chore: migrated from internal repo

!1 nofusscomputing/infrastructure/config!28

tasks/common.yaml

@@ -0,0 +1,318 @@
+---
+
+- name: "{{ role_name }} Install Software"
+  include_role: 
+    name: nfc_common
+  vars:
+    common_gather_facts: false
+    aptSigningKeys:
+      - name: docker
+        url: https://download.docker.com/linux/debian/gpg
+        save_directory: /usr/share/keyrings
+        file_extension: asc
+
+      - name: kubernetes
+        url: https://packages.cloud.google.com/apt/doc/apt-key.gpg
+        save_directory: /usr/share/keyrings
+        file_extension: asc
+
+    aptRepositories:
+      - name: docker
+        repo: deb [arch={{ dynamic_processor_architecture }} signed-by=/usr/share/keyrings/docker.asc] http://download.docker.com/linux/{{ ansible_os_family | lower }}   {{ ansible_lsb.codename | lower }} stable
+      - name: kubernetes
+        repo: deb [signed-by=/usr/share/keyrings/kubernetes.asc] http://apt.kubernetes.io/ kubernetes-xenial main
+
+    aptInstall:
+      - name: gnupg2 
+      - name: apt-transport-https
+      - name: software-properties-common
+      - name: ca-certificates
+      - name: iptables
+      - name: python3-pip
+      - name: python3-virtualenv
+
+      - name: containerd.io
+        version: "{{ ContainerDioVersion }}"
+
+      - name: kubectl
+        version: "{{ KubernetesVersion }}"
+      - name: kubelet
+        version: "{{ KubernetesVersion }}"
+      - name: kubeadm
+        version: "{{ KubernetesVersion }}"
+  tags:
+    - install
+
+# containerd.io=1.6.22-1 kubectl=1.26.9-00 kubelet=1.26.9-00 kubeadm=1.26.9-00
+
+- name: Remove swapfile from /etc/fstab
+  mount:
+    name: "{{ item }}"
+    fstype: swap
+    state: absent
+  with_items:
+    - swap
+    - none
+  when: 
+    - ansible_os_family == 'Debian' # ansible_lsb.codename = bullseye, ansible_lsb.major_release = 11
+  tags:
+    - install
+
+
+- name: Disable swap
+  command: swapoff -a
+  changed_when: true == false
+  when: 
+    #- ansible_swaptotal_mb > 0
+    - ansible_os_family == 'Debian'
+  tags:
+    - install
+
+- name: Check an armbian os system
+  stat:
+    path: /etc/default/armbian-zram-config
+  register: armbian_stat_result
+
+
+- name: Armbian Disable Swap
+  ansible.builtin.shell:
+    cmd: |
+      sed -i 's/\# SWAP=false/SWAP=false/g' /etc/default/armbian-zram-config;
+      sed -i 's/ENABLED=true/ENABLED=false/g' /etc/default/armbian-zram-config;
+  args:
+    executable: bash
+  changed_when: false
+  # failed_when: false
+  #notify: RebootHost # doesnt need to reboot as swapoff -a covers the deployment
+  when: armbian_stat_result.stat.exists
+
+
+- name: Add the overlay module
+  community.general.modprobe:
+    name: overlay
+    state: present
+  when:
+    - ansible_os_family == 'Debian'
+  tags:
+    - install
+
+
+- name: Add the br_netfilter module
+  community.general.modprobe:
+    name: br_netfilter
+    state: present
+  when:
+    - ansible_os_family == 'Debian'
+  tags:
+    - install
+
+- name: check if containerd installed
+  ansible.builtin.shell:
+    cmd: which containerd
+  failed_when: false
+  changed_when: false
+  register: containerd_installed
+
+
+- name: "Containerd.io Started?"
+  service:
+    name: containerd
+    state: started
+  tags:
+    - configure
+    - install
+  when: >
+    ansible_os_family == 'Debian'
+      and
+    containerd_installed.rc | default(1) | int == 0
+
+
+- name: containerd load modules config
+  template:
+    src: "etc_module_containerd.conf"
+    dest: /etc/modules-load.d/containerd.conf
+    owner: root
+    mode: 0700
+  notify: "restart ContainerD"
+  when: 
+    - ansible_os_family == 'Debian'
+  tags:
+    - install
+
+
+- name: Create containerD host directories.
+  become_method: sudo
+  become: yes
+  file: 
+    path: /etc/containerd/certs.d/{{ item.name }}
+    state: directory
+    owner: "{{ ansible_user }}"
+    group: "{{ ansible_user }}"
+    mode: 0700
+  with_items: "{{ containerd.repositories }}"
+  tags:
+    - install
+    - containerRegistry
+
+
+- name: containerD registry host
+  template:
+    src: "containerd-registry-hosts.toml.j2"
+    dest: /etc/containerd/certs.d/{{ item.name }}/hosts.toml
+    owner: root
+    mode: 0700
+  notify: "restart ContainerD"
+  with_items: "{{ containerd.repositories }}"
+  when: 
+    - ansible_os_family == 'Debian'
+  tags:
+    - install
+    - containerRegistry
+
+
+- name: containerD default config
+  template:
+    src: "etc_containerd_containerd.toml"
+    dest: /etc/containerd/config.toml
+    owner: root
+    mode: 0700
+  notify: "restart ContainerD"
+  register: containerd_config
+  when: 
+    - ansible_os_family == 'Debian'
+  tags:
+    - install
+    - containerRegistry
+
+
+- name: Restart ContainerD if required
+  meta: flush_handlers
+  tags:
+    - install
+    - containerRegistry
+
+
+- name: Install required python modules
+  ansible.builtin.pip:
+    name: kubernetes
+    state: forcereinstall
+    #virtualenv: /tmp/venv_ansible
+  when: inventory_hostname != 'op1'
+  tags:
+    - install
+
+
+- name: sysctl net.bridge.bridge-nf-call-ip6tables
+  sysctl:
+    name: net.bridge.bridge-nf-call-ip6tables
+    value: '1'
+    sysctl_set: yes
+    state: present
+    reload: yes
+  when:
+    - ansible_os_family == 'Debian'
+  tags:
+    - install
+
+
+- name: sysctl net.bridge.bridge-nf-call-iptables
+  sysctl:
+    name: net.bridge.bridge-nf-call-iptables
+    value: '1'
+    sysctl_set: yes
+    state: present
+    reload: yes
+  when:
+    - ansible_os_family == 'Debian'
+  tags:
+    - install
+
+
+- name: sysctl net.ipv4.ip_forward
+  sysctl:
+    name: net.ipv4.ip_forward
+    value: '1'
+    sysctl_set: yes
+    state: present
+    reload: yes
+  when:
+    - ansible_os_family == 'Debian'
+  tags:
+    - install
+
+
+# - name: Check if kubernetes has been Initialized
+#   stat:
+#     path: /etc/kubernetes/admin.conf
+#   register: KubernetesInit
+#   when: 
+#     - kubernetes_config.cluster.prime.name == inventory_hostname
+
+
+- name: check if iptables is installed
+  ansible.builtin.shell: |-
+    dpkg -s iptables &> /dev/null
+  changed_when: true == false
+  register: iptables_installed
+  when: 
+    - ansible_os_family == 'Debian'
+  tags:
+    - install
+    - iptables
+    - firewall
+
+
+- name: Add kubernetes Firewall Rules - '/etc/iptables-kubernetes.rules'
+  template:
+    src: iptables-kubernetes.rules.j2
+    dest: "/etc/iptables-kubernetes.rules"
+    owner: root
+    mode: 0700
+    force: yes
+  notify: "Apply Firewall Rules"
+  when: 
+    - ansible_os_family == 'Debian'
+    - iptables_installed.rc == 0
+  tags:
+    - install
+    - iptables
+    - firewall
+
+
+- name: File - '/etc/network/if-pre-up.d/firewall-kubernetes'
+  template:
+    src: firewall-kubernetes.j2
+    dest: "/etc/network/if-pre-up.d/firewall-kubernetes"
+    owner: root
+    mode: 0700
+    force: yes
+  when: 
+    - ansible_os_family == 'Debian'
+    - iptables_installed.rc == 0
+  tags:
+    - install
+    - iptables
+    - firewall
+
+
+- name: Apply new firewall rules, if required
+  meta: flush_handlers
+  tags:
+    - install
+    - iptables
+    - firewall
+
+
+- name:  Create local workdir
+  file:
+    path: "{{ item }}"
+    state: directory
+    mode: 0700
+  delegate_to: localhost
+  connection: local
+  run_once: true
+  changed_when: true == false
+  with_items:
+    - /tmp/ansible/
+  tags:
+    - always