nicolas
/
OpenShift-Host-Preparation
mirror of https://github.com/nmasse-itix/OpenShift-Host-Preparation.git
1
0
Fork 0
Code Issues Releases Wiki Activity
An Ansible Playbook that prepares hosts for an OpenShift installation
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
12 Commits
1 Branch
0 Tags
40 KiB
Tree: cedff20949
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'cedff20949'
${ noResults }
OpenShift-Host-Preparation/prepare.yml

281 lines
6.9 KiB
Raw Blame History

---
# See https://docs.openshift.com/container-platform/3.9/install_config/install/host_preparation.html
- name: Prepare hosts for an OpenShift 3.9 installation
hosts: OSEv3
become: yes
vars:
ocp_version: 3.9
docker_version: 1.13.1
tasks:
- name: Set net.ipv4.ip_forward = 1
sysctl:
name: net.ipv4.ip_forward
value: 1
state: present
reload: yes
register: ip_forward
tags: network
- name: Reboot if the ip_forward state has changed
shell: 'sleep 5 && /sbin/shutdown -r now "reboot triggered by Ansible"'
async: 1
poll: 0
when: ip_forward.changed
tags: network
- name: Wait for the reboot to complete
wait_for_connection:
connect_timeout: 20
sleep: 5
delay: 5
timeout: 300
when: ip_forward.changed
tags: network
- name: Read the current value of net.ipv4.ip_forward
command: sysctl -n net.ipv4.ip_forward
changed_when: false
register: sysctl
tags: network
- name: Uninstall things that might interfere with DNS
yum:
name: '{{ item }}'
state: absent
with_items:
- nscd
- bind
- bind-chroot
tags: rpm,dns
- name: Make sure iproute is installed (provides the "ss" command)
yum:
name: iproute
state: installed
tags: rpm,dns
- name: Check who is listening on port 53
command: ss -tuplnH sport = :53
changed_when: false
register: ss
tags: dns
- name: Make sure no one is listening on port 53
assert:
that:
- 'port_53_listeners|int == 0'
msg: >
You have something listening on port 53. This will collide with dnsmasq
that comes with OpenShift. Please inspect and fix this !
vars:
port_53_listeners: '{{ ss.stdout_lines|length }}'
tags: dns
- name: Check that net.ipv4.ip_forward = 1
assert:
that:
- ip_forward_value == '1'
msg: >
The sysctl variable 'net.ipv4.ip_forward' needs to be enabled.
If you stumbled on this message, there is a high chance you have this
setting hardcoded somewhere. You will have to change it by yourself
and re-run this playbook.
vars:
ip_forward_value: '{{ sysctl.stdout_lines[0] }}'
tags: network
- name: Check if /etc/kubernetes exists
stat:
path: /etc/kubernetes
register: etc_kubernetes
tags: checks
- name: Check if /etc/cni exists
stat:
path: /etc/cni
register: etc_cni
tags: checks
- name: Check if there is an old version of Kubernetes installed
assert:
that:
- "'KUBE_CONFIG' not in ansible_env"
- "not etc_kubernetes.stat.exists"
- "not etc_cni.stat.exists"
msg: An old installation of Kubernetes may have been found
tags: checks
- name: Make sure SELinux is enabled
lineinfile:
path: /etc/sysconfig/selinux
line: 'SELINUX=enforcing'
regexp: '^ *SELINUX='
state: present
register: selinux
tags: selinux
- name: Reboot if SELinux state has changed
shell: 'sleep 5 && /sbin/shutdown -r now "reboot triggered by Ansible"'
async: 1
poll: 0
when: selinux.changed
tags: selinux
- name: Waiting for server(s) to come back
wait_for_connection:
connect_timeout: 20
sleep: 5
delay: 5
timeout: 300
when: selinux.changed
tags: selinux
- name: Install the required software
yum:
name: '{{ item }}'
state: installed
with_items:
- wget
- git
- net-tools
- bind-utils
- iptables-services
- bridge-utils
- bash-completion
- kexec-tools
- sos
- psacct
- name: Install some optional software
yum:
name: '{{ item }}'
state: installed
with_items:
- vim-enhanced
- tmux
- unzip
- tcpdump
- telnet
- strace
- man-pages
- man
- iptraf
- wget
- openssh-clients
- httpd-tools
- net-tools
- nfs-utils
- yum-utils
- openldap-clients
tags: rpm
- name: Install NetworkManager
yum:
name: NetworkManager
state: installed
tags: rpm,NetworkManager
- name: Make sure NetworkManager is enabled
service:
name: NetworkManager
state: started
enabled: yes
tags: rpm,NetworkManager
- name: Make sure the system is up-to-date
yum:
name: '*'
state: latest
tags: rpm
- name: Make sure the wildcard dns domain is defined in the inventory
assert:
that:
- openshift_master_default_subdomain is defined
msg: >
Please define the "openshift_master_default_subdomain" variable in your
inventory file!
tags: dns
- name: Check if the wildcard dns domain is working
command: 'host {{ sample_record }}'
vars:
sample_record: 'test-{{ ansible_date_time.epoch }}.{{ openshift_master_default_subdomain }}'
changed_when: false
tags: dns
- name: First, disable any repos (using subscription-manager)
command: subscription-manager repos --disable="*"
tags: rpm
- name: Make sure mandatory repos are enabled
command: subscription-manager repos --enable {{ item }}
with_items:
- rhel-7-server-rpms
- rhel-7-server-extras-rpms
- rhel-7-server-ose-{{ ocp_version }}-rpms
- rhel-7-fast-datapath-rpms # see https://access.redhat.com/solutions/3008401
- rhel-7-server-ansible-2.4-rpms
tags: rpm
- name: Install Docker
yum:
name: 'docker-{{ docker_version }}'
state: installed
tags: rpm,docker
- name: Find the filesystem hosting /var/lib/docker
command: df -k /var/lib/docker
register: df
changed_when: false
tags: docker
- name: Make sure the filesystem hosting /var/lib/docker is formatted as XFS
assert:
that:
- 'docker_filesystem == ''xfs'''
msg: "The filesystem holding /var/lib/docker must be formatted as XFS"
vars:
docker_mount_point: '{{ df.stdout_lines[1].split()[5] }}'
# TODO: replace match with "equalto" as soon as the Jinja shipped with RHEL is updated
docker_filesystem: '{{ ansible_mounts|selectattr(''mount'', ''match'', ''^'' ~ docker_mount_point ~ ''$'')|map(attribute=''fstype'' )|first }}'
tags: docker
- name: Stop Docker
service:
name: docker
state: stopped
enabled: yes
tags: docker
- name: Make sure overlayfs is enabled
lineinfile:
path: /etc/sysconfig/docker-storage
line: 'DOCKER_STORAGE_OPTIONS="--storage-driver overlay2"'
regexp: '^ *DOCKER_STORAGE_OPTIONS='
state: present
register: docker_storage
tags: docker
- name: Cleanup the Docker local storage
file:
path: /var/lib/docker
state: absent
tags: docker
when: docker_storage.changed
- name: Start Docker
service:
name: docker
state: started
enabled: yes
tags: docker
- name: Install atomic-openshift-utils
yum:
name: atomic-openshift-utils
state: installed
tags: rpm,openshift