diff --git a/.gitignore b/.gitignore index e69de29b..12dcaf03 100644 --- a/.gitignore +++ b/.gitignore @@ -0,0 +1,2 @@ +.vscode +.vagrant \ No newline at end of file diff --git a/reset.yml b/reset.yml index 77577fd4..9365e47d 100644 --- a/reset.yml +++ b/reset.yml @@ -1,6 +1,7 @@ --- -- hosts: k3s_cluster +- name: Reset K3s cluster + hosts: k3s_cluster gather_facts: yes become: yes roles: diff --git a/roles/download/tasks/main.yml b/roles/download/tasks/main.yml index afbe9814..6cba14ff 100644 --- a/roles/download/tasks/main.yml +++ b/roles/download/tasks/main.yml @@ -1,7 +1,7 @@ --- - name: Download k3s binary x64 - get_url: + ansible.builtin.get_url: url: https://github.com/k3s-io/k3s/releases/download/{{ k3s_version }}/k3s checksum: sha256:https://github.com/k3s-io/k3s/releases/download/{{ k3s_version }}/sha256sum-amd64.txt timeout: 120 @@ -12,7 +12,7 @@ when: ansible_facts.architecture == "x86_64" - name: Download k3s binary arm64 - get_url: + ansible.builtin.get_url: url: https://github.com/k3s-io/k3s/releases/download/{{ k3s_version }}/k3s-arm64 checksum: sha256:https://github.com/k3s-io/k3s/releases/download/{{ k3s_version }}/sha256sum-arm64.txt timeout: 120 @@ -26,7 +26,7 @@ ansible_facts.architecture is search("aarch64") - name: Download k3s binary armhf - get_url: + ansible.builtin.get_url: url: https://github.com/k3s-io/k3s/releases/download/{{ k3s_version }}/k3s-armhf checksum: sha256:https://github.com/k3s-io/k3s/releases/download/{{ k3s_version }}/sha256sum-arm.txt timeout: 120 diff --git a/roles/k3s/master/tasks/main.yml b/roles/k3s/master/tasks/main.yml index 18e73a23..c1968633 100644 --- a/roles/k3s/master/tasks/main.yml +++ b/roles/k3s/master/tasks/main.yml @@ -2,7 +2,7 @@ - name: Copy K3s service file register: k3s_service - template: + ansible.builtin.template: src: "k3s.service.j2" dest: "{{ systemd_dir }}/k3s.service" owner: root @@ -10,49 +10,49 @@ mode: 0644 - name: Enable and check K3s service - systemd: + ansible.builtin.systemd: name: k3s daemon_reload: yes state: restarted enabled: yes - name: Wait for node-token - wait_for: + ansible.builtin.wait_for: path: "{{ k3s_server_location }}/server/node-token" - name: Register node-token file access mode - stat: + ansible.builtin.stat: path: "{{ k3s_server_location }}/server/node-token" register: p - name: Change file access node-token - file: + ansible.builtin.file: path: "{{ k3s_server_location }}/server/node-token" mode: "g+rx,o+rx" - name: Read node-token from master - slurp: + ansible.builtin.slurp: path: "{{ k3s_server_location }}/server/node-token" register: node_token - name: Store Master node-token - set_fact: + ansible.builtin.set_fact: token: "{{ node_token.content | b64decode | regex_replace('\n', '') }}" - name: Restore node-token file access - file: + ansible.builtin.file: path: "{{ k3s_server_location }}/server/node-token" mode: "{{ p.stat.mode }}" - name: Create directory .kube - file: + ansible.builtin.file: path: ~{{ ansible_user }}/.kube state: directory owner: "{{ ansible_user }}" mode: "u=rwx,g=rx,o=" - name: Copy config file to user home directory - copy: + ansible.builtin.copy: src: /etc/rancher/k3s/k3s.yaml dest: ~{{ ansible_user }}/.kube/config remote_src: yes @@ -60,20 +60,20 @@ mode: "u=rw,g=,o=" - name: Replace https://localhost:6443 by https://master-ip:6443 - command: >- + ansible.builtin.command: >- /usr/local/bin/k3s kubectl config set-cluster default --server=https://{{ master_ip }}:6443 --kubeconfig ~{{ ansible_user }}/.kube/config changed_when: true - name: Create kubectl symlink - file: + ansible.builtin.file: src: /usr/local/bin/k3s dest: /usr/local/bin/kubectl state: link - name: Create crictl symlink - file: + ansible.builtin.file: src: /usr/local/bin/k3s dest: /usr/local/bin/crictl state: link diff --git a/roles/k3s/node/tasks/main.yml b/roles/k3s/node/tasks/main.yml index 0ce8e08d..ffb88840 100644 --- a/roles/k3s/node/tasks/main.yml +++ b/roles/k3s/node/tasks/main.yml @@ -1,7 +1,7 @@ --- - name: Copy K3s service file - template: + ansible.builtin.template: src: "k3s.service.j2" dest: "{{ systemd_dir }}/k3s-node.service" owner: root @@ -9,7 +9,7 @@ mode: 0755 - name: Enable and check K3s service - systemd: + ansible.builtin.systemd: name: k3s-node daemon_reload: yes state: restarted diff --git a/roles/prereq/tasks/main.yml b/roles/prereq/tasks/main.yml index f497ec9f..ae367e6d 100644 --- a/roles/prereq/tasks/main.yml +++ b/roles/prereq/tasks/main.yml @@ -1,18 +1,18 @@ --- - name: Set SELinux to disabled state - selinux: + ansible.posix.selinux: state: disabled when: ansible_distribution in ['CentOS', 'Red Hat Enterprise Linux','RedHat'] - name: Enable IPv4 forwarding - sysctl: + ansible.posix.sysctl: name: net.ipv4.ip_forward value: "1" state: present reload: yes - name: Enable IPv6 forwarding - sysctl: + ansible.posix.sysctl: name: net.ipv6.conf.all.forwarding value: "1" state: present @@ -20,20 +20,20 @@ when: ansible_all_ipv6_addresses - name: Add br_netfilter to /etc/modules-load.d/ - copy: + ansible.builtin.copy: content: "br_netfilter" dest: /etc/modules-load.d/br_netfilter.conf mode: "u=rw,g=,o=" when: ansible_distribution in ['CentOS', 'Red Hat Enterprise Linux','RedHat'] - name: Load br_netfilter - modprobe: + community.general.modprobe: name: br_netfilter state: present when: ansible_distribution in ['CentOS', 'Red Hat Enterprise Linux','RedHat'] - name: Set bridge-nf-call-iptables (just to be sure) - sysctl: + ansible.posix.sysctl: name: "{{ item }}" value: "1" state: present @@ -44,7 +44,7 @@ - net.bridge.bridge-nf-call-ip6tables - name: Add /usr/local/bin to sudo secure_path - lineinfile: + ansible.builtin.lineinfile: line: 'Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin' regexp: "Defaults(\\s)*secure_path(\\s)*=" state: present diff --git a/roles/raspberrypi/handlers/main.yml b/roles/raspberrypi/handlers/main.yml index d25cf908..a8f18bdb 100644 --- a/roles/raspberrypi/handlers/main.yml +++ b/roles/raspberrypi/handlers/main.yml @@ -1,3 +1,3 @@ --- -- name: reboot - reboot: +- name: Reboot + ansible.builtin.reboot: diff --git a/roles/raspberrypi/tasks/main.yml b/roles/raspberrypi/tasks/main.yml index f666f736..d5233075 100644 --- a/roles/raspberrypi/tasks/main.yml +++ b/roles/raspberrypi/tasks/main.yml @@ -1,24 +1,24 @@ --- - name: Test for raspberry pi /proc/cpuinfo - command: grep -E "Raspberry Pi|BCM2708|BCM2709|BCM2835|BCM2836" /proc/cpuinfo + ansible.builtin.command: grep -E "Raspberry Pi|BCM2708|BCM2709|BCM2835|BCM2836" /proc/cpuinfo register: grep_cpuinfo_raspberrypi failed_when: false changed_when: false - name: Test for raspberry pi /proc/device-tree/model - command: grep -E "Raspberry Pi" /proc/device-tree/model + ansible.builtin.command: grep -E "Raspberry Pi" /proc/device-tree/model register: grep_device_tree_model_raspberrypi failed_when: false changed_when: false - name: Set raspberry_pi fact to true - set_fact: + ansible.builtin.set_fact: raspberry_pi: true when: grep_cpuinfo_raspberrypi.rc == 0 or grep_device_tree_model_raspberrypi.rc == 0 - name: Set detected_distribution to Raspbian - set_fact: + ansible.builtin.set_fact: detected_distribution: Raspbian when: > raspberry_pi|default(false) and @@ -26,7 +26,7 @@ ansible_facts.lsb.description|default("") is match("[Rr]aspbian.*") ) - name: Set detected_distribution to Debian - set_fact: + ansible.builtin.set_fact: detected_distribution: Debian when: > raspberry_pi|default(false) and @@ -34,14 +34,14 @@ ansible_facts.lsb.description|default("") is match("Debian") ) - name: Set detected_distribution_major_version - set_fact: + ansible.builtin.set_fact: detected_distribution_major_version: "{{ ansible_facts.lsb.major_release }}" - when: > + when: > ( detected_distribution | default("") == "Raspbian" or detected_distribution | default("") == "Debian" ) -- name: execute OS related tasks on the Raspberry Pi - include_tasks: "{{ item }}" +- name: Execute OS related tasks on the Raspberry Pi + ansible.builtin.include_tasks: "{{ item }}" with_first_found: - "prereq/{{ detected_distribution }}-{{ detected_distribution_major_version }}.yml" - "prereq/{{ detected_distribution }}.yml" diff --git a/roles/raspberrypi/tasks/prereq/CentOS.yml b/roles/raspberrypi/tasks/prereq/CentOS.yml index af83564b..5db2488a 100644 --- a/roles/raspberrypi/tasks/prereq/CentOS.yml +++ b/roles/raspberrypi/tasks/prereq/CentOS.yml @@ -1,6 +1,6 @@ --- - name: Enable cgroup via boot commandline if not already enabled for Centos - lineinfile: + ansible.builtin.lineinfile: path: /boot/cmdline.txt backrefs: yes regexp: '^((?!.*\bcgroup_enable=cpuset cgroup_memory=1 cgroup_enable=memory\b).*)$' diff --git a/roles/raspberrypi/tasks/prereq/Debian.yml b/roles/raspberrypi/tasks/prereq/Debian.yml index 9f339133..1b25faf7 100644 --- a/roles/raspberrypi/tasks/prereq/Debian.yml +++ b/roles/raspberrypi/tasks/prereq/Debian.yml @@ -1,11 +1,11 @@ --- - name: Check if /boot/firmware/cmdline.txt exists - stat: + ansible.builtin.stat: path: /boot/firmware/cmdline.txt register: boot_firmware_cmdline_txt - name: Activating cgroup support - lineinfile: + ansible.builtin.lineinfile: path: "{{ (boot_firmware_cmdline_txt.stat.exists) | ternary('/boot/firmware/cmdline.txt', '/boot/cmdline.txt') }}" regexp: '^((?!.*\bcgroup_enable=cpuset cgroup_memory=1 cgroup_enable=memory\b).*)$' line: '\1 cgroup_enable=cpuset cgroup_memory=1 cgroup_enable=memory' @@ -13,22 +13,22 @@ notify: reboot - name: Install iptables - apt: + ansible.builtin.apt: name: iptables - name: Flush iptables before changing to iptables-legacy - iptables: + ansible.builtin.iptables: flush: true changed_when: false # iptables flush always returns changed - name: Changing to iptables-legacy - alternatives: + community.general.alternatives: path: /usr/sbin/iptables-legacy name: iptables register: ip4_legacy - name: Changing to ip6tables-legacy - alternatives: + community.general.alternatives: path: /usr/sbin/ip6tables-legacy name: ip6tables register: ip6_legacy diff --git a/roles/raspberrypi/tasks/prereq/Raspbian.yml b/roles/raspberrypi/tasks/prereq/Raspbian.yml index 42bfe7d1..49ce7c8f 100644 --- a/roles/raspberrypi/tasks/prereq/Raspbian.yml +++ b/roles/raspberrypi/tasks/prereq/Raspbian.yml @@ -1,6 +1,6 @@ --- - name: Activating cgroup support - lineinfile: + ansible.builtin.lineinfile: path: /boot/cmdline.txt regexp: '^((?!.*\bcgroup_enable=cpuset cgroup_memory=1 cgroup_enable=memory\b).*)$' line: '\1 cgroup_enable=cpuset cgroup_memory=1 cgroup_enable=memory' @@ -8,18 +8,18 @@ notify: reboot - name: Flush iptables before changing to iptables-legacy - iptables: + ansible.builtin.iptables: flush: true changed_when: false # iptables flush always returns changed - name: Changing to iptables-legacy - alternatives: + community.general.alternatives: path: /usr/sbin/iptables-legacy name: iptables register: ip4_legacy - name: Changing to ip6tables-legacy - alternatives: + community.general.alternatives: path: /usr/sbin/ip6tables-legacy name: ip6tables register: ip6_legacy diff --git a/roles/raspberrypi/tasks/prereq/Ubuntu.yml b/roles/raspberrypi/tasks/prereq/Ubuntu.yml index b5320e35..6d844902 100644 --- a/roles/raspberrypi/tasks/prereq/Ubuntu.yml +++ b/roles/raspberrypi/tasks/prereq/Ubuntu.yml @@ -1,15 +1,16 @@ --- - name: Enable cgroup via boot commandline if not already enabled for Ubuntu on a Raspberry Pi - lineinfile: + ansible.builtin.lineinfile: path: /boot/firmware/cmdline.txt backrefs: yes regexp: '^((?!.*\bcgroup_enable=cpuset cgroup_memory=1 cgroup_enable=memory\b).*)$' line: '\1 cgroup_enable=cpuset cgroup_memory=1 cgroup_enable=memory' notify: reboot - name: Install Ubuntu Raspi Extra Packages - apt: - name: - - linux-modules-extra-raspi #Fixes issues in newer Ubuntu where VXLan isn't setup right. See: https://github.com/k3s-io/k3s/issues/4234 + ansible.builtin.apt: + # Fixes issues in newer Ubuntu where VXLan isn't setup right. + # See: https://github.com/k3s-io/k3s/issues/4234 + name: linux-modules-extra-raspi update_cache: yes state: present - when: "ansible_distribution_version is version('20.10', '>=')" \ No newline at end of file + when: "ansible_distribution_version is version('20.10', '>=')" diff --git a/roles/reset/tasks/main.yml b/roles/reset/tasks/main.yml index 728447fb..0ec2c5ca 100644 --- a/roles/reset/tasks/main.yml +++ b/roles/reset/tasks/main.yml @@ -1,6 +1,6 @@ --- - name: Disable services - systemd: + ansible.builtin.systemd: name: "{{ item }}" state: stopped enabled: no @@ -9,14 +9,14 @@ - k3s - k3s-node -- name: pkill -9 -f "k3s/data/[^/]+/bin/containerd-shim-runc" +- name: Pkill k3s container runtimes" register: pkill_containerd_shim_runc - command: pkill -9 -f "k3s/data/[^/]+/bin/containerd-shim-runc" + ansible.builtin.command: pkill -9 -f "k3s/data/[^/]+/bin/containerd-shim-runc" changed_when: "pkill_containerd_shim_runc.rc == 0" failed_when: false - name: Umount k3s filesystems - include_tasks: umount_with_children.yml + ansible.builtin.include_tasks: umount_with_children.yml with_items: - /run/k3s - /var/lib/kubelet @@ -26,7 +26,7 @@ loop_var: mounted_fs - name: Remove service files, binaries and data - file: + ansible.builtin.file: name: "{{ item }}" state: absent with_items: @@ -37,6 +37,6 @@ - /var/lib/kubelet - /var/lib/rancher/k3s -- name: daemon_reload - systemd: +- name: Daemon_reload + ansible.builtin.systemd: daemon_reload: yes diff --git a/roles/reset/tasks/umount_with_children.yml b/roles/reset/tasks/umount_with_children.yml index 5883b70a..130281c3 100644 --- a/roles/reset/tasks/umount_with_children.yml +++ b/roles/reset/tasks/umount_with_children.yml @@ -1,6 +1,6 @@ --- - name: Get the list of mounted filesystems - shell: set -o pipefail && cat /proc/mounts | awk '{ print $2}' | grep -E "^{{ mounted_fs }}" + ansible.builtin.shell: set -o pipefail && cat /proc/mounts | awk '{ print $2}' | grep -E "^{{ mounted_fs }}" register: get_mounted_filesystems args: executable: /bin/bash @@ -9,7 +9,7 @@ check_mode: false - name: Umount filesystem - mount: + ansible.posix.mount: path: "{{ item }}" state: unmounted with_items: diff --git a/site.yml b/site.yml index 31cc96ef..45f5cea9 100644 --- a/site.yml +++ b/site.yml @@ -1,6 +1,7 @@ --- -- hosts: k3s_cluster +- name: "Setup K3s Cluster" + hosts: k3s_cluster gather_facts: yes become: yes roles: @@ -8,12 +9,14 @@ - role: download - role: raspberrypi -- hosts: master +- name: "Server Setup" + hosts: master become: yes roles: - - role: k3s/master + - role: k3s/master # noqa: role-name[path] -- hosts: node +- name: "Agent Setup" + hosts: node become: yes roles: - - role: k3s/node + - role: k3s/node # noqa: role-name[path]