fix: problems found when deploying kubernetes 1.24.3 cluster

snowdrop · Aug 9, 2023 · 703e3ae · 703e3ae
1 parent 5c8f598
commit 703e3ae
Show file tree

Hide file tree

Showing 18 changed files with 737 additions and 138 deletions.
diff --git a/ansible/playbook/openstack/openstack_auth_passstore_v3password.yml b/ansible/playbook/openstack/openstack_auth_passstore_v3password.yml
@@ -0,0 +1,16 @@
+---
+- name: "OpenStack Authentication v3password"
+  hosts: localhost
+  gather_facts: false
+
+  tasks:
+    - name: "Set openstack_auth facts"
+      set_fact:
+        openstack_auth: 
+          openstack_project_name: "{{ query('passwordstore', 'openstack/host/project_name')[0] }}"
+          openstack_console_user:  "{{ query('passwordstore', 'openstack/host/console_user')[0] }}"
+          openstack_console_password: "{{ query('passwordstore', 'openstack/host/console_pw')[0] }}"
+          openstack_user_domain:  "{{ query('passwordstore', 'openstack/host/console_domain')[0] }}"
+          openstack_project_domain: "{{ query('passwordstore', 'openstack/host/os_domain')[0] }}"
+          openstack_os_auth_url: "{{ query('passwordstore', 'openstack/host/os_auth_url')[0] }}"
+...
diff --git a/ansible/playbook/openstack/openstack_vm_create_post_passwordstore.yml b/ansible/playbook/openstack/openstack_vm_create_post_passwordstore.yml
@@ -0,0 +1,72 @@
+---
+# Variables:
+#  - "vm_name": "n311-test"
+
+# tag::instanciate_rhos_auth[]
+- name: "Instanciate RHOS authentication"
+  ansible.builtin.import_playbook: "openstack_auth_passstore_v3password.yml"
+  vars:
+    vm_user: "snowdrop"
+    pass_provider: "openstack"
+# end::instanciate_rhos_auth[]
+
+- name: "Refresh inventory"
+  hosts: localhost
+  gather_facts: True
+
+  tasks:
+    - name: Refresh the inventory so the newly added host is available
+      meta: refresh_inventory
+
+    - name: "Post create actions"
+      ansible.builtin.debug:
+        msg: 
+          - "Next step is adding the host to the controller known hosts."
+          - "If it fails, because the VM is not started yet, it can be executed again manualy using the following command:"
+          - ""
+          - "ansible-playbook ansible/playbook/openstack/openstack_vm_create_post_passwordstore.yml -e vm_name={{ vm_name }}"
+
+    - name: "Add host to known hosts {{ hostvars[vm_name]['ansible_ssh_host'] }}"
+      ansible.builtin.known_hosts:
+        name: "{{ hostvars[vm_name]['ansible_ssh_host'] }}"
+        key: "{{ lookup('pipe', 'ssh-keyscan {{ hostvars[vm_name].ansible_ssh_host }}') }}"
+        hash_host: true
+
+- name:  "Wait for the VM to boot and we can ssh"
+  hosts: "{{ vm_name }}"
+  gather_facts: no
+
+  tasks:
+    - name: "Show 'Wait for connection to host' output"
+      debug:
+        msg: 
+          - "ip : {{ query('passwordstore', 'openstack/' + vm_name + '/ansible_ssh_host')[0] }}"
+          - "port : {{ query('passwordstore', 'openstack/' + vm_name + '/ansible_ssh_port')[0] }}"
+
+    - name: "Wait for connection to host"
+      ansible.builtin.wait_for:
+        host: "{{ query('passwordstore', 'openstack/' + vm_name + '/ansible_ssh_host')[0] }}"
+        port: "{{ query('passwordstore', 'openstack/' + vm_name + '/ansible_ssh_port')[0] }}"
+        timeout: 120
+      register: wait_for_connection_reg
+
+  post_tasks:
+    - name: "DON'T FORGET TO SECURE YOUR SERVER"
+      debug:
+        msg: "Trying to start start server securization automatically For manual execution: $ ansible-playbook ansible/playbook/sec_host.yml -e vm_name={{ vm_name }} -e provider=openstack"
+
+- name: "Openstack VM init"
+  hosts: "{{ vm_name }}"
+  gather_facts: yes
+
+  roles:
+    - role: "openstack/init_vm"
+
+- name: "Secure new server"
+  import_playbook: "../sec_host.yml"
+  vars:
+    provider: "openstack"
+    hosts: "{{ vm_name }}"
+    vm_name: "{{ vm_name }}"
+  tags: [always]
+...
diff --git a/ansible/playbook/passstore/passstore_controller_inventory.yml b/ansible/playbook/passstore/passstore_controller_inventory.yml
@@ -2,51 +2,55 @@
 # Required variables:
 #  . vm_name: Name of the vm
 #  . pass_provider: provider in the passstore project [hetzner]
-#  . k8s_type: Kubernetes host type [masters,nodes], empty for no k8s installation
-#  . k8s_version: Kubernetes version [117 ... 121], empty for no k8s installation
 - name: "Generate inventory files on the controller"
   hosts: localhost
   gather_facts: no
 
   pre_tasks:
-    # - name: "Validate required variables"
-    #   assert:
-    #     that:
-    #       - "vm_name is defined"
-    #       - "pass_provider is defined"
-    #       - "k8s_type is defined"
-    #       - "k8s_version is defined"
-    #     fail_msg: 
-    #       - "Required parameters:"
-    #       - "  vm_name: Name of the vm"
-    #       - "  pass_provider: provider in the passstore project [hetzner]"
-    #       - "  k8s_type: Kubernetes host type [masters,nodes], empty for no k8s installation"
-    #       - "  k8s_version: Kubernetes version [115,116], empty for no k8s installation"
+    - name: "Validate required variables"
+      assert:
+        that:
+          - "vm_name is defined"
+          - "pass_provider is defined"
+          - "pass_provider == 'hetzner' or pass_provider == 'openstack'"
+        fail_msg: 
+          - "Required parameters:"
+          - "  vm_name: Name of the vm"
+          - "  pass_provider: provider in the passstore project [hetzner,openstack]"
 
     - name: "Pull pass git database"
       shell: "git pull"
       args:
         chdir: "{{ lookup('env', 'PASSWORD_STORE_DIR') }}"
 
+    - name: "Print operation"
+      ansible.builtin.debug:
+        var: operation
+
   tasks:
-    - name: "Create inventory"
-      include_role:
-        name: "passstore/ansible_inventory"
-      vars:
-        pass_l1: "{{ pass_db_name | default('snowdrop') }}"
-        pass_l2: "{{ pass_provider | default('hetzner') }}"
-        pass_l3: "{{ vm_name }}"
-        operation: "create"
-      when: "operation is defined and operation == 'create' "
 
-    - name: "Build inventory"
-      include_role:
+    - name: "Print operation 2"
+      ansible.builtin.debug:
+        var: operation
+
+    - name: "Prepare inventory"
+      ansible.builtin.include_role:
         name: "passstore/ansible_inventory"
       vars:
         pass_l1: "{{ pass_db_name | default('snowdrop') }}"
-        pass_l2: "{{ pass_provider | default('hetzner') }}"
+        pass_l2: "{{ pass_provider | default('openstack') }}"
         pass_l3: "{{ vm_name }}"
-      when: "operation is undefined or operation != 'create'"
+    #     operation: "create"
+    #   when: "operation is defined and operation == 'create' "
+
+    # - name: "Build inventory"
+    #   include_role:
+    #     name: "passstore/ansible_inventory"
+    #   vars:
+    #     pass_l1: "{{ pass_db_name | default('snowdrop') }}"
+    #     pass_l2: "{{ pass_provider | default('hetzner') }}"
+    #     pass_l3: "{{ vm_name }}"
+    #   when: "operation is undefined or operation != 'create'"
 
     - name: "Add to k8s version"
       include_role:

diff --git a/ansible/roles/containerd/defaults/main.yml b/ansible/roles/containerd/defaults/main.yml
@@ -0,0 +1 @@
+cni_plugins_version: v1.3.0
diff --git a/ansible/roles/containerd/tasks/install.yml b/ansible/roles/containerd/tasks/install.yml
@@ -3,21 +3,21 @@
   template:
     src: "containerd.conf.j2"
     dest: "/etc/modules-load.d/containerd.conf"
-  become: yes
+  become: true
 
 - name: "modprobe overlay"
   shell: "modprobe overlay"
-  become: yes
+  become: true
 
 - name: "modprobe br_netfilter"
   shell: "modprobe br_netfilter"
-  become: yes
+  become: true
 
 - name: Install dependencies needed by containerd
   package:
     name: "{{ containerd_dependencies }}"
     state: present
-  become: yes
+  become: true
 
 - name: "Add docker repository"
   include_role:
@@ -28,39 +28,54 @@
   package:
     name: "{{ containerd_packages }}"
     state: present
-  become: yes
+  become: true
 
 - name: Ensures /etc/containerd dir exists
   file: 
     path: "/etc/containerd"
     state: "directory"
-  become: yes
+  become: true
 
 - name: "Configure containerd"
   shell: "containerd config default > /etc/containerd/config.toml"
-  become: yes
+  become: true
 
 - name: "Set root folder"
   lineinfile:
     path: "/etc/containerd/config.toml"
     regexp: '^root = "/var/lib/containerd"'
     line: 'root = "{{ containerd_root_dir }}"'
   when: "containerd_root_dir is defined"
-  become: yes
+  become: true
 
-- name: "Set cni folder"
-  lineinfile:
-    path: "/etc/containerd/config.toml"
-    regexp: '^      bin_dir = "/opt/cni/bin"'
-    line: '      bin_dir = "/usr/libexec/cni"'
-  become: yes
+# - name: "Set cni folder"
+#   lineinfile:
+#     path: "/etc/containerd/config.toml"
+#     regexp: '^      bin_dir = "/opt/cni/bin"'
+#     line: '      bin_dir = "/usr/libexec/cni"'
+#   become: true
+
+- name: Create CNI plugin folder
+  ansible.builtin.file:
+    mode: 0755
+    path: /opt/cni/bin
+    state: directory
+  become: true
+
+- name: Get CNI plugin for containerd
+  ansible.builtin.get_url:
+    url: "https://github.com/containernetworking/plugins/releases/download/{{ cni_plugins_version }}/cni-plugins-linux-amd64-{{ cni_plugins_version }}.tgz"
+    dest: /opt/cni/bin
+    mode: 0755
+  become: true
+
 
 - name: Start containerd
   systemd:
     state: restarted
     name: containerd
     enabled: yes
     daemon_reload: yes
-  become: yes
+  become: true
 
 ...
diff --git a/ansible/roles/k8s_cluster/defaults/main.yml b/ansible/roles/k8s_cluster/defaults/main.yml
@@ -5,8 +5,8 @@ remove: false
 remote: true
 
 ingress_host: "{{ ansible_ssh_host }}.nip.io"
-install_docker: false
-install_containerd: true
+# install_docker: false
+# install_containerd: true
 
 firewalld_public_ports:
   - 6443/tcp
@@ -24,3 +24,6 @@ pod_subnet: 10.244.0.0/16
 service_subnet: 10.96.0.0/12
 
 coreos_flannel_sha_commit: 2140ac876ef134e0ed5af15c65e414cf26827915
+
+calico_version: v3.26.1
+cp_name: control-plane