- name: Provision VM's hosts: localhost gather_facts: false vars_files: - hypervisor.vcenter.yml - cluster.k3s.yml tasks: - name: Download OVF-template ansible.builtin.get_url: url: "https://{{ repo_username }}:{{ repo_password }}@{{ image.ova_url }}" dest: /scratch/image.ova - name: Deploy VM's from OVF-template community.vmware.vmware_deploy_ovf: hostname: "{{ hv.hostname }}" username: "{{ hv.username }}" password: "{{ hv_password }}" validate_certs: no datacenter: "{{ hv.datacenter }}" folder: "{{ hv.folder }}" cluster: "{{ hv.cluster }}" name: "{{ cluster.name | upper }}-{{ (item.ip | checksum)[-5:] | upper }}" datastore: "{{ hv.datastore }}" disk_provisioning: thin networks: "LAN": "{{ hv.network }}" power_on: yes ovf: /scratch/image.ova deployment_option: "{{ image.deployment_option }}" properties: guestinfo.hostname: "{{ cluster.name | upper }}-{{ (item.ip | checksum)[-5:] | upper }}" guestinfo.rootpw: "{{ root_password }}" guestinfo.rootsshkey: "{{ public_key }}" guestinfo.ntpserver: "{{ network.ntpserver }}" guestinfo.ipaddress: "{{ item.ip | ansible.utils.ipaddr('address') }}" guestinfo.prefixlength: "{{ item.ip | ansible.utils.ipaddr('prefix') }}" guestinfo.dnsserver: "{{ network.dnsserver }}" guestinfo.gateway: "{{ network.gateway }}" delegate_to: localhost with_items: "{{ servers }}" register: job_init async: 300 poll: 0 - name: Poll for completion ansible.builtin.async_status: jid: "{{ item.ansible_job_id }}" with_items: "{{ job_init.results }}" register: job_poll retries: 5 delay: 100 until: job_poll.finished - name: Parse results into dictionary ansible.builtin.set_fact: nodes: "{{ nodes | default([]) + [ {'name': item.instance.hw_name, 'ip': item.item.item.ip | ansible.utils.ipaddr('address')} ] }}" with_items: "{{ job_poll | json_query('results[*]') }}" # Purely to avoid large amount of spam; no sensitive data here. no_log: true - name: Register new VM's in inventory ansible.builtin.add_host: name: "{{ item.name }}" ansible_host: "{{ item.ip }}" groups: k3s_ha with_items: "{{ nodes }}" - name: Scan public keys ansible.builtin.shell: cmd: "ssh-keyscan -t rsa {{ item.ip }}" register: publickeys with_items: "{{ nodes }}" - name: Store public keys ansible.builtin.known_hosts: name: "{{ item.item.name | lower }}" key: "{{ item.item.name | lower }},{{ item.stdout }}" state: present path: ~/.ssh/known_hosts with_items: "{{ publickeys.results }}" # Purely to avoid large amount of spam; no sensitive data here. no_log: true - name: Provision Kubernetes hosts: k3s_ha gather_facts: false vars_files: - cluster.k3s.yml tasks: - name: Iterate over hosts block: - name: Install K3s binary ansible.builtin.shell: cmd: "curl -sfL https://get.k3s.io | sh -s - server --cluster-init --disable local-storage,traefik --tls-san {{ cluster.virtualip | ansible.utils.ipaddr('address') }}" environment: K3S_TOKEN: cluster.mastertoken | default('', true) K3S_URL: cluster.apiurl | default('', true) - name: Retrieve token & reference new cluster ansible.builtin.set_fact: cluster: "{{ cluster | combine( { mastertoken: lookup('file', /var/lib/rancher/k3s/server/token) }, { apiurl: 'https://{{ cluster.virtualip | ansible.utils.ipaddr('address') }}:6443' } ) }}" when: cluster.mastertoken is not defined - ansible.builtin.debug: var: cluster throttle: 1