eparis / kubernetes-ansible Goto Github PK

View Code? Open in Web Editor NEW

336.0 336.0 136.0 587 KB

Ansible playbooks to build a kubernetes cluster from scratch

Shell 32.39% Python 67.61%

kubernetes-ansible's People

Contributors

Stargazers

Watchers

Forkers

scollier rainsome-org1 navidshaikh sidharta-s cakkineni mscherer wenboliu cgwalters ninthdecimal trinitronx daitak lotreal hedehung aweiteka jeffbean jsafrane decolounge stevenarmstrong zhilvis seanchann dlbewley casualuser matt-deboer chuanchang touqeerhussain ipv1337 miabbott jayunit100 eadmund looztra chiqing danielxiao lilwulin lalatendumohanty sac99 josafat anubhavsinha christian-posta kgrvamsi mba811 tianshangjun userguy binarytemple jkhelil wtcross cywin2011 neoseele beacloudgenius peterwillcn sguzwf vietwear mygoda jzkeiser dafushi ik3210 nuaays rhidayat1980 andrewkrug sebihiy zongyimin davidmr001 adriangprado aniamin ulaganathannamachivayam robinschens vanloswang boriszhangsec jeekchen dixudx hustbill jwood1 wyfaq optimum-web vaidyanath brucezu longzhang trishnaguha aantony2 guoyu07 ljlu1504 boboself star2one fouadsemaan pkloskowski ifa6 gaecom ip-2014 rohit9211 haufe-masierol lmasiero nnvema josefmittermeier tbadmus smileisak mecachoe wupeiran mgicode xingshanghe rockjava ogajvoronsky

kubernetes-ansible's Issues

from ansible_module_kube-caps import main\r\n ^\r\nSyntaxError: invalid syntax\r\n", "msg":

TASK [kubernetes : collect facts about the version of kubernetes] *****************************************************************************************************************************
fatal: [10.120.67.6]: FAILED! => {"changed": false, "failed": true, "module_stderr": "Shared connection to 10.120.67.6 closed.\r\n", "module_stdout": " File "/root/.ansible/tmp/ansible-tmp-1495077228.03-137794858440216/kube-caps.py", line 99\r\n from ansible_module_kube-caps import main\r\n ^\r\nSyntaxError: invalid syntax\r\n", "msg": "MODULE FAILURE", "rc": 0}

kubernetes package not found by yum

the kubernetes package is not found in the default yum repositories, the updates-testing repositories must be added when tunning the fedora task in the kubernetes role,
suggest to modify line:
yum: pkg=kubernetes state=latest

in
yum: pkg=kubernetes state=latest enablerepo=updates-testing

Old-network-config installation sets subnetwork address as bridge address

Hello,

In Dec 10 I have raised an issue on Kubernetes repository about ansible scripts. It was accepted and triaged... but recently I saw, that I have raised it in wrong repository ;)

Issue link: kubernetes/kubernetes#2826

I wanted to prepare fix and post pull-request, but I didn't have CLA signed with Google. Now I see that you have refactored those scripts - does this issue is still actual? Or maybe you plan to remove 'old-*' configs later?

Regards,
SK

Outdated version of Kubernetes in repo

@eparis

Thank you for the ansible configuration files. They were very helpful in creating a working kubernetes installation, but looks like the version of Kubernetes in the eparis repo (http://copr-be.cloud.fedoraproject.org/results/eparis/kubernetes-epel-7/epel-7-x86_64/) is outdated. Can you please let us know if that can be updated as it is causing us issues when using with api clients that support later version of kubernetes.

rhel subscription PR forces ~/rhn_username to exist

#16 breaks k-a for me in that now all of my hosts need to have two file named ~/rhn_username and ~/rhn_password even if I'm already subscribed, because the variables are evaluated before Ansible has a chance to determine I'm already subscribed.

I'm feeling that the problem of subscribing the host is not something k-a should attempt to address itself - we suggest you ensure the machines are set up beforehand for this.

dependency on quay.io

(I believe) prior to b02a1ac kubernetes-ansible was just retrieving packages (or in the case of Atomic, pre-baked hosts) from the target distribution. Now we're pulling in a Docker image from quay.io.

Eventually I'd like to have k-a support air-gapped installation - and a step towards that is to limit external dependencies (and ideally, ensure secure retrieval via a whitelist of GPG keys or the like, but Docker is a bit far from that now).

Load minion definition into masters failure

Master: Fedora 21
Minion: Fedora 21 Atomic

TASK: [master | Enable scheduler] *********************************************
ok: [172.18.17.3]

TASK: [master | Copy v1beta3 style minion definitions to master] **************
ok: [172.18.17.3] => (item=172.18.17.18)

TASK: [master | Copy old v1beta1 style minion definitions to master] **********
skipping: [172.18.17.3] => (item=172.18.17.18)

TASK: [master | Load minion definition into masters] **************************
failed: [172.18.17.3] => (item=172.18.17.18) => {"changed": false, "cmd": ["/usr/bin/kubectl", "create", "-f", "/tmp/node-172.18.17.18.json"], "delta": "0:00:12.262144", "end": "2015-05-21 19:27:51.591692", "failed": true, "failed_when_result": true, "item": "172.18.17.18", "rc": 1, "start": "2015-05-21 19:27:39.329548", "stdout_lines": [], "warnings": []}
stderr: Error: 501: All the given peers are not reachable (failed to propose on members [http://172.18.17.3:4001] twice [last error: Unexpected HTTP status code]) [0]

FATAL: all hosts have already failed -- aborting

PLAY RECAP ********************************************************************
           to retry, use: --limit @/root/setup.retry

172.18.17.18               : ok=9    changed=0    unreachable=0    failed=0
172.18.17.3                : ok=26   changed=0    unreachable=0    failed=1

retried manually

[root@kmaster kubernetes-ansible]# /usr/bin/kubectl create -f /tmp/node-172.18.17.18.json
Error: 501: All the given peers are not reachable (failed to propose on members [http://172.18.17.3:4001] twice [last error: Unexpected HTTP status code]) [0]
[root@kmaster kubernetes-ansible]# curl http://172.18.17.3:4001
404 page not found
[root@kmaster kubernetes-ansible]# etcd -version
etcd version 2.0.9

ERROR: kube-caps is not a legal parameter in an Ansible task or handler

Using Current Version from Git

root@docker:~/kubernetes-ansible# ansible-playbook -i inventory setup.yml
ERROR: kube-caps is not a legal parameter in an Ansible task or handler

fedora errors report on setup networks.

To set up a hackish static networking for the pods

Decide what /24 network each one of your minions should use to expose pods. You
need a /24 for EACH minion.
The network ranges you picked above go in their respective kube_ip_addr= vars.

in fedora 20 , came across below error

$ ansible-playbook -i inventory hack-network.yml

PLAY [minions] ****************************************************************

GATHERING FACTS ***************************************************************
ok: [10.3.10.62]
ok: [10.3.10.61]
ok: [10.3.10.63]

TASK: [network-hack-bridge | Create kubernetes bridge interface] **************
failed: [10.3.10.61] => {"cmd": "nmcli connection add type bridge ifname kbr0 con-name kubernetes-bridge ip4 10.0.1.1/24", "failed": true, "rc": 2}
msg: [Errno 2] No such file or directory
failed: [10.3.10.62] => {"cmd": "nmcli connection add type bridge ifname kbr0 con-name kubernetes-bridge ip4 10.0.2.1/24", "failed": true, "rc": 2}
msg: [Errno 2] No such file or directory
failed: [10.3.10.63] => {"cmd": "nmcli connection add type bridge ifname kbr0 con-name kubernetes-bridge ip4 10.0.3.1/24", "failed": true, "rc": 2}
msg: [Errno 2] No such file or directory

FATAL: all hosts have already failed -- aborting

PLAY RECAP ********************************************************************
           to retry, use: --limit @/Users/dxiao/hack-network.retry

10.3.10.61                 : ok=1    changed=0    unreachable=0    failed=1
10.3.10.62                 : ok=1    changed=0    unreachable=0    failed=1
10.3.10.63                 : ok=1    changed=0    unreachable=0    failed=1

Local image registry [feature]

I really liked how the Project Atomicgetting started guide setup a local caching-only Docker registry as part of the process. Caching images can save quite a bit of bandwidth and time.

Any chance such a feature could land in kubernetes-ansible?

one question

Hi Eric Paris,
I see you use variable in the file kubernetes-ansible/roles/master/templates/node.j2
I want to do that but failed like I described here:
kubernetes/kubernetes#38858

Will you please teach me where should I set the variable to let the template yaml file can resolve it.
Thank you!

We have moved ! :)

I guess its time to update the README with a single line:

WE HAVE MOVED HERE https://github.com/kubernetes/contrib/ - ansible

Step "Copy v1beta3 style minion definitions to master" is skipped at first run

this step is skipped at first run

TASK: [kubernetes | write the global config file] ***************************** 
ok: [10.66.11.39]

TASK: [kubernetes | collect facts about the version of kubernetes] ************ 
ok: [10.66.11.39]

TASK: [master | write the config files for api server] ************************ 
ok: [10.66.11.39]

TASK: [master | write the new style config file for controller-manager] ******* 
ok: [10.66.11.39]

TASK: [master | write the old style config file for controller-manager] ******* 
skipping: [10.66.11.39]

TASK: [master | write the config file for scheduler] ************************** 
ok: [10.66.11.39]

TASK: [master | Enable apiserver] ********************************************* 
changed: [10.66.11.39]

TASK: [master | Enable controller-manager] ************************************ 
ok: [10.66.11.39]

TASK: [master | Enable scheduler] ********************************************* 
ok: [10.66.11.39]

TASK: [master | Copy v1beta3 style minion definitions to master] ************** 
skipping: [10.66.11.39] => (item=10.66.11.39)
skipping: [10.66.11.39] => (item=10.66.8.218)

TASK: [master | Copy old v1beta1 style minion definitions to master] ********** 
ok: [10.66.11.39] => (item=10.66.11.39)
ok: [10.66.11.39] => (item=10.66.8.218)

TASK: [master | Load minion definition into masters] ************************** 
failed: [10.66.11.39] => (item=10.66.11.39) => {"changed": false, "cmd": ["/usr/bin/kubectl", "create", "-f", "/tmp/node-10.66.11.39.json"], "delta": "0:00:00.013871", "end": "2015-06-30 09:14:18.069847", "failed": true, "failed_when_result": true, "item": "10.66.11.39", "rc": 1, "start": "2015-06-30 09:14:18.055976", "stdout_lines": [], "warnings": []}
stderr: error: unable to load file "/tmp/node-10.66.11.39.json": unable to recognize "/tmp/node-10.66.11.39.json": no object named "Minion" is registered
error: no objects passed to create
failed: [10.66.11.39] => (item=10.66.8.218) => {"changed": false, "cmd": ["/usr/bin/kubectl", "create", "-f", "/tmp/node-10.66.8.218.json"], "delta": "0:00:00.013862", "end": "2015-06-30 09:14:18.387217", "failed": true, "failed_when_result": true, "item": "10.66.8.218", "rc": 1, "start": "2015-06-30 09:14:18.373355", "stdout_lines": [], "warnings": []}
stderr: error: unable to load file "/tmp/node-10.66.8.218.json": unable to recognize "/tmp/node-10.66.8.218.json": no object named "Minion" is registered
error: no objects passed to create

FATAL: all hosts have already failed -- aborting

it actually run at the second time

TASK: [master | Copy v1beta3 style minion definitions to master] ************** 
ok: [10.66.11.39] => (item=10.66.11.39)
ok: [10.66.11.39] => (item=10.66.8.218)

TASK: [master | Copy old v1beta1 style minion definitions to master] ********** 
skipping: [10.66.11.39] => (item=10.66.11.39)
skipping: [10.66.11.39] => (item=10.66.8.218)

TASK: [master | Load minion definition into masters] ************************** 
ok: [10.66.11.39] => (item=10.66.11.39)
ok: [10.66.11.39] => (item=10.66.8.218)

$ ansible-playbook -i inventory hack-network.yml

PLAY [minions] ****************************************************************

GATHERING FACTS ***************************************************************
ok: [10.3.10.61]
ok: [10.3.10.63]
ok: [10.3.10.62]

TASK: [network-hack-bridge | install NetworkManager] **************************
ok: [10.3.10.62]
ok: [10.3.10.63]
ok: [10.3.10.61]

TASK: [network-hack-bridge | Create kubernetes bridge interface] **************
failed: [10.3.10.61] => {"changed": true, "cmd": ["nmcli", "connection", "add", "type", "bridge", "ifname", "kbr0", "con-name", "kubernetes-bridge", "ip4", "10.0.1.1/24"], "delta": "0:00:00.019478", "end": "2014-10-04 05:02:04.718215", "rc": 9, "start": "2014-10-04 05:02:04.698737"}
stderr: Error: nmcli (0.9.9.0) and NetworkManager (unknown) versions don't match. Force execution using --nocheck, but the results are unpredictable.
failed: [10.3.10.62] => {"changed": true, "cmd": ["nmcli", "connection", "add", "type", "bridge", "ifname", "kbr0", "con-name", "kubernetes-bridge", "ip4", "10.0.2.1/24"], "delta": "0:00:00.019926", "end": "2014-10-04 05:02:05.026861", "rc": 9, "start": "2014-10-04 05:02:05.006935"}
stderr: Error: nmcli (0.9.9.0) and NetworkManager (unknown) versions don't match. Force execution using --nocheck, but the results are unpredictable.
failed: [10.3.10.63] => {"changed": true, "cmd": ["nmcli", "connection", "add", "type", "bridge", "ifname", "kbr0", "con-name", "kubernetes-bridge", "ip4", "10.0.3.1/24"], "delta": "0:00:00.026086", "end": "2014-10-04 05:02:05.377111", "rc": 9, "start": "2014-10-04 05:02:05.351025"}
stderr: Error: nmcli (0.9.9.0) and NetworkManager (unknown) versions don't match. Force execution using --nocheck, but the results are unpredictable.

FATAL: all hosts have already failed -- aborting

PLAY RECAP ********************************************************************
           to retry, use: --limit @/Users/dxiao/hack-network.retry

10.3.10.61                 : ok=2    changed=0    unreachable=0    failed=1
10.3.10.62                 : ok=2    changed=0    unreachable=0    failed=1
10.3.10.63                 : ok=2    changed=0    unreachable=0    failed=1

dxiao at localhost in ~/Documents/code/test/kubernetes-ansible on master*
$ ssh [email protected]
Last login: Sat Oct  4 05:02:04 2014 from vpn1-113-16.nay.redhat.com
[fedora@dxiao-fedora-kubernetes-3b5087ac-778c-4b18-9472-37ef90905252 ~]$ yum install NetworkManager
You need to be root to perform this command.
[fedora@dxiao-fedora-kubernetes-3b5087ac-778c-4b18-9472-37ef90905252 ~]$ sudo yum install NetworkManager
Package 1:NetworkManager-0.9.9.0-45.git20131003.fc20.x86_64 already installed and latest version
Nothing to do

script fails when node is rhel7 atomic

My .19 VM is a RHEL 7 Atomic host. Ansible fails here:
https://github.com/eparis/kubernetes-ansible/blob/master/roles/common/tasks/main.yml#L18

Node .19

-bash-4.2# cat /etc/redhat-release
Red Hat Enterprise Linux Atomic Host release 7.1

Ansible output:

TASK: [common | Set the is_atomic fact] ***************************************
ok: [xxx.xxx.xxx..18]
ok: [xxx.xxx.xxx..19]
ok: [xxx.xxx.xxx..15]

TASK: [common | Determine if RHEL7] *******************************************
ok: [xxx.xxx.xxx..19]
ok: [xxx.xxx.xxx..15]
ok: [xxx.xxx.xxx..18]

TASK: [common | Register for RHEL7] *******************************************
skipping: [xxx.xxx.xxx..18]
fatal: [xxx.xxx.xxx..19] => error while evaluating conditional: is_rhel7.rc == 0 and is_atomic.rc != 0
skipping: [xxx.xxx.xxx..15]