summaryrefslogtreecommitdiffstats
path: root/roles/contiv/tasks
diff options
context:
space:
mode:
Diffstat (limited to 'roles/contiv/tasks')
-rw-r--r--roles/contiv/tasks/aci.yml32
-rw-r--r--roles/contiv/tasks/default_network.yml15
-rw-r--r--roles/contiv/tasks/download_bins.yml27
-rw-r--r--roles/contiv/tasks/main.yml14
-rw-r--r--roles/contiv/tasks/netmaster.yml65
-rw-r--r--roles/contiv/tasks/netmaster_firewalld.yml16
-rw-r--r--roles/contiv/tasks/netmaster_iptables.yml21
-rw-r--r--roles/contiv/tasks/netplugin.yml121
-rw-r--r--roles/contiv/tasks/netplugin_firewalld.yml34
-rw-r--r--roles/contiv/tasks/netplugin_iptables.yml29
-rw-r--r--roles/contiv/tasks/ovs.yml28
-rw-r--r--roles/contiv/tasks/packageManagerInstall.yml12
-rw-r--r--roles/contiv/tasks/pkgMgrInstallers/centos-install.yml33
13 files changed, 447 insertions, 0 deletions
diff --git a/roles/contiv/tasks/aci.yml b/roles/contiv/tasks/aci.yml
new file mode 100644
index 000000000..30d2eb339
--- /dev/null
+++ b/roles/contiv/tasks/aci.yml
@@ -0,0 +1,32 @@
+---
+- name: ACI | Check aci-gw container image
+ command: "docker inspect contiv/aci-gw"
+ register: docker_aci_inspect_result
+ ignore_errors: yes
+
+- name: ACI | Pull aci-gw container
+ command: "docker pull contiv/aci-gw"
+ when: "'No such image' in docker_aci_inspect_result.stderr"
+
+- name: ACI | Copy shell script used by aci-gw service
+ template:
+ src: aci_gw.j2
+ dest: "{{ bin_dir }}/aci_gw.sh"
+ mode: u=rwx,g=rx,o=rx
+
+- name: ACI | Copy systemd units for aci-gw
+ template:
+ src: aci-gw.service
+ dest: /etc/systemd/system/aci-gw.service
+ notify: reload systemd
+
+- name: ACI | Enable aci-gw service
+ service:
+ name: aci-gw
+ enabled: yes
+
+- name: ACI | Start aci-gw service
+ service:
+ name: aci-gw
+ state: started
+ register: aci-gw_started
diff --git a/roles/contiv/tasks/default_network.yml b/roles/contiv/tasks/default_network.yml
new file mode 100644
index 000000000..9cf98bb80
--- /dev/null
+++ b/roles/contiv/tasks/default_network.yml
@@ -0,0 +1,15 @@
+---
+- name: Contiv | Wait for netmaster
+ command: 'netctl --netmaster "http://{{ inventory_hostname }}:{{ netmaster_port }}" tenant ls'
+ register: tenant_result
+ until: tenant_result.stdout.find("default") != -1
+ retries: 9
+ delay: 10
+
+- name: Contiv | Check if default-net exists
+ command: 'netctl --netmaster "http://{{ inventory_hostname }}:{{ netmaster_port }}" net ls'
+ register: net_result
+
+- name: Contiv | Create default-net
+ command: 'netctl --netmaster "http://{{ inventory_hostname }}:{{ netmaster_port }}" net create --subnet={{ contiv_default_subnet }} -e {{ contiv_encap_mode }} -p {{ contiv_default_network_tag }} --gateway={{ contiv_default_gw }} default-net'
+ when: net_result.stdout.find("default-net") == -1
diff --git a/roles/contiv/tasks/download_bins.yml b/roles/contiv/tasks/download_bins.yml
new file mode 100644
index 000000000..28ed50fae
--- /dev/null
+++ b/roles/contiv/tasks/download_bins.yml
@@ -0,0 +1,27 @@
+---
+- name: Download Bins | Create directory for current Contiv release
+ file:
+ path: "{{ contiv_current_release_directory }}"
+ state: directory
+
+- name: Install bzip2
+ yum:
+ name: bzip2
+ state: installed
+
+- name: Download Bins | Download Contiv tar file
+ get_url:
+ url: "{{ contiv_download_url }}"
+ dest: "{{ contiv_current_release_directory }}"
+ mode: 0755
+ validate_certs: False
+ environment:
+ http_proxy: "{{ http_proxy|default('') }}"
+ https_proxy: "{{ https_proxy|default('') }}"
+ no_proxy: "{{ no_proxy|default('') }}"
+
+- name: Download Bins | Extract Contiv tar file
+ unarchive:
+ src: "{{ contiv_current_release_directory }}/netplugin-{{ contiv_version }}.tar.bz2"
+ dest: "{{ contiv_current_release_directory }}"
+ copy: no
diff --git a/roles/contiv/tasks/main.yml b/roles/contiv/tasks/main.yml
new file mode 100644
index 000000000..40a0f9e61
--- /dev/null
+++ b/roles/contiv/tasks/main.yml
@@ -0,0 +1,14 @@
+---
+- name: Ensure bin_dir exists
+ file:
+ path: "{{ bin_dir }}"
+ recurse: yes
+ state: directory
+
+- include: download_bins.yml
+
+- include: netmaster.yml
+ when: contiv_role == "netmaster"
+
+- include: netplugin.yml
+ when: contiv_role == "netplugin"
diff --git a/roles/contiv/tasks/netmaster.yml b/roles/contiv/tasks/netmaster.yml
new file mode 100644
index 000000000..5057767b8
--- /dev/null
+++ b/roles/contiv/tasks/netmaster.yml
@@ -0,0 +1,65 @@
+---
+- include: netmaster_firewalld.yml
+ when: has_firewalld
+
+- include: netmaster_iptables.yml
+ when: not has_firewalld and has_iptables
+
+- name: Netmaster | Check is /etc/hosts file exists
+ stat:
+ path: /etc/hosts
+ register: hosts
+
+- name: Netmaster | Create hosts file if it is not present
+ file:
+ path: /etc/hosts
+ state: touch
+ when: not hosts.stat.exists
+
+- name: Netmaster | Build hosts file
+ lineinfile:
+ dest: /etc/hosts
+ regexp: .*netmaster$
+ line: "{{ hostvars[item]['ansible_' + netmaster_interface].ipv4.address }} netmaster"
+ state: present
+ when: hostvars[item]['ansible_' + netmaster_interface].ipv4.address is defined
+ with_items: groups['masters']
+
+- name: Netmaster | Create netmaster symlinks
+ file:
+ src: "{{ contiv_current_release_directory }}/{{ item }}"
+ dest: "{{ bin_dir }}/{{ item }}"
+ state: link
+ with_items:
+ - netmaster
+ - netctl
+
+- name: Netmaster | Copy environment file for netmaster
+ template:
+ src: netmaster.env.j2
+ dest: /etc/default/netmaster
+ mode: 0644
+ notify: restart netmaster
+
+- name: Netmaster | Copy systemd units for netmaster
+ template:
+ src: netmaster.service
+ dest: /etc/systemd/system/netmaster.service
+ notify: reload systemd
+
+- name: Netmaster | Enable Netmaster
+ service:
+ name: netmaster
+ enabled: yes
+
+- name: Netmaster | Start Netmaster
+ service:
+ name: netmaster
+ state: started
+ register: netmaster_started
+
+- include: aci.yml
+ when: contiv_fabric_mode == "aci"
+
+- include: default_network.yml
+ when: contiv_default_network == true
diff --git a/roles/contiv/tasks/netmaster_firewalld.yml b/roles/contiv/tasks/netmaster_firewalld.yml
new file mode 100644
index 000000000..2975351ac
--- /dev/null
+++ b/roles/contiv/tasks/netmaster_firewalld.yml
@@ -0,0 +1,16 @@
+---
+- name: Netmaster Firewalld | Open Netmaster port
+ firewalld:
+ port: "{{ netmaster_port }}/tcp"
+ permanent: false
+ state: enabled
+ # in case this is also a node where firewalld turned off
+ ignore_errors: yes
+
+- name: Netmaster Firewalld | Save Netmaster port
+ firewalld:
+ port: "{{ netmaster_port }}/tcp"
+ permanent: true
+ state: enabled
+ # in case this is also a node where firewalld turned off
+ ignore_errors: yes
diff --git a/roles/contiv/tasks/netmaster_iptables.yml b/roles/contiv/tasks/netmaster_iptables.yml
new file mode 100644
index 000000000..2d0fb95ae
--- /dev/null
+++ b/roles/contiv/tasks/netmaster_iptables.yml
@@ -0,0 +1,21 @@
+---
+- name: Netmaster IPtables | Get iptables rules
+ command: iptables -L --wait
+ register: iptablesrules
+ always_run: yes
+
+- name: Netmaster IPtables | Enable iptables at boot
+ service:
+ name: iptables
+ enabled: yes
+ state: started
+
+- name: Netmaster IPtables | Open Netmaster with iptables
+ command: /sbin/iptables -I INPUT 1 -p tcp --dport {{ item }} -j ACCEPT -m comment --comment "contiv"
+ with_items:
+ - "{{ netmaster_port }}"
+ - "{{ contiv_rpc_port1 }}"
+ - "{{ contiv_rpc_port2 }}"
+ - "{{ contiv_rpc_port3 }}"
+ when: iptablesrules.stdout.find("contiv") == -1
+ notify: Save iptables rules
diff --git a/roles/contiv/tasks/netplugin.yml b/roles/contiv/tasks/netplugin.yml
new file mode 100644
index 000000000..ec6c72fe9
--- /dev/null
+++ b/roles/contiv/tasks/netplugin.yml
@@ -0,0 +1,121 @@
+---
+- include: netplugin_firewalld.yml
+ when: has_firewalld
+
+- include: netplugin_iptables.yml
+ when: has_iptables
+
+- name: Netplugin | Ensure localhost entry correct in /etc/hosts
+ lineinfile:
+ dest: /etc/hosts
+ regexp: '^127\.0\.0\.1.*'
+ line: '127.0.0.1 localhost {{ ansible_hostname }}'
+ state: present
+
+- name: Netplugin | Remove incorrect localhost entry in /etc/hosts
+ lineinfile:
+ dest: /etc/hosts
+ regexp: '^::1. localhost '
+ line: '::1 '
+ state: absent
+
+- include: ovs.yml
+ when: netplugin_driver == "ovs"
+
+- name: Netplugin | Create Netplugin bin symlink
+ file:
+ src: "{{ contiv_current_release_directory }}/netplugin"
+ dest: "{{ bin_dir }}/netplugin"
+ state: link
+
+
+- name: Netplugin | Ensure cni_bin_dir exists
+ file:
+ path: "{{ cni_bin_dir }}"
+ recurse: yes
+ state: directory
+
+- name: Netplugin | Create CNI bin symlink
+ file:
+ src: "{{ contiv_current_release_directory }}/contivk8s"
+ dest: "{{ cni_bin_dir }}/contivk8s"
+ state: link
+
+- name: Netplugin | Copy CNI loopback bin
+ copy:
+ src: loopback
+ dest: "{{ cni_bin_dir }}/loopback"
+ mode: 0755
+
+- name: Netplugin | Ensure kube_plugin_dir and cni/net.d directories exist
+ file:
+ path: "{{ item }}"
+ recurse: yes
+ state: directory
+ with_items:
+ - "{{ kube_plugin_dir }}"
+ - "/etc/cni/net.d"
+
+- name: Netplugin | Ensure contiv_config_dir exists
+ file:
+ path: "{{ contiv_config_dir }}"
+ recurse: yes
+ state: directory
+
+- name: Netplugin | Copy contiv_cni.conf file
+ copy:
+ src: contiv_cni.conf
+ dest: "{{ item }}"
+ with_items:
+ - "{{ kube_plugin_dir }}/contiv_cni.conf"
+ - "/etc/cni/net.d"
+# notify: restart kubelet
+
+- name: Netplugin | Setup contiv.json config for the cni plugin
+ template:
+ src: contiv.cfg.j2
+ dest: "{{ contiv_config_dir }}/contiv.json"
+ notify: restart netplugin
+
+- name: Netplugin | Copy environment file for netplugin
+ template:
+ src: netplugin.j2
+ dest: /etc/default/netplugin
+ mode: 0644
+ notify: restart netplugin
+
+- name: Docker | Make sure proxy setting exists
+ lineinfile:
+ dest: /etc/sysconfig/docker-network
+ regexp: '^https_proxy.*'
+ line: 'https_proxy={{ https_proxy }}'
+ state: present
+ register: docker_updated
+
+- name: Netplugin | Copy systemd unit for netplugin
+ template:
+ src: netplugin.service
+ dest: /etc/systemd/system/netplugin.service
+ notify: reload systemd
+
+- name: systemd reload
+ command: systemctl daemon-reload
+ when: docker_updated|changed
+
+- name: Docker | Restart docker
+ service:
+ name: docker
+ state: restarted
+ when: docker_updated|changed
+
+- name: Netplugin | Enable Netplugin
+ service:
+ name: netplugin
+ enabled: yes
+
+- name: Netplugin | Start Netplugin
+ service:
+ name: netplugin
+ state: started
+ register: netplugin_started
+# notify: restart kubelet
diff --git a/roles/contiv/tasks/netplugin_firewalld.yml b/roles/contiv/tasks/netplugin_firewalld.yml
new file mode 100644
index 000000000..3aeffae56
--- /dev/null
+++ b/roles/contiv/tasks/netplugin_firewalld.yml
@@ -0,0 +1,34 @@
+---
+- name: Netplugin Firewalld | Open Netplugin port
+ firewalld:
+ port: "{{ netplugin_port }}/tcp"
+ permanent: false
+ state: enabled
+ # in case this is also a node where firewalld turned off
+ ignore_errors: yes
+
+- name: Netplugin Firewalld | Save Netplugin port
+ firewalld:
+ port: "{{ netplugin_port }}/tcp"
+ permanent: true
+ state: enabled
+ # in case this is also a node where firewalld turned off
+ ignore_errors: yes
+
+- name: Netplugin Firewalld | Open vxlan port
+ firewalld:
+ port: "8472/udp"
+ permanent: false
+ state: enabled
+ # in case this is also a node where firewalld turned off
+ ignore_errors: yes
+ when: contiv_encap_mode == "vxlan"
+
+- name: Netplugin Firewalld | Save firewalld vxlan port for flanneld
+ firewalld:
+ port: "8472/udp"
+ permanent: true
+ state: enabled
+ # in case this is also a node where firewalld turned off
+ ignore_errors: yes
+ when: contiv_encap_mode == "vxlan"
diff --git a/roles/contiv/tasks/netplugin_iptables.yml b/roles/contiv/tasks/netplugin_iptables.yml
new file mode 100644
index 000000000..8c348ac67
--- /dev/null
+++ b/roles/contiv/tasks/netplugin_iptables.yml
@@ -0,0 +1,29 @@
+---
+- name: Netplugin IPtables | Get iptables rules
+ command: iptables -L --wait
+ register: iptablesrules
+ always_run: yes
+
+- name: Netplugin IPtables | Enable iptables at boot
+ service:
+ name: iptables
+ enabled: yes
+ state: started
+
+- name: Netplugin IPtables | Open Netmaster with iptables
+ command: /sbin/iptables -I INPUT 1 -p tcp --dport {{ item }} -j ACCEPT -m comment --comment "contiv"
+ with_items:
+ - "{{ netmaster_port }}"
+ - "{{ contiv_rpc_port1 }}"
+ - "{{ contiv_rpc_port2 }}"
+ - "{{ contiv_rpc_port3 }}"
+ - "{{ contiv_etcd_port }}"
+ - "{{ kube_master_api_port }}"
+ when: iptablesrules.stdout.find("contiv") == -1
+ notify: Save iptables rules
+
+- name: Netplugin IPtables | Open vxlan port with iptables
+ command: /sbin/iptables -I INPUT 1 -p udp --dport 8472 -j ACCEPT -m comment --comment "vxlan"
+
+- name: Netplugin IPtables | Open vxlan port with iptables
+ command: /sbin/iptables -I INPUT 1 -p udp --dport 4789 -j ACCEPT -m comment --comment "vxlan"
diff --git a/roles/contiv/tasks/ovs.yml b/roles/contiv/tasks/ovs.yml
new file mode 100644
index 000000000..0c1b994c7
--- /dev/null
+++ b/roles/contiv/tasks/ovs.yml
@@ -0,0 +1,28 @@
+---
+- include: packageManagerInstall.yml
+ when: source_type == "packageManager"
+ tags:
+ - binary-update
+
+- name: OVS | Configure selinux for ovs
+ command: "semanage permissive -a openvswitch_t"
+
+- name: OVS | Enable ovs
+ service:
+ name: openvswitch
+ enabled: yes
+
+- name: OVS | Start ovs
+ service:
+ name: openvswitch
+ state: started
+ register: ovs_started
+
+- name: OVS | Configure ovs
+ command: "ovs-vsctl set-manager {{ item }}"
+ with_items:
+ - "tcp:127.0.0.1:6640"
+ - "ptcp:6640"
+
+- name: OVS | Configure ovsdb-server
+ command: "ovs-appctl -t ovsdb-server ovsdb-server/add-remote ptcp:6640"
diff --git a/roles/contiv/tasks/packageManagerInstall.yml b/roles/contiv/tasks/packageManagerInstall.yml
new file mode 100644
index 000000000..2eff1b85f
--- /dev/null
+++ b/roles/contiv/tasks/packageManagerInstall.yml
@@ -0,0 +1,12 @@
+---
+- name: Package Manager | Init the did_install fact
+ set_fact:
+ did_install: false
+
+- include: pkgMgrInstallers/centos-install.yml
+ when: ansible_distribution == "CentOS" and not is_atomic
+
+- name: Package Manager | Set fact saying we did CentOS package install
+ set_fact:
+ did_install: true
+ when: ansible_distribution == "CentOS"
diff --git a/roles/contiv/tasks/pkgMgrInstallers/centos-install.yml b/roles/contiv/tasks/pkgMgrInstallers/centos-install.yml
new file mode 100644
index 000000000..51c3d35ac
--- /dev/null
+++ b/roles/contiv/tasks/pkgMgrInstallers/centos-install.yml
@@ -0,0 +1,33 @@
+---
+- name: PkgMgr CentOS | Install net-tools pkg for route
+ yum:
+ pkg=net-tools
+ state=latest
+
+- name: PkgMgr CentOS | Get openstack kilo rpm
+ get_url:
+ url: https://repos.fedorapeople.org/repos/openstack/openstack-kilo/rdo-release-kilo-2.noarch.rpm
+ dest: /tmp/rdo-release-kilo-2.noarch.rpm
+ validate_certs: False
+ environment:
+ http_proxy: "{{ http_proxy|default('') }}"
+ https_proxy: "{{ https_proxy|default('') }}"
+ no_proxy: "{{ no_proxy|default('') }}"
+ tags:
+ - ovs_install
+
+- name: PkgMgr CentOS | Install openstack kilo rpm
+ yum: name=/tmp/rdo-release-kilo-2.noarch.rpm state=present
+ tags:
+ - ovs_install
+
+- name: PkgMgr CentOS | Install ovs
+ yum:
+ pkg=openvswitch
+ state=latest
+ environment:
+ http_proxy: "{{ http_proxy|default('') }}"
+ https_proxy: "{{ https_proxy|default('') }}"
+ no_proxy: "{{ no_proxy|default('') }}"
+ tags:
+ - ovs_install