--- # SPDX-license-identifier: Apache-2.0 ############################################################################## # Copyright (c) 2018 # All rights reserved. This program and the accompanying materials # are made available under the terms of the Apache License, Version 2.0 # which accompanies this distribution, and is available at # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## - hosts: localhost vars: images_file: /tmp/images.yaml pre_tasks: - name: Load kud variables include_vars: file: kud-vars.yml roles: - role: geerlingguy.docker when: virtlet_source_type == "source" tasks: - name: create Virtlet binary folder file: state: directory path: "{{ virtlet_dest }}" - name: apply virtlet extraRuntime label command: "/usr/local/bin/kubectl label node {{ item }} extraRuntime=virtlet --overwrite" with_inventory_hostnames: virtlet - name: create image translations confimap file blockinfile: path: "{{ images_file }}" create: yes block: | translations: - name: ubuntu/14.04 url: https://cloud-images.ubuntu.com/trusty/current/trusty-server-cloudimg-amd64-disk1.img - name: ubuntu/16.04 url: https://cloud-images.ubuntu.com/xenial/current/xenial-server-cloudimg-amd64-disk1.img - name: ubuntu/18.04 url: https://cloud-images.ubuntu.com/bionic/current/bionic-server-cloudimg-amd64.img - regexp: 'centos/(\d+)-(\d+)' url: 'https://cloud.centos.org/centos/$1/images/CentOS-$1-x86_64-GenericCloud-$2.qcow2' - name: fedora url: https://dl.fedoraproject.org/pub/fedora/linux/releases/29/Cloud/x86_64/images/Fedora-Cloud-Base-29-1.2.x86_64.qcow2 {% if lookup('env','http_proxy') != "" %} transports: "": proxy: "{{ lookup('env','http_proxy') }}" {% endif %} - name: install image translations configmap shell: "/usr/local/bin/kubectl create configmap -n kube-system virtlet-image-translations --from-file {{ images_file }} --dry-run -o yaml | /usr/local/bin/kubectl apply -f -" ignore_errors: True - name: create Virtlet folder file: state: directory path: "{{ virtlet_dest }}" - name: getting source code block: - name: clone Virtlet repo git: repo: "{{ virtlet_url }}" dest: "{{ virtlet_dest }}" version: "{{ virtlet_version }}" force: yes - name: configure proxy values for docker service block: - name: create docker config folder become: yes file: state: directory path: "/etc/systemd/system/docker.service.d" - name: Configure docker service to use http_proxy env value become: yes blockinfile: dest: "/etc/systemd/system/docker.service.d/http-proxy.conf" create: yes block: | [Service] Environment="HTTP_PROXY={{ lookup('env','http_proxy') }}" when: - lookup('env','http_proxy') != "fooproxy" - name: Configure docker service to use https_proxy env value become: yes blockinfile: dest: "/etc/systemd/system/docker.service.d/https-proxy.conf" create: yes block: | [Service] Environment="HTTPS_PROXY={{ lookup('env','https_proxy') }}" when: - lookup('env','https_proxy') != "fooproxy" - name: Configure docker service to use no_proxy env value become: yes blockinfile: dest: "/etc/systemd/system/docker.service.d/no-proxy.conf" create: yes block: | [Service] Environment="NO_PROXY={{ lookup('env','no_proxy') }}" when: - lookup('env','no_proxy') != "fooproxy" - name: reload systemd become: yes command: systemctl daemon-reload - name: restart docker service become: yes service: name: docker state: restarted when: lookup('env','http_proxy') != "fooproxy" or lookup('env','https_proxy') != "fooproxy" or lookup('env','no_proxy') != "fooproxy" - name: build virtlet source code command: ./cmd.sh build args: chdir: "{{ virtlet_dest }}/build" environment: http_proxy: "{{ lookup('env','http_proxy') }}" https_proxy: "{{ lookup('env','https_proxy') }}" no_proxy: "{{ lookup('env','no_proxy') }}" when: virtlet_source_type == "source" - name: download virtletctl get_url: url: "{{ virtlet_url }}" dest: "{{ virtlet_dest }}/virtletctl" when: virtlet_source_type == "binary" - name: set virtletctl execution permissions file: path: "{{ virtlet_dest }}/virtletctl" mode: "+x" - name: install virtletctl as kubectl plugin become: yes command: "mv {{ virtlet_dest }}/virtletctl /usr/local/bin/kubectl-virt" - name: create Virtlet k8s objects shell: "/usr/local/bin/kubectl virt gen | /usr/local/bin/kubectl apply -f -" ignore_errors: True - name: wait for Virtlet daemonset shell: "/usr/local/bin/kubectl get ds virtlet -n=kube-system -o=jsonpath --template={.status.numberReady}" register: daemonset until: - '1' retries: 6 delay: 10 - hosts: virtlet tasks: - name: Load kud variables include_vars: file: kud-vars.yml - name: create CRIProxy binary folder file: state: directory path: "{{ criproxy_dest }}" - name: disable AppArmor in all nodes become: yes service: name: apparmor state: stopped enabled: no when: ansible_os_family == "Debian" - name: modify args for kubelet service become: yes lineinfile: dest: /etc/systemd/system/kubelet.service line: " --container-runtime=remote --container-runtime-endpoint=unix:///run/criproxy.sock --image-service-endpoint=unix:///run/criproxy.sock --enable-controller-attach-detach=false \\" insertafter: '^ExecStart=/usr/local/bin/kubelet *' state: present - name: create dockershim service become: yes blockinfile: path: /etc/systemd/system/dockershim.service create: yes block: | [Unit] Description=dockershim for criproxy [Service] EnvironmentFile=-/etc/kubernetes/kubelet.env ExecStartPre=-/bin/mkdir -p /var/lib/kubelet/volume-plugins ExecStart=/usr/local/bin/kubelet --experimental-dockershim --port 11250 \ $KUBE_LOGTOSTDERR \ $KUBE_LOG_LEVEL \ $KUBELET_API_SERVER \ $KUBELET_ADDRESS \ $KUBELET_PORT \ $KUBELET_HOSTNAME \ $KUBE_ALLOW_PRIV \ $KUBELET_ARGS \ $DOCKER_SOCKET \ $KUBELET_NETWORK_PLUGIN \ $KUBELET_VOLUME_PLUGIN \ $KUBELET_CLOUDPROVIDER Restart=always StartLimitInterval=0 RestartSec=10 [Install] RequiredBy=criproxy.service - name: getting source code block: - name: clone CRIProxy repo git: repo: "{{ criproxy_url }}" dest: "{{ criproxy_dest }}" version: "{{ criproxy_version }}" force: yes - name: build criproxy source code command: ./build-package.sh args: chdir: "{{ criproxy_dest }}" when: criproxy_source_type == "source" - name: download CRIproxy package get_url: url: "{{ criproxy_url }}" dest: "{{ criproxy_dest }}/criproxy" when: criproxy_source_type == "binary" - name: set criproxy execution permissions file: path: "{{ criproxy_dest }}/criproxy" mode: "+x" - name: create criproxy service become: yes blockinfile: path: /etc/systemd/system/criproxy.service create: yes block: | [Unit] Description=CRI Proxy [Service] ExecStart={{ criproxy_dest }}/criproxy -v 3 -logtostderr -connect /var/run/dockershim.sock,virtlet.cloud:/run/virtlet.sock -listen /run/criproxy.sock Restart=always StartLimitInterval=0 RestartSec=10 [Install] WantedBy=kubelet.service - name: start criproxy and dockershim services become: yes service: name: "{{ item }}" state: started enabled: yes with_items: - dockershim - criproxy - name: restart kubelet services become: yes service: name: kubelet state: restarted