diff --git a/tasks/k3s.yaml b/tasks/k3s.yaml index 44fbdfd..f0843ac 100644 --- a/tasks/k3s.yaml +++ b/tasks/k3s.yaml @@ -1,241 +1,19 @@ --- -- name: Install Software - ansible.builtin.include_role: - name: nfc_common - vars: - common_gather_facts: false - aptInstall: - - name: curl - - name: iptables +# kubernetes_installed + +- name: K3s Install + ansible.builtin.include_tasks: + file: k3s/install.yaml + when: > + install_kubernetes | default(true) | bool + and + not kubernetes_installed | default(false) | bool -- name: Create Required directories - ansible.builtin.file: - name: "{{ item.name }}" - state: "{{ item.state }}" - mode: "{{ item.mode }}" - loop: "{{ dirs }}" - vars: - dirs: - - name: /etc/rancher/k3s - state: directory - mode: 700 - - name: /var/lib/rancher/k3s/server/logs - state: directory - mode: 700 - - name: /var/lib/rancher/k3s/server/manifests - state: directory - mode: 700 - - -# - name: Local Container Registry -# ansible.builtin.copy: -# content: | -# # -# # Private Container Registries for Kubernetes -# # -# # Managed By ansible/role/nfc_kubernetes -# # -# # Dont edit this file directly as it will be overwritten. -# # - -# {% set registries = kubernetes_private_container_registry | default([]) -%} - -# {% if registries | length > 0 %}mirrors: -# {% for entry in registries %} - -# {{ entry.name }}: -# endpoint: -# - "{{ entry.url }}" - -# {%- endfor %} -# {% endif %} -# dest: /etc/rancher/k3s/registries.yaml -# owner: root -# mode: '700' -# # notify: "restart ContainerD" -# # with_items: "{{ containerd.repositories }}" -# # when: -# # ansible_os_family == 'Debian' -# # and -# # Kubernetes_private_container_registry | default([]) | length > 0 - - -- name: Add sysctl net.ipv4.ip_forward - sysctl: - name: net.ipv4.ip_forward - value: '1' - sysctl_set: true - state: present - reload: true - notify: reboot_host - when: - - ansible_os_family == 'Debian' - # On change reboot - - -- name: Check if K3s Installed - ansible.builtin.shell: - cmd: | - if [[ $(service k3s status) ]]; then exit 0; else exit 1; fi - executable: /bin/bash - changed_when: false - failed_when: false - register: k3s_installed - - -# - name: Download K3s Binary -# ansible.builtin.uri: -# url: "{{ item.url }}" -# method: GET -# return_content: true -# # body: "" -# status_code: -# - 200 -# - 304 -# # headers: -# # App-Token: "{{ glpi.app_token }}" -# # Authorization: "user_token {{ glpi.user_token }}" -# #body_format: json -# # validate_certs: false -# dest: "{{ item.dest }}" -# mode: "744" -# register: k3s_download_files -# delegate_to: localhost -# # no_log: true -# when: ansible_os_family == 'Debian' -# loop: "{{ download_files }}" -# vars: -# ansible_connection: local -# download_files: -# - dest: /tmp/install.sh -# url: https://get.k3s.io -# - dest: "/tmp/k3s" -# url: "https://github.com/k3s-io/k3s/releases/download/v{{ KubernetesVersion + KubernetesVersion_k3s_prefix | urlencode }}/k3s" - - -# - name: "[TRACE] Downloaded File SHA256" -# ansible.builtin.set_fact: -# hash_sha256_k3s_downloaded_binary: "{{ lookup('ansible.builtin.file', '/tmp/k3s') | hash('sha256') | string }}" -# delegate_to: localhost - - -# - name: Existing k3s File hash -# ansible.builtin.stat: -# checksum_algorithm: sha256 -# name: /usr/local/bin/k3s -# register: hash_sha256_k3s_existing_binary - - -# - name: Copy K3s binary to Host -# ansible.builtin.copy: -# src: "/tmp/k3s" -# dest: "/usr/local/bin/k3s" -# mode: '740' -# owner: root -# group: root -# when: hash_sha256_k3s_existing_binary.stat.checksum | default('0') != hash_sha256_k3s_downloaded_binary - -# - name: Copy install script to Host -# ansible.builtin.copy: -# src: "/tmp/install.sh" -# dest: "/tmp/install.sh" -# mode: '755' -# owner: root -# group: root -# # when: hash_sha256_k3s_existing_binary.stat.checksum | default('0') != hash_sha256_k3s_downloaded_binary - -- name: Additional config files - ansible.builtin.copy: - content: | - {{ item.content }} - dest: "{{ item.path }}/{{ item.name }}" - mode: '740' - owner: root - group: root - loop: "{{ k3s.files }}" - - -- name: Copy Templates - ansible.builtin.template: - src: "{{ item.src }}" - dest: "{{ item.dest }}" - owner: root - mode: '700' - force: true - notify: "{{ item.notify | default(omit) }}" - loop: "{{ templates_to_apply }}" - vars: - templates_to_apply: - - src: "calico.yaml.j2" - dest: /var/lib/rancher/k3s/server/manifests/calico.yaml - - src: kubernetes-manifest-rbac.yaml.j2 - dest: /var/lib/rancher/k3s/server/manifests/rbac-authorization-common.yaml - # - src: firewall-kubernetes.j2 - # dest: "/etc/network/if-up.d/firewall-kubernetes" - - - src: iptables-kubernetes.rules.j2 - dest: "/etc/iptables.rules.d/iptables-kubernetes.rules" - notify: firewall_reloader - - src: k3s-registries.yaml.j2 - dest: /etc/rancher/k3s/registries.yaml - notify: kubernetes_restart - - src: k3s-config.yaml.j2 - dest: /etc/rancher/k3s/config.yaml - notify: kubernetes_restart - - -# - name: Templates IPv6 -# ansible.builtin.template: -# src: iptables-kubernetes.rules.j2 -# dest: "/etc/ip6tables.rules.d/ip6tables-kubernetes.rules" -# owner: root -# mode: '700' -# force: true -# vars: -# ipv6: true - - -- name: Set IPTables to legacy mode - ansible.builtin.command: - cmd: update-alternatives --set iptables /usr/sbin/iptables-legacy - changed_when: false - - -# - name: Server install K3s -# ansible.builtin.shell: -# cmd: | -# # INSTALL_K3S_SKIP_DOWNLOAD=true \ -# # INSTALL_K3S_VERSION="v{{ KubernetesVersion }}{{ KubernetesVersion_k3s_prefix }}" \ -# # /tmp/install.sh -# curl -sfL https://get.k3s.io | \ -# INSTALL_K3S_VERSION="v1.26.9+k3s1" \ -# sh - -# failed_when: false -# # when: > -# # k3s_installed.rc | int == 1 -# # and -# # Kubernetes_Master | default(false) -# when: Kubernetes_Master | default(false) - -# - name: Agent install K3s -# ansible.builtin.shell: -# cmd: | -# INSTALL_K3S_SKIP_DOWNLOAD=true \ -# INSTALL_K3S_VERSION="v{{ KubernetesVersion }}{{ KubernetesVersion_k3s_prefix }}" \ -# K3S_URL=https://{{ hostvars[kubernetes_config.cluster.prime.name].ansible_host }}:6443 \ -# K3S_TOKEN={{ node_token }} \ -# /tmp/install.sh -# when: > -# k3s_installed.rc | int == 1 -# and -# not Kubernetes_Master | default(false) - - -# # - name: Look up AAAA (IPv4) records for example.org -# # ansible.builtin.debug: -# # msg: "{{ query('community.dns.lookup', 'nww-au1.networkedweb.com.', type='A') }}" - -# # - name: Look up AAAA (IPv6) records for example.org -# # ansible.builtin.debug: -# # msg: "{{ query('community.dns.lookup', 'nww-au1.networkedweb.com.', type='AAAA') }}" +- name: K3s Configure + ansible.builtin.include_tasks: + file: k3s/configure.yaml + when: > + install_kubernetes | default(true) | bool + and + not kubernetes_installed | default(false) | bool diff --git a/tasks/k3s/configure.yaml b/tasks/k3s/configure.yaml new file mode 100644 index 0000000..563bf89 --- /dev/null +++ b/tasks/k3s/configure.yaml @@ -0,0 +1,73 @@ +--- + +- name: Local Container Registry + ansible.builtin.copy: + content: | + # + # Private Container Registries for Kubernetes + # + # Managed By ansible/role/nfc_kubernetes + # + # Dont edit this file directly as it will be overwritten. + # + + {% set registries = kubernetes_private_container_registry | default([]) -%} + + {% if registries | length > 0 %}mirrors: + {% for entry in registries %} + + {{ entry.name }}: + endpoint: + - "{{ entry.url }}" + + {%- endfor %} + {% endif %} + dest: /etc/rancher/k3s/registries.yaml + owner: root + mode: '700' + # notify: "restart ContainerD" + # with_items: "{{ containerd.repositories }}" + # when: + # ansible_os_family == 'Debian' + # and + # Kubernetes_private_container_registry | default([]) | length > 0 + + +- name: Additional config files + ansible.builtin.copy: + content: | + {{ item.content }} + dest: "{{ item.path }}/{{ item.name }}" + mode: '740' + owner: root + group: root + loop: "{{ k3s.files }}" + + +- name: Copy Templates + ansible.builtin.template: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + owner: root + mode: '700' + force: true + notify: "{{ item.notify | default(omit) }}" + loop: "{{ templates_to_apply }}" + vars: + templates_to_apply: + - src: "calico.yaml.j2" + dest: /var/lib/rancher/k3s/server/manifests/calico.yaml + - src: kubernetes-manifest-rbac.yaml.j2 + dest: /var/lib/rancher/k3s/server/manifests/rbac-authorization-common.yaml + # - src: firewall-kubernetes.j2 + # dest: "/etc/network/if-up.d/firewall-kubernetes" + + - src: iptables-kubernetes.rules.j2 + dest: "/etc/iptables.rules.d/iptables-kubernetes.rules" + notify: firewall_reloader + - src: k3s-registries.yaml.j2 + dest: /etc/rancher/k3s/registries.yaml + notify: kubernetes_restart + - src: k3s-config.yaml.j2 + dest: /etc/rancher/k3s/config.yaml + notify: kubernetes_restart diff --git a/tasks/k3s/install.yaml b/tasks/k3s/install.yaml new file mode 100644 index 0000000..b03562c --- /dev/null +++ b/tasks/k3s/install.yaml @@ -0,0 +1,169 @@ +--- +- name: Install Software + ansible.builtin.include_role: + name: nfc_common + vars: + common_gather_facts: false + aptInstall: + - name: curl + - name: iptables + + +- name: Create Required directories + ansible.builtin.file: + name: "{{ item.name }}" + state: "{{ item.state }}" + mode: "{{ item.mode }}" + loop: "{{ dirs }}" + vars: + dirs: + - name: /etc/rancher/k3s + state: directory + mode: 700 + - name: /var/lib/rancher/k3s/server/logs + state: directory + mode: 700 + - name: /var/lib/rancher/k3s/server/manifests + state: directory + mode: 700 + + +- name: Add sysctl net.ipv4.ip_forward + ansible.posix.sysctl: + name: net.ipv4.ip_forward + value: '1' + sysctl_set: true + state: present + reload: true + notify: reboot_host + when: + - ansible_os_family == 'Debian' + # On change reboot + + +- name: Check if K3s Installed + ansible.builtin.shell: + cmd: | + if [[ $(service k3s status) ]]; then exit 0; else exit 1; fi + executable: /bin/bash + changed_when: false + failed_when: false + register: k3s_installed + + +- name: Download K3s Binary + ansible.builtin.uri: + url: "{{ item.url }}" + method: GET + return_content: true + status_code: + - 200 + - 304 + dest: "{{ item.dest }}" + mode: "744" + register: k3s_download_files + delegate_to: localhost + # no_log: true + when: ansible_os_family == 'Debian' + loop: "{{ download_files }}" + vars: + ansible_connection: local + download_files: + - dest: /tmp/install.sh + url: https://get.k3s.io + - dest: "/tmp/k3s" + url: "https://github.com/k3s-io/k3s/releases/download/v{{ KubernetesVersion + KubernetesVersion_k3s_prefix | urlencode }}/k3s" + + +# - name: "[TRACE] Downloaded File SHA256" +# ansible.builtin.set_fact: +# hash_sha256_k3s_downloaded_binary: "{{ lookup('ansible.builtin.file', '/tmp/k3s') | hash('sha256') | string }}" +# delegate_to: localhost + + +# - name: Existing k3s File hash +# ansible.builtin.stat: +# checksum_algorithm: sha256 +# name: /usr/local/bin/k3s +# register: hash_sha256_k3s_existing_binary + + +- name: Copy K3s binary to Host + ansible.builtin.copy: + src: "/tmp/k3s" + dest: "/usr/local/bin/k3s" + mode: '740' + owner: root + group: root + when: hash_sha256_k3s_existing_binary.stat.checksum | default('0') != hash_sha256_k3s_downloaded_binary + +- name: Copy install script to Host + ansible.builtin.copy: + src: "/tmp/install.sh" + dest: "/tmp/install.sh" + mode: '755' + owner: root + group: root + # when: hash_sha256_k3s_existing_binary.stat.checksum | default('0') != hash_sha256_k3s_downloaded_binary + +- name: Required Initial config files + ansible.builtin.copy: + content: | + {{ item.content }} + dest: "{{ item.path }}/{{ item.name }}" + mode: '740' + owner: root + group: root + loop: "{{ k3s.files }}" + + +# - name: Templates IPv6 +# ansible.builtin.template: +# src: iptables-kubernetes.rules.j2 +# dest: "/etc/ip6tables.rules.d/ip6tables-kubernetes.rules" +# owner: root +# mode: '700' +# force: true +# vars: +# ipv6: true + + +- name: Set IPTables to legacy mode + ansible.builtin.command: + cmd: update-alternatives --set iptables /usr/sbin/iptables-legacy + changed_when: false + + +- name: Server install K3s + ansible.builtin.shell: + cmd: | + # INSTALL_K3S_SKIP_DOWNLOAD=true \ + # INSTALL_K3S_VERSION="v{{ KubernetesVersion }}{{ KubernetesVersion_k3s_prefix }}" \ + # /tmp/install.sh + curl -sfL https://get.k3s.io | \ + INSTALL_K3S_VERSION="v1.26.9+k3s1" \ + sh - + failed_when: false + # when: > + # k3s_installed.rc | int == 1 + # and + # Kubernetes_Master | default(false) + when: Kubernetes_Master | default(false) | bool + + +- name: Agent install K3s + ansible.builtin.shell: + cmd: | + INSTALL_K3S_SKIP_DOWNLOAD=true \ + INSTALL_K3S_VERSION="v{{ KubernetesVersion }}{{ KubernetesVersion_k3s_prefix }}" \ + K3S_URL=https://{{ hostvars[kubernetes_config.cluster.prime.name].ansible_host }}:6443 \ + K3S_TOKEN={{ node_token }} \ + /tmp/install.sh + when: > + k3s_installed.rc | int == 1 + and + not Kubernetes_Master | default(false) | bool + +- name: Set Kubernetes Final Install Fact + ansible.builtin.set_fact: + kubernetes_installed: true