Ansible.K3sCluster/playbook.yml

243 lines
7.7 KiB
YAML
Raw Normal View History

- name: Provision VM's
hosts: localhost
2022-04-18 10:58:57 +00:00
gather_facts: false
vars_files:
- hypervisor.vcenter.yml
- cluster.k3s.yml
2022-04-18 10:58:57 +00:00
tasks:
- name: Download OVF-template
ansible.builtin.get_url:
url: "https://{{ repo_username }}:{{ repo_password }}@{{ image.ova_url }}"
dest: /scratch/image.ova
2022-04-19 11:27:38 +00:00
- name: Deploy VM's from OVF-template
community.vmware.vmware_deploy_ovf:
hostname: "{{ hv.hostname }}"
username: "{{ hv.username }}"
password: "{{ hv_password }}"
2022-04-18 10:58:57 +00:00
validate_certs: no
datacenter: "{{ hv.datacenter }}"
folder: "{{ hv.folder }}"
cluster: "{{ hv.cluster }}"
name: "{{ cluster.name | upper }}-{{ (item.ip | checksum)[-5:] | upper }}"
datastore: "{{ hv.datastore }}"
2022-04-18 21:08:48 +00:00
disk_provisioning: thin
networks:
"LAN": "{{ hv.network }}"
power_on: yes
ovf: /scratch/image.ova
2022-04-18 21:08:48 +00:00
deployment_option: "{{ image.deployment_option }}"
properties:
guestinfo.hostname: "{{ cluster.name | upper }}-{{ (item.ip | checksum)[-5:] | upper }}"
2022-04-18 21:08:48 +00:00
guestinfo.rootpw: "{{ root_password }}"
2022-04-19 16:12:13 +00:00
guestinfo.rootsshkey: "{{ public_key }}"
guestinfo.ntpserver: "{{ network.ntpserver }}"
2022-04-18 21:12:30 +00:00
guestinfo.ipaddress: "{{ item.ip | ansible.utils.ipaddr('address') }}"
2022-04-19 08:45:18 +00:00
guestinfo.prefixlength: "{{ item.ip | ansible.utils.ipaddr('prefix') }}"
guestinfo.dnsserver: "{{ network.dnsserver }}"
guestinfo.gateway: "{{ network.gateway }}"
register: job_init
2022-04-19 10:22:56 +00:00
async: 300
poll: 0
delegate_to: localhost
loop: "{{ servers }}"
2022-04-20 07:58:05 +00:00
- name: Pause to allow initial calls to complete
ansible.builtin.pause:
seconds: 10
- name: Poll for completion
ansible.builtin.async_status:
2022-04-19 10:12:15 +00:00
jid: "{{ item.ansible_job_id }}"
register: job_poll
retries: 5
2022-04-19 10:22:56 +00:00
delay: 100
until: job_poll.finished
loop: "{{ job_init.results }}"
2022-04-22 21:58:31 +00:00
loop_control:
label: "{{ { 'ip': item.item.ip } }}"
- name: Parse results into dictionary
ansible.builtin.set_fact:
nodes: "{{ nodes | default([]) + [ {'name': item.instance.hw_name, 'ip': item.item.item.ip | ansible.utils.ipaddr('address')} ] }}"
loop: "{{ job_poll | json_query('results[*]') }}"
loop_control:
2022-04-22 21:37:58 +00:00
label: "{{ { 'name': item.instance.hw_name, 'ip': item.item.item.ip } }}"
2022-04-19 11:27:38 +00:00
- name: Register new VM's in inventory
ansible.builtin.add_host:
name: "{{ item.name }}"
ansible_host: "{{ item.ip }}"
groups: k3s_ha
loop: "{{ nodes }}"
- name: Wait for systems to become reachable over SSH
ansible.builtin.wait_for:
host: "{{ item.ip }}"
port: 22
timeout: 300
loop: "{{ nodes }}"
2022-04-20 07:16:55 +00:00
- name: Scan public keys
ansible.builtin.shell:
cmd: "ssh-keyscan -t rsa {{ item.ip }}"
register: publickeys
loop: "{{ nodes }}"
2022-04-22 21:31:35 +00:00
loop_control:
2022-04-22 21:37:58 +00:00
label: "{{ item.ip }}"
2022-04-20 07:16:55 +00:00
- name: Store public keys
ansible.builtin.known_hosts:
2022-04-20 07:46:01 +00:00
name: "{{ item.item.name | lower }}"
key: "{{ item.item.name | lower }},{{ item.stdout }}"
2022-04-20 07:16:55 +00:00
state: present
path: ~/.ssh/known_hosts
loop: "{{ publickeys.results }}"
loop_control:
2022-04-22 21:52:49 +00:00
label: "{{ { 'name': item.item.name, 'ip': item.item.ip } }}"
2022-04-20 06:35:27 +00:00
- name: Provision Kubernetes
hosts: k3s_ha
2022-04-20 13:13:04 +00:00
gather_facts: true
vars_files:
- cluster.k3s.yml
tasks:
2022-04-20 14:54:56 +00:00
- block:
2022-04-20 11:17:12 +00:00
2022-04-20 15:10:45 +00:00
- name: Initial node -- Install K3s binary
2022-04-20 11:17:12 +00:00
ansible.builtin.shell:
2022-04-21 07:01:38 +00:00
cmd: "curl -sfL https://get.k3s.io | sh -s - server --cluster-init --disable local-storage --tls-san {{ cluster.virtualip | ansible.utils.ipaddr('address') }}"
2022-04-20 11:17:12 +00:00
2022-04-20 15:10:45 +00:00
- name: Initial node -- Retrieve token
2022-04-20 11:17:12 +00:00
ansible.builtin.slurp:
src: /var/lib/rancher/k3s/server/token
register: k3s_token
2022-04-20 15:10:45 +00:00
- name: Initial node -- Store token
2022-04-20 11:17:12 +00:00
ansible.builtin.set_fact:
2022-04-20 15:46:59 +00:00
cluster: "{{ cluster | combine( { 'token': ( k3s_token.content | b64decode | trim ) } ) }}"
2022-04-20 09:45:22 +00:00
2022-04-20 14:54:56 +00:00
- block:
2022-04-20 14:17:28 +00:00
2022-04-20 15:46:59 +00:00
- name: Install 'kube-vip' -- Retrieve RBAC-manifest
2022-04-20 14:17:28 +00:00
ansible.builtin.uri:
url: https://kube-vip.io/manifests/rbac.yaml
return_content: yes
register: manifest_rbac
2022-04-20 15:10:45 +00:00
- name: Install 'kube-vip' -- Pull image
2022-04-20 14:17:28 +00:00
ansible.builtin.shell:
cmd: ctr image pull ghcr.io/kube-vip/kube-vip:latest
2022-04-20 15:46:59 +00:00
- name: Install 'kube-vip' -- Generate daemonSet-manifest
2022-04-20 14:17:28 +00:00
ansible.builtin.shell:
cmd: "ctr run --rm --net-host ghcr.io/kube-vip/kube-vip:latest vip /kube-vip manifest daemonset --interface {{ ansible_default_ipv4.interface }} --address {{ cluster.virtualip | ansible.utils.ipaddr('address') }} --inCluster --taint --controlplane --services --arp --leaderElection"
register: manifest_daemonset
2022-04-20 15:46:59 +00:00
- name: Install 'kube-vip' -- Inject manifest
2022-04-20 14:17:28 +00:00
ansible.builtin.template:
src: kube-vip.j2
dest: /var/lib/rancher/k3s/server/manifests/kube-vip.yml
2022-04-20 12:27:31 +00:00
2022-04-23 10:22:14 +00:00
- name: Initial node -- Wait for ???
# ansible.builtin.pause:
# seconds: 300
ansible.builtin.shell:
cmd: kubectl get pod -A
2022-04-24 10:32:34 +00:00
register: pod_state
with_sequence: count=5
2022-04-24 10:32:34 +00:00
loop_control:
pause: 10
2022-04-24 11:24:35 +00:00
ignore_errors: yes
2022-04-24 10:32:34 +00:00
- ansible.builtin.debug:
2022-04-24 11:24:35 +00:00
msg: "{{ pod_state | json_query('results[*].stdout') }}"
2022-04-23 10:22:14 +00:00
2022-04-22 21:22:56 +00:00
delegate_to: "{{ ansible_play_hosts[0] }}"
run_once: true
- name: All nodes -- Ensure API availability
ansible.utils.cli_parse:
command: "curl -k https://{{ cluster.virtualip | ansible.utils.ipaddr('address') }}:6443/livez?verbose"
parser:
name: ansible.utils.json
set_fact: api_readycheck
ignore_errors: yes
until: api_readycheck.apiVersion is defined
retries: 3
delay: 30
2022-04-20 14:54:56 +00:00
- block:
2022-04-20 10:58:58 +00:00
2022-04-20 15:10:45 +00:00
- name: Additional nodes -- Install K3s binary
2022-04-20 11:17:12 +00:00
ansible.builtin.shell:
2022-04-21 07:01:38 +00:00
cmd: "curl -sfL https://get.k3s.io | sh -s - server --disable local-storage"
2022-04-20 11:17:12 +00:00
environment:
2022-04-21 07:01:38 +00:00
K3S_TOKEN: "{{ cluster.token }}" # (hostvars[ansible_play_hosts[0]]).cluster.token
2022-04-20 11:17:12 +00:00
K3S_URL: "{{ 'https://' + ( cluster.virtualip | ansible.utils.ipaddr('address') ) + ':6443' }}"
2022-04-20 10:58:58 +00:00
2022-04-22 22:03:10 +00:00
rescue:
2022-04-24 10:49:27 +00:00
- name: Initial node -- Wait for ???
ansible.builtin.shell:
cmd: kubectl get pod -A
register: pod_state
with_sequence: count=5
loop_control:
pause: 10
2022-04-24 11:24:35 +00:00
ignore_errors: yes
2022-04-24 10:49:27 +00:00
- ansible.builtin.debug:
2022-04-24 11:24:35 +00:00
msg: "{{ pod_state | json_query('results[*].stdout') }}"
2022-04-24 10:49:27 +00:00
2022-04-22 22:03:10 +00:00
- name: Debug systemd unit
ansible.builtin.shell:
2022-04-23 10:22:14 +00:00
cmd: systemctl status k3s -l --no-pager; journalctl -u k3s.service --no-pager
2022-04-22 22:03:10 +00:00
register: debug
- ansible.builtin.debug:
var: debug.stdout
2022-04-21 07:58:03 +00:00
2022-04-20 10:42:01 +00:00
when: inventory_hostname != ansible_play_hosts[0]
- name: Deploy applications
hosts: localhost
gather_facts: false
vars_files:
- applications.k3s.yml
tasks:
2022-04-24 11:24:35 +00:00
- ansible.builtin.shell:
cmd: kubectl version;kubectl get node
register: nodes_status
- ansible.builtin.debug:
var: nodes_status
- name: Add Helm chart repositories
kubernetes.core.helm_repository:
name: "{{ item.name }}"
repo_url: "{{ item.url }}"
loop: "{{ helm.repositories }}"
2022-04-24 10:32:34 +00:00
- block:
- name: Rancher Fleet -- Determine latest version
ansible.builtin.uri:
url: https://api.github.com/repos/rancher/fleet/releases/latest
return_content: yes
register: latest_release
- name: Rancher Fleet -- Install Helm chart
kubernetes.core.helm:
name: "{{ item.name }}"
chart_ref: "{{ item.url }}"
namespace: fleet-system
create_namespace: yes
wait: yes
loop:
- name: fleet-crd
2022-04-24 10:49:27 +00:00
url: "https://github.com/rancher/fleet/releases/download/{{ latest_release.json.tag_name }}/fleet-crd-{{ latest_release.json.tag_name }}.tgz"
2022-04-24 10:32:34 +00:00
- name: fleet
2022-04-24 10:49:27 +00:00
url: "https://github.com/rancher/fleet/releases/download/{{ latest_release.json.tag_name }}/fleet-{{ latest_release.json.tag_name }}.tgz"
2022-04-24 10:32:34 +00:00