zhouyuhuan
/
Cloudpods


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256
							---
# - name: checking ports
#   include_role:
#     name: utils/misc-check

- name: output onecloud_version
  debug:
    var: onecloud_version

- name: output upgrade_onecloud_version
  debug:
    var: upgrade_onecloud_version
 
- name: Verify OS is not debian based when lbagent is enabled
  fail:
    msg: "Cannot deploy lbagent on Debian based OS (AppArmor enabled OS)"
  when:
    - enable_lbagent | default(false) | bool == true
    - ansible_os_family == 'Debian'

# 这里设置 primary_master_node_ip ，如果 primary_master_node_ip 不存在，则使用 hostvars[groups['primary_master_node'][0]]['node_ip']
- name: set primary_master_node_ip if not defined
  set_fact:
    primary_master_node_ip: "{{ hostvars[groups['primary_master_node'][0]]['node_ip'] }}"
  when:
  - online_status is defined
  - online_status == 'offline'
  - primary_master_node_ip is not defined
  - groups['primary_master_node'] is defined
  - groups['primary_master_node'] | length > 0

- name: set private registry dns record {{ primary_master_node_ip }} to /etc/hosts
  lineinfile:
    path: /etc/hosts
    line: "{{ primary_master_node_ip }} private-registry.onecloud"
    state: present
  when:
  - online_status is defined
  - online_status == 'offline'
  - primary_master_node_ip is defined

- name: Append win11_packages to common_packages if win11_packages is defined
  set_fact:
    common_packages: "{{ common_packages + win11_packages }}"
  when:
  - win11_packages is defined
  - common_packages is defined
  - (onecloud_version is version('v4.0', '>=') and upgrade_onecloud_version is not defined) or (upgrade_onecloud_version is defined and upgrade_onecloud_version is version('v4.0', '>='))

- name: Append qemu_10_packages to common_packages after version 4.0
  set_fact:
    common_packages: "{{ common_packages + qemu_10_packages }}"
  when:
  - qemu_10_packages is defined
  - common_packages is defined
  - (onecloud_version is version('v4.0', '>=') and upgrade_onecloud_version is not defined) or (upgrade_onecloud_version is defined and upgrade_onecloud_version is version('v4.0', '>='))

# onecloud/roles/common/tasks/
- name: "Import OS Arch tasks Common ({{ ansible_distribution }} {{ ansible_distribution_major_version }} {{ ansible_architecture }})"
  include_tasks: "{{ item }}"
  with_first_found:
  - files:
    - "{{ ansible_distribution | lower | regex_replace('[^a-zA-Z0-9 ]+|[ ]+$', '') | replace(' ','_') }}-{{ansible_distribution_release}}.yml"
    - "{{ ansible_distribution | lower |replace(' ', '_')}}_{{ ansible_distribution_major_version |lower }}_{{ ansible_architecture }}.yml"
    - "{{ ansible_distribution | lower |replace(' ', '_')}}_{{ ansible_distribution_major_version |lower }}.yml"
    - "{{ ansible_distribution | lower |replace(' ', '_')}}.yml"
    paths:
    - os

- name: Binary version check
  include_role:
    name: utils/bin-version-check
  when:
  - K3S_CMDLINE_PREFIX | default('') | length == 0

- name: reset iptables rules
  shell: |
    # backup iptable ruleset
    fn=/etc/iptables.backup.$(date +"%Y%m%d-%H%M%S")
    sudo iptables-save > "$fn"

    # reset iptable rules
    sudo iptables -t nat -F
    sudo iptables -t nat -X
    sudo iptables -t nat -P PREROUTING ACCEPT
    sudo iptables -t nat -P POSTROUTING ACCEPT
    sudo iptables -t nat -P OUTPUT ACCEPT
    sudo iptables -t mangle -F
    sudo iptables -t mangle -X
    sudo iptables -t mangle -P PREROUTING ACCEPT
    sudo iptables -t mangle -P INPUT ACCEPT
    sudo iptables -t mangle -P FORWARD ACCEPT
    sudo iptables -t mangle -P OUTPUT ACCEPT
    sudo iptables -t mangle -P POSTROUTING ACCEPT
    sudo iptables -F
    sudo iptables -X
    sudo iptables -P FORWARD ACCEPT
    sudo iptables -P INPUT ACCEPT
    sudo iptables -P OUTPUT ACCEPT
    sudo iptables -t raw -F
    sudo iptables -t raw -X
    sudo iptables -t raw -P PREROUTING ACCEPT
    sudo iptables -t raw -P OUTPUT ACCEPT
    sudo service iptables save || :
    sudo service iptables restart || :
  args:
    executable: /bin/bash

- name: Stop/Disable Depreciated Services If Any
  shell: |
    for service in yunion-host-image yunion-host-sdnagent firewalld
    do
      if [ -f /usr/lib/systemd/system/$service.service ]; then
        sudo systemctl disable --now $service
      fi
    done
  become: true
  args:
    executable: /bin/bash
  ignore_errors: yes
  changed_when: false
  failed_when: false

- name: Config NetworkManager
  include_role:
    name: utils/config-network-manager

- name: Load br_netfilter
  modprobe:
    name: "{{ item }}"
    state: present
  become: true
  loop:
  - br_netfilter
  - ip_conntrack

- name: Load br_netfilter at boot
  copy:
    owner: root
    group: root
    mode: "0644"
    dest: /etc/modules-load.d/kubernetes.conf
    content:
      br_netfilter
  become: true

- name: Change sysctl setting
  sysctl:
    name: "{{ item }}"
    value: "1"
    state: present
  become: true
  loop:
  - net.bridge.bridge-nf-call-iptables
  - net.bridge.bridge-nf-call-ip6tables
  - net.ipv4.ip_forward

- name: Change sysctl fs.inotify.max_user_watches
  sysctl:
    name: "fs.inotify.max_user_watches"
    value: "65536"
    state: present
  become: true

- name: Change sysctl fs.inotify.max_user_instances
  sysctl:
    name: "fs.inotify.max_user_instances"
    value: "8192"
    state: present
  become: true

- name: Disable systemd swap service
  shell: |
    dev=$(cat /proc/swaps |grep -v 'Filename' |wc -l)
    if [ "$dev" -eq 0 ]; then
      exit 0
    fi

    for i in $(systemctl --type swap --all|grep 'dev'|grep active |awk '{print $1}' ); do
        if [ -z "$i" ]; then
            continue
        fi
        systemctl stop "$i"
        systemctl mask "$i"
    done
    systemctl daemon-reload

    cp -fv /etc/fstab /etc/fstab.$(date +"%Y%m%d-%H%M%S").bak
    sed -i '/swap/ s/^#*/#/' -i /etc/fstab
  become: true
  args:
    executable: /bin/bash
  when:
  - is_debian_based is defined

#  https://github.com/kubernetes-retired/contrib/blob/master/ansible/roles/node/tasks/swapoff.yml
- name: Turn off swap mount
  mount:
    name: "{{ item }}"
    fstype: swap
    state: absent
  become: true
  with_items:
  - swap
  - none

- name: Turn off swap now
  command: swapoff -a
  become: true
  when: ansible_swaptotal_mb > 0

- name: Create sysconfig directory if does not exist
  file:
    path: /etc/sysconfig/modules/
    state: directory
    mode: '0755'
  become: true

- name: kernel module config
  include_role:
    name: utils/kernel-modules

# added to "k8s_docker.yml"

- name: include k8s docker if needed
  include_tasks: "k8s_docker.yml"
  when:
  - k8s_or_k3s | default('') == 'k8s'

- name: Export cloud bin path in /etc/profile
  lineinfile:
    dest: /etc/profile
    line: "export PATH=$PATH:/opt/yunion/bin"
    state: present
    create: yes
    regexp: '^export PATH=.*/opt/yunion/bin'
  become: true
  when: shell is undefined or shell == 'bash'

- name: Enable cloud systemd services
  service:
    name: "{{ item }}"
    enabled: yes
    state: started
  become: true
  loop:
  - yunion-executor

- name: Include cronjobs
  include_role:
    name: utils/cronjobs

- name: Install ceph and openvswitch scripts
  include_tasks: "symlink.yml"
  when:
  - (onecloud_version is version('v4.0', '>=') and upgrade_onecloud_version is not defined) or (upgrade_onecloud_version is defined and upgrade_onecloud_version is version('v4.0', '>='))