Skip to content
Permalink
Browse files
Ansible: start to support debian
  • Loading branch information
eparis committed Jul 24, 2015
1 parent a25b34e commit 1253ca52cd37a09264e36c794ab54f3e0e9eb69e
Show file tree
Hide file tree
Showing 14 changed files with 89 additions and 21 deletions.
@@ -27,6 +27,14 @@
has_rpm: true
when: s.stat.exists

- name: Init the has_firewalld fact
set_fact:
has_firewalld: false

- name: Init the has_iptables fact
set_fact:
has_iptables: false

# collect information about what packages are installed
- include: rpm.yml
when: has_rpm
@@ -5,10 +5,6 @@
changed_when: false
failed_when: false

- name: Init the has_firewalld fact
set_fact:
has_firewalld: false

- name: Set the has_firewalld fact
set_fact:
has_firewalld: true
@@ -20,10 +16,6 @@
changed_when: false
failed_when: false

- name: Init the has_iptables fact
set_fact:
has_iptables: false

- name: Set the has_iptables fact
set_fact:
has_iptables: true
@@ -0,0 +1,10 @@
---
- name: DEBIAN | Make sure this is stretch or sid, jessies does not have docker
fail: msg="Docker.io only available in sid and stretch, https://wiki.debian.org/Docker"
when: ansible_lsb.codename != "stretch" and ansible_lsb.codename != "sid"

- name: DEBIAN | Install Docker
action: "{{ ansible_pkg_mgr }}"
args:
name: docker.io
state: latest
@@ -4,3 +4,4 @@
args:
name: docker
state: latest
when: not is_atomic
@@ -1,32 +1,51 @@
---
- include: debian-install.yml
when: ansible_distribution == "Debian"

- include: generic-install.yml
when: not is_atomic
when: ansible_distribution != "Debian"

- name: Set docker config file directory
set_fact:
docker_config_dir: "/etc/sysconfig"

- name: Override docker config file directory for Debian
set_fact:
docker_config_dir: "/etc/default"
when: ansible_distribution == "Debian"

- name: Verify docker config files exists
file: path={{ docker_config_dir }}/{{ item }} state=touch
changed_when: false
with_items:
- docker
- docker-network

- name: Turn down docker logging
lineinfile: dest=/etc/sysconfig/docker regexp=^OPTIONS= line=OPTIONS="--selinux-enabled --log-level=warn"
lineinfile: dest={{ docker_config_dir }}/docker regexp=^OPTIONS= line=OPTIONS="--selinux-enabled --log-level=warn"
notify:
- restart docker

- name: Install http_proxy into docker-network
lineinfile: dest=/etc/sysconfig/docker-network regexp=^HTTP_PROXY= line=HTTP_PROXY="{{ http_proxy }}"
lineinfile: dest={{ docker_config_dir }}/docker-network regexp=^HTTP_PROXY= line=HTTP_PROXY="{{ http_proxy }}"
when: http_proxy is defined
notify:
- restart docker

- name: Install https_proxy into docker-network
lineinfile: dest=/etc/sysconfig/docker-network regexp=^HTTPS_PROXY= line=HTTPS_PROXY="{{ https_proxy }}"
lineinfile: dest={{ docker_config_dir }}/docker-network regexp=^HTTPS_PROXY= line=HTTPS_PROXY="{{ https_proxy }}"
when: https_proxy is defined
notify:
- restart docker

- name: Install no-proxy into docker-network
lineinfile: dest=/etc/sysconfig/docker-network regexp=^NO_PROXY= line=NO_PROXY="{{ no_proxy }}"
lineinfile: dest={{ docker_config_dir }}/docker-network regexp=^NO_PROXY= line=NO_PROXY="{{ no_proxy }}"
when: no_proxy is defined
notify:
- restart docker

- name: Add any insecure registrys to docker config
lineinfile: dest=/etc/sysconfig/docker regexp=^INSECURE_REGISTRY= line=INSECURE_REGISTRY='{% for reg in insecure_registrys %}--insecure-registry="{{ reg }}" {% endfor %}'
lineinfile: dest={{ docker_config_dir }}/docker regexp=^INSECURE_REGISTRY= line=INSECURE_REGISTRY='{% for reg in insecure_registrys %}--insecure-registry="{{ reg }}" {% endfor %}'
when: insecure_registrys is defined and insecure_registrys > 0
notify:
- restart docker
@@ -0,0 +1,15 @@
[Unit]
Description=Etcd Server
After=network.target

[Service]
Type=simple
WorkingDirectory=/var/lib/etcd/
EnvironmentFile=-/etc/etcd/etcd.conf
User=etcd
ExecStart=/usr/bin/etcd
Restart=on-failure
LimitNOFILE=65536

[Install]
WantedBy=multi-user.target
@@ -1,4 +1,7 @@
---
- name: reload systemd
command: systemctl --system daemon-reload

- name: restart etcd
service: name=etcd state=restarted
when: etcd_started.changed == false
@@ -13,6 +13,13 @@
notify:
- restart etcd

- name: Write etcd systemd unit file for Debian
copy: src=etcd.service dest=/etc/systemd/system
notify:
- reload systemd
- restart etcd
when: ansible_distribution == "Debian"

- name: Enable etcd
service: name=etcd enabled=yes

@@ -1,6 +1,6 @@
---
- name: reload and restart kube-addons
command: systemctl daemon-reload
command: systemctl --system daemon-reload
notify:
- restart kube-addons

@@ -1,5 +1,14 @@
- name: Install PyYAML
- name: Set pyyaml package name
set_fact:
pyyaml_name: python-yaml

- name: Overwrite pyyaml package name for non-Debian
set_fact:
pyyaml_name: PyYAML
when: ansible_distribution != "Debian"

- name: Install PyYAML for non-debian
action: "{{ ansible_pkg_mgr }}"
args:
name: PyYAML
name: "{{ pyyaml_name }}"
state: latest
@@ -2,8 +2,11 @@
- name: Install openssl for easy-rsa stuff
action: "{{ ansible_pkg_mgr }}"
args:
name: openssl
name: "{{ item }}"
state: latest
with_items:
- openssl
- curl

#- name: Get create ca cert script from Kubernetes
# get_url:
@@ -1,6 +1,6 @@
---
- name: reload systemd
command: /usr/bin/systemctl --system daemon-reload
command: systemctl --system daemon-reload
notify:
- restart daemons

@@ -1,6 +1,6 @@
---
- name: reload systemd
command: /usr/bin/systemctl --system daemon-reload
command: systemctl --system daemon-reload
notify:
- restart daemons

@@ -3,10 +3,11 @@
command: getenforce
register: selinux
changed_when: false
when: ansible_selinux

- name: Set selinux permissive because tokens and selinux don't work together
selinux: state=permissive policy=targeted
when: "'Enforcing' in selinux.stdout"
when: ansible_selinux and 'Enforcing' in selinux.stdout

- include: packageManagerInstall.yml
when: source_type == "packageManager"

0 comments on commit 1253ca5

Please sign in to comment.