--- - name: "{{ role_name }} Install Software" include_role: name: nfc_common vars: common_gather_facts: false aptSigningKeys: - name: docker url: https://download.docker.com/linux/debian/gpg save_directory: /usr/share/keyrings file_extension: asc - name: kubernetes url: https://packages.cloud.google.com/apt/doc/apt-key.gpg save_directory: /usr/share/keyrings file_extension: asc aptRepositories: - name: docker repo: deb [arch={{ dynamic_processor_architecture }} signed-by=/usr/share/keyrings/docker.asc] http://download.docker.com/linux/{{ ansible_os_family | lower }} {{ ansible_lsb.codename | lower }} stable - name: kubernetes repo: deb [signed-by=/usr/share/keyrings/kubernetes.asc] http://apt.kubernetes.io/ kubernetes-xenial main aptInstall: - name: gnupg2 - name: apt-transport-https - name: software-properties-common - name: ca-certificates - name: iptables - name: python3-pip - name: python3-virtualenv - name: containerd.io version: "{{ ContainerDioVersion }}" - name: kubectl version: "{{ KubernetesVersion }}" - name: kubelet version: "{{ KubernetesVersion }}" - name: kubeadm version: "{{ KubernetesVersion }}" tags: - install # containerd.io=1.6.22-1 kubectl=1.26.9-00 kubelet=1.26.9-00 kubeadm=1.26.9-00 - name: Remove swapfile from /etc/fstab mount: name: "{{ item }}" fstype: swap state: absent with_items: - swap - none when: - ansible_os_family == 'Debian' # ansible_lsb.codename = bullseye, ansible_lsb.major_release = 11 tags: - install - name: Disable swap command: swapoff -a changed_when: true == false when: #- ansible_swaptotal_mb > 0 - ansible_os_family == 'Debian' tags: - install - name: Check an armbian os system stat: path: /etc/default/armbian-zram-config register: armbian_stat_result - name: Armbian Disable Swap ansible.builtin.shell: cmd: | sed -i 's/\# SWAP=false/SWAP=false/g' /etc/default/armbian-zram-config; sed -i 's/ENABLED=true/ENABLED=false/g' /etc/default/armbian-zram-config; args: executable: bash changed_when: false # failed_when: false #notify: RebootHost # doesnt need to reboot as swapoff -a covers the deployment when: armbian_stat_result.stat.exists - name: Add the overlay module community.general.modprobe: name: overlay state: present when: - ansible_os_family == 'Debian' tags: - install - name: Add the br_netfilter module community.general.modprobe: name: br_netfilter state: present when: - ansible_os_family == 'Debian' tags: - install - name: check if containerd installed ansible.builtin.shell: cmd: which containerd failed_when: false changed_when: false register: containerd_installed - name: "Containerd.io Started?" service: name: containerd state: started tags: - configure - install when: > ansible_os_family == 'Debian' and containerd_installed.rc | default(1) | int == 0 - name: containerd load modules config template: src: "etc_module_containerd.conf" dest: /etc/modules-load.d/containerd.conf owner: root mode: 0700 notify: "restart ContainerD" when: - ansible_os_family == 'Debian' tags: - install - name: Create containerD host directories. become_method: sudo become: yes file: path: /etc/containerd/certs.d/{{ item.name }} state: directory owner: "{{ ansible_user }}" group: "{{ ansible_user }}" mode: 0700 with_items: "{{ containerd.repositories }}" tags: - install - containerRegistry - name: containerD registry host template: src: "containerd-registry-hosts.toml.j2" dest: /etc/containerd/certs.d/{{ item.name }}/hosts.toml owner: root mode: 0700 notify: "restart ContainerD" with_items: "{{ containerd.repositories }}" when: - ansible_os_family == 'Debian' tags: - install - containerRegistry - name: containerD default config template: src: "etc_containerd_containerd.toml" dest: /etc/containerd/config.toml owner: root mode: 0700 notify: "restart ContainerD" register: containerd_config when: - ansible_os_family == 'Debian' tags: - install - containerRegistry - name: Restart ContainerD if required meta: flush_handlers tags: - install - containerRegistry - name: Install required python modules ansible.builtin.pip: name: kubernetes state: forcereinstall #virtualenv: /tmp/venv_ansible when: inventory_hostname != 'op1' tags: - install - name: sysctl net.bridge.bridge-nf-call-ip6tables sysctl: name: net.bridge.bridge-nf-call-ip6tables value: '1' sysctl_set: yes state: present reload: yes when: - ansible_os_family == 'Debian' tags: - install - name: sysctl net.bridge.bridge-nf-call-iptables sysctl: name: net.bridge.bridge-nf-call-iptables value: '1' sysctl_set: yes state: present reload: yes when: - ansible_os_family == 'Debian' tags: - install - name: sysctl net.ipv4.ip_forward sysctl: name: net.ipv4.ip_forward value: '1' sysctl_set: yes state: present reload: yes when: - ansible_os_family == 'Debian' tags: - install # - name: Check if kubernetes has been Initialized # stat: # path: /etc/kubernetes/admin.conf # register: KubernetesInit # when: # - kubernetes_config.cluster.prime.name == inventory_hostname - name: check if iptables is installed ansible.builtin.shell: |- dpkg -s iptables &> /dev/null changed_when: true == false register: iptables_installed when: - ansible_os_family == 'Debian' tags: - install - iptables - firewall - name: Add kubernetes Firewall Rules - '/etc/iptables-kubernetes.rules' template: src: iptables-kubernetes.rules.j2 dest: "/etc/iptables-kubernetes.rules" owner: root mode: 0700 force: yes notify: "Apply Firewall Rules" when: - ansible_os_family == 'Debian' - iptables_installed.rc == 0 tags: - install - iptables - firewall - name: File - '/etc/network/if-pre-up.d/firewall-kubernetes' template: src: firewall-kubernetes.j2 dest: "/etc/network/if-pre-up.d/firewall-kubernetes" owner: root mode: 0700 force: yes when: - ansible_os_family == 'Debian' - iptables_installed.rc == 0 tags: - install - iptables - firewall - name: Apply new firewall rules, if required meta: flush_handlers tags: - install - iptables - firewall - name: Create local workdir file: path: "{{ item }}" state: directory mode: 0700 delegate_to: localhost connection: local run_once: true changed_when: true == false with_items: - /tmp/ansible/ tags: - always