Ansible: start to support debian

kubernetes · Jul 24, 2015 · 1253ca52cd37a09264e36c794ab54f3e0e9eb69e · 1253ca5
1 parent a25b34e
commit 1253ca52cd37a09264e36c794ab54f3e0e9eb69e
Show file tree

Hide file tree

Showing 14 changed files with 89 additions and 21 deletions.
diff --git a/contrib/ansible/roles/common/tasks/main.yml b/contrib/ansible/roles/common/tasks/main.yml
@@ -27,6 +27,14 @@
     has_rpm: true
   when: s.stat.exists
 
+- name: Init the has_firewalld fact
+  set_fact:
+    has_firewalld: false
+
+- name: Init the has_iptables fact
+  set_fact:
+    has_iptables: false
+
 # collect information about what packages are installed
 - include: rpm.yml
   when: has_rpm

diff --git a/contrib/ansible/roles/common/tasks/rpm.yml b/contrib/ansible/roles/common/tasks/rpm.yml
@@ -5,10 +5,6 @@
   changed_when: false
   failed_when: false
 
-- name: Init the has_firewalld fact
-  set_fact:
-    has_firewalld: false
-
 - name: Set the has_firewalld fact
   set_fact:
     has_firewalld: true
@@ -20,10 +16,6 @@
   changed_when: false
   failed_when: false
 
-- name: Init the has_iptables fact
-  set_fact:
-    has_iptables: false
-
 - name: Set the has_iptables fact
   set_fact:
     has_iptables: true

diff --git a/contrib/ansible/roles/docker/tasks/debian-install.yml b/contrib/ansible/roles/docker/tasks/debian-install.yml
@@ -0,0 +1,10 @@
+---
+- name: DEBIAN | Make sure this is stretch or sid, jessies does not have docker
+  fail: msg="Docker.io only available in sid and stretch, https://wiki.debian.org/Docker"
+  when: ansible_lsb.codename != "stretch" and ansible_lsb.codename != "sid"
+
+- name: DEBIAN | Install Docker
+  action: "{{ ansible_pkg_mgr }}"
+  args:
+    name: docker.io
+    state: latest
diff --git a/contrib/ansible/roles/docker/tasks/generic-install.yml b/contrib/ansible/roles/docker/tasks/generic-install.yml
@@ -4,3 +4,4 @@
   args:
     name: docker
     state: latest
+  when: not is_atomic
diff --git a/contrib/ansible/roles/docker/tasks/main.yml b/contrib/ansible/roles/docker/tasks/main.yml
@@ -1,32 +1,51 @@
 ---
+- include: debian-install.yml
+  when: ansible_distribution == "Debian"
+
 - include: generic-install.yml
-  when: not is_atomic
+  when: ansible_distribution != "Debian"
+
+- name: Set docker config file directory
+  set_fact:
+    docker_config_dir: "/etc/sysconfig"
+
+- name: Override docker config file directory for Debian
+  set_fact:
+    docker_config_dir: "/etc/default"
+  when: ansible_distribution == "Debian"
+
+- name: Verify docker config files exists
+  file: path={{ docker_config_dir }}/{{ item }} state=touch
+  changed_when: false
+  with_items:
+    - docker
+    - docker-network
 
 - name: Turn down docker logging
-  lineinfile: dest=/etc/sysconfig/docker regexp=^OPTIONS= line=OPTIONS="--selinux-enabled --log-level=warn"
+  lineinfile: dest={{ docker_config_dir }}/docker regexp=^OPTIONS= line=OPTIONS="--selinux-enabled --log-level=warn"
   notify:
     - restart docker
 
 - name: Install http_proxy into docker-network
-  lineinfile: dest=/etc/sysconfig/docker-network regexp=^HTTP_PROXY= line=HTTP_PROXY="{{ http_proxy }}"
+  lineinfile: dest={{ docker_config_dir }}/docker-network regexp=^HTTP_PROXY= line=HTTP_PROXY="{{ http_proxy }}"
   when: http_proxy is defined
   notify:
     - restart docker
 
 - name: Install https_proxy into docker-network
-  lineinfile: dest=/etc/sysconfig/docker-network regexp=^HTTPS_PROXY= line=HTTPS_PROXY="{{ https_proxy }}"
+  lineinfile: dest={{ docker_config_dir }}/docker-network regexp=^HTTPS_PROXY= line=HTTPS_PROXY="{{ https_proxy }}"
   when: https_proxy is defined
   notify:
     - restart docker
 
 - name: Install no-proxy into docker-network
-  lineinfile: dest=/etc/sysconfig/docker-network regexp=^NO_PROXY= line=NO_PROXY="{{ no_proxy }}"
+  lineinfile: dest={{ docker_config_dir }}/docker-network regexp=^NO_PROXY= line=NO_PROXY="{{ no_proxy }}"
   when: no_proxy is defined
   notify:
     - restart docker
 
 - name: Add any insecure registrys to docker config
-  lineinfile: dest=/etc/sysconfig/docker regexp=^INSECURE_REGISTRY= line=INSECURE_REGISTRY='{% for reg in insecure_registrys %}--insecure-registry="{{ reg }}" {% endfor %}'
+  lineinfile: dest={{ docker_config_dir }}/docker regexp=^INSECURE_REGISTRY= line=INSECURE_REGISTRY='{% for reg in insecure_registrys %}--insecure-registry="{{ reg }}" {% endfor %}'
   when: insecure_registrys is defined and insecure_registrys > 0
   notify:
     - restart docker

diff --git a/contrib/ansible/roles/etcd/files/etcd.service b/contrib/ansible/roles/etcd/files/etcd.service
@@ -0,0 +1,15 @@
+[Unit]
+Description=Etcd Server
+After=network.target
+
+[Service]
+Type=simple
+WorkingDirectory=/var/lib/etcd/
+EnvironmentFile=-/etc/etcd/etcd.conf
+User=etcd
+ExecStart=/usr/bin/etcd
+Restart=on-failure
+LimitNOFILE=65536
+
+[Install]
+WantedBy=multi-user.target
diff --git a/contrib/ansible/roles/etcd/handlers/main.yml b/contrib/ansible/roles/etcd/handlers/main.yml
@@ -1,4 +1,7 @@
 ---
+- name: reload systemd
+  command: systemctl --system daemon-reload
+
 - name: restart etcd
   service: name=etcd state=restarted
   when: etcd_started.changed == false

diff --git a/contrib/ansible/roles/etcd/tasks/main.yml b/contrib/ansible/roles/etcd/tasks/main.yml
@@ -13,6 +13,13 @@
   notify:
     - restart etcd
 
+- name: Write etcd systemd unit file for Debian
+  copy: src=etcd.service dest=/etc/systemd/system
+  notify:
+    - reload systemd
+    - restart etcd
+  when: ansible_distribution == "Debian"
+
 - name: Enable etcd
   service: name=etcd enabled=yes
 

diff --git a/contrib/ansible/roles/kubernetes-addons/handlers/main.yml b/contrib/ansible/roles/kubernetes-addons/handlers/main.yml
@@ -1,6 +1,6 @@
 ---
 - name: reload and restart kube-addons
-  command: systemctl daemon-reload
+  command: systemctl --system daemon-reload
   notify:
     - restart kube-addons
 

diff --git a/contrib/ansible/roles/kubernetes-addons/tasks/generic-install.yml b/contrib/ansible/roles/kubernetes-addons/tasks/generic-install.yml
@@ -1,5 +1,14 @@
-- name: Install PyYAML
+- name: Set pyyaml package name
+  set_fact:
+    pyyaml_name: python-yaml
+
+- name: Overwrite pyyaml package name for non-Debian
+  set_fact:
+    pyyaml_name: PyYAML
+  when: ansible_distribution != "Debian"
+
+- name: Install PyYAML for non-debian
   action: "{{ ansible_pkg_mgr }}"
   args:
-    name: PyYAML
+    name: "{{ pyyaml_name }}"
     state: latest
diff --git a/contrib/ansible/roles/kubernetes/tasks/gen_certs.yml b/contrib/ansible/roles/kubernetes/tasks/gen_certs.yml
@@ -2,8 +2,11 @@
 - name: Install openssl for easy-rsa stuff
   action: "{{ ansible_pkg_mgr }}"
   args:
-    name: openssl
+    name: "{{ item }}"
     state: latest
+  with_items:
+    - openssl
+    - curl
 
 #- name: Get create ca cert script from Kubernetes
 #  get_url:

diff --git a/contrib/ansible/roles/master/handlers/main.yml b/contrib/ansible/roles/master/handlers/main.yml
@@ -1,6 +1,6 @@
 ---
 - name: reload systemd
-  command: /usr/bin/systemctl --system daemon-reload
+  command: systemctl --system daemon-reload
   notify:
     - restart daemons
 

diff --git a/contrib/ansible/roles/node/handlers/main.yml b/contrib/ansible/roles/node/handlers/main.yml
@@ -1,6 +1,6 @@
 ---
 - name: reload systemd
-  command: /usr/bin/systemctl --system daemon-reload
+  command: systemctl --system daemon-reload
   notify:
     - restart daemons
 

diff --git a/contrib/ansible/roles/node/tasks/main.yml b/contrib/ansible/roles/node/tasks/main.yml
@@ -3,10 +3,11 @@
   command: getenforce
   register: selinux
   changed_when: false
+  when: ansible_selinux
 
 - name: Set selinux permissive because tokens and selinux don't work together
   selinux: state=permissive policy=targeted
-  when: "'Enforcing' in selinux.stdout"
+  when: ansible_selinux and 'Enforcing' in selinux.stdout
 
 - include: packageManagerInstall.yml
   when: source_type == "packageManager"