diff --git a/Vagrantfile b/Vagrantfile index 09d8b9a7..3d019d70 100644 --- a/Vagrantfile +++ b/Vagrantfile @@ -1,44 +1,66 @@ # -*- mode: ruby -*- # vi: set ft=ruby : require 'yaml' +require 'fileutils' base_dir = File.expand_path(File.dirname(__FILE__)) conf = YAML.load_file(File.join(base_dir, "vagrant.yml")) groups = YAML.load_file(File.join(base_dir, "ansible-groups.yml")) -require File.join(base_dir, "vagrant_helper") +CONFIG_HELPER = File.join(base_dir, "vagrant_helper.rb") +CLOUD_CONFIG_PATH = File.join(base_dir, "user-data") + +if File.exist?(CONFIG_HELPER) + require CONFIG_HELPER +end # Vagrantfile API/syntax version. Don't touch unless you know what you're doing! VAGRANTFILE_API_VERSION = "2" -Vagrant.require_version ">= 1.7.0" +Vagrant.require_version ">= 1.8.0" Vagrant.configure(VAGRANTFILE_API_VERSION) do |config| - # if you want to use vagrant-cachier, - # please install vagrant-cachier plugin. - if Vagrant.has_plugin?("vagrant-cachier") - config.cache.enable :apt - config.cache.scope = :box + + config.vm.box = "coreos-%s" % conf['coreos_update_channel'] + #config.vm.box_version = ">= 877.1.0" + config.vm.box_url = "http://%s.release.core-os.net/amd64-usr/current/coreos_production_vagrant.json" % conf['coreos_update_channel'] + + if Vagrant.has_plugin?('vagrant-vbguest') then + config.vbguest.auto_update = false end - # throw error if vagrant-hostmanager not installed - unless Vagrant.has_plugin?("vagrant-hostmanager") - raise "vagrant-hostmanager plugin not installed" + config.hostmanager.enabled = false + + config.vm.provider :virtualbox do |vb| + # On VirtualBox, we don't have guest additions or a functional vboxsf + # in CoreOS, so tell Vagrant that so it can be smarter. + vb.check_guest_additions = false + vb.functional_vboxsf = false end - config.vm.box = "capgemini/apollo" - config.hostmanager.enabled = true - config.hostmanager.manage_host = true - config.hostmanager.include_offline = true config.ssh.insert_key = false # Common ansible groups. ansible_groups = groups['ansible_groups'] + # We need to use a custom python interpreter for CoreOS because there is no + # python installed on the system. + ansible_groups["all:vars"] = { + "ansible_python_interpreter" => "\"PATH=/home/core/bin:$PATH python\"" + } ansible_groups["mesos_masters"] = [] masters_conf = conf['masters'] masters_n = masters_conf['ips'].count master_infos = [] + # Mesos slave nodes + slaves_conf = conf['slaves'] + ansible_groups["mesos_slaves"] = [] + slave_n = slaves_conf['ips'].count + + # etcd discovery token + total_instances = slave_n + masters_n + etcd_discovery_token(total_instances) + # Mesos master nodes (1..masters_n).each { |i| @@ -61,7 +83,7 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config| machine.vm.hostname = node[:hostname] machine.vm.network :private_network, :ip => node[:ip] - vb.name = 'vagrant-mesos-' + node[:hostname] + vb.name = 'coreos-mesos-' + node[:hostname] vb.customize ["modifyvm", :id, "--memory", node[:mem], "--cpus", node[:cpus] ] end end @@ -83,19 +105,14 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config| consul_join: consul_join, consul_retry_join: consul_retry_join, mesos_master_quorum: conf['mesos_master_quorum'], - consul_bootstrap_expect: conf['consul_bootstrap_expect'] + consul_bootstrap_expect: conf['consul_bootstrap_expect'], + ansible_python_interpreter: 'PATH=/home/core/bin:$PATH python' } # Apollo environment variables apollo_vars = get_apollo_variables(ENV) # Add apollo variables to ansible ones ansible_extra_vars.merge!(apollo_vars) - # Mesos slave nodes - slaves_conf = conf['slaves'] - ansible_groups["mesos_slaves"] = [] - - slave_n = slaves_conf['ips'].count - (1..slave_n).each { |i| ip = slaves_conf['ips'][i - 1] @@ -109,39 +126,37 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config| # Add the node to the correct ansible group. ansible_groups["mesos_slaves"].push(node[:hostname]) + # Bootstrap the machines for CoreOS first + if File.exist?(CLOUD_CONFIG_PATH) + config.vm.provision :file, :source => "#{CLOUD_CONFIG_PATH}", :destination => "/tmp/vagrantfile-user-data" + config.vm.provision :shell, :inline => "mv /tmp/vagrantfile-user-data /var/lib/coreos-vagrant/", :privileged => true + end + + config.vm.provision :hostmanager + config.vm.define node[:hostname] do |cfg| cfg.vm.provider :virtualbox do |vb, machine| machine.vm.hostname = node[:hostname] machine.vm.network :private_network, :ip => node[:ip] - vb.name = 'vagrant-mesos-' + node[:hostname] + vb.name = 'coreos-mesos-' + node[:hostname] vb.customize ["modifyvm", :id, "--memory", node[:mem], "--cpus", node[:cpus] ] # We invoke ansible on the last slave with ansible.limit = 'all' # this runs the provisioning across all masters and slaves in parallel. if node[:hostname] == "slave#{slave_n}" + machine.vm.provision :ansible do |ansible| ansible.playbook = "site.yml" - ansible.sudo = true unless ENV['ANSIBLE_LOG'].nil? || ENV['ANSIBLE_LOG'].empty? - ansible.verbose = "#{ENV['ANSIBLE_LOG'].delete('-')}" + ansible.verbose = "#{ENV['ANSIBLE_LOG'].delete('-')}" end - ansible.groups = ansible_groups - ansible.limit = 'all' + ansible.groups = ansible_groups + ansible.limit = 'all' ansible.extra_vars = ansible_extra_vars end end end end } - - # If you want to use a custom `.dockercfg` file simply place it - # in this directory. - if File.exist?(".dockercfg") - config.vm.provision :shell, :priviledged => true, :inline => <<-SCRIPT - cp /vagrant/.dockercfg /root/.dockercfg - chmod 600 /root/.dockercfg - chown root /root/.dockercfg - SCRIPT - end end diff --git a/ansible-groups.yml b/ansible-groups.yml index 2f1afbbf..1a4f63ac 100644 --- a/ansible-groups.yml +++ b/ansible-groups.yml @@ -18,4 +18,4 @@ ansible_groups: "vagrant:children": - mesos_masters - mesos_slaves - - load_balancers \ No newline at end of file + - load_balancers diff --git a/ansible.cfg b/ansible.cfg index d72533a6..a2d5bf4c 100644 --- a/ansible.cfg +++ b/ansible.cfg @@ -4,6 +4,7 @@ record_host_keys = no jinja2_extensions = jinja2.ext.do timeout = 15 gathering = smart +roles_path = roles [ssh_connection] ssh_args = -o ControlMaster=auto -o ControlPersist=30m diff --git a/group_vars/all b/group_vars/all index 537e5bc6..23acf257 100644 --- a/group_vars/all +++ b/group_vars/all @@ -35,4 +35,4 @@ datadog_config: tags: "{{ mesos_cluster_name }}" log_level: INFO - +coreos_timezone: 'Europe/London' diff --git a/playbooks/coreos-bootstrap.yml b/playbooks/coreos-bootstrap.yml new file mode 100644 index 00000000..7643b712 --- /dev/null +++ b/playbooks/coreos-bootstrap.yml @@ -0,0 +1,14 @@ +- name: bootstrap coreos hosts + hosts: all + gather_facts: False + roles: + - coreos_bootstrap + - coreos_timezone + +- name: Install docker-py + hosts: all + gather_facts: False + tasks: + - pip: + name: docker-py + version: 1.5.0 diff --git a/requirements.yml b/requirements.yml new file mode 100644 index 00000000..8b5c7c1c --- /dev/null +++ b/requirements.yml @@ -0,0 +1,5 @@ +- src: mkaag.coreos-timezone + name: coreos_timezone + +- src: defunctzombie.coreos-bootstrap + name: coreos_bootstrap diff --git a/roles/cadvisor/tasks/main.yml b/roles/cadvisor/tasks/main.yml index 6c298820..9eaca3c8 100644 --- a/roles/cadvisor/tasks/main.yml +++ b/roles/cadvisor/tasks/main.yml @@ -1,35 +1,10 @@ # tasks for running cadvisor -- name: destroy old cadvisor container - when: cadvisor_rebuild_container|bool - docker: - name: cadvisor - image: "{{ cadvisor_image }}" - state: absent - tags: - - cadvisor - -- name: run cadvisor container - docker: - name: cadvisor - image: "{{ cadvisor_image }}" - state: started - restart_policy: "{{ cadvisor_restart_policy }}" - net: "{{ cadvisor_net }}" - hostname: "{{ cadvisor_hostname }}" - volumes: - - "/var/lib/docker/:/var/lib/docker:ro" - - "/:/rootfs:ro" - - "/var/run:/var/run:rw" - - "/sys:/sys:ro" - tags: - - cadvisor - -- name: upload cadvisor template service - template: - src: cadvisor.conf.j2 - dest: /etc/init/cadvisor.conf - mode: 0755 +- name: deploy cadvisor service sudo: yes + sudo_user: root + template: + src: cadvisor.service.j2 + dest: /etc/systemd/system/cadvisor.service tags: - cadvisor @@ -53,13 +28,13 @@ tags: - cadvisor -- name: Set cadvisor consul service definition - sudo: yes - template: - src: cadvisor-consul.j2 - dest: "{{ cadvisor_consul_dir }}/cadvisor.json" - notify: - - restart consul - when: cadvisor_enabled - tags: - - cadvisor +#- name: Set cadvisor consul service definition +# sudo: yes +# template: +# src: cadvisor-consul.j2 +# dest: "{{ cadvisor_consul_dir }}/cadvisor.json" +# notify: +# - restart consul +# when: cadvisor_enabled +# tags: +# - cadvisor diff --git a/roles/cadvisor/templates/cadvisor.service.j2 b/roles/cadvisor/templates/cadvisor.service.j2 new file mode 100644 index 00000000..81eb02cd --- /dev/null +++ b/roles/cadvisor/templates/cadvisor.service.j2 @@ -0,0 +1,27 @@ +[Unit] +Description=cadvisor +After=docker.service +Requires=docker.service + +[Service] +Restart=on-failure +RestartSec=20 +TimeoutStartSec=0 +EnvironmentFile=-/etc/environment +ExecStartPre=-/usr/bin/docker kill cadvisor +ExecStartPre=-/usr/bin/docker rm cadvisor +ExecStartPre=/usr/bin/docker pull {{ cadvisor_image }} +ExecStart=/usr/bin/docker run --name cadvisor \ +--restart={{ cadvisor_restart_policy }} \ +--net={{ cadvisor_net }} \ +--hostname={{ cadvisor_hostname }} \ +-v /var/lib/docker/:/var/lib/docker:ro \ +-v /:/rootfs:ro \ +-v /var/run:/var/run:rw \ +-v /sys:/sys:ro \ +{{ cadvisor_image }} + +ExecStop=/usr/bin/docker stop cadvisor + +[Install] +WantedBy=multi-user.target diff --git a/roles/consul/defaults/main.yml b/roles/consul/defaults/main.yml index 721472d6..558ac8b5 100644 --- a/roles/consul/defaults/main.yml +++ b/roles/consul/defaults/main.yml @@ -2,10 +2,20 @@ # defaults file for consul consul_dc: dc1 consul_servers_group: consul_servers +consul_bootstrap_expect: "{{ groups[consul_servers_group] | length }}" consul_advertise: "{{ ansible_ssh_host }}" +consul_config_dir: /etc/consul.d +consul_data_dir: /var/lib/consul +consul_atlas_join: false consul_bind_addr: "{{ ansible_default_ipv4.address }}" consul_retry_join: "{% for host in groups[consul_servers_group] %}\"{{ hostvars[host].ansible_default_ipv4.address }}\"{% if not loop.last %}, {% endif %}{% endfor %}" -consul_bootstrap_expect: "{{ groups[consul_servers_group] | length }}" consul_client_addr: "0.0.0.0" -consul_atlas_join: false consul_node_name: "{{ ansible_hostname }}" +consul_version: 0.6 +consul_image: " + {%- if inventory_hostname in groups[consul_servers_group] -%} + gliderlabs/consul-server:{{ consul_version }} + {%- else -%} + gliderlabs/consul-agent:{{ consul_version }} + {%- endif -%} +" diff --git a/roles/consul/handlers/main.yml b/roles/consul/handlers/main.yml index ac953416..d50d5eed 100644 --- a/roles/consul/handlers/main.yml +++ b/roles/consul/handlers/main.yml @@ -1,5 +1,6 @@ --- # handlers file for consul +# @todo - handle restarts properly (choose one approach here) - name: restart consul service: name: consul @@ -12,3 +13,7 @@ wait_for: host: "{{ consul_bind_addr }}" port: 8500 + +- name: restart consul systemd + sudo: yes + command: systemctl restart consul diff --git a/roles/consul/meta/main.yml b/roles/consul/meta/main.yml index 0db73efc..e3bee6cd 100644 --- a/roles/consul/meta/main.yml +++ b/roles/consul/meta/main.yml @@ -69,7 +69,7 @@ galaxy_info: # - 9.1 # - 9.1 # - 9.2 - - name: Ubuntu + - name: CoreOS versions: # - all # - lucid @@ -80,7 +80,7 @@ galaxy_info: # - quantal # - raring # - saucy - - trusty + # - trusty #- name: SLES # versions: # - all diff --git a/roles/consul/tasks/config.yml b/roles/consul/tasks/config.yml new file mode 100644 index 00000000..740a2f96 --- /dev/null +++ b/roles/consul/tasks/config.yml @@ -0,0 +1,22 @@ +- name: create consul dirs + sudo: yes + file: + path: "{{ item }}" + state: directory + mode: 0755 + with_items: + - "{{ consul_data_dir }}" + - "{{ consul_config_dir }}" + +- name: configure consul + sudo: yes + template: + src: consul.json.j2 + dest: /etc/consul.d/consul.json + owner: root + group: root + mode: 0644 + notify: + - restart consul + tags: + - consul diff --git a/roles/consul/tasks/main.yml b/roles/consul/tasks/main.yml index 5b115541..792dd674 100644 --- a/roles/consul/tasks/main.yml +++ b/roles/consul/tasks/main.yml @@ -1,34 +1,19 @@ --- -# tasks file for consul -- name: remove consul override - file: - path: /etc/init/consul.override - state: absent +- include: config.yml -- name: configure consul +- name: deploy consul service sudo: yes + sudo_user: root template: - src: consul.json.j2 - dest: /etc/consul.d/consul.json - owner: root - group: root - mode: 0644 + src: "{{ item.src }}" + dest: "{{ item.dest }}" + with_items: + - src: consul.service.j2 + dest: /etc/systemd/system/consul.service + - src: consul-discovery.service.j2 + dest: /etc/systemd/system/consul-discovery.service notify: - - restart consul - tags: - - consul - -- name: configure atlas for consul - sudo: yes - template: - src: atlas.json.j2 - dest: /etc/consul.d/atlas.json - owner: root - group: root - mode: 0644 - when: consul_atlas_join|bool - notify: - - restart consul + - restart consul systemd tags: - consul @@ -38,53 +23,18 @@ name: consul enabled: yes state: started - tags: - - consul - -# Give some time for leader election to occur -- name: wait for leader - wait_for: - host: "{{ consul_bind_addr }}" - port: 8301 - delay: 10 - tags: - - consul - -- name: remove consul-join override - file: - path: /etc/init/consul-join.override - state: absent - when: consul_join is defined - tags: - - consul - -- name: configure consul-join - sudo: yes - template: - src: consul-join.j2 - dest: /etc/service/consul-join - owner: root - group: root - mode: 0644 notify: - - restart consul - when: consul_join is defined + - restart consul systemd tags: - consul -# We need to force reload here because sometimes Consul gets in a weird -# state where it cannot elect a cluster leader. Simply restarting the service -# seems to allow it to recover automatically. -- name: force reload consul - sudo: yes - command: /sbin/restart consul - tags: - - consul - -- name: force wait for leader - wait_for: - host: "{{ consul_bind_addr }}" - port: 8301 - delay: 10 - tags: - - consul +#- name: enable consul-discovery +# sudo: yes +# service: +# name: consul-discovery +# enabled: yes +# state: started +# notify: +# - restart consul systemd +# tags: +# - consul diff --git a/roles/consul/templates/atlas.json.j2 b/roles/consul/templates/atlas.json.j2 deleted file mode 100644 index 31b23df2..00000000 --- a/roles/consul/templates/atlas.json.j2 +++ /dev/null @@ -1,5 +0,0 @@ -{ - "atlas_join": true, - "atlas_token": "{{ consul_atlas_token }}", - "atlas_infrastructure": "{{ consul_atlas_infrastructure }}" -} diff --git a/roles/consul/templates/consul-discovery.service.j2 b/roles/consul/templates/consul-discovery.service.j2 new file mode 100644 index 00000000..ebf3b3e7 --- /dev/null +++ b/roles/consul/templates/consul-discovery.service.j2 @@ -0,0 +1,13 @@ +[Unit] +Description=Consul Discovery +BindsTo=consul.service +After=consul.service + +[Service] +Restart=on-failure +EnvironmentFile=/etc/environment +ExecStart=/bin/sh -c "while true; do etcdctl mk /services/consul $COREOS_PUBLIC_IPV4 --ttl 60;/usr/bin/docker exec consul consul join $(etcdctl get /services/consul);sleep 45;done" +ExecStop=/usr/bin/etcdctl rm /services/consul --with-value %H + +[Install] +WantedBy=multi-user.target diff --git a/roles/consul/templates/consul-join.j2 b/roles/consul/templates/consul-join.j2 deleted file mode 100644 index 04fcfe0f..00000000 --- a/roles/consul/templates/consul-join.j2 +++ /dev/null @@ -1 +0,0 @@ -CONSUL_JOIN="{{ consul_join }}" diff --git a/roles/consul/templates/consul.json.j2 b/roles/consul/templates/consul.json.j2 index 49d713dc..6a5110ed 100644 --- a/roles/consul/templates/consul.json.j2 +++ b/roles/consul/templates/consul.json.j2 @@ -4,7 +4,6 @@ "node_name": "{{ consul_node_name }}", "domain": "{{ consul_domain }}", "rejoin_after_leave": true, - "bind_addr": "{{ consul_bind_addr }}", "client_addr": "{{ consul_client_addr }}", {% if consul_bootstrap_expect > 1 %} "retry_join": [ {{ consul_retry_join }} ], @@ -13,6 +12,11 @@ "server": true, "bootstrap_expect": {{ consul_bootstrap_expect }}, {% endif %} - "data_dir": "/var/lib/consul", - "ui_dir": "/opt/consul-ui" +{% if consul_atlas_join|bool %} + "atlas_join": true, + "atlas_token": "{{ consul_atlas_token }}", + "atlas_infrastructure": "{{ consul_atlas_infrastructure }}", +{% endif %} + "data_dir": "{{ consul_data_dir }}", + "ui_dir": "/ui" } diff --git a/roles/consul/templates/consul.service.j2 b/roles/consul/templates/consul.service.j2 new file mode 100644 index 00000000..6e92d676 --- /dev/null +++ b/roles/consul/templates/consul.service.j2 @@ -0,0 +1,39 @@ +[Unit] +Description=Consul +After=docker.service +Requires=docker.service + +[Service] +Restart=on-failure +TimeoutStartSec=0 +EnvironmentFile=/etc/environment +# make sure /etc/systemd/resolved.conf.d dir exists so we can add Consul's DNS resolver to system +ExecStartPre=/usr/bin/mkdir -p /etc/systemd/resolved.conf.d +ExecStartPre=-/usr/bin/docker kill consul +ExecStartPre=-/usr/bin/docker rm consul +ExecStartPre=-/bin/bash -c 'rm /etc/systemd/resolved.conf.d/00-consul-dns.conf && systemctl restart systemd-resolved' +ExecStartPre=/usr/bin/docker pull {{ consul_image }} +ExecStartPre=-/usr/bin/etcdctl mk /consul $COREOS_PUBLIC_IPV4 + +ExecStart=/usr/bin/bash -c "/usr/bin/docker run --rm --name consul \ +-h $(/usr/bin/cat /etc/hostname) \ +-v {{ consul_data_dir }}:/data \ +-v {{ consul_config_dir }}:/config \ +-v /var/run/docker.sock:/var/run/docker.sock \ +-p 8300:8300 \ +-p 8301:8301 \ +-p 8301:8301/udp \ +-p 8302:8302 \ +-p 8302:8302/udp \ +-p 8400:8400 \ +-p 8500:8500 \ +-p 53:8600/udp \ +{{ consul_image }}" + +ExecStartPost=/usr/bin/bash -c 'sleep 1; echo -e "[Resolve]\nDNS=$(docker inspect --format \'{% raw %}{{ .NetworkSettings.IPAddress }}{% endraw %}\' consul)" > /etc/systemd/resolved.conf.d/00-consul-dns.conf && systemctl restart systemd-resolved' + +ExecStop=/usr/bin/docker stop consul +ExecStopPost=/usr/bin/bash -c 'rm /etc/systemd/resolved.conf.d/00-consul-dns.conf && systemctl restart systemd-resolved' + +[Install] +WantedBy=multi-user.target diff --git a/roles/dcos_cli/tasks/apps.yml b/roles/dcos_cli/tasks/apps.yml index bf553319..bd69e91c 100644 --- a/roles/dcos_cli/tasks/apps.yml +++ b/roles/dcos_cli/tasks/apps.yml @@ -26,7 +26,7 @@ state: started command: "marathon {{ item.type }} add /config/{{ item.name }}.json" volumes: - - "/etc/marathon:/config" + - "/etc/marathon:/config" env: MESOS_MASTER_URL: "{{ dcos_cli_mesos_master_url }}" MARATHON_URL: "{{ dcos_cli_marathon_url }}" diff --git a/roles/dnsmasq/defaults/main.yml b/roles/dnsmasq/defaults/main.yml deleted file mode 100644 index ca9f04f1..00000000 --- a/roles/dnsmasq/defaults/main.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -# defaults file for dnsmasq -dnsmasq_config_folder: "/etc/dnsmasq.d" -dnsmasq_resolvconf_file: "{{ dnsmasq_config_folder }}/resolv.conf~" -dnsmasq_rebuild_container: false -dnsmasq_image: "andyshinn/dnsmasq" diff --git a/roles/dnsmasq/handlers/main.yml b/roles/dnsmasq/handlers/main.yml deleted file mode 100644 index 2d91440b..00000000 --- a/roles/dnsmasq/handlers/main.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -# handlers file for dnsmasq -- name: restart dnsmasq - service: - name: dnsmasq - state: restarted - sudo: yes - diff --git a/roles/dnsmasq/meta/main.yml b/roles/dnsmasq/meta/main.yml deleted file mode 100644 index 0db73efc..00000000 --- a/roles/dnsmasq/meta/main.yml +++ /dev/null @@ -1,127 +0,0 @@ ---- -galaxy_info: - author: Graham Taylor - description: - company: Capgemini - # Some suggested licenses: - # - BSD (default) - # - MIT - # - GPLv2 - # - GPLv3 - # - Apache - # - CC-BY - license: license (MIT) - min_ansible_version: 1.2 - # - # Below are all platforms currently available. Just uncomment - # the ones that apply to your role. If you don't see your - # platform on this list, let us know and we'll get it added! - # - platforms: - #- name: EL - # versions: - # - all - # - 5 - # - 6 - # - 7 - #- name: GenericUNIX - # versions: - # - all - # - any - #- name: Fedora - # versions: - # - all - # - 16 - # - 17 - # - 18 - # - 19 - # - 20 - #- name: SmartOS - # versions: - # - all - # - any - #- name: opensuse - # versions: - # - all - # - 12.1 - # - 12.2 - # - 12.3 - # - 13.1 - # - 13.2 - #- name: Amazon - # versions: - # - all - # - 2013.03 - # - 2013.09 - #- name: GenericBSD - # versions: - # - all - # - any - #- name: FreeBSD - # versions: - # - all - # - 8.0 - # - 8.1 - # - 8.2 - # - 8.3 - # - 8.4 - # - 9.0 - # - 9.1 - # - 9.1 - # - 9.2 - - name: Ubuntu - versions: - # - all - # - lucid - # - maverick - # - natty - # - oneiric - # - precise - # - quantal - # - raring - # - saucy - - trusty - #- name: SLES - # versions: - # - all - # - 10SP3 - # - 10SP4 - # - 11 - # - 11SP1 - # - 11SP2 - # - 11SP3 - #- name: GenericLinux - # versions: - # - all - # - any - #- name: Debian - # versions: - # - all - # - etch - # - lenny - # - squeeze - # - wheezy - # - # Below are all categories currently available. Just as with - # the platforms above, uncomment those that apply to your role. - # - categories: - - cloud - #- cloud:ec2 - #- cloud:gce - #- cloud:rax - #- clustering - #- database - #- database:nosql - #- database:sql - #- development - #- monitoring - #- networking - #- packaging - - system - #- web -dependencies: [] - # List your role dependencies here, one per line. Only - # dependencies available via galaxy should be listed here. - # Be sure to remove the '[]' above if you add dependencies - # to this list. diff --git a/roles/dnsmasq/tasks/main.yml b/roles/dnsmasq/tasks/main.yml deleted file mode 100644 index 6f156cfc..00000000 --- a/roles/dnsmasq/tasks/main.yml +++ /dev/null @@ -1,65 +0,0 @@ ---- -# tasks file for dnsmasq -- name: create dnsmasq config directory - file: - path: "/etc/dnsmasq.d" - state: directory - mode: 0755 - sudo: yes - tags: - - dnsmasq - -- name: configure consul resolution dnsmasq - sudo: yes - template: - src: 10-consul.j2 - dest: /etc/dnsmasq.d/10-consul - owner: root - group: root - mode: 0644 - notify: - - restart dnsmasq - tags: - - dnsmasq - -- name: destroy old dnsmasq container - when: dnsmasq_rebuild_container|bool - docker: - name: dnsmasq - image: "{{ dnsmasq_image }}" - state: absent - tags: - - dnsmasq - -# This should be using -cap-add=NET_ADMIN rather than privileged: true. -# This will be supported in Ansible 2.0 -- name: run dnsmasq container - docker: - name: dnsmasq - image: "{{ dnsmasq_image }}" - state: started - net: "host" - privileged: true - volumes: - - "{{ dnsmasq_config_folder }}/:{{ dnsmasq_config_folder }}/" - ports: - - "53:53/tcp" - - "53:53/udp" - command: "-r {{ dnsmasq_resolvconf_file }} --conf-dir={{ dnsmasq_config_folder }}" - -- name: upload dnsmasq template service - template: - src: dnsmasq.conf.j2 - dest: /etc/init/dnsmasq.conf - mode: 0755 - sudo: yes - tags: - - dnsmasq - -- name: ensure dnsmasq is running (and enable it at boot) - service: - name: dnsmasq - state: started - enabled: yes - tags: - - dnsmasq diff --git a/roles/dnsmasq/templates/10-consul.j2 b/roles/dnsmasq/templates/10-consul.j2 deleted file mode 100644 index 12c2d27b..00000000 --- a/roles/dnsmasq/templates/10-consul.j2 +++ /dev/null @@ -1,3 +0,0 @@ -{% for host in groups['consul_servers'] %} -server=/{{ consul_domain }}/{{ hostvars[host]['ansible_ssh_host'] }}#8600 -{% endfor %} diff --git a/roles/dnsmasq/templates/dnsmasq.conf.j2 b/roles/dnsmasq/templates/dnsmasq.conf.j2 deleted file mode 100644 index 092e673f..00000000 --- a/roles/dnsmasq/templates/dnsmasq.conf.j2 +++ /dev/null @@ -1,18 +0,0 @@ -description "dnsmasq container" - -start on started docker -stop on stopping docker - -pre-start script -sudo resolvconf -u -sudo cat /run/resolvconf/resolv.conf > {{ dnsmasq_resolvconf_file }} -sudo sed -i '1s/^/nameserver 127.0.0.1\n/' /run/resolvconf/resolv.conf -end script - -script - /usr/bin/docker start -a dnsmasq -end script - -respawn -respawn limit 10 10 -kill timeout 10 diff --git a/roles/dnsmasq/vars/main.yml b/roles/dnsmasq/vars/main.yml deleted file mode 100644 index 31b34488..00000000 --- a/roles/dnsmasq/vars/main.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -# vars file for dnsmasq diff --git a/roles/docker/handlers/main.yml b/roles/docker/handlers/main.yml index 5a5a190a..1bdc6712 100644 --- a/roles/docker/handlers/main.yml +++ b/roles/docker/handlers/main.yml @@ -1,7 +1,7 @@ --- # handlers file for docker - name: restart docker + sudo: yes service: name: docker state: restarted - sudo: yes diff --git a/roles/docker/meta/main.yml b/roles/docker/meta/main.yml index 0db73efc..e3bee6cd 100644 --- a/roles/docker/meta/main.yml +++ b/roles/docker/meta/main.yml @@ -69,7 +69,7 @@ galaxy_info: # - 9.1 # - 9.1 # - 9.2 - - name: Ubuntu + - name: CoreOS versions: # - all # - lucid @@ -80,7 +80,7 @@ galaxy_info: # - quantal # - raring # - saucy - - trusty + # - trusty #- name: SLES # versions: # - all diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml index 7cef0ed2..3444b58c 100644 --- a/roles/docker/tasks/main.yml +++ b/roles/docker/tasks/main.yml @@ -1,42 +1,37 @@ --- # tasks file for docker -- name: remove docker override - file: - path: /etc/init/docker.override - state: absent - notify: - - restart docker - tags: - - docker - -- name: configure docker graph directory +- name: configure docker consul dns sudo: yes lineinfile: - dest: /etc/default/docker + dest: /etc/sysconfig/docker + regexp: ^OPTIONS= + line: 'OPTIONS=\"--storage-driver=overlay --graph={{ docker_graph_dir }} --dns 172.17.0.1 --dns 8.8.8.8 --dns-search service.{{ consul_domain }} \"' state: present - regexp: ^DOCKER_OPTS=.*--graph.* - line: 'DOCKER_OPTS=\"$DOCKER_OPTS --storage-driver=overlay --graph={{ docker_graph_dir }} --dns 172.17.0.1 --dns 8.8.8.8 --dns-search service.{{ consul_domain }} \"' + create: yes notify: - restart docker + tags: + - docker -- name: configure docker temporary directory - sudo: yes - lineinfile: - dest: /etc/default/docker - state: present - line: 'DOCKER_TMPDIR=\"{{ docker_tmp_dir }}\"' - notify: - - restart docker +#- name: configure docker temporary directory +# sudo: yes +# lineinfile: +# dest: /etc/sysconfig/docker +# state: present +# line: 'DOCKER_TMPDIR=\"{{ docker_tmp_dir }}\"' +# notify: +# - restart docker -- name: configure docker proxy - sudo: yes - lineinfile: - dest: /etc/default/docker - state: present - line: 'export http_proxy=\"{{ http_proxy }}\"' - when: http_proxy is defined and http_proxy != '' +#- name: configure docker proxy +# sudo: yes +# lineinfile: +# dest: /etc/sysconfig/docker +# state: present +# line: 'export http_proxy=\"{{ http_proxy }}\"' +# when: http_proxy is defined and http_proxy != '' - name: ensure docker is running (and enable it at boot) + sudo: yes service: name: docker state: started diff --git a/roles/haproxy/tasks/main.yml b/roles/haproxy/tasks/main.yml index fdb7d597..0b4acfdb 100644 --- a/roles/haproxy/tasks/main.yml +++ b/roles/haproxy/tasks/main.yml @@ -1,6 +1,7 @@ --- # tasks file for haproxy - name: "assures {{ consul_template_dir }} dirs exists" + sudo: yes file: path: "{{ consul_template_dir }}/{{ item.path }}" state: directory diff --git a/roles/marathon/handlers/main.yml b/roles/marathon/handlers/main.yml index 30cb3a69..f4c6f93e 100644 --- a/roles/marathon/handlers/main.yml +++ b/roles/marathon/handlers/main.yml @@ -1,4 +1,10 @@ --- # handlers file for marathon - name: wait for marathon to listen - command: /usr/local/bin/marathon-wait-for-listen.sh \ No newline at end of file + command: /usr/local/bin/marathon-wait-for-listen.sh + +- name: restart marathon + sudo: yes + service: + name: marathon + state: restarted diff --git a/roles/marathon/meta/main.yml b/roles/marathon/meta/main.yml index f0aaf760..335171ad 100644 --- a/roles/marathon/meta/main.yml +++ b/roles/marathon/meta/main.yml @@ -69,7 +69,7 @@ galaxy_info: # - 9.1 # - 9.1 # - 9.2 - - name: Ubuntu + - name: CoreOS versions: # - all # - lucid @@ -80,7 +80,7 @@ galaxy_info: # - quantal # - raring # - saucy - - trusty + # - trusty #- name: SLES # versions: # - all diff --git a/roles/marathon/tasks/main.yml b/roles/marathon/tasks/main.yml index 5d62c454..fcea50b3 100644 --- a/roles/marathon/tasks/main.yml +++ b/roles/marathon/tasks/main.yml @@ -1,12 +1,3 @@ -- name: install wait script - sudo: yes - template: - src: marathon-wait-for-listen.sh.j2 - dest: /usr/local/bin/marathon-wait-for-listen.sh - mode: 0755 - tags: - - marathon - - name: create marathon artifact store directory when: marathon_artifact_store_dir is defined file: @@ -17,39 +8,14 @@ tags: - marathon -- name: destroy old marathon container - when: marathon_rebuild_container|bool - docker: - name: marathon - image: "{{ marathon_image }}" - state: absent - -- name: run marathon container - docker: - name: marathon - image: "{{ marathon_image }}" - state: started - restart_policy: "{{ marathon_restart_policy }}" - ports: - - "{{ marathon_port }}:{{ marathon_port }}" - expose: - - "{{ marathon_port }}" - net: "{{ marathon_net }}" - command: "{{ marathon_command }}" - volumes: - - "{{ marathon_artifact_store_dir }}:/store" - memory_limit: "{{ marathon_container_memory_limit }}" - env: - JAVA_OPTS: "{{ marathon_java_settings }}" - notify: - - wait for marathon to listen - -- name: upload marathon template service - template: - src: marathon.conf.j2 - dest: /etc/init/marathon.conf - mode: 0755 +- name: deploy marathon service sudo: yes + sudo_user: root + template: + src: marathon.service.j2 + dest: "/etc/systemd/system/marathon.service" + notify: + - restart marathon tags: - marathon @@ -65,10 +31,10 @@ tags: - marathon -- name: Set marathon consul service definition - sudo: yes - template: - src: marathon-consul.j2 - dest: "{{ marathon_consul_dir }}/marathon.json" - notify: - - restart consul +#- name: Set marathon consul service definition +# sudo: yes +# template: +# src: marathon-consul.j2 +# dest: "{{ marathon_consul_dir }}/marathon.json" +# notify: +# - restart consul diff --git a/roles/marathon/templates/marathon.conf.j2 b/roles/marathon/templates/marathon.conf.j2 deleted file mode 100644 index 757d1a6f..00000000 --- a/roles/marathon/templates/marathon.conf.j2 +++ /dev/null @@ -1,12 +0,0 @@ -description "Marathon container" - -start on started docker -stop on stopping docker - -script - /usr/bin/docker start -a marathon -end script - -respawn -respawn limit 10 10 -kill timeout 10 diff --git a/roles/marathon/templates/marathon.service.j2 b/roles/marathon/templates/marathon.service.j2 new file mode 100644 index 00000000..5126f6cc --- /dev/null +++ b/roles/marathon/templates/marathon.service.j2 @@ -0,0 +1,28 @@ +[Unit] +Description=Marathon +After=docker.service +Requires=docker.service + +[Service] +Restart=on-failure +RestartSec=20 +TimeoutStartSec=0 +EnvironmentFile=-/etc/environment +ExecStartPre=-/usr/bin/docker kill marathon +ExecStartPre=-/usr/bin/docker rm marathon +ExecStartPre=/usr/bin/docker pull {{ marathon_image }} +ExecStart=/usr/bin/docker run --name marathon \ +--memory={{ marathon_container_memory_limit }} \ +--restart={{ marathon_restart_policy }} \ +--net={{ marathon_net }} \ +-p {{ marathon_port }}:{{ marathon_port }} \ +-v {{ marathon_artifact_store_dir }}:/store \ +-e "LIBPROCESS_IP=${COREOS_PRIVATE_IPV4}" \ +-e "JAVA_OPTS={{ marathon_java_settings }}" \ +{{ marathon_image }} \ +{{ marathon_command }} + +ExecStop=/usr/bin/docker stop marathon + +[Install] +WantedBy=multi-user.target diff --git a/roles/mesos/defaults/main.yml b/roles/mesos/defaults/main.yml index 92e1eb4c..e55d0c11 100644 --- a/roles/mesos/defaults/main.yml +++ b/roles/mesos/defaults/main.yml @@ -6,7 +6,7 @@ mesos_cluster_name: "Cluster01" mesos_ip: "{{ ansible_default_ipv4.address }}" mesos_hostname: "{{ ansible_ssh_host }}" mesos_docker_socket: "/var/run/weave/weave.sock" -mesos_version: "0.25.0-0.2.70.ubuntu1404" +mesos_version: "0.26.0-0.2.145.ubuntu1404" # Defaults file for mesos-salve mesos_slave_port: 5051 diff --git a/roles/mesos/meta/main.yml b/roles/mesos/meta/main.yml index 0f3f1a5a..b60459ee 100644 --- a/roles/mesos/meta/main.yml +++ b/roles/mesos/meta/main.yml @@ -69,7 +69,7 @@ galaxy_info: # - 9.1 # - 9.1 # - 9.2 - - name: Ubuntu + - name: CoreOS versions: # - all # - lucid @@ -80,7 +80,7 @@ galaxy_info: # - quantal # - raring # - saucy - - trusty + # - trusty #- name: SLES # versions: # - all diff --git a/roles/mesos/tasks/main.yml b/roles/mesos/tasks/main.yml index c3f8ea51..19306816 100644 --- a/roles/mesos/tasks/main.yml +++ b/roles/mesos/tasks/main.yml @@ -1,2 +1,5 @@ - include: master.yml + when: mesos_install_mode == "master" + - include: slave.yml + when: mesos_install_mode == "slave" diff --git a/roles/mesos/tasks/master.yml b/roles/mesos/tasks/master.yml index 2eff1d55..1647b079 100644 --- a/roles/mesos/tasks/master.yml +++ b/roles/mesos/tasks/master.yml @@ -1,18 +1,6 @@ --- # Tasks for Master nodes -- name: set mesos-master consul service definition - when: mesos_install_mode == "master" - sudo: yes - template: - src: mesos-master-consul.j2 - dest: "{{ consul_dir }}/mesos-master.json" - notify: - - restart consul - tags: - - mesos-master - - name: create mesos-master work directory - when: mesos_install_mode == "master" file: path: "{{ mesos_master_work_dir }}" state: directory @@ -21,49 +9,18 @@ tags: - mesos-master -- name: destroy old mesos-master container - when: mesos_master_rebuild_container|bool - docker: - name: mesos-master - image: "{{ mesos_master_image }}" - state: absent - tags: - - mesos-master - -- name: run mesos-master container - when: mesos_install_mode == "master" - docker: - name: mesos-master - image: "{{ mesos_master_image }}" - state: started - volumes: - - "{{ mesos_master_work_dir }}:{{ mesos_master_work_dir }}" - ports: - - "{{ mesos_master_port }}:{{ mesos_master_port }}" - net: "host" - env: - MESOS_HOSTNAME: "{{ mesos_hostname }}" - MESOS_IP: "{{ mesos_ip }}" - MESOS_CLUSTER: "{{ mesos_cluster_name }}" - MESOS_ZK: "zk://{{ zookeeper_peers_nodes }}/mesos" - MESOS_LOG_DIR: "/var/log/mesos" - MESOS_QUORUM: "{{ mesos_quorum }}" - MESOS_WORK_DIR: "{{ mesos_master_work_dir }}" - tags: - - mesos-master - -- name: upload mesos-master template service - when: mesos_install_mode == "master" - template: - src: mesos-master.conf.j2 - dest: /etc/init/mesos-master.conf - mode: 0755 +- name: deploy mesos-master service sudo: yes + sudo_user: root + template: + src: mesos-master.service.j2 + dest: "/etc/systemd/system/mesos-master.service" + notify: + - restart mesos master tags: - mesos-master - name: ensure mesos-master is running (and enable it at boot) - when: mesos_install_mode == "master" sudo: yes service: name: mesos-master @@ -72,29 +29,29 @@ tags: - mesos-master -- name: run prometheus mesos master exporter container - when: mesos_install_mode == "master" and prometheus_enabled|bool - docker: - name: mesos-exporter - image: "{{ prometheus_mesos_exporter_image }}" - command: "-exporter.scrape-mode=master -exporter.url=http://{{ mesos_hostname }}:{{ mesos_master_port }}" - state: started - restart_policy: always - ports: - - "{{ prometheus_mesos_exporter_port }}:{{ prometheus_mesos_exporter_port }}" - environment: proxy_env - tags: - - prometheus - - mesos_master +#- name: run prometheus mesos master exporter container +# when: mesos_install_mode == "master" and prometheus_enabled|bool +# docker: +# name: mesos-exporter +# image: "{{ prometheus_mesos_exporter_image }}" +# command: "-exporter.scrape-mode=master -exporter.url=http://{{ mesos_hostname }}:{{ mesos_master_port }}" +# state: started +# restart_policy: always +# ports: +# - "{{ prometheus_mesos_exporter_port }}:{{ prometheus_mesos_exporter_port }}" +# environment: proxy_env +# tags: +# - prometheus +# - mesos_master -- name: Set mesos-exporter consul service definition - when: mesos_install_mode == "master" and prometheus_enabled|bool - sudo: yes - template: - src: mesos-exporter-consul.j2 - dest: "{{ consul_dir }}/mesos-exporter.json" - notify: - - restart consul - tags: - - prometheus - - mesos_master +#- name: Set mesos-exporter consul service definition +# when: mesos_install_mode == "master" and prometheus_enabled|bool +# sudo: yes +# template: +# src: mesos-exporter-consul.j2 +# dest: "{{ consul_dir }}/mesos-exporter.json" +# notify: +# - restart consul +# tags: +# - prometheus +# - mesos_master diff --git a/roles/mesos/tasks/slave.yml b/roles/mesos/tasks/slave.yml index 964b1aea..27b113e6 100644 --- a/roles/mesos/tasks/slave.yml +++ b/roles/mesos/tasks/slave.yml @@ -1,8 +1,6 @@ --- # Tasks for Slave nodes - - name: create mesos-slave work directory - when: mesos_install_mode == "slave" file: path: "{{ mesos_slave_work_dir }}" state: directory @@ -11,57 +9,18 @@ tags: - mesos-slave -- name: destroy old mesos-slave container - when: mesos_slave_rebuild_container|bool - docker: - name: mesos-slave - image: "{{ mesos_slave_image }}" - state: absent - tags: - - mesos-slave - -- name: run mesos-slave container - when: mesos_install_mode == "slave" - docker: - name: mesos-slave - image: "{{ mesos_slave_image }}" - state: started - privileged: true - volumes: - - "{{ mesos_slave_work_dir }}:{{ mesos_slave_work_dir }}" - - "/proc:/host/proc:ro" - - "/cgroup:/cgroup" - - "/sys:/sys" - - "/lib/libpthread.so.0:/lib/libpthread.so.0:ro" - - "/usr/bin/docker:/usr/bin/docker:ro" - - "/usr/lib/x86_64-linux-gnu/libapparmor.so.1.1.0:/usr/lib/x86_64-linux-gnu/libapparmor.so.1" - - "{{ mesos_docker_socket }}:/var/run/docker.sock" - ports: - - "{{ mesos_slave_port }}:{{ mesos_slave_port }}" - net: "host" - env: - MESOS_MASTER: "zk://{{ zookeeper_peers_nodes }}/mesos" - MESOS_EXECUTOR_REGISTRATION_TIMEOUT: "{{ mesos_executor_registration_timeout }}" - MESOS_CONTAINERIZERS: "{{ mesos_containerizers }}" - MESOS_RESOURCES: "{{ mesos_resources }}" - MESOS_IP: "{{ mesos_ip }}" - MESOS_WORK_DIR: "{{ mesos_slave_work_dir }}" - MESOS_HOSTNAME: "{{ mesos_hostname }}" - tags: - - mesos-slave - -- name: upload mesos-slave template service - when: mesos_install_mode == "slave" - template: - src: mesos-slave.conf.j2 - dest: /etc/init/mesos-slave.conf - mode: 0755 +- name: deploy mesos-slave service sudo: yes + sudo_user: root + template: + src: mesos-slave.service.j2 + dest: "/etc/systemd/system/mesos-slave.service" + notify: + - restart mesos slave tags: - mesos-slave - name: ensure mesos-slave is running (and enable it at boot) - when: mesos_install_mode == "slave" sudo: yes service: name: mesos-slave @@ -70,29 +29,29 @@ tags: - mesos-slave -- name: run prometheus mesos slave exporter container - when: mesos_install_mode == "slave" and prometheus_enabled|bool - docker: - name: mesos-exporter - image: "{{ prometheus_mesos_exporter_image }}" - command: "-exporter.scrape-mode=slave -exporter.url=http://{{ mesos_hostname }}:{{ mesos_slave_port }}" - state: started - restart_policy: always - ports: - - "{{ prometheus_mesos_exporter_port }}:{{ prometheus_mesos_exporter_port }}" - environment: proxy_env - tags: - - prometheus - - mesos_slave +#- name: run prometheus mesos slave exporter container +# when: mesos_install_mode == "slave" and prometheus_enabled|bool +# docker: +# name: mesos-exporter +# image: "{{ prometheus_mesos_exporter_image }}" +# command: "-exporter.scrape-mode=slave -exporter.url=http://{{ mesos_hostname }}:{{ mesos_slave_port }}" +# state: started +# restart_policy: always +# ports: +# - "{{ prometheus_mesos_exporter_port }}:{{ prometheus_mesos_exporter_port }}" +# environment: proxy_env +# tags: +# - prometheus +# - mesos_slave -- name: Set mesos-exporter consul service definition - when: mesos_install_mode == "slave" and prometheus_enabled|bool - sudo: yes - template: - src: mesos-exporter-consul.j2 - dest: "{{ consul_dir }}/mesos-exporter.json" - notify: - - restart consul - tags: - - prometheus - - mesos_slave +#- name: Set mesos-exporter consul service definition +# when: mesos_install_mode == "slave" and prometheus_enabled|bool +# sudo: yes +# template: +# src: mesos-exporter-consul.j2 +# dest: "{{ consul_dir }}/mesos-exporter.json" +# notify: +# - restart consul +# tags: +# - prometheus +# - mesos_slave diff --git a/roles/mesos/templates/mesos-master.conf.j2 b/roles/mesos/templates/mesos-master.conf.j2 deleted file mode 100644 index e67df4bf..00000000 --- a/roles/mesos/templates/mesos-master.conf.j2 +++ /dev/null @@ -1,12 +0,0 @@ -description "Mesos-master container" - -start on started docker -stop on stopping docker - -script - /usr/bin/docker start -a mesos-master -end script - -respawn -respawn limit 10 10 -kill timeout 10 diff --git a/roles/mesos/templates/mesos-master.service.j2 b/roles/mesos/templates/mesos-master.service.j2 new file mode 100644 index 00000000..75f69081 --- /dev/null +++ b/roles/mesos/templates/mesos-master.service.j2 @@ -0,0 +1,30 @@ +[Unit] +Description=MesosMaster +After=docker.service +Requires=docker.service + +[Service] +Restart=on-failure +RestartSec=20 +TimeoutStartSec=0 +EnvironmentFile=-/etc/environment +ExecStartPre=-/usr/bin/docker kill mesos_master +ExecStartPre=-/usr/bin/docker rm mesos_master +ExecStartPre=/usr/bin/docker pull {{ mesos_master_image }} +ExecStart=/usr/bin/docker run --rm --name mesos_master \ +--net=host \ +-v {{ mesos_master_work_dir }}:{{ mesos_master_work_dir }} \ +-p {{ mesos_master_port }}:{{ mesos_master_port }} \ +-e "MESOS_HOSTNAME={{ mesos_hostname }}" \ +-e "MESOS_IP={{ mesos_ip }}" \ +-e "MESOS_CLUSTER={{ mesos_cluster_name }}" \ +-e "MESOS_ZK=zk://{{ zookeeper_peers_nodes }}/mesos" \ +-e "MESOS_LOG_DIR=/var/log/mesos" \ +-e "MESOS_QUORUM={{ mesos_quorum }}" \ +-e "MESOS_WORK_DIR={{ mesos_master_work_dir }}" \ +{{ mesos_master_image }} + +ExecStop=/usr/bin/docker stop mesos_master + +[Install] +WantedBy=multi-user.target diff --git a/roles/mesos/templates/mesos-slave.conf.j2 b/roles/mesos/templates/mesos-slave.conf.j2 deleted file mode 100644 index f2cdbb7c..00000000 --- a/roles/mesos/templates/mesos-slave.conf.j2 +++ /dev/null @@ -1,12 +0,0 @@ -description "Mesos-slave container" - -start on started docker -stop on stopping docker - -script - /usr/bin/docker start -a mesos-slave -end script - -respawn -respawn limit 10 10 -kill timeout 10 diff --git a/roles/mesos/templates/mesos-slave.service.j2 b/roles/mesos/templates/mesos-slave.service.j2 new file mode 100644 index 00000000..366fd11a --- /dev/null +++ b/roles/mesos/templates/mesos-slave.service.j2 @@ -0,0 +1,36 @@ +[Unit] +Description=MesosSlave +After=docker.service +Requires=docker.service + +[Service] +Restart=on-failure +RestartSec=20 +TimeoutStartSec=0 +EnvironmentFile=-/etc/environment +ExecStartPre=-/usr/bin/docker kill mesos_slave +ExecStartPre=-/usr/bin/docker rm mesos_slave +ExecStartPre=/usr/bin/docker pull {{ mesos_slave_image }} +ExecStart=/usr/bin/docker run --rm --name mesos_slave \ +--net=host \ +--privileged=true \ +-p {{ mesos_slave_port }}:{{ mesos_slave_port }} \ +-v /sys:/sys \ +-v /proc:/host/proc:ro \ +-v /lib/libpthread.so.0:/lib/libpthread.so.0:ro \ +-v /lib64/libdevmapper.so.1.02:/lib/libdevmapper.so.1.02:ro \ +-v /usr/bin/docker:/usr/bin/docker:ro \ +-v /var/run/docker.sock:/var/run/docker.sock \ +-e "MESOS_MASTER=zk://{{ zookeeper_peers_nodes }}/mesos" \ +-e "MESOS_EXECUTOR_REGISTRATION_TIMEOUT={{ mesos_executor_registration_timeout }}" \ +-e "MESOS_CONTAINERIZERS={{ mesos_containerizers }}" \ +-e "MESOS_RESOURCES={{ mesos_resources }}" \ +-e "MESOS_IP={{ mesos_ip }}" \ +-e "MESOS_WORK_DIR={{ mesos_slave_work_dir }}" \ +-e "MESOS_HOSTNAME={{ mesos_hostname }}" \ +{{ mesos_slave_image }} + +ExecStop=/usr/bin/docker stop mesos_slave + +[Install] +WantedBy=multi-user.target diff --git a/roles/prometheus/tasks/main.yml b/roles/prometheus/tasks/main.yml index 36a968ff..577dd25a 100644 --- a/roles/prometheus/tasks/main.yml +++ b/roles/prometheus/tasks/main.yml @@ -30,12 +30,12 @@ tags: - prometheus -- name: Set node-exporter consul service definition - sudo: yes - template: - src: node-exporter-consul.j2 - dest: "{{ prometheus_consul_dir }}/node-exporter.json" - notify: - - restart consul - tags: - - prometheus +#- name: Set node-exporter consul service definition +# sudo: yes +# template: +# src: node-exporter-consul.j2 +# dest: "{{ prometheus_consul_dir }}/node-exporter.json" +# notify: +# - restart consul +# tags: +# - prometheus diff --git a/roles/weave/defaults/main.yml b/roles/weave/defaults/main.yml index 99e7a950..c62dee93 100644 --- a/roles/weave/defaults/main.yml +++ b/roles/weave/defaults/main.yml @@ -12,6 +12,6 @@ weave_launch_peers: " {{ weave_peers|join(' ') }} " -weave_scope_url: https://github.com/weaveworks/scope/releases/download/latest_release/scope -weave_scope_dest: /usr/local/bin/scope -weave_scope_enabled: false +weave_version: 1.4.1 +weave_url: "https://github.com/weaveworks/weave/releases/download/v{{ weave_version }}/weave" +weave_bin: /mnt/weave diff --git a/roles/weave/meta/main.yml b/roles/weave/meta/main.yml index 0f3f1a5a..e1b353d6 100644 --- a/roles/weave/meta/main.yml +++ b/roles/weave/meta/main.yml @@ -69,7 +69,7 @@ galaxy_info: # - 9.1 # - 9.1 # - 9.2 - - name: Ubuntu + - name: CoreOS versions: # - all # - lucid @@ -80,7 +80,7 @@ galaxy_info: # - quantal # - raring # - saucy - - trusty + #- trusty #- name: SLES # versions: # - all diff --git a/roles/weave/tasks/main.yml b/roles/weave/tasks/main.yml index 1a442f65..7e85e1f8 100644 --- a/roles/weave/tasks/main.yml +++ b/roles/weave/tasks/main.yml @@ -1,10 +1,27 @@ --- -- name: upload weave template service - template: - src: weave.conf.j2 - dest: "/etc/init/weave.conf" +- name: download weave + sudo: yes + sudo_user: root + get_url: + url: "{{ weave_url }}" + dest: "{{ weave_bin }}" mode: 0755 + validate_certs: no + environment: proxy_env + tags: + - weave + +- name: deploy weave service sudo: yes + sudo_user: root + template: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + with_items: + - src: "weave.service.j2" + dest: "/etc/systemd/system/weave.service" + - src: "weaveproxy.service.j2" + dest: "/etc/systemd/system/weaveproxy.service" tags: - weave @@ -14,15 +31,23 @@ name: weave state: started enabled: yes + tags: + - weave + +- name: ensure weaveproxy service is running. + sudo: yes + service: + name: weaveproxy + state: started + enabled: yes + tags: + - weave - name: wait for weave socket to be ready. wait_for: port: 6783 delay: 10 -- include: scope.yml - when: weave_scope_enabled|bool - # Flush handlers so we restart the Docker process here with the weave network # enabled and containers correctly start in the weave network. - meta: flush_handlers diff --git a/roles/weave/tasks/scope.yml b/roles/weave/tasks/scope.yml deleted file mode 100644 index 56acf126..00000000 --- a/roles/weave/tasks/scope.yml +++ /dev/null @@ -1,18 +0,0 @@ -- name: download weave scope - get_url: - url: "{{ weave_scope_url }}" - dest: "{{ weave_scope_dest }}" - mode: 0755 - validate_certs: no - environment: proxy_env - tags: - - weave - -- name: upload weave scope template service - template: - src: scope.conf.j2 - dest: "/etc/init/weavescope.conf" - mode: 0755 - sudo: yes - tags: - - weave diff --git a/roles/weave/templates/scope.conf.j2 b/roles/weave/templates/scope.conf.j2 deleted file mode 100644 index 7542c6f0..00000000 --- a/roles/weave/templates/scope.conf.j2 +++ /dev/null @@ -1,20 +0,0 @@ -description "Weave Scope Docker Service" - -start on started docker -stop on stopping docker - -env WEAVESCOPE="{{ weave_scope_dest }}" - -pre-start exec ${WEAVESCOPE} stop - -script - [ -e /etc/default/weavescope ] && . /etc/default/weavescope - ${WEAVESCOPE} launch {{ weave_launch_peers }} - exec /usr/bin/docker logs -f weavescope -end script - -pre-stop exec ${WEAVESCOPE} stop - -respawn -respawn limit 10 10 -kill timeout 10 diff --git a/roles/weave/templates/weave.conf.j2 b/roles/weave/templates/weave.conf.j2 deleted file mode 100644 index 54ba03ee..00000000 --- a/roles/weave/templates/weave.conf.j2 +++ /dev/null @@ -1,24 +0,0 @@ -description "Weave Docker Network Service" - -start on started docker -stop on stopping docker - -env PEERS="{{ weave_launch_peers }}" -env WEAVE='/usr/local/bin/weave' -env WEAVE_VERSION='git-6a238818daf2' - -pre-start exec ${WEAVE} stop - -script - [ -e /etc/default/weave ] && . /etc/default/weave - ${WEAVE} launch-router --no-dns ${PEERS} - ${WEAVE} launch-proxy --without-dns --rewrite-inspect - ${WEAVE} expose - exec /usr/bin/docker logs -f weave -end script - -pre-stop exec ${WEAVE} stop - -respawn -respawn limit 10 10 -kill timeout 10 diff --git a/roles/weave/templates/weave.service.j2 b/roles/weave/templates/weave.service.j2 new file mode 100644 index 00000000..e413efdd --- /dev/null +++ b/roles/weave/templates/weave.service.j2 @@ -0,0 +1,19 @@ +[Unit] +After=docker.service +Description=Weave Network Router +Documentation=http://docs.weave.works/ +Requires=docker.service + +[Service] +TimeoutStartSec=0 +EnvironmentFile=-/etc/weave.%H.env +EnvironmentFile=-/etc/weave.env +ExecStartPre={{ weave_bin }} launch-router --no-dns {{ weave_launch_peers }} +ExecStart=/usr/bin/docker attach weave +ExecStartPost={{ weave_bin }} expose +Restart=on-failure + +ExecStop={{ weave_bin }} stop-router + +[Install] +WantedBy=multi-user.target diff --git a/roles/weave/templates/weaveproxy.service.j2 b/roles/weave/templates/weaveproxy.service.j2 new file mode 100644 index 00000000..ca10a74f --- /dev/null +++ b/roles/weave/templates/weaveproxy.service.j2 @@ -0,0 +1,16 @@ +[Unit] +After=docker.service +Description=Weave proxy for Docker API +Documentation=http://docs.weave.works/ +Requires=docker.service + +[Service] +EnvironmentFile=-/etc/weave.%H.env +EnvironmentFile=-/etc/weave.env +ExecStartPre={{ weave_bin }} launch-proxy --rewrite-inspect --without-dns +ExecStart=/usr/bin/docker attach weaveproxy +Restart=on-failure +ExecStop={{ weave_bin }} stop-proxy + +[Install] +WantedBy=multi-user.target diff --git a/roles/zookeeper/defaults/main.yml b/roles/zookeeper/defaults/main.yml index 3f26c781..7e72feee 100644 --- a/roles/zookeeper/defaults/main.yml +++ b/roles/zookeeper/defaults/main.yml @@ -1,7 +1,8 @@ --- -# defaults file for zookeeper -zookeeper_config_dir: "/etc/zookeeper/conf" -zookeeper_image: "mesosphere/mesos:0.25.0-0.2.70.ubuntu1404" +consul_dir: /etc/consul.d +zookeeper_rebuild_container: false +zookeeper_config_dir: /etc/zookeeper/conf +zookeeper_image: "mesosphere/mesos:0.26.0-0.2.145.ubuntu1404" zookeeper_client_port: 2181 zookeeper_leader_connect_port: 2888 zookeeper_leader_election_port: 3888 @@ -21,5 +22,3 @@ zookeeper_id: " {%- endfor -%} {%- endif -%} " -consul_dir: /etc/consul.d -zookeeper_rebuild_container: false diff --git a/roles/zookeeper/meta/main.yml b/roles/zookeeper/meta/main.yml index 0f3f1a5a..e1b353d6 100644 --- a/roles/zookeeper/meta/main.yml +++ b/roles/zookeeper/meta/main.yml @@ -69,7 +69,7 @@ galaxy_info: # - 9.1 # - 9.1 # - 9.2 - - name: Ubuntu + - name: CoreOS versions: # - all # - lucid @@ -80,7 +80,7 @@ galaxy_info: # - quantal # - raring # - saucy - - trusty + #- trusty #- name: SLES # versions: # - all diff --git a/roles/zookeeper/tasks/main.yml b/roles/zookeeper/tasks/main.yml index 2fbd25e1..846735c7 100644 --- a/roles/zookeeper/tasks/main.yml +++ b/roles/zookeeper/tasks/main.yml @@ -1,6 +1,3 @@ ---- - -# Generate config files in the host - name: create zookeeper config directory file: path: "{{ zookeeper_config_dir }}" @@ -11,31 +8,20 @@ tags: - zookeeper -- name: Create zookeeper config file +- name: Create zookeeper config files template: - src: zoo.cfg.j2 - dest: "{{ zookeeper_config_dir }}/zoo.cfg" - sudo: yes - notify: - - restart zookeeper - tags: - - zookeeper - -- name: Create zookeeper environments file - template: - src: environment.j2 - dest: "{{ zookeeper_config_dir }}/environment" - sudo: yes - notify: - - restart zookeeper - tags: - - zookeeper - -- name: Create zookeeper configuration.xsl file - template: - src: configuration.xsl.j2 - dest: "{{ zookeeper_config_dir }}/configuration.xsl" - sudo: yes + src: "{{ item.src }}" + dest: "{{ item.dest }}" + sudo: yes + with_items: + - src: zoo.cfg.j2 + dest: "{{ zookeeper_config_dir }}/zoo.cfg" + - src: environment.j2 + dest: "{{ zookeeper_config_dir }}/environment" + - src: configuration.xsl.j2 + dest: "{{ zookeeper_config_dir }}/configuration.xsl" + - src: log4j.properties.j2 + dest: "{{ zookeeper_config_dir }}/log4j.properties" notify: - restart zookeeper tags: @@ -52,66 +38,22 @@ tags: - zookeeper -- name: Create zookeeper log4j file - template: - src: log4j.properties.j2 - dest: "{{ zookeeper_config_dir }}/log4j.properties" - sudo: yes - notify: - - restart zookeeper - tags: - - zookeeper - -- name: Set Zookeeper consul service definition +- name: deploy zookeeper service sudo: yes + sudo_user: root template: - src: zookeeper-consul.j2 - dest: "{{ consul_dir }}/zookeeper.json" + src: zookeeper.service.j2 + dest: /etc/systemd/system/zookeeper.service notify: - - restart consul - tags: - - zookeeper - -- name: destroy old zookeeper container - when: zookeeper_rebuild_container|bool - docker: - name: zookeeper - image: "{{ zookeeper_image }}" - state: absent - tags: - - zookeeper - -- name: run zookeeper container - docker: - name: zookeeper - image: "{{ zookeeper_image }}" - state: started - volumes: - - "{{ zookeeper_config_dir }}/:{{ zookeeper_config_dir }}/" - ports: - - "{{ zookeeper_client_port }}:{{ zookeeper_client_port }}" - - "{{ zookeeper_leader_connect_port }}:{{ zookeeper_leader_connect_port }}" - - "{{ zookeeper_leader_election_port }}:{{ zookeeper_leader_election_port }}" - net: "host" - command: /usr/share/zookeeper/bin/zkServer.sh start-foreground - tags: - - zookeeper - -- name: upload zookeeper template service - template: - src: zookeeper.conf.j2 - dest: /etc/init/zookeeper.conf - mode: 0755 - sudo: yes + - restart zookeeper tags: - zookeeper -- name: ensure zookeeper is running (and enable it at boot) +- name: enable zookeeper sudo: yes service: name: zookeeper - state: started enabled: yes + state: started tags: - zookeeper - diff --git a/roles/zookeeper/templates/zookeeper.conf.j2 b/roles/zookeeper/templates/zookeeper.conf.j2 deleted file mode 100644 index 7c4364f4..00000000 --- a/roles/zookeeper/templates/zookeeper.conf.j2 +++ /dev/null @@ -1,12 +0,0 @@ -description "Zookeeper container" - -start on started docker -stop on stopping docker - -script - /usr/bin/docker start -a zookeeper -end script - -respawn -respawn limit 10 10 -kill timeout 10 diff --git a/roles/zookeeper/templates/zookeeper.service.j2 b/roles/zookeeper/templates/zookeeper.service.j2 new file mode 100644 index 00000000..8ca98c18 --- /dev/null +++ b/roles/zookeeper/templates/zookeeper.service.j2 @@ -0,0 +1,24 @@ +[Unit] +Description=Zookeeper +After=docker.service +Requires=docker.service + +[Service] +Restart=on-failure +RestartSec=20 +TimeoutStartSec=0 +ExecStartPre=-/usr/bin/docker kill zookeeper +ExecStartPre=-/usr/bin/docker rm zookeeper +ExecStartPre=/usr/bin/docker pull {{ zookeeper_image }} +ExecStart=/usr/bin/docker run --rm --net=host --name=zookeeper \ +-v {{ zookeeper_config_dir }}/:{{ zookeeper_config_dir }}/ \ +-p {{ zookeeper_client_port }}:{{ zookeeper_client_port }} \ +-p {{ zookeeper_leader_connect_port }}:{{ zookeeper_leader_connect_port }} \ +-p {{ zookeeper_leader_election_port }}:{{ zookeeper_leader_election_port }} \ +{{ zookeeper_image }} \ +/usr/share/zookeeper/bin/zkServer.sh start-foreground + +ExecStop=/usr/bin/docker stop zookeeper + +[Install] +WantedBy=multi-user.target diff --git a/site.yml b/site.yml index a215197f..289a1665 100644 --- a/site.yml +++ b/site.yml @@ -16,23 +16,19 @@ sudo: False when: bastion_ip is not defined +- include: playbooks/coreos-bootstrap.yml + - hosts: all:!role=bastion - tasks: - - name: set hostname to local ipv4 address - sudo: Yes - lineinfile: - dest: /etc/hosts - line: "{{ ansible_eth0.ipv4.address }} {{ ansible_hostname }}" roles: - consul - - vault + # @todo - fix vault integration with coreOS + #- vault - docker - weave - hosts: all:!role=bastion roles: - registrator - - dnsmasq - { role: cadvisor, when: cadvisor_enabled|bool } - { role: prometheus, when: prometheus_enabled|bool } environment: @@ -71,4 +67,5 @@ vars_files: - ../roles/marathon/defaults/main.yml -- include: contrib-plugins/playbook.yml +# @todo - fix contrib plugins +#- include: contrib-plugins/playbook.yml diff --git a/user-data b/user-data new file mode 100755 index 00000000..71e93ac1 --- /dev/null +++ b/user-data @@ -0,0 +1,18 @@ +#cloud-config + +--- +coreos: + etcd2: + advertise-client-urls: http://$public_ipv4:2379 + initial-advertise-peer-urls: http://$private_ipv4:2380 + listen-client-urls: http://0.0.0.0:2379,http://0.0.0.0:4001 + listen-peer-urls: http://$private_ipv4:2380,http://$private_ipv4:7001 + discovery: https://discovery.etcd.io/8d003e688d682aa1e67938391e13cae3 + fleet: + public-ip: "$public_ipv4" + units: + - name: etcd2.service + command: start + - name: fleet.service + command: start +manage_etc_hosts: localhost diff --git a/vagrant.yml b/vagrant.yml index 0ccb3caa..41fb6687 100644 --- a/vagrant.yml +++ b/vagrant.yml @@ -1,7 +1,7 @@ masters: # Memory and Cpus setting ########################## - mem: 512 + mem: 1024 cpus: 1 # Actual instances ################## @@ -25,3 +25,5 @@ mesos_master_quorum: 2 # Expected number of server nodes # For standalone mode is always 1 consul_bootstrap_expect: 3 + +coreos_update_channel: stable diff --git a/vagrant_helper.rb b/vagrant_helper.rb index c1a51f96..e5a35716 100644 --- a/vagrant_helper.rb +++ b/vagrant_helper.rb @@ -13,3 +13,36 @@ def get_apollo_variables(env) return apollo_env_vars end + +# Automatically replace the discovery token on 'vagrant up' +def etcd_discovery_token(num_instances) + # Used to fetch a new discovery token for a cluster of size num_instances + $new_discovery_url="https://discovery.etcd.io/new?size=#{num_instances}" + + if File.exists?('user-data') && ARGV[0].eql?('up') + require 'open-uri' + require 'yaml' + + token = open($new_discovery_url).read + + data = YAML.load(IO.readlines('user-data')[1..-1].join) + + if data.key? 'coreos' and data['coreos'].key? 'etcd' + data['coreos']['etcd']['discovery'] = token + end + + if data.key? 'coreos' and data['coreos'].key? 'etcd2' + data['coreos']['etcd2']['discovery'] = token + end + + # Fix for YAML.load() converting reboot-strategy from 'off' to `false` + if data.key? 'coreos' and data['coreos'].key? 'update' and data['coreos']['update'].key? 'reboot-strategy' + if data['coreos']['update']['reboot-strategy'] == false + data['coreos']['update']['reboot-strategy'] = 'off' + end + end + + yaml = YAML.dump(data) + File.open('user-data', 'w') { |file| file.write("#cloud-config\n\n#{yaml}") } + end +end