More generic name for lab host

2024-02-11 17:11:45 -08:00
parent a5ef9dac70
commit 6ead2106c5
32 changed files with 163 additions and 0 deletions
--- a/lab/roles/setup/tasks/firewall_setup.yml
+++ b/lab/roles/setup/tasks/firewall_setup.yml
@@ -0,0 +1,25 @@
+---
+- hosts: lab
+  become: yes
+  vars:
+    lan_subnet: "192.168.1.0/24"
+  tasks:
+    - name: Enable Firewall rules for basic LAN access
+      community.general.ufw:
+        rule: allow
+        port: '{{ item }}'
+        proto: tcp
+        src: '{{ lan_subnet }}'
+      loop:
+        - 22
+        - 53
+        - 80
+        - 443
+    - name: Enable K3s Ports
+      community.general.ufw:
+        rule: allow
+        port: '{{ item }}'
+        proto: tcp
+      loop:
+        - 6443
+
--- a/lab/roles/setup/tasks/get_latest_base_packages.yml
+++ b/lab/roles/setup/tasks/get_latest_base_packages.yml
@@ -0,0 +1,10 @@
+# Simply update all required packages that we have on the system
+# This also takes care of updating any packages that must updated through means
+# of Git or some other non-apt method should it be required
+---
+- hosts: leftcoastlab
+  become: yes
+  tasks:
+    - name: Distribution Upgrade
+      apt:
+        upgrade: dist
--- a/lab/roles/setup/tasks/k3s_setup.yml
+++ b/lab/roles/setup/tasks/k3s_setup.yml
@@ -0,0 +1,154 @@
+---
+# Auto install from the quickstart 
+# If airgapped, all K3s artifacts are already on the node.
+- hosts:
+  tasks:
+  - name: Download K3s install script
+    ansible.builtin.get_url:
+      url: https://get.k3s.io/
+      timeout: 120
+      dest: /usr/local/bin/k3s-install.sh
+      owner: root
+      group: root
+      mode: 0755
+
+  - name: Download K3s binary
+    ansible.builtin.command:
+      cmd: /usr/local/bin/k3s-install.sh
+    changed_when: true
+
+  - name: Add K3s autocomplete to user bashrc
+    ansible.builtin.lineinfile:
+      path: "~{{ ansible_user }}/.bashrc"
+      regexp: '\.\s+<\(k3s completion bash\)'
+      line: ". <(k3s completion bash)  # Added by k3s-ansible"
+
+
+      - name: Enable and check K3s service
+        ansible.builtin.systemd:
+          name: k3s
+          daemon_reload: true
+          state: started
+          enabled: true
+
+      - name: Pause to allow first server startup
+        when: (groups['server'] | length) > 1
+        ansible.builtin.pause:
+          seconds: 10
+
+      - name: Check whether kubectl is installed on control node
+        ansible.builtin.command: 'kubectl'
+        register: kubectl_installed
+        ignore_errors: true
+        delegate_to: 127.0.0.1
+        become: false
+        changed_when: false
+
+      - name: Apply K3S kubeconfig to control node
+        when: kubectl_installed.rc == 0
+        block:
+          - name: Copy kubeconfig to control node
+            ansible.builtin.fetch:
+              src: /etc/rancher/k3s/k3s.yaml
+              dest: "{{ kubeconfig }}"
+              flat: true
+
+          - name: Change server address in kubeconfig on control node
+            ansible.builtin.shell: |
+              KUBECONFIG={{ kubeconfig }} kubectl config set-cluster default --server=https://{{ api_endpoint }}:{{ api_port }}
+            delegate_to: 127.0.0.1
+            become: false
+            register: csa_result
+            changed_when:
+              - csa_result.rc == 0
+
+          - name: Setup kubeconfig k3s-ansible context on control node
+            when: kubeconfig != "~/.kube/config"
+            ansible.builtin.replace:
+              path: "{{ kubeconfig }}"
+              regexp: 'name: default'
+              replace: 'name: k3s-ansible'
+            delegate_to: 127.0.0.1
+            become: false
+
+          - name: Merge with any existing kubeconfig on control node
+            when: kubeconfig != "~/.kube/config"
+            ansible.builtin.shell: |
+              TFILE=$(mktemp)
+              KUBECONFIG={{ kubeconfig }} kubectl config set-context k3s-ansible --user=k3s-ansible --cluster=k3s-ansible
+              KUBECONFIG={{ kubeconfig }} kubectl config view --flatten > ${TFILE}
+              mv ${TFILE} {{ kubeconfig }}
+            delegate_to: 127.0.0.1
+            become: false
+            register: mv_result
+            changed_when:
+              - mv_result.rc == 0
+
+  - name: Start other server if any and verify status
+    when:
+      - (groups['server'] | length) > 1
+      - inventory_hostname != groups['server'][0]
+    block:
+      - name: Copy K3s service file [HA]
+        when: groups['server'] | length > 1
+        ansible.builtin.template:
+          src: "k3s-ha.service.j2"
+          dest: "{{ systemd_dir }}/k3s.service"
+          owner: root
+          group: root
+          mode: 0644
+
+      - name: Enable and check K3s service
+        ansible.builtin.systemd:
+          name: k3s
+          daemon_reload: true
+          state: started
+          enabled: true
+
+      - name: Verify that all server nodes joined
+        when: (groups['server'] | length) > 1
+        ansible.builtin.command:
+          cmd: >
+            k3s kubectl get nodes -l "node-role.kubernetes.io/control-plane=true" -o=jsonpath="{.items[*].metadata.name}"
+        register: nodes
+        until: nodes.rc == 0 and (nodes.stdout.split() | length) == (groups['server'] | length)
+        retries: 20
+        delay: 10
+        changed_when: false
+
+  - name: Setup kubectl for user
+    block:
+      - name: Create kubectl symlink
+        when: lookup('fileglob', '/usr/local/bin/kubectl', errors='warn') | length == 0
+        ansible.builtin.file:
+          src: /usr/local/bin/k3s
+          dest: /usr/local/bin/kubectl
+          state: link
+
+      - name: Create directory .kube
+        ansible.builtin.file:
+          path: ~{{ ansible_user }}/.kube
+          state: directory
+          owner: "{{ ansible_user }}"
+          mode: "u=rwx,g=rx,o="
+
+      - name: Copy config file to user home directory
+        ansible.builtin.copy:
+          src: /etc/rancher/k3s/k3s.yaml
+          dest: ~{{ ansible_user }}/.kube/config
+          remote_src: true
+          owner: "{{ ansible_user }}"
+          mode: "u=rw,g=,o="
+
+      - name: Configure default KUBECONFIG for user
+        ansible.builtin.lineinfile:
+          path: ~{{ ansible_user }}/.bashrc
+          regexp: 'export KUBECONFIG=~/.kube/config'
+          line: 'export KUBECONFIG=~/.kube/config # Added by k3s-ansible'
+          state: present
+
+      - name: Configure kubectl autocomplete
+        ansible.builtin.lineinfile:
+          path: ~{{ ansible_user }}/.bashrc
+          regexp: '\.\s+<\(kubectl completion bash\)'
+          line: ". <(kubectl completion bash)  # Added by k3s-ansible"