This commit is contained in:
Daniel Flanagan 2022-02-06 15:52:03 -06:00
parent 3e79f1355d
commit 2edb3ca55d
Signed by: lytedev
GPG key ID: 5B2020A0F9921EF4
23 changed files with 65 additions and 161 deletions

View file

@ -1,2 +0,0 @@
---
# defaults file for arch-linux

View file

@ -1,2 +0,0 @@
---
# handlers file for arch-linux

View file

@ -1,52 +0,0 @@
galaxy_info:
author: your name
description: your role description
company: your company (optional)
# If the issue tracker for your role is not on github, uncomment the
# next line and provide a value
# issue_tracker_url: http://example.com/issue/tracker
# Choose a valid license ID from https://spdx.org - some suggested licenses:
# - BSD-3-Clause (default)
# - MIT
# - GPL-2.0-or-later
# - GPL-3.0-only
# - Apache-2.0
# - CC-BY-4.0
license: license (GPL-2.0-or-later, MIT, etc)
min_ansible_version: 2.1
# If this a Container Enabled role, provide the minimum Ansible Container version.
# min_ansible_container_version:
#
# Provide a list of supported platforms, and for each platform a list of versions.
# If you don't wish to enumerate all versions for a particular platform, use 'all'.
# To view available platforms and versions (or releases), visit:
# https://galaxy.ansible.com/api/v1/platforms/
#
# platforms:
# - name: Fedora
# versions:
# - all
# - 25
# - name: SomePlatform
# versions:
# - all
# - 1.0
# - 7
# - 99.99
galaxy_tags: []
# List tags for your role here, one per line. A tag is a keyword that describes
# and categorizes the role. Users find roles by searching for tags. Be sure to
# remove the '[]' above, if you add tags to this list.
#
# NOTE: A tag is limited to a single word comprised of alphanumeric characters.
# Maximum 20 tags per role.
dependencies: []
# List your role dependencies here, one per line. Be sure to remove the '[]' above,
# if you add dependencies to this list.

View file

@ -1,16 +0,0 @@
# TODO: how can I "share" the `aur_builder` username
# TODO: how can I avoiding repeating tasks if I know they're done?t remote add origin ssh://git@git.lyte.dev:2222/lytedev/home-k8s-cluster.git
- include_tasks: ./create-aur-builder.yml
when: ansible_facts.os_family == 'Archlinux'
- include_tasks: ./install-yay-bin.yml
when: ansible_facts.os_family == 'Archlinux'
- include_tasks: ./upgrade-all-packages.yml
when: ansible_facts.os_family == 'Archlinux'
# TODO:
# - update everything
# - install k8s
# - join cluster?

View file

@ -1,2 +0,0 @@
localhost

View file

@ -1,5 +0,0 @@
---
- hosts: localhost
remote_user: root
roles:
- arch-linux

View file

@ -1,2 +0,0 @@
---
# vars file for arch-linux

View file

@ -0,0 +1,5 @@
- name: setup k3s on k3s-nodes
hosts: k3s-nodes
gather_facts: yes
roles:
- role: k3s-node

View file

@ -1,18 +0,0 @@
- name: provision Arch Linux hosts
hosts: all
gather_facts: yes
roles:
- role: xanmanning.k3s
# - hosts: k3s_nodes
# vars:
# k3s_registration_address: loadbalancer # Typically a load balancer.
# k3s_server:
# datastore-endpoint: "postgres://postgres:verybadpass@database:5432/postgres?sslmode=disable"
# pre_tasks:
# - name: Set each node to be a control node
# ansible.builtin.set_fact:
# k3s_control_node: true
# when: inventory_hostname in ['node2', 'node3']
# roles:
# - role: xanmanning.k3s

View file

@ -1,32 +1,13 @@
homek8s:
children:
controllers:
hybrid:
hosts:
"10.0.0.87":
k3s_control_node: true
ansible_host: "10.0.0.87"
ansible_user: root
cluster-cidr: '10.42.0.0/16'
# # flannel-backend: 'none'
# node-label:
# - "human-name=datto3"
"10.0.0.138":
ansible_host: "10.0.0.138"
ansible_user: root
# k3s_control_node: false
# with-node-id: true
# node-label:
# - "human-name=chromebox"
workers:
k3s-nodes:
hosts:
"root@10.0.0.87":
control-plane-node: true
"root@10.0.0.138":
agent-node: true
vars:
k3s_release_version: v1.23.3+k3s1
k3s_build_cluster: true
k3s_registration_address: 10.0.0.87
ansible_python_interpreter: /usr/bin/python3.10
k3s_server:
advertise-address: "0.0.0.0"
k3s_agent:
node-ip: "{{ ansible_host }}"
node-external-ip: "{{ ansible_host }}"
cluster_cidr: '192.168.0.0/16'
k3s:
version: v1.23.3+k3s1
master: 10.0.0.87

View file

@ -2,7 +2,7 @@
connection: local
become: no
uri: >
url=https://aur.archlinux.org/rpc.php?type=info&arg={{ pkg_name | mandatory }}
url=https://aur.archlinux.org/rpc?v=5&type=info&arg={{ pkg_name | mandatory }}
return_content=yes
timeout=6
register: api_info
@ -11,7 +11,7 @@
that:
- api_info.status == 200
- api_info.json is defined
- api_info.json.type == 'info'
- api_info.json.type == 'multiinfo'
- api_info.json.resultcount == 1
- api_info.json.results is defined
@ -19,10 +19,15 @@
become: no
connection: local
get_url: >
url='https://aur.archlinux.org{{ api_info.json.results.URLPath }}'
url='https://aur.archlinux.org{{ api_info.json.results[0].URLPath }}'
dest='/tmp/'
register: aur_tarball
- name: AUR | cleanup old {{ pkg_name }} builds
ansible.builtin.file:
path: /tmp/{{ pkg_name }}
state: absent
- name: AUR | upload and extract package {{ pkg_name }} tarball to host
become: yes
become_user: '{{ makepkg_nonroot_user }}'

View file

@ -0,0 +1,3 @@
- name: install k3s
ansible.builtin.command: >
curl -sfL https://get.k3s.io | INSTALL_K3S_VERSION="{{ k3s.version }}" sh -

View file

@ -0,0 +1,10 @@
- include_tasks: ./prepare-host.yml
- include_tasks: ./install-k3s.yml
# TODO: setup loadbalancer?
- include_tasks: ./start-k3s-control-nodes.yml
# TODO: probably need some output here?
- include_tasks: ./start-k3s-agents.yml
# TODO: probably need the output from control nodes

View file

@ -0,0 +1,19 @@
# arch linux
- include_tasks: ./create-aur-builder.yml
when: ansible_facts.os_family == 'Archlinux'
- include_tasks: ./install-yay-bin.yml
when: ansible_facts.os_family == 'Archlinux'
# common
- include_tasks: ./use-firewalld-with-iptables.yml
- name: open http and https ports in firewalld
ansible.builtin.command: >
sudo firewall-cmd --add-port=443/tcp --permanent \
&& sudo firewall-cmd --add-port=80/tcp --permanent \
&& sudo firewall-cmd --reload
- include_tasks: ./update-all.yml
# _todo: net.ipv4.ip_forward = 1

View file

@ -1,4 +1,5 @@
- name: upgrade all packages
when: ansible_facts.os_family == 'Archlinux'
community.general.pacman:
# executable: yay
force: yes

View file

@ -0,0 +1,8 @@
- name: uninstall nftables, install firewalld, configure it to use iptables, and activate it
when: ansible_facts.os_family == 'Archlinux'
become: true
ansible.builtin.command: >
pacman -Rs nftables \
&& pacman -Sy firewalld \
&& sed -i 's/FirewallBackend=.*/FirewallBackend=iptables/g' /etc/firewalld/firewalld.conf \
&& systemctl enable --now firewalld

View file

@ -1,4 +1,4 @@
- name: deprovision k3s nodes
- name: purge k3s from k3s-nodes
hosts: all
become: true
gather_facts: yes
@ -24,16 +24,3 @@
path: "{{ item.path }}"
state: absent
loop: "{{ files_to_delete.files }}"
# - hosts: k3s_nodes
# vars:
# k3s_registration_address: loadbalancer # Typically a load balancer.
# k3s_server:
# datastore-endpoint: "postgres://postgres:verybadpass@database:5432/postgres?sslmode=disable"
# pre_tasks:
# - name: Set each node to be a control node
# ansible.builtin.set_fact:
# k3s_control_node: true
# when: inventory_hostname in ['node2', 'node3']
# roles:
# - role: xanmanning.k3s

View file

@ -1,13 +0,0 @@
- name: provision Arch Linux hosts
hosts: all
gather_facts: yes
roles:
- role: './arch-linux'
tasks:
- name: print all available facts
ansible.builtin.debug:
var: ansible_facts
- name: print os family
ansible.builtin.debug:
var: ansible_facts.os_family

View file

@ -5,6 +5,3 @@ collections:
version: 1.2.0
- name: ansible.posix
version: 1.3.0
roles:
- src: xanmanning.k3s
version: v3.1.0