split network plugins into distinct roles

roles/network_plugin/calico/defaults/main.yml

@@ -0,0 +1,2 @@
+---
+# cloud_provider: no

roles/network_plugin/calico/handlers/main.yml

@@ -0,0 +1,15 @@
+---
+- name: restart calico-node
+  command: /bin/true
+  notify:
+    - reload systemd
+    - reload calico-node
+
+- name : reload systemd
+  shell: systemctl daemon-reload
+  when: init_system == "systemd"
+
+- name: reload calico-node
+  service:
+    name: calico-node
+    state: restarted

roles/network_plugin/calico/tasks/main.yml

@@ -0,0 +1,125 @@
+---
+- name: Calico | Set docker daemon options
+  template:
+    src: docker
+    dest: "/etc/default/docker"
+    owner: root
+    group: root
+    mode: 0644
+  notify:
+    - restart docker
+
+- name: Calico | Write docker.service systemd file
+  template:
+    src: systemd-docker.service
+    dest: /lib/systemd/system/docker.service
+  notify: restart docker
+  when: init_system == "systemd"
+
+- meta: flush_handlers
+
+- name: Calico | Install calicoctl bin
+  command: rsync -piu "{{ local_release_dir }}/calico/bin/calicoctl" "{{ bin_dir }}/calicoctl"
+  register: calico_copy
+  changed_when: false
+
+- name: Calico | Install calico cni bin
+  command: rsync -piu "{{ local_release_dir }}/calico/bin/calico" "/opt/cni/bin/calico"
+  changed_when: false
+
+- name: Calico | Install calico-ipam cni bin
+  command: rsync -piu "{{ local_release_dir }}/calico/bin/calico" "/opt/cni/bin/calico-ipam"
+  changed_when: false
+
+- name: Calico | install calicoctl
+  file: path={{ bin_dir }}/calicoctl mode=0755 state=file
+
+- name: Calico | Create calicoctl symlink (needed by kubelet)
+  file:
+    src: /usr/local/bin/calicoctl
+    dest: /usr/bin/calicoctl
+    state: link
+
+- name: Calico | wait for etcd
+  wait_for:
+    port: 2379
+  when: inventory_hostname in groups['kube-master']
+
+- name: Calico | Check if calico network pool has already been configured
+  uri:
+    url: "http://127.0.0.1:2379/v2/keys/calico/v1/ipam/v4/pool"
+    return_content: yes
+    status_code: 200,404
+  register: calico_conf
+  run_once: true
+
+- name: Calico | Configure calico network pool for cloud
+  command: "calicoctl pool add {{ kube_pods_subnet }} --ipip --nat-outgoing"
+  run_once: true
+  when: calico_conf.status == 404 and cloud_provider is defined and cloud_provider == True
+
+- name: Calico | Configure calico network pool
+  command: "calicoctl pool add {{ kube_pods_subnet }}"
+  run_once: true
+  when: calico_conf.status == 404 and (cloud_provider is not defined or cloud_provider != True)
+
+- name: Calico | Get calico configuration from etcd
+  uri:
+    url: "http://127.0.0.1:2379/v2/keys/calico/v1/ipam/v4/pool"
+    return_content: yes
+  register: calico_pools
+  run_once: true
+
+- name: Calico | Check if calico pool is properly configured
+  fail:
+    msg: 'Only one network pool must be configured and it must be the subnet {{ kube_pods_subnet }}.
+    Please erase calico configuration and run the playbook again ("etcdctl rm --recursive /calico/v1/ipam/v4/pool")'
+  when: ( calico_pools.json['node']['nodes'] | length > 1 ) or
+        ( not calico_pools.json['node']['nodes'][0]['key'] | search(".*{{ kube_pods_subnet | ipaddr('network') }}.*") )
+  run_once: true
+
+- name: Calico | Write /etc/network-environment
+  template: src=network-environment.j2 dest=/etc/network-environment
+  when: init_system == "sysvinit"
+
+- name: Calico | Write calico-node systemd init file
+  template: src=calico-node.service.j2 dest=/etc/systemd/system/calico-node.service
+  when: init_system == "systemd"
+  notify: restart calico-node
+
+- name: Calico | Write calico-node initd script
+  template: src=deb-calico.initd.j2 dest=/etc/init.d/calico-node owner=root mode=0755
+  when: init_system == "sysvinit" and ansible_os_family == "Debian"
+  notify: restart calico-node
+
+- name: Calico | Write calico-node initd script
+  template: src=rh-calico.initd.j2 dest=/etc/init.d/calico-node owner=root mode=0755
+  when: init_system == "sysvinit" and ansible_os_family == "RedHat"
+  notify: restart calico-node
+
+- meta: flush_handlers
+
+- name: Calico | Enable calico-node
+  service:
+    name: calico-node
+    state: started
+    enabled: yes
+
+- name: Calico | Restart calico if binary changed
+  service:
+    name: calico-node
+    state: restarted
+  when: calico_copy.stdout_lines
+
+- name: Calico | Disable node mesh
+  shell: calicoctl bgp node-mesh off
+  environment:
+     ETCD_AUTHORITY: "127.0.0.1:2379"
+  when: peer_with_router|default(false) and inventory_hostname in groups['kube-node']
+
+- name: Calico | Configure peering with router(s)
+  shell: calicoctl node bgp peer add {{ item.router_id }} as {{ item.as }}
+  environment:
+     ETCD_AUTHORITY: "127.0.0.1:2379"
+  with_items: peers
+  when: peer_with_router|default(false) and inventory_hostname in groups['kube-node']

roles/network_plugin/calico/templates/calico-node.service.j2

@@ -0,0 +1,19 @@
+[Unit]
+Description=Calico per-node agent
+Documentation=https://github.com/projectcalico/calico-docker
+Requires=docker.service
+After=docker.service etcd.service
+
+[Service]
+User=root
+PermissionsStartOnly=true
+{% if inventory_hostname in groups['kube-node'] and peer_with_router|default(false)%}
+ExecStart={{ bin_dir }}/calicoctl node --ip={{ip | default(ansible_default_ipv4.address) }} --as={{ local_as }} --detach=false
+{%     else %}
+ExecStart={{ bin_dir }}/calicoctl node --ip={{ip | default(ansible_default_ipv4.address) }} --detach=false
+{%     endif %}
+Restart=always
+Restart=10
+
+[Install]
+WantedBy=multi-user.target

roles/network_plugin/calico/templates/deb-calico.initd.j2

@@ -0,0 +1,115 @@
+#!/bin/bash
+#
+### BEGIN INIT INFO
+# Provides:   calico-node
+# Required-Start:    $local_fs $network $syslog
+# Required-Stop:
+# Default-Start:     2 3 4 5
+# Default-Stop:      0 1 6
+# Short-Description: Calico docker container
+# Description:
+#   Runs calico as a docker container
+### END INIT INFO
+set -a
+
+PATH=/sbin:/usr/sbin:/bin:/usr/bin
+DESC="Calico-node Docker"
+NAME=calico-node
+DAEMON={{ bin_dir }}/calicoctl
+DAEMON_ARGS=""
+DOCKER=$(which docker)
+SCRIPTNAME=/etc/init.d/$NAME
+DAEMON_USER=root
+
+# Exit if the binary is not present
+[ -x "$DAEMON" ] || exit 0
+
+# Exit if the docker package is not installed
+[ -x "$DOCKER" ] || exit 0
+
+# Read configuration variable file if it is present
+[ -r /etc/network-environment ] && . /etc/network-environment
+
+# Define LSB log_* functions.
+# Depend on lsb-base (>= 3.2-14) to ensure that this file is present
+# and status_of_proc is working.
+. /lib/lsb/init-functions
+
+do_status()
+{
+    if [ $($DOCKER ps | awk '{ print $2 }' | grep calico/node | wc -l) -eq 1 ]; then
+        return 0
+    else
+        return 1
+    fi
+}
+
+# Function that starts the daemon/service
+#
+do_start()
+{
+    do_status
+    retval=$?
+    if [ $retval -ne 0 ]; then
+        ${DAEMON} node --ip=${DEFAULT_IPV4} >>/dev/null && return 0 || return 2
+    else
+        return 1
+    fi
+}
+
+#
+# Function that stops the daemon/service
+#
+do_stop()
+{
+    ${DAEMON} node stop >> /dev/null || ${DAEMON} node stop --force >> /dev/null
+}
+
+
+case "$1" in
+  start)
+        log_daemon_msg "Starting $DESC" "$NAME"
+        do_start
+        case "$?" in
+                0|1) log_end_msg 0 || exit 0 ;;
+                2) log_end_msg 1 || exit 1 ;;
+        esac
+        ;;
+  stop)
+        log_daemon_msg "Stopping $DESC" "$NAME"
+        if do_stop; then
+            log_end_msg 0
+        else
+            log_failure_msg "Can't stop calico-node"
+            log_end_msg 1
+        fi
+        ;;
+  status)
+        if do_status; then
+            log_end_msg 0
+        else
+            log_failure_msg "Calico-node is not running"
+            log_end_msg 1
+        fi
+        ;;
+
+  restart|force-reload)
+        log_daemon_msg "Restarting $DESC" "$NAME"
+        if do_stop; then
+            if do_start; then
+                log_end_msg 0
+                exit 0
+            else
+                rc="$?"
+            fi
+        else
+           rc="$?"
+        fi
+        log_failure_msg "Can't restart Calico-node"
+        log_end_msg ${rc}
+        ;;
+  *)
+        echo "Usage: $SCRIPTNAME {start|stop|status|restart|force-reload}" >&2
+        exit 3
+        ;;
+esac

roles/network_plugin/calico/templates/docker

@@ -0,0 +1,8 @@
+# Deployed by Ansible
+{% if init_system == "sysvinit" and kube_network_plugin == "flannel" and ansible_os_family == "Debian" %}
+DOCKER_OPTS="--bip={{ flannel_subnet }} --mtu={{ flannel_mtu }}"
+{% elif kube_network_plugin == "flannel" and ansible_os_family == "RedHat" %}
+DOCKER_NETWORK_OPTIONS="--bip={{ flannel_subnet }} --mtu={{ flannel_mtu }}"
+{% elif kube_network_plugin == "flannel" %}
+OPTIONS="--bip={{ flannel_subnet }} --mtu={{ flannel_mtu }}"
+{% endif %}

roles/network_plugin/calico/templates/network-environment.j2

@@ -0,0 +1,9 @@
+# This host's IPv4 address (the source IP address used to reach other nodes
+# in the Kubernetes cluster).
+DEFAULT_IPV4={{ip | default(ansible_default_ipv4.address) }}
+
+# The Kubernetes master IP
+KUBERNETES_MASTER={{ hostvars[groups['kube-master'][0]]['access_ip'] | default(hostvars[groups['kube-master'][0]]['ip'] | default(hostvars[groups['kube-master'][0]]['ansible_default_ipv4']['address'])) }}
+
+# IP and port of etcd instance used by Calico
+ETCD_AUTHORITY=127.0.0.1:2379

roles/network_plugin/calico/templates/rh-calico.initd.j2

@@ -0,0 +1,131 @@
+#!/bin/bash
+#
+#       /etc/rc.d/init.d/calico-node
+#
+# chkconfig:   2345 95 95
+# description: Daemon for calico-node (http://www.projectcalico.org/)
+set -a
+
+### BEGIN INIT INFO
+# Provides:       calico-node
+# Required-Start: $local_fs $network $syslog cgconfig
+# Required-Stop:
+# Should-Start:
+# Should-Stop:
+# Default-Start: 2 3 4 5
+# Default-Stop:  0 1 6
+# Short-Description: start and stop calico-node
+# Description:
+#   Manage calico-docker container
+### END INIT INFO
+
+# Source function library.
+. /etc/rc.d/init.d/functions
+
+prog="calicoctl"
+exec="{{ bin_dir }}/$prog"
+dockerexec="$(which docker)"
+logfile="/var/log/$prog"
+
+[ -e /etc/network-environment ] && for i in $(cat /etc/network-environment | egrep '(^$|^#)'); do export $i; done
+
+do_status()
+{
+    if [ $($dockerexec ps | awk '{ print $2 }' | grep calico/node | wc -l) -ne 1 ]; then
+        return 1
+    fi
+}
+
+do_start() {
+    if [ ! -x $exec ]; then
+      if [ ! -e $exec ]; then
+        echo "calico-node executable $exec not found"
+      else
+        echo "You do not have permission to execute the calico-node executable $exec"
+      fi	      
+      exit 5
+    fi
+
+    [ -x "$dockerexec" ] || exit 0
+
+    do_status
+    retval=$?
+    if [ $retval -ne 0 ]; then
+        printf "Starting $prog:\t"
+        echo "\n$(date)\n" >> $logfile
+        $exec node --ip=${DEFAULT_IPV4} &>>$logfile 
+        success
+        echo
+    else
+        echo -n "calico-node's already running"
+        success
+        exit 0
+    fi
+}
+
+do_stop() {
+    echo -n $"Stopping $prog: "
+    $exec node stop >> /dev/null || $exec node stop --force >> /dev/null
+    retval=$?
+    echo
+    return $retval
+}
+
+restart() {
+    do_stop
+    do_start
+}
+
+reload() {
+    restart
+}
+
+force_reload() {
+    restart
+}
+
+case "$1" in
+    start)
+        do_start
+        case "$?" in
+                0|1) success || exit 0 ;;
+                2) failure || exit 1 ;;
+        esac
+        ;;
+    stop)
+        echo -n "Stopping $DESC" "$NAME"
+        if do_stop; then
+            success
+            echo
+        else
+            echo -n "Can't stop calico-node"
+            failure
+            echo
+        fi
+        ;;
+    restart)
+        $1
+        ;;
+    reload)
+        $1
+        ;;
+    force-reload)
+        force_reload
+        ;;
+    status)
+        if do_status; then
+            echo -n "Calico-node is running"
+            success
+            echo
+        else
+            echo -n "Calico-node is not running"
+            failure
+            echo
+        fi
+        ;;
+    *)
+        echo $"Usage: $0 {start|stop|status|restart|reload|force-reload}"
+        exit 2
+esac
+
+exit $?

roles/network_plugin/calico/templates/systemd-docker.service

@@ -0,0 +1,34 @@
+[Unit]
+Description=Docker Application Container Engine
+Documentation=http://docs.docker.com
+{% if ansible_os_family == "RedHat" %}
+After=network.target
+Wants=docker-storage-setup.service
+{% elif ansible_os_family == "Debian" %}
+After=network.target docker.socket
+Requires=docker.socket
+{% endif %}
+
+[Service]
+Type=notify
+{% if ansible_os_family == "RedHat" %}
+EnvironmentFile=-/etc/sysconfig/docker
+EnvironmentFile=-/etc/sysconfig/docker-network
+EnvironmentFile=-/etc/sysconfig/docker-storage
+{% elif ansible_os_family == "Debian" %}
+EnvironmentFile=-/etc/default/docker
+{% endif %}
+Environment=GOTRACEBACK=crash
+ExecStart=/usr/bin/docker daemon \
+          $OPTIONS \
+          $DOCKER_STORAGE_OPTIONS \
+          $DOCKER_NETWORK_OPTIONS \
+          $INSECURE_REGISTRY
+LimitNOFILE=1048576
+LimitNPROC=1048576
+LimitCORE=infinity
+MountFlags=slave
+TimeoutStartSec=1min
+
+[Install]
+WantedBy=multi-user.target