feat: update ansible k3s playbooks

ansible/playbooks/cluster-installation.yml

@@ -6,8 +6,82 @@
   gather_facts: true
   any_errors_fatal: true
   pre_tasks:
-    - name: Pausing for 2 seconds...
+    - name: Pausing for 5 seconds...
-      pause:
+      ansible.builtin.pause:
-        seconds: 2
+        seconds: 5
-  roles:
+  tasks:
-    - installation.k3s
+    - name: Check if cluster is installed
+      check_mode: false
+      ansible.builtin.stat:
+        path: "/etc/rancher/k3s/config.yaml"
+      register: k3s_check_installed
+
+    - name: Set manifest facts
+      ansible.builtin.set_fact:
+        k3s_server_manifests_templates: []
+        k3s_server_manifests_urls: []
+      when: k3s_check_installed.stat.exists
+
+    - name: Install Kubernetes
+      ansible.builtin.include_role:
+        name: xanmanning.k3s
+        public: true
+      vars:
+        k3s_state: installed
+
+    - name: Get absolute path to this Git repository
+      delegate_to: localhost
+      become: false
+      run_once: true
+      check_mode: false
+      ansible.builtin.command: |-
+        git rev-parse --show-toplevel
+      register: repo_abs_path
+
+    - name: Copy kubeconfig to provision folder
+      run_once: true
+      ansible.builtin.fetch:
+        src: "/etc/rancher/k3s/k3s.yaml"
+        dest: "{{ repo_abs_path.stdout }}/provision/kubeconfig"
+        flat: true
+      when:
+        - k3s_control_node is defined
+        - k3s_control_node
+
+    - name: Update kubeconfig with the correct IPv4 address
+      delegate_to: localhost
+      become: false
+      run_once: true
+      ansible.builtin.replace:
+        path: "{{ repo_abs_path.stdout }}/provision/kubeconfig"
+        regexp: "https://127.0.0.1:6443"
+        replace: "https://{{ k3s_registration_address }}:6443"
+
+    # Cleaning up the manifests from the /var/lib/rancher/k3s/server/manifests
+    # directory is needed because k3s has an awesome
+    # "feature" to always deploy these on restarting
+    # the k3s systemd service. Removing them does
+    # not uninstall the manifests.
+
+    # Removing them means we can manage the lifecycle
+    # of these components outside of the
+    # /var/lib/rancher/k3s/server/manifests directory
+
+    # FIXME(ansible): Check for deployments to be happy rather than waiting
+    - name: Wait for k3s to finish installing the deployed manifests
+      ansible.builtin.wait_for:
+        timeout: 15
+      when: k3s_server_manifests_templates | length > 0
+        or k3s_server_manifests_dir | length > 0
+
+    - name: Remove deployed manifest templates
+      ansible.builtin.file:
+        path: "{{ k3s_server_manifests_dir }}/{{ item | basename | regex_replace('\\.j2$', '') }}"
+        state: absent
+      loop: "{{ k3s_server_manifests_templates | default([]) }}"
+
+    - name: Remove deployed manifest urls
+      ansible.builtin.file:
+        path: "{{ k3s_server_manifests_dir }}/{{ item.filename }}"
+        state: absent
+      loop: "{{ k3s_server_manifests_urls | default([]) }}"

ansible/playbooks/cluster-nuke.yml

@@ -5,17 +5,29 @@
   become: true
   gather_facts: true
   any_errors_fatal: true
+  vars_prompt:
+    - name: nuke
+      prompt: |-
+        Are you sure you want to nuke this cluster?
+        Type YES I WANT TO DESTROY THIS CLUSTER to proceed
+      default: "n"
+      private: false
   pre_tasks:
-    - name: Pausing for 2 seconds...
+    - name: Check for confirmation
-      pause:
+      ansible.builtin.fail:
-        seconds: 2
+        msg: Aborted nuking the cluster
+      when: nuke != 'YES I WANT TO DESTROY THIS CLUSTER'
+
+    - name: Pausing for 5 seconds...
+      ansible.builtin.pause:
+        seconds: 5
+  tasks:
     - name: Uninstall k3s
-      include_role:
+      ansible.builtin.include_role:
         name: xanmanning.k3s
         public: true
       vars:
         k3s_state: uninstalled
-  tasks:
     - name: Gather list of CNI files
       ansible.builtin.find:
         paths: /etc/cni/net.d

ansible/playbooks/cluster-prepare.yml

@@ -6,22 +6,20 @@
   gather_facts: true
   any_errors_fatal: true
   pre_tasks:
-    - name: Pausing for 2 seconds...
+    - name: Pausing for 5 seconds...
-      pause:
+      ansible.builtin.pause:
-        seconds: 2
+        seconds: 5
   tasks:
     - name: Locale
       block:
         - name: Locale | Set timezone
           community.general.timezone:
-            name: "{{ timezone | default('America/New_York') }}"
+            name: "{{ timezone | default('Europe/Paris') }}"
     - name: Networking
       block:
         - name: Networking | Set hostname to inventory hostname
           ansible.builtin.hostname:
             name: "{{ inventory_hostname }}"
-          when:
-            - ansible_hostname != inventory_hostname
         - name: Networking | Update /etc/hosts to include inventory hostname
           ansible.builtin.blockinfile:
             path: /etc/hosts
@@ -81,12 +79,6 @@
           loop: "{{ public_ssh_keys | default([]) }}"
     - name: System Configuration (1)
       block:
-        - name: System Configuration (1) | Configure smartd
-          ansible.builtin.copy:
-            dest: /etc/smartd.conf
-            mode: 0644
-            content: DEVICESCAN -a -o on -S on -n standby,q -s (S/../.././02|L/../../6/03) -W 4,35,40
-          notify: Restart smartd
         - name: System Configuration (1) | Disable firewalld
           ansible.builtin.systemd:
             service: firewalld.service
@@ -136,32 +128,13 @@
           ansible.builtin.dnf:
             name: zram-generator-defaults
             state: absent
-        - name: System Configuration (2) | Disable SELinux
+        - name: System Configuration (2) | Permissive SELinux
           ansible.posix.selinux:
-            state: disabled
+            state: permissive
-        - name: System Configuration (2) | Disable mitigations
+            policy: targeted
-          ansible.builtin.replace:
-            path: /etc/default/grub
-            regexp: '^(GRUB_CMDLINE_LINUX=(?:(?![" ]{{ item.key | regex_escape }}=).)*)(?:[" ]{{ item.key | regex_escape }}=\S+)?(.*")$'
-            replace: '\1 {{ item.key }}={{ item.value }}\2'
-          with_dict: "{{ grub_config }}"
-          vars:
-            grub_config:
-              mitigations: "off"
-          register: grub_status
-        - name: System Configuration (2) | Reconfigure grub and initramfs
-          ansible.builtin.command: "{{ item }}"
-          loop:
-            - grub2-mkconfig -o /boot/grub2/grub.cfg
-            - dracut --force --regenerate-all -v
-          when: grub_status.changed
       notify: Reboot
 
   handlers:
     - name: Reboot
       ansible.builtin.reboot:
-    - name: Restart smartd
+        msg: Rebooting nodes
-      ansible.builtin.service:
-        name: smartd.service
-        enabled: true
-        state: restarted

ansible/playbooks/cluster-reboot.yml

@@ -0,0 +1,15 @@
+---
+- hosts:
+    - master
+    - worker
+  become: true
+  gather_facts: true
+  any_errors_fatal: true
+  pre_tasks:
+    - name: Pausing for 5 seconds...
+      ansible.builtin.pause:
+        seconds: 5
+  tasks:
+    - name: Reboot
+      ansible.builtin.reboot:
+        msg: Rebooting nodes