bea5825861
docker.io enforces harsh limits, use the ECR registry for juju images. Change-Id: Ibc808eaf99b40f197b7afbef315ee3d89af9a6a2
177 lines
4.8 KiB
YAML
177 lines
4.8 KiB
YAML
- name: snapd is installed
|
|
apt:
|
|
name: snapd
|
|
become: true
|
|
|
|
- name: nftables is installed
|
|
apt:
|
|
name: nftables
|
|
become: true
|
|
when: ansible_distribution_release == 'jammy'
|
|
|
|
- name: allow packets from pod cir
|
|
command: nft insert rule filter openstack-INPUT ip saddr 10.1.0.0/16 accept
|
|
become: true
|
|
when: ansible_distribution_release == 'jammy'
|
|
|
|
- name: allow packets to pod cir
|
|
command: nft insert rule filter openstack-INPUT ip daddr 10.1.0.0/16 accept
|
|
become: true
|
|
when: ansible_distribution_release == 'jammy'
|
|
|
|
- name: allow packets to metallb cir
|
|
command: nft insert rule filter openstack-INPUT ip daddr 10.170.0.248/29 accept
|
|
become: true
|
|
when: ansible_distribution_release == 'jammy'
|
|
|
|
- name: set microk8s related variables
|
|
set_fact:
|
|
microk8s_group: "{{ 'microk8s' if microk8s_classic_mode | default(true) else 'snap_microk8s' }}"
|
|
microk8s_command_escalation: "{{ false if microk8s_classic_mode | default(true) else true }}"
|
|
|
|
- name: microk8s is installed
|
|
snap:
|
|
name: microk8s
|
|
classic: "{{ microk8s_classic_mode | default(true) }}"
|
|
channel: "{{ microk8s_channel | default('latest/stable') }}"
|
|
become: true
|
|
|
|
- name: current user is in microk8s group
|
|
user:
|
|
name: "{{ ansible_user }}"
|
|
groups: "{{ microk8s_group }}"
|
|
append: true
|
|
become: true
|
|
|
|
- name: reset ssh connection to apply permissions from new group
|
|
meta: reset_connection
|
|
|
|
- name: microk8s status
|
|
block:
|
|
- name: microk8s status
|
|
command:
|
|
cmd: microk8s status --wait-ready --timeout 300
|
|
rescue:
|
|
- name: microk8s inspect
|
|
command:
|
|
cmd: microk8s inspect
|
|
become: "{{ microk8s_command_escalation }}"
|
|
- name: microk8s status
|
|
command:
|
|
# second chance to get status
|
|
cmd: microk8s status
|
|
|
|
- name: Create docker.io certs dir
|
|
when:
|
|
- docker_mirror is defined
|
|
file:
|
|
path: /var/snap/microk8s/current/args/certs.d/docker.io
|
|
state: directory
|
|
owner: root
|
|
group: "{{ microk8s_group }}"
|
|
mode: '0770'
|
|
|
|
- name: Render microk8s registry mirror template
|
|
when:
|
|
- docker_mirror is defined
|
|
template:
|
|
src: hosts.j2
|
|
dest: /var/snap/microk8s/current/args/certs.d/docker.io/hosts.toml
|
|
group: "{{ microk8s_group }}"
|
|
vars:
|
|
mirror_location: "{{ docker_mirror }}"
|
|
server: https://docker.io
|
|
|
|
- name: Check docker.io hosts.toml
|
|
when:
|
|
- docker_mirror is defined
|
|
command:
|
|
cmd: cat /var/snap/microk8s/current/args/certs.d/docker.io/hosts.toml
|
|
|
|
- name: microk8s is started
|
|
command:
|
|
cmd: microk8s start
|
|
become: "{{ microk8s_command_escalation }}"
|
|
|
|
- name: microk8s is running and ready
|
|
command:
|
|
cmd: microk8s status --wait-ready
|
|
register: res
|
|
failed_when: '"is running" not in res.stdout'
|
|
|
|
- name: microk8s dns addon is enabled
|
|
command:
|
|
cmd: microk8s enable dns
|
|
register: res
|
|
changed_when: '"already enabled" not in res.stdout'
|
|
become: "{{ microk8s_command_escalation }}"
|
|
|
|
- name: microk8s hostpath storage addon is enabled
|
|
command:
|
|
cmd: microk8s enable hostpath-storage
|
|
register: res
|
|
changed_when: '"already enabled" not in res.stdout'
|
|
become: "{{ microk8s_command_escalation }}"
|
|
|
|
- name: microk8s metallb addon is enabled
|
|
command:
|
|
# ip range is an arbitrary choice; may need to be changed later
|
|
cmd: microk8s enable metallb:10.170.0.248/29
|
|
register: res
|
|
changed_when: '"already enabled" not in res.stdout'
|
|
become: "{{ microk8s_command_escalation }}"
|
|
|
|
- name: microk8s addons are ready
|
|
command:
|
|
cmd: microk8s status --format short
|
|
register: res
|
|
retries: 18
|
|
delay: 10 # 18 * 10 = 3 minutes
|
|
until: >
|
|
"core/dns: enabled" in res.stdout and
|
|
"core/hostpath-storage: enabled" in res.stdout and
|
|
"core/metallb: enabled" in res.stdout
|
|
changed_when: res.attempts > 1
|
|
|
|
- name: juju is installed
|
|
snap:
|
|
name: juju
|
|
classic: "{{ juju_classic_mode | default(true) }}"
|
|
channel: "{{ juju_channel | default('latest/stable') }}"
|
|
become: true
|
|
|
|
- name: Ensure ~/.local/share directory exist
|
|
file:
|
|
path: ~/.local/share
|
|
state: directory
|
|
|
|
- name: juju is bootstrapped on microk8s
|
|
command:
|
|
cmd: juju bootstrap --config bootstrap-timeout=600 --config caas-image-repo="public.ecr.aws/juju" microk8s microk8s
|
|
register: res
|
|
retries: 3
|
|
delay: 10
|
|
until: >
|
|
"Bootstrap complete" in res.stderr or
|
|
"already exists" in res.stderr
|
|
failed_when: '"ERROR" in res.stderr and "already exists" not in res.stderr'
|
|
|
|
- name: run microk8s inspect
|
|
command:
|
|
cmd: microk8s inspect
|
|
become: "{{ microk8s_command_escalation }}"
|
|
changed_when: false
|
|
|
|
- name: current juju controller is microk8s
|
|
command:
|
|
cmd: juju switch microk8s
|
|
register: res
|
|
changed_when: '"no change" not in res.stderr'
|
|
|
|
- name: Collect snap versions
|
|
command: snap list
|
|
register: snap_out
|
|
|
|
- name: Show snap versions
|
|
debug: msg="{{ snap_out.stdout }}"
|