From fd366c27b5122ef9607bfcc60a618ca7271d475c Mon Sep 17 00:00:00 2001 From: auricom <27022259+auricom@users.noreply.github.com> Date: Mon, 11 Jul 2022 16:56:33 +0200 Subject: [PATCH] feat: update ansible k3s playbooks --- ansible/playbooks/cluster-installation.yml | 84 ++++++++++++++++++++-- ansible/playbooks/cluster-nuke.yml | 22 ++++-- ansible/playbooks/cluster-prepare.yml | 43 +++-------- ansible/playbooks/cluster-reboot.yml | 15 ++++ 4 files changed, 119 insertions(+), 45 deletions(-) create mode 100644 ansible/playbooks/cluster-reboot.yml diff --git a/ansible/playbooks/cluster-installation.yml b/ansible/playbooks/cluster-installation.yml index 4922f3c0a..2ce3ce640 100644 --- a/ansible/playbooks/cluster-installation.yml +++ b/ansible/playbooks/cluster-installation.yml @@ -6,8 +6,82 @@ gather_facts: true any_errors_fatal: true pre_tasks: - - name: Pausing for 2 seconds... - pause: - seconds: 2 - roles: - - installation.k3s + - name: Pausing for 5 seconds... + ansible.builtin.pause: + seconds: 5 + tasks: + - name: Check if cluster is installed + check_mode: false + ansible.builtin.stat: + path: "/etc/rancher/k3s/config.yaml" + register: k3s_check_installed + + - name: Set manifest facts + ansible.builtin.set_fact: + k3s_server_manifests_templates: [] + k3s_server_manifests_urls: [] + when: k3s_check_installed.stat.exists + + - name: Install Kubernetes + ansible.builtin.include_role: + name: xanmanning.k3s + public: true + vars: + k3s_state: installed + + - name: Get absolute path to this Git repository + delegate_to: localhost + become: false + run_once: true + check_mode: false + ansible.builtin.command: |- + git rev-parse --show-toplevel + register: repo_abs_path + + - name: Copy kubeconfig to provision folder + run_once: true + ansible.builtin.fetch: + src: "/etc/rancher/k3s/k3s.yaml" + dest: "{{ repo_abs_path.stdout }}/provision/kubeconfig" + flat: true + when: + - k3s_control_node is defined + - k3s_control_node + + - name: Update kubeconfig with the correct IPv4 address + delegate_to: localhost + become: false + run_once: true + ansible.builtin.replace: + path: "{{ repo_abs_path.stdout }}/provision/kubeconfig" + regexp: "https://127.0.0.1:6443" + replace: "https://{{ k3s_registration_address }}:6443" + + # Cleaning up the manifests from the /var/lib/rancher/k3s/server/manifests + # directory is needed because k3s has an awesome + # "feature" to always deploy these on restarting + # the k3s systemd service. Removing them does + # not uninstall the manifests. + + # Removing them means we can manage the lifecycle + # of these components outside of the + # /var/lib/rancher/k3s/server/manifests directory + + # FIXME(ansible): Check for deployments to be happy rather than waiting + - name: Wait for k3s to finish installing the deployed manifests + ansible.builtin.wait_for: + timeout: 15 + when: k3s_server_manifests_templates | length > 0 + or k3s_server_manifests_dir | length > 0 + + - name: Remove deployed manifest templates + ansible.builtin.file: + path: "{{ k3s_server_manifests_dir }}/{{ item | basename | regex_replace('\\.j2$', '') }}" + state: absent + loop: "{{ k3s_server_manifests_templates | default([]) }}" + + - name: Remove deployed manifest urls + ansible.builtin.file: + path: "{{ k3s_server_manifests_dir }}/{{ item.filename }}" + state: absent + loop: "{{ k3s_server_manifests_urls | default([]) }}" diff --git a/ansible/playbooks/cluster-nuke.yml b/ansible/playbooks/cluster-nuke.yml index 7e7aea084..eada19707 100644 --- a/ansible/playbooks/cluster-nuke.yml +++ b/ansible/playbooks/cluster-nuke.yml @@ -5,17 +5,29 @@ become: true gather_facts: true any_errors_fatal: true + vars_prompt: + - name: nuke + prompt: |- + Are you sure you want to nuke this cluster? + Type YES I WANT TO DESTROY THIS CLUSTER to proceed + default: "n" + private: false pre_tasks: - - name: Pausing for 2 seconds... - pause: - seconds: 2 + - name: Check for confirmation + ansible.builtin.fail: + msg: Aborted nuking the cluster + when: nuke != 'YES I WANT TO DESTROY THIS CLUSTER' + + - name: Pausing for 5 seconds... + ansible.builtin.pause: + seconds: 5 + tasks: - name: Uninstall k3s - include_role: + ansible.builtin.include_role: name: xanmanning.k3s public: true vars: k3s_state: uninstalled - tasks: - name: Gather list of CNI files ansible.builtin.find: paths: /etc/cni/net.d diff --git a/ansible/playbooks/cluster-prepare.yml b/ansible/playbooks/cluster-prepare.yml index ee4615ae5..d25783691 100644 --- a/ansible/playbooks/cluster-prepare.yml +++ b/ansible/playbooks/cluster-prepare.yml @@ -6,22 +6,20 @@ gather_facts: true any_errors_fatal: true pre_tasks: - - name: Pausing for 2 seconds... - pause: - seconds: 2 + - name: Pausing for 5 seconds... + ansible.builtin.pause: + seconds: 5 tasks: - name: Locale block: - name: Locale | Set timezone community.general.timezone: - name: "{{ timezone | default('America/New_York') }}" + name: "{{ timezone | default('Europe/Paris') }}" - name: Networking block: - name: Networking | Set hostname to inventory hostname ansible.builtin.hostname: name: "{{ inventory_hostname }}" - when: - - ansible_hostname != inventory_hostname - name: Networking | Update /etc/hosts to include inventory hostname ansible.builtin.blockinfile: path: /etc/hosts @@ -81,12 +79,6 @@ loop: "{{ public_ssh_keys | default([]) }}" - name: System Configuration (1) block: - - name: System Configuration (1) | Configure smartd - ansible.builtin.copy: - dest: /etc/smartd.conf - mode: 0644 - content: DEVICESCAN -a -o on -S on -n standby,q -s (S/../.././02|L/../../6/03) -W 4,35,40 - notify: Restart smartd - name: System Configuration (1) | Disable firewalld ansible.builtin.systemd: service: firewalld.service @@ -136,32 +128,13 @@ ansible.builtin.dnf: name: zram-generator-defaults state: absent - - name: System Configuration (2) | Disable SELinux + - name: System Configuration (2) | Permissive SELinux ansible.posix.selinux: - state: disabled - - name: System Configuration (2) | Disable mitigations - ansible.builtin.replace: - path: /etc/default/grub - regexp: '^(GRUB_CMDLINE_LINUX=(?:(?![" ]{{ item.key | regex_escape }}=).)*)(?:[" ]{{ item.key | regex_escape }}=\S+)?(.*")$' - replace: '\1 {{ item.key }}={{ item.value }}\2' - with_dict: "{{ grub_config }}" - vars: - grub_config: - mitigations: "off" - register: grub_status - - name: System Configuration (2) | Reconfigure grub and initramfs - ansible.builtin.command: "{{ item }}" - loop: - - grub2-mkconfig -o /boot/grub2/grub.cfg - - dracut --force --regenerate-all -v - when: grub_status.changed + state: permissive + policy: targeted notify: Reboot handlers: - name: Reboot ansible.builtin.reboot: - - name: Restart smartd - ansible.builtin.service: - name: smartd.service - enabled: true - state: restarted + msg: Rebooting nodes diff --git a/ansible/playbooks/cluster-reboot.yml b/ansible/playbooks/cluster-reboot.yml new file mode 100644 index 000000000..4f109d3ac --- /dev/null +++ b/ansible/playbooks/cluster-reboot.yml @@ -0,0 +1,15 @@ +--- +- hosts: + - master + - worker + become: true + gather_facts: true + any_errors_fatal: true + pre_tasks: + - name: Pausing for 5 seconds... + ansible.builtin.pause: + seconds: 5 + tasks: + - name: Reboot + ansible.builtin.reboot: + msg: Rebooting nodes