From 2edb3ca55da85ebfce019e0f2a5723610a553e9b Mon Sep 17 00:00:00 2001 From: Daniel Flanagan Date: Sun, 6 Feb 2022 15:52:03 -0600 Subject: [PATCH] WIP --- ansible/arch-linux/defaults/main.yml | 2 - ansible/arch-linux/handlers/main.yml | 2 - ansible/arch-linux/meta/main.yml | 52 ------------------- ansible/arch-linux/tasks/main.yml | 16 ------ ansible/arch-linux/tests/inventory | 2 - ansible/arch-linux/tests/test.yml | 5 -- ansible/arch-linux/vars/main.yml | 2 - ansible/build-k3s-cluster.yml | 5 ++ ansible/install-k3s.yml | 18 ------- ansible/inventory/hosts.yml | 39 ++++---------- ansible/{arch-linux => k3s-node}/.travis.yml | 0 ansible/{arch-linux => k3s-node}/README.md | 0 .../{arch-linux => k3s-node}/tasks/aur.yml | 11 ++-- .../tasks/create-aur-builder.yml | 0 ansible/k3s-node/tasks/install-k3s.yml | 3 ++ .../tasks/install-yay-bin.yml | 0 ansible/k3s-node/tasks/main.yml | 10 ++++ ansible/k3s-node/tasks/prepare-host.yml | 19 +++++++ .../tasks/upgrade-all-packages.yml | 1 + .../tasks/use-firewalld-with-iptables.yml | 8 +++ ...{nuke-cluster.yml => nuke-k3s-cluster.yml} | 15 +----- ansible/provision.yml | 13 ----- ansible/requirements.yml | 3 -- 23 files changed, 65 insertions(+), 161 deletions(-) delete mode 100644 ansible/arch-linux/defaults/main.yml delete mode 100644 ansible/arch-linux/handlers/main.yml delete mode 100644 ansible/arch-linux/meta/main.yml delete mode 100644 ansible/arch-linux/tasks/main.yml delete mode 100644 ansible/arch-linux/tests/inventory delete mode 100644 ansible/arch-linux/tests/test.yml delete mode 100644 ansible/arch-linux/vars/main.yml create mode 100644 ansible/build-k3s-cluster.yml delete mode 100644 ansible/install-k3s.yml rename ansible/{arch-linux => k3s-node}/.travis.yml (100%) rename ansible/{arch-linux => k3s-node}/README.md (100%) rename ansible/{arch-linux => k3s-node}/tasks/aur.yml (82%) rename ansible/{arch-linux => k3s-node}/tasks/create-aur-builder.yml (100%) create mode 100644 ansible/k3s-node/tasks/install-k3s.yml rename ansible/{arch-linux => k3s-node}/tasks/install-yay-bin.yml (100%) create mode 100644 ansible/k3s-node/tasks/main.yml create mode 100644 ansible/k3s-node/tasks/prepare-host.yml rename ansible/{arch-linux => k3s-node}/tasks/upgrade-all-packages.yml (76%) create mode 100644 ansible/k3s-node/tasks/use-firewalld-with-iptables.yml rename ansible/{nuke-cluster.yml => nuke-k3s-cluster.yml} (61%) delete mode 100644 ansible/provision.yml diff --git a/ansible/arch-linux/defaults/main.yml b/ansible/arch-linux/defaults/main.yml deleted file mode 100644 index eb6e948..0000000 --- a/ansible/arch-linux/defaults/main.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -# defaults file for arch-linux diff --git a/ansible/arch-linux/handlers/main.yml b/ansible/arch-linux/handlers/main.yml deleted file mode 100644 index 3539501..0000000 --- a/ansible/arch-linux/handlers/main.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -# handlers file for arch-linux diff --git a/ansible/arch-linux/meta/main.yml b/ansible/arch-linux/meta/main.yml deleted file mode 100644 index c572acc..0000000 --- a/ansible/arch-linux/meta/main.yml +++ /dev/null @@ -1,52 +0,0 @@ -galaxy_info: - author: your name - description: your role description - company: your company (optional) - - # If the issue tracker for your role is not on github, uncomment the - # next line and provide a value - # issue_tracker_url: http://example.com/issue/tracker - - # Choose a valid license ID from https://spdx.org - some suggested licenses: - # - BSD-3-Clause (default) - # - MIT - # - GPL-2.0-or-later - # - GPL-3.0-only - # - Apache-2.0 - # - CC-BY-4.0 - license: license (GPL-2.0-or-later, MIT, etc) - - min_ansible_version: 2.1 - - # If this a Container Enabled role, provide the minimum Ansible Container version. - # min_ansible_container_version: - - # - # Provide a list of supported platforms, and for each platform a list of versions. - # If you don't wish to enumerate all versions for a particular platform, use 'all'. - # To view available platforms and versions (or releases), visit: - # https://galaxy.ansible.com/api/v1/platforms/ - # - # platforms: - # - name: Fedora - # versions: - # - all - # - 25 - # - name: SomePlatform - # versions: - # - all - # - 1.0 - # - 7 - # - 99.99 - - galaxy_tags: [] - # List tags for your role here, one per line. A tag is a keyword that describes - # and categorizes the role. Users find roles by searching for tags. Be sure to - # remove the '[]' above, if you add tags to this list. - # - # NOTE: A tag is limited to a single word comprised of alphanumeric characters. - # Maximum 20 tags per role. - -dependencies: [] - # List your role dependencies here, one per line. Be sure to remove the '[]' above, - # if you add dependencies to this list. diff --git a/ansible/arch-linux/tasks/main.yml b/ansible/arch-linux/tasks/main.yml deleted file mode 100644 index a70f8af..0000000 --- a/ansible/arch-linux/tasks/main.yml +++ /dev/null @@ -1,16 +0,0 @@ -# TODO: how can I "share" the `aur_builder` username -# TODO: how can I avoiding repeating tasks if I know they're done?t remote add origin ssh://git@git.lyte.dev:2222/lytedev/home-k8s-cluster.git - -- include_tasks: ./create-aur-builder.yml - when: ansible_facts.os_family == 'Archlinux' - -- include_tasks: ./install-yay-bin.yml - when: ansible_facts.os_family == 'Archlinux' - -- include_tasks: ./upgrade-all-packages.yml - when: ansible_facts.os_family == 'Archlinux' - -# TODO: -# - update everything -# - install k8s -# - join cluster? diff --git a/ansible/arch-linux/tests/inventory b/ansible/arch-linux/tests/inventory deleted file mode 100644 index 878877b..0000000 --- a/ansible/arch-linux/tests/inventory +++ /dev/null @@ -1,2 +0,0 @@ -localhost - diff --git a/ansible/arch-linux/tests/test.yml b/ansible/arch-linux/tests/test.yml deleted file mode 100644 index 8a28f58..0000000 --- a/ansible/arch-linux/tests/test.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -- hosts: localhost - remote_user: root - roles: - - arch-linux diff --git a/ansible/arch-linux/vars/main.yml b/ansible/arch-linux/vars/main.yml deleted file mode 100644 index 0365660..0000000 --- a/ansible/arch-linux/vars/main.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -# vars file for arch-linux diff --git a/ansible/build-k3s-cluster.yml b/ansible/build-k3s-cluster.yml new file mode 100644 index 0000000..1d3eae1 --- /dev/null +++ b/ansible/build-k3s-cluster.yml @@ -0,0 +1,5 @@ +- name: setup k3s on k3s-nodes + hosts: k3s-nodes + gather_facts: yes + roles: + - role: k3s-node diff --git a/ansible/install-k3s.yml b/ansible/install-k3s.yml deleted file mode 100644 index aca0139..0000000 --- a/ansible/install-k3s.yml +++ /dev/null @@ -1,18 +0,0 @@ -- name: provision Arch Linux hosts - hosts: all - gather_facts: yes - roles: - - role: xanmanning.k3s - -# - hosts: k3s_nodes -# vars: -# k3s_registration_address: loadbalancer # Typically a load balancer. -# k3s_server: -# datastore-endpoint: "postgres://postgres:verybadpass@database:5432/postgres?sslmode=disable" -# pre_tasks: -# - name: Set each node to be a control node -# ansible.builtin.set_fact: -# k3s_control_node: true -# when: inventory_hostname in ['node2', 'node3'] -# roles: -# - role: xanmanning.k3s diff --git a/ansible/inventory/hosts.yml b/ansible/inventory/hosts.yml index 0893121..0ec04a2 100644 --- a/ansible/inventory/hosts.yml +++ b/ansible/inventory/hosts.yml @@ -1,32 +1,13 @@ -homek8s: - children: - controllers: - hybrid: - hosts: - "10.0.0.87": - k3s_control_node: true - ansible_host: "10.0.0.87" - ansible_user: root - cluster-cidr: '10.42.0.0/16' - # # flannel-backend: 'none' - # node-label: - # - "human-name=datto3" - "10.0.0.138": - ansible_host: "10.0.0.138" - ansible_user: root - # k3s_control_node: false - # with-node-id: true - # node-label: - # - "human-name=chromebox" - workers: +k3s-nodes: + hosts: + "root@10.0.0.87": + control-plane-node: true + "root@10.0.0.138": + agent-node: true vars: - k3s_release_version: v1.23.3+k3s1 - k3s_build_cluster: true - k3s_registration_address: 10.0.0.87 ansible_python_interpreter: /usr/bin/python3.10 - k3s_server: - advertise-address: "0.0.0.0" - k3s_agent: - node-ip: "{{ ansible_host }}" - node-external-ip: "{{ ansible_host }}" + cluster_cidr: '192.168.0.0/16' + k3s: + version: v1.23.3+k3s1 + master: 10.0.0.87 diff --git a/ansible/arch-linux/.travis.yml b/ansible/k3s-node/.travis.yml similarity index 100% rename from ansible/arch-linux/.travis.yml rename to ansible/k3s-node/.travis.yml diff --git a/ansible/arch-linux/README.md b/ansible/k3s-node/README.md similarity index 100% rename from ansible/arch-linux/README.md rename to ansible/k3s-node/README.md diff --git a/ansible/arch-linux/tasks/aur.yml b/ansible/k3s-node/tasks/aur.yml similarity index 82% rename from ansible/arch-linux/tasks/aur.yml rename to ansible/k3s-node/tasks/aur.yml index 8f017bd..a3395b5 100644 --- a/ansible/arch-linux/tasks/aur.yml +++ b/ansible/k3s-node/tasks/aur.yml @@ -2,7 +2,7 @@ connection: local become: no uri: > - url=https://aur.archlinux.org/rpc.php?type=info&arg={{ pkg_name | mandatory }} + url=https://aur.archlinux.org/rpc?v=5&type=info&arg={{ pkg_name | mandatory }} return_content=yes timeout=6 register: api_info @@ -11,7 +11,7 @@ that: - api_info.status == 200 - api_info.json is defined - - api_info.json.type == 'info' + - api_info.json.type == 'multiinfo' - api_info.json.resultcount == 1 - api_info.json.results is defined @@ -19,10 +19,15 @@ become: no connection: local get_url: > - url='https://aur.archlinux.org{{ api_info.json.results.URLPath }}' + url='https://aur.archlinux.org{{ api_info.json.results[0].URLPath }}' dest='/tmp/' register: aur_tarball +- name: AUR | cleanup old {{ pkg_name }} builds + ansible.builtin.file: + path: /tmp/{{ pkg_name }} + state: absent + - name: AUR | upload and extract package {{ pkg_name }} tarball to host become: yes become_user: '{{ makepkg_nonroot_user }}' diff --git a/ansible/arch-linux/tasks/create-aur-builder.yml b/ansible/k3s-node/tasks/create-aur-builder.yml similarity index 100% rename from ansible/arch-linux/tasks/create-aur-builder.yml rename to ansible/k3s-node/tasks/create-aur-builder.yml diff --git a/ansible/k3s-node/tasks/install-k3s.yml b/ansible/k3s-node/tasks/install-k3s.yml new file mode 100644 index 0000000..257bba9 --- /dev/null +++ b/ansible/k3s-node/tasks/install-k3s.yml @@ -0,0 +1,3 @@ +- name: install k3s + ansible.builtin.command: > + curl -sfL https://get.k3s.io | INSTALL_K3S_VERSION="{{ k3s.version }}" sh - diff --git a/ansible/arch-linux/tasks/install-yay-bin.yml b/ansible/k3s-node/tasks/install-yay-bin.yml similarity index 100% rename from ansible/arch-linux/tasks/install-yay-bin.yml rename to ansible/k3s-node/tasks/install-yay-bin.yml diff --git a/ansible/k3s-node/tasks/main.yml b/ansible/k3s-node/tasks/main.yml new file mode 100644 index 0000000..a05e2f3 --- /dev/null +++ b/ansible/k3s-node/tasks/main.yml @@ -0,0 +1,10 @@ +- include_tasks: ./prepare-host.yml +- include_tasks: ./install-k3s.yml + +# TODO: setup loadbalancer? + +- include_tasks: ./start-k3s-control-nodes.yml + # TODO: probably need some output here? + +- include_tasks: ./start-k3s-agents.yml + # TODO: probably need the output from control nodes diff --git a/ansible/k3s-node/tasks/prepare-host.yml b/ansible/k3s-node/tasks/prepare-host.yml new file mode 100644 index 0000000..99ee377 --- /dev/null +++ b/ansible/k3s-node/tasks/prepare-host.yml @@ -0,0 +1,19 @@ +# arch linux +- include_tasks: ./create-aur-builder.yml + when: ansible_facts.os_family == 'Archlinux' + +- include_tasks: ./install-yay-bin.yml + when: ansible_facts.os_family == 'Archlinux' + +# common +- include_tasks: ./use-firewalld-with-iptables.yml + +- name: open http and https ports in firewalld + ansible.builtin.command: > + sudo firewall-cmd --add-port=443/tcp --permanent \ + && sudo firewall-cmd --add-port=80/tcp --permanent \ + && sudo firewall-cmd --reload + +- include_tasks: ./update-all.yml + + # _todo: net.ipv4.ip_forward = 1 diff --git a/ansible/arch-linux/tasks/upgrade-all-packages.yml b/ansible/k3s-node/tasks/upgrade-all-packages.yml similarity index 76% rename from ansible/arch-linux/tasks/upgrade-all-packages.yml rename to ansible/k3s-node/tasks/upgrade-all-packages.yml index da51fb6..02530b4 100644 --- a/ansible/arch-linux/tasks/upgrade-all-packages.yml +++ b/ansible/k3s-node/tasks/upgrade-all-packages.yml @@ -1,4 +1,5 @@ - name: upgrade all packages + when: ansible_facts.os_family == 'Archlinux' community.general.pacman: # executable: yay force: yes diff --git a/ansible/k3s-node/tasks/use-firewalld-with-iptables.yml b/ansible/k3s-node/tasks/use-firewalld-with-iptables.yml new file mode 100644 index 0000000..a154c7f --- /dev/null +++ b/ansible/k3s-node/tasks/use-firewalld-with-iptables.yml @@ -0,0 +1,8 @@ +- name: uninstall nftables, install firewalld, configure it to use iptables, and activate it + when: ansible_facts.os_family == 'Archlinux' + become: true + ansible.builtin.command: > + pacman -Rs nftables \ + && pacman -Sy firewalld \ + && sed -i 's/FirewallBackend=.*/FirewallBackend=iptables/g' /etc/firewalld/firewalld.conf \ + && systemctl enable --now firewalld diff --git a/ansible/nuke-cluster.yml b/ansible/nuke-k3s-cluster.yml similarity index 61% rename from ansible/nuke-cluster.yml rename to ansible/nuke-k3s-cluster.yml index 0c9a4c2..dde990b 100644 --- a/ansible/nuke-cluster.yml +++ b/ansible/nuke-k3s-cluster.yml @@ -1,4 +1,4 @@ -- name: deprovision k3s nodes +- name: purge k3s from k3s-nodes hosts: all become: true gather_facts: yes @@ -24,16 +24,3 @@ path: "{{ item.path }}" state: absent loop: "{{ files_to_delete.files }}" - -# - hosts: k3s_nodes -# vars: -# k3s_registration_address: loadbalancer # Typically a load balancer. -# k3s_server: -# datastore-endpoint: "postgres://postgres:verybadpass@database:5432/postgres?sslmode=disable" -# pre_tasks: -# - name: Set each node to be a control node -# ansible.builtin.set_fact: -# k3s_control_node: true -# when: inventory_hostname in ['node2', 'node3'] -# roles: -# - role: xanmanning.k3s diff --git a/ansible/provision.yml b/ansible/provision.yml deleted file mode 100644 index 43988e5..0000000 --- a/ansible/provision.yml +++ /dev/null @@ -1,13 +0,0 @@ -- name: provision Arch Linux hosts - hosts: all - gather_facts: yes - roles: - - role: './arch-linux' - tasks: - - name: print all available facts - ansible.builtin.debug: - var: ansible_facts - - - name: print os family - ansible.builtin.debug: - var: ansible_facts.os_family diff --git a/ansible/requirements.yml b/ansible/requirements.yml index 9dbc468..2709e5c 100644 --- a/ansible/requirements.yml +++ b/ansible/requirements.yml @@ -5,6 +5,3 @@ collections: version: 1.2.0 - name: ansible.posix version: 1.3.0 -roles: - - src: xanmanning.k3s - version: v3.1.0