diff options
Diffstat (limited to 'roles/calico')
-rw-r--r-- | roles/calico/README.md | 9 | ||||
-rw-r--r-- | roles/calico/defaults/main.yaml | 10 | ||||
-rw-r--r-- | roles/calico/handlers/main.yml | 4 | ||||
-rw-r--r-- | roles/calico/tasks/main.yml | 32 | ||||
-rw-r--r-- | roles/calico/templates/10-calico.conf.j2 (renamed from roles/calico/templates/calico.conf.j2) | 0 | ||||
-rw-r--r-- | roles/calico/templates/calico.service.j2 | 12 | ||||
-rw-r--r-- | roles/calico/templates/calicoctl.cfg.j2 (renamed from roles/calico/templates/calico.cfg.j2) | 0 |
7 files changed, 45 insertions, 22 deletions
diff --git a/roles/calico/README.md b/roles/calico/README.md index 99e870521..9b9458bfa 100644 --- a/roles/calico/README.md +++ b/roles/calico/README.md @@ -20,6 +20,15 @@ To install, set the following inventory configuration parameters: * `openshift_use_openshift_sdn=False` * `os_sdn_network_plugin_name='cni'` +## Additional Calico/Node and Felix Configuration Options + +Additional parameters that can be defined in the inventory are: + +| Environment | Description | Schema | Default | +|---------|----------------------|---------|---------| +|CALICO_IPV4POOL_CIDR| The IPv4 Pool to create if none exists at start up. It is invalid to define this variable and NO_DEFAULT_POOLS. |IPv4 CIDR | 192.168.0.0/16 | +| CALICO_IPV4POOL_IPIP | IPIP Mode to use for the IPv4 POOL created at start up. | off, always, cross-subnet | always | +| CALICO_LOG_DIR | Directory on the host machine where Calico Logs are written.| String | /var/log/calico | ### Contact Information diff --git a/roles/calico/defaults/main.yaml b/roles/calico/defaults/main.yaml index a81fc3af7..03c612982 100644 --- a/roles/calico/defaults/main.yaml +++ b/roles/calico/defaults/main.yaml @@ -4,7 +4,17 @@ etcd_endpoints: "{{ hostvars[groups.oo_first_master.0].openshift.master.etcd_url cni_conf_dir: "/etc/cni/net.d/" cni_bin_dir: "/opt/cni/bin/" +cni_url: "https://github.com/containernetworking/cni/releases/download/v0.4.0/cni-amd64-v0.4.0.tgz" calico_etcd_ca_cert_file: "/etc/origin/calico/calico.etcd-ca.crt" calico_etcd_cert_file: "/etc/origin/calico/calico.etcd-client.crt" calico_etcd_key_file: "/etc/origin/calico/calico.etcd-client.key" + +calico_url_cni: "https://github.com/projectcalico/cni-plugin/releases/download/v1.5.5/calico" +calico_url_ipam: "https://github.com/projectcalico/cni-plugin/releases/download/v1.5.5/calico-ipam" + +calico_ipv4pool_ipip: "always" +calico_ipv4pool_cidr: "192.168.0.0/16" + +calico_log_dir: "/var/log/calico" +calico_node_image: "calico/node:v1.1.0" diff --git a/roles/calico/handlers/main.yml b/roles/calico/handlers/main.yml index 65d75cf00..53cecfcc3 100644 --- a/roles/calico/handlers/main.yml +++ b/roles/calico/handlers/main.yml @@ -5,4 +5,6 @@ - name: restart docker become: yes - systemd: name=docker state=restarted + systemd: + name: "{{ openshift.docker.service_name }}" + state: restarted diff --git a/roles/calico/tasks/main.yml b/roles/calico/tasks/main.yml index 287fed321..fa5e338b3 100644 --- a/roles/calico/tasks/main.yml +++ b/roles/calico/tasks/main.yml @@ -7,7 +7,7 @@ etcd_ca_host: "{{ groups.oo_etcd_to_config.0 }}" etcd_cert_subdir: "openshift-calico-{{ openshift.common.hostname }}" -- name: Assure the calico certs have been generated +- name: Calico Node | Assure the calico certs have been generated stat: path: "{{ item }}" with_items: @@ -15,12 +15,12 @@ - "{{ calico_etcd_cert_file}}" - "{{ calico_etcd_key_file }}" -- name: Configure Calico service unit file +- name: Calico Node | Configure Calico service unit file template: dest: "/lib/systemd/system/calico.service" src: calico.service.j2 -- name: Enable calico +- name: Calico Node | Enable calico become: yes systemd: name: calico @@ -29,46 +29,46 @@ enabled: yes register: start_result -- name: Assure CNI conf dir exists +- name: Calico Node | Assure CNI conf dir exists become: yes file: path="{{ cni_conf_dir }}" state=directory -- name: Generate Calico CNI config +- name: Calico Node | Generate Calico CNI config become: yes template: - src: "calico.conf.j2" + src: "10-calico.conf.j2" dest: "{{ cni_conf_dir }}/10-calico.conf" -- name: Assures Kuberentes CNI bin dir exists +- name: Calico Node | Assures Kuberentes CNI bin dir exists become: yes file: path="{{ cni_bin_dir }}" state=directory -- name: Download Calico CNI Plugin +- name: Calico Node | Download Calico CNI Plugin become: yes get_url: - url: https://github.com/projectcalico/cni-plugin/releases/download/v1.5.5/calico + url: "{{ calico_url_cni }}" dest: "{{ cni_bin_dir }}" mode: a+x -- name: Download Calico IPAM Plugin +- name: Calico Node | Download Calico IPAM Plugin become: yes get_url: - url: https://github.com/projectcalico/cni-plugin/releases/download/v1.5.5/calico-ipam + url: "{{ calico_url_ipam }}" dest: "{{ cni_bin_dir }}" mode: a+x -- name: Download and unzip standard CNI plugins +- name: Calico Node | Download and extract standard CNI plugins become: yes unarchive: remote_src: True - src: https://github.com/containernetworking/cni/releases/download/v0.4.0/cni-amd64-v0.4.0.tgz + src: "{{ cni_url }}" dest: "{{ cni_bin_dir }}" -- name: Assure Calico conf dir exists +- name: Calico Node | Assure Calico conf dir exists become: yes file: path=/etc/calico/ state=directory -- name: Set calicoctl.cfg +- name: Calico Node | Set calicoctl.cfg template: - src: calico.cfg.j2 + src: calicoctl.cfg.j2 dest: "/etc/calico/calicoctl.cfg" diff --git a/roles/calico/templates/calico.conf.j2 b/roles/calico/templates/10-calico.conf.j2 index 3c8c6b046..3c8c6b046 100644 --- a/roles/calico/templates/calico.conf.j2 +++ b/roles/calico/templates/10-calico.conf.j2 diff --git a/roles/calico/templates/calico.service.j2 b/roles/calico/templates/calico.service.j2 index b882a5597..719d7ba0d 100644 --- a/roles/calico/templates/calico.service.j2 +++ b/roles/calico/templates/calico.service.j2 @@ -1,7 +1,7 @@ [Unit] Description=calico -After=docker.service -Requires=docker.service +After={{ openshift.docker.service_name }}.service +Requires={{ openshift.docker.service_name }}.service [Service] Restart=always @@ -10,7 +10,8 @@ ExecStart=/usr/bin/docker run --net=host --privileged \ --name=calico-node \ -e WAIT_FOR_DATASTORE=true \ -e FELIX_DEFAULTENDPOINTTOHOSTACTION=ACCEPT \ - -e CALICO_IPV4POOL_IPIP=always \ + -e CALICO_IPV4POOL_IPIP={{ calico_ipv4pool_ipip }} \ + -e CALICO_IPV4POOL_CIDR={{ calico_ipv4pool_cidr }} \ -e FELIX_IPV6SUPPORT=false \ -e ETCD_ENDPOINTS={{ etcd_endpoints }} \ -v /etc/origin/calico:/etc/origin/calico \ @@ -18,10 +19,11 @@ ExecStart=/usr/bin/docker run --net=host --privileged \ -e ETCD_CERT_FILE={{ calico_etcd_cert_file }} \ -e ETCD_KEY_FILE={{ calico_etcd_key_file }} \ -e NODENAME={{ openshift.common.hostname }} \ - -v /var/log/calico:/var/log/calico \ + -v {{ calico_log_dir }}:/var/log/calico\ -v /lib/modules:/lib/modules \ -v /var/run/calico:/var/run/calico \ - calico/node:v1.1.0 + {{ calico_node_image }} + ExecStop=-/usr/bin/docker stop calico-node diff --git a/roles/calico/templates/calico.cfg.j2 b/roles/calico/templates/calicoctl.cfg.j2 index 722385ed8..722385ed8 100644 --- a/roles/calico/templates/calico.cfg.j2 +++ b/roles/calico/templates/calicoctl.cfg.j2 |