WIP
This commit is contained in:
parent
3e79f1355d
commit
2edb3ca55d
|
@ -1,2 +0,0 @@
|
|||
---
|
||||
# defaults file for arch-linux
|
|
@ -1,2 +0,0 @@
|
|||
---
|
||||
# handlers file for arch-linux
|
|
@ -1,52 +0,0 @@
|
|||
galaxy_info:
|
||||
author: your name
|
||||
description: your role description
|
||||
company: your company (optional)
|
||||
|
||||
# If the issue tracker for your role is not on github, uncomment the
|
||||
# next line and provide a value
|
||||
# issue_tracker_url: http://example.com/issue/tracker
|
||||
|
||||
# Choose a valid license ID from https://spdx.org - some suggested licenses:
|
||||
# - BSD-3-Clause (default)
|
||||
# - MIT
|
||||
# - GPL-2.0-or-later
|
||||
# - GPL-3.0-only
|
||||
# - Apache-2.0
|
||||
# - CC-BY-4.0
|
||||
license: license (GPL-2.0-or-later, MIT, etc)
|
||||
|
||||
min_ansible_version: 2.1
|
||||
|
||||
# If this a Container Enabled role, provide the minimum Ansible Container version.
|
||||
# min_ansible_container_version:
|
||||
|
||||
#
|
||||
# Provide a list of supported platforms, and for each platform a list of versions.
|
||||
# If you don't wish to enumerate all versions for a particular platform, use 'all'.
|
||||
# To view available platforms and versions (or releases), visit:
|
||||
# https://galaxy.ansible.com/api/v1/platforms/
|
||||
#
|
||||
# platforms:
|
||||
# - name: Fedora
|
||||
# versions:
|
||||
# - all
|
||||
# - 25
|
||||
# - name: SomePlatform
|
||||
# versions:
|
||||
# - all
|
||||
# - 1.0
|
||||
# - 7
|
||||
# - 99.99
|
||||
|
||||
galaxy_tags: []
|
||||
# List tags for your role here, one per line. A tag is a keyword that describes
|
||||
# and categorizes the role. Users find roles by searching for tags. Be sure to
|
||||
# remove the '[]' above, if you add tags to this list.
|
||||
#
|
||||
# NOTE: A tag is limited to a single word comprised of alphanumeric characters.
|
||||
# Maximum 20 tags per role.
|
||||
|
||||
dependencies: []
|
||||
# List your role dependencies here, one per line. Be sure to remove the '[]' above,
|
||||
# if you add dependencies to this list.
|
|
@ -1,16 +0,0 @@
|
|||
# TODO: how can I "share" the `aur_builder` username
|
||||
# TODO: how can I avoiding repeating tasks if I know they're done?t remote add origin ssh://git@git.lyte.dev:2222/lytedev/home-k8s-cluster.git
|
||||
|
||||
- include_tasks: ./create-aur-builder.yml
|
||||
when: ansible_facts.os_family == 'Archlinux'
|
||||
|
||||
- include_tasks: ./install-yay-bin.yml
|
||||
when: ansible_facts.os_family == 'Archlinux'
|
||||
|
||||
- include_tasks: ./upgrade-all-packages.yml
|
||||
when: ansible_facts.os_family == 'Archlinux'
|
||||
|
||||
# TODO:
|
||||
# - update everything
|
||||
# - install k8s
|
||||
# - join cluster?
|
|
@ -1,2 +0,0 @@
|
|||
localhost
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
---
|
||||
- hosts: localhost
|
||||
remote_user: root
|
||||
roles:
|
||||
- arch-linux
|
|
@ -1,2 +0,0 @@
|
|||
---
|
||||
# vars file for arch-linux
|
5
ansible/build-k3s-cluster.yml
Normal file
5
ansible/build-k3s-cluster.yml
Normal file
|
@ -0,0 +1,5 @@
|
|||
- name: setup k3s on k3s-nodes
|
||||
hosts: k3s-nodes
|
||||
gather_facts: yes
|
||||
roles:
|
||||
- role: k3s-node
|
|
@ -1,18 +0,0 @@
|
|||
- name: provision Arch Linux hosts
|
||||
hosts: all
|
||||
gather_facts: yes
|
||||
roles:
|
||||
- role: xanmanning.k3s
|
||||
|
||||
# - hosts: k3s_nodes
|
||||
# vars:
|
||||
# k3s_registration_address: loadbalancer # Typically a load balancer.
|
||||
# k3s_server:
|
||||
# datastore-endpoint: "postgres://postgres:verybadpass@database:5432/postgres?sslmode=disable"
|
||||
# pre_tasks:
|
||||
# - name: Set each node to be a control node
|
||||
# ansible.builtin.set_fact:
|
||||
# k3s_control_node: true
|
||||
# when: inventory_hostname in ['node2', 'node3']
|
||||
# roles:
|
||||
# - role: xanmanning.k3s
|
|
@ -1,32 +1,13 @@
|
|||
homek8s:
|
||||
children:
|
||||
controllers:
|
||||
hybrid:
|
||||
hosts:
|
||||
"10.0.0.87":
|
||||
k3s_control_node: true
|
||||
ansible_host: "10.0.0.87"
|
||||
ansible_user: root
|
||||
cluster-cidr: '10.42.0.0/16'
|
||||
# # flannel-backend: 'none'
|
||||
# node-label:
|
||||
# - "human-name=datto3"
|
||||
"10.0.0.138":
|
||||
ansible_host: "10.0.0.138"
|
||||
ansible_user: root
|
||||
# k3s_control_node: false
|
||||
# with-node-id: true
|
||||
# node-label:
|
||||
# - "human-name=chromebox"
|
||||
workers:
|
||||
k3s-nodes:
|
||||
hosts:
|
||||
"root@10.0.0.87":
|
||||
control-plane-node: true
|
||||
"root@10.0.0.138":
|
||||
agent-node: true
|
||||
|
||||
vars:
|
||||
k3s_release_version: v1.23.3+k3s1
|
||||
k3s_build_cluster: true
|
||||
k3s_registration_address: 10.0.0.87
|
||||
ansible_python_interpreter: /usr/bin/python3.10
|
||||
k3s_server:
|
||||
advertise-address: "0.0.0.0"
|
||||
k3s_agent:
|
||||
node-ip: "{{ ansible_host }}"
|
||||
node-external-ip: "{{ ansible_host }}"
|
||||
cluster_cidr: '192.168.0.0/16'
|
||||
k3s:
|
||||
version: v1.23.3+k3s1
|
||||
master: 10.0.0.87
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
connection: local
|
||||
become: no
|
||||
uri: >
|
||||
url=https://aur.archlinux.org/rpc.php?type=info&arg={{ pkg_name | mandatory }}
|
||||
url=https://aur.archlinux.org/rpc?v=5&type=info&arg={{ pkg_name | mandatory }}
|
||||
return_content=yes
|
||||
timeout=6
|
||||
register: api_info
|
||||
|
@ -11,7 +11,7 @@
|
|||
that:
|
||||
- api_info.status == 200
|
||||
- api_info.json is defined
|
||||
- api_info.json.type == 'info'
|
||||
- api_info.json.type == 'multiinfo'
|
||||
- api_info.json.resultcount == 1
|
||||
- api_info.json.results is defined
|
||||
|
||||
|
@ -19,10 +19,15 @@
|
|||
become: no
|
||||
connection: local
|
||||
get_url: >
|
||||
url='https://aur.archlinux.org{{ api_info.json.results.URLPath }}'
|
||||
url='https://aur.archlinux.org{{ api_info.json.results[0].URLPath }}'
|
||||
dest='/tmp/'
|
||||
register: aur_tarball
|
||||
|
||||
- name: AUR | cleanup old {{ pkg_name }} builds
|
||||
ansible.builtin.file:
|
||||
path: /tmp/{{ pkg_name }}
|
||||
state: absent
|
||||
|
||||
- name: AUR | upload and extract package {{ pkg_name }} tarball to host
|
||||
become: yes
|
||||
become_user: '{{ makepkg_nonroot_user }}'
|
3
ansible/k3s-node/tasks/install-k3s.yml
Normal file
3
ansible/k3s-node/tasks/install-k3s.yml
Normal file
|
@ -0,0 +1,3 @@
|
|||
- name: install k3s
|
||||
ansible.builtin.command: >
|
||||
curl -sfL https://get.k3s.io | INSTALL_K3S_VERSION="{{ k3s.version }}" sh -
|
10
ansible/k3s-node/tasks/main.yml
Normal file
10
ansible/k3s-node/tasks/main.yml
Normal file
|
@ -0,0 +1,10 @@
|
|||
- include_tasks: ./prepare-host.yml
|
||||
- include_tasks: ./install-k3s.yml
|
||||
|
||||
# TODO: setup loadbalancer?
|
||||
|
||||
- include_tasks: ./start-k3s-control-nodes.yml
|
||||
# TODO: probably need some output here?
|
||||
|
||||
- include_tasks: ./start-k3s-agents.yml
|
||||
# TODO: probably need the output from control nodes
|
19
ansible/k3s-node/tasks/prepare-host.yml
Normal file
19
ansible/k3s-node/tasks/prepare-host.yml
Normal file
|
@ -0,0 +1,19 @@
|
|||
# arch linux
|
||||
- include_tasks: ./create-aur-builder.yml
|
||||
when: ansible_facts.os_family == 'Archlinux'
|
||||
|
||||
- include_tasks: ./install-yay-bin.yml
|
||||
when: ansible_facts.os_family == 'Archlinux'
|
||||
|
||||
# common
|
||||
- include_tasks: ./use-firewalld-with-iptables.yml
|
||||
|
||||
- name: open http and https ports in firewalld
|
||||
ansible.builtin.command: >
|
||||
sudo firewall-cmd --add-port=443/tcp --permanent \
|
||||
&& sudo firewall-cmd --add-port=80/tcp --permanent \
|
||||
&& sudo firewall-cmd --reload
|
||||
|
||||
- include_tasks: ./update-all.yml
|
||||
|
||||
# _todo: net.ipv4.ip_forward = 1
|
|
@ -1,4 +1,5 @@
|
|||
- name: upgrade all packages
|
||||
when: ansible_facts.os_family == 'Archlinux'
|
||||
community.general.pacman:
|
||||
# executable: yay
|
||||
force: yes
|
8
ansible/k3s-node/tasks/use-firewalld-with-iptables.yml
Normal file
8
ansible/k3s-node/tasks/use-firewalld-with-iptables.yml
Normal file
|
@ -0,0 +1,8 @@
|
|||
- name: uninstall nftables, install firewalld, configure it to use iptables, and activate it
|
||||
when: ansible_facts.os_family == 'Archlinux'
|
||||
become: true
|
||||
ansible.builtin.command: >
|
||||
pacman -Rs nftables \
|
||||
&& pacman -Sy firewalld \
|
||||
&& sed -i 's/FirewallBackend=.*/FirewallBackend=iptables/g' /etc/firewalld/firewalld.conf \
|
||||
&& systemctl enable --now firewalld
|
|
@ -1,4 +1,4 @@
|
|||
- name: deprovision k3s nodes
|
||||
- name: purge k3s from k3s-nodes
|
||||
hosts: all
|
||||
become: true
|
||||
gather_facts: yes
|
||||
|
@ -24,16 +24,3 @@
|
|||
path: "{{ item.path }}"
|
||||
state: absent
|
||||
loop: "{{ files_to_delete.files }}"
|
||||
|
||||
# - hosts: k3s_nodes
|
||||
# vars:
|
||||
# k3s_registration_address: loadbalancer # Typically a load balancer.
|
||||
# k3s_server:
|
||||
# datastore-endpoint: "postgres://postgres:verybadpass@database:5432/postgres?sslmode=disable"
|
||||
# pre_tasks:
|
||||
# - name: Set each node to be a control node
|
||||
# ansible.builtin.set_fact:
|
||||
# k3s_control_node: true
|
||||
# when: inventory_hostname in ['node2', 'node3']
|
||||
# roles:
|
||||
# - role: xanmanning.k3s
|
|
@ -1,13 +0,0 @@
|
|||
- name: provision Arch Linux hosts
|
||||
hosts: all
|
||||
gather_facts: yes
|
||||
roles:
|
||||
- role: './arch-linux'
|
||||
tasks:
|
||||
- name: print all available facts
|
||||
ansible.builtin.debug:
|
||||
var: ansible_facts
|
||||
|
||||
- name: print os family
|
||||
ansible.builtin.debug:
|
||||
var: ansible_facts.os_family
|
|
@ -5,6 +5,3 @@ collections:
|
|||
version: 1.2.0
|
||||
- name: ansible.posix
|
||||
version: 1.3.0
|
||||
roles:
|
||||
- src: xanmanning.k3s
|
||||
version: v3.1.0
|
||||
|
|
Loading…
Reference in a new issue