blob: d07ae0c8266b0111acf21c933b056bb3476f65d6 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
|
---
- name: Make sure we have all required packages
package:
name: "{{ item }}"
state: present
with_items:
- container-selinux
- curl
- device-mapper-devel
- expect
- findutils
- gcc
- git
- glib2-devel
- glibc-devel
- glibc-static
- gpgme-devel
- hostname
- iproute
- iptables
- krb5-workstation
- libassuan-devel
- libffi-devel
- libgpg-error-devel
- libguestfs-tools
- libseccomp-devel
- libvirt-client
- libvirt-python
- libxml2-devel
- libxslt-devel
- make
- mlocate
- nfs-utils
- nmap-ncat
- oci-register-machine
- oci-systemd-hook
- oci-umount
- openssl
- openssl-devel
- ostree-devel
- pkgconfig
- python
- python2-boto
- python2-crypto
- python-devel
- python-virtualenv
- PyYAML
- redhat-rpm-config
- rpcbind
- rsync
- sed
- skopeo-containers
- socat
- tar
- wget
async: 600
poll: 10
- name: Add Btrfs for Fedora
package:
name: "{{ item }}"
state: present
with_items:
- btrfs-progs-devel
when: ansible_distribution in ['Fedora']
- name: Update all packages
package:
name: '*'
state: latest
async: 600
poll: 10
- name: Setup swap to prevent kernel firing off the OOM killer
shell: |
truncate -s 8G /root/swap && \
export SWAPDEV=$(losetup --show -f /root/swap | head -1) && \
mkswap $SWAPDEV && \
swapon $SWAPDEV && \
swapon --show
- name: ensure directories exist as needed
file:
path: "{{ item }}"
state: directory
with_items:
- /opt/cni/bin
- /etc/cni/net.d
- name: set sysctl vm.overcommit_memory=1 for CentOS
sysctl:
name: vm.overcommit_memory
state: present
value: 1
when: ansible_distribution == 'CentOS'
- name: inject hostname into /etc/hosts
lineinfile:
dest: /etc/hosts
line: '{{ ansible_default_ipv4.address }} {{ ansible_nodename }}'
insertafter: 'EOF'
regexp: '{{ ansible_default_ipv4.address }}\s+{{ ansible_nodename }}'
state: present
- name: Flush the iptables
command: iptables -F
- name: Enable localnet routing
command: sysctl -w net.ipv4.conf.all.route_localnet=1
- name: Add masquerade for localhost
command: iptables -t nat -I POSTROUTING -s 127.0.0.1 ! -d 127.0.0.1 -j MASQUERADE
- name: Update the kernel cmdline to include quota support
command: grubby --update-kernel=ALL --args="rootflags=pquota"
when: ansible_distribution in ['RedHat', 'CentOS']
|
