257 lines
7.0 KiB
YAML
257 lines
7.0 KiB
YAML
---
|
|
#
|
|
# Copyright (c) 2019 Wind River Systems, Inc.
|
|
#
|
|
# SPDX-License-Identifier: Apache-2.0
|
|
#
|
|
# SUB-TASKS DESCRIPTION:
|
|
# Bring up Helm
|
|
# - Set up needed directories
|
|
# - Pull Tiller and Armada images
|
|
# - Create service account and cluster role binding
|
|
# - Initialize Helm
|
|
# - Restart lighttpd
|
|
# - Generate repo index on target
|
|
# - Add local helm repo
|
|
# - Stop lighttpd
|
|
# - Bind mount
|
|
# - Generate repo index on source
|
|
#
|
|
|
|
- name: Create www group
|
|
group:
|
|
name: www
|
|
gid: 1877
|
|
state: present
|
|
|
|
- name: Create www user in preparation for Helm bringup
|
|
user:
|
|
name: www
|
|
uid: 1877
|
|
group: www
|
|
groups: wrs_protected
|
|
shell: /sbin/nologin
|
|
state: present
|
|
|
|
- name: Ensure /www/tmp exists
|
|
file:
|
|
path: /www/tmp
|
|
state: directory
|
|
recurse: yes
|
|
owner: www
|
|
group: root
|
|
#mode: 1700
|
|
|
|
- name: Ensure /www/var exists
|
|
file:
|
|
path: "{{ item }}"
|
|
state: directory
|
|
recurse: yes
|
|
owner: www
|
|
group: root
|
|
with_items:
|
|
- /www/var
|
|
- /www/var/log
|
|
|
|
- name: Set up lighttpd.conf
|
|
copy:
|
|
src: "{{ lighttpd_conf_template }}"
|
|
dest: /etc/lighttpd/lighttpd.conf
|
|
remote_src: yes
|
|
mode: 0640
|
|
|
|
# TODO(tngo): Check if enable_https should be configurable..
|
|
# Resort to sed due to replace/lineinfile module deficiency
|
|
- name: Update lighttpd.conf
|
|
command: "{{ item }}"
|
|
args:
|
|
warn: false
|
|
with_items:
|
|
- "sed -i -e 's|<%= @http_port %>|'$PORT_NUM'|g' /etc/lighttpd/lighttpd.conf"
|
|
- "sed -i '/@enable_https/,/% else/d' /etc/lighttpd/lighttpd.conf"
|
|
- "sed -i '/@tmp_object/,/%- end/d' /etc/lighttpd/lighttpd.conf"
|
|
- "sed -i '/<% end/d' /etc/lighttpd/lighttpd.conf"
|
|
- "sed -i '/@tpm_object/,/%- end/d' /etc/lighttpd/lighttpd.conf"
|
|
environment:
|
|
PORT_NUM: 80
|
|
|
|
- name: Set up lighttpd-inc.conf
|
|
copy:
|
|
src: "{{ lighttpd_inc_conf_template }}"
|
|
dest: /etc/lighttpd/lighttpd-inc.conf
|
|
remote_src: yes
|
|
mode: 0640
|
|
|
|
- name: Update management subnet in lighttpd-inc.conf
|
|
replace:
|
|
path: /etc/lighttpd/lighttpd-inc.conf
|
|
regexp: "var.management_ip_network =.*$"
|
|
replace: 'var.management_ip_network = "{{ management_subnet }}"'
|
|
|
|
- name: Update pxe subnet in lighttp-inc.conf
|
|
replace:
|
|
path: /etc/lighttpd/lighttpd-inc.conf
|
|
regexp: "var.pxeboot_ip_network =.*$"
|
|
replace: 'var.pxeboot_ip_network = "{{ pxeboot_subnet }}"'
|
|
|
|
- name: Update Tiller and Armada image tags
|
|
set_fact:
|
|
tiller_img: "{{ tiller_img | regex_replace('gcr.io', '{{ gcr_registry }}') }}"
|
|
armada_img: "{{ armada_img | regex_replace('quay.io', '{{ quay_registry }}') }}"
|
|
|
|
- name: Pull Tiller and Armada images
|
|
docker_image:
|
|
name: "{{ item }}"
|
|
with_items:
|
|
- "{{ tiller_img }}"
|
|
- "{{ armada_img }}"
|
|
|
|
- name: Create source and target helm bind directories
|
|
file:
|
|
path: "{{ item }}"
|
|
state: directory
|
|
owner: www
|
|
group: root
|
|
mode: 0755
|
|
with_items:
|
|
- "{{ source_helm_bind_dir }}"
|
|
- "{{ target_helm_bind_dir }}"
|
|
|
|
- name: Create helm repository directories
|
|
file:
|
|
path: "{{ item }}"
|
|
state: directory
|
|
owner: www
|
|
group: root
|
|
mode: 0755
|
|
with_items:
|
|
- "{{ source_helm_bind_dir }}/{{ helm_repo_name_apps }}"
|
|
- "{{ source_helm_bind_dir }}/{{ helm_repo_name_platform }}"
|
|
|
|
- name: Create service account for Tiller
|
|
command: >
|
|
kubectl --kubeconfig=/etc/kubernetes/admin.conf create serviceaccount
|
|
--namespace kube-system tiller
|
|
|
|
- name: Create cluster role binding for Tiller service account
|
|
command: >
|
|
kubectl --kubeconfig=/etc/kubernetes/admin.conf create clusterrolebinding
|
|
tiller-cluster-rule --clusterrole=cluster-admin --serviceaccount=kube-system:tiller
|
|
|
|
- name: Initialize Helm (local host)
|
|
command: >-
|
|
helm init --skip-refresh --service-account tiller --node-selectors
|
|
"node-role.kubernetes.io/master"="" --tiller-image={{ tiller_img }}
|
|
--override spec.template.spec.hostNetwork=true
|
|
become_user: wrsroot
|
|
environment:
|
|
KUBECONFIG: /etc/kubernetes/admin.conf
|
|
HOME: /home/wrsroot
|
|
when: inventory_hostname == 'localhost'
|
|
|
|
# Workaround for helm init remotely. Not sure why the task cannot be executed
|
|
# successfully as wrsroot on remote host.
|
|
- block:
|
|
- name: Initialize Helm (remote host)
|
|
command: >-
|
|
helm init --skip-refresh --service-account tiller --node-selectors
|
|
"node-role.kubernetes.io/master"="" --tiller-image={{ tiller_img }}
|
|
--override spec.template.spec.hostNetwork=true
|
|
environment:
|
|
KUBECONFIG: /etc/kubernetes/admin.conf
|
|
HOME: /home/wrsroot
|
|
|
|
- name: Change helm directory ownership (remote host)
|
|
file:
|
|
dest: /home/wrsroot/.helm
|
|
owner: wrsroot
|
|
group: wrs
|
|
mode: 0755
|
|
recurse: yes
|
|
when: inventory_hostname != 'localhost'
|
|
|
|
- name: Generate Helm repo indicies
|
|
command: helm repo index "{{ source_helm_bind_dir }}/{{ item }}"
|
|
become_user: www
|
|
with_items:
|
|
- "{{ helm_repo_name_apps }}"
|
|
- "{{ helm_repo_name_platform }}"
|
|
|
|
- name: Stop lighttpd
|
|
systemd:
|
|
name: lighttpd
|
|
state: stopped
|
|
|
|
- name: Disable lighttpd
|
|
# Systemd module does not support disabled state. Resort to command
|
|
command: systemctl disable lighttpd
|
|
|
|
- name: Bind mount on {{ target_helm_bind_dir }}
|
|
# Due to deficiency of mount module, resort to command for now
|
|
command: mount -o bind -t ext4 {{ source_helm_bind_dir }} {{ target_helm_bind_dir }}
|
|
args:
|
|
warn: false
|
|
|
|
- name: Enable lighttpd
|
|
command: systemctl enable lighttpd
|
|
|
|
- name: Restart lighttpd for Helm
|
|
systemd:
|
|
name: lighttpd
|
|
state: restarted
|
|
|
|
- name: Add Helm repos (local host)
|
|
command: helm repo add "{{ item }}" "http://127.0.0.1:$PORT/helm_charts/{{ item }}"
|
|
become_user: wrsroot
|
|
environment:
|
|
KUBECONFIG: /etc/kubernetes/admin.conf
|
|
HOME: /home/wrsroot
|
|
PORT: 80
|
|
with_items:
|
|
- "{{ helm_repo_name_apps }}"
|
|
- "{{ helm_repo_name_platform }}"
|
|
when: inventory_hostname == 'localhost'
|
|
|
|
# Workaround for helm repo add remotely
|
|
- block:
|
|
- name: Add Helm repos (remote host)
|
|
command: helm repo add "{{ item }}" "http://127.0.0.1:$PORT/helm_charts/{{ item }}"
|
|
environment:
|
|
KUBECONFIG: /etc/kubernetes/admin.conf
|
|
HOME: /home/wrsroot
|
|
PORT: 80
|
|
with_items:
|
|
- "{{ helm_repo_name_apps }}"
|
|
- "{{ helm_repo_name_platform }}"
|
|
|
|
- name: Change helm directory ownership to pick up newly generated files (remote host)
|
|
file:
|
|
dest: /home/wrsroot/.helm
|
|
owner: wrsroot
|
|
group: wrs
|
|
mode: 0755
|
|
recurse: yes
|
|
when: inventory_hostname != 'localhost'
|
|
|
|
- name: Update info of available charts locally from chart repos
|
|
command: helm repo update
|
|
become_user: wrsroot
|
|
when: inventory_hostname == 'localhost'
|
|
|
|
# Workaround for helm update remotely. Not sure why the task cannot be executed
|
|
# successfully as wrsroot on remote host.
|
|
- block:
|
|
- name: Update info of available charts locally from chart repos (remote host)
|
|
command: helm repo update
|
|
environment:
|
|
HOME: /home/wrsroot
|
|
|
|
- name: Change helm directory ownership (remote host)
|
|
file:
|
|
dest: /home/wrsroot/.helm
|
|
owner: wrsroot
|
|
group: wrs
|
|
mode: 0755
|
|
recurse: yes
|
|
when: inventory_hostname != 'localhost'
|