[EDGEPOD-226] Add installing strongswan to router role
Also fixed ansible-lint failures
Change-Id: I78fbab0a9e2f45ea4f5989c255f09b47ef01bdcc
diff --git a/aether-playbook/inventory/sample/group_vars/all.yml b/aether-playbook/inventory/sample/group_vars/all.yml
index c625f7f..97ccb41 100644
--- a/aether-playbook/inventory/sample/group_vars/all.yml
+++ b/aether-playbook/inventory/sample/group_vars/all.yml
@@ -34,7 +34,7 @@
docker_version: 18.06.3~ce~3-0~ubuntu
upf_sriov_enabled: true
-upf_sriov_pf: enp94s0f0
+upf_sriov_pf: ens802f0
# SGI and S1U addresses for spgwu
spgwu_sgi_ip: 192.168.250.4/24
@@ -43,15 +43,28 @@
# UE pool (DO NOT CHANGE)
ue_pool: 10.250.0.0/16
-# Enable to configure router to handle UE traffic to the Internet
-# Applicable only when using Ubuntu machine as a router now (VyOS is coming soon)
-router_setup_enabled: true
+# Configure VPN router
+# Only linux machine is supported as a router now (VyOS is coming soon)
router_type: linux
+
+# Enable to configure SGI and S1U network gateway and routings/SNAT for UE traffic
+router_enabled: true
sgi_gateway_ip: 192.168.250.254/24
s1u_gateway_ip: 192.168.251.254/24
-sgi_s1u_gateway_iface: enp94s0f0
+sgi_s1u_gateway_iface: ens802f0
netplan_config_file: /etc/netplan/sgi-s1u-gateway.yaml
+# Enable to configure IPSec tunnel to Aether Central
+vpn_enabled: true
+vpn_local_addr: 128.105.144.246
+vpn_local_id: 128.105.144.246
+# Provide management network and K8S pod/service ranges
+vpn_local_subnets: 10.212.73.0/24,10.56.0.0/16
+vpn_remote_addr: 34.94.146.56
+# Remote subnet (DO NOT CHANGE)
+vpn_remote_subnets: 10.168.0.0/20,10.45.0.0/16,10.52.0.0/16
+vpn_psk: T075X36ejt6qzaDHVG6Eunr6yynatdFI
+
rancher_cluster_token: #HIDDEN
rancher_ca_checksum: #HIDDEN
diff --git a/aether-playbook/inventory/sample/inventory.ini b/aether-playbook/inventory/sample/inventory.ini
index 1a8b175..e04694d 100644
--- a/aether-playbook/inventory/sample/inventory.ini
+++ b/aether-playbook/inventory/sample/inventory.ini
@@ -13,7 +13,7 @@
# limitations under the License.
# List of all nodes
-menlo-edge ansible_host=10.212.73.3
+menlo-edge ansible_host=10.92.1.32
# Specify a node to run k8s control plane and etcd
# Note that the number of the nodes must be odd
diff --git a/aether-playbook/inventory/template/group_vars/all.yml b/aether-playbook/inventory/template/group_vars/all.yml
index fe33ebd..d513188 100644
--- a/aether-playbook/inventory/template/group_vars/all.yml
+++ b/aether-playbook/inventory/template/group_vars/all.yml
@@ -30,7 +30,6 @@
docker_daemon_options:
insecure-registries:
- registry.central.aetherproject.net
- iptables: false
upf_sriov_enabled: true
upf_sriov_pf: #SET_VALUE
@@ -42,15 +41,31 @@
# UE pool (DO NOT CHANGE)
ue_pool: 10.250.0.0/16
-# Enable to configure router to handle UE traffic to the Internet
-# Applicable only when using Ubuntu machine as a router now (VyOS is coming soon)
-router_setup_enabled: #SET_VALUE (true or false)
+# Configure VPN router
+# Only linux machine is supported as a router now (VyOS is coming soon)
router_type: linux
-sgi_gateway_ip: #SET_VALUE
-s1u_gateway_ip: #SET_VALUE
-sgi_s1u_gateway_iface: #SET_VALUE
+
+# Enable to configure SGI and S1U network gateway and routings/SNAT for UE traffic
+router_enabled: #SET_VALUE (true or false)
+sgi_gateway_ip: #SET_VALUE (only required when router_enabled)
+s1u_gateway_ip: #SET_VALUE (only required when router_enabled)
+sgi_s1u_gateway_iface: #SET_VALUE (only required when router_enabled)
netplan_config_file: /etc/netplan/sgi-s1u-gateway.yaml
+# Enable to configure IPSec tunnel to Aether Central
+vpn_enabled: #SET_VALUE (true or false)
+# Provide IP address of the VPN server
+# Provide private address of the VPN server if it is behind NAT
+vpn_local_addr: #SET_VALUE (only required when vpn_enabled)
+# Provide public address of the VPN server
+vpn_local_id: #SET_VALUE (only required when vpn_enabled)
+# Provide management network and K8S pod/service ranges
+vpn_local_subnets: #SET_VALUE (only required when vpn_enabled)
+vpn_remote_addr: #SET_VALUE (only required when vpn_enabled)
+# Remote subnet (DO NOT CHANGE)
+vpn_remote_subnets: 10.168.0.0/20,10.45.0.0/16,10.52.0.0/16
+vpn_psk: #GET_VALUE_FROM_AETHER_TEAM
+
# Rancher cluster token and checksum (DO NOT CHANGE)
rancher_cluster_token: #GET_VALUE_FROM_AETHER_TEAM
rancher_ca_checksum: "7f7858afaa621e304d0d17fa22fd2005aa2f1acd0637f4026cab7bcc2fa43cd9"
diff --git a/aether-playbook/roles/k8s/tasks/docker.yml b/aether-playbook/roles/k8s/tasks/docker.yml
index 7d90bbb..619ab03 100644
--- a/aether-playbook/roles/k8s/tasks/docker.yml
+++ b/aether-playbook/roles/k8s/tasks/docker.yml
@@ -16,29 +16,26 @@
- name: Install dependencies for Docker
apt:
- name:
+ name: "{{ item }}"
+ state: present
+ with_items:
- apt-transport-https
- ca-certificates
- curl
- software-properties-common
- state: present
tags: docker
- name: Add Docker GPG key
- shell: |
- curl -sSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
- args:
- warn: false
+ apt_key:
+ url: https://download.docker.com/linux/ubuntu/gpg
+ state: present
tags: docker
- name: Add Docker repository
- shell: |
- add-apt-repository \
- "deb [arch=amd64] https://download.docker.com/linux/ubuntu \
- $(lsb_release -cs) \
- stable"
- args:
- warn: false
+ apt_repository:
+ repo: deb [arch=amd64] https://download.docker.com/linux/ubuntu {{ ansible_distribution_release }} stable
+ update_cache: yes
+ state: present
tags: docker
- name: Install Docker CE
@@ -51,7 +48,8 @@
- name: Add current user to "docker" group
user:
name: "{{ ansible_user }}"
- groups: docker
+ groups:
+ - docker
append: true
tags: docker
diff --git a/aether-playbook/roles/k8s/tasks/k8s.yml b/aether-playbook/roles/k8s/tasks/k8s.yml
index 1561d1a..1fc73f6 100644
--- a/aether-playbook/roles/k8s/tasks/k8s.yml
+++ b/aether-playbook/roles/k8s/tasks/k8s.yml
@@ -35,6 +35,7 @@
msg: k8s_roles {{ k8s_roles }}
tags: k8s
+# TODO: Wait until K8S cluster is ready
- name: Install k8s
command: >-
docker run -d --privileged --restart=unless-stopped --net=host
@@ -45,4 +46,5 @@
--token {{ rancher_cluster_token }}
--ca-checksum {{ rancher_ca_checksum }}
{{ k8s_roles }}
+ changed_when: False
tags: k8s
diff --git a/aether-playbook/roles/k8s/tasks/pre-install.yml b/aether-playbook/roles/k8s/tasks/pre-install.yml
index b0b2bfa..6f475e4 100644
--- a/aether-playbook/roles/k8s/tasks/pre-install.yml
+++ b/aether-playbook/roles/k8s/tasks/pre-install.yml
@@ -18,18 +18,25 @@
update_cache: yes
- name: Install ntp
- apt: name=ntp state=present
+ apt:
+ name: ntp
+ state: present
when: ntp_enabled | bool
tags: ntp
- name: Configure ntp file
- template: src=etc/ntp.conf.j2 dest=/etc/ntp.conf
+ template:
+ src: etc/ntp.conf.j2
+ dest: /etc/ntp.conf
when: ntp_enabled | bool
notify: restart ntp
tags: ntp
- name: Start the ntp service
- service: name=ntp state=started enabled=yes
+ service:
+ name: ntp
+ state: started
+ enabled: yes
when: ntp_enabled | bool
tags: ntp
diff --git a/aether-playbook/roles/reset/tasks/main.yml b/aether-playbook/roles/reset/tasks/main.yml
index ffb8922..043bec9 100644
--- a/aether-playbook/roles/reset/tasks/main.yml
+++ b/aether-playbook/roles/reset/tasks/main.yml
@@ -23,6 +23,7 @@
retries: 4
delay: 5
until: remove_all_containers.rc == 0
+ changed_when: False
tags: k8s
- name: Remove directories
@@ -45,4 +46,5 @@
- /var/log/containers
- /var/log/pods
- /var/run/calico
+ changed_when: False
tags: k8s
diff --git a/aether-playbook/roles/router/defaults/main.yml b/aether-playbook/roles/router/defaults/main.yml
index 6af6545..5987766 100644
--- a/aether-playbook/roles/router/defaults/main.yml
+++ b/aether-playbook/roles/router/defaults/main.yml
@@ -14,9 +14,18 @@
---
router_type: linux
-netplan_config_file: /etc/netplan/sgi-s1u-gateway.yaml
-# Provide below to run the playbook
+router_enabled: false
+# Provide below when router_enabled is true
+#netplan_config_file: /etc/netplan/sgi-s1u-gateway.yaml
#sgi_gateway_ip:
#s1u_gateway_ip:
#sgi_s1u_gateway_iface:
+
+vpn_enabled: false
+# Provide below when vpn_enabled is true
+#vpn_local_addr:
+#vpn_local_subnets:
+#vpn_remote_addr:
+#vpn_remote_subnets: 10.168.0.0/20,10.45.0.0/16,10.52.0.0/16
+#vpn_psk:
\ No newline at end of file
diff --git a/aether-playbook/roles/router/linux/handlers/main.yml b/aether-playbook/roles/router/linux/handlers/main.yml
index 6408d79..0796da0 100644
--- a/aether-playbook/roles/router/linux/handlers/main.yml
+++ b/aether-playbook/roles/router/linux/handlers/main.yml
@@ -18,3 +18,6 @@
- name: netplan apply
command: netplan apply
+
+- name: ipsec restart
+ command: ipsec restart
\ No newline at end of file
diff --git a/aether-playbook/roles/router/linux/tasks/interfaces.yml b/aether-playbook/roles/router/linux/tasks/interfaces.yml
new file mode 100644
index 0000000..a9406d8
--- /dev/null
+++ b/aether-playbook/roles/router/linux/tasks/interfaces.yml
@@ -0,0 +1,57 @@
+# Copyright 2020-present Open Networking Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+- name: Create netplan config file for SGI and S1U gateway interfaces
+ template:
+ src: etc/netplan/sgi-s1u-gateway.yaml.j2
+ dest: "{{ netplan_config_file }}"
+ notify:
+ - netplan generate
+ - netplan apply
+ tags: router
+
+- name: Install iptables-persistent
+ apt:
+ name: iptables-persistent
+ state: present
+ update_cache: yes
+ tags: router
+
+- name: Ensure ip_forward enabled
+ sysctl:
+ name: net.ipv4.ip_forward
+ value: '1'
+ sysctl_set: yes
+ state: present
+ tags: router
+
+- name: Set default forwarding policy to ACCEPT
+ iptables:
+ chain: FORWARD
+ policy: ACCEPT
+ tags: router
+
+- name: Add SNAT
+ iptables:
+ table: nat
+ chain: POSTROUTING
+ out_interface: "{{ ansible_default_ipv4.interface }}"
+ jump: MASQUERADE
+ tags: router
+
+- name: Save iptables v4 rules
+ shell: iptables-save > /etc/iptables/rules.v4
+ changed_when: False
+ tags: router
diff --git a/aether-playbook/roles/router/linux/tasks/ipsec-vpn.yml b/aether-playbook/roles/router/linux/tasks/ipsec-vpn.yml
new file mode 100644
index 0000000..86e7c30
--- /dev/null
+++ b/aether-playbook/roles/router/linux/tasks/ipsec-vpn.yml
@@ -0,0 +1,45 @@
+# Copyright 2020-present Open Networking Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+- name: Run "apt update"
+ apt:
+ update_cache: yes
+ tags: vpn
+
+- name: Install strongSwan
+ apt:
+ name: strongswan
+ state: present
+ tags: vpn
+
+- name: Start strongSwan
+ service:
+ name: strongswan
+ state: started
+ enabled: yes
+ tags: vpn
+
+- name: Create ipsec config and secrets file
+ template:
+ src: "{{ item.src }}"
+ dest: "{{ item.dest }}"
+ owner: root
+ group: root
+ mode: 0640
+ loop:
+ - { src: 'etc/ipsec.secrets.j2', dest: '/etc/ipsec.secrets' }
+ - { src: 'etc/ipsec.conf.j2', dest: '/etc/ipsec.conf' }
+ notify: ipsec restart
+ tags: vpn
diff --git a/aether-playbook/roles/router/linux/tasks/main.yml b/aether-playbook/roles/router/linux/tasks/main.yml
index c37bca1..6fb32aa 100644
--- a/aether-playbook/roles/router/linux/tasks/main.yml
+++ b/aether-playbook/roles/router/linux/tasks/main.yml
@@ -13,44 +13,10 @@
# limitations under the License.
---
-- name: Create netplan config file for SGI network gateway
- template:
- src: etc/netplan/sgi-s1u-gateway.yaml.j2
- dest: "{{ netplan_config_file }}"
- notify:
- - netplan generate
- - netplan apply
+- include_tasks: interfaces.yml
+ when: router_enabled | bool
tags: router
-- name: Install iptables-persistent
- apt:
- name: iptables-persistent
- state: present
- update_cache: yes
- tags: router
-
-- name: Ensure ip_forward enabled
- sysctl:
- name: net.ipv4.ip_forward
- value: '1'
- sysctl_set: yes
- state: present
- tags: router
-
-- name: Set default forwarding policy to ACCEPT
- iptables:
- chain: FORWARD
- policy: ACCEPT
- tags: router
-
-- name: Add SNAT
- iptables:
- table: nat
- chain: POSTROUTING
- out_interface: "{{ ansible_default_ipv4.interface }}"
- jump: MASQUERADE
- tags: router
-
-- name: Save iptables v4 rules
- shell: iptables-save > /etc/iptables/rules.v4
- tags: router
+- include_tasks: ipsec-vpn.yml
+ when: vpn_enabled | bool
+ tags: vpn
diff --git a/aether-playbook/roles/router/linux/templates/etc/ipsec.conf.j2 b/aether-playbook/roles/router/linux/templates/etc/ipsec.conf.j2
new file mode 100644
index 0000000..29acef9
--- /dev/null
+++ b/aether-playbook/roles/router/linux/templates/etc/ipsec.conf.j2
@@ -0,0 +1,42 @@
+# Copyright 2020-present Open Networking Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# basic configuration
+config setup
+ # strictcrlpolicy=yes
+ # uniqueids = no
+
+conn %default
+ ikelifetime=600m # 36,000s
+ keylife=180m # 10,800s
+ rekeymargin=3m
+ keyingtries=3
+ keyexchange=ikev2
+ mobike=no
+ ike=aes256gcm16-sha512-modp2048
+ esp=aes256gcm16-sha512-modp8192
+ authby=psk
+
+conn peer-aether-gcp-vpn-gateway
+ left={{ vpn_local_addr }}
+ leftid={{ vpn_local_id }}
+ leftsubnet={{ vpn_local_subnets }}
+ leftauth=psk
+ right={{ vpn_remote_addr }}
+ rightsubnet={{ vpn_remote_subnets }}
+ rightauth=psk
+ auto=start
+ type=tunnel
+ dpdaction=restart
+ closeaction=restart
diff --git a/aether-playbook/roles/router/meta/main.yml b/aether-playbook/roles/router/linux/templates/etc/ipsec.secrets.j2
similarity index 79%
copy from aether-playbook/roles/router/meta/main.yml
copy to aether-playbook/roles/router/linux/templates/etc/ipsec.secrets.j2
index 3c4fe58..b60cff9 100644
--- a/aether-playbook/roles/router/meta/main.yml
+++ b/aether-playbook/roles/router/linux/templates/etc/ipsec.secrets.j2
@@ -12,12 +12,4 @@
# See the License for the specific language governing permissions and
# limitations under the License.
----
-dependencies:
- - role: router/linux
- when:
- - router_type == 'linux'
-
-# - role: router/vyos
-# when:
-# - router_type == 'vyos'
+{{ vpn_local_addr}} {{ vpn_remote_addr }} : PSK "{{ vpn_psk }}"
\ No newline at end of file
diff --git a/aether-playbook/roles/router/meta/main.yml b/aether-playbook/roles/router/tasks/main.yml
similarity index 80%
copy from aether-playbook/roles/router/meta/main.yml
copy to aether-playbook/roles/router/tasks/main.yml
index 3c4fe58..a64cd53 100644
--- a/aether-playbook/roles/router/meta/main.yml
+++ b/aether-playbook/roles/router/tasks/main.yml
@@ -13,11 +13,18 @@
# limitations under the License.
---
-dependencies:
- - role: router/linux
+ - include_role:
+ name: router/linux
when:
- router_type == 'linux'
+ tags:
+ - router
+ - vpn
-# - role: router/vyos
+# - include_role:
+# name: router/vyos
# when:
# - router_type == 'vyos'
+# tags:
+# - router
+# - vpn
diff --git a/aether-playbook/roles/router/meta/main.yml b/aether-playbook/roles/sriov-dpdk/handlers/main.yml
similarity index 80%
rename from aether-playbook/roles/router/meta/main.yml
rename to aether-playbook/roles/sriov-dpdk/handlers/main.yml
index 3c4fe58..f10fbc7 100644
--- a/aether-playbook/roles/router/meta/main.yml
+++ b/aether-playbook/roles/sriov-dpdk/handlers/main.yml
@@ -13,11 +13,11 @@
# limitations under the License.
---
-dependencies:
- - role: router/linux
- when:
- - router_type == 'linux'
+- name: update grub
+ command: update-grub
-# - role: router/vyos
-# when:
-# - router_type == 'vyos'
+- name: enable sriov
+ systemd:
+ name: sriov
+ daemon_reload: true
+ enabled: yes
diff --git a/aether-playbook/roles/sriov-dpdk/tasks/main.yml b/aether-playbook/roles/sriov-dpdk/tasks/main.yml
index 7b70b0f..593386e 100644
--- a/aether-playbook/roles/sriov-dpdk/tasks/main.yml
+++ b/aether-playbook/roles/sriov-dpdk/tasks/main.yml
@@ -15,7 +15,9 @@
---
# Fail if VT-d is not enabled
- name: Ensure VT-d is enabled in BIOS
- shell: "dmesg | grep DMAR-IR"
+ shell: "set -o pipefail && dmesg | grep DMAR-IR"
+ args:
+ executable: /bin/bash
register: check_vt_d
changed_when: check_vt_d.rc != 0
failed_when: check_vt_d.rc != 0
@@ -32,12 +34,7 @@
- { regex: 'intel_iommu=on', context: 'intel_iommu=on' }
- { regex: 'hugepagesz=', context: 'hugepagesz=1G default_hugepagesz=1G hugepages=32' }
register: grub
- tags: sriov-dpdk
-
-- name: Update grub
- command: update-grub
- when: grub.changed
- register: update_grub
+ notify: update grub
tags: sriov-dpdk
- name: Load vfio_pci module to the kernel
@@ -55,9 +52,11 @@
tags: sriov-dpdk
- name: Check VFIO bind devices for DPDK
- shell: "ls -l /dev/vfio | wc -l"
+ shell: "set -o pipefail && ls -l /dev/vfio | wc -l"
+ args:
+ executable: /bin/bash
register: check_dpdk_bind
- changed_when: check_dpdk_bind.stdout | int < 4
+ changed_when: False
tags: sriov-dpdk
- name: Create SRIOV-DPDK service
@@ -69,15 +68,11 @@
- { src: 'usr/bin/sriov.sh.j2', dest: '/usr/bin/sriov.sh', mode: 'a+x' }
- { src: 'etc/systemd/system/sriov.service.j2', dest: '/etc/systemd/system/sriov.service', mode: 644 }
register: bind_dpdk
+ notify: enable sriov
when: check_dpdk_bind.stdout | int < 4
tags: sriov-dpdk
-- name: Enable SRIOV-DPDK service
- systemd:
- name: sriov
- daemon_reload: true
- enabled: yes
- when: bind_dpdk.changed
+- meta: flush_handlers
tags: sriov-dpdk
- name: Reboot machine
@@ -85,10 +80,10 @@
async: 1
poll: 0
ignore_errors: true
- when: update_grub.changed or bind_dpdk.changed
+ when: grub.changed or bind_dpdk.changed # noqa 503
tags: sriov-dpdk
-- name: Wait for server to restart successfully
+- name: Wait for server to restart
wait_for:
host: "{{ ansible_host }}"
search_regex: "OpenSSH"
@@ -101,7 +96,9 @@
tags: sriov-dpdk
- name: Ensure enough VFIO bind devices
- shell: "ls -l /dev/vfio | wc -l"
+ shell: "set -o pipefail && ls -l /dev/vfio | wc -l"
+ args:
+ executable: /bin/bash
register: confirm_dpdk_bind
changed_when: confirm_dpdk_bind.stdout | int < 4
failed_when: confirm_dpdk_bind.stdout | int < 4
diff --git a/aether-playbook/site.yml b/aether-playbook/site.yml
index 8edda32..6f3ab97 100644
--- a/aether-playbook/site.yml
+++ b/aether-playbook/site.yml
@@ -40,10 +40,11 @@
# 1) Assign SGI and S1U gateway address
# 2) Add routing to UE pool
# 3) Add SNAT rule for UE pool
+# 4) Install and configure VPN server
- hosts: router
any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
roles:
- - { role: router, when: router_setup_enabled }
+ - { role: router, when: router_enabled or vpn_enabled }
# K8S node setup
# 1) Time synch
diff --git a/interface-config/roles/interface-config/tasks/main.yml b/interface-config/roles/interface-config/tasks/main.yml
index dea3d3e..664b6ad 100644
--- a/interface-config/roles/interface-config/tasks/main.yml
+++ b/interface-config/roles/interface-config/tasks/main.yml
@@ -42,7 +42,7 @@
- name: Find management interfaces given management_net_kmods
when: ( configure_management_interfaces ) and ( management_net_kmods | length > 0 )
set_fact:
- management_net_interfaces: "{{ [ hostvars[inventory_hostname]['ansible_' ~ item[0]] ] | selectattr('module', 'defined') | selectattr('module', 'equalto', item[1]) | map(attribute='device') | list | union(management_net_interfaces) }}"
+ management_net_interfaces: "{{ [ hostvars[inventory_hostname]['ansible_' ~ item[0]] ] | selectattr('module', 'defined') | selectattr('module', 'equalto', item[1]) | map(attribute='device') | list | union(management_net_interfaces) }}" # noqa 204
with_nested:
- "{{ ansible_interfaces }}"
- "{{ management_net_kmods }}"
@@ -50,7 +50,7 @@
- name: Find management interfaces given management_net_hwaddrs
when: ( configure_management_interfaces ) and ( management_net_hwaddrs | length > 0 )
set_fact:
- management_net_interfaces: "{{ [ hostvars[inventory_hostname]['ansible_' ~ item[0]] ] | selectattr('macaddress', 'defined') | selectattr('macaddress', 'equalto', item[1]) | map(attribute='device') | list | union(management_net_interfaces) }}"
+ management_net_interfaces: "{{ [ hostvars[inventory_hostname]['ansible_' ~ item[0]] ] | selectattr('macaddress', 'defined') | selectattr('macaddress', 'equalto', item[1]) | map(attribute='device') | list | union(management_net_interfaces) }}" # noqa 204
with_nested:
- "{{ ansible_interfaces }}"
- "{{ management_net_hwaddrs }}"
@@ -59,7 +59,7 @@
- name: Find fabric interfaces given fabric_net_kmods
when: ( configure_fabric_interfaces ) and ( fabric_net_kmods | length > 0 )
set_fact:
- fabric_net_interfaces: "{{ [ hostvars[inventory_hostname]['ansible_' ~ item[0]] ] | selectattr('module', 'defined') | selectattr('module', 'equalto', item[1]) | map(attribute='device') | list | union(fabric_net_interfaces) }}"
+ fabric_net_interfaces: "{{ [ hostvars[inventory_hostname]['ansible_' ~ item[0]] ] | selectattr('module', 'defined') | selectattr('module', 'equalto', item[1]) | map(attribute='device') | list | union(fabric_net_interfaces) }}" # noqa 204
with_nested:
- "{{ ansible_interfaces }}"
- "{{ fabric_net_kmods }}"
@@ -67,7 +67,7 @@
- name: Find fabric interfaces given fabric_net_hwaddrs
when: ( configure_fabric_interfaces ) and ( fabric_net_hwaddrs | length > 0 )
set_fact:
- fabric_net_interfaces: "{{ [ hostvars[inventory_hostname]['ansible_' ~ item[0]] ] | selectattr('macaddress', 'defined') | selectattr('macaddress', 'equalto', item[1]) | map(attribute='device') | list | union(fabric_net_interfaces) }}"
+ fabric_net_interfaces: "{{ [ hostvars[inventory_hostname]['ansible_' ~ item[0]] ] | selectattr('macaddress', 'defined') | selectattr('macaddress', 'equalto', item[1]) | map(attribute='device') | list | union(fabric_net_interfaces) }}" # noqa 204
with_nested:
- "{{ ansible_interfaces }}"
- "{{ fabric_net_hwaddrs }}"
diff --git a/kubespray-installer/k8s-configs.yaml b/kubespray-installer/k8s-configs.yaml
index 9834363..a65d420 100644
--- a/kubespray-installer/k8s-configs.yaml
+++ b/kubespray-installer/k8s-configs.yaml
@@ -58,5 +58,5 @@
lineinfile:
path: inventories/{{ deployment_name }}/group_vars/k8s-cluster/k8s-cluster.yml
regexp: 'docker_options'
- line: "docker_options: \"{{ item }} --insecure-registry={{ '{{' }} kube_service_addresses {{ '}}' }} --graph={{ '{{' }} docker_daemon_graph {{ '}}' }} {{ '{{' }} docker_log_opts {{ '}}' }}\""
+ line: "docker_options: \"{{ item }} --insecure-registry={{ '{{' }} kube_service_addresses {{ '}}' }} --graph={{ '{{' }} docker_daemon_graph {{ '}}' }} {{ '{{' }} docker_log_opts {{ '}}' }}\"" # noqa 204
with_items: "{{ k8s_nodes.split(' ') | map('regex_replace', '(.*)', '--insecure-registry=\\1/32') | join(' ') }}"