Merge pull request #361 from blesson-james/devel

Issue #360: Added cri-o & k8s installation tasks and removed docker installation

control_plane/roles/control_plane_common/tasks/docker_installation.yml

@@ -1,86 +0,0 @@
-#  Copyright 2020 Dell Inc. or its subsidiaries. All Rights Reserved.
-#
-#  Licensed under the Apache License, Version 2.0 (the "License");
-#  you may not use this file except in compliance with the License.
-#  You may obtain a copy of the License at
-#
-#      http://www.apache.org/licenses/LICENSE-2.0
-#
-#  Unless required by applicable law or agreed to in writing, software
-#  distributed under the License is distributed on an "AS IS" BASIS,
-#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#  See the License for the specific language governing permissions and
-#  limitations under the License.
----
-
-- name: Add docker repo
-  get_url:
-    url: "{{ docker_repo_url }}"
-    dest: "{{ docker_repo_dest }}"
-  tags: install
-
-- name: Enable docker edge and test repo
-  ini_file:
-    dest: "{{ docker_repo_dest }}"
-    section: "{{ item }}"
-    option: enabled
-    value: "{{ success }}"
-  with_items: ['docker-ce-test', 'docker-ce-edge']
-  tags: install
-
-- name: Install docker
-  package:
-    name: "{{ container_repo_install }}"
-    state: present
-  become: yes
-  tags: install
-
-- name: Start services
-  service:
-    name: "{{ container_type }}"
-    state: started
-    enabled: yes
-  become: yes
-  tags: install
-
-- name: Uninstall docker-py using pip
-  pip:
-    name: ['docker-py','docker']
-    state: absent
-  tags: install
-
-- name: Install docker using pip
-  pip:
-    name: docker
-    state: present
-  tags: install
-
-- name: Update pip
-  command: pip3 install --upgrade pip
-  changed_when: false
-
-- name: Installation using python3
-  pip:
-    name: "{{ docker_compose }}"
-    executable: pip3
-  tags: install
-
-- name: Versionlock docker
-  command: "yum versionlock '{{ item }}'"
-  args:
-    warn: false
-  with_items:
-    - "{{ container_repo_install }}"
-  changed_when: true
-  tags: install
-
-- name: Configure docker
-  copy:
-    src: daemon.json
-    dest: "{{ daemon_dest }}"
-  tags: install
-
-- name: Restart docker
-  service:
-    name: docker
-    state: restarted

control_plane/roles/control_plane_common/tasks/fetch_base_inputs.yml

@@ -46,8 +46,7 @@
   when:
     - ib_network_nic | length < 1 or
       ib_network_dhcp_start_range | length < 1 or
-      ib_network_dhcp_end_range | length < 1
-  when: ib_switch_support
+      ib_network_dhcp_end_range | length < 1 and ib_switch_support
 
 - name: Set facts to validate snmp support
   set_fact:

control_plane/roles/control_plane_common/tasks/main.yml

@@ -32,10 +32,4 @@
   import_tasks: password_config.yml
 
 - name: Omnia inputs validation
-  import_tasks: verify_omnia_params.yml
-
-- name: Docker installation and configuration
-  import_tasks: docker_installation.yml
-
-- name: Docker volume creation
-  import_tasks: docker_volume.yml
+  import_tasks: verify_omnia_params.yml

control_plane/roles/control_plane_common/tasks/pre_requisite.yml

@@ -41,6 +41,7 @@
 - name: Fetch SElinux mode
   command: sestatus
   register: sestatus_current
+  changed_when: false
 
 - name: Disable SElinux
   replace:

control_plane/roles/control_plane_common/tasks/verify_omnia_params.yml

@@ -85,4 +85,4 @@
   command: >-
     ansible-vault encrypt {{ role_path }}/../../../{{ config_filename }}
     --vault-password-file {{ role_path }}/../../../{{ config_vaultname }}
-  changed when: false
+  changed_when: false

control_plane/roles/control_plane_common/vars/main.yml

@@ -50,20 +50,6 @@ ansible_python_version_status: "For CentOS 8.3, python bindings of firewalld, dn
 python_version_support: '3.6.8'
 default_ansible_config_file_path: /etc/ansible/ansible.cfg
 
-# Usage: docker_installation.yml
-docker_repo_url: https://download.docker.com/linux/centos/docker-ce.repo
-docker_repo_dest: /etc/yum.repos.d/docker-ce.repo
-success: '0'
-container_type: docker
-container_repo_install:
-  - docker-ce-cli-20.10.2
-  - docker-ce-20.10.2
-docker_compose: docker-compose
-daemon_dest: /etc/docker/
-
-# Usage: docker_volume.yml
-docker_volume_name: omnia-storage
-
 # Usage: password_config.yml
 login_vars_filename: "input_params/login_vars.yml"
 vault_filename: input_params/.login_vault_key

control_plane/roles/control_plane_k8s/files/crio.conf

@@ -0,0 +1,2 @@
+overlay
+br_netfilter

control_plane/roles/control_plane_k8s/files/k8s-crio.conf

@@ -0,0 +1,3 @@
+net.bridge.bridge-nf-call-ip6tables = 1
+net.ipv4.ip_forward                 = 1
+net.bridge.bridge-nf-call-iptables  = 1

control_plane/roles/control_plane_k8s/files/k8s.conf

@@ -0,0 +1 @@
+br_netfilter

control_plane/roles/control_plane_k8s/files/k8s_dashboard_admin.yaml

@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: admin-user
+  namespace: kubernetes-dashboard
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: admin-user
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: cluster-admin
+subjects:
+- kind: ServiceAccount
+  name: admin-user
+  namespace: kubernetes-dashboard

control_plane/roles/control_plane_k8s/files/metal-config.yaml

@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  namespace: metallb-system
+  name: config
+data:
+  config: |
+    address-pools:
+    - name: default
+      protocol: layer2
+      addresses:

control_plane/roles/control_plane_k8s/files/metallb.yaml

@@ -0,0 +1,223 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: metallb-system
+  labels:
+    app: metallb
+---
+
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  namespace: metallb-system
+  name: controller
+  labels:
+    app: metallb
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  namespace: metallb-system
+  name: speaker
+  labels:
+    app: metallb
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: metallb-system:controller
+  labels:
+    app: metallb
+rules:
+- apiGroups: [""]
+  resources: ["services"]
+  verbs: ["get", "list", "watch", "update"]
+- apiGroups: [""]
+  resources: ["services/status"]
+  verbs: ["update"]
+- apiGroups: [""]
+  resources: ["events"]
+  verbs: ["create", "patch"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: metallb-system:speaker
+  labels:
+    app: metallb
+rules:
+- apiGroups: [""]
+  resources: ["services", "endpoints", "nodes"]
+  verbs: ["get", "list", "watch"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: metallb-system
+  name: config-watcher
+  labels:
+    app: metallb
+rules:
+- apiGroups: [""]
+  resources: ["configmaps"]
+  verbs: ["get", "list", "watch"]
+- apiGroups: [""]
+  resources: ["events"]
+  verbs: ["create"]
+---
+
+## Role bindings
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: metallb-system:controller
+  labels:
+    app: metallb
+subjects:
+- kind: ServiceAccount
+  name: controller
+  namespace: metallb-system
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: metallb-system:controller
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: metallb-system:speaker
+  labels:
+    app: metallb
+subjects:
+- kind: ServiceAccount
+  name: speaker
+  namespace: metallb-system
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: metallb-system:speaker
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  namespace: metallb-system
+  name: config-watcher
+  labels:
+    app: metallb
+subjects:
+- kind: ServiceAccount
+  name: controller
+- kind: ServiceAccount
+  name: speaker
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: config-watcher
+---
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  namespace: metallb-system
+  name: speaker
+  labels:
+    app: metallb
+    component: speaker
+spec:
+  selector:
+    matchLabels:
+      app: metallb
+      component: speaker
+  template:
+    metadata:
+      labels:
+        app: metallb
+        component: speaker
+      annotations:
+        prometheus.io/scrape: "true"
+        prometheus.io/port: "metallb_container_port"
+    spec:
+      serviceAccountName: speaker
+      terminationGracePeriodSeconds: 0
+      hostNetwork: true
+      containers:
+      - name: speaker
+        image: metallb/speaker:v0.7.3
+        imagePullPolicy: IfNotPresent
+        args:
+        - --port=metallb_container_port
+        - --config=config
+        env:
+        - name: METALLB_NODE_NAME
+          valueFrom:
+            fieldRef:
+              fieldPath: spec.nodeName
+        ports:
+        - name: monitoring
+          containerPort: metallb_container_port
+        resources:
+          limits:
+            cpu: 100m
+            memory: 100Mi
+
+        securityContext:
+          allowPrivilegeEscalation: false
+          readOnlyRootFilesystem: true
+          capabilities:
+            drop:
+            - all
+            add:
+            - net_raw
+
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  namespace: metallb-system
+  name: controller
+  labels:
+    app: metallb
+    component: controller
+spec:
+  revisionHistoryLimit: 3
+  selector:
+    matchLabels:
+      app: metallb
+      component: controller
+  template:
+    metadata:
+      labels:
+        app: metallb
+        component: controller
+      annotations:
+        prometheus.io/scrape: "true"
+        prometheus.io/port: "metallb_container_port"
+    spec:
+      serviceAccountName: controller
+      terminationGracePeriodSeconds: 0
+      securityContext:
+        runAsNonRoot: true
+        runAsUser: metallb_run_as_user_port # nobody
+      containers:
+      - name: controller
+        image: metallb/controller:v0.7.3
+        imagePullPolicy: IfNotPresent
+        args:
+        - --port=metallb_container_port
+        - --config=config
+        ports:
+        - name: monitoring
+          containerPort: metallb_container_port
+        resources:
+          limits:
+            cpu: 100m
+            memory: 100Mi
+
+        securityContext:
+          allowPrivilegeEscalation: false
+          capabilities:
+            drop:
+            - all
+          readOnlyRootFilesystem: true
+
+---

control_plane/roles/control_plane_k8s/tasks/k8s_firewalld.yml

@@ -0,0 +1,56 @@
+#  Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+---
+
+- name: Install firewalld
+  package:
+    name: firewalld
+    state: present
+
+- name: Start and enable firewalld
+  service:
+    name: firewalld
+    state: started
+    enabled: yes
+
+- name: Configure firewalld on master nodes
+  firewalld:
+    port: "{{ item }}/tcp"
+    permanent: yes
+    state: enabled
+  with_items: '{{ k8s_master_ports }}'
+
+- name: Open calico UDP ports on the firewall
+  firewalld:
+    port: "{{ item }}/udp"
+    permanent: yes
+    state: enabled
+  with_items: "{{ calico_udp_ports }}"
+
+- name: Open calico TCP ports on the firewall
+  firewalld:
+    port: "{{ item }}/tcp"
+    permanent: yes
+    state: enabled
+  with_items: "{{ calico_tcp_ports }}"
+
+- name: Reload firewalld
+  command: firewall-cmd --reload
+  changed_when: true
+
+- name: Stop and disable firewalld
+  service:
+    name: firewalld
+    state: stopped
+    enabled: no

control_plane/roles/control_plane_k8s/tasks/k8s_helm.yml

@@ -0,0 +1,41 @@
+#  Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+---
+
+- name: Create directory for helm installer file
+  file:
+    path: "{{ helm_installer_file_directory }}"
+    state: directory
+    mode: "{{ helm_installer_file_directory_mode }}"
+
+- name: Get helm installer
+  get_url:
+    url: "{{ helm_installer_url }}"
+    dest: "{{ helm_installer_file_dest }}"
+    mode: "{{ helm_installer_file_mode }}"
+  register: helm_installer_result
+  until: helm_installer_result is not failed
+  retries: 20
+
+- name: Install helm
+  command: "/bin/bash {{ helm_installer_file_dest }}"
+  changed_when: true
+
+- name: Helm - add stable repo
+  command: "helm repo add stable '{{ helm_stable_repo_url }}'"
+  changed_when: true
+
+- name: Helm - update repo
+  command: helm repo update
+  changed_when: true

control_plane/roles/control_plane_k8s/tasks/k8s_init.yml

@@ -0,0 +1,126 @@
+#  Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+---
+
+- name: Disable SWAP (1/2)
+  command: /usr/sbin/swapoff -a
+  changed_when: true
+  tags: init
+
+- name: Disable SWAP in fstab (2/2)
+  replace:
+    path: /etc/fstab
+    regexp: '^([^#].*?\sswap\s+.*)$'
+    replace: '# \1'
+
+- name: Get K8s nodes status
+  command: kubectl get nodes
+  changed_when: false
+  ignore_errors: True
+  register: k8s_nodes
+
+- name: Get K8s pods status
+  command: kubectl get pods --all-namespaces
+  changed_when: false
+  ignore_errors: True
+  register: k8s_pods
+
+- name: Initialize kubeadm
+  block:
+    - name: Initialize kubeadm
+      command: "/bin/kubeadm init --pod-network-cidr='{{ appliance_k8s_pod_net_cidr }}' \
+        --apiserver-advertise-address='{{ ansible_default_ipv4.address }}'"
+      changed_when: true
+      register: init_output
+  rescue:
+    - name: Reset kubeadm
+      command: "kubeadm reset -f"
+      changed_when: true
+
+    - name: Initialize kubeadm
+      command: "/bin/kubeadm init --pod-network-cidr='{{ k8s_pod_network_cidr }}' \
+          --apiserver-advertise-address='{{ ansible_default_ipv4.address }}'"
+      changed_when: true
+      register: init_output
+
+    - name: Get K8s pods status
+      command: kubectl get pods --all-namespaces
+      changed_when: false
+      ignore_errors: True
+      register: k8s_pods
+  when: "'master' not in k8s_nodes.stdout"
+
+- name: Setup directory for Kubernetes environment for root
+  file:
+    path: "{{ k8s_root_directory }}"
+    state: directory
+    mode: "{{ k8s_root_directory_mode }}"
+
+- name: Copy Kubernetes config for root
+  copy:
+    src: "{{ k8s_config_src }}"
+    dest: "{{ k8s_config_dest }}"
+    owner: root
+    group: root
+    mode: "{{ k8s_config_file_mode }}"
+    remote_src: yes
+
+- name: Update the kubernetes config file permissions
+  shell: "chown $(id -u):$(id -g) '{{ k8s_config_dest }}'"
+  args:
+    warn: false
+  changed_when: true
+
+- name: Cluster token
+  shell: >
+    set -o pipefail && \
+      kubeadm token list | cut -d ' ' -f1 | sed -n '2p'
+  changed_when: false
+  register: K8S_TOKEN
+
+- name: CA Hash
+  shell: >
+    set -o pipefail && \
+      openssl x509 -pubkey -in {{ k8s_cert_path }} | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'
+  changed_when: false
+  register: K8S_MANAGER_CA_HASH
+
+- name: Add K8S Manager IP, Token, and Hash to dummy host
+  add_host:
+    name:   "K8S_TOKEN_HOLDER"
+    token:  "{{ K8S_TOKEN.stdout }}"
+    hash:   "{{ K8S_MANAGER_CA_HASH.stdout }}"
+    ip:     "{{ ansible_default_ipv4.address }}"
+
+- name: Create yaml repo for setup
+  file:
+    path: "{{ yaml_repo_dir_path }}"
+    state: directory
+    mode: "{{ yaml_repo_dir_mode }}"
+
+- name: Setup Calico SDN network - tigera-operator
+  command: "kubectl create -f {{ tigera_operator_url }}"
+  changed_when: true
+  when: "'tigera-operator' not in k8s_pods.stdout"
+
+- name: Setup Calico SDN network - custom-resources
+  command: "kubectl create -f {{ calico_yml_url }}"
+  changed_when: true
+  ignore_errors: True
+  when: "'calico-system' not in k8s_pods.stdout"
+
+- name: Edge / Workstation Install allows pods to schedule on manager
+  command: kubectl taint nodes --all node-role.kubernetes.io/master-
+  changed_when: true
+  ignore_errors: True

control_plane/roles/control_plane_k8s/tasks/k8s_installation.yml

@@ -0,0 +1,123 @@
+#  Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+---
+
+- name: Permanently Disable swap
+  mount:
+    name: "swap"
+    fstype: swap
+    state: absent
+
+- name: Disable selinux
+  selinux:
+    state: disabled
+
+- name: Copy k8s.conf file
+  copy:
+    src: k8s.conf
+    dest: "{{ k8s_conf_dest }}"
+    owner: root
+    group: root
+    mode: "{{ conf_file_mode }}"
+
+- name: Copy crio.conf file
+  copy:
+    src: crio.conf
+    dest: "{{ crio_conf_dest }}"
+    owner: root
+    group: root
+    mode: "{{ conf_file_mode }}"
+
+- name: Enable the kernel modules overlay and br_netfilter
+  modprobe:
+    name: "{{ item }}"
+    state: present
+  with_items:
+    - overlay
+    - br_netfilter
+
+- name: Update sysctl to handle incorrectly routed traffic when iptables is bypassed
+  copy:
+    src: k8s-crio.conf
+    dest: "{{ k8s_crio_conf_dest }}"
+    owner: root
+    group: root
+    mode: "{{ conf_file_mode }}"
+
+- name: Update sysctl
+  command: /sbin/sysctl --system
+  changed_when: true
+
+- name: Add CRI-O repo (1/2)
+  get_url:
+    url: "{{ crio_repo1_url }}"
+    dest: "{{ crio_repo1_dest }}"
+  register: crio_repo1_result
+  until: crio_repo1_result is not failed
+  retries: 20
+
+- name: Add CRI-O repo (2/2)
+  get_url:
+    url: "{{ crio_repo2_url }}"
+    dest: "{{ crio_repo2_dest }}"
+  register: crio_repo2_result
+  until: crio_repo2_result is not failed
+  retries: 20
+
+- name: Add kubernetes repo
+  yum_repository:
+    name: kubernetes
+    description: kubernetes
+    baseurl: https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64
+    enabled: yes
+    gpgcheck: no
+    repo_gpgcheck: no
+    gpgkey:
+      - https://packages.cloud.google.com/yum/doc/yum-key.gpg
+      - https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
+
+- name: Install common packages
+  package:
+    name: "{{ common_packages }}"
+    state: present
+
+- name: Install k8s packages
+  package:
+    name: "{{ k8s_packages }}"
+    state: present
+
+- name: Versionlock kubernetes
+  command: "yum versionlock '{{ item }}'"
+  args:
+    warn: false
+  with_items:
+    - "{{ k8s_packages }}"
+  changed_when: true
+
+- name: Start and enable crio
+  service:
+    name: crio
+    state: restarted
+    daemon_reload: yes
+    enabled: yes
+
+- name: Start and enable kubernetes - kubelet
+  service:
+    name: kubelet
+    state: restarted
+    enabled: yes
+
+- name: Wait for 30sec for kubelet to get things ready
+  pause:
+    seconds: 30

control_plane/roles/control_plane_k8s/tasks/k8s_services.yml

@@ -0,0 +1,129 @@
+#  Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+---
+
+- name: Wait for CoreDNS to restart
+  command: kubectl rollout status deployment/coredns -n kube-system
+  changed_when: false
+  ignore_errors: True
+
+- name: Get K8s pods
+  command: kubectl get pods --all-namespaces
+  changed_when: false
+  register: k8s_pods
+
+- name: Deploy MetalLB
+  command: "kubectl apply -f '{{ metallb_yaml_url }}'"
+  changed_when: true
+  when: "'metallb' not in k8s_pods.stdout"
+
+- name: Create MetalLB Setup Config Files
+  copy:
+    src: metal-config.yaml
+    dest: "{{ metallb_config_file_dest }}"
+    owner: root
+    group: root
+    mode: "{{ metallb_config_file_mode }}"
+
+- name: Replace metallb_addresses
+  replace:
+    path: "{{ metallb_config_file_dest }}"
+    regexp: 'addresses:'
+    replace: "{{ metallb_addresses }}"
+
+- name: Remove ^M characters from metal-config file
+  shell: 'sed -e "s/\r//g" {{ metallb_config_file_dest }} > {{ metallb_config_updated_file_dest }}'
+  args:
+    warn: false
+  changed_when: true
+
+- name: Update metal-config file permissions
+  file:
+    path: "{{ metallb_config_updated_file_dest }}"
+    owner: root
+    group: root
+    mode: "{{ metallb_config_file_mode }}"
+
+- name: Remove old metallb-config file
+  file:
+    path: "{{ metallb_config_file_dest }}"
+    state: absent
+
+- name: Create MetalLB Setup Deployment Files
+  copy:
+    src: metallb.yaml
+    dest: "{{ metallb_deployment_file_dest }}"
+    owner: root
+    group: root
+    mode: "{{ metallb_deployment_file_mode }}"
+
+- name: Replace metallb_container_port
+  replace:
+    path: "{{ metallb_deployment_file_dest }}"
+    regexp: 'metallb_container_port'
+    replace: "{{ metallb_container_port }}"
+
+- name: Replace metallb_container_port
+  replace:
+    path: "{{ metallb_deployment_file_dest }}"
+    regexp: 'metallb_run_as_user_port'
+    replace: "{{ metallb_run_as_user_port }}"
+
+- name: Deploy MetalLB
+  command: "kubectl apply -f '{{ metallb_deployment_file_dest }}'"
+  changed_when: true
+  when: "'metallb' not in k8s_pods.stdout"
+
+- name: Create default setup for MetalLB
+  command: "kubectl apply -f '{{ metallb_config_updated_file_dest }}'"
+  changed_when: true
+  when: "'metallb' not in k8s_pods.stdout"
+
+- name: Deploy K8s dashboard
+  command: "kubectl apply -f {{ k8s_dashboard_yaml_url }}"
+  changed_when: true
+  when: "'kubernetes-dashboard' not in k8s_pods.stdout"
+
+- name: Copy k8s_dashboard_admin.yml file
+  copy:
+    src: k8s_dashboard_admin.yaml
+    dest: "{{ k8s_dashboard_admin_file_dest }}"
+    owner: root
+    group: root
+    mode: "{{ k8s_dashboard_admin_file_mode }}"
+
+- name: Create admin user for K8s dashboard
+  command: "kubectl apply -f {{ k8s_dashboard_admin_file_dest }}"
+  changed_when: true
+
+- name: Start NFS Client Provisioner
+  command: "helm install stable/nfs-client-provisioner --set nfs.server='{{ ansible_default_ipv4.address }}' --set nfs.path='{{ nfs_path }}' --generate-name"
+  changed_when: true
+  when: "'nfs-client-provisioner' not in k8s_pods.stdout"
+
+- name: Set NFS-Client Provisioner as DEFAULT StorageClass
+  shell: >
+    kubectl patch storageclasses.storage.k8s.io nfs-client \
+    -p '{ "metadata": { "annotations":{ "storageclass.kubernetes.io/is-default-class":"true" }}}'
+  changed_when: true
+
+- name: Get K8s namespaces
+  command: kubectl get namespaces
+  changed_when: false
+  register: k8s_namespaces
+
+- name: Create namespace network-config
+  command: kubectl create namespace network-config
+  changed_when: true
+  when: "'network-config' not in k8s_namespaces.stdout"

control_plane/roles/control_plane_k8s/tasks/main.yml

@@ -1,4 +1,4 @@
-# Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
+#  Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
 #
 #  Licensed under the Apache License, Version 2.0 (the "License");
 #  you may not use this file except in compliance with the License.
@@ -13,7 +13,17 @@
 #  limitations under the License.
 ---
 
-# Will be updated later in each PR
-- name: Pass
-  debug:
-    msg: "Pass"
+- name: Install K8s packages
+  import_tasks: k8s_installation.yml
+
+- name: Configure firewalld
+  import_tasks: k8s_firewalld.yml
+
+- name: Install helm
+  import_tasks: k8s_helm.yml
+
+- name: Initialize K8s
+  import_tasks: k8s_init.yml
+
+- name: Deploy K8s dashboard
+  import_tasks: k8s_services.yml

control_plane/roles/control_plane_k8s/vars/main.yml

@@ -0,0 +1,95 @@
+#  Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+---
+
+# vars file for kubernetes
+
+# Usage: k8s_installation.yml
+common_packages:
+  - openssl
+  - bash-completion
+  - cri-o
+  - buildah
+k8s_packages:
+  - kubelet-1.21.0
+  - kubeadm-1.21.0
+  - kubectl-1.21.0
+k8s_conf_dest: /etc/modules-load.d/
+crio_conf_dest: /etc/modules-load.d/
+k8s_crio_conf_dest: /etc/sysctl.d/
+conf_file_mode: 0644
+crio_repo1_url: https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/CentOS_8/devel:kubic:libcontainers:stable.repo
+crio_repo1_dest: /etc/yum.repos.d/devel:kubic:libcontainers:stable.repo
+crio_repo2_url: https://download.opensuse.org/repositories/devel:kubic:libcontainers:stable:cri-o:1.21/CentOS_8/devel:kubic:libcontainers:stable:cri-o:1.21.repo
+crio_repo2_dest: /etc/yum.repos.d/devel:kubic:libcontainers:stable:cri-o:1.21.repo
+
+# Usage: k8s_firewalld.yml
+k8s_master_ports:
+  - 6443
+  - 2379-2380
+  - 10250
+  - 10251
+  - 10252
+calico_udp_ports:
+  - 4789
+calico_tcp_ports:
+  - 5473
+  - 179
+
+# Usage: k8s_helm.yml
+helm_installer_file_directory: /root/bin
+helm_installer_file_directory_mode: 0755
+helm_installer_url: https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3
+helm_installer_file_dest: /root/bin/get_helm.sh
+helm_installer_file_mode: 0700
+helm_stable_repo_url: https://charts.helm.sh/stable
+
+# Usage: k8s_init.yml
+k8s_root_directory: /root/.kube
+k8s_root_directory_mode: 0755
+k8s_config_src: /etc/kubernetes/admin.conf
+k8s_config_dest: /root/.kube/config
+k8s_config_file_mode: 0644
+k8s_cert_path: /etc/kubernetes/pki/ca.crt
+yaml_repo_dir_path: /root/k8s
+yaml_repo_dir_mode: 0755
+tigera_operator_url: https://docs.projectcalico.org/manifests/tigera-operator.yaml
+calico_yml_url: https://docs.projectcalico.org/manifests/custom-resources.yaml
+
+# Usage: k8s_services.yml
+metallb_config_file_dest: /root/k8s/metal-config.yaml
+metallb_config_updated_file_dest: /root/k8s/metal-config-updated.yaml
+metallb_config_file_mode: 0655
+metallb_deployment_file_dest: /root/k8s/metallb.yaml
+metallb_deployment_file_mode: 0655
+metallb_yaml_url: https://raw.githubusercontent.com/google/metallb/v0.8.1/manifests/metallb.yaml
+metallb_addresses: |
+  addresses:
+        - 192.168.2.150/32
+        - 192.168.2.151/32
+        - 192.168.2.151/32
+        - 192.168.2.152/32
+        - 192.168.2.153/32
+        - 192.168.2.154/32
+        - 192.168.2.155/32
+        - 192.168.2.156/32
+        - 192.168.2.157/32
+        - 192.168.2.158/32
+        - 192.168.2.159/32
+metallb_container_port: "7472"
+metallb_run_as_user_port: "65534"
+k8s_dashboard_yaml_url: https://raw.githubusercontent.com/kubernetes/dashboard/v2.2.0/aio/deploy/recommended.yaml
+k8s_dashboard_admin_file_dest: /root/k8s/k8s_dashboard_admin.yaml
+k8s_dashboard_admin_file_mode: 0655
+nfs_path: /var/nfs_awx

control_plane/roles/control_plane_repo/tasks/main.yml

@@ -1,4 +1,4 @@
-# Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
+#  Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
 #
 #  Licensed under the Apache License, Version 2.0 (the "License");
 #  you may not use this file except in compliance with the License.
@@ -13,7 +13,5 @@
 #  limitations under the License.
 ---
 
-# Will be updated later in each PR
-- name: Pass
-  debug:
-    msg: "Pass"
+- name: NFS Server setup
+  import_tasks: nfs_server_setup.yml

control_plane/roles/control_plane_repo/tasks/nfs_server_setup.yml

@@ -0,0 +1,78 @@
+#  Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+---
+
+- name: Install nfs-utils
+  package:
+    name: nfs-utils
+    state: present
+
+- name: Install firewalld
+  package:
+    name: firewalld
+    state: present
+
+- name: Start and enable firewalld
+  service:
+    name: firewalld
+    state: started
+    enabled: yes
+
+- name: Start and enable rpcbind and nfs-server service
+  service:
+    name: "{{ item }}"
+    state: restarted
+    enabled: yes
+  with_items:
+    - rpcbind
+    - nfs-server
+
+- name: Creating NFS share directory
+  file:
+    path: "{{ item }}"
+    state: directory
+    mode: "{{ nfs_share_dir_mode }}"
+  with_items:
+    - "{{ nfs_share_offline_repo }}"
+    - "{{ nfs_share_awx }}"
+
+- name: Adding NFS share entries in /etc/exports
+  lineinfile:
+    path: "{{ exports_file_path }}"
+    line: "{{ item }} {{ ansible_default_ipv4.address }}(rw,sync,no_root_squash)"
+  with_items:
+    - "{{ nfs_share_offline_repo }}"
+    - "{{ nfs_share_awx }}"
+
+- name: Exporting the shared directories
+  command: exportfs -r
+  changed_when: true
+
+- name: Configuring firewall
+  firewalld:
+    service: "{{ item }}"
+    permanent: true
+    state: enabled
+  with_items:
+    - "{{ nfs_services }}"
+
+- name: Reload firewalld
+  command: firewall-cmd --reload
+  changed_when: true
+
+- name: Stop and disable firewalld
+  service:
+    name: firewalld
+    state: stopped
+    enabled: no

control_plane/roles/control_plane_common/tasks/docker_volume.yml

@@ -1,4 +1,4 @@
-#  Copyright 2020 Dell Inc. or its subsidiaries. All Rights Reserved.
+#  Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
 #
 #  Licensed under the Apache License, Version 2.0 (the "License");
 #  you may not use this file except in compliance with the License.
@@ -13,8 +13,14 @@
 #  limitations under the License.
 ---
 
-- name: Create a docker volume
-  docker_volume:
-    name: "{{ docker_volume_name }}"
-  vars:
-    ansible_python_interpreter: "/usr/bin/python3"
+# vars file for offline_repo
+
+# Usage: nfs_server_setup.yml
+nfs_share_offline_repo: /var/nfs_repo
+nfs_share_awx: /var/nfs_awx
+nfs_share_dir_mode: 0777
+exports_file_path: /etc/exports
+nfs_services:
+  - mountd
+  - rpc-bind
+  - nfs