- name: Provision VM's hosts: localhost gather_facts: false vars_files: - hypervisor.vcenter.yml - cluster.k3s.yml tasks: - name: Download OVF-template ansible.builtin.get_url: url: "https://{{ repo_username }}:{{ repo_password }}@{{ image.ova_url }}" dest: /scratch/image.ova - name: Deploy VM's from OVF-template community.vmware.vmware_deploy_ovf: hostname: "{{ hv.hostname }}" username: "{{ hv.username }}" password: "{{ hv_password }}" validate_certs: no datacenter: "{{ hv.datacenter }}" folder: "{{ hv.folder }}" cluster: "{{ hv.cluster }}" name: "{{ cluster.name | upper }}-{{ (item.ip | checksum)[-5:] | upper }}" datastore: "{{ hv.datastore }}" disk_provisioning: thin networks: "LAN": "{{ hv.network }}" power_on: yes ovf: /scratch/image.ova deployment_option: "{{ image.deployment_option }}" properties: guestinfo.hostname: "{{ cluster.name | upper }}-{{ (item.ip | checksum)[-5:] | upper }}" guestinfo.rootpw: "{{ root_password }}" guestinfo.rootsshkey: "{{ public_key }}" guestinfo.ntpserver: "{{ network.ntpserver }}" guestinfo.ipaddress: "{{ item.ip | ansible.utils.ipaddr('address') }}" guestinfo.prefixlength: "{{ item.ip | ansible.utils.ipaddr('prefix') }}" guestinfo.dnsserver: "{{ network.dnsserver }}" guestinfo.gateway: "{{ network.gateway }}" delegate_to: localhost with_items: "{{ servers }}" register: job_init async: 300 poll: 0 - name: Pause to allow initial calls to complete ansible.builtin.pause: seconds: 10 - name: Poll for completion ansible.builtin.async_status: jid: "{{ item.ansible_job_id }}" with_items: "{{ job_init.results }}" register: job_poll retries: 5 delay: 100 until: job_poll.finished - name: Parse results into dictionary ansible.builtin.set_fact: nodes: "{{ nodes | default([]) + [ {'name': item.instance.hw_name, 'ip': item.item.item.ip | ansible.utils.ipaddr('address')} ] }}" with_items: "{{ job_poll | json_query('results[*]') }}" # Purely to avoid large amount of spam; no sensitive data here. no_log: true - name: Register new VM's in inventory ansible.builtin.add_host: name: "{{ item.name }}" ansible_host: "{{ item.ip }}" groups: k3s_ha with_items: "{{ nodes }}" - name: Wait for systems to become reachable over SSH ansible.builtin.wait_for: host: "{{ item.ip }}" port: 22 timeout: 300 with_items: "{{ nodes }}" - name: Scan public keys ansible.builtin.shell: cmd: "ssh-keyscan -t rsa {{ item.ip }}" register: publickeys with_items: "{{ nodes }}" - name: Store public keys ansible.builtin.known_hosts: name: "{{ item.item.name | lower }}" key: "{{ item.item.name | lower }},{{ item.stdout }}" state: present path: ~/.ssh/known_hosts with_items: "{{ publickeys.results }}" # Purely to avoid large amount of spam; no sensitive data here. no_log: true - name: Provision Kubernetes hosts: k3s_ha gather_facts: false vars_files: - cluster.k3s.yml tasks: - name: Install K3s binary (initial node) ansible.builtin.shell: cmd: "curl -sfL https://get.k3s.io | sh -s - server --cluster-init --disable local-storage,traefik --tls-san {{ cluster.virtualip | ansible.utils.ipaddr('address') }}" when: inventory_hostname == k3s_ha[0] - name: Retrieve token (from initial node) ansible.builtin.slurp: src: /var/lib/rancher/k3s/server/token register: k3s_token run_once: true delegate_to: k3s_ha[0] - name: Install K3s binary (additional nodes) ansible.builtin.shell: cmd: "curl -sfL https://get.k3s.io | sh -s - server --cluster-init --disable local-storage,traefik --tls-san {{ cluster.virtualip | ansible.utils.ipaddr('address') }}" environment: K3S_TOKEN: "{{ k3s_token.content | b64decode | trim }}" K3S_URL: "{{ 'https://' + ( cluster.virtualip | ansible.utils.ipaddr('address') ) + ':6443' }}" when: inventory_hostname != k3s_ha[0]