319 lines
6.9 KiB
YAML
319 lines
6.9 KiB
YAML
---
|
|
|
|
- name: "{{ role_name }} Install Software"
|
|
include_role:
|
|
name: nfc_common
|
|
vars:
|
|
common_gather_facts: false
|
|
aptSigningKeys:
|
|
- name: docker
|
|
url: https://download.docker.com/linux/debian/gpg
|
|
save_directory: /usr/share/keyrings
|
|
file_extension: asc
|
|
|
|
- name: kubernetes
|
|
url: https://packages.cloud.google.com/apt/doc/apt-key.gpg
|
|
save_directory: /usr/share/keyrings
|
|
file_extension: asc
|
|
|
|
aptRepositories:
|
|
- name: docker
|
|
repo: deb [arch={{ dynamic_processor_architecture }} signed-by=/usr/share/keyrings/docker.asc] http://download.docker.com/linux/{{ ansible_os_family | lower }} {{ ansible_lsb.codename | lower }} stable
|
|
- name: kubernetes
|
|
repo: deb [signed-by=/usr/share/keyrings/kubernetes.asc] http://apt.kubernetes.io/ kubernetes-xenial main
|
|
|
|
aptInstall:
|
|
- name: gnupg2
|
|
- name: apt-transport-https
|
|
- name: software-properties-common
|
|
- name: ca-certificates
|
|
- name: iptables
|
|
- name: python3-pip
|
|
- name: python3-virtualenv
|
|
|
|
- name: containerd.io
|
|
version: "{{ ContainerDioVersion }}"
|
|
|
|
- name: kubectl
|
|
version: "{{ KubernetesVersion }}"
|
|
- name: kubelet
|
|
version: "{{ KubernetesVersion }}"
|
|
- name: kubeadm
|
|
version: "{{ KubernetesVersion }}"
|
|
tags:
|
|
- install
|
|
|
|
# containerd.io=1.6.22-1 kubectl=1.26.9-00 kubelet=1.26.9-00 kubeadm=1.26.9-00
|
|
|
|
- name: Remove swapfile from /etc/fstab
|
|
mount:
|
|
name: "{{ item }}"
|
|
fstype: swap
|
|
state: absent
|
|
with_items:
|
|
- swap
|
|
- none
|
|
when:
|
|
- ansible_os_family == 'Debian' # ansible_lsb.codename = bullseye, ansible_lsb.major_release = 11
|
|
tags:
|
|
- install
|
|
|
|
|
|
- name: Disable swap
|
|
command: swapoff -a
|
|
changed_when: true == false
|
|
when:
|
|
#- ansible_swaptotal_mb > 0
|
|
- ansible_os_family == 'Debian'
|
|
tags:
|
|
- install
|
|
|
|
- name: Check an armbian os system
|
|
stat:
|
|
path: /etc/default/armbian-zram-config
|
|
register: armbian_stat_result
|
|
|
|
|
|
- name: Armbian Disable Swap
|
|
ansible.builtin.shell:
|
|
cmd: |
|
|
sed -i 's/\# SWAP=false/SWAP=false/g' /etc/default/armbian-zram-config;
|
|
sed -i 's/ENABLED=true/ENABLED=false/g' /etc/default/armbian-zram-config;
|
|
args:
|
|
executable: bash
|
|
changed_when: false
|
|
# failed_when: false
|
|
#notify: RebootHost # doesnt need to reboot as swapoff -a covers the deployment
|
|
when: armbian_stat_result.stat.exists
|
|
|
|
|
|
- name: Add the overlay module
|
|
community.general.modprobe:
|
|
name: overlay
|
|
state: present
|
|
when:
|
|
- ansible_os_family == 'Debian'
|
|
tags:
|
|
- install
|
|
|
|
|
|
- name: Add the br_netfilter module
|
|
community.general.modprobe:
|
|
name: br_netfilter
|
|
state: present
|
|
when:
|
|
- ansible_os_family == 'Debian'
|
|
tags:
|
|
- install
|
|
|
|
- name: check if containerd installed
|
|
ansible.builtin.shell:
|
|
cmd: which containerd
|
|
failed_when: false
|
|
changed_when: false
|
|
register: containerd_installed
|
|
|
|
|
|
- name: "Containerd.io Started?"
|
|
service:
|
|
name: containerd
|
|
state: started
|
|
tags:
|
|
- configure
|
|
- install
|
|
when: >
|
|
ansible_os_family == 'Debian'
|
|
and
|
|
containerd_installed.rc | default(1) | int == 0
|
|
|
|
|
|
- name: containerd load modules config
|
|
template:
|
|
src: "etc_module_containerd.conf"
|
|
dest: /etc/modules-load.d/containerd.conf
|
|
owner: root
|
|
mode: 0700
|
|
notify: "restart ContainerD"
|
|
when:
|
|
- ansible_os_family == 'Debian'
|
|
tags:
|
|
- install
|
|
|
|
|
|
- name: Create containerD host directories.
|
|
become_method: sudo
|
|
become: yes
|
|
file:
|
|
path: /etc/containerd/certs.d/{{ item.name }}
|
|
state: directory
|
|
owner: "{{ ansible_user }}"
|
|
group: "{{ ansible_user }}"
|
|
mode: 0700
|
|
with_items: "{{ containerd.repositories }}"
|
|
tags:
|
|
- install
|
|
- containerRegistry
|
|
|
|
|
|
- name: containerD registry host
|
|
template:
|
|
src: "containerd-registry-hosts.toml.j2"
|
|
dest: /etc/containerd/certs.d/{{ item.name }}/hosts.toml
|
|
owner: root
|
|
mode: 0700
|
|
notify: "restart ContainerD"
|
|
with_items: "{{ containerd.repositories }}"
|
|
when:
|
|
- ansible_os_family == 'Debian'
|
|
tags:
|
|
- install
|
|
- containerRegistry
|
|
|
|
|
|
- name: containerD default config
|
|
template:
|
|
src: "etc_containerd_containerd.toml"
|
|
dest: /etc/containerd/config.toml
|
|
owner: root
|
|
mode: 0700
|
|
notify: "restart ContainerD"
|
|
register: containerd_config
|
|
when:
|
|
- ansible_os_family == 'Debian'
|
|
tags:
|
|
- install
|
|
- containerRegistry
|
|
|
|
|
|
- name: Restart ContainerD if required
|
|
meta: flush_handlers
|
|
tags:
|
|
- install
|
|
- containerRegistry
|
|
|
|
|
|
- name: Install required python modules
|
|
ansible.builtin.pip:
|
|
name: kubernetes
|
|
state: forcereinstall
|
|
#virtualenv: /tmp/venv_ansible
|
|
when: inventory_hostname != 'op1'
|
|
tags:
|
|
- install
|
|
|
|
|
|
- name: sysctl net.bridge.bridge-nf-call-ip6tables
|
|
sysctl:
|
|
name: net.bridge.bridge-nf-call-ip6tables
|
|
value: '1'
|
|
sysctl_set: yes
|
|
state: present
|
|
reload: yes
|
|
when:
|
|
- ansible_os_family == 'Debian'
|
|
tags:
|
|
- install
|
|
|
|
|
|
- name: sysctl net.bridge.bridge-nf-call-iptables
|
|
sysctl:
|
|
name: net.bridge.bridge-nf-call-iptables
|
|
value: '1'
|
|
sysctl_set: yes
|
|
state: present
|
|
reload: yes
|
|
when:
|
|
- ansible_os_family == 'Debian'
|
|
tags:
|
|
- install
|
|
|
|
|
|
- name: sysctl net.ipv4.ip_forward
|
|
sysctl:
|
|
name: net.ipv4.ip_forward
|
|
value: '1'
|
|
sysctl_set: yes
|
|
state: present
|
|
reload: yes
|
|
when:
|
|
- ansible_os_family == 'Debian'
|
|
tags:
|
|
- install
|
|
|
|
|
|
# - name: Check if kubernetes has been Initialized
|
|
# stat:
|
|
# path: /etc/kubernetes/admin.conf
|
|
# register: KubernetesInit
|
|
# when:
|
|
# - kubernetes_config.cluster.prime.name == inventory_hostname
|
|
|
|
|
|
- name: check if iptables is installed
|
|
ansible.builtin.shell: |-
|
|
dpkg -s iptables &> /dev/null
|
|
changed_when: true == false
|
|
register: iptables_installed
|
|
when:
|
|
- ansible_os_family == 'Debian'
|
|
tags:
|
|
- install
|
|
- iptables
|
|
- firewall
|
|
|
|
|
|
- name: Add kubernetes Firewall Rules - '/etc/iptables-kubernetes.rules'
|
|
template:
|
|
src: iptables-kubernetes.rules.j2
|
|
dest: "/etc/iptables-kubernetes.rules"
|
|
owner: root
|
|
mode: 0700
|
|
force: yes
|
|
notify: "Apply Firewall Rules"
|
|
when:
|
|
- ansible_os_family == 'Debian'
|
|
- iptables_installed.rc == 0
|
|
tags:
|
|
- install
|
|
- iptables
|
|
- firewall
|
|
|
|
|
|
- name: File - '/etc/network/if-pre-up.d/firewall-kubernetes'
|
|
template:
|
|
src: firewall-kubernetes.j2
|
|
dest: "/etc/network/if-pre-up.d/firewall-kubernetes"
|
|
owner: root
|
|
mode: 0700
|
|
force: yes
|
|
when:
|
|
- ansible_os_family == 'Debian'
|
|
- iptables_installed.rc == 0
|
|
tags:
|
|
- install
|
|
- iptables
|
|
- firewall
|
|
|
|
|
|
- name: Apply new firewall rules, if required
|
|
meta: flush_handlers
|
|
tags:
|
|
- install
|
|
- iptables
|
|
- firewall
|
|
|
|
|
|
- name: Create local workdir
|
|
file:
|
|
path: "{{ item }}"
|
|
state: directory
|
|
mode: 0700
|
|
delegate_to: localhost
|
|
connection: local
|
|
run_once: true
|
|
changed_when: true == false
|
|
with_items:
|
|
- /tmp/ansible/
|
|
tags:
|
|
- always
|