a few setups cleanly initialized

2023-06-26 11:02:01 +02:00
parent 11bda1cc7b
commit d9f97dd63a
21 changed files with 729 additions and 63 deletions
--- a/roles/k3s-ha/tasks/install.yml
+++ b/roles/k3s-ha/tasks/install.yml
--- a/roles/k3s-ha/tasks/main.yml
+++ b/roles/k3s-ha/tasks/main.yml
@@ -1,13 +1,34 @@
+- name: Prerequisites
+  include_tasks: prerequisites.yml
+
+
 - name: Download k3s install script
  get_url:
    url: https://get.k3s.io
    dest: /tmp/install-k3s.sh
    mode: 0755

+
 - name: Create k3s config file
  template:
    src: ../templates/config.yml.j2
-    dest: /tmp/config.yml
+    dest: "/home/{{ ansible_user }}/k3s_config.yml"
+
+
+- name: Only run uninstall script if it exists
+  become: true
+  shell: /usr/local/bin/k3s-uninstall.sh
+  args:
+    removes: /usr/local/bin/k3s-uninstall.sh
+  

 - name: Execute k3s install script providing a config.yml
-  shell: /tmp/install-k3s.sh --config /tmp/config.yml server
+  shell: "/tmp/install-k3s.sh --config /home/{{ ansible_user }}/k3s_config.yml server"
+
+
+- name: Copy kube config file back to local machine
+  fetch:
+    src: /etc/rancher/k3s/k3s.yaml
+    dest: /home/remy/.kube/config-home
+    flat: yes
+  run_once: true
--- a/roles/k3s-ha/tasks/prerequisites.yml
+++ b/roles/k3s-ha/tasks/prerequisites.yml
@@ -0,0 +1,35 @@
+- name: Set firewalld rule for required ports
+  firewalld:
+    port: "{{ item }}"
+    permanent: yes
+    state: enabled
+    immediate: yes
+  loop:
+    - 2379-2380/tcp
+    - 6443/tcp
+    - 8472/udp
+    - 10250/tcp
+    # tcp and udb for metallb
+    - 7946/udp
+    - 7946/tcp
+    
+- name: Set firewalld rule for rquired zones
+  firewalld:
+    zone: trusted
+    source: "{{ item }}"
+    permanent: yes
+    state: enabled
+    immediate: yes
+  loop:
+    - 10.42.0.0/16 # pods
+    - 10.43.0.0/16 # services
+
+- name: Update hostname to be unique
+  ansible.builtin.replace:
+    path: /etc/hosts
+    regexp: '(\s+)localhost(\s+.*)?$'
+    replace: '\{{ inventory_hostname }}\2'
+
+- name: Set hostname
+  ansible.builtin.hostname:
+    name: "{{ inventory_hostname }}"
--- a/roles/k3s-ha/templates/config.yml.j2
+++ b/roles/k3s-ha/templates/config.yml.j2
@@ -1,7 +1,12 @@
+token: "{{ k3s_token }}"
+
 disable:
    - traefik
    - servicelb

-cluster-init: "{{ inventory_hostname == groups['fedora-server'][0] }}"
-server: "{{ groups['fedora-server'][0] }}"
-token: {{ k3s_token }}
+{% if ansible_host == master_ip %}
+cluster-init: true
+{% else %}
+server: https://{{ master_ip }}:6443
+{% endif %}
+