Ansible.K3sCluster/playbook.yml

- name: Provision VM's
  hosts: localhost
  gather_facts: false
  vars_files:
  - hypervisor.vcenter.yml
  - cluster.k3s.yml
  tasks:

  - name: Download OVF-template
    ansible.builtin.get_url:
      url: "https://{{ repo_username }}:{{ repo_password }}@{{ image.ova_url }}"
      dest: /scratch/image.ova

  - name: Deploy VM's from OVF-template
    community.vmware.vmware_deploy_ovf:
      hostname: "{{ hv.hostname }}"
      username: "{{ hv.username }}"
      password: "{{ hv_password }}"
      validate_certs: no
      datacenter: "{{ hv.datacenter }}"
      folder: "{{ hv.folder }}"
      cluster: "{{ hv.cluster }}"
      name: "{{ cluster.name | upper }}-{{ (item.ip | checksum)[-5:] | upper }}"
      datastore: "{{ hv.datastore }}"
      disk_provisioning: thin
      networks:
        "LAN": "{{ hv.network }}"
      power_on: yes
      ovf: /scratch/image.ova
      deployment_option: "{{ image.deployment_option }}"
      properties:
        guestinfo.hostname: "{{ cluster.name | upper }}-{{ (item.ip | checksum)[-5:] | upper }}"
        guestinfo.rootpw: "{{ root_password }}"
        guestinfo.rootsshkey: "{{ public_key }}"
        guestinfo.ntpserver: "{{ network.ntpserver }}"
        guestinfo.ipaddress: "{{ item.ip | ansible.utils.ipaddr('address') }}"
        guestinfo.prefixlength: "{{ item.ip | ansible.utils.ipaddr('prefix') }}"
        guestinfo.dnsserver: "{{ network.dnsserver }}"
        guestinfo.gateway: "{{ network.gateway }}"
    delegate_to: localhost
    with_items: "{{ servers }}"
    register: job_init
    async: 300
    poll: 0

  - name: Pause to allow initial calls to complete
    ansible.builtin.pause:
      seconds: 10

  - name: Poll for completion
    ansible.builtin.async_status:
      jid: "{{ item.ansible_job_id }}"
    with_items: "{{ job_init.results }}"
    register: job_poll
    retries: 5
    delay: 100
    until: job_poll.finished

  - name: Parse results into dictionary
    ansible.builtin.set_fact:
      nodes: "{{ nodes | default([]) + [ {'name': item.instance.hw_name, 'ip': item.item.item.ip | ansible.utils.ipaddr('address')} ] }}"
    with_items: "{{ job_poll | json_query('results[*]') }}"
    # Purely to avoid large amount of spam; no sensitive data here.
    no_log: true

  - name: Register new VM's in inventory
    ansible.builtin.add_host:
      name: "{{ item.name }}"
      ansible_host: "{{ item.ip }}"
      groups: k3s_ha
    with_items: "{{ nodes }}"

  - name: Wait for systems to become reachable over SSH
    ansible.builtin.wait_for:
      host: "{{ item.ip }}"
      port: 22
      timeout: 300
    with_items: "{{ nodes }}"

  - name: Scan public keys
    ansible.builtin.shell:
      cmd: "ssh-keyscan -t rsa {{ item.ip }}"
    register: publickeys
    with_items: "{{ nodes }}"

  - name: Store public keys
    ansible.builtin.known_hosts:
      name: "{{ item.item.name | lower }}"
      key: "{{ item.item.name | lower }},{{ item.stdout }}"
      state: present
      path: ~/.ssh/known_hosts
    with_items: "{{ publickeys.results }}"
    # Purely to avoid large amount of spam; no sensitive data here.
    no_log: true

- name: Provision Kubernetes
  hosts: k3s_ha
  gather_facts: true
  vars_files:
  - cluster.k3s.yml
  tasks:

  - name: Initial node
    block:

    - name: Install K3s binary
      ansible.builtin.shell:
        cmd: "curl -sfL https://get.k3s.io | sh -s - server --cluster-init --disable local-storage,traefik --tls-san {{ cluster.virtualip | ansible.utils.ipaddr('address') }}"

    - name: Retrieve token
      ansible.builtin.slurp:
        src: /var/lib/rancher/k3s/server/token
      register: k3s_token

    - name: Store token
      ansible.builtin.set_fact:
        clustertoken: "{{ k3s_token.content | b64decode | trim }}"

    - name: Pull 'kube-vip' image
      ansible.builtin.shell:
        cmd: ctr image pull ghcr.io/kube-vip/kube-vip:latest

    - name: Generate manifest for daemonSet
      ansible.builtin.shell:
        cmd: "ctr run --rm --net-host ghcr.io/kube-vip/kube-vip:latest vip /kube-vip manifest daemonset --interface {{ ansible_interfaces | difference(['lo']) }} --address {{ cluster.virtualip | ansible.utils.ipaddr('address') }} --inCluster --taint --controlplane --services --arp --leaderElection"
      register: manifest

    - ansible.builtin.debug:
        var: manifest

    when: inventory_hostname == ansible_play_hosts[0]

  - name: Additional nodes
    block:

    - name: Install K3s binary
      ansible.builtin.shell:
        cmd: "curl -sfL https://get.k3s.io | sh -s - server --disable local-storage,traefik"
      environment:
        K3S_TOKEN: "{{ hostvars[ansible_play_hosts[0]]['clustertoken'] }}"
        K3S_URL: "{{ 'https://' + ( cluster.virtualip | ansible.utils.ipaddr('address') ) + ':6443' }}"

    when: inventory_hostname != ansible_play_hosts[0]
Initial code for deploying K3s binary (throttled) 2022-04-19 14:36:19 +00:00			`- name: Provision VM's`
			`hosts: localhost`
WIP #1 2022-04-18 10:58:57 +00:00			`gather_facts: false`
			`vars_files:`
Refactor playbook structure;Update Drone configuration 2022-04-18 12:28:05 +00:00			`- hypervisor.vcenter.yml`
Renamed vars_file;Ensure idempotency w/ random string 2022-04-18 19:35:28 +00:00			`- cluster.k3s.yml`
WIP #1 2022-04-18 10:58:57 +00:00			`tasks:`
Housekeeping; Change to async processing 2022-04-19 10:07:26 +00:00
Download OVA;Add scratch volume;Reference url as variable 2022-04-19 07:10:44 +00:00			`- name: Download OVF-template`
			`ansible.builtin.get_url:`
			`url: "https://{{ repo_username }}:{{ repo_password }}@{{ image.ova_url }}"`
			`dest: /scratch/image.ova`
Housekeeping; Change to async processing 2022-04-19 10:07:26 +00:00
Add new VM's to Ansible inventory 2022-04-19 11:27:38 +00:00			`- name: Deploy VM's from OVF-template`
Add extra parameters;Refactor to different module 2022-04-18 20:49:50 +00:00			`community.vmware.vmware_deploy_ovf:`
Refactor playbook structure;Update Drone configuration 2022-04-18 12:28:05 +00:00			`hostname: "{{ hv.hostname }}"`
			`username: "{{ hv.username }}"`
			`password: "{{ hv_password }}"`
WIP #1 2022-04-18 10:58:57 +00:00			`validate_certs: no`
Refactor playbook structure;Update Drone configuration 2022-04-18 12:28:05 +00:00			`datacenter: "{{ hv.datacenter }}"`
			`folder: "{{ hv.folder }}"`
			`cluster: "{{ hv.cluster }}"`
Initial code for deploying K3s binary (throttled) 2022-04-19 14:36:19 +00:00			`name: "{{ cluster.name \| upper }}-{{ (item.ip \| checksum)[-5:] \| upper }}"`
Add extra parameters;Refactor to different module 2022-04-18 20:49:50 +00:00			`datastore: "{{ hv.datastore }}"`
Add OVF properties;Fix network mapping 2022-04-18 21:08:48 +00:00			`disk_provisioning: thin`
			`networks:`
			`"LAN": "{{ hv.network }}"`
Add extra parameters;Refactor to different module 2022-04-18 20:49:50 +00:00			`power_on: yes`
Download OVA;Add scratch volume;Reference url as variable 2022-04-19 07:10:44 +00:00			`ovf: /scratch/image.ova`
Add OVF properties;Fix network mapping 2022-04-18 21:08:48 +00:00			`deployment_option: "{{ image.deployment_option }}"`
			`properties:`
Initial code for deploying K3s binary (throttled) 2022-04-19 14:36:19 +00:00			`guestinfo.hostname: "{{ cluster.name \| upper }}-{{ (item.ip \| checksum)[-5:] \| upper }}"`
Add OVF properties;Fix network mapping 2022-04-18 21:08:48 +00:00			`guestinfo.rootpw: "{{ root_password }}"`
Fix private/public key order 2022-04-19 16:12:13 +00:00			`guestinfo.rootsshkey: "{{ public_key }}"`
Fix network config;Fix illegal hostname 2022-04-19 07:53:20 +00:00			`guestinfo.ntpserver: "{{ network.ntpserver }}"`
Fix syntax;Add prefixlength 2022-04-18 21:12:30 +00:00			`guestinfo.ipaddress: "{{ item.ip \| ansible.utils.ipaddr('address') }}"`
Fix typo 2022-04-19 08:45:18 +00:00			`guestinfo.prefixlength: "{{ item.ip \| ansible.utils.ipaddr('prefix') }}"`
Fix network config;Fix illegal hostname 2022-04-19 07:53:20 +00:00			`guestinfo.dnsserver: "{{ network.dnsserver }}"`
			`guestinfo.gateway: "{{ network.gateway }}"`
Refactor playbook structure;Update Drone configuration 2022-04-18 12:28:05 +00:00			`delegate_to: localhost`
WIP #1 2022-04-18 10:58:57 +00:00			`with_items: "{{ servers }}"`
Housekeeping; Change to async processing 2022-04-19 10:07:26 +00:00			`register: job_init`
Change timeout values #2 2022-04-19 10:22:56 +00:00			`async: 300`
Housekeeping; Change to async processing 2022-04-19 10:07:26 +00:00			`poll: 0`

Fix jinji syntax 2022-04-20 07:58:05 +00:00			`- name: Pause to allow initial calls to complete`
			`ansible.builtin.pause:`
			`seconds: 10`

Housekeeping; Change to async processing 2022-04-19 10:07:26 +00:00			`- name: Poll for completion`
			`ansible.builtin.async_status:`
Fix key; Debugging 2022-04-19 10:12:15 +00:00			`jid: "{{ item.ansible_job_id }}"`
Housekeeping; Change to async processing 2022-04-19 10:07:26 +00:00			`with_items: "{{ job_init.results }}"`
			`register: job_poll`
			`retries: 5`
Change timeout values #2 2022-04-19 10:22:56 +00:00			`delay: 100`
Housekeeping; Change to async processing 2022-04-19 10:07:26 +00:00			`until: job_poll.finished`

Add intermediate task to reduce output spam 2022-04-19 13:49:12 +00:00			`- name: Parse results into dictionary`
			`ansible.builtin.set_fact:`
			`nodes: "{{ nodes \| default([]) + [ {'name': item.instance.hw_name, 'ip': item.item.item.ip \| ansible.utils.ipaddr('address')} ] }}"`
			`with_items: "{{ job_poll \| json_query('results[*]') }}"`
Store SSH key 2022-04-19 15:04:09 +00:00			`# Purely to avoid large amount of spam; no sensitive data here.`
Add intermediate task to reduce output spam 2022-04-19 13:49:12 +00:00			`no_log: true`

Add new VM's to Ansible inventory 2022-04-19 11:27:38 +00:00			`- name: Register new VM's in inventory`
			`ansible.builtin.add_host:`
Add intermediate task to reduce output spam 2022-04-19 13:49:12 +00:00			`name: "{{ item.name }}"`
			`ansible_host: "{{ item.ip }}"`
			`groups: k3s_ha`
			`with_items: "{{ nodes }}"`
Initial code for deploying K3s binary (throttled) 2022-04-19 14:36:19 +00:00
Wait for new VM's to be fully reachable 2022-04-20 08:31:27 +00:00			`- name: Wait for systems to become reachable over SSH`
			`ansible.builtin.wait_for:`
			`host: "{{ item.ip }}"`
			`port: 22`
			`timeout: 300`
			`with_items: "{{ nodes }}"`

Switch to shell module 2022-04-20 07:16:55 +00:00			`- name: Scan public keys`
			`ansible.builtin.shell:`
			`cmd: "ssh-keyscan -t rsa {{ item.ip }}"`
			`register: publickeys`
			`with_items: "{{ nodes }}"`

			`- name: Store public keys`
			`ansible.builtin.known_hosts:`
Inject hostname to ssh-keyscan output 2022-04-20 07:46:01 +00:00			`name: "{{ item.item.name \| lower }}"`
			`key: "{{ item.item.name \| lower }},{{ item.stdout }}"`
Switch to shell module 2022-04-20 07:16:55 +00:00			`state: present`
			`path: ~/.ssh/known_hosts`
			`with_items: "{{ publickeys.results }}"`
Switch to shell module 2022-04-20 07:52:12 +00:00			`# Purely to avoid large amount of spam; no sensitive data here.`
			`no_log: true`
Refactor block 2022-04-20 06:35:27 +00:00
Initial code for deploying K3s binary (throttled) 2022-04-19 14:36:19 +00:00			`- name: Provision Kubernetes`
			`hosts: k3s_ha`
Avoid dictionary for now; enable facts 2022-04-20 13:13:04 +00:00			`gather_facts: true`
Add vars_file to second playbook; Retrieve K3s token for subsequent nodes 2022-04-19 14:53:33 +00:00			`vars_files:`
			`- cluster.k3s.yml`
Initial code for deploying K3s binary (throttled) 2022-04-19 14:36:19 +00:00			`tasks:`

Group conditional tasks 2022-04-20 11:17:12 +00:00			`- name: Initial node`
			`block:`

			`- name: Install K3s binary`
			`ansible.builtin.shell:`
			`cmd: "curl -sfL https://get.k3s.io \| sh -s - server --cluster-init --disable local-storage,traefik --tls-san {{ cluster.virtualip \| ansible.utils.ipaddr('address') }}"`

			`- name: Retrieve token`
			`ansible.builtin.slurp:`
			`src: /var/lib/rancher/k3s/server/token`
			`register: k3s_token`

Avoid dictionary for now; enable facts 2022-04-20 13:13:04 +00:00			`- name: Store token`
Group conditional tasks 2022-04-20 11:17:12 +00:00			`ansible.builtin.set_fact:`
Avoid dictionary for now; enable facts 2022-04-20 13:13:04 +00:00			`clustertoken: "{{ k3s_token.content \| b64decode \| trim }}"`
Fix indentation 2022-04-20 09:45:22 +00:00
Initial setup 'kube-virt' 2022-04-20 12:27:31 +00:00			`- name: Pull 'kube-vip' image`
			`ansible.builtin.shell:`
			`cmd: ctr image pull ghcr.io/kube-vip/kube-vip:latest`

			`- name: Generate manifest for daemonSet`
			`ansible.builtin.shell:`
			`cmd: "ctr run --rm --net-host ghcr.io/kube-vip/kube-vip:latest vip /kube-vip manifest daemonset --interface {{ ansible_interfaces \| difference(['lo']) }} --address {{ cluster.virtualip \| ansible.utils.ipaddr('address') }} --inCluster --taint --controlplane --services --arp --leaderElection"`
			`register: manifest`

			`- ansible.builtin.debug:`
			`var: manifest`

Avoid using delegate_to since it requires DNS in place 2022-04-20 10:46:21 +00:00			`when: inventory_hostname == ansible_play_hosts[0]`
Add vars_file to second playbook; Retrieve K3s token for subsequent nodes 2022-04-19 14:53:33 +00:00
Group conditional tasks 2022-04-20 11:17:12 +00:00			`- name: Additional nodes`
			`block:`
Store token as fact 2022-04-20 10:58:58 +00:00
Group conditional tasks 2022-04-20 11:17:12 +00:00			`- name: Install K3s binary`
			`ansible.builtin.shell:`
			`cmd: "curl -sfL https://get.k3s.io \| sh -s - server --disable local-storage,traefik"`
			`environment:`
Avoid dictionary for now; enable facts 2022-04-20 13:13:04 +00:00			`K3S_TOKEN: "{{ hostvars[ansible_play_hosts[0]]['clustertoken'] }}"`
Group conditional tasks 2022-04-20 11:17:12 +00:00			`K3S_URL: "{{ 'https://' + ( cluster.virtualip \| ansible.utils.ipaddr('address') ) + ':6443' }}"`
Store token as fact 2022-04-20 10:58:58 +00:00
Fix autovar reference 2022-04-20 10:42:01 +00:00			`when: inventory_hostname != ansible_play_hosts[0]`