1,23 +0,0 @@ ---- -# Copyright kubeinit contributors -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Run the Linux sample application (sampleapp) - ansible.builtin.include_tasks: sampleapp.yml - when: not windows_compute_node_exists | default(false) - -- name: Run the Windows sample application (sampleapp) - ansible.builtin.include_tasks: win_sampleapp.yml - when: windows_compute_node_exists | default(false) diff --git a/kubeinit/roles/kubeinit_apps/tasks/sampleapp.yml b/kubeinit/roles/kubeinit_apps/tasks/sampleapp.yml deleted file mode 100644 index 992118242..000000000 --- a/kubeinit/roles/kubeinit_apps/tasks/sampleapp.yml +++ /dev/null @@ -1,114 +0,0 @@ ---- -# Copyright kubeinit contributors -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Install the simple app - block: - - name: Create the sampleapp template file - ansible.builtin.template: - src: "sampleapp.yml.j2" - dest: "~/sampleapp.yml" - mode: "0755" - - - name: Install the sample app - ansible.builtin.shell: | - set -o pipefail - kubectl create namespace sampleapp - kubectl apply -f ~/sampleapp.yml - args: - executable: /bin/bash - register: _result - changed_when: "_result.rc == 0" - delegate_to: "{{ kubeinit_provision_service_node }}" - - - name: Wait until pods are created - ansible.builtin.shell: | - set -o pipefail - kubectl get pods --namespace=sampleapp | grep sampleapp - args: - executable: /bin/bash - register: _result - changed_when: "_result.rc == 0" - retries: 60 - delay: 5 - until: _result.stdout_lines | list | length == kubeinit_apps_sampleapp_replicas|int - delegate_to: "{{ kubeinit_provision_service_node }}" - - - name: Wait until pods are running - ansible.builtin.shell: | - set -o pipefail - kubectl get pods --namespace=sampleapp | grep Running - args: - executable: /bin/bash - register: _result - changed_when: "_result.rc == 0" - retries: 60 - delay: 5 - until: _result.stdout_lines | list | length == kubeinit_apps_sampleapp_replicas|int - delegate_to: "{{ kubeinit_provision_service_node }}" - - rescue: - - name: Get some debugging information - ansible.builtin.shell: | - set -o pipefail - echo "********************" - echo "***" - echo "*** Describe the first sampleapp container information" - echo "***" - echo "********************" - kubectl describe pod $(kubectl get pods --namespace=sampleapp -o json | jq .items[0].metadata.name | tr -d '"') --namespace=sampleapp - echo "********************" - echo "***" - echo "*** Describe the first sampleapp container logs" - echo "***" - echo "********************" - kubectl logs $(kubectl get pods --namespace=sampleapp -o json | jq .items[0].metadata.name | tr -d '"') --namespace=sampleapp --previous - echo "********************" - echo "***" - echo "*** Get the first controller node name" - echo "***" - echo "********************" - kubectl get nodes -o json | jq .items[0].metadata.name - echo "********************" - echo "***" - echo "*** Get the first controller node taints" - echo "***" - echo "********************" - kubectl get nodes -o json | jq .items[0].spec.taints - echo "********************" - echo "***" - echo "*** Describe the first controller node info" - echo "***" - echo "********************" - kubectl describe node $(kubectl get nodes -o json | jq .items[0].metadata.name | tr -d '"') - args: - executable: /bin/bash - register: _result - changed_when: "_result.rc == 0" - delegate_to: "{{ kubeinit_provision_service_node }}" - - - name: Force fail - ansible.builtin.fail: - msg: The sampleapp deployment failed, the deployment must fail - -- name: Delete the sampleapp - ansible.builtin.shell: | - set -o pipefail - kubectl delete namespace sampleapp --force --grace-period=0 --wait=false - args: - executable: /bin/bash - register: _result - changed_when: "_result.rc == 0" - delegate_to: "{{ kubeinit_provision_service_node }}" diff --git a/kubeinit/roles/kubeinit_apps/tasks/win_sampleapp.yml b/kubeinit/roles/kubeinit_apps/tasks/win_sampleapp.yml deleted file mode 100644 index 6b5333db1..000000000 --- a/kubeinit/roles/kubeinit_apps/tasks/win_sampleapp.yml +++ /dev/null @@ -1,116 +0,0 @@ ---- -# Copyright kubeinit contributors -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Install the simple app - block: - - name: Create the sampleapp template file - ansible.builtin.template: - src: "win_sampleapp.yml.j2" - dest: "~/win_sampleapp.yml" - mode: "0755" - - - name: Install the Windows sample app - ansible.builtin.shell: | - set -o pipefail - kubectl create namespace windows-sampleapp - kubectl apply -f ~/win_sampleapp.yml - args: - executable: /bin/bash - register: _result - changed_when: "_result.rc == 0" - delegate_to: "{{ kubeinit_provision_service_node }}" - - - name: Wait until pods are created - ansible.builtin.shell: | - set -o pipefail - kubectl get pods --namespace=windows-sampleapp | grep windows-sampleapp - args: - executable: /bin/bash - register: _result - changed_when: "_result.rc == 0" - retries: 60 - delay: 5 - until: _result.stdout_lines | list | length == kubeinit_apps_sampleapp_replicas|int - delegate_to: "{{ kubeinit_provision_service_node }}" - - - name: Wait until pods are running - ansible.builtin.shell: | - set -o pipefail - kubectl get pods --namespace=windows-sampleapp | grep Running - args: - executable: /bin/bash - register: _result - changed_when: "_result.rc == 0" - # This Windows application might take a lot of time to start running, - # the 2022 server image where it runs on top is fairly heavy. - retries: 160 - delay: 5 - until: _result.stdout_lines | list | length == kubeinit_apps_sampleapp_replicas|int - delegate_to: "{{ kubeinit_provision_service_node }}" - - rescue: - - name: Get some debugging information - ansible.builtin.shell: | - set -o pipefail - echo "********************" - echo "***" - echo "*** Describe the first windows-sampleapp container information" - echo "***" - echo "********************" - kubectl describe pod $(kubectl get pods --namespace=windows-sampleapp -o json | jq .items[0].metadata.name | tr -d '"') --namespace=windows-sampleapp - echo "********************" - echo "***" - echo "*** Describe the first windows-sampleapp container logs" - echo "***" - echo "********************" - kubectl logs $(kubectl get pods --namespace=windows-sampleapp -o json | jq .items[0].metadata.name | tr -d '"') --namespace=windows-sampleapp --previous - echo "********************" - echo "***" - echo "*** Get the first controller node name" - echo "***" - echo "********************" - kubectl get nodes -o json | jq .items[0].metadata.name - echo "********************" - echo "***" - echo "*** Get the first controller node taints" - echo "***" - echo "********************" - kubectl get nodes -o json | jq .items[0].spec.taints - echo "********************" - echo "***" - echo "*** Describe the first controller node info" - echo "***" - echo "********************" - kubectl describe node $(kubectl get nodes -o json | jq .items[0].metadata.name | tr -d '"') - args: - executable: /bin/bash - register: _result - changed_when: "_result.rc == 0" - delegate_to: "{{ kubeinit_provision_service_node }}" - - - name: Force fail - ansible.builtin.fail: - msg: The windows-sampleapp deployment failed, the deployment must fail - -- name: Delete the windows-sampleapp - ansible.builtin.shell: | - set -o pipefail - kubectl delete namespace windows-sampleapp --force --grace-period=0 --wait=false - args: - executable: /bin/bash - register: _result - changed_when: "_result.rc == 0" - delegate_to: "{{ kubeinit_provision_service_node }}" diff --git a/kubeinit/roles/kubeinit_apps/templates/coco_workload.yml.j2 b/kubeinit/roles/kubeinit_apps/templates/coco_workload.yml.j2 deleted file mode 100644 index 1fdf6eef2..000000000 --- a/kubeinit/roles/kubeinit_apps/templates/coco_workload.yml.j2 +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - labels: - run: nginx - name: nginx -spec: - containers: - - image: quay.io/kubeinit/nginx-unprivileged:latest - name: nginx - dnsPolicy: ClusterFirst - runtimeClassName: kata diff --git a/kubeinit/roles/kubeinit_apps/templates/sampleapp.yml.j2 b/kubeinit/roles/kubeinit_apps/templates/sampleapp.yml.j2 deleted file mode 100644 index 464d2dbff..000000000 --- a/kubeinit/roles/kubeinit_apps/templates/sampleapp.yml.j2 +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: sampleapp - namespace: sampleapp - labels: - app: sampleapp -spec: - selector: - matchLabels: - app: sampleapp - replicas: {{ kubeinit_apps_sampleapp_replicas }} - template: - metadata: - labels: - app: sampleapp - spec: - containers: - - name: nginx - image: quay.io/kubeinit/nginx-unprivileged:latest - ports: - - containerPort: 8080 - nodeSelector: - kubernetes.io/os: linux diff --git a/kubeinit/roles/kubeinit_apps/templates/win_sampleapp.yml.j2 b/kubeinit/roles/kubeinit_apps/templates/win_sampleapp.yml.j2 deleted file mode 100644 index 77c453770..000000000 --- a/kubeinit/roles/kubeinit_apps/templates/win_sampleapp.yml.j2 +++ /dev/null @@ -1,43 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - namespace: windows-sampleapp - name: windows-sampleapp - labels: - app: windows-sampleapp -spec: - ports: - # the port that this service should serve on - - port: 80 - targetPort: 80 - selector: - app: windows-sampleapp - type: NodePort ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app: windows-sampleapp - name: windows-sampleapp - namespace: windows-sampleapp -spec: - replicas: {{ kubeinit_apps_sampleapp_replicas }} - selector: - matchLabels: - app: windows-sampleapp - template: - metadata: - labels: - app: windows-sampleapp - name: windows-sampleapp - spec: - containers: - - name: windowswebserver - image: mcr.microsoft.com/windows/servercore:ltsc2022 - command: - - powershell.exe - - -command - - "<#code used from https://gist.github.com/19WAS85/5424431#> ; $$listener = New-Object System.Net.HttpListener ; $$listener.Prefixes.Add('http://*:80/') ; $$listener.Start() ; $$callerCounts = @{} ; Write-Host('Listening at http://*:80/') ; while ($$listener.IsListening) { ;$$context = $$listener.GetContext() ;$$requestUrl = $$context.Request.Url ;$$clientIP = $$context.Request.RemoteEndPoint.Address ;$$response = $$context.Response ;Write-Host '' ;Write-Host('> {0}' -f $$requestUrl) ; ;$$count = 1 ;$$k=$$callerCounts.Get_Item($$clientIP) ;if ($$k -ne $$null) { $$count += $$k } ;$$callerCounts.Set_Item($$clientIP, $$count) ;$$ip=(Get-NetAdapter | Get-NetIpAddress); $$header='

Windows Container Web Server

' ;$$callerCountsString='' ;$$callerCounts.Keys | % { $$callerCountsString+='

IP {0} callerCount {1} ' -f $$ip[1].IPAddress,$$callerCounts.Item($$_) } ;$$footer='' ;$$content='{0}{1}{2}' -f $$header,$$callerCountsString,$$footer ;Write-Output $$content ;$$buffer = [System.Text.Encoding]::UTF8.GetBytes($$content) ;$$response.ContentLength64 = $$buffer.Length ;$$response.OutputStream.Write($$buffer, 0, $$buffer.Length) ;$$response.Close() ;$$responseStatus = $$response.StatusCode ;Write-Host('< {0}' -f $$responseStatus) } ; " - nodeSelector: - kubernetes.io/os: windows diff --git a/kubeinit/roles/kubeinit_apps/vars/main.yml b/kubeinit/roles/kubeinit_apps/vars/main.yml deleted file mode 100644 index 1c28fe1b5..000000000 --- a/kubeinit/roles/kubeinit_apps/vars/main.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- -# Copyright kubeinit contributors -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# While options found within the vars/ path can be overridden using extra -# vars, items within this path are considered part of the role and not -# intended to be modified. - -# All variables within this role should have a prefix of "kubeinit_apps_" diff --git a/kubeinit/roles/kubeinit_bind/tasks/main.yml b/kubeinit/roles/kubeinit_bind/tasks/main.yml index dd80c8441..4007102fb 100644 --- a/kubeinit/roles/kubeinit_bind/tasks/main.yml +++ b/kubeinit/roles/kubeinit_bind/tasks/main.yml @@ -33,6 +33,7 @@ ansible.builtin.package: state: present name: "buildah" + use: "{{ hostvars[kubeinit_deployment_delegate]['ansible_facts']['pkg_mgr'] }}" - name: Remove any old bind buildah container ansible.builtin.shell: | diff --git a/kubeinit/roles/kubeinit_bind/templates/named.conf.local.j2 b/kubeinit/roles/kubeinit_bind/templates/named.conf.local.j2 index 46afe8600..8ab9b5bb0 100644 --- a/kubeinit/roles/kubeinit_bind/templates/named.conf.local.j2 +++ b/kubeinit/roles/kubeinit_bind/templates/named.conf.local.j2 @@ -34,7 +34,7 @@ view "internal" { {% set cluster_net_name = hostvars[cluster].network_name %} {% set cluster_nameserver_net = hostvars[cluster_net_name].network %} {% set cluster_nameserver_offset = hostvars[cluster_net_name].nameserver_offset %} - {% set cluster_nameserver_addr = cluster_nameserver_net | ansible.netcommon.ipv4(cluster_nameserver_offset|int) | ansible.netcommon.ipv4('address') %} + {% set cluster_nameserver_addr = cluster_nameserver_net | ansible.utils.ipv4(cluster_nameserver_offset|int) | ansible.utils.ipv4('address') %} zone "{{ cluster }}.{{ hostvars[kubeinit_cluster_name].cluster_domain }}" IN { type forward; forward only; diff --git a/kubeinit/roles/kubeinit_dnsmasq/tasks/main.yml b/kubeinit/roles/kubeinit_dnsmasq/tasks/main.yml index 48493ccaa..063709ec4 100644 --- a/kubeinit/roles/kubeinit_dnsmasq/tasks/main.yml +++ b/kubeinit/roles/kubeinit_dnsmasq/tasks/main.yml @@ -40,6 +40,7 @@ ansible.builtin.package: state: present name: "buildah" + use: "{{ hostvars[kubeinit_deployment_delegate]['ansible_facts']['pkg_mgr'] }}" - name: Remove any old dnsmasq buildah container ansible.builtin.shell: | diff --git a/kubeinit/roles/kubeinit_haproxy/tasks/main.yml b/kubeinit/roles/kubeinit_haproxy/tasks/main.yml index 1170c6669..031234ebb 100644 --- a/kubeinit/roles/kubeinit_haproxy/tasks/main.yml +++ b/kubeinit/roles/kubeinit_haproxy/tasks/main.yml @@ -33,6 +33,7 @@ ansible.builtin.package: state: present name: "buildah" + use: "{{ hostvars[kubeinit_deployment_delegate]['ansible_facts']['pkg_mgr'] }}" - name: Remove any old haproxy buildah container ansible.builtin.shell: | diff --git a/kubeinit/roles/kubeinit_k8s/defaults/main.yml b/kubeinit/roles/kubeinit_k8s/defaults/main.yml index 8fb1c1d48..963b0d011 100644 --- a/kubeinit/roles/kubeinit_k8s/defaults/main.yml +++ b/kubeinit/roles/kubeinit_k8s/defaults/main.yml @@ -21,8 +21,7 @@ kubeinit_k8s_debug: "{{ (ansible_verbosity | int) >= 2 | bool }}" kubeinit_k8s_hide_sensitive_logs: true -kubeinit_k8s_kubernetes_version: "1.26" -kubeinit_k8s_kubernetes_version_full: "1.26.3" +kubeinit_k8s_kubernetes_version: "1.30" # This is the default container runtime that # will be deployed when the Vanila k8s cluster @@ -33,24 +32,10 @@ kubeinit_k8s_kubernetes_version_full: "1.26.3" kubeinit_k8s_container_runtime: "cri-o" # kubeinit_k8s_container_runtime: "containerd" -kubeinit_k8s_flannel_version: "0.22.0" -kubeinit_k8s_flannel_cni_plugin_version: "1.1.2" -kubeinit_k8s_flannel_cni_version: "0.3.1" +kubeinit_k8s_flannel_version: "0.25.4" +kubeinit_k8s_kustomize_version: "5.4.2" -# TODO:FIXME: There must be a bug in the way flannel and cri-o -# is configured. The following parameters can not be changed at the moment. -# This can not be changed, it needs to match -# https://github.com/flannel-io/flannel/blob/796457b0cd4cba2025166f9625330ea905a18033/Documentation/kube-flannel.yml -kubeinit_k8s_pod_network: 10.244.0.0 -# This is the cluster CIDR +# This is the cluster CIDR taken from the net-conf.json in the kube-flannel-cfg configmap here: +# https://github.com/flannel-io/flannel/releases/download/v{{ kubeinit_k8s_flannel_version }}/kube-flannel.yml kubeinit_k8s_pod_network_cidr: 10.244.0.0/16 -kubeinit_k8s_pod_subnet_len: 16 -# Make sure changes are applied to windows machines -# in the libvirt role in the template PrepareFlannel.ps1.j2 - -# Cluster CIDR -# kubectl cluster-info dump | grep -m 1 service-cluster-ip-range - -# Service CIDR -# kubectl cluster-info dump | grep -m 1 cluster-cidr diff --git a/kubeinit/roles/kubeinit_k8s/tasks/main.yml b/kubeinit/roles/kubeinit_k8s/tasks/main.yml index 902cda793..865cca329 100644 --- a/kubeinit/roles/kubeinit_k8s/tasks/main.yml +++ b/kubeinit/roles/kubeinit_k8s/tasks/main.yml @@ -29,10 +29,20 @@ - name: Setup the first controller node block: - - name: Clean kubeadm and initialize Kubernetes cluster + - name: Clean kubeadm ansible.builtin.shell: | set -eo pipefail kubeadm reset -f || true + kubeadm config images list + kubeadm config images list --kubernetes-version latest + args: + executable: /bin/bash + register: _result_kubeadm_init_output + changed_when: "_result_kubeadm_init_output.rc == 0" + + - name: Initialize Kubernetes cluster + ansible.builtin.shell: | + set -eo pipefail kubeadm init \ --control-plane-endpoint "api.{{ kubeinit_cluster_fqdn }}:6443" \ --upload-certs \ @@ -90,14 +100,8 @@ mode: '0644' when: kubeinit_controller_count|int > 1 - - name: Render the flannel template - ansible.builtin.template: - src: "kube-flannel.yml.j2" - dest: "~/kube-flannel.yml" - mode: "0644" - - - name: Install the Flannel network Add-on - ansible.builtin.command: kubectl apply -f ~/kube-flannel.yml + - name: Install Network Add-on + ansible.builtin.command: kubectl apply -f https://github.com/flannel-io/flannel/releases/download/v{{ kubeinit_k8s_flannel_version }}/kube-flannel.yml register: _result changed_when: "_result.rc == 0" @@ -160,51 +164,8 @@ loop_control: loop_var: compute_node delegate_to: "{{ compute_node }}" - when: hostvars[compute_node].os != 'windows' - -# The kubeconfig file is on the controller nodes so we run kubectl label on the first controller -- name: Label node - ansible.builtin.command: | - kubectl label node {{ hostvars[compute_node].fqdn }} node-role.kubernetes.io/worker= - register: _result - changed_when: "_result.rc == 0" - loop: "{{ groups['all_compute_nodes'] | default([]) }}" - loop_control: - loop_var: compute_node - delegate_to: "{{ kubeinit_first_controller_node }}" - when: hostvars[compute_node].os != 'windows' - -- name: Check if there is at least one compute Windows node - ansible.builtin.set_fact: - windows_compute_node_exists: true - loop: "{{ groups['all_compute_nodes'] | default([]) }}" - loop_control: - loop_var: compute_node - when: hostvars[compute_node].os == 'windows' - -- name: Allow schedule workloads in controller nodes if there are no compute nodes - ansible.builtin.shell: | - set -o pipefail - dnf install -y jq - # Deprecated in 1.24 - for node in $(kubectl get nodes -o json | jq -r '.items[] | select(.spec.taints[]?.key=="node-role.kubernetes.io/master") | .metadata.labels."kubernetes.io/hostname"'); - do - kubectl taint node ${node} node-role.kubernetes.io/master:NoSchedule- - done - # Working starting on 1.24 - for node in $(kubectl get nodes -o json | jq -r '.items[] | select(.spec.taints[]?.key=="node-role.kubernetes.io/control-plane") | .metadata.labels."kubernetes.io/hostname"'); - do - kubectl taint node ${node} node-role.kubernetes.io/control-plane:NoSchedule- - done - args: - executable: /bin/bash - register: _result - changed_when: "_result.rc == 0" - when: not kubeinit_compute_count|int > 0 or (windows_compute_node_exists | default(false)) - delegate_to: "{{ kubeinit_first_controller_node }}" -# We fetch the kubeconfig from the first controller node -- name: Copying the kubeconfig to a variable +- name: Fetch the kubeconfig from the first controller node ansible.builtin.slurp: src: ~/.kube/config register: _result_cluster_kubeconfig @@ -217,240 +178,46 @@ mode: '0644' delegate_to: "{{ kubeinit_provision_service_node }}" -- name: Storing the master kubeconfig to the services machine. +- name: Store the kubeconfig to the provision services machine. ansible.builtin.copy: content: "{{ _result_cluster_kubeconfig.content | default('Empty file') | b64decode }}" dest: ~/.kube/config mode: '0644' delegate_to: "{{ kubeinit_provision_service_node }}" -- name: Install kustomize - ansible.builtin.shell: | - curl -sL https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize%2Fv5.1.0/kustomize_v5.1.0_linux_amd64.tar.gz > kustomize.tar.gz - tar xzf ./kustomize.tar.gz - mv ./kustomize /bin/ - args: - executable: /bin/bash +- name: Label compute nodes + ansible.builtin.command: | + kubectl label node {{ hostvars[compute_node].fqdn }} node-role.kubernetes.io/worker= register: _result changed_when: "_result.rc == 0" - delegate_to: "{{ kubeinit_provision_service_node }}" - -# -# Configure additional steps for including the Windows compute nodes -# - -- name: Create the kubeinit folder - ansible.windows.win_file: - path: C:\k - state: directory - # TODO:FIXME: The following variables should be - # added as group vars for those compute nodes which the - # os is equals to 'windows' - # TODO:FIXME: The usage of ansible_shell_type might - # be different depending on the win_* task, the - # supported values are [cmd | powershell] - vars: - ansible_shell_type: 'cmd' - ansible_remote_tmp: 'C:\Windows\Temp' - delegate_to: "{{ compute_node }}" - loop: "{{ groups['all_compute_nodes'] | default([]) }}" - loop_control: - loop_var: compute_node - when: hostvars[compute_node].os == 'windows' - -- name: Copy the kubeconfig file - ansible.windows.win_copy: - content: "{{ _result_cluster_kubeconfig.content | default('Empty file') | b64decode }}" - dest: C:\k\kube_config - # TODO:FIXME: The following variables should be - # added as group vars for those compute nodes which the - # os is equals to 'windows' - # TODO:FIXME: The usage of ansible_shell_type might - # be different depending on the win_* task, the - # supported values are [cmd | powershell] - vars: - ansible_shell_type: 'cmd' - ansible_remote_tmp: 'C:\Windows\Temp' - delegate_to: "{{ compute_node }}" - loop: "{{ groups['all_compute_nodes'] | default([]) }}" - loop_control: - loop_var: compute_node - when: hostvars[compute_node].os == 'windows' - -- name: Copy the kubeconfig file - ansible.windows.win_copy: - content: "{{ _result_cluster_kubeconfig.content | default('Empty file') | b64decode }}" - dest: C:\k\Kubeconfig - # TODO:FIXME: The following variables should be - # added as group vars for those compute nodes which the - # os is equals to 'windows' - # TODO:FIXME: The usage of ansible_shell_type might - # be different depending on the win_* task, the - # supported values are [cmd | powershell] - vars: - ansible_shell_type: 'cmd' - ansible_remote_tmp: 'C:\Windows\Temp' - delegate_to: "{{ compute_node }}" - loop: "{{ groups['all_compute_nodes'] | default([]) }}" - loop_control: - loop_var: compute_node - when: hostvars[compute_node].os == 'windows' - -- name: Copy the kubeconfig file - ansible.windows.win_copy: - content: "{{ _result_cluster_kubeconfig.content | default('Empty file') | b64decode }}" - dest: C:\k\config - # TODO:FIXME: The following variables should be - # added as group vars for those compute nodes which the - # os is equals to 'windows' - # TODO:FIXME: The usage of ansible_shell_type might - # be different depending on the win_* task, the - # supported values are [cmd | powershell] - vars: - ansible_shell_type: 'cmd' - ansible_remote_tmp: 'C:\Windows\Temp' - delegate_to: "{{ compute_node }}" - loop: "{{ groups['all_compute_nodes'] | default([]) }}" - loop_control: - loop_var: compute_node - when: hostvars[compute_node].os == 'windows' - -- name: Write the join command - ansible.windows.win_copy: - content: "{{ _result_join_command.stdout | replace('kubeadm','c:\\k\\kubeadm.exe') }} --node-name {{ compute_node }}.{{ kubeinit_cluster_fqdn }} --cri-socket 'npipe:////./pipe/containerd-containerd' -v=10" - dest: C:\k\k8s_join_command.ps1 - # TODO:FIXME: The following variables should be - # added as group vars for those compute nodes which the - # os is equals to 'windows' - # TODO:FIXME: The usage of ansible_shell_type might - # be different depending on the win_* task, the - # supported values are [cmd | powershell] - vars: - ansible_shell_type: 'cmd' - ansible_remote_tmp: 'C:\Windows\Temp' - delegate_to: "{{ compute_node }}" - loop: "{{ groups['all_compute_nodes'] | default([]) }}" - loop_control: - loop_var: compute_node - when: hostvars[compute_node].os == 'windows' - -- name: Install prereqs - ansible.windows.win_powershell: - script: | - $env:Path += ";C:\k;C:\Program Files\containerd;C:\Program Files\nssm" - powershell c:\k\PrepareRequirements.ps1 - # TODO:FIXME: The following variables should be - # added as group vars for those compute nodes which the - # os is equals to 'windows' - # TODO:FIXME: The usage of ansible_shell_type might - # be different depending on the win_* task, the - # supported values are [cmd | powershell] - vars: - ansible_shell_type: 'cmd' - ansible_remote_tmp: 'C:\Windows\Temp' - delegate_to: "{{ compute_node }}" - loop: "{{ groups['all_compute_nodes'] | default([]) }}" - loop_control: - loop_var: compute_node - when: hostvars[compute_node].os == 'windows' - -- name: Install containerd - ansible.windows.win_powershell: - script: | - $env:Path += ";C:\k;C:\Program Files\containerd;C:\Program Files\nssm" - powershell C:\k\Install-Containerd.ps1 -netAdapterName 'Ethernet' -ContainerDVersion '1.6.6' - # TODO:FIXME: The following variables should be - # added as group vars for those compute nodes which the - # os is equals to 'windows' - # TODO:FIXME: The usage of ansible_shell_type might - # be different depending on the win_* task, the - # supported values are [cmd | powershell] - vars: - ansible_shell_type: 'cmd' - ansible_remote_tmp: 'C:\Windows\Temp' - delegate_to: "{{ compute_node }}" - loop: "{{ groups['all_compute_nodes'] | default([]) }}" - loop_control: - loop_var: compute_node - when: hostvars[compute_node].os == 'windows' - -- name: Prepare the Windows computes (register containerd and kubelet) - ansible.windows.win_powershell: - script: | - $env:Path += ";C:\k;C:\Program Files\containerd;C:\Program Files\nssm" - # The prepare node script will start kubelet as an nssm service - # Make sure is like the following command, otherwise it will fail - # for example: C:\k\kubelet.exe --container-runtime-endpoint=npipe:////./pipe/containerd-containerd --cert-dir=$env:SYSTEMDRIVE\var\lib\kubelet\pki --config=/var/lib/kubelet/config.yaml --kubeconfig=/k/config --hostname-override=compute-01.k8scluster.kubeinit.local --pod-infra-container-image=`"mcr.microsoft.com/oss/kubernetes/pause:3.6`" --enable-debugging-handlers --cgroups-per-qos=false --enforce-node-allocatable=`"`" --resolv-conf=`"`" --log-dir=/var/log/kubelet --logtostderr=true - powershell C:\k\PrepareNode.ps1 -KubernetesVersion v1.24.2 -ContainerRuntime containerD - # TODO:FIXME: The following variables should be - # added as group vars for those compute nodes which the - # os is equals to 'windows' - # TODO:FIXME: The usage of ansible_shell_type might - # be different depending on the win_* task, the - # supported values are [cmd | powershell] - vars: - ansible_shell_type: 'cmd' - ansible_remote_tmp: 'C:\Windows\Temp' - delegate_to: "{{ compute_node }}" - loop: "{{ groups['all_compute_nodes'] | default([]) }}" - loop_control: - loop_var: compute_node - when: hostvars[compute_node].os == 'windows' - -- name: Install prereqs and start script (register flannel) - ansible.windows.win_powershell: - script: | - $env:Path += ";C:\k;C:\Program Files\containerd;C:\Program Files\nssm" - # Default domain: controller-01.k8scluster.kubeinit.local - # The management IP is the node's IP not the controller's IP. - # for example: powershell C:\k\PrepareFlannel.ps1 -ManagementIP 10.0.0.2 -Hostname compute-01.k8scluster.kubeinit.local -NetworkMode overlay - powershell C:\k\PrepareFlannel.ps1 -ManagementIP {{ hostvars[compute_node].ansible_host }} -Hostname {{ compute_node }}.{{ kubeinit_cluster_fqdn }} -NetworkMode overlay - # TODO:FIXME: The following variables should be - # added as group vars for those compute nodes which the - # os is equals to 'windows' - # TODO:FIXME: The usage of ansible_shell_type might - # be different depending on the win_* task, the - # supported values are [cmd | powershell] - vars: - ansible_shell_type: 'cmd' - ansible_remote_tmp: 'C:\Windows\Temp' - delegate_to: "{{ compute_node }}" loop: "{{ groups['all_compute_nodes'] | default([]) }}" loop_control: loop_var: compute_node - when: hostvars[compute_node].os == 'windows' + delegate_to: "{{ kubeinit_provision_service_node }}" -- name: Join the Windows computes in the cluster - ansible.windows.win_powershell: - script: | - $env:Path += ";C:\k;C:\Program Files\containerd;C:\Program Files\nssm" - # The kubelet service automatically joins the node to the cluster as kubelet is running as an nssm service - # powershell C:\k\k8s_join_command.ps1 - # TODO:FIXME: The following variables should be - # added as group vars for those compute nodes which the - # os is equals to 'windows' - # TODO:FIXME: The usage of ansible_shell_type might - # be different depending on the win_* task, the - # supported values are [cmd | powershell] +- name: Allow schedule workloads in controller nodes if there are no compute nodes + ansible.builtin.shell: | + set -o pipefail + for node in $(kubectl get nodes -o json | jq -r '.items[] | select(.spec.taints[]?.key=="node-role.kubernetes.io/control-plane") | .metadata.labels."kubernetes.io/hostname"'); + do + kubectl taint node ${node} node-role.kubernetes.io/control-plane:NoSchedule- + done + args: + executable: /bin/bash + register: _result + changed_when: "_result.rc == 0" + when: kubeinit_compute_count|int == 0 vars: - ansible_shell_type: 'cmd' - ansible_remote_tmp: 'C:\Windows\Temp' - delegate_to: "{{ compute_node }}" - loop: "{{ groups['all_compute_nodes'] | default([]) }}" - loop_control: - loop_var: compute_node - when: hostvars[compute_node].os == 'windows' + kubeinit_deployment_node_name: "{{ kubeinit_provision_service_node }}" + delegate_to: "{{ kubeinit_deployment_node_name }}" -- name: Tag Windows compute nodes as workers +- name: Install kustomize ansible.builtin.shell: | - set -o pipefail - kubectl label node {{ compute_node }}.{{ kubeinit_cluster_fqdn }} node-role.kubernetes.io/worker=worker + curl -sL https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize%2Fv{{ kubeinit_k8s_kustomize_version }}/kustomize_v{{ kubeinit_k8s_kustomize_version }}_linux_amd64.tar.gz > kustomize.tar.gz + tar xzf ./kustomize.tar.gz + mv ./kustomize /bin/ args: executable: /bin/bash register: _result changed_when: "_result.rc == 0" - loop: "{{ groups['all_compute_nodes'] | default([]) }}" - loop_control: - loop_var: compute_node - when: hostvars[compute_node].os == 'windows' - delegate_to: "{{ kubeinit_first_controller_node }}" + delegate_to: "{{ kubeinit_provision_service_node }}" diff --git a/kubeinit/roles/kubeinit_k8s/tasks/post_configure_guest.yml b/kubeinit/roles/kubeinit_k8s/tasks/post_configure_guest.yml deleted file mode 100644 index 03c1536ea..000000000 --- a/kubeinit/roles/kubeinit_k8s/tasks/post_configure_guest.yml +++ /dev/null @@ -1,173 +0,0 @@ ---- -# Copyright kubeinit contributors -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Install and configure cri-o - block: - # - # cri-o repos - # - - - name: Download cri-o (kubeinit) repos - ansible.builtin.shell: | - curl -L -o /etc/yum.repos.d/kubeinit.repo https://download.opensuse.org/repositories/home:/kubeinit/CentOS_9_Stream/home:kubeinit.repo - args: - executable: /bin/bash - register: _result - changed_when: "_result.rc == 0" - - # - # cri-o config - # - - - name: Install the latest version of cri-o - ansible.builtin.package: - name: cri-o - state: present - - - name: Install the latest version of crun - ansible.builtin.package: - name: crun - state: present - - - name: Make sure cri-o binary is reachable and the configuration is correct - ansible.builtin.shell: | - yum install -y jq - # Make sure crio binary is reachable - ln -s /usr/bin/crio /usr/local/bin/crio - tmp=$(mktemp) - crioconf=$(ls /etc/cni/net.d/87-crio-bridge* | xargs realpath) - jq '.plugins[0].ipam.ranges[0][0].subnet = "{{ kubeinit_k8s_pod_network }}/{{ kubeinit_k8s_pod_subnet_len }}"' "$crioconf" > "$tmp" && mv -f "$tmp" "$crioconf" - # jq '.type = "flannel"' /etc/cni/net.d/87-crio-bridge.conf > "$tmp" && mv -f "$tmp" /etc/cni/net.d/87-crio-bridge.conf - # rm -rf /etc/cni/net.d/87-crio-bridge.conf - # echo '{"name": "crio","type": "flannel"}' > /etc/cni/net.d/10-crio.conf - cp /etc/crio/crio.conf /etc/crio/crio.conf.backup - sed -i s/^.*default_runtime\ =\ .*$/default_runtime\ =\ \"crun\"/g /etc/crio/crio.conf - - # There is no example config for crun anymore - #sed -i "s/^\#\[crio\.runtime\.runtimes\.crun.*\]/[crio.runtime.runtimes.crun]/g" /etc/crio/crio.conf - cat << EOF >> /etc/crio/crio.conf - [crio.runtime.runtimes.crun] - runtime_path = "/usr/bin/crun" - runtime_type = "oci" - runtime_root = "/run/crun" - EOF - args: - executable: /bin/bash - register: _result - changed_when: "_result.rc == 0" - - - name: Enable/start/status cri-o - ansible.builtin.shell: | - systemctl enable crio - systemctl start crio - systemctl status crio - args: - executable: /bin/bash - register: _result - changed_when: "_result.rc == 0" - when: kubeinit_k8s_container_runtime == "cri-o" - -- name: Install and configure containerd - block: - - name: Deploy containerd - ansible.builtin.shell: | - set -o pipefail - modprobe overlay - modprobe br_netfilter - cat <= 2 | bool }}" -kubeinit_kid_hide_sensitive_logs: true - -kubeinit_kid_pod_cidr: 10.42.0.0/16 -kubeinit_kid_service_cidr: 10.43.0.0/16 - -kubeinit_kid_registry_release_tag: v1.2.2 diff --git a/kubeinit/roles/kubeinit_kid/files/.gitkeep b/kubeinit/roles/kubeinit_kid/files/.gitkeep deleted file mode 100644 index e69de29bb..000000000 diff --git a/kubeinit/roles/kubeinit_kid/handlers/main.yml b/kubeinit/roles/kubeinit_kid/handlers/main.yml deleted file mode 100644 index 9490b54cc..000000000 --- a/kubeinit/roles/kubeinit_kid/handlers/main.yml +++ /dev/null @@ -1,15 +0,0 @@ ---- -# Copyright kubeinit contributors -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. diff --git a/kubeinit/roles/kubeinit_kid/meta/main.yml b/kubeinit/roles/kubeinit_kid/meta/main.yml deleted file mode 100644 index 5e485291b..000000000 --- a/kubeinit/roles/kubeinit_kid/meta/main.yml +++ /dev/null @@ -1,44 +0,0 @@ ---- -# Copyright kubeinit contributors -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -galaxy_info: - author: KubeInit - role_name: kubeinit_kid - namespace: kubeinit - description: KubeInit Role -- kubeinit_kid - company: Red Hat - license: Apache-2.0 - min_ansible_version: 2.9 - # - # Provide a list of supported platforms, and for each platform a list of versions. - # If you don't wish to enumerate all versions for a particular platform, use 'all'. - # To view available platforms and versions (or releases), visit: - # https://galaxy.ansible.com/api/v1/platforms/ - # - platforms: - - name: CentOS - versions: - - 7 - - 8 - - galaxy_tags: - - kubeinit - - -# List your role dependencies here, one per line. Be sure to remove the '[]' above, -# if you add dependencies to this list. -dependencies: [] diff --git a/kubeinit/roles/kubeinit_kid/molecule/default/converge.yml b/kubeinit/roles/kubeinit_kid/molecule/default/converge.yml deleted file mode 100644 index 5b94e33f4..000000000 --- a/kubeinit/roles/kubeinit_kid/molecule/default/converge.yml +++ /dev/null @@ -1,25 +0,0 @@ ---- -# Copyright kubeinit contributors -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Converge - hosts: all - # roles: - # - role: "kubeinit_kid" - tasks: - - name: Message for "kubeinit_kid" - ansible.builtin.debug: - msg: Finishing molecule for "kubeinit_kid" diff --git a/kubeinit/roles/kubeinit_kid/molecule/default/molecule.yml b/kubeinit/roles/kubeinit_kid/molecule/default/molecule.yml deleted file mode 100644 index b5d8023ed..000000000 --- a/kubeinit/roles/kubeinit_kid/molecule/default/molecule.yml +++ /dev/null @@ -1,13 +0,0 @@ ---- -dependency: - name: galaxy -driver: - name: docker -platforms: - - name: instance - image: quay.io/centos/centos:stream8 - pre_build_image: true -provisioner: - name: ansible -verifier: - name: ansible diff --git a/kubeinit/roles/kubeinit_kid/molecule/default/verify.yml b/kubeinit/roles/kubeinit_kid/molecule/default/verify.yml deleted file mode 100644 index 86afba4ff..000000000 --- a/kubeinit/roles/kubeinit_kid/molecule/default/verify.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -# This is an example playbook to execute Ansible tests. - -- name: Verify - hosts: all - tasks: - - name: Example assertion - ansible.builtin.assert: - that: true diff --git a/kubeinit/roles/kubeinit_kid/tasks/main.yml b/kubeinit/roles/kubeinit_kid/tasks/main.yml deleted file mode 100644 index 9d4658611..000000000 --- a/kubeinit/roles/kubeinit_kid/tasks/main.yml +++ /dev/null @@ -1,65 +0,0 @@ ---- -# Copyright kubeinit contributors -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Deploy the cluster nodes - ansible.builtin.include_role: - name: kubeinit.kubeinit.kubeinit_libvirt - tasks_from: deploy_debian_guest.yml - public: yes - loop: "{{ groups['all_cluster_nodes'] }}" - loop_control: - loop_var: cluster_node - vars: - kubeinit_deployment_node_name: "{{ cluster_node }}" - kubeinit_deployment_delegate: "{{ hostvars[cluster_node].target }}" - when: kubeinit_cluster_nodes_deployed is not defined or not kubeinit_cluster_nodes_deployed - -- name: Install controller requirements - ansible.builtin.package: - name: "{{ kubeinit_kid_controller_dependencies }}" - state: present - loop: "{{ groups['all_controller_nodes'] }}" - loop_control: - loop_var: controller_node - vars: - delegate_to: "{{ controller_node }}" - when: kubeinit_kid_controller_dependencies is defined - -- name: Install compute nodes requirements - ansible.builtin.package: - name: "{{ kubeinit_kid_compute_dependencies }}" - state: present - loop: "{{ groups['all_compute_nodes'] | default([]) }}" - loop_control: - loop_var: compute_node - delegate_to: "{{ compute_node }}" - when: kubeinit_kid_compute_dependencies is defined - -- name: Create kube directory - ansible.builtin.file: - path: ~/.kube - state: directory - mode: '0644' - delegate_to: "{{ kubeinit_provision_service_node }}" - -- name: Touch a file - ansible.builtin.shell: | - touch ~/.kube/config - args: - executable: /bin/bash - register: _result - changed_when: "_result.rc == 0" - delegate_to: "{{ kubeinit_provision_service_node }}" diff --git a/kubeinit/roles/kubeinit_kid/tasks/post_configure_guest.yml b/kubeinit/roles/kubeinit_kid/tasks/post_configure_guest.yml deleted file mode 100644 index 952db1abb..000000000 --- a/kubeinit/roles/kubeinit_kid/tasks/post_configure_guest.yml +++ /dev/null @@ -1,27 +0,0 @@ ---- -# Copyright kubeinit contributors -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Prepare podman - ansible.builtin.include_role: - name: kubeinit.kubeinit.kubeinit_prepare - tasks_from: prepare_podman.yml - public: true - -- name: Install common requirements - ansible.builtin.package: - name: "{{ kubeinit_kid_common_dependencies }}" - state: present - when: kubeinit_kid_common_dependencies is defined diff --git a/kubeinit/roles/kubeinit_kid/tasks/post_deployment_tasks.yml b/kubeinit/roles/kubeinit_kid/tasks/post_deployment_tasks.yml deleted file mode 100644 index 2c3a6f23a..000000000 --- a/kubeinit/roles/kubeinit_kid/tasks/post_deployment_tasks.yml +++ /dev/null @@ -1,42 +0,0 @@ ---- -# Copyright kubeinit contributors -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -# -# Deploy the apps -# -# - block: -# - name: Deploy the apps -# ansible.builtin.include_role: -# name: kubeinit.kubeinit.kubeinit_apps -# public: yes -# when: "'apps' in kubeinit_cluster_hostvars.services" -# vars: -# kubeinit_deployment_node_name: "{{ kubeinit_provision_service_node }}" -# delegate_to: "{{ kubeinit_deployment_node_name }}" - -# -# Configure NFS -# -- name: Configure NFS - block: - - name: Configure NFS - ansible.builtin.include_role: - name: kubeinit.kubeinit.kubeinit_nfs - public: true - when: "'nfs' in kubeinit_cluster_hostvars.services" - vars: - kubeinit_deployment_node_name: "{{ kubeinit_provision_service_node }}" - delegate_to: "{{ kubeinit_deployment_node_name }}" diff --git a/kubeinit/roles/kubeinit_kid/tasks/prepare_cluster.yml b/kubeinit/roles/kubeinit_kid/tasks/prepare_cluster.yml deleted file mode 100644 index 5897bacf9..000000000 --- a/kubeinit/roles/kubeinit_kid/tasks/prepare_cluster.yml +++ /dev/null @@ -1,40 +0,0 @@ ---- -# Copyright kubeinit contributors -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Setup the cluster provision container - ansible.builtin.include_role: - name: kubeinit.kubeinit.kubeinit_services - tasks_from: create_provision_container.yml - vars: - kubeinit_deployment_node_name: "{{ kubeinit_provision_service_node }}" - kubeinit_deployment_pod_name: "{{ hostvars[kubeinit_provision_service_node].guest_name }}-pod" - kubeinit_deployment_delegate: "{{ hostvars[kubeinit_provision_service_node].target }}" - kubeinit_deployment_os: "{{ hostvars[kubeinit_provision_service_node].os }}" - -- name: Configure the service node - block: - - - name: "Render net info" - ansible.builtin.shell: | - set -o pipefail - echo "{{ kubeinit_kid_pod_cidr }}" > ~/pod_cidr - echo "{{ kubeinit_kid_service_cidr }}" > ~/service_cidr - args: - executable: /bin/bash - register: _result - changed_when: "_result.rc == 0" - - delegate_to: "{{ kubeinit_provision_service_node }}" diff --git a/kubeinit/roles/kubeinit_kid/vars/main.yml b/kubeinit/roles/kubeinit_kid/vars/main.yml deleted file mode 100644 index f5d7a7b12..000000000 --- a/kubeinit/roles/kubeinit_kid/vars/main.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- -# Copyright kubeinit contributors -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# While options found within the vars/ path can be overridden using extra -# vars, items within this path are considered part of the role and not -# intended to be modified. - -# All variables within this role should have a prefix of "kubeinit_kid_" diff --git a/kubeinit/roles/kubeinit_kubevirt/README.md b/kubeinit/roles/kubeinit_kubevirt/README.md deleted file mode 100644 index a6f73a33d..000000000 --- a/kubeinit/roles/kubeinit_kubevirt/README.md +++ /dev/null @@ -1,3 +0,0 @@ -Please, refer to the kubeinit_kubevirt role -[official docs](https://kubeinit.github.io/kubeinit/roles/role-kubeinit_kubevirt.html) -for further information. diff --git a/kubeinit/roles/kubeinit_kubevirt/defaults/main.yml b/kubeinit/roles/kubeinit_kubevirt/defaults/main.yml deleted file mode 100644 index 8e87ae059..000000000 --- a/kubeinit/roles/kubeinit_kubevirt/defaults/main.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- -# Copyright kubeinit contributors -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# All variables intended for modification should be placed in this file. - -# All variables within this role should have a prefix of "kubeinit_kubevirt_" -kubeinit_kubevirt_debug: "{{ (ansible_verbosity | int) >= 2 | bool }}" -kubeinit_kubevirt_hide_sensitive_logs: true diff --git a/kubeinit/roles/kubeinit_kubevirt/files/.gitkeep b/kubeinit/roles/kubeinit_kubevirt/files/.gitkeep deleted file mode 100644 index e69de29bb..000000000 diff --git a/kubeinit/roles/kubeinit_kubevirt/handlers/main.yml b/kubeinit/roles/kubeinit_kubevirt/handlers/main.yml deleted file mode 100644 index 9490b54cc..000000000 --- a/kubeinit/roles/kubeinit_kubevirt/handlers/main.yml +++ /dev/null @@ -1,15 +0,0 @@ ---- -# Copyright kubeinit contributors -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. diff --git a/kubeinit/roles/kubeinit_kubevirt/meta/main.yml b/kubeinit/roles/kubeinit_kubevirt/meta/main.yml deleted file mode 100644 index efa00ef7c..000000000 --- a/kubeinit/roles/kubeinit_kubevirt/meta/main.yml +++ /dev/null @@ -1,44 +0,0 @@ ---- -# Copyright kubeinit contributors -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -galaxy_info: - author: KubeInit - role_name: kubeinit_kubevirt - namespace: kubeinit - description: KubeInit Role -- kubeinit_kubevirt - company: Red Hat - license: Apache-2.0 - min_ansible_version: 2.9 - # - # Provide a list of supported platforms, and for each platform a list of versions. - # If you don't wish to enumerate all versions for a particular platform, use 'all'. - # To view available platforms and versions (or releases), visit: - # https://galaxy.ansible.com/api/v1/platforms/ - # - platforms: - - name: CentOS - versions: - - 7 - - 8 - - galaxy_tags: - - kubeinit - - -# List your role dependencies here, one per line. Be sure to remove the '[]' above, -# if you add dependencies to this list. -dependencies: [] diff --git a/kubeinit/roles/kubeinit_kubevirt/molecule/default/converge.yml b/kubeinit/roles/kubeinit_kubevirt/molecule/default/converge.yml deleted file mode 100644 index dd4d20420..000000000 --- a/kubeinit/roles/kubeinit_kubevirt/molecule/default/converge.yml +++ /dev/null @@ -1,29 +0,0 @@ ---- -# Copyright kubeinit contributors -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Converge - hosts: all - # roles: - # - role: "kubeinit_kubevirt" - tasks: - - name: Message - vars: - msg: | - Finishing the execution of - the test - ansible.builtin.debug: - msg: "{{ msg.split('\n') }}" diff --git a/kubeinit/roles/kubeinit_kubevirt/molecule/default/molecule.yml b/kubeinit/roles/kubeinit_kubevirt/molecule/default/molecule.yml deleted file mode 100644 index b5d8023ed..000000000 --- a/kubeinit/roles/kubeinit_kubevirt/molecule/default/molecule.yml +++ /dev/null @@ -1,13 +0,0 @@ ---- -dependency: - name: galaxy -driver: - name: docker -platforms: - - name: instance - image: quay.io/centos/centos:stream8 - pre_build_image: true -provisioner: - name: ansible -verifier: - name: ansible diff --git a/kubeinit/roles/kubeinit_kubevirt/molecule/default/verify.yml b/kubeinit/roles/kubeinit_kubevirt/molecule/default/verify.yml deleted file mode 100644 index 86afba4ff..000000000 --- a/kubeinit/roles/kubeinit_kubevirt/molecule/default/verify.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -# This is an example playbook to execute Ansible tests. - -- name: Verify - hosts: all - tasks: - - name: Example assertion - ansible.builtin.assert: - that: true diff --git a/kubeinit/roles/kubeinit_kubevirt/tasks/main.yml b/kubeinit/roles/kubeinit_kubevirt/tasks/main.yml deleted file mode 100644 index 9ffea2549..000000000 --- a/kubeinit/roles/kubeinit_kubevirt/tasks/main.yml +++ /dev/null @@ -1,72 +0,0 @@ ---- -# Copyright kubeinit contributors -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: "Install KubeVirt" - ansible.builtin.shell: | - set -o pipefail - export KUBECONFIG=~/install_dir/auth/kubeconfig; - export KUBEVIRT_VERSION="v0.32.0" - # Latest - # export KUBEVIRT_VERSION=$(curl -s https://api.github.com/repos/kubevirt/kubevirt/releases | grep tag_name | grep -v -- - | sort -V | tail -1 | awk -F':' '{print $2}' | sed 's/,//' | xargs) - echo $KUBEVIRT_VERSION - kubectl create -f https://github.com/kubevirt/kubevirt/releases/download/${KUBEVIRT_VERSION}/kubevirt-operator.yaml - kubectl create -f https://github.com/kubevirt/kubevirt/releases/download/${KUBEVIRT_VERSION}/kubevirt-cr.yaml - curl -L -o virtctl https://github.com/kubevirt/kubevirt/releases/download/${KUBEVIRT_VERSION}/virtctl-${KUBEVIRT_VERSION}-linux-x86_64 - chmod +x virtctl - args: - executable: /bin/bash - register: _result - changed_when: "_result.rc == 0" - delegate_to: "{{ kubeinit_provision_service_node }}" - -# - name: "wait until crds are loaded" -# ansible.builtin.shell: | -# set -o pipefail -# export KUBECONFIG=~/install_dir/auth/kubeconfig; \ -# kubectl get crds | grep virtualmachines.kubevirt.io -# args: -# executable: /bin/bash -# register: _result -# changed_when: "_result.rc == 0" -# retries: 60 -# delay: 60 -# until: _result.stdout_lines | list | length == 1 -# delegate_to: "{{ kubeinit_provision_service_node }}" - -# - name: "Deploy example VM" -# ansible.builtin.shell: | -# set -o pipefail -# export KUBECONFIG=~/install_dir/auth/kubeconfig; -# kubectl apply -f https://raw.githubusercontent.com/kubevirt/kubevirt.github.io/master/labs/manifests/vm.yaml -# ./virtctl start testvm -# args: -# executable: /bin/bash -# register: _result -# changed_when: "_result.rc == 0" -# delegate_to: "{{ kubeinit_provision_service_node }}" - -# - name: Print some final data -# vars: -# msg: | -# Connect to the service node and execute -# the following steps to test a sample VM: -# kubectl apply -f https://raw.githubusercontent.com/kubevirt/kubevirt.github.io/master/labs/manifests/vm.yaml -# ./virtctl start testvm -# kubectl get vms -# kubectl get vmis -# oc get events -n default -# ansible.builtin.debug: -# msg: "{{ msg.split('\n') }}" diff --git a/kubeinit/roles/kubeinit_kubevirt/vars/main.yml b/kubeinit/roles/kubeinit_kubevirt/vars/main.yml deleted file mode 100644 index 52f43561c..000000000 --- a/kubeinit/roles/kubeinit_kubevirt/vars/main.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- -# Copyright kubeinit contributors -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# While options found within the vars/ path can be overridden using extra -# vars, items within this path are considered part of the role and not -# intended to be modified. - -# All variables within this role should have a prefix of "kubeinit_kubevirt_" diff --git a/kubeinit/roles/kubeinit_libvirt/defaults/main.yml b/kubeinit/roles/kubeinit_libvirt/defaults/main.yml index 78a0452b5..33d0a6329 100644 --- a/kubeinit/roles/kubeinit_libvirt/defaults/main.yml +++ b/kubeinit/roles/kubeinit_libvirt/defaults/main.yml @@ -37,46 +37,24 @@ kubeinit_libvirt_cloud_user_password: asdfasdf kubeinit_libvirt_source_keystore_dir: "/home/{{ kubeinit_libvirt_cloud_user }}/.ssh" kubeinit_libvirt_source_pubkey_file: "id_{{ kubeinit_ssh_keytype }}.pub" -kubeinit_libvirt_centos_release: "20230327.0" +kubeinit_libvirt_centos_release: "20240703.1" +#kubeinit_libvirt_debian_release: "12" +#kubeinit_libvirt_debian_codename: "bookworm" kubeinit_libvirt_debian_release: "11" kubeinit_libvirt_debian_codename: "bullseye" +kubeinit_libvirt_ubuntu_release: "jammy" kubeinit_libvirt_cloud_images: - cdk: + ubuntu: uri: "https://cloud-images.ubuntu.com/jammy/current/" image: "jammy-server-cloudimg-amd64.img" - rke: - uri: "https://cloud-images.ubuntu.com/jammy/current/" - image: "jammy-server-cloudimg-amd64.img" - kid: - uri: "https://cloud.debian.org/images/cloud/bullseye/daily/latest/" + debian: + uri: "https://cloud.debian.org/images/cloud/{{ kubeinit_libvirt_debian_codename }}/daily/latest/" image: "debian-{{ kubeinit_libvirt_debian_release }}-genericcloud-amd64-daily.qcow2" - eks: - uri: "https://cloud.centos.org/centos/9-stream/x86_64/images/" - image: "CentOS-Stream-GenericCloud-9-{{ kubeinit_libvirt_centos_release }}.x86_64.qcow2" - k8s: - uri: "https://cloud.centos.org/centos/9-stream/x86_64/images/" - image: "CentOS-Stream-GenericCloud-9-{{ kubeinit_libvirt_centos_release }}.x86_64.qcow2" - okd: - uri: "https://cloud.centos.org/centos/9-stream/x86_64/images/" - image: "CentOS-Stream-GenericCloud-9-{{ kubeinit_libvirt_centos_release }}.x86_64.qcow2" - ocp: + centos: uri: "https://cloud.centos.org/centos/9-stream/x86_64/images/" image: "CentOS-Stream-GenericCloud-9-{{ kubeinit_libvirt_centos_release }}.x86_64.qcow2" -kubeinit_libvirt_virtio_version: "virtio-win-0.1.229" -kubeinit_libvirt_virtio_image_format: 'iso' -kubeinit_libvirt_virtio_folder_name: "{{ kubeinit_libvirt_virtio_version }}-1" -kubeinit_libvirt_virtio_image_name: "{{ kubeinit_libvirt_virtio_version }}.{{ kubeinit_libvirt_virtio_image_format }}" - -kubeinit_libvirt_extra_cloud_images: - - description: 'Windows Server 2022 preview (EVAL)' - uri: "https://software-static.download.prss.microsoft.com/sg/download/888969d5-f34g-4e03-ac9d-1f9786c66749/" - image: "SERVER_EVAL_x64FRE_en-us.iso" - - description: 'VirtIO drivers for Windows guests' - uri: "https://fedorapeople.org/groups/virt/virtio-win/direct-downloads/archive-virtio/{{ kubeinit_libvirt_virtio_folder_name }}/" - image: "{{ kubeinit_libvirt_virtio_image_name }}" - kubeinit_libvirt_destroy_all_guests: False kubeinit_libvirt_hypervisor_tmp_dir: /tmp @@ -126,7 +104,7 @@ kubeinit_libvirt_hypervisor_dependencies: debian: - sudo - numad - - qemu + #- qemu - qemu-kvm - qemu-system - libvirt-clients diff --git a/kubeinit/roles/kubeinit_libvirt/tasks/cleanup_hypervisors.yml b/kubeinit/roles/kubeinit_libvirt/tasks/cleanup_hypervisors.yml index 166d675a3..5703c3e17 100644 --- a/kubeinit/roles/kubeinit_libvirt/tasks/cleanup_hypervisors.yml +++ b/kubeinit/roles/kubeinit_libvirt/tasks/cleanup_hypervisors.yml @@ -55,21 +55,27 @@ # register: _result # changed_when: "_result.rc == 0" -- name: Reset local ssh keys +- name: Remove all host ssh_connection_address entries from known_hosts ansible.builtin.known_hosts: - name: "{{ item[1] }}" + name: "{{ hostvars[item].ssh_connection_address }}" state: absent - loop: "{{ kubeinit_cluster_hostvars.node_aliases }}" + loop: "{{ groups['all_hosts'] }}" -- name: Reset ssh keys in hypervisors - ansible.builtin.known_hosts: - name: "{{ node_alias }}" - state: absent - loop: "{{ groups['all_hosts'] | product(kubeinit_cluster_hostvars.node_aliases | flatten | unique) }}" - vars: - kubeinit_deployment_node_name: "{{ item[0] }}" - node_alias: "{{ item[1] }}" - delegate_to: "{{ kubeinit_deployment_node_name }}" +# - name: Reset ssh keys on localhost +# ansible.builtin.known_hosts: +# name: "{{ item[1] }}" +# state: absent +# loop: "{{ kubeinit_cluster_hostvars.node_aliases }}" + +# - name: Reset ssh keys in hypervisors +# ansible.builtin.known_hosts: +# name: "{{ node_alias }}" +# state: absent +# loop: "{{ groups['all_hosts'] | product(kubeinit_cluster_hostvars.node_aliases | flatten | unique) }}" +# vars: +# kubeinit_deployment_node_name: "{{ item[0] }}" +# node_alias: "{{ item[1] }}" +# delegate_to: "{{ kubeinit_deployment_node_name }}" - name: Remove any existing ssh tunnels on bastion host ansible.builtin.shell: | diff --git a/kubeinit/roles/kubeinit_libvirt/tasks/deploy_centos_guest.yml b/kubeinit/roles/kubeinit_libvirt/tasks/deploy_centos_guest.yml index 38788a138..52ab3ba72 100644 --- a/kubeinit/roles/kubeinit_libvirt/tasks/deploy_centos_guest.yml +++ b/kubeinit/roles/kubeinit_libvirt/tasks/deploy_centos_guest.yml @@ -42,15 +42,14 @@ - name: Grow the partitions ansible.builtin.shell: | - qemu-img convert -f qcow2 '{{ kubeinit_libvirt_target_image_dir }}/{{ kubeinit_libvirt_cloud_images[kubeinit_cluster_distro].image }}' -O qcow2 '{{ kubeinit_libvirt_target_image_dir }}/{{ hostvars[kubeinit_deployment_node_name].guest_name }}.qcow2' + qemu-img convert -f qcow2 '{{ kubeinit_libvirt_target_image_dir }}/{{ kubeinit_libvirt_cloud_images['centos'].image }}' -O qcow2 '{{ kubeinit_libvirt_target_image_dir }}/{{ hostvars[kubeinit_deployment_node_name].guest_name }}.qcow2' qemu-img resize {{ kubeinit_libvirt_target_image_dir }}/{{ hostvars[kubeinit_deployment_node_name].guest_name }}.qcow2 +{{ hostvars[kubeinit_deployment_node_name].disk }} args: executable: /bin/bash register: _result changed_when: "_result.rc == 0" - # This will inject the VM configuration in the case of a CentOS machine - - name: "Inject virt-customize assets in {{ kubeinit_deployment_node_name }}" + - name: "Inject virt-customize assets" ansible.builtin.shell: | virt-customize -a {{ kubeinit_libvirt_target_image_dir }}/{{ hostvars[kubeinit_deployment_node_name].guest_name }}.qcow2 \ --install python3 \ @@ -94,7 +93,7 @@ register: _result changed_when: "_result.rc == 0" - - name: "Wait until it is running {{ kubeinit_deployment_node_name }}" + - name: "Wait until guest is running {{ kubeinit_deployment_node_name }}" community.libvirt.virt: command: list_vms state: running @@ -180,16 +179,174 @@ register: _result changed_when: "_result.rc == 0" - - name: Perform any distro-specific post-deployment guest configuration - ansible.builtin.include_role: - name: "kubeinit.kubeinit.{{ kubeinit_cluster_distro_role }}" - tasks_from: post_configure_guest.yml - public: true + - name: Install official package dependencies + ansible.builtin.package: + name: + - container-selinux + state: present + use: dnf + + - name: Install and configure cri-o + block: + # + # cri-o repos + # + + - name: Remove repo before adding it + ansible.builtin.file: + path: /etc/yum.repos.d/cri-o.repo + state: absent + + - name: Creating a repository file for Kubernetes + ansible.builtin.file: + path: /etc/yum.repos.d/cri-o.repo + state: touch + mode: '0644' + + - name: Adding repository details in Kubernetes repo file. + ansible.builtin.blockinfile: + path: /etc/yum.repos.d/cri-o.repo + block: | + [cri-o] + name=CRI-O + baseurl=https://pkgs.k8s.io/addons:/cri-o:/stable:/v{{ kubeinit_k8s_kubernetes_version }}/rpm/ + enabled=1 + gpgcheck=1 + gpgkey=https://pkgs.k8s.io/addons:/cri-o:/stable:/v{{ kubeinit_k8s_kubernetes_version }}/rpm/repodata/repomd.xml.key + + # + # cri-o config + # + + - name: Install the matching version of cri-o + ansible.builtin.package: + name: "{{ 'cri-o-' + kubeinit_k8s_kubernetes_version + '.*' }}" + state: present + use: dnf + + - name: Install the latest version of crun + ansible.builtin.package: + name: crun + state: present + use: dnf + + - name: Make sure cri-o binary is reachable and the configuration is correct + ansible.builtin.shell: | + yum install -y jq + # Make sure crio binary is reachable + ln -s /usr/bin/crio /usr/local/bin/crio + tmp=$(mktemp) + crioconf=$(ls /etc/cni/net.d/87-crio-bridge* | xargs realpath) + jq '.plugins[0].ipam.ranges[0][0].subnet = "{{ kubeinit_k8s_pod_network_cidr }}"' "$crioconf" > "$tmp" && mv -f "$tmp" "$crioconf" + cp /etc/crio/crio.conf /etc/crio/crio.conf.backup + sed -i s/^.*default_runtime\ =\ .*$/default_runtime\ =\ \"crun\"/g /etc/crio/crio.conf + + # There is no example config for crun anymore + #sed -i "s/^\#\[crio\.runtime\.runtimes\.crun.*\]/[crio.runtime.runtimes.crun]/g" /etc/crio/crio.conf + cat << EOF >> /etc/crio/crio.conf + [crio.runtime.runtimes.crun] + runtime_path = "/usr/bin/crun" + runtime_type = "oci" + runtime_root = "/run/crun" + EOF + args: + executable: /bin/bash + register: _result + changed_when: "_result.rc == 0" + + - name: Enable/start/status cri-o + ansible.builtin.shell: | + systemctl enable crio + systemctl start crio + systemctl status crio + args: + executable: /bin/bash + register: _result + changed_when: "_result.rc == 0" + when: kubeinit_k8s_container_runtime == "cri-o" + + - name: Install and configure containerd + block: + - name: Deploy containerd + ansible.builtin.shell: | + set -o pipefail + modprobe overlay + modprobe br_netfilter + cat < /etc/sudoers.d/{{ kubeinit_libvirt_cloud_user }}' \ - --run-command 'mkdir -p {{ kubeinit_libvirt_source_keystore_dir }}' \ - --ssh-inject {{ kubeinit_libvirt_cloud_user }}:file:{{ kubeinit_libvirt_source_keystore_dir }}/{{ kubeinit_libvirt_source_pubkey_file }} \ + --run-command 'useradd -s /bin/bash -u 1000 -p "$(openssl passwd -1 {{ kubeinit_libvirt_cloud_user_password }})" {{ kubeinit_libvirt_cloud_user }}' \ + --run-command 'echo "{{ kubeinit_libvirt_cloud_user }} ALL=(root) NOPASSWD:ALL" > /etc/sudoers.d/{{ kubeinit_libvirt_cloud_user }}' \ + --run-command 'mkdir -p {{ kubeinit_libvirt_source_keystore_dir }}' \ + --ssh-inject {{ kubeinit_libvirt_cloud_user }}:file:{{ kubeinit_libvirt_source_keystore_dir }}/{{ kubeinit_libvirt_source_pubkey_file }} \ {% endif %} --copy-in {{ kubeinit_libvirt_hypervisor_tmp_dir }}/{{ hostvars[kubeinit_deployment_node_name].guest_name }}/00-installer-ubuntu-netconfig.yaml:/etc/netplan \ --copy-in {{ kubeinit_libvirt_hypervisor_tmp_dir }}/{{ hostvars[kubeinit_deployment_node_name].guest_name }}/hosts.debian.tmpl:/etc/cloud/templates \ @@ -83,10 +84,10 @@ ansible.builtin.shell: | virt-install \ --connect qemu:///system \ - --name={{ hostvars[kubeinit_deployment_node_name].guest_name }} \ + --name {{ hostvars[kubeinit_deployment_node_name].guest_name }} \ --memory memory={{ hostvars[kubeinit_deployment_node_name].ram|int // 1024 }} \ - --vcpus={{ hostvars[kubeinit_deployment_node_name].vcpus }},maxvcpus={{ hostvars[kubeinit_deployment_node_name].maxvcpus }} \ - --os-variant=ubuntu18.04 \ + --vcpus {{ hostvars[kubeinit_deployment_node_name].vcpus }},maxvcpus={{ hostvars[kubeinit_deployment_node_name].maxvcpus }} \ + --os-variant ubuntu18.04 \ --autostart \ --network network={{ kubeinit_cluster_hostvars.network_name }},mac={{ hostvars[kubeinit_deployment_node_name].mac }},virtualport.parameters.interfaceid={{ hostvars[kubeinit_deployment_node_name].interfaceid }},target.dev=veth0-{{ hostvars[kubeinit_deployment_node_name].ansible_host | ansible.utils.ip4_hex }},model=virtio \ --graphics none \ @@ -98,7 +99,7 @@ register: _result changed_when: "_result.rc == 0" - - name: "Wait until is running: {{ kubeinit_deployment_node_name }}" + - name: "Wait until guest is running {{ kubeinit_deployment_node_name }}" community.libvirt.virt: command: list_vms state: running @@ -118,9 +119,11 @@ - name: Add kubernetes repo for latest kubectl (Ubuntu) ansible.builtin.shell: | set -eo pipefail - apt-get install -y apt-transport-https ca-certificates curl - curl -fsSLo /usr/share/keyrings/kubernetes-archive-keyring.gpg https://packages.cloud.google.com/apt/doc/apt-key.gpg - echo "deb [trusted=yes signed-by=/usr/share/keyrings/kubernetes-archive-keyring.gpg] https://apt.kubernetes.io/ kubernetes-xenial main" | tee /etc/apt/sources.list.d/kubernetes.list + apt-get install -y apt-transport-https ca-certificates curl gnupg + curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.30/deb/Release.key | gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg + chmod 644 /etc/apt/keyrings/kubernetes-apt-keyring.gpg # allow unprivileged APT programs to read this keyring + echo 'deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.30/deb/ /' | tee /etc/apt/sources.list.d/kubernetes.list + chmod 644 /etc/apt/sources.list.d/kubernetes.list # helps tools such as command-not-found to work correctly apt-get update --allow-insecure-repositories args: executable: /bin/bash @@ -131,6 +134,7 @@ ansible.builtin.package: name: resolvconf state: present + use: apt - name: Make sure base file exists ansible.builtin.copy: @@ -219,16 +223,11 @@ register: _result changed_when: "_result.rc == 0" - - name: Perform any distro-specific post-deployment guest configuration - ansible.builtin.include_role: - name: "kubeinit.kubeinit.{{ kubeinit_cluster_distro_role }}" - tasks_from: post_configure_guest.yml - public: true - - name: Update packages ansible.builtin.package: name: "*" state: latest + use: apt register: _result_update_packages - name: Reboot immediately after the package update diff --git a/kubeinit/roles/kubeinit_libvirt/tasks/deploy_windows_guest.yml b/kubeinit/roles/kubeinit_libvirt/tasks/deploy_windows_guest.yml deleted file mode 100644 index f26896943..000000000 --- a/kubeinit/roles/kubeinit_libvirt/tasks/deploy_windows_guest.yml +++ /dev/null @@ -1,272 +0,0 @@ ---- -# Copyright kubeinit contributors -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Deploy a Windows server guest - block: - - name: Print Windows EULA so users accept it - ansible.builtin.debug: - msg: | - ********************************************************************************************************************* - * Please read: https://docs.microsoft.com/en-us/legal/windows-server/system-insights-eula * - ********************************************************************************************************************* - * MICROSOFT.WINDOWSSERVER.SYSTEMINSIGHTS * - * These license terms are an agreement between you and Microsoft Corporation (or one of its affiliates). * - * They apply to the software named above and any Microsoft services or software updates (except to the * - * extent such services or updates are accompanied by new or additional terms, in which case those * - * different terms apply prospectively and do not alter your or Microsoft's rights relating to pre-updated * - * software or services). * - * IF YOU COMPLY WITH THESE LICENSE TERMS, YOU HAVE THE RIGHTS BELOW. BY USING THE SOFTWARE, YOU ACCEPT THESE TERMS. * - ********************************************************************************************************************* - * If you do not comply with these license terms, please stop this deployment right now. * - ********************************************************************************************************************* - - - name: Wait 1 minute for displaying the EULA text - ansible.builtin.pause: - minutes: 1 - - - name: Remove old disk images - ansible.builtin.file: - path: "{{ kubeinit_libvirt_target_image_dir }}/{{ hostvars[kubeinit_deployment_node_name].guest_name }}.qcow2" - state: absent - - - name: Create the config data folder - ansible.builtin.file: - path: "{{ kubeinit_libvirt_hypervisor_tmp_dir }}/{{ hostvars[kubeinit_deployment_node_name].guest_name }}/config/" - state: directory - mode: 0775 - recurse: yes - - - name: Create the config data folder template - ansible.builtin.template: - src: "autounattend.xml.j2" - dest: "{{ kubeinit_libvirt_hypervisor_tmp_dir }}/{{ hostvars[kubeinit_deployment_node_name].guest_name }}/config/autounattend.xml" - mode: "0644" - - - name: Render the authorized keys file - ansible.builtin.template: - src: "authorized_keys.j2" - dest: "{{ kubeinit_libvirt_hypervisor_tmp_dir }}/{{ hostvars[kubeinit_deployment_node_name].guest_name }}/config/authorized_keys" - mode: "0644" - - - name: Render the setup scripts - ansible.builtin.template: - src: "{{ item }}.j2" - dest: "{{ kubeinit_libvirt_hypervisor_tmp_dir }}/{{ hostvars[kubeinit_deployment_node_name].guest_name }}/config/{{ item }}" - mode: "0644" - loop: - - SetNet.ps1 - - Install-Openssh.ps1 - - PrepareRequirements.ps1 - - Install-Containerd.ps1 - - PrepareNode.ps1 - - PrepareFlannel.ps1 - - - name: Create the .iso disk with the install assets - ansible.builtin.shell: | - # We create an iso file with the config unnatended data - mkisofs -o {{ kubeinit_libvirt_target_image_dir }}/{{ hostvars[kubeinit_deployment_node_name].guest_name }}_config.iso -r -J {{ kubeinit_libvirt_hypervisor_tmp_dir }}/{{ hostvars[kubeinit_deployment_node_name].guest_name }}/config/ - args: - executable: /bin/bash - register: _result - changed_when: "_result.rc == 0" - - - name: Create a qcow empty disk to install the OS - ansible.builtin.shell: | - # We create the server disk image - qemu-img create -f qcow2 {{ kubeinit_libvirt_target_image_dir }}/{{ hostvars[kubeinit_deployment_node_name].guest_name }}.qcow2 {{ hostvars[kubeinit_deployment_node_name].disk }} - args: - executable: /bin/bash - register: _result - changed_when: "_result.rc == 0" - - - name: Install Windows - ansible.builtin.shell: | - virt-install \ - --name={{ hostvars[kubeinit_deployment_node_name].guest_name }} \ - --memory memory={{ hostvars[kubeinit_deployment_node_name].ram|int // 1024 }} \ - --vcpus={{ hostvars[kubeinit_deployment_node_name].vcpus }},maxvcpus={{ hostvars[kubeinit_deployment_node_name].maxvcpus }} \ - --network network={{ kubeinit_cluster_hostvars.network_name }},mac={{ hostvars[kubeinit_deployment_node_name].mac }},virtualport.parameters.interfaceid={{ hostvars[kubeinit_deployment_node_name].interfaceid }},target.dev=veth0-{{ hostvars[kubeinit_deployment_node_name].ansible_host | ansible.utils.ip4_hex }},model=virtio \ - --disk path={{ kubeinit_libvirt_target_image_dir }}/{{ hostvars[kubeinit_deployment_node_name].guest_name }}.qcow2,format=qcow2,bus=virtio \ - --cdrom {{ kubeinit_libvirt_target_image_dir }}/SERVER_EVAL_x64FRE_en-us.iso \ - --disk path={{ kubeinit_libvirt_target_image_dir }}/{{ kubeinit_libvirt_virtio_image_name }},device=cdrom \ - --disk path={{ kubeinit_libvirt_target_image_dir }}/{{ hostvars[kubeinit_deployment_node_name].guest_name }}_config.iso,device=cdrom \ - --os-variant win2k8 \ - --vnc \ - --autostart \ - --console pty \ - --connect qemu:///system \ - --import \ - --noautoconsole - args: - executable: /bin/bash - register: _result - changed_when: "_result.rc == 0" - - - name: "Wait until is running {{ hostvars[kubeinit_deployment_node_name].guest_name }}" - community.libvirt.virt: - command: list_vms - state: running - register: _result - retries: 30 - delay: 10 - until: hostvars[kubeinit_deployment_node_name].guest_name in _result.list_vms - - - name: "Wait until setup finish and the guest is shut down for {{ hostvars[kubeinit_deployment_node_name].guest_name }}" - community.libvirt.virt: - command: list_vms - state: shutdown - register: _result - retries: 100 - delay: 10 - until: hostvars[kubeinit_deployment_node_name].guest_name in _result.list_vms - - - name: "Re-start {{ hostvars[kubeinit_deployment_node_name].guest_name }}" - community.libvirt.virt: - name: "{{ hostvars[kubeinit_deployment_node_name].guest_name }}" - state: running - - - name: "Wait until is running {{ hostvars[kubeinit_deployment_node_name].guest_name }}" - community.libvirt.virt: - command: list_vms - state: running - register: _result - retries: 30 - delay: 10 - until: hostvars[kubeinit_deployment_node_name].guest_name in _result.list_vms - - - name: Show some information for connecting with VNC - ansible.builtin.debug: - msg: | - Make sure the VNC session is up and running with: - virsh vncdisplay {{ hostvars[kubeinit_deployment_node_name].guest_name }} - Create a tunnel from your machine to the hypervisor hosting the Windows guest - ssh root@tyto -L 5900:127.0.0.1:5900 - from your machine connect to the VNC server at 127.0.0.1 - - - name: "Make sure we can execute SSH remote commands in {{ hostvars[kubeinit_deployment_node_name].guest_name }}" - ansible.builtin.shell: | - set -o pipefail - ssh {{ hostvars[kubeinit_deployment_node_name].ansible_ssh_common_args }} \ - {{ _param_guest_user | default('root') }}@{{ hostvars[kubeinit_deployment_node_name].ansible_host }} 'echo connected' || true - args: - executable: /bin/bash - register: _result - retries: 60 - delay: 10 - until: "'connected' in _result.stdout" - changed_when: "_result.rc == 0" - - delegate_to: "{{ kubeinit_deployment_delegate }}" - -- name: Configure common requirements in Windows guests - block: - - name: Make sure there is enough RAM for Windows computes - ansible.builtin.assert: - that: - - compute_node_ram_size | int >= 16777216 - fail_msg: "'compute_node_ram_size' must be greater than 16777216, that is, 16GB RAM" - success_msg: "'compute_node_ram_size' is more than 16GB RAM, OK" - - - name: Ping - ansible.windows.win_ping: - - - name: Create the k folder - ansible.windows.win_file: - path: C:\k - state: directory - - - name: Copy all the ISO resources to a writable folder - ansible.windows.win_copy: - src: F:\ - dest: C:\k - remote_src: yes - - - name: Install KB5012637 - ansible.windows.win_powershell: - script: | - $patchFile = "windows10.0-kb5012637-x64_6a7459b60e226b0ad0d30b34a4be069bee4d2867.msu" - $url = "https://catalog.s.download.windowsupdate.com/c/msdownload/update/software/updt/2022/04/$patchFile" - $dest = "C:\Windows\Temp\$patchFile" - Invoke-WebRequest -Uri $url -OutFile $dest - # Install the patch, bypassing any prompts - cmd.exe /c wusa.exe $dest /quiet /norestart - register: _result - changed_when: "_result.host_err == ''" - - - name: Enable the required container features and required modules - ansible.windows.win_powershell: - script: | - Install-WindowsFeature Containers - Install-WindowsFeature Hyper-V - Install-WindowsFeature Hyper-V-PowerShell - register: _result - changed_when: "_result.host_err == ''" - - - name: Reboot the server after installing the new features - # This might take a lot of time depending on updates, - # and finishing to enable the container features. - ansible.windows.win_reboot: - reboot_timeout: 3600 - - - name: Configure Overlay HNSNetwork for the overlay network - # This task MUST be executed after the initial guest reboot - ansible.windows.win_powershell: - script: | - # We do this when there is no network created, this will create a network glitch - # as there must be created a new virtual switch where each pod will be connected to - # Note: RDP connection will hiccup when running this command (New-HNSNetwork). - New-Item C:\k -Force -ItemType Directory | Out-Null - curl.exe --silent --fail -Lo C:\k\hns.psm1 https://github.com/Microsoft/SDN/raw/master/Kubernetes/windows/hns.psm1 - Import-Module "c:\k\hns.psm1" - # There is no need to remove the nhs nets as this is a new environment - # get-hnsnetwork | remove-hnsnetwork - New-HNSNetwork -Type "Overlay" ` - -AddressPrefix "10.244.0.0/16" ` - -Gateway "10.244.0.1" ` - -Name "vxlan0" ` - -AdapterName "$((Get-NetAdapter -Physical).Name)" ` - -SubnetPolicies @(@{Type = "VSID"; VSID = 4096; }) ` - -Verbose - # This task will make Ansible to hang, there is a connection hiccup - # and then we are not able to continue, so we trigger this as async - # and then we ping again the machine to see we can communicate over SSH - async: 60 - poll: 0 - - - name: Ping - ansible.windows.win_ping: - # TODO:FIXME: The following variables should be - # added as group vars for those compute nodes which the - # os is equals to 'windows' - # TODO:FIXME: The usage of ansible_shell_type might - # be different depending on the win_* task, the - # supported values are [cmd | powershell] - vars: - ansible_shell_type: 'cmd' - ansible_remote_tmp: 'C:\Windows\Temp' - delegate_to: "{{ kubeinit_deployment_node_name }}" - -# TODO:FIXME: Do we need a Windows gather facts? -# - name: Gather guest network facts -# block: -# - name: Gather network and host facts for guest -# ansible.builtin.include_role: -# name: kubeinit.kubeinit.kubeinit_prepare -# tasks_from: gather_host_facts.yml -# public: yes -# vars: -# _param_gather_host: "{{ kubeinit_deployment_node_name }}" -# tags: omit_from_grapher diff --git a/kubeinit/roles/kubeinit_libvirt/tasks/download_cloud_images.yml b/kubeinit/roles/kubeinit_libvirt/tasks/download_cloud_images.yml index 5513e4446..be0d16f35 100644 --- a/kubeinit/roles/kubeinit_libvirt/tasks/download_cloud_images.yml +++ b/kubeinit/roles/kubeinit_libvirt/tasks/download_cloud_images.yml @@ -61,11 +61,12 @@ - name: Create tuples for hosts and cloud images ansible.builtin.set_fact: - all_hosts_cloud_images: "{{ (all_hosts_cloud_images | default([])) + ([hypervisor] | product([kubeinit_libvirt_cloud_images[kubeinit_cluster_distro]])) }}" + all_hosts_cloud_images: "{{ (all_hosts_cloud_images | default([])) + ([hypervisor] | product([kubeinit_libvirt_cloud_images[_cluster_node_os]])) }}" loop: "{{ all_hosts_guest_vms }}" vars: hypervisor: "{{ item[0] }}" - when: kubeinit_libvirt_cloud_images[kubeinit_cluster_distro] is defined + _cluster_node_os: "{{ hostvars['kubeinit-defaults'].cluster_node_default_distro[kubeinit_cluster_distro].os }}" + when: kubeinit_libvirt_cloud_images[_cluster_node_os] is defined - name: Remove duplicates ansible.builtin.set_fact: @@ -75,7 +76,7 @@ ansible.builtin.get_url: validate_certs: False use_proxy: True - url: "{{ cloud_image.uri }}{{ cloud_image.image }}" + url: "{{ cloud_image.uri + cloud_image.image }}" dest: "{{ kubeinit_libvirt_target_image_dir }}/{{ cloud_image.image }}" force: no mode: '0666' @@ -86,50 +87,6 @@ cloud_image: "{{ item[1] }}" delegate_to: "{{ kubeinit_deployment_node_name }}" -# -# TODO:FIXME: Make sure the kernel update do not break the Guest from booting -# - -- name: Update packages in cloud images - ansible.builtin.command: | - virt-customize -a {{ kubeinit_libvirt_target_image_dir }}/{{ cloud_image.image }} {% if (kubeinit_cluster_distro == 'cdk' or kubeinit_cluster_distro == 'rke') %}--run-command 'env DEBIAN_FRONTEND=noninteractive apt-get -y --allow-remove-essential purge shim-signed'{% endif %} --update - loop: "{{ all_hosts_cloud_images }}" - vars: - kubeinit_deployment_node_name: "{{ item[0] }}" - cloud_image: "{{ item[1] }}" - register: _result - changed_when: "_result.rc == 0" - delegate_to: "{{ kubeinit_deployment_node_name }}" - # This is dangerous,do not run packages upgrades with virt-customize - when: false - -# -# Download extra cloud images for Windows compute nodes or any miscelaneous image requirement -# - -- name: Create tuples for hosts and extra cloud images - ansible.builtin.set_fact: - all_hosts_extra_cloud_images: "{{ (all_hosts_extra_cloud_images | default([])) + ([hypervisor] | product(kubeinit_libvirt_extra_cloud_images)) }}" - loop: "{{ all_hosts_guest_vms }}" - vars: - hypervisor: "{{ item[0] }}" - -- name: Download extra cloud images - ansible.builtin.get_url: - validate_certs: False - use_proxy: True - url: "{{ cloud_image.uri }}{{ cloud_image.image }}" - dest: "{{ kubeinit_libvirt_target_image_dir }}/{{ cloud_image.image }}" - force: no - mode: '0666' - owner: "{{ hostvars[kubeinit_deployment_node_name].libvirt_qemu_user }}" - loop: "{{ all_hosts_extra_cloud_images }}" - vars: - kubeinit_deployment_node_name: "{{ item[0] }}" - cloud_image: "{{ item[1] }}" - delegate_to: "{{ kubeinit_deployment_node_name }}" - - - name: Add hosts and stop if required block: - name: Add task-download-images to tasks_completed diff --git a/kubeinit/roles/kubeinit_libvirt/tasks/gather_host_facts.yml b/kubeinit/roles/kubeinit_libvirt/tasks/gather_host_facts.yml index 4c9e40b00..d2863d280 100644 --- a/kubeinit/roles/kubeinit_libvirt/tasks/gather_host_facts.yml +++ b/kubeinit/roles/kubeinit_libvirt/tasks/gather_host_facts.yml @@ -81,6 +81,7 @@ ansible.builtin.package_facts: manager: "{{ hostvars[_param_gather_host].package_manager }}" register: _result_packages + no_log: "{{ not ((lookup('env', 'KUBEINIT_SHOW_PACKAGE_FACTS') | bool) or false) }}" - name: Set podman_is_installed ansible.builtin.set_fact: @@ -89,6 +90,7 @@ - name: Gather the services facts ansible.builtin.service_facts: register: _result_services + no_log: "{{ not ((lookup('env', 'KUBEINIT_SHOW_SERVICE_FACTS') | bool) or false) }}" - name: Set _service_state to unknown ansible.builtin.set_fact: @@ -172,7 +174,8 @@ - name: Clear results ansible.builtin.set_fact: - ansible_facts: {} + ansible_facts: + pkg_mgr: "{{ _result_facts.ansible_facts.ansible_pkg_mgr }}" packages: {} services: {} _result_facts: {} diff --git a/kubeinit/roles/kubeinit_libvirt/tasks/main.yml b/kubeinit/roles/kubeinit_libvirt/tasks/main.yml index 4c86ad6d6..3057a0941 100644 --- a/kubeinit/roles/kubeinit_libvirt/tasks/main.yml +++ b/kubeinit/roles/kubeinit_libvirt/tasks/main.yml @@ -40,19 +40,25 @@ when: (hostvars[kubeinit_deployment_node_name].ansible_distribution == 'CentOS' and hostvars[kubeinit_deployment_node_name].ansible_distribution_major_version == "7") - name: Fix libvirt qemu bug - ansible.builtin.shell: | - set -eo pipefail - mkdir -p /etc/qemu/firmware - touch /etc/qemu/firmware/50-edk2-ovmf-cc.json - args: - executable: /bin/bash - register: _result - changed_when: "_result.rc == 0" + block: + + - name: Create folder if missing + ansible.builtin.file: + path: /etc/qemu/firmware + state: directory + mode: '0755' + + - name: Touch firmware file + ansible.builtin.file: + path: /etc/qemu/firmware/50-edk2-ovmf-cc.json + state: touch + mode: '0644' - name: Install CentOS based requirements ansible.builtin.package: name: "{{ kubeinit_libvirt_hypervisor_dependencies.centos }}" state: present + use: "{{ hostvars[inventory_hostname]['ansible_facts']['pkg_mgr'] }}" when: hostvars[kubeinit_deployment_node_name].distribution_family == 'CentOS' or hostvars[kubeinit_deployment_node_name].distribution_family == 'Fedora' register: _result_installed_packages_centos @@ -60,18 +66,18 @@ # BEGIN:TODO:FIXME: Remove this testing repo after OVN is in the stable branch. # This should be applicable only to Debian and not to Ubuntu # -- name: Enable the testing repo in Debian - ansible.builtin.lineinfile: - state: present - path: "/etc/apt/sources.list" - line: "deb http://http.us.debian.org/debian/ testing non-free contrib main" - when: hostvars[kubeinit_deployment_node_name].os == 'debian' - -- name: Update packages list - ansible.builtin.command: apt-get update - when: hostvars[kubeinit_deployment_node_name].os == 'debian' - changed_when: false - +#- name: Enable the testing repo in Debian +# ansible.builtin.lineinfile: +# state: present +# path: "/etc/apt/sources.list" +# line: "deb http://http.us.debian.org/debian/ testing non-free contrib main" +# when: hostvars[kubeinit_deployment_node_name].os == 'debian' +# +#- name: Update packages list +# ansible.builtin.command: apt-get update +# when: hostvars[kubeinit_deployment_node_name].os == 'debian' +# changed_when: false +# # # END:TODO:FIXME # @@ -80,6 +86,7 @@ ansible.builtin.package: name: "{{ kubeinit_libvirt_hypervisor_dependencies.debian }}" state: present + use: "{{ hostvars[inventory_hostname]['ansible_facts']['pkg_mgr'] }}" when: hostvars[kubeinit_deployment_node_name].distribution_family == 'Debian' register: _result_installed_packages_debian diff --git a/kubeinit/roles/kubeinit_libvirt/templates/Install-Containerd.ps1.j2 b/kubeinit/roles/kubeinit_libvirt/templates/Install-Containerd.ps1.j2 deleted file mode 100644 index b2863034a..000000000 --- a/kubeinit/roles/kubeinit_libvirt/templates/Install-Containerd.ps1.j2 +++ /dev/null @@ -1,260 +0,0 @@ -<# -.SYNOPSIS -Installs ContainerD on a Windows machines in preperation for joining the node to a Kubernetes cluster. - -.DESCRIPTION -This script -- Verifies that Windows Features requried for running contianers are enabled (and enables then if they are not) -- Downloads ContainerD binaries from from at the version specified. -- Downloads Windows SND CNI plugins. -- Sets up a basic nat networking config for ContainerD to use until another CNI is configured -- Registers ContainerD as a windows service. - -.PARAMETER ContainerDVersion -ContainerD version to download and use. - -.PARAMETER netAdapterName -Name of network adapter to use when configuring basic nat network. - -# From: https://github.com/kubernetes-sigs/sig-windows-tools/blob/master/kubeadm/scripts/Install-Containerd.ps1 - -.EXAMPLE -PS> .\Install-Conatinerd.ps1 - -#> - -Param( - [parameter(HelpMessage = "ContainerD version to use")] - [string] $ContainerDVersion = "1.4.1", - [parameter(HelpMessage = "Name of network adapter to use when configuring basic nat network")] - [string] $netAdapterName = "Ethernet" -) - -$ErrorActionPreference = 'Stop' - -function DownloadFile($destination, $source) { - Write-Host("Downloading $source to $destination") - curl.exe --silent --fail -Lo $destination $source - - if (!$?) { - Write-Error "Download $source failed" - exit 1 - } -} - -<# -.DESCRIPTION -Computes a subnet for a gateway from the IPv4 IPAddress and PrefixLength properties -for a given network adapter. This value is used for IPAM in a nat CNI config required for -containerd. - -.NOTES -This logic is adapted from -https://github.com/containerd/containerd/blob/4a6b47d470d9f2dfc3d49f2819b968861dfa123e/script/setup/install-cni-windows - -.EXAMPLE -PS> CalculateSubNet -gateway 172.16.5.8 -prefixLength 24 -172.16.5.0/8 -#> -function CalculateSubNet { - param ( - [string]$gateway, - [int]$prefixLength - ) - $len = $prefixLength - $parts = $gateway.Split('.') - $result = @() - for ($i = 0; $i -le 3; $i++) { - if ($len -ge 8) { - $mask = 255 - - } - elseif ($len -gt 0) { - $mask = ((256 - 2 * (8 - $len))) - } - else { - $mask = 0 - } - $len -= 8 - $result += ([int]$parts[$i] -band $mask) - } - - $subnetIp = [string]::Join('.', $result) - $cidr = 32 - $prefixLength - return "${subnetIp}/$cidr" -} - -$requiredWindowsFeatures = @( - "Containers", - "Hyper-V", - "Hyper-V-PowerShell") - -function ValidateWindowsFeatures { - $allFeaturesInstalled = $true - foreach ($feature in $requiredWindowsFeatures) { - $f = Get-WindowsFeature -Name $feature - if (-not $f.Installed) { - Write-Warning "Windows feature: '$feature' is not installed." - $allFeaturesInstalled = $false - } - } - return $allFeaturesInstalled -} - -if (-not (ValidateWindowsFeatures)) { - Write-Output "Installing required windows features..." - - foreach ($feature in $requiredWindowsFeatures) { - Install-WindowsFeature -Name $feature - } - - Write-Output "Please reboot and re-run this script." - exit 0 -} - -Write-Output "Getting ContainerD binaries" -$global:ConainterDPath = "$env:ProgramFiles\containerd" -mkdir -Force $global:ConainterDPath | Out-Null -DownloadFile "$global:ConainterDPath\containerd.tar.gz" https://github.com/containerd/containerd/releases/download/v${ContainerDVersion}/containerd-${ContainerDVersion}-windows-amd64.tar.gz -tar.exe -xvf "$global:ConainterDPath\containerd.tar.gz" --strip=1 -C $global:ConainterDPath -$env:Path += ";$global:ConainterDPath" -[Environment]::SetEnvironmentVariable("Path", $env:Path, [System.EnvironmentVariableTarget]::Machine) -containerd.exe config default | Out-File "$global:ConainterDPath\config.toml" -Encoding ascii - -# Config file fixups - -$config = Get-Content "$global:ConainterDPath\config.toml" -$config = $config -replace "bin_dir = (.)*$", "bin_dir = `"c:/opt/cni/bin`"" -$config = $config -replace "conf_dir = (.)*$", "conf_dir = `"c:/etc/cni/net.d`"" -$config | Set-Content "$global:ConainterDPath\config.toml" -Force - -mkdir -Force c:\opt\cni\bin | Out-Null -mkdir -Force c:\etc\cni\net.d | Out-Null - -Write-Output "Getting SDN CNI binaries from Microsoft" -DownloadFile "c:\opt\cni\cni-plugins.zip" https://github.com/microsoft/windows-container-networking/releases/download/v0.3.0/windows-container-networking-cni-amd64-v0.3.0.zip -Expand-Archive -Path "c:\opt\cni\cni-plugins.zip" -DestinationPath "c:\opt\cni\bin" -Force - -Write-Output "Getting SDN CNI binaries from CNI" -# TODO:FIXME: We should use the ones from CNI but they do not work with containerd in 1.1.1 -# there should be released a new version supporting containerD -curl.exe -OL https://github.com/containernetworking/plugins/releases/download/v1.1.1/cni-plugins-windows-amd64-v1.1.1.tgz -tar.exe xvf .\cni-plugins-windows-amd64-v1.1.1.tgz -C C:\opt\cni\bin - -<# -# We are not using NAT anymore -Write-Output "Creating network config for nat network" -$gateway = (Get-NetIPAddress -InterfaceAlias $netAdapterName -AddressFamily IPv4).IPAddress -$prefixLength = (Get-NetIPAddress -InterfaceAlias $netAdapterName -AddressFamily IPv4).PrefixLength -$subnet = CalculateSubNet -gateway $gateway -prefixLength $prefixLength - -@" -{ - "cniVersion": "0.2.0", - "name": "nat", - "type": "nat", - "master": "Ethernet", - "ipam": { - "subnet": "$subnet", - "routes": [ - { - "GW": "$gateway" - } - ] - }, - "capabilities": { - "portMappings": true, - "dns": true - } -} -"@ | Set-Content "c:\etc\cni\net.d\0-containerd-nat.json" -Force -#> - -# -# TODO:FIXME:CHECK -# -# What's the difference between sdnoverlay from -# https://github.com/microsoft/windows-container-networking/releases/download/v0.3.0/windows-container-networking-cni-amd64-v0.3.0.zip -# and win-overlay from -# https://github.com/containernetworking/plugins/releases/download/v1.1.1/cni-plugins-windows-amd64-v1.1.1.tgz ? -# we use the ones from -# "type":"win-overlay",,. - -@" -{ - "cniVersion": "0.3.0", - "name": "vxlan0", - "type": "sdnoverlay", - "ipam": { - "type": "host-local", - "subnet": "10.244.0.0/16" - }, - "apiVersion": 2, - "capabilities": { - "portMappings": true, - "dns": true - }, - "policies": [ - { - "name": "EndpointPolicy", - "value": { - "Type": "OutBoundNAT", - "Settings": { - "Exceptions": [ - "10.244.0.0/16" - ] - } - } - }, - { - "name": "EndpointPolicy", - "value": { - "Type": "SDNRoute", - "Settings": { - "DestinationPrefix": "10.244.0.0/16", - "NeedEncap": true - } - } - }, - { - "name": "EndpointPolicy", - "value": { - "Type": "ProviderAddress", - "Settings": { - "ProviderAddress": "10.0.0.1" - } - } - } - ] -} -"@ | Set-Content "c:\etc\cni\net.d\net.json" -Force - -Add-MpPreference -ExclusionProcess "$global:ConainterDPath\containerd.exe" - -Write-Output "Registering ContainerD as a service" -containerd.exe --register-service - -Write-Output "Starting ContainerD service" -Start-Service containerd - -Write-Output "Done - please remember to add '--cri-socket `"npipe:////./pipe/containerd-containerd`"' to your kubeadm join command" - -# Install CriCtl and test it - -$CriCtlVersion = '1.24.2' -curl.exe -LO "https://github.com/kubernetes-sigs/cri-tools/releases/download/v${CriCtlVersion}/crictl-v${CriCtlVersion}-windows-amd64.tar.gz" -tar.exe xvzf ".\crictl-v${CriCtlVersion}-windows-amd64.tar.gz" -mv crictl.exe "C:\Program Files\containerd" -del ".\crictl-v${CriCtlVersion}-windows-amd64.tar.gz" - -mkdir -Force "$home\.crictl" -@" -runtime-endpoint: npipe://./pipe/containerd-containerd -image-endpoint: npipe://./pipe/containerd-containerd -timeout: 10 -"@ | Set-Content "$home\.crictl\crictl.yaml" -Force - -crictl -r "npipe:////./pipe/containerd-containerd" info -crictl info - -Write-Host "Finishing Script" diff --git a/kubeinit/roles/kubeinit_libvirt/templates/Install-Openssh.ps1.j2 b/kubeinit/roles/kubeinit_libvirt/templates/Install-Openssh.ps1.j2 deleted file mode 100644 index 40092d4fe..000000000 --- a/kubeinit/roles/kubeinit_libvirt/templates/Install-Openssh.ps1.j2 +++ /dev/null @@ -1,55 +0,0 @@ -# From: https://github.com/openshift/windows-machine-config-operator/blob/master/docs/vsphere_ci/scripts/install-openssh.ps1 - -# Powershell script to configure OpenSSH Server in Windows Server 1809 and later. -# -# USAGE -# ./install-openssh.ps1 -# ./install-openssh.ps1 -# ./install-openssh.ps1 -keyfile= -# -# OPTIONS -# $1 Path to public key file (Default: authorized_keys) - -# define param for key file path -param ($keyfile='authorized_keys') -# validate given keyfile -if (-not(Test-Path -Path $keyfile -PathType Leaf)) { - # log error and stop - Write-Error -ErrorAction Stop -Message "Cannot find file: $keyfile" -} - -# install OpenSSH server (See: https://docs.microsoft.com/en-us/windows-server/administration/openssh/openssh_install_firstuse) -Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0 -# set service startup type -Set-Service -Name ssh-agent -StartupType 'Automatic' -Set-Service -Name sshd -StartupType 'Automatic' -# start service -Start-Service ssh-agent -Start-Service sshd -# configure key based-authentication -$sshdConfigFilePath = "$env:ProgramData\ssh\sshd_config" -$pubKeyConf = (Get-Content -path $sshdConfigFilePath) -replace '#PubkeyAuthentication yes','PubkeyAuthentication yes' -$pubKeyConf | Set-Content -Path $sshdConfigFilePath -$passwordConf = (Get-Content -path $sshdConfigFilePath) -replace '#PasswordAuthentication yes','PasswordAuthentication yes' -$passwordConf | Set-Content -Path $sshdConfigFilePath -# create key file in configuration -$authorizedKeyConf = "$env:ProgramData\ssh\administrators_authorized_keys" -New-Item -Force $authorizedKeyConf -# setup the provided authorized public key -Get-Content $keyfile | Out-File $authorizedKeyConf -Encoding ascii -# configure file acl -$acl = Get-Acl $authorizedKeyConf -# disable inheritance -$acl.SetAccessRuleProtection($true, $false) -# set full control for Administrators -$administratorsRule = New-Object system.security.accesscontrol.filesystemaccessrule("Administrators","FullControl","Allow") -$acl.SetAccessRule($administratorsRule) -# set full control for SYSTEM -$systemRule = New-Object system.security.accesscontrol.filesystemaccessrule("SYSTEM","FullControl","Allow") -$acl.SetAccessRule($systemRule) -# apply file acl -$acl | Set-Acl -# restart service -Restart-Service sshd -# success -exit 0 diff --git a/kubeinit/roles/kubeinit_libvirt/templates/PrepareFlannel.ps1.j2 b/kubeinit/roles/kubeinit_libvirt/templates/PrepareFlannel.ps1.j2 deleted file mode 100644 index 6dac813d2..000000000 --- a/kubeinit/roles/kubeinit_libvirt/templates/PrepareFlannel.ps1.j2 +++ /dev/null @@ -1,168 +0,0 @@ -Param( - [parameter(Mandatory = $true)] $ManagementIP, - [parameter(Mandatory = $true)] $Hostname, - [ValidateSet("l2bridge", "overlay",IgnoreCase = $true)] $NetworkMode="l2bridge", - [parameter(Mandatory = $false)] $ClusterCIDR="10.244.0.0/16", - [parameter(Mandatory = $false)] $KubeDnsServiceIP="10.96.0.10", - [parameter(Mandatory = $false)] $LogDir="C:\k", - [parameter(Mandatory = $false)] $KubeletSvc="kubelet", - [parameter(Mandatory = $false)] $KubeProxySvc="kube-proxy", - [parameter(Mandatory = $false)] $FlanneldSvc="flanneld" -) - -# $ManagementIP: is the nodes host IP not the cluster's controller IP - -# nssm is already installed -$global:NssmInstallDirectory = "$env:ProgramFiles\nssm" -$env:path += ";$global:NssmInstallDirectory" -$newPath = "$global:NssmInstallDirectory;" + -[Environment]::GetEnvironmentVariable("PATH", [EnvironmentVariableTarget]::Machine) - -[Environment]::SetEnvironmentVariable("PATH", $newPath, [EnvironmentVariableTarget]::Machine) - -# From: https://raw.githubusercontent.com/microsoft/SDN/master/Kubernetes/flannel/register-svc.ps1 - -$GithubSDNRepository = 'Microsoft/SDN' -if ((Test-Path env:GITHUB_SDN_REPOSITORY) -and ($env:GITHUB_SDN_REPOSITORY -ne '')) -{ - $GithubSDNRepository = $env:GITHUB_SDN_REPOSITORY -} - -$helper = "c:\k\helper.psm1" -if (!(Test-Path $helper)) -{ - curl.exe -L "https://raw.githubusercontent.com/$GithubSDNRepository/master/Kubernetes/windows/helper.psm1" -o c:\k\helper.psm1 -} -ipmo $helper - -# $Hostname="{{ kubeinit_deployment_node_name }}.{{ kubeinit_cluster_fqdn }}" -$NetworkMode = $NetworkMode.ToLower() -cd c:\k - -# This is done at the PrepareRequirements.ps1 step -<# -@" -{ - "Network": "10.244.0.0/16", - "Backend": { - "name": "vxlan0", - "type": "vxlan" - } -} -"@ | Set-Content "C:\etc\kube-flannel\net-conf.json" -Force -#> - -Write-Host "Registering flanneld" -# register flanneld -$Env:NODE_NAME = "$Hostname" -nssm install $FlanneldSvc C:\opt\cni\bin\flanneld.exe -nssm set $FlanneldSvc AppParameters --kubeconfig-file=c:\k\config --iface=$ManagementIP --ip-masq=1 --kube-subnet-mgr=1 -nssm set $FlanneldSvc AppEnvironmentExtra NODE_NAME=$Hostname -nssm set $FlanneldSvc AppDirectory C:\etc\kube-flannel\ -nssm start $FlanneldSvc - -# Running something like: -# $Env:NODE_NAME = "compute-01.k8scluster.kubeinit.local" -# c:\opt\cni\bin\flanneld.exe --kubeconfig-file=c:\k\config --iface=10.0.0.2 --ip-masq=1 --kube-subnet-mgr=1 - - -Write-Host "Registering kube-proxy" -# register kube-proxy -nssm install $KubeProxySvc C:\k\kube-proxy.exe -nssm set $KubeProxySvc AppDirectory c:\k - -if ($NetworkMode -eq "l2bridge") -{ - nssm set $KubeProxySvc AppEnvironmentExtra KUBE_NETWORK=cbr0 - nssm set $KubeProxySvc AppParameters --v=4 --proxy-mode=kernelspace --hostname-override=$Hostname --kubeconfig=c:\k\config --cluster-cidr=$ClusterCIDR --log-dir=$LogDir --logtostderr=false -} -elseif ($NetworkMode -eq "overlay") -{ - if((Test-Path c:/k/sourceVip.json)) - { - $sourceVipJSON = Get-Content sourceVip.json | ConvertFrom-Json - $sourceVip = $sourceVipJSON.ip4.ip.Split("/")[0] - } - nssm set $KubeProxySvc AppParameters --v=4 --proxy-mode=kernelspace --feature-gates="WinOverlay=true" --hostname-override=$Hostname --kubeconfig=c:\k\config --network-name=vxlan0 --source-vip=$sourceVip --enable-dsr=false --cluster-cidr=$ClusterCIDR --log-dir=$LogDir --logtostderr=false -} -nssm set $KubeProxySvc DependOnService $KubeletSvc -nssm start $KubeProxySvc - -<# -$env:Path += ";C:\k;C:\Program Files\containerd;C:\Program Files\nssm" - -nssm stop containerd -Import-Module "c:\k\hns.psm1" -Get-NetAdapter -get-hnsnetwork | remove-hnsnetwork -Get-NetAdapter - -# This will drop the connection for a second -Import-Module "c:\k\hns.psm1" -# We do this when the guest is created -#New-HNSNetwork -Type 'Overlay' -AddressPrefix "10.244.0.0/16" -Gateway "10.244.0.1" -Name "vxlan0" -AdapterName "$((Get-NetAdapter -Physical).Name)" -SubnetPolicies @(@{Type = "VSID"; VSID = 4096; }) -Verbose - - -$env:Path += ";C:\k;C:\Program Files\containerd;C:\Program Files\nssm" -Remove-Item c:\etc\cni\net.d\0-containerd-nat.json - -#"search": [ -# "svc.k8scluster.kubeinit.local" -#] - - -@" -{ - "cniVersion": "0.3.0", - "name": "vxlan0", - "type": "sdnoverlay", - "ipam": { - "type": "host-local", - "subnet": "10.244.0.0/16" - }, - "apiVersion": 2, - "capabilities": { - "portMappings": true, - "dns": true - }, - "policies": [ - { - "name": "EndpointPolicy", - "value": { - "Type": "OutBoundNAT", - "Settings": { - "Exceptions": [ - "10.244.0.0/16" - ] - } - } - }, - { - "name": "EndpointPolicy", - "value": { - "Type": "SDNRoute", - "Settings": { - "DestinationPrefix": "10.244.0.0/16", - "NeedEncap": true - } - } - }, - { - "name": "EndpointPolicy", - "value": { - "Type": "ProviderAddress", - "Settings": { - "ProviderAddress": "10.0.0.1" - } - } - } - ] -} -"@ | Set-Content "c:\etc\cni\net.d\net.json" -Force - - -nssm restart containerd -nssm restart flanneld -#> - -Write-Host "Finishing Script" diff --git a/kubeinit/roles/kubeinit_libvirt/templates/PrepareNode.ps1.j2 b/kubeinit/roles/kubeinit_libvirt/templates/PrepareNode.ps1.j2 deleted file mode 100644 index bd7529646..000000000 --- a/kubeinit/roles/kubeinit_libvirt/templates/PrepareNode.ps1.j2 +++ /dev/null @@ -1,228 +0,0 @@ -<# -.SYNOPSIS -Assists with preparing a Windows VM prior to calling kubeadm join - -.DESCRIPTION -This script assists with joining a Windows node to a cluster. -- Downloads Kubernetes binaries (kubelet, kubeadm) at the version specified -- Registers wins as a service in order to run kube-proxy and cni as DaemonSets. -- Registers kubelet as an nssm service. More info on nssm: https://nssm.cc/ - -.PARAMETER KubernetesVersion -Kubernetes version to download and use - -.PARAMETER ContainerRuntime -Container that Kubernetes will use. (Docker or containerD) - -.EXAMPLE -PS> .\PrepareNode.ps1 -KubernetesVersion v1.19.3 -ContainerRuntime containerD - -#> - -Param( - [parameter(Mandatory = $true, HelpMessage="Kubernetes version to use")] - [string] $KubernetesVersion, - [parameter(HelpMessage="Container runtime that Kubernets will use")] - [ValidateSet("containerD", "Docker")] - [string] $ContainerRuntime = "Docker" -) -$ErrorActionPreference = 'Stop' - -function DownloadFile($destination, $source) { - Write-Host("Downloading $source to $destination") - curl.exe --silent --fail -Lo $destination $source - - if (!$?) { - Write-Error "Download $source failed" - exit 1 - } -} - -if ($ContainerRuntime -eq "Docker") { - if (-not(Test-Path "//./pipe/docker_engine")) { - Write-Error "Docker service was not detected - please install start Docker before calling PrepareNode.ps1 with -ContainerRuntime Docker" - exit 1 - } -} elseif ($ContainerRuntime -eq "containerD") { - if (-not(Test-Path "//./pipe/containerd-containerd")) { - Write-Error "ContainerD service was not detected - please install and start containerD before calling PrepareNode.ps1 with -ContainerRuntime containerD" - exit 1 - } -} - -if (!$KubernetesVersion.StartsWith("v")) { - $KubernetesVersion = "v" + $KubernetesVersion -} -Write-Host "Using Kubernetes version: $KubernetesVersion" -$global:Powershell = (Get-Command powershell).Source -$global:PowershellArgs = "-ExecutionPolicy Bypass -NoProfile" -$global:KubernetesPath = "$env:SystemDrive\k" -$global:StartKubeletScript = "$global:KubernetesPath\StartKubelet.ps1" -$global:NssmInstallDirectory = "$env:ProgramFiles\nssm" -$kubeletBinPath = "$global:KubernetesPath\kubelet.exe" - -mkdir -force "$global:KubernetesPath" -$env:Path += ";$global:KubernetesPath" -[Environment]::SetEnvironmentVariable("Path", $env:Path, [System.EnvironmentVariableTarget]::Machine) - -DownloadFile $kubeletBinPath https://dl.k8s.io/$KubernetesVersion/bin/windows/amd64/kubelet.exe -DownloadFile "$global:KubernetesPath\kubeadm.exe" https://dl.k8s.io/$KubernetesVersion/bin/windows/amd64/kubeadm.exe -DownloadFile "$global:KubernetesPath\wins.exe" https://github.com/rancher/wins/releases/download/v0.0.4/wins.exe - -if ($ContainerRuntime -eq "Docker") { - # Create host network to allow kubelet to schedule hostNetwork pods - # NOTE: For containerd the 0-containerd-nat.json network config template added by - # Install-containerd.ps1 joins pods to the host network. - Write-Host "Creating Docker host network" - docker network create -d nat host -} elseif ($ContainerRuntime -eq "containerD") { - DownloadFile "c:\k\hns.psm1" https://github.com/Microsoft/SDN/raw/master/Kubernetes/windows/hns.psm1 - Import-Module "c:\k\hns.psm1" - # TODO(marosset): check if network already exists before creatation - # New-HnsNetwork -Type NAT -Name nat - # We do this at deploy_windows_guest.yml - <# - Import-Module "c:\k\hns.psm1" - New-HNSNetwork -Type "Overlay" ` - -AddressPrefix "10.244.0.0/16" ` - -Gateway "10.244.0.1" ` - -Name "vxlan0" ` - -AdapterName "$((Get-NetAdapter -Physical).Name)" ` - -SubnetPolicies @(@{Type = "VSID"; VSID = 4096; }) ` - -Verbose - #> -} - -Write-Host "Registering wins service" -wins.exe srv app run --register -start-service rancher-wins - -mkdir -force C:\var\log\kubelet -mkdir -force C:\var\lib\kubelet\etc\kubernetes -mkdir -force C:\etc\kubernetes\pki -New-Item -path C:\var\lib\kubelet\etc\kubernetes\pki -type SymbolicLink -value C:\etc\kubernetes\pki\ - -# The following parameters are deprecated when starting the kubelet service -# --network-plugin=cni -# --image-pull-progress-deadline=20m -# The following files do not exist -# --bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf -# --config=/var/lib/kubelet/config.yaml - -# -# This pattern will build a startup script for the kubelet nssm service to start -# -$StartKubeletFileContent = ' -if (Test-Path -Path /var/lib/kubelet/kubeadm-flags.env ) { - $FileContent = Get-Content -Path "/var/lib/kubelet/kubeadm-flags.env" - $global:KubeletArgs = $FileContent.TrimStart(''KUBELET_KUBEADM_ARGS='').Trim(''"'') -}else{ - $global:KubeletArgs = "" -} - -$global:containerRuntime = {% raw %}{{CONTAINER_RUNTIME}}{% endraw %} - -if ($global:containerRuntime -eq "Docker") { - $netId = docker network ls -f name=host --format "{% raw %}{{ .ID }}{% endraw %}" - - if ($netId.Length -lt 1) { - docker network create -d nat host - } -} - -$cmd = "C:\k\kubelet.exe $global:KubeletArgs --container-runtime-endpoint=npipe:////./pipe/containerd-containerd --cert-dir=$env:SYSTEMDRIVE\var\lib\kubelet\pki --kubeconfig=/k/config --hostname-override={{ kubeinit_deployment_node_name }}.{{ kubeinit_cluster_fqdn }} --pod-infra-container-image=`"mcr.microsoft.com/oss/kubernetes/pause:3.6`" --enable-debugging-handlers --cgroups-per-qos=false --enforce-node-allocatable=`"`" --resolv-conf=`"`" --log-dir=/var/log/kubelet --logtostderr=true" - -Invoke-Expression $cmd' -# -# End script rendering -# - -$StartKubeletFileContent = $StartKubeletFileContent -replace "{% raw %}{{CONTAINER_RUNTIME}}{% endraw %}", "`"$ContainerRuntime`"" -Set-Content -Path $global:StartKubeletScript -Value $StartKubeletFileContent - -Write-Host "Installing nssm" -$arch = "win32" -if ([Environment]::Is64BitOperatingSystem) { - $arch = "win64" -} - -mkdir -Force $global:NssmInstallDirectory -DownloadFile nssm.zip https://k8stestinfrabinaries.blob.core.windows.net/nssm-mirror/nssm-2.24.zip -tar C $global:NssmInstallDirectory -xvf .\nssm.zip --strip-components 2 */$arch/*.exe -Remove-Item -Force .\nssm.zip - -$env:path += ";$global:NssmInstallDirectory" -$newPath = "$global:NssmInstallDirectory;" + -[Environment]::GetEnvironmentVariable("PATH", [EnvironmentVariableTarget]::Machine) - -[Environment]::SetEnvironmentVariable("PATH", $newPath, [EnvironmentVariableTarget]::Machine) - -Write-Host "Registering kubelet service" - -# This nssm service will run the script defined in c:\k\StartKubelet.ps1 -# In the case is not working run the script directly -nssm install kubelet $global:Powershell $global:PowershellArgs $global:StartKubeletScript - -if ($ContainerRuntime -eq "Docker") { - nssm set kubelet DependOnService docker -} elseif ($ContainerRuntime -eq "containerD") { - nssm set kubelet DependOnService containerd -} - -<# -# Testing containerD with crictl -# All the following commands should work -$env:Path += ";C:\k;C:\Program Files\containerd;C:\Program Files\nssm" -cd 'C:\Program Files\containerd\' -crictl pull k8s.gcr.io/pause:3.6 -crictl pull mcr.microsoft.com/windows/servercore:ltsc2022 - -# Creating a sandbox / Pod -@" -{ - "metadata": { - "name": "pause-sandbox", - "namespace": "default", - "attempt": 1, - "uid": "hdishd83djaihhhduwk28bcsb" - }, - "log_directory": "/tmp", - "linux": { - } -} -"@ | Set-Content "pod-config.json" -Force -$POD_ID=(crictl runp .\pod-config.json) -@" -{ - "metadata": { - "name": "mycont" - }, - "image":{ - "image": "mcr.microsoft.com/windows/servercore:ltsc2022" - }, - "command": ["cmd", "/c", "ping -t 127.0.0.1"] -} -"@ | Set-Content "container-config.json" -Force - -$CONTAINER_ID=(crictl create $POD_ID .\container-config.json .\pod-config.json) -crictl start $CONTAINER_ID -crictl exec $CONTAINER_ID ipconfig -hcsdiag list - -# Run the pod -crictl runp .\pod-config.json - -# Get the pods -crictl pods - -# Get Hns network information -Get-HnsNetwork - -# Inspect the pod ID: -crictl inspect --output table $CONTAINER_ID - -# This should return a table with all the pods created (their interfaces) -Get-NetAdapter -#> - -Write-Host "Finishing Script" diff --git a/kubeinit/roles/kubeinit_libvirt/templates/PrepareRequirements.ps1.j2 b/kubeinit/roles/kubeinit_libvirt/templates/PrepareRequirements.ps1.j2 deleted file mode 100644 index c2f9a45ac..000000000 --- a/kubeinit/roles/kubeinit_libvirt/templates/PrepareRequirements.ps1.j2 +++ /dev/null @@ -1,29 +0,0 @@ -$KubernetesVersion = "v1.24.2" -$global:KubernetesPath = "$env:SystemDrive\k" -New-Item $global:KubernetesPath -Force -ItemType Directory | Out-Null - -curl.exe -L https://github.com/Microsoft/SDN/raw/master/Kubernetes/windows/hns.psm1 -o $global:KubernetesPath\hns.psm1 -curl.exe -L https://github.com/rancher/wins/releases/download/v0.2.10/wins.exe -o $global:KubernetesPath\wins.exe -curl.exe -L https://dl.k8s.io/$KubernetesVersion/bin/windows/amd64/kubeadm.exe -o $global:KubernetesPath\kubeadm.exe -curl.exe -L https://dl.k8s.io/$KubernetesVersion/bin/windows/amd64/kubectl.exe -o $global:KubernetesPath\kubectl.exe -curl.exe -L https://dl.k8s.io/$KubernetesVersion/bin/windows/amd64/kubelet.exe -o $global:KubernetesPath\kubelet.exe -curl.exe -L https://dl.k8s.io/$KubernetesVersion/bin/windows/amd64/kube-proxy.exe -o $global:KubernetesPath\kube-proxy.exe - -New-Item C:\opt\cni\bin -Force -ItemType Directory | Out-Null -# TODO:FIXME:The flanneld binary shouldn't be stored in C:\opt\cni\bin\ -curl.exe -L https://github.com/coreos/flannel/releases/download/v0.18.1/flanneld.exe -o C:\opt\cni\bin\flanneld.exe - -# setup flannel config -New-Item C:\etc\kube-flannel\ -Force -ItemType Directory | Out-Null -@" -{ - "Network": "10.244.0.0/16", - "Backend": { - "Type": "vxlan", - "VNI": 4096, - "Port": 4789 - } -} -"@ | Set-Content C:\etc\kube-flannel\net-conf.json -Force | Out-Null - -Write-Host "Finishing Script" diff --git a/kubeinit/roles/kubeinit_libvirt/templates/SetNet.ps1.j2 b/kubeinit/roles/kubeinit_libvirt/templates/SetNet.ps1.j2 deleted file mode 100644 index 6dbc792cb..000000000 --- a/kubeinit/roles/kubeinit_libvirt/templates/SetNet.ps1.j2 +++ /dev/null @@ -1,30 +0,0 @@ -# Initial steps that will run from the autounattend.xml file the first time the guest boots up -Rename-NetAdapter -Name "Ethernet Instance 0" -NewName "Ethernet" - -# We disable the firewall completely -Set-NetFirewallProfile -All -Enabled False - -<# -# This step didnt work, the hns network is not created and there are no logs about the error -New-Item C:\k -Force -ItemType Directory | Out-Null -curl.exe --silent --fail -Lo C:\k\hns.psm1 https://github.com/Microsoft/SDN/raw/master/Kubernetes/windows/hns.psm1 -Import-Module "C:\k\hns.psm1" -New-HNSNetwork -Type "Overlay" ` - -AddressPrefix "10.244.0.0/16" ` - -Gateway "10.244.0.1" ` - -Name "vxlan0" ` - -AdapterName "$((Get-NetAdapter -Physical).Name)" ` - -SubnetPolicies @(@{Type = "VSID"; VSID = 4096; }) ` - -Verbose - -# We could open specific ports instead of disabling the firewall -New-NetFirewallRule -Name kubelet2379 -DisplayName "Kubelet2379" -LocalPort 2379 -Enabled True -Direction Inbound -Protocol TCP -Action Allow -EdgeTraversalPolicy Allow -New-NetFirewallRule -Name kubelet2380 -DisplayName "Kubelet2380" -LocalPort 2380 -Enabled True -Direction Inbound -Protocol TCP -Action Allow -EdgeTraversalPolicy Allow -New-NetFirewallRule -Name kubelet4789 -DisplayName "Kubelet4789" -LocalPort 4789 -Enabled True -Direction Inbound -Protocol TCP -Action Allow -EdgeTraversalPolicy Allow -New-NetFirewallRule -Name kubelet6443 -DisplayName "Kubelet6443" -LocalPort 6443 -Enabled True -Direction Inbound -Protocol TCP -Action Allow -EdgeTraversalPolicy Allow -New-NetFirewallRule -Name kubelet10248 -DisplayName "Kubelet10248" -LocalPort 10248 -Enabled True -Direction Inbound -Protocol TCP -Action Allow -EdgeTraversalPolicy Allow -New-NetFirewallRule -Name kubelet10250 -DisplayName "Kubelet10250" -LocalPort 10250 -Enabled True -Direction Inbound -Protocol TCP -Action Allow -EdgeTraversalPolicy Allow -New-NetFirewallRule -Name kubelet10251 -DisplayName "Kubelet10251" -LocalPort 10251 -Enabled True -Direction Inbound -Protocol TCP -Action Allow -EdgeTraversalPolicy Allow -New-NetFirewallRule -Name kubelet10252 -DisplayName "Kubelet10252" -LocalPort 10252 -Enabled True -Direction Inbound -Protocol TCP -Action Allow -EdgeTraversalPolicy Allow -New-NetFirewallRule -Name kubelet10255 -DisplayName "Kubelet10254" -LocalPort 10255 -Enabled True -Direction Inbound -Protocol TCP -Action Allow -EdgeTraversalPolicy Allow -#> diff --git a/kubeinit/roles/kubeinit_libvirt/templates/autounattend.xml.j2 b/kubeinit/roles/kubeinit_libvirt/templates/autounattend.xml.j2 deleted file mode 100644 index f75329f76..000000000 --- a/kubeinit/roles/kubeinit_libvirt/templates/autounattend.xml.j2 +++ /dev/null @@ -1,315 +0,0 @@ - - - - - - - en-US - - en-US - en-US - en-US - en-US - - - - - - - E:\amd64\2k22 - - - E:\Balloon\2k22 - - - E:\NetKVM\2k22 - - - E:\smbus\2k22 - - - - - - - - OnError - - - - 250 - 1 - Primary - - - 2 - true - Primary - - - - - - 1 - 1 - NTFS - - true - - - 2 - 2 - NTFS - - - - - 0 - true - - - - - - - - - /IMAGE/NAME - Windows Server 2022 SERVERDATACENTER - - - - 0 - 2 - - OnError - false - - - - - - true - - OnError - - - - - - - - - - Central Standard Time - {{ kubeinit_deployment_node_name }} - - - - - {{ hostvars[kubeinit_cluster_name].cluster_domain }} - - - - - false - - - - - - true - Remote Desktop - all - - - - - - 2 - 1 - - - - true - - - - - - - - - true - true - true - true - true - Home - 3 - - - - - - Passw0rd -

true</PlainText> - </AdministratorPassword> - <LocalAccounts> - <LocalAccount wcm:action="add"> - <Password> - <Value>Passw0rd</Value> - <PlainText>true</PlainText> - </Password> - <Description>root</Description> - <DisplayName>root</DisplayName> - <Group>administrators</Group> - <Name>root</Name> - </LocalAccount> - </LocalAccounts> - </UserAccounts> - - <AutoLogon> - <Password> - <Value>Passw0rd</Value> - <PlainText>true</PlainText> - </Password> - <Enabled>true</Enabled> - <LogonCount>50</LogonCount> - <Username>Administrator</Username> - </AutoLogon> - - - <FirstLogonCommands> - <SynchronousCommand wcm:action="add"> - <Order>1</Order> - <Description>Set Execution Policy 64 Bit</Description> - <CommandLine>cmd.exe /c powershell -Command "Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Force"</CommandLine> - <RequiresUserInput>true</RequiresUserInput> - </SynchronousCommand> - <SynchronousCommand wcm:action="add"> - <Order>2</Order> - <Description>Set Execution Policy 32 Bit</Description> - <CommandLine>C:\Windows\SysWOW64\cmd.exe /c powershell -Command "Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Force"</CommandLine> - <RequiresUserInput>true</RequiresUserInput> - </SynchronousCommand> - <SynchronousCommand wcm:action="add"> - <Order>3</Order> - <Description>Install and configure OpenSSH Server</Description> - <CommandLine>cmd.exe /c powershell.exe -File F:\Install-Openssh.ps1 "F:\authorized_keys"</CommandLine> - </SynchronousCommand> - <SynchronousCommand wcm:action="add"> - <Order>4</Order> - <Description>Create a L2Bridge to trigger a vSwitch creation. Do this only once</Description> - <CommandLine>cmd.exe /c powershell.exe -File F:\SetNet.ps1</CommandLine> - </SynchronousCommand> - <!-- - <SynchronousCommand wcm:action="add"> - <CommandLine>e:\virtio-win-guest-tools.exe /s /qn</CommandLine> - <Order>2</Order> - </SynchronousCommand> - - <SynchronousCommand wcm:action="add"> - <CommandLine>pnputil.exe /add-driver e:\*.inf /subdirs /install</CommandLine> - <Order>3</Order> - </SynchronousCommand> - --> - <!-- - install cloudbase-init (a cloud-init-alike that uses - metadata provided by a cloud service such as OpenStack to - configure the system). - --> - <!-- - <SynchronousCommand wcm:action="add"> - <CommandLine>msiexec /i c:\windows\temp\cloudbase.msi /qb /l*v c:\windows\temp\cloudbase.log LOGGINGSERIALPORTNAME=COM1</CommandLine> - <Order>1</Order> - </SynchronousCommand> - --> - - <!-- - run sysprep to generalize the system (and reboot) - We install the OS from the .iso installer for every node - so there is no need to generalize the install because - we run specific customizations for each node. - This is done when it is required to create generic OS images. - --> - <!-- - <SynchronousCommand wcm:action="add"> - <CommandLine>c:\windows\system32\sysprep\sysprep /generalize /oobe /reboot</CommandLine> - <Order>1</Order> - </SynchronousCommand> - --> - </FirstLogonCommands> - - </component> - </settings> - <cpi:offlineImage cpi:source="wim:c:/wims/install.wim#Windows Server 2022 SERVERDATACENTER" xmlns:cpi="urn:schemas-microsoft-com:cpi" /> -</unattend> diff --git a/kubeinit/roles/kubeinit_nexus/README.md b/kubeinit/roles/kubeinit_nexus/README.md deleted file mode 100644 index 1c15095e2..000000000 --- a/kubeinit/roles/kubeinit_nexus/README.md +++ /dev/null @@ -1,3 +0,0 @@ -Please, refer to the kubeinit_nexus role -[official docs](https://kubeinit.github.io/kubeinit/roles/role-kubeinit_nexus.html) -for further information. diff --git a/kubeinit/roles/kubeinit_nexus/defaults/main.yml b/kubeinit/roles/kubeinit_nexus/defaults/main.yml deleted file mode 100644 index b487d8c2b..000000000 --- a/kubeinit/roles/kubeinit_nexus/defaults/main.yml +++ /dev/null @@ -1,28 +0,0 @@ ---- -# Copyright kubeinit contributors -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# All variables intended for modification should be placed in this file. - -# All variables within this role should have a prefix of "kubeinit_nexus_" -kubeinit_nexus_debug: "{{ (ansible_verbosity | int) >= 2 | bool }}" -kubeinit_nexus_hide_sensitive_logs: true - -kubeinit_nexus_directory: /var/kubeinit/nexus -kubeinit_nexus_directory_data: "{{ kubeinit_nexus_directory }}/data" - -kubeinit_nexus_directories: - - "{{ kubeinit_nexus_directory_data }}" diff --git a/kubeinit/roles/kubeinit_nexus/files/.gitkeep b/kubeinit/roles/kubeinit_nexus/files/.gitkeep deleted file mode 100644 index e69de29bb..000000000 diff --git a/kubeinit/roles/kubeinit_nexus/handlers/main.yml b/kubeinit/roles/kubeinit_nexus/handlers/main.yml deleted file mode 100644 index 9490b54cc..000000000 --- a/kubeinit/roles/kubeinit_nexus/handlers/main.yml +++ /dev/null @@ -1,15 +0,0 @@ ---- -# Copyright kubeinit contributors -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. diff --git a/kubeinit/roles/kubeinit_nexus/meta/main.yml b/kubeinit/roles/kubeinit_nexus/meta/main.yml deleted file mode 100644 index 461c90b5f..000000000 --- a/kubeinit/roles/kubeinit_nexus/meta/main.yml +++ /dev/null @@ -1,44 +0,0 @@ ---- -# Copyright kubeinit contributors -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -galaxy_info: - author: KubeInit - role_name: kubeinit_nexus - namespace: kubeinit - description: KubeInit Role -- kubeinit_nexus - company: Red Hat - license: Apache-2.0 - min_ansible_version: 2.9 - # - # Provide a list of supported platforms, and for each platform a list of versions. - # If you don't wish to enumerate all versions for a particular platform, use 'all'. - # To view available platforms and versions (or releases), visit: - # https://galaxy.ansible.com/api/v1/platforms/ - # - platforms: - - name: CentOS - versions: - - 7 - - 8 - - galaxy_tags: - - kubeinit - - -# List your role dependencies here, one per line. Be sure to remove the '[]' above, -# if you add dependencies to this list. -dependencies: [] diff --git a/kubeinit/roles/kubeinit_nexus/molecule/default/converge.yml b/kubeinit/roles/kubeinit_nexus/molecule/default/converge.yml deleted file mode 100644 index ccb72715a..000000000 --- a/kubeinit/roles/kubeinit_nexus/molecule/default/converge.yml +++ /dev/null @@ -1,25 +0,0 @@ ---- -# Copyright kubeinit contributors -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Converge - hosts: all - # roles: - # - role: "kubeinit_nexus" - tasks: - - name: Message for "kubeinit_nexus" - ansible.builtin.debug: - msg: Finishing molecule for "kubeinit_nexus" diff --git a/kubeinit/roles/kubeinit_nexus/molecule/default/molecule.yml b/kubeinit/roles/kubeinit_nexus/molecule/default/molecule.yml deleted file mode 100644 index b5d8023ed..000000000 --- a/kubeinit/roles/kubeinit_nexus/molecule/default/molecule.yml +++ /dev/null @@ -1,13 +0,0 @@ ---- -dependency: - name: galaxy -driver: - name: docker -platforms: - - name: instance - image: quay.io/centos/centos:stream8 - pre_build_image: true -provisioner: - name: ansible -verifier: - name: ansible diff --git a/kubeinit/roles/kubeinit_nexus/molecule/default/verify.yml b/kubeinit/roles/kubeinit_nexus/molecule/default/verify.yml deleted file mode 100644 index 86afba4ff..000000000 --- a/kubeinit/roles/kubeinit_nexus/molecule/default/verify.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -# This is an example playbook to execute Ansible tests. - -- name: Verify - hosts: all - tasks: - - name: Example assertion - ansible.builtin.assert: - that: true diff --git a/kubeinit/roles/kubeinit_nexus/tasks/main.yml b/kubeinit/roles/kubeinit_nexus/tasks/main.yml deleted file mode 100644 index 1a050e432..000000000 --- a/kubeinit/roles/kubeinit_nexus/tasks/main.yml +++ /dev/null @@ -1,231 +0,0 @@ ---- -# Copyright kubeinit contributors -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Create Nexus folders - ansible.builtin.file: - path: "{{ item | safe | trim }}" - state: directory - recurse: yes - mode: '0755' - loop: "{{ kubeinit_nexus_directories }}" - -- name: Create nexus-data subfolders - ansible.builtin.file: - path: "{{ item | safe | trim }}" - state: directory - recurse: yes - mode: '0755' - loop: - - "{{ kubeinit_nexus_directory_data }}/etc/ssl" - - "{{ kubeinit_nexus_directory_data }}/log" - - "{{ kubeinit_nexus_directory_data }}/tmp" - -- name: Create the property file update script - ansible.builtin.copy: - content: | - #!/bin/bash - set -eo pipefail - cp /opt/sonatype/nexus/etc/nexus-default.properties /nexus-data/etc/nexus.properties - sed -i -e 's/^\([^#]\)/# \1/' -e 's/^# nexus-args=/nexus-args=/' -e 's/jetty-http/jetty-https/' -e 's/# application-port=8081/application-port-ssl=8443/' -e '$ a ssl.etc=${karaf.data}/etc/ssl' -e '$ a nexus.scripts.allowCreation=true' /nexus-data/etc/nexus.properties - sed -i -e '/New id="sslContextFactory"/ a REPLACE_ME' -e 's;REPLACE_ME; <Set name="certAlias">{{ kubeinit_cluster_name }}-nexus</Set>;' /opt/sonatype/nexus/etc/jetty/jetty-https.xml - dest: "{{ kubeinit_nexus_directory_data }}/update-props.sh" - mode: '0644' - -- name: Install buildah if required - ansible.builtin.package: - state: present - name: "buildah" - -- name: Remove any old nexus buildah container - ansible.builtin.shell: | - set -o pipefail - buildah rm {{ kubeinit_cluster_name }}-nexus || true - args: - executable: /bin/bash - register: _result - changed_when: "_result.rc == 0" - -- name: Create a new working container image - ansible.builtin.command: buildah from --name {{ kubeinit_cluster_name }}-nexus --volume "{{ kubeinit_nexus_directory_data }}:/nexus-data" quay.io/kubeinit/nexus3:3.30.0 - register: _result - changed_when: "_result.rc == 0" - -- name: Set working directory inside container - ansible.builtin.command: buildah config --workingdir /nexus-data/tmp {{ kubeinit_cluster_name }}-nexus - register: _result - changed_when: "_result.rc == 0" - -- name: Update image - ansible.builtin.command: buildah run --user root:root {{ kubeinit_cluster_name }}-nexus -- dnf update -q -y - register: _result - changed_when: "_result.rc == 0" - -- name: Create java keystore - ansible.builtin.command: buildah run --user root:root {{ kubeinit_cluster_name }}-nexus -- keytool -genkeypair -keystore keystore.jks -storepass password -keypass password -alias {{ kubeinit_cluster_name }}-nexus -keyalg RSA -keysize 2048 -validity 5000 -dname "CN=*.{{ kubeinit_cluster_fqdn }}, OU={{ hostvars['kubeinit-env'].certificate_organizational_unit }}, O={{ hostvars['kubeinit-env'].certificate_organization }}, L={{ hostvars['kubeinit-env'].certificate_locality }}, ST={{ hostvars['kubeinit-env'].certificate_state }}, C={{ hostvars['kubeinit-env'].certificate_country }}" -ext "SAN=DNS:{{ kubeinit_nexus_fqdn }},IP:{{ kubeinit_nexus_service_address }}" -ext "BC=ca:true" - register: _result - changed_when: "_result.rc == 0" - -- name: Copy keystore file - ansible.builtin.command: buildah run --user root:root {{ kubeinit_cluster_name }}-nexus -- keytool -importkeystore -srckeystore keystore.jks -srcstorepass password -destkeystore keystore.jks -deststoretype pkcs12 - register: _result - changed_when: "_result.rc == 0" - -- name: Copy keystore file - ansible.builtin.command: buildah run --user root:root {{ kubeinit_cluster_name }}-nexus -- keytool -export -alias {{ kubeinit_cluster_name }}-nexus -keystore keystore.jks -storepass password -rfc -file public.cert - register: _result - changed_when: "_result.rc == 0" - -- name: Copy keystore file - ansible.builtin.command: buildah run --user root:root {{ kubeinit_cluster_name }}-nexus -- cp keystore.jks public.cert /nexus-data/etc/ssl/ - register: _result - changed_when: "_result.rc == 0" - -- name: Link keystore file to alternate location - ansible.builtin.command: buildah run --user root:root {{ kubeinit_cluster_name }}-nexus -- ln -s /nexus-data/etc/ssl/keystore.jks /opt/sonatype/nexus/etc/ssl/keystore.jks - register: _result - changed_when: "_result.rc == 0" - -- name: Run script to update properties - ansible.builtin.command: buildah run --user root:root {{ kubeinit_cluster_name }}-nexus -- bash /nexus-data/update-props.sh - register: _result - changed_when: "_result.rc == 0" - -- name: Set owner of nexus data to nexus - ansible.builtin.command: buildah run --user root:root {{ kubeinit_cluster_name }}-nexus -- chown -R nexus:nexus /nexus-data - register: _result - changed_when: "_result.rc == 0" - -- name: Set kubeinit-cluster-name label - ansible.builtin.command: buildah config --label kubeinit-cluster-name={{ kubeinit_cluster_name }} {{ kubeinit_cluster_name }}-nexus - register: _result - changed_when: "_result.rc == 0" - -- name: Commit the container image - ansible.builtin.command: buildah commit {{ kubeinit_cluster_name }}-nexus kubeinit/{{ kubeinit_cluster_name }}-nexus:latest - register: _result - changed_when: "_result.rc == 0" - -- name: Remove the buildah container - ansible.builtin.command: buildah rm {{ kubeinit_cluster_name }}-nexus - register: _result - changed_when: "_result.rc == 0" - -- name: Create a podman volume for nexus data - containers.podman.podman_volume: - name: "{{ kubeinit_cluster_name }}-nexus-data" - state: present - recreate: yes - -- name: Set nexus as owner of the volume root - containers.podman.podman_container: - name: "{{ kubeinit_nexus_service_name }}-set-owner" - image: kubeinit/{{ kubeinit_cluster_name }}-nexus:latest - state: started - detach: no - remove: yes - user: root - command: chown nexus:nexus /mnt - volumes: - - "{{ kubeinit_cluster_name }}-nexus-data:/mnt" - -- name: Copy data into nexus-data volume - containers.podman.podman_container: - name: "{{ kubeinit_nexus_service_name }}-copy-data" - image: kubeinit/{{ kubeinit_cluster_name }}-nexus:latest - state: started - detach: no - remove: yes - command: cp -pr /mnt/etc /nexus-data/ - volumes: - - "{{ kubeinit_cluster_name }}-nexus-data:/nexus-data" - - "{{ kubeinit_nexus_directory_data }}:/mnt" - -- name: Create a podman container to serve nexus - containers.podman.podman_container: - name: "{{ kubeinit_nexus_service_name }}" - image: kubeinit/{{ kubeinit_cluster_name }}-nexus:latest - pod: "{{ kubeinit_deployment_pod_name }}" - state: stopped - volumes: - - "{{ kubeinit_cluster_name }}-nexus-data:/nexus-data" - - "{{ kubeinit_services_data_volume }}:/var/kubeinit" - register: _result_container_info - -- name: Create systemd service for podman container - ansible.builtin.include_role: - name: kubeinit.kubeinit.kubeinit_services - tasks_from: create_managed_service.yml - public: true - vars: - _param_service_user_dir: "{{ kubeinit_service_user_dir }}" - _param_service_user: "{{ kubeinit_service_user }}" - _param_systemd_service_name: "{{ kubeinit_nexus_service_name }}" - _param_podman_container_name: "{{ _result_container_info.container.Name }}" - _param_podman_container_pidfile: "{{ _result_container_info.container.ConmonPidFile }}" - -- name: Clear temp facts - ansible.builtin.set_fact: - _result_container_info: null - -- name: Wait for service to be available - ansible.builtin.shell: | - set -eo pipefail - while [[ "$(curl --cacert {{ kubeinit_nexus_directory_data }}/etc/ssl/public.cert -s -o /dev/null -w '%{http_code}' https://{{ kubeinit_nexus_service_address }}:8443)" != "200" ]]; do sleep 5; done - args: - executable: /bin/bash - register: _result - changed_when: "_result.rc == 0" - -- name: Copy out admin password - ansible.builtin.command: | - podman cp {{ kubeinit_cluster_name }}-nexus:/nexus-data/admin.password "{{ kubeinit_nexus_directory_data }}/admin.password" - register: _result - changed_when: "_result.rc == 0" - -- name: Read admin password into a var - ansible.builtin.slurp: - src: "{{ kubeinit_nexus_directory_data }}/admin.password" - register: _result_admin_password - -- name: Setup server using nexus3 cli - block: - - name: Install the nexus3 cli - ansible.builtin.command: | - python3 -m pip install -q cryptography==3.3.2 nexus3-cli - register: _result - changed_when: "_result.rc == 0" - - - name: Login to nexus3 cli - ansible.builtin.command: | - env LC_ALL=C.UTF-8 LANG=C.UTF-8 nexus3 login -u admin -p {{ _result_admin_password.content | b64decode }} -U "https://{{ kubeinit_nexus_service_address }}:8443" --x509_verify - register: _result - changed_when: "_result.rc == 0" - no_log: true - - - name: Create docker repository - ansible.builtin.command: | - env LC_ALL=C.UTF-8 LANG=C.UTF-8 REQUESTS_CA_BUNDLE="{{ kubeinit_nexus_directory_data }}/etc/ssl/public.cert" nexus3 repository create hosted docker --https-port {{ kubeinit_nexus_port }} --v1-enabled origin - register: _result - changed_when: "_result.rc == 0" - - - name: Activate security realm for docker tokens - ansible.builtin.command: | - env LC_ALL=C.UTF-8 LANG=C.UTF-8 REQUESTS_CA_BUNDLE="{{ kubeinit_nexus_directory_data }}/etc/ssl/public.cert" nexus3 security realm activate DockerToken - register: _result - changed_when: "_result.rc == 0" - - delegate_to: "{{ kubeinit_nexus_service_address }}" diff --git a/kubeinit/roles/kubeinit_nexus/vars/main.yml b/kubeinit/roles/kubeinit_nexus/vars/main.yml deleted file mode 100644 index c6c9c6210..000000000 --- a/kubeinit/roles/kubeinit_nexus/vars/main.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- -# Copyright kubeinit contributors -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# While options found within the vars/ path can be overridden using extra -# vars, items within this path are considered part of the role and not -# intended to be modified. - -# All variables within this role should have a prefix of "kubeinit_nexus_" diff --git a/kubeinit/roles/kubeinit_nfs/README.md b/kubeinit/roles/kubeinit_nfs/README.md deleted file mode 100644 index cce377091..000000000 --- a/kubeinit/roles/kubeinit_nfs/README.md +++ /dev/null @@ -1,3 +0,0 @@ -Please, refer to the kubeinit_nfs role -[official docs](https://kubeinit.github.io/kubeinit/roles/role-kubeinit_nfs.html) -for further information. diff --git a/kubeinit/roles/kubeinit_nfs/defaults/main.yml b/kubeinit/roles/kubeinit_nfs/defaults/main.yml deleted file mode 100644 index 0ec695633..000000000 --- a/kubeinit/roles/kubeinit_nfs/defaults/main.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- -# Copyright kubeinit contributors -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# All variables intended for modification should be placed in this file. - -# All variables within this role should have a prefix of "kubeinit_nfs_" -kubeinit_nfs_debug: "{{ (ansible_verbosity | int) >= 2 | bool }}" -kubeinit_nfs_hide_sensitive_logs: true diff --git a/kubeinit/roles/kubeinit_nfs/files/.gitkeep b/kubeinit/roles/kubeinit_nfs/files/.gitkeep deleted file mode 100644 index e69de29bb..000000000 diff --git a/kubeinit/roles/kubeinit_nfs/handlers/main.yml b/kubeinit/roles/kubeinit_nfs/handlers/main.yml deleted file mode 100644 index 9490b54cc..000000000 --- a/kubeinit/roles/kubeinit_nfs/handlers/main.yml +++ /dev/null @@ -1,15 +0,0 @@ ---- -# Copyright kubeinit contributors -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. diff --git a/kubeinit/roles/kubeinit_nfs/meta/main.yml b/kubeinit/roles/kubeinit_nfs/meta/main.yml deleted file mode 100644 index d8489d368..000000000 --- a/kubeinit/roles/kubeinit_nfs/meta/main.yml +++ /dev/null @@ -1,44 +0,0 @@ ---- -# Copyright kubeinit contributors -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -galaxy_info: - author: KubeInit - role_name: kubeinit_nfs - namespace: kubeinit - description: KubeInit Role -- kubeinit_nfs - company: Red Hat - license: Apache-2.0 - min_ansible_version: 2.9 - # - # Provide a list of supported platforms, and for each platform a list of versions. - # If you don't wish to enumerate all versions for a particular platform, use 'all'. - # To view available platforms and versions (or releases), visit: - # https://galaxy.ansible.com/api/v1/platforms/ - # - platforms: - - name: CentOS - versions: - - 7 - - 8 - - galaxy_tags: - - kubeinit - - -# List your role dependencies here, one per line. Be sure to remove the '[]' above, -# if you add dependencies to this list. -dependencies: [] diff --git a/kubeinit/roles/kubeinit_nfs/molecule/default/converge.yml b/kubeinit/roles/kubeinit_nfs/molecule/default/converge.yml deleted file mode 100644 index 21bc12fcc..000000000 --- a/kubeinit/roles/kubeinit_nfs/molecule/default/converge.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- -# Copyright kubeinit contributors -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Converge - hosts: all - # roles: - # - role: "kubeinit_nfs" - tasks: - - name: Message for "kubeinit_nfs" - ansible.builtin.debug: - msg: Finishing molecule for "kubeinit_nfs" diff --git a/kubeinit/roles/kubeinit_nfs/molecule/default/molecule.yml b/kubeinit/roles/kubeinit_nfs/molecule/default/molecule.yml deleted file mode 100644 index b5d8023ed..000000000 --- a/kubeinit/roles/kubeinit_nfs/molecule/default/molecule.yml +++ /dev/null @@ -1,13 +0,0 @@ ---- -dependency: - name: galaxy -driver: - name: docker -platforms: - - name: instance - image: quay.io/centos/centos:stream8 - pre_build_image: true -provisioner: - name: ansible -verifier: - name: ansible diff --git a/kubeinit/roles/kubeinit_nfs/molecule/default/verify.yml b/kubeinit/roles/kubeinit_nfs/molecule/default/verify.yml deleted file mode 100644 index 86afba4ff..000000000 --- a/kubeinit/roles/kubeinit_nfs/molecule/default/verify.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -# This is an example playbook to execute Ansible tests. - -- name: Verify - hosts: all - tasks: - - name: Example assertion - ansible.builtin.assert: - that: true diff --git a/kubeinit/roles/kubeinit_nfs/tasks/main.yml b/kubeinit/roles/kubeinit_nfs/tasks/main.yml deleted file mode 100644 index 214052e95..000000000 --- a/kubeinit/roles/kubeinit_nfs/tasks/main.yml +++ /dev/null @@ -1,212 +0,0 @@ ---- -# Copyright kubeinit contributors -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -### DOCUMENTATION -# -# title: Deploy a network share -# -# description: |- -# The NFS-client provisioner is part of the Kubernetes Incubator project. In a Kubernetes cluster, -# this provisioner runs in a container that mounts an NFS export from an existing NFS server—it does not -# run an NFS server itself. With the container, it listens for PVCs that match its storage class, creates -# directories within the NFS export, and reports each directory to Kubernetes as a persistent volume. -# Kubernetes can then mount the volume into a container that uses the volumes from that PVC. -# -# examples: |- -# - name: Configure NFS -# ansible.builtin.include_role: -# name: kubeinit.kubeinit.kubeinit_nfs -# public: true -# when: "'nfs' in kubeinit_cluster_hostvars.services" - -- name: Install NFS packages - ansible.builtin.package: - name: "{{ ['nfs-kernel-server', 'nfs-common'] if (hostvars[kubeinit_deployment_node_name].distribution_family == 'Debian') else ['nfs-utils'] }}" - state: present - -- name: "Configure NFS shares of CentOS based guests" - ansible.builtin.shell: | - set -o pipefail - systemctl enable nfs-server rpcbind - systemctl start nfs-server rpcbind - mkdir -p /var/nfsshare - chmod -R 777 /var/nfsshare - chown -R nobody:nobody /var/nfsshare - echo '/var/nfsshare {{ kubeinit_cluster_network }}(rw,sync,no_root_squash,no_all_squash,no_wdelay)' | tee /etc/exports - setsebool -P nfs_export_all_rw 1 - systemctl restart nfs-server - args: - executable: /bin/bash - register: _result - changed_when: "_result.rc == 0" - when: hostvars[kubeinit_deployment_node_name].os == 'centos' - -- name: "Configure NFS shares of Ubuntu based guests" - ansible.builtin.shell: | - set -o pipefail - mkdir -p /var/nfsshare - chmod -R 777 /var/nfsshare - chown -R nobody:nogroup /var/nfsshare - echo '/var/nfsshare {{ kubeinit_cluster_network }}(rw,sync,no_root_squash,no_all_squash,no_wdelay)' | tee /etc/exports - exportfs -a - systemctl restart nfs-kernel-server - args: - executable: /bin/bash - register: _result - changed_when: "_result.rc == 0" - when: hostvars[kubeinit_deployment_node_name].os == 'ubuntu' or hostvars[kubeinit_deployment_node_name].os == 'debian' - -# -# Add nfs dynamic provisioning -# - -- name: Add nfs provisioning role - ansible.builtin.shell: | - cat << EOF > ~/nfs_rbac.yaml - apiVersion: v1 - kind: ServiceAccount - metadata: - name: nfs-client-provisioner - --- - kind: ClusterRole - apiVersion: rbac.authorization.k8s.io/v1 - metadata: - name: nfs-client-provisioner-runner - rules: - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "create", "delete"] - - apiGroups: [""] - resources: ["persistentvolumeclaims"] - verbs: ["get", "list", "watch", "update"] - - apiGroups: ["storage.k8s.io"] - resources: ["storageclasses"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["events"] - verbs: ["create", "update", "patch"] - --- - kind: ClusterRoleBinding - apiVersion: rbac.authorization.k8s.io/v1 - metadata: - name: run-nfs-client-provisioner - subjects: - - kind: ServiceAccount - name: nfs-client-provisioner - namespace: default - roleRef: - kind: ClusterRole - name: nfs-client-provisioner-runner - apiGroup: rbac.authorization.k8s.io - --- - kind: Role - apiVersion: rbac.authorization.k8s.io/v1 - metadata: - name: leader-locking-nfs-client-provisioner - rules: - - apiGroups: [""] - resources: ["endpoints"] - verbs: ["get", "list", "watch", "create", "update", "patch"] - --- - kind: RoleBinding - apiVersion: rbac.authorization.k8s.io/v1 - metadata: - name: leader-locking-nfs-client-provisioner - subjects: - - kind: ServiceAccount - name: nfs-client-provisioner - # replace with namespace where provisioner is deployed - namespace: default - roleRef: - kind: Role - name: leader-locking-nfs-client-provisioner - apiGroup: rbac.authorization.k8s.io - EOF - export KUBECONFIG=~/.kube/config - kubectl apply -f ~/nfs_rbac.yaml --request-timeout=1800s - register: _result - retries: 5 - delay: 20 - until: _result.rc == 0 - changed_when: "_result.rc == 0" - args: - executable: /bin/bash - -- name: Add nfs client provisioner deployment - ansible.builtin.shell: | - cat << EOF > ~/nfs_client_prov_deployment.yaml - kind: Deployment - apiVersion: apps/v1 - metadata: - name: nfs-client-provisioner - spec: - replicas: 1 - strategy: - type: Recreate - selector: - matchLabels: - app: nfs-client-provisioner - template: - metadata: - labels: - app: nfs-client-provisioner - spec: - serviceAccountName: nfs-client-provisioner - containers: - - name: nfs-client-provisioner - image: gcr.io/k8s-staging-sig-storage/nfs-subdir-external-provisioner:v4.0.0 - volumeMounts: - - name: nfs-client-root - mountPath: /persistentvolumes - env: - - name: PROVISIONER_NAME - value: k8s-sigs.io/nfs-subdir-external-provisioner - - name: NFS_SERVER - value: {{ kubeinit_nfs_service_address }} - - name: NFS_PATH - value: /var/nfsshare - volumes: - - name: nfs-client-root - nfs: - server: {{ kubeinit_nfs_service_address }} - path: /var/nfsshare - EOF - export KUBECONFIG=~/.kube/config - kubectl apply -f ~/nfs_client_prov_deployment.yaml --request-timeout=1800s - register: _result - changed_when: "_result.rc == 0" - args: - executable: /bin/bash - -- name: Add default nfs storage class - ansible.builtin.shell: | - cat << EOF > ~/nfs_storage_class.yaml - apiVersion: storage.k8s.io/v1 - kind: StorageClass - metadata: - name: managed-nfs-storage - annotations: - storageclass.kubernetes.io/is-default-class: "true" - provisioner: k8s-sigs.io/nfs-subdir-external-provisioner - parameters: - archiveOnDelete: "false" - EOF - export KUBECONFIG=~/.kube/config - kubectl apply -f ~/nfs_storage_class.yaml --request-timeout=1800s - register: _result - changed_when: "_result.rc == 0" - args: - executable: /bin/bash diff --git a/kubeinit/roles/kubeinit_nfs/vars/main.yml b/kubeinit/roles/kubeinit_nfs/vars/main.yml deleted file mode 100644 index 128ab0e0e..000000000 --- a/kubeinit/roles/kubeinit_nfs/vars/main.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- -# Copyright kubeinit contributors -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# While options found within the vars/ path can be overridden using extra -# vars, items within this path are considered part of the role and not -# intended to be modified. - -# All variables within this role should have a prefix of "kubeinit_nfs_" diff --git a/kubeinit/roles/kubeinit_openshift/defaults/main.yml b/kubeinit/roles/kubeinit_openshift/defaults/main.yml index f8a11426a..ce4fbdd2a 100644 --- a/kubeinit/roles/kubeinit_openshift/defaults/main.yml +++ b/kubeinit/roles/kubeinit_openshift/defaults/main.yml @@ -29,14 +29,6 @@ kubeinit_openshift_network_type: "OVNKubernetes" kubeinit_openshift_registry_pullsecret: "{{ '{\"auths\": {}}' | from_json }}" kubeinit_openshift_registry_pullsecret_empty: "{{ '{\"auths\": {}}' | from_json }}" -kubeinit_openshift_release: - okd: - tag: 4.13.0-0.okd-2023-09-30-084937 - ocp: - tag: 4.12.0 - -kubeinit_openshift_release_tag: "{{ kubeinit_openshift_release[kubeinit_cluster_distro].tag }}" - kubeinit_openshift_registry: okd: organization: openshift @@ -49,6 +41,14 @@ kubeinit_openshift_registry_site: quay.io kubeinit_openshift_registry_organization: "{{ kubeinit_openshift_registry[kubeinit_cluster_distro].organization }}" kubeinit_openshift_registry_repository: "{{ kubeinit_openshift_registry[kubeinit_cluster_distro].repository }}" +kubeinit_openshift_release: + okd: + tag: 4.15.0-0.okd-2024-03-10-010116 + ocp: + tag: 4.16.2 + +kubeinit_openshift_release_tag: "{{ kubeinit_openshift_release[kubeinit_cluster_distro].tag }}" + kubeinit_openshift_download: okd: baseurl: "https://github.com/openshift/okd/releases/download/{{ kubeinit_openshift_release_tag }}" diff --git a/kubeinit/roles/kubeinit_openshift/tasks/post_configure_guest.yml b/kubeinit/roles/kubeinit_openshift/tasks/post_configure_guest.yml deleted file mode 100644 index 9490b54cc..000000000 --- a/kubeinit/roles/kubeinit_openshift/tasks/post_configure_guest.yml +++ /dev/null @@ -1,15 +0,0 @@ ---- -# Copyright kubeinit contributors -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. diff --git a/kubeinit/roles/kubeinit_openshift/tasks/post_deployment_tasks.yml b/kubeinit/roles/kubeinit_openshift/tasks/post_deployment_tasks.yml index 18a4ebd78..72ce59bd3 100644 --- a/kubeinit/roles/kubeinit_openshift/tasks/post_deployment_tasks.yml +++ b/kubeinit/roles/kubeinit_openshift/tasks/post_deployment_tasks.yml @@ -14,142 +14,6 @@ # License for the specific language governing permissions and limitations # under the License. -# -# Configure NFS -# -- name: Delegate to provision service node - block: - - - name: Configure NFS - ansible.builtin.include_role: - name: kubeinit.kubeinit.kubeinit_nfs - public: true - when: "'nfs' in kubeinit_cluster_hostvars.services" - - - name: Add security context constraint for nfs provisioner - ansible.builtin.shell: | - cat << EOF > ~/nfs_scc.yaml - apiVersion: security.openshift.io/v1 - kind: SecurityContextConstraints - metadata: - name: nfs-provisioner - allowHostDirVolumePlugin: true - allowHostIPC: false - allowHostNetwork: false - allowHostPID: false - allowHostPorts: false - allowPrivilegedContainer: false - allowedCapabilities: - - DAC_READ_SEARCH - - SYS_RESOURCE - defaultAddCapabilities: null - fsGroup: - type: MustRunAs - priority: null - readOnlyRootFilesystem: false - requiredDropCapabilities: - - KILL - - MKNOD - - SYS_CHROOT - runAsUser: - type: RunAsAny - seLinuxContext: - type: MustRunAs - supplementalGroups: - type: RunAsAny - volumes: - - configMap - - downwardAPI - - emptyDir - - hostPath - - nfs - - persistentVolumeClaim - - secret - EOF - export KUBECONFIG=~/.kube/config - kubectl apply -f ~/nfs_scc.yaml --request-timeout=1800s - args: - executable: /bin/bash - register: _result - changed_when: "_result.rc == 0" - when: "'nfs' in kubeinit_cluster_hostvars.services" - - - name: Apply nfs security policy to nfs user - ansible.builtin.shell: | - export KUBECONFIG=~/.kube/config - oc adm policy add-scc-to-user nfs-provisioner -z nfs-client-provisioner - args: - executable: /bin/bash - register: _result - changed_when: "_result.rc == 0" - when: "'nfs' in kubeinit_cluster_hostvars.services" - - - name: Wait for the image registry operator to start its components - ansible.builtin.shell: | - export KUBECONFIG=~/.kube/config - oc get configs.imageregistry.operator.openshift.io cluster - args: - executable: /bin/bash - register: _result - changed_when: "_result.rc == 0" - retries: 60 - delay: 20 - until: _result.rc == 0 - when: "'nfs' in kubeinit_cluster_hostvars.services" - - - name: Patch imageregistry operator to claim storage - ansible.builtin.shell: | - # We patch the imageregistry operator to create a claim that managed-nfs-storage will satisfy - export KUBECONFIG=~/.kube/config - oc patch --request-timeout=1800s configs.imageregistry.operator.openshift.io cluster --type merge --patch '{"spec": {"storage": {"pvc": {"claim": "" }}}}' - args: - executable: /bin/bash - register: _result - changed_when: "_result.rc == 0" - when: "'nfs' in kubeinit_cluster_hostvars.services" - - - name: Patch imageregistry operator to move to Managed state - ansible.builtin.shell: | - export KUBECONFIG=~/.kube/config - oc patch --request-timeout=1800s configs.imageregistry.operator.openshift.io cluster --type merge --patch '{"spec": {"managementState": "Managed" }}' - args: - executable: /bin/bash - register: _result - changed_when: "_result.rc == 0" - when: "'nfs' in kubeinit_cluster_hostvars.services" - - vars: - kubeinit_deployment_node_name: "{{ kubeinit_provision_service_node }}" - delegate_to: "{{ kubeinit_deployment_node_name }}" - -# -# Deploy the apps -# -- name: Deploy the apps - block: - - name: Deploy the apps - ansible.builtin.include_role: - name: kubeinit.kubeinit.kubeinit_apps - public: yes - when: "'apps' in kubeinit_cluster_hostvars.services" - vars: - kubeinit_deployment_node_name: "{{ kubeinit_provision_service_node }}" - delegate_to: "{{ kubeinit_deployment_node_name }}" - -# -# Deploy KubeVirt -# -- name: Deploy KubeVirt - block: - - name: Deploy KubeVirt - ansible.builtin.include_role: - name: kubeinit.kubeinit.kubeinit_kubevirt - public: yes - when: "'kubevirt' in (kubeinit_cluster_hostvars['post_deployment_services'] | default([]))" - vars: - kubeinit_deployment_node_name: "{{ kubeinit_provision_service_node }}" - delegate_to: "{{ kubeinit_deployment_node_name }}" - # # Deploy extra roles # diff --git a/kubeinit/roles/kubeinit_openstack/README.md b/kubeinit/roles/kubeinit_openstack/README.md deleted file mode 100644 index 3856cae58..000000000 --- a/kubeinit/roles/kubeinit_openstack/README.md +++ /dev/null @@ -1,3 +0,0 @@ -Please, refer to the kubeinit_openstack role -[official docs](https://kubeinit.github.io/kubeinit/roles/role-kubeinit_openstack.html) -for further information. diff --git a/kubeinit/roles/kubeinit_openstack/defaults/main.yml b/kubeinit/roles/kubeinit_openstack/defaults/main.yml deleted file mode 100644 index 5c2535371..000000000 --- a/kubeinit/roles/kubeinit_openstack/defaults/main.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- -# Copyright kubeinit contributors -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# All variables intended for modification should be placed in this file. - -# All variables within this role should have a prefix of "kubeinit_openstack_" -kubeinit_openstack_debug: "{{ (ansible_verbosity | int) >= 2 | bool }}" -kubeinit_openstack_hide_sensitive_logs: true diff --git a/kubeinit/roles/kubeinit_openstack/files/.gitkeep b/kubeinit/roles/kubeinit_openstack/files/.gitkeep deleted file mode 100644 index e69de29bb..000000000 diff --git a/kubeinit/roles/kubeinit_openstack/handlers/main.yml b/kubeinit/roles/kubeinit_openstack/handlers/main.yml deleted file mode 100644 index 9490b54cc..000000000 --- a/kubeinit/roles/kubeinit_openstack/handlers/main.yml +++ /dev/null @@ -1,15 +0,0 @@ ---- -# Copyright kubeinit contributors -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. diff --git a/kubeinit/roles/kubeinit_openstack/meta/main.yml b/kubeinit/roles/kubeinit_openstack/meta/main.yml deleted file mode 100644 index a0277d786..000000000 --- a/kubeinit/roles/kubeinit_openstack/meta/main.yml +++ /dev/null @@ -1,44 +0,0 @@ ---- -# Copyright kubeinit contributors -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -galaxy_info: - author: KubeInit - role_name: kubeinit_openstack - namespace: kubeinit - description: KubeInit Role -- kubeinit_openstack - company: Red Hat - license: Apache-2.0 - min_ansible_version: 2.9 - # - # Provide a list of supported platforms, and for each platform a list of versions. - # If you don't wish to enumerate all versions for a particular platform, use 'all'. - # To view available platforms and versions (or releases), visit: - # https://galaxy.ansible.com/api/v1/platforms/ - # - platforms: - - name: CentOS - versions: - - 7 - - 8 - - galaxy_tags: - - kubeinit - - -# List your role dependencies here, one per line. Be sure to remove the '[]' above, -# if you add dependencies to this list. -dependencies: [] diff --git a/kubeinit/roles/kubeinit_openstack/molecule/default/converge.yml b/kubeinit/roles/kubeinit_openstack/molecule/default/converge.yml deleted file mode 100644 index 7cb7cd2fb..000000000 --- a/kubeinit/roles/kubeinit_openstack/molecule/default/converge.yml +++ /dev/null @@ -1,25 +0,0 @@ ---- -# Copyright kubeinit contributors -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Converge - hosts: all - # roles: - # - role: "kubeinit_openstack" - tasks: - - name: Message for "kubeinit_openstack" - ansible.builtin.debug: - msg: Finishing molecule for "kubeinit_openstack" diff --git a/kubeinit/roles/kubeinit_openstack/molecule/default/molecule.yml b/kubeinit/roles/kubeinit_openstack/molecule/default/molecule.yml deleted file mode 100644 index b5d8023ed..000000000 --- a/kubeinit/roles/kubeinit_openstack/molecule/default/molecule.yml +++ /dev/null @@ -1,13 +0,0 @@ ---- -dependency: - name: galaxy -driver: - name: docker -platforms: - - name: instance - image: quay.io/centos/centos:stream8 - pre_build_image: true -provisioner: - name: ansible -verifier: - name: ansible diff --git a/kubeinit/roles/kubeinit_openstack/molecule/default/verify.yml b/kubeinit/roles/kubeinit_openstack/molecule/default/verify.yml deleted file mode 100644 index 86afba4ff..000000000 --- a/kubeinit/roles/kubeinit_openstack/molecule/default/verify.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -# This is an example playbook to execute Ansible tests. - -- name: Verify - hosts: all - tasks: - - name: Example assertion - ansible.builtin.assert: - that: true diff --git a/kubeinit/roles/kubeinit_openstack/tasks/main.yml b/kubeinit/roles/kubeinit_openstack/tasks/main.yml deleted file mode 100644 index 4e3576348..000000000 --- a/kubeinit/roles/kubeinit_openstack/tasks/main.yml +++ /dev/null @@ -1,20 +0,0 @@ ---- -# Copyright kubeinit contributors -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# -# "kubeinit_openstack" tasks -# diff --git a/kubeinit/roles/kubeinit_openstack/tasks/prepare_auth.yml b/kubeinit/roles/kubeinit_openstack/tasks/prepare_auth.yml deleted file mode 100644 index 74d18cbe0..000000000 --- a/kubeinit/roles/kubeinit_openstack/tasks/prepare_auth.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- -# Copyright kubeinit contributors -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# -# "kubeinit_openstack" prepare_auth.yml tasks -# - -# Load clouds.yml diff --git a/kubeinit/roles/kubeinit_openstack/tasks/seed_deployment.yml b/kubeinit/roles/kubeinit_openstack/tasks/seed_deployment.yml deleted file mode 100644 index e54d6fc98..000000000 --- a/kubeinit/roles/kubeinit_openstack/tasks/seed_deployment.yml +++ /dev/null @@ -1,218 +0,0 @@ ---- -# Copyright kubeinit contributors -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# -# "kubeinit_openstack" seed_deployment.yml tasks -# - -# -# Creates a key pair with the current user public key -# -- name: Create the cluster access key - openstack.cloud.keypair: - auth: "{{ kubeinit_openstack_auth }}" - state: present - name: kubeinit_kp_inittest - public_key_file: /home/kubeinit/.ssh/kubeinit_inittest_id_rsa.pub - -# -# Network resources -# -- name: Create the cluster network - openstack.cloud.network: - auth: "{{ kubeinit_openstack_auth }}" - name: kubeinit_net_inittest - -- name: Create the cluster subnet - openstack.cloud.subnet: - auth: "{{ kubeinit_openstack_auth }}" - network_name: kubeinit_net_inittest - name: kubeinit_subnet_inittest - cidr: 10.0.0.0/24 - dns_nameservers: - - 8.8.8.8 - - 8.8.4.4 - -- name: Create the cluster router - openstack.cloud.router: - auth: "{{ kubeinit_openstack_auth }}" - name: kubeinit_router_inittest - enable_snat: true - interfaces: - - kubeinit_net_inittest - -# -# Flavors -# - -- name: Create a custom flavor - openstack.cloud.compute_flavor: - auth: "{{ kubeinit_openstack_auth }}" - state: present - name: kubeinit_flavor_inittest - ram: 32000 - vcpus: 4 - disk: 40 - ephemeral: 40 - -# -# Images -# -- name: Create the cluster nodes image - openstack.cloud.image: - auth: "{{ kubeinit_openstack_auth }}" - name: kubeinit_image_cs9_inittest - container_format: bare - disk_format: qcow2 - state: present - filename: cirros-0.3.0-x86_64-disk.img - kernel: cirros-vmlinuz - ramdisk: cirros-initrd - tags: - - custom - properties: - deployed_by: kubeinit - cpu_arch: x86_64 - distro: CentOS - -# -# Security groups and rules -# - -- name: Create controlplane security group - openstack.cloud.security_group: - auth: "{{ kubeinit_openstack_auth }}" - name: "kubeinit_sg_inittest" - state: present - -- name: Allow SSH to master from anywhere IPv4 - openstack.cloud.security_group_rule: - auth: "{{ kubeinit_openstack_auth }}" - security_group: "kubeinit_sg_inittest" - protocol: tcp - port_range_min: 22 - port_range_max: 22 - remote_ip_prefix: 0.0.0.0/0 - -- name: Allow SSH to master from anywhere IPv6 - openstack.cloud.security_group_rule: - auth: "{{ kubeinit_openstack_auth }}" - security_group: "kubeinit_sg_inittest" - ethertype: IPv6 - protocol: tcp - port_range_min: 22 - port_range_max: 22 - remote_ip_prefix: ::/0 - -- name: Allow K8S API to master from anywhere IPv4 - openstack.cloud.security_group_rule: - auth: "{{ kubeinit_openstack_auth }}" - security_group: "kubeinit_sg_inittest" - protocol: tcp - port_range_min: 6443 - port_range_max: 6443 - remote_ip_prefix: 0.0.0.0/0 - -- name: Allow K8S API to master from anywhere IPv6 - openstack.cloud.security_group_rule: - auth: "{{ kubeinit_openstack_auth }}" - security_group: "kubeinit_sg_inittest" - ethertype: IPv6 - protocol: tcp - port_range_min: 6443 - port_range_max: 6443 - remote_ip_prefix: ::/0 - -- name: Allow HTTP to master from anywhere IPv4 - openstack.cloud.security_group_rule: - auth: "{{ kubeinit_openstack_auth }}" - security_group: "kubeinit_sg_inittest" - protocol: tcp - port_range_min: 80 - port_range_max: 80 - remote_ip_prefix: 0.0.0.0/0 - -- name: Allow HTTP to master from anywhere IPv6 - openstack.cloud.security_group_rule: - auth: "{{ kubeinit_openstack_auth }}" - security_group: "kubeinit_sg_inittest" - ethertype: IPv6 - protocol: tcp - port_range_min: 80 - port_range_max: 80 - remote_ip_prefix: ::/0 - -- name: Allow HTTPS to master from anywhere IPv4 - openstack.cloud.security_group_rule: - auth: "{{ kubeinit_openstack_auth }}" - security_group: "kubeinit_sg_inittest" - protocol: tcp - port_range_min: 443 - port_range_max: 443 - remote_ip_prefix: 0.0.0.0/0 - -- name: Allow HTTPS to master from anywhere IPv6 - openstack.cloud.security_group_rule: - auth: "{{ kubeinit_openstack_auth }}" - security_group: "kubeinit_sg_inittest" - ethertype: IPv6 - protocol: tcp - port_range_min: 443 - port_range_max: 443 - remote_ip_prefix: ::/0 - -- name: Allow load balancer traffic to nodes - openstack.cloud.security_group_rule: - auth: "{{ kubeinit_openstack_auth }}" - security_group: "kubeinit_sg_inittest" - remote_ip_prefix: 10.0.0.0/24 - protocol: tcp - port_range_min: 30000 - port_range_max: 32767 - -- name: Allow traffic between nodes - openstack.cloud.security_group_rule: - auth: "{{ kubeinit_openstack_auth }}" - security_group: "kubeinit_sg_inittest" - remote_group: "kubeinit_sg_inittest" - -# -# Workloads resources -# -- name: Create a cluster's node instance - openstack.cloud.server: - auth: "{{ kubeinit_openstack_auth }}" - security_groups: "kubeinit_sg_inittest" - name: "kubeinit_server_inittest" - image: "{{ master_image }}" - boot_from_volume: "{{ master_boot_from_volume }}" - terminate_volume: "{{ master_terminate_volume }}" - volume_size: "{{ master_volume_size }}" - key_name: "{{ key_name }}" - flavor_ram: "{{ master_flavor_ram if not master_flavor_name else omit }}" - flavor: "{{ master_flavor_name if master_flavor_name else omit }}" - nics: - - net-name: "{{ network_name }}" - auto_ip: yes - userdata: | - #cloud-config - package_upgrade: true - hostname: "{{ master_name }}" - manage_etc_hosts: false - packages: - - python - - python-simplejson diff --git a/kubeinit/roles/kubeinit_openstack/vars/main.yml b/kubeinit/roles/kubeinit_openstack/vars/main.yml deleted file mode 100644 index ba5a30f89..000000000 --- a/kubeinit/roles/kubeinit_openstack/vars/main.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- -# Copyright kubeinit contributors -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# While options found within the vars/ path can be overridden using extra -# vars, items within this path are considered part of the role and not -# intended to be modified. - -# All variables within this role should have a prefix of "kubeinit_openstack_" diff --git a/kubeinit/roles/kubeinit_prepare/defaults/main.yml b/kubeinit/roles/kubeinit_prepare/defaults/main.yml index 513063e84..4fb9713f0 100644 --- a/kubeinit/roles/kubeinit_prepare/defaults/main.yml +++ b/kubeinit/roles/kubeinit_prepare/defaults/main.yml @@ -25,3 +25,4 @@ kubeinit_prepare_podman_dependencies: - podman - buildah - skopeo + - netavark diff --git a/kubeinit/roles/kubeinit_prepare/tasks/build_hypervisors_group.yml b/kubeinit/roles/kubeinit_prepare/tasks/build_hypervisors_group.yml index 58bb7ddf7..fbf6a6657 100644 --- a/kubeinit/roles/kubeinit_prepare/tasks/build_hypervisors_group.yml +++ b/kubeinit/roles/kubeinit_prepare/tasks/build_hypervisors_group.yml @@ -14,17 +14,10 @@ # License for the specific language governing permissions and limitations # under the License. -- name: Omit from documentation grapher - block: - - name: Stop the deployment if required - block: - - name: "Stop before 'task-gather-facts' when requested" - ansible.builtin.add_host: - name: "kubeinit-facts" - playbook_terminated: true - - name: End play - ansible.builtin.meta: end_play - when: kubeinit_stop_before_task is defined and kubeinit_stop_before_task == 'task-gather-facts' +- name: Stop the deployment if requested + ansible.builtin.assert: + msg: 'Stopping before task-gather-facts' + that: (kubeinit_stop_before_task | default('')) != 'task-gather-facts' tags: omit_from_grapher # @@ -51,6 +44,14 @@ _param_secret_names: - kubeinit-ssh-key +- name: Gather additional facts from localhost for kubeinit + ansible.builtin.include_role: + name: kubeinit.kubeinit.kubeinit_libvirt + tasks_from: gather_host_facts.yml + public: true + vars: + _param_gather_host: 'localhost' + - name: Lookup remote_user from command-line ansible.builtin.set_fact: kubeinit_cli_remote_user: "{{ lookup('kubeinit.kubeinit.cli_args', 'remote_user') }}" @@ -63,12 +64,14 @@ that: not hostvars['kubeinit-facts'].container_run or kubeinit_cli_remote_user|length > 0 - name: Define kubeinit remote_user - ansible.builtin.add_host: - name: "kubeinit-facts" - local_user: "{{ ansible_facts.user_id }}" - local_home: "{{ ansible_facts.user_dir }}" - remote_user: "{{ kubeinit_cli_remote_user if (kubeinit_cli_remote_user|length > 0) else ansible_facts.user_id }}" + ansible.builtin.set_fact: + local_user: "{{ ansible_user_id }}" + local_home: "{{ ansible_user_dir }}" + local_ssh_dir: "{{ ansible_user_dir + '/.ssh' }}" + remote_user: "{{ kubeinit_cli_remote_user if (kubeinit_cli_remote_user|length > 0) else ansible_user_id }}" ssh_keytype: "{{ hostvars['kubeinit-env'].ssh_keytype }}" + delegate_to: 'kubeinit-facts' + delegate_facts: true - name: Prepare cluster topology using kubeinit_spec command-line specification ansible.builtin.set_fact: @@ -117,9 +120,10 @@ kubeinit_cluster_name: "{{ kubeinit_cluster_map['cluster_name'] | default(groups['kubeinit_cluster'][0]) | default(kubeinit_spec_distro + 'cluster') }}" - name: Add kubeinit_cluster_name to kubeinit-facts - ansible.builtin.add_host: - name: "kubeinit-facts" + ansible.builtin.set_fact: cluster_name: "{{ kubeinit_cluster_name }}" + delegate_to: 'kubeinit-facts' + delegate_facts: true - name: Create kubeinit_cluster group ansible.builtin.add_host: @@ -127,43 +131,14 @@ group: 'kubeinit_cluster' when: groups['kubeinit_cluster'] | default([]) | length == 0 -- name: Create .ssh folder if needed - ansible.builtin.file: - path: "{{ hostvars['kubeinit-facts'].local_home + '/.ssh' }}" - state: directory - mode: 0700 - -- name: Gather additional facts from localhost for kubeinit - ansible.builtin.include_role: - name: kubeinit.kubeinit.kubeinit_libvirt - tasks_from: gather_host_facts.yml - public: true - vars: - _param_gather_host: 'localhost' - -- name: Generate an OpenSSH keypair on localhost - community.crypto.openssh_keypair: - path: "~/.ssh/{{ hostvars['kubeinit-facts'].cluster_name }}_id_{{ hostvars['kubeinit-facts'].ssh_keytype }}" - type: "{{ hostvars['kubeinit-facts'].ssh_keytype }}" - comment: "{{ hostvars['kubeinit-facts'].cluster_name }} ansible-controller" - regenerate: 'never' - register: _result_keypair - delegate_to: 'localhost' - -- name: Create authorized_key from keypair - ansible.builtin.set_fact: - authorized_key: "{{ _result_keypair.public_key + ' ' + _result_keypair.comment }}" - delegate_to: 'localhost' - delegate_facts: true - - name: Add kubeinit_cluster_map entries to kubeinit_cluster group - ansible.builtin.add_host: - name: "{{ kubeinit_cluster_name }}" - groups: 'kubeinit_cluster' + ansible.builtin.set_fact: cluster_domain: "{{ kubeinit_cluster_map['cluster_domain'] | default(omit) }}" hypervisor_name_pattern: "{{ kubeinit_cluster_map['hypervisor_name_pattern'] | default(omit) }}" controller_name_pattern: "{{ kubeinit_cluster_map['controller_name_pattern'] | default(omit) }}" compute_name_pattern: "{{ kubeinit_cluster_map['compute_name_pattern'] | default(omit) }}" + delegate_to: "{{ kubeinit_cluster_name }}" + delegate_facts: true when: kubeinit_cluster_map is defined - name: Load post_deployment_services_spec from yaml into a list @@ -172,10 +147,10 @@ when: post_deployment_services_spec is defined - name: Add post_deployment_services_list to kubeinit_cluster group - ansible.builtin.add_host: - name: "{{ kubeinit_cluster_name }}" - groups: 'kubeinit_cluster' + ansible.builtin.set_fact: post_deployment_services: "{{ post_deployment_services_list }}" + delegate_to: "{{ kubeinit_cluster_name }}" + delegate_facts: true when: post_deployment_services_list | default([]) | length > 0 - name: Load extra_roles_spec from yaml into a list @@ -184,10 +159,10 @@ when: extra_roles_spec is defined - name: Add extra_roles_list to kubeinit_cluster group - ansible.builtin.add_host: - name: "{{ kubeinit_cluster_name }}" - groups: 'kubeinit_cluster' + ansible.builtin.set_fact: extra_roles: "{{ extra_roles_list }}" + delegate_to: "{{ kubeinit_cluster_name }}" + delegate_facts: true when: extra_roles_list | default([]) | length > 0 - name: Load hypervisor_hosts_spec from yaml into a list of dictionaries @@ -204,83 +179,103 @@ extended: true when: hypervisor_hosts_map_list[ansible_loop.index0]['host'] | default('') | length > 0 and groups['hypervisor_hosts'][ansible_loop.index0] | default('') | length > 0 -- name: Create names and defaults for new cluster hypervisors +- name: Create hypervisor hosts for undefined cluster hypervisors ansible.builtin.add_host: name: "{{ hypervisor_hosts_map_list[ansible_loop.index0]['host'] | default(hostvars[kubeinit_cluster_name].hypervisor_name_pattern | format(ansible_loop.index)) }}" groups: - 'hypervisor_hosts' - 'kubeinit_hypervisors' - ansible_connection: 'smart' - ansible_user: "{{ hostvars['kubeinit-facts'].remote_user }}" loop: "{{ range(kubeinit_spec_hypervisor_count|int) | list }}" loop_control: extended: true when: groups['hypervisor_hosts'] | default([]) | length == 0 - name: Assign defaults to existing cluster hypervisors - ansible.builtin.add_host: - name: "{{ groups['hypervisor_hosts'][ansible_loop.index0] }}" - groups: 'kubeinit_hypervisors' + ansible.builtin.set_fact: ansible_connection: 'smart' ansible_user: "{{ hostvars['kubeinit-facts'].remote_user }}" loop: "{{ range(kubeinit_spec_hypervisor_count|int) | list }}" loop_control: extended: true + delegate_to: "{{ groups['hypervisor_hosts'][ansible_loop.index0] }}" + delegate_facts: true - name: Add remaining spec vars to kubeinit_hypervisors group - ansible.builtin.add_host: - name: "{{ item }}" - groups: 'kubeinit_hypervisors' + ansible.builtin.set_fact: ansible_host: "{{ hypervisor_hosts_map_list[ansible_loop.index0]['ansible_host'] | default(omit) }}" ssh_hostname: "{{ hypervisor_hosts_map_list[ansible_loop.index0]['ssh_hostname'] | default(omit) }}" ssh_username: "{{ hypervisor_hosts_map_list[ansible_loop.index0]['ssh_username'] | default(omit) }}" loop: "{{ groups['kubeinit_hypervisors'] }}" loop_control: extended: true + delegate_to: "{{ item }}" + delegate_facts: true when: hypervisor_hosts_map_list is defined - name: Add kubeinit_spec facts to cluster facts - ansible.builtin.add_host: - name: "{{ kubeinit_cluster_name }}" - groups: 'kubeinit_cluster' + ansible.builtin.set_fact: distro: "{{ kubeinit_spec_distro }}" distro_role: "{{ kubeinit_distro_role }}" controller_count: "{{ kubeinit_spec_controller_count }}" compute_count: "{{ kubeinit_spec_compute_count }}" + delegate_to: "{{ kubeinit_cluster_name }}" + delegate_facts: true - name: Set more cluster facts from inventory groups and kubeinit_spec ansible.builtin.set_fact: kubeinit_cluster_distro: "{{ kubeinit_spec_distro }}" kubeinit_cluster_distro_role: "{{ kubeinit_distro_role }}" - kubeinit_cluster_fqdn: "{{ kubeinit_cluster_name }}.{{ hostvars[kubeinit_cluster_name].cluster_domain }}" + kubeinit_cluster_domain: "{{ hostvars[kubeinit_cluster_name].cluster_domain }}" + kubeinit_cluster_fqdn: "{{ kubeinit_cluster_name + '.' + hostvars[kubeinit_cluster_name].cluster_domain }}" -- name: Set kubeinit_cluster_ssh_config fact - ansible.builtin.set_fact: - kubeinit_cluster_ssh_config: "{{ hostvars['kubeinit-facts'].local_home + '/.ssh/' + kubeinit_cluster_name + '_config' }}" - kubeinit_cluster_keypair_path: "{{ hostvars['kubeinit-facts'].local_home + '/.ssh/kubeinit_id_' + hostvars['kubeinit-facts'].ssh_keytype }}" - -- name: Add ansible_ssh_extra_args to kubeinit_hypervisors group - ansible.builtin.add_host: - name: "{{ item }}" - groups: 'kubeinit_hypervisors' - ansible_ssh_extra_args: "-i {{ kubeinit_cluster_keypair_path }} -F {{ kubeinit_cluster_ssh_config }}" - loop: "{{ groups['kubeinit_hypervisors'] }}" +- name: Create local_ssh_dir folder if needed + ansible.builtin.file: + path: "{{ hostvars['kubeinit-facts'].local_ssh_dir }}" + state: directory + mode: '0700' -- name: Copy ssh key secret into ~/.ssh +- name: Copy kubeinit-ssh-key secret into local_ssh_dir ansible.builtin.copy: content: "{{ lookup('unvault', hostvars['kubeinit-secrets'].secrets['kubeinit-ssh-key']) }}" - dest: "~/.ssh/kubeinit_id_{{ hostvars['kubeinit-facts'].ssh_keytype }}" + dest: "{{ hostvars['kubeinit-facts'].local_ssh_dir + '/id_' + hostvars['kubeinit-facts'].ssh_keytype }}" mode: '0600' when: hostvars['kubeinit-facts'].container_run|bool +- name: Set kubeinit_cluster_keypair_path fact + ansible.builtin.set_fact: + kubeinit_cluster_keypair_path: "{{ hostvars['kubeinit-facts'].local_ssh_dir + '/' + hostvars['kubeinit-facts'].cluster_name + '_id_' + hostvars['kubeinit-facts'].ssh_keytype }}" + +- name: Generate an OpenSSH keypair for the cluster + community.crypto.openssh_keypair: + path: "{{ kubeinit_cluster_keypair_path }}" + type: "{{ hostvars['kubeinit-facts'].ssh_keytype }}" + comment: "{{ hostvars['kubeinit-facts'].cluster_name + ' ansible-controller' }}" + regenerate: 'never' + register: _result_keypair + +- name: Set authorized_key fact from keypair + ansible.builtin.set_fact: + authorized_key: "{{ _result_keypair.public_key + ' ' + _result_keypair.comment }}" + +- name: Add cluster authorized_key to root account of all hypervisors + ansible.posix.authorized_key: + user: root + key: "{{ authorized_key }}" + state: present + become: true + become_user: root + loop: "{{ groups['kubeinit_hypervisors'] }}" + delegate_to: "{{ item }}" + delegate_facts: true + - name: Check if kubeinit ssh config exists ansible.builtin.stat: - path: "{{ hostvars['kubeinit-facts'].local_home + '/.ssh/kubeinit_config' }}" + path: "{{ hostvars['kubeinit-facts'].local_ssh_dir + '/kubeinit_config' }}" register: _result_kubeinit_ssh_config_stat - name: Check if ssh config exists ansible.builtin.stat: - path: "{{ hostvars['kubeinit-facts'].local_home + '/.ssh/config' }}" + path: "{{ hostvars['kubeinit-facts'].local_ssh_dir + '/config' }}" register: _result_ssh_config_stat when: not _result_kubeinit_ssh_config_stat.stat.exists @@ -289,6 +284,10 @@ kubeinit_cluster_ssh_include_paths: "{{ [_result_kubeinit_ssh_config_stat.stat.path] if (_result_kubeinit_ssh_config_stat.stat.exists) else [_result_ssh_config_stat.stat.path] if (_result_ssh_config_stat.stat.exists) else [] }}" +- name: Set kubeinit_cluster_ssh_config fact + ansible.builtin.set_fact: + kubeinit_cluster_ssh_config: "{{ hostvars['kubeinit-facts'].local_ssh_dir + '/' + hostvars['kubeinit-facts'].cluster_name + '_config' }}" + - name: Create ssh config file from template ansible.builtin.include_role: name: kubeinit.kubeinit.kubeinit_prepare @@ -300,3 +299,23 @@ _param_keypair_path: "{{ kubeinit_cluster_keypair_path }}" _param_dest_path: "{{ kubeinit_cluster_ssh_config }}" _param_include_paths: "{{ kubeinit_cluster_ssh_include_paths }}" + +- name: Ensure kubeinit remote_user fact is set to root + ansible.builtin.set_fact: + remote_user: 'root' + delegate_to: 'kubeinit-facts' + delegate_facts: true + +- name: Add ansible_ssh_extra_args to hypervisors + ansible.builtin.set_fact: + ansible_ssh_extra_args: "{{ '-i ' + kubeinit_cluster_keypair_path + ' -F ' + kubeinit_cluster_ssh_config }}" + ansible_user: "{{ hostvars['kubeinit-facts'].remote_user }}" + loop: "{{ groups['kubeinit_hypervisors'] }}" + delegate_to: "{{ item }}" + delegate_facts: true + +- name: Confirm that we have ansible host connectivity + ansible.builtin.ping: + loop: "{{ groups['kubeinit_hypervisors'] }}" + delegate_to: "{{ item }}" + delegate_facts: true diff --git a/kubeinit/roles/kubeinit_prepare/tasks/gather_kubeinit_facts.yml b/kubeinit/roles/kubeinit_prepare/tasks/gather_kubeinit_facts.yml index b1696aa86..90bb18e07 100644 --- a/kubeinit/roles/kubeinit_prepare/tasks/gather_kubeinit_facts.yml +++ b/kubeinit/roles/kubeinit_prepare/tasks/gather_kubeinit_facts.yml @@ -93,6 +93,7 @@ group: ['controller_nodes', 'cluster_nodes'] ansible_connection: 'ssh' ansible_host: "{{ kubeinit_cluster_next_available | ansible.utils.ipmath(ansible_loop.index0) | ansible.utils.ipv4('address') }}" + ansible_user: root type: 'virtual' loop: "{{ range(kubeinit_spec_controller_count|int) | list }}" loop_control: @@ -110,6 +111,7 @@ group: ['compute_nodes', 'cluster_nodes'] ansible_connection: 'ssh' ansible_host: "{{ kubeinit_cluster_next_available | ansible.utils.ipmath(ansible_loop.index0) | ansible.utils.ipv4('address') }}" + ansible_user: root type: 'virtual' loop: "{{ range(kubeinit_spec_compute_count|int) | list }}" loop_control: @@ -148,6 +150,7 @@ group: 'extra_nodes' ansible_connection: 'ssh' ansible_host: "{{ kubeinit_cluster_next_available | ansible.utils.ipmath(ansible_loop.index0) | ansible.utils.ipv4('address') }}" + ansible_user: root type: 'virtual' loop: "{{ groups['extra_nodes'] | default([]) }}" loop_control: @@ -186,6 +189,7 @@ group: 'service_nodes' ansible_connection: 'ssh' ansible_host: "{{ kubeinit_cluster_last_available | ansible.utils.ipmath(0 - ansible_loop.index0) | ansible.utils.ipv4('address') }}" + ansible_user: root type: 'container' loop: "{{ groups['service_nodes'] }}" loop_control: @@ -358,13 +362,6 @@ ansible.builtin.set_fact: kubeinit_dns_public: "{{ hostvars['kubeinit-env'].dns_public }}" -- name: Set libvirt release facts - ansible.builtin.set_fact: - kubeinit_libvirt_debian_release: "11" - # It is possible to configure different versions of the OS depending on the distribution - # kubeinit_libvirt_ubuntu_release: "{{ 'focal' if (kubeinit_cluster_distro == 'cdk') else 'jammy' }}" - kubeinit_libvirt_ubuntu_release: "jammy" - - name: Set registry authentication facts ansible.builtin.set_fact: kubeinit_registry_user: registryusername diff --git a/kubeinit/roles/kubeinit_prepare/tasks/main.yml b/kubeinit/roles/kubeinit_prepare/tasks/main.yml index 03b4259ff..fbb0d40c2 100644 --- a/kubeinit/roles/kubeinit_prepare/tasks/main.yml +++ b/kubeinit/roles/kubeinit_prepare/tasks/main.yml @@ -173,6 +173,7 @@ ansible.builtin.package: state: present name: "podman" + use: "{{ hostvars['localhost']['ansible_facts']['pkg_mgr'] }}" when: not hostvars['localhost'].podman_is_installed - name: Define service node facts @@ -181,14 +182,12 @@ kubeinit_bind_service_name: "{{ kubeinit_cluster_name }}-bind" kubeinit_dnsmasq_service_name: "{{ kubeinit_cluster_name }}-dnsmasq" kubeinit_haproxy_service_name: "{{ kubeinit_cluster_name }}-haproxy" - kubeinit_nexus_service_name: "{{ kubeinit_cluster_name }}-nexus" kubeinit_provision_service_name: "{{ kubeinit_cluster_name }}-provision" kubeinit_registry_service_name: "{{ kubeinit_cluster_name }}-registry" kubeinit_apache_service_node: "{{ kubeinit_cluster_hostvars.services['apache'] | default(None) }}" kubeinit_bind_service_node: "{{ kubeinit_cluster_hostvars.services['bind'] | default(None) }}" kubeinit_dnsmasq_service_node: "{{ kubeinit_cluster_hostvars.services['dnsmasq'] | default(None) }}" kubeinit_haproxy_service_node: "{{ kubeinit_cluster_hostvars.services['haproxy'] | default(None) }}" - kubeinit_nexus_service_node: "{{ kubeinit_cluster_hostvars.services['nexus'] | default(None) }}" kubeinit_provision_service_node: "{{ kubeinit_cluster_hostvars.services['provision'] }}" kubeinit_registry_service_node: "{{ kubeinit_cluster_hostvars.services['registry'] | default(None) }}" loop: "{{ ['localhost'] | union(groups['kubeinit_hypervisors']) }}" @@ -255,17 +254,12 @@ kubeinit_bind_service_address: "{{ hostvars[kubeinit_bind_service_node].ansible_host | default(None) }}" kubeinit_dnsmasq_service_address: "{{ hostvars[kubeinit_dnsmasq_service_node].ansible_host | default(None) }}" kubeinit_haproxy_service_address: "{{ hostvars[kubeinit_haproxy_service_node].ansible_host | default(None) }}" - kubeinit_nexus_service_address: "{{ hostvars[kubeinit_nexus_service_node].ansible_host | default(None) }}" kubeinit_provision_service_address: "{{ hostvars[kubeinit_provision_service_node].ansible_host }}" kubeinit_registry_service_address: "{{ hostvars[kubeinit_registry_service_node].ansible_host | default(None) }}" kubeinit_service_user: "root" kubeinit_service_user_dir: "/root" kubeinit_ingress_hostname: "ingress" kubeinit_bind_volume_name: "{{ kubeinit_bind_service_name }}-config" - kubeinit_nexus_port: "5001" - kubeinit_nexus_fqdn: "{{ kubeinit_nexus_service_node }}.{{ kubeinit_cluster_fqdn }}" - kubeinit_nexus_fqdn_alt: "nexus.{{ kubeinit_cluster_fqdn }}" - kubeinit_nexus_uri: "{{ kubeinit_nexus_service_node }}.{{ kubeinit_cluster_fqdn }}:5001" kubeinit_registry_port: "5000" kubeinit_registry_fqdn: "{{ kubeinit_registry_service_node }}.{{ kubeinit_cluster_fqdn }}" kubeinit_registry_fqdn_alt: "registry.{{ kubeinit_cluster_fqdn }}" diff --git a/kubeinit/roles/kubeinit_prepare/tasks/prepare_podman.yml b/kubeinit/roles/kubeinit_prepare/tasks/prepare_podman.yml index e3d115b24..39eccabb3 100644 --- a/kubeinit/roles/kubeinit_prepare/tasks/prepare_podman.yml +++ b/kubeinit/roles/kubeinit_prepare/tasks/prepare_podman.yml @@ -17,76 +17,11 @@ - name: Install podman dependencies if requested block: - - name: Setup kubeinit repo for Debian distribution - block: - - - name: Set cgroup_manager for debian release - ansible.builtin.copy: - content: | - [engine] - cgroup_manager = "cgroupfs" - dest: '/etc/containers/containers.conf' - mode: '0644' - become: true - become_user: root - - - name: Set version facts - ansible.builtin.set_fact: - _version: "{{ _param_hostvars.ansible_distribution_version.split('-')[0] }}" - - - name: Set version facts - ansible.builtin.set_fact: - _stability: "{{ 'stable' if (_version is version('11', 'le')) else 'testing' }}" - - - name: Set version facts - ansible.builtin.set_fact: - _path_element: "{{ _param_hostvars.ansible_distribution + '_' + _version if (_stability is 'stable') else _param_hostvars.ansible_distribution + '_testing' }}" - - when: _param_hostvars.ansible_distribution == 'Debian' - - - name: Setup kubeinit repo for Ubuntu distribution - block: - - - name: Set version facts - ansible.builtin.set_fact: - _version: "{{ _param_hostvars.ansible_distribution_version }}" - _stability: "{{ 'stable' if (_param_hostvars.ansible_distribution_version is version('22.04', 'le')) else 'testing' }}" - - - name: Set version facts - ansible.builtin.set_fact: - _path_element: "{{ '/x' + _param_hostvars.ansible_distribution + '_' + _version }}" - - when: _param_hostvars.ansible_distribution == 'Ubuntu' - - - name: Setup kubeinit repo for Debian family - block: - - - name: Make sure we have curl installed - ansible.builtin.package: - name: curl - state: present - become: true - become_user: root - - - name: Add the Podman kubeinit package repository to Apt - ansible.builtin.shell: | - set -eo pipefail - echo "deb https://download.opensuse.org/repositories/home:/kubeinit/{{ _path_element }}/ /" > /etc/apt/sources.list.d/kubeinit.list - curl -L "https://download.opensuse.org/repositories/home:/kubeinit/{{ _path_element }}/Release.key" | apt-key add - - apt-get update - args: - executable: /bin/bash - become: true - become_user: root - register: _result - changed_when: "_result.rc == 0" - - when: _param_hostvars.distribution_family == 'Debian' - - name: Install podman dependencies ansible.builtin.package: name: "{{ kubeinit_prepare_podman_dependencies }}" state: present + use: "{{ _param_hostvars['ansible_facts']['pkg_mgr'] }}" become: true become_user: root diff --git a/kubeinit/roles/kubeinit_registry/tasks/main.yml b/kubeinit/roles/kubeinit_registry/tasks/main.yml index 3aea436c7..3e852315c 100644 --- a/kubeinit/roles/kubeinit_registry/tasks/main.yml +++ b/kubeinit/roles/kubeinit_registry/tasks/main.yml @@ -18,6 +18,7 @@ ansible.builtin.package: state: present name: "buildah" + use: "{{ hostvars[kubeinit_deployment_delegate]['ansible_facts']['pkg_mgr'] }}" - name: Create a new working container image ansible.builtin.command: buildah from --name {{ kubeinit_cluster_name }}-registry quay.io/kubeinit/registry:2 diff --git a/kubeinit/roles/kubeinit_services/defaults/main.yml b/kubeinit/roles/kubeinit_services/defaults/main.yml index 62dd07d24..e72d71457 100644 --- a/kubeinit/roles/kubeinit_services/defaults/main.yml +++ b/kubeinit/roles/kubeinit_services/defaults/main.yml @@ -35,9 +35,4 @@ kubeinit_registry_directories: kubeinit_registry_pullsecret: "{{ '{\"auths\": {}}' | from_json }}" -kubeinit_registry_required_packages: - - python3 - - python3-dns - - jq - kubeinit_registry_auth_file: registry-auths.json diff --git a/kubeinit/roles/kubeinit_services/tasks/00_create_service_pod.yml b/kubeinit/roles/kubeinit_services/tasks/00_create_service_pod.yml index 9d79c61db..f47d4c892 100644 --- a/kubeinit/roles/kubeinit_services/tasks/00_create_service_pod.yml +++ b/kubeinit/roles/kubeinit_services/tasks/00_create_service_pod.yml @@ -161,9 +161,13 @@ state: started register: _result_pod_info + - name: Set _pod_info_first_pod fact + ansible.builtin.set_fact: + _pod_info_first_pod: "{{ _result_pod_info.pod[0] | default(_result_pod_info.pod) }}" + - name: Gather info about the infra container of the services pod containers.podman.podman_container_info: - name: "{{ _result_pod_info.pod.Containers[0].Name }}" + name: "{{ _pod_info_first_pod.Containers[0].Name }}" register: _result_infra_container_info delegate_to: "{{ kubeinit_deployment_delegate }}" diff --git a/kubeinit/roles/kubeinit_services/tasks/create_provision_container.yml b/kubeinit/roles/kubeinit_services/tasks/create_provision_container.yml index d2c8b01f0..6ed7a0cb1 100644 --- a/kubeinit/roles/kubeinit_services/tasks/create_provision_container.yml +++ b/kubeinit/roles/kubeinit_services/tasks/create_provision_container.yml @@ -21,6 +21,7 @@ ansible.builtin.package: state: present name: "buildah" + use: "{{ hostvars[kubeinit_deployment_delegate]['ansible_facts']['pkg_mgr'] }}" - name: Remove any old buildah container ansible.builtin.shell: | @@ -45,7 +46,7 @@ register: _result changed_when: "_result.rc == 0" - name: Install commands and services we will need - ansible.builtin.command: buildah run {{ kubeinit_cluster_name }}-provision -- dnf install -q -y systemd openssh openssh-server openssh-clients procps iproute iputils net-tools python3 python3-pip jq + ansible.builtin.command: buildah run {{ kubeinit_cluster_name }}-provision -- dnf install -q -y systemd openssh openssh-server openssh-clients procps iproute iputils net-tools python3 python3-pip python3-dns jq register: _result changed_when: "_result.rc == 0" when: kubeinit_deployment_os == 'centos' @@ -61,7 +62,7 @@ register: _result changed_when: "_result.rc == 0" - name: Install commands and services we will need - ansible.builtin.command: buildah run {{ kubeinit_cluster_name }}-provision -- env DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true apt-get install -q -y systemd openssh-server openssh-client procps iproute2 iputils-ping net-tools python3 python3-pip jq curl + ansible.builtin.command: buildah run {{ kubeinit_cluster_name }}-provision -- env DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true apt-get install -q -y systemd openssh-server openssh-client procps iproute2 iputils-ping net-tools python3 python3-pip python3-dns jq curl register: _result changed_when: "_result.rc == 0" - name: Missing privilege separation directory @@ -81,7 +82,7 @@ register: _result changed_when: "_result.rc == 0" - name: Install commands and services we will need - ansible.builtin.command: buildah run {{ kubeinit_cluster_name }}-provision -- env DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true apt-get install -q -y systemd openssh-server openssh-client procps iproute2 iputils-ping net-tools python3 python3-pip jq curl + ansible.builtin.command: buildah run {{ kubeinit_cluster_name }}-provision -- env DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true apt-get install -q -y systemd openssh-server openssh-client procps iproute2 iputils-ping net-tools python3 python3-pip python3-dns jq curl register: _result changed_when: "_result.rc == 0" - name: Create folder normally done by service ssh start @@ -162,6 +163,7 @@ ansible_connection: containers.podman.podman ansible_python_interpreter: /usr/bin/python3 ansible_podman_extra_args: --remote --connection "{{ hostvars[kubeinit_deployment_node_name].target }}" + ansible_user: root - name: Disable pipelining while using podman connector block: @@ -191,19 +193,25 @@ changed_when: "_result.rc == 0" when: "'registry' in kubeinit_cluster_hostvars.services" - - name: Make sure packages to generate registry credentials are installed - ansible.builtin.package: - state: present - name: "{{ kubeinit_registry_required_packages | default([]) }}" + - name: Install cryptography and passlib + ansible.builtin.shell: | + set -o pipefail + python3 -m pip install -q cryptography passlib + args: + executable: /bin/bash + register: _result + changed_when: "_result.rc == 0" + when: kubeinit_deployment_os == 'centos' - - name: Install cryptography, passlib and nexus3-cli + - name: Install cryptography, passlib and apt ansible.builtin.shell: | set -o pipefail - python3 -m pip install -q cryptography==3.3.2 passlib nexus3-cli + apt install -y python3-cryptography python3-passlib python3-apt args: executable: /bin/bash register: _result changed_when: "_result.rc == 0" + when: kubeinit_deployment_os == 'ubuntu' or kubeinit_deployment_os == 'debian' - name: Remove nologin marker ansible.builtin.file: diff --git a/kubeinit/roles/kubeinit_services/tasks/prepare_credentials.yml b/kubeinit/roles/kubeinit_services/tasks/prepare_credentials.yml index 6a264b787..e9c5d7684 100644 --- a/kubeinit/roles/kubeinit_services/tasks/prepare_credentials.yml +++ b/kubeinit/roles/kubeinit_services/tasks/prepare_credentials.yml @@ -21,6 +21,7 @@ ansible.builtin.package: state: present name: "buildah" + use: "{{ hostvars[kubeinit_deployment_delegate]['ansible_facts']['pkg_mgr'] }}" - name: Remove any old buildah container ansible.builtin.shell: | @@ -45,7 +46,7 @@ changed_when: "_result.rc == 0" - name: Install commands and services we will need - ansible.builtin.command: buildah run {{ kubeinit_cluster_name }}-credentials -- dnf install -q -y python3 python3-pip procps iproute iputils net-tools bind-utils + ansible.builtin.command: buildah run {{ kubeinit_cluster_name }}-credentials -- dnf install -q -y python3 python3-pip python3-dns jq procps iproute iputils net-tools bind-utils register: _result changed_when: "_result.rc == 0" @@ -99,6 +100,7 @@ ansible_connection: containers.podman.podman ansible_python_interpreter: /usr/bin/python3 ansible_podman_extra_args: --remote --connection "{{ hostvars[kubeinit_deployment_node_name].target }}" + ansible_user: root - name: Disable pipelining while using podman connector block: @@ -116,15 +118,10 @@ state: directory mode: '0755' - - name: Make sure packages to generate registry credentials are installed - ansible.builtin.package: - state: present - name: "{{ kubeinit_registry_required_packages | default([]) }}" - - name: Install cryptography and passlib ansible.builtin.shell: | set -o pipefail - python3 -m pip install cryptography==3.3.2 passlib + python3 -m pip install cryptography passlib args: executable: /bin/bash register: _result diff --git a/kubeinit/roles/kubeinit_services/tasks/start_services_containers.yml b/kubeinit/roles/kubeinit_services/tasks/start_services_containers.yml index b7aea4086..6405f5134 100644 --- a/kubeinit/roles/kubeinit_services/tasks/start_services_containers.yml +++ b/kubeinit/roles/kubeinit_services/tasks/start_services_containers.yml @@ -45,15 +45,6 @@ public: true when: "'haproxy' in hostvars[kubeinit_deployment_node_name].services" - # - # Configure Nexus - # - - name: Configure Nexus - ansible.builtin.include_role: - name: kubeinit.kubeinit.kubeinit_nexus - public: true - when: "'nexus' in hostvars[kubeinit_deployment_node_name].services" - # # Configure httpd # diff --git a/periodic_jobs.md b/periodic_jobs.md index e15ccbf75..5a56383cc 100644 --- a/periodic_jobs.md +++ b/periodic_jobs.md @@ -18,10 +18,6 @@ | Origin Distribution of K8s | <a href='https://ci.kubeinit.org/file/kubeinit-ci/jobs/okd-libvirt-3-0-2-h-periodic-pid-weekly-u/index.html'><img height='20px' src='https://ci.kubeinit.org/file/kubeinit-ci/jobs/okd-libvirt-3-0-2-h-periodic-pid-weekly-u/badge_status.svg'/></a> | libvirt | 3 | 0 | 2 | Host | | Origin Distribution of K8s | <a href='https://ci.kubeinit.org/file/kubeinit-ci/jobs/okd-libvirt-1-1-1-h-periodic-pid-weekly-u/index.html'><img height='20px' src='https://ci.kubeinit.org/file/kubeinit-ci/jobs/okd-libvirt-1-1-1-h-periodic-pid-weekly-u/badge_status.svg'/></a> | libvirt | 1 | 1 | 1 | Host | | Origin Distribution of K8s | <a href='https://ci.kubeinit.org/file/kubeinit-ci/jobs/okd-libvirt-1-0-1-h-periodic-pid-weekly-u/index.html'><img height='20px' src='https://ci.kubeinit.org/file/kubeinit-ci/jobs/okd-libvirt-1-0-1-h-periodic-pid-weekly-u/badge_status.svg'/></a> | libvirt | 1 | 0 | 1 | Host | -| KubeInit distro | <a href='https://ci.kubeinit.org/file/kubeinit-ci/jobs/kid-libvirt-3-1-1-h-periodic-pid-weekly-u/index.html'><img height='20px' src='https://ci.kubeinit.org/file/kubeinit-ci/jobs/kid-libvirt-3-1-1-h-periodic-pid-weekly-u/badge_status.svg'/></a> | libvirt | 3 | 1 | 1 | Host | -| KubeInit distro | <a href='https://ci.kubeinit.org/file/kubeinit-ci/jobs/kid-libvirt-3-0-2-h-periodic-pid-weekly-u/index.html'><img height='20px' src='https://ci.kubeinit.org/file/kubeinit-ci/jobs/kid-libvirt-3-0-2-h-periodic-pid-weekly-u/badge_status.svg'/></a> | libvirt | 3 | 0 | 2 | Host | -| KubeInit distro | <a href='https://ci.kubeinit.org/file/kubeinit-ci/jobs/kid-libvirt-1-1-1-h-periodic-pid-weekly-u/index.html'><img height='20px' src='https://ci.kubeinit.org/file/kubeinit-ci/jobs/kid-libvirt-1-1-1-h-periodic-pid-weekly-u/badge_status.svg'/></a> | libvirt | 1 | 1 | 1 | Host | -| KubeInit distro | <a href='https://ci.kubeinit.org/file/kubeinit-ci/jobs/kid-libvirt-1-0-1-h-periodic-pid-weekly-u/index.html'><img height='20px' src='https://ci.kubeinit.org/file/kubeinit-ci/jobs/kid-libvirt-1-0-1-h-periodic-pid-weekly-u/badge_status.svg'/></a> | libvirt | 1 | 0 | 1 | Host | | Vanilla K8s | <a href='https://ci.kubeinit.org/file/kubeinit-ci/jobs/k8s-libvirt-3-1-1-h-periodic-pid-weekly-u/index.html'><img height='20px' src='https://ci.kubeinit.org/file/kubeinit-ci/jobs/k8s-libvirt-3-1-1-h-periodic-pid-weekly-u/badge_status.svg'/></a> | libvirt | 3 | 1 | 1 | Host | | Vanilla K8s | <a href='https://ci.kubeinit.org/file/kubeinit-ci/jobs/k8s-libvirt-3-0-2-h-periodic-pid-weekly-u/index.html'><img height='20px' src='https://ci.kubeinit.org/file/kubeinit-ci/jobs/k8s-libvirt-3-0-2-h-periodic-pid-weekly-u/badge_status.svg'/></a> | libvirt | 3 | 0 | 2 | Host | | Vanilla K8s | <a href='https://ci.kubeinit.org/file/kubeinit-ci/jobs/k8s-libvirt-1-1-1-h-periodic-pid-weekly-u/index.html'><img height='20px' src='https://ci.kubeinit.org/file/kubeinit-ci/jobs/k8s-libvirt-1-1-1-h-periodic-pid-weekly-u/badge_status.svg'/></a> | libvirt | 1 | 1 | 1 | Host | @@ -33,4 +29,4 @@ processed in the [render_periodic_jobs_page.py](https://github.com/Kubeinit/kubeinit/blob/main/ci/render_periodic_jobs_page.py) script. After every merge, changes to this file will be verified by the [render_periodic_jobs_status_page](https://github.com/Kubeinit/kubeinit/blob/main/.github/workflows/render_periodic_jobs_status_page.yml) -job, if there are changes, a new PR will be pushed automatically. \ No newline at end of file +job, if there are changes, a new PR will be pushed automatically.