From f7cad27a2036be75ca4d438ccc91c869607885c8 Mon Sep 17 00:00:00 2001 From: Adrien Date: Fri, 24 May 2019 19:06:21 +0200 Subject: [PATCH] Fist push --- defaults/main.yml | 1 + handlers/main.yml | 4 + meta/main.yml | 4 + tasks/main.yml | 59 ++++++++++++++ templates/etc/containerd/config.toml.j2 | 76 +++++++++++++++++++ .../etc/modules-load.d/br_netfilter.conf.j2 | 1 + templates/etc/modules-load.d/overlay.conf.j2 | 1 + vars/RedHat.yml | 5 ++ 8 files changed, 151 insertions(+) create mode 100644 defaults/main.yml create mode 100644 handlers/main.yml create mode 100644 meta/main.yml create mode 100644 tasks/main.yml create mode 100644 templates/etc/containerd/config.toml.j2 create mode 100644 templates/etc/modules-load.d/br_netfilter.conf.j2 create mode 100644 templates/etc/modules-load.d/overlay.conf.j2 create mode 100644 vars/RedHat.yml diff --git a/defaults/main.yml b/defaults/main.yml new file mode 100644 index 0000000..ed97d53 --- /dev/null +++ b/defaults/main.yml @@ -0,0 +1 @@ +--- diff --git a/handlers/main.yml b/handlers/main.yml new file mode 100644 index 0000000..f9a3cad --- /dev/null +++ b/handlers/main.yml @@ -0,0 +1,4 @@ +--- +- name: Restart containerd + service: name=containerd state=restarted + diff --git a/meta/main.yml b/meta/main.yml new file mode 100644 index 0000000..68cb2ed --- /dev/null +++ b/meta/main.yml @@ -0,0 +1,4 @@ +#--- +#dependencies: +# - { role: yumrepo } +# - { role: yum } diff --git a/tasks/main.yml b/tasks/main.yml new file mode 100644 index 0000000..a016480 --- /dev/null +++ b/tasks/main.yml @@ -0,0 +1,59 @@ +--- +- name: Include vars for {{ ansible_os_family }} + include_vars: "{{ ansible_os_family }}.yml" + +- name: Remove all other's containerd version packages + package: name="{{ containerd_remove_packages_name }}" state=absent update_cache=yes + +- name: Install containerd + package: name="{{ containerd_package_name }}" state=latest update_cache=yes + notify: Restart containerd + +- name: Enable containerd on boot + service: name=containerd state=started enabled=yes + +- sysctl: + name: "{{ item }}" + value: 1 + sysctl_file: /etc/sysctl.d/99-kubernetes-cri.conf + reload: yes + with_items: + - "net.bridge.bridge-nf-call-iptables" + - "net.ipv4.ip_forward" + - "net.bridge.bridge-nf-call-ip6tables" + +- name: Load kernel module + modprobe: + name: "{{ item }}" + state: present + with_items: + - br_netfilter + - overlay + +- name: Configuring kernel module to be load on boot + template: + src: "etc/modules-load.d/{{ item }}.conf.j2" + dest: "/etc/modules-load.d/{{ item }}.conf" + group: root + owner: root + mode: 0644 + with_items: + - "br_netfilter" + - "overlay" + +- name: Ensuring /etc/containerd folder exists + file: + path: "/etc/containerd" + state: "directory" + group: root + owner: root + mode: 0755 + +- name: Configuring containerd + template: + src: "etc/containerd/config.toml.j2" + dest: "/etc/containerd/config.toml" + group: root + owner: root + mode: 0644 + notify: Restart containerd diff --git a/templates/etc/containerd/config.toml.j2 b/templates/etc/containerd/config.toml.j2 new file mode 100644 index 0000000..7906026 --- /dev/null +++ b/templates/etc/containerd/config.toml.j2 @@ -0,0 +1,76 @@ +root = "/var/lib/containerd" +state = "/run/containerd" +oom_score = 0 + +[grpc] + address = "/run/containerd/containerd.sock" + uid = 0 + gid = 0 + max_recv_message_size = 16777216 + max_send_message_size = 16777216 + +[debug] + address = "" + uid = 0 + gid = 0 + level = "" + +[metrics] + address = "" + grpc_histogram = false + +[cgroup] + path = "" + +[plugins] + [plugins.cgroups] + no_prometheus = false + [plugins.cri] + stream_server_address = "127.0.0.1" + stream_server_port = "0" + enable_selinux = false + sandbox_image = "k8s.gcr.io/pause:3.1" + stats_collect_period = 10 + systemd_cgroup = true + enable_tls_streaming = false + max_container_log_line_size = 16384 + [plugins.cri.containerd] + snapshotter = "overlayfs" + no_pivot = false + [plugins.cri.containerd.default_runtime] + runtime_type = "io.containerd.runtime.v1.linux" + runtime_engine = "" + runtime_root = "" + [plugins.cri.containerd.untrusted_workload_runtime] + runtime_type = "" + runtime_engine = "" + runtime_root = "" + [plugins.cri.cni] + bin_dir = "/opt/cni/bin" + conf_dir = "/etc/cni/net.d" + conf_template = "" + [plugins.cri.registry] + [plugins.cri.registry.mirrors] + [plugins.cri.registry.mirrors."docker.io"] + endpoint = ["https://registry-1.docker.io"] + [plugins.cri.x509_key_pair_streaming] + tls_cert_file = "" + tls_key_file = "" + [plugins.diff-service] + default = ["walking"] + [plugins.linux] + shim = "containerd-shim" + runtime = "runc" + runtime_root = "" + no_shim = false + shim_debug = false + [plugins.opt] + path = "/opt/containerd" + [plugins.restart] + interval = "10s" + [plugins.scheduler] + pause_threshold = 0.02 + deletion_threshold = 0 + mutation_threshold = 100 + schedule_delay = "0s" + startup_delay = "100ms" diff --git a/templates/etc/modules-load.d/br_netfilter.conf.j2 b/templates/etc/modules-load.d/br_netfilter.conf.j2 new file mode 100644 index 0000000..a13fc17 --- /dev/null +++ b/templates/etc/modules-load.d/br_netfilter.conf.j2 @@ -0,0 +1 @@ +br_netfilter diff --git a/templates/etc/modules-load.d/overlay.conf.j2 b/templates/etc/modules-load.d/overlay.conf.j2 new file mode 100644 index 0000000..08047cf --- /dev/null +++ b/templates/etc/modules-load.d/overlay.conf.j2 @@ -0,0 +1 @@ +overlay diff --git a/vars/RedHat.yml b/vars/RedHat.yml new file mode 100644 index 0000000..71900ce --- /dev/null +++ b/vars/RedHat.yml @@ -0,0 +1,5 @@ +--- +containerd_package_name: + - containerd +containerd_remove_packages_name: + - containers.io