From 85b01829fb0b1ac5989d51f3ed81f2de108c1197 Mon Sep 17 00:00:00 2001 From: Vincent RABAH Date: Fri, 26 Apr 2019 21:10:27 +0200 Subject: [PATCH] Ansible provisionning (#217) Ansible provisionning contrib --- README.md | 43 +++++++++++++++++++++++ ansible.cfg | 11 ++++++ group_vars/all.yml | 4 +++ hosts.ini | 12 +++++++ roles/download/tasks/main.yml | 36 +++++++++++++++++++ roles/k3s/master/tasks/main.yml | 43 +++++++++++++++++++++++ roles/k3s/master/templates/k3s.service.j2 | 16 +++++++++ roles/k3s/node/tasks/main.yml | 16 +++++++++ roles/k3s/node/templates/k3s.service.j2 | 14 ++++++++ roles/raspbian/tasks/main.yml | 14 ++++++++ site.yml | 21 +++++++++++ 11 files changed, 230 insertions(+) create mode 100644 README.md create mode 100644 ansible.cfg create mode 100644 group_vars/all.yml create mode 100644 hosts.ini create mode 100644 roles/download/tasks/main.yml create mode 100644 roles/k3s/master/tasks/main.yml create mode 100644 roles/k3s/master/templates/k3s.service.j2 create mode 100644 roles/k3s/node/tasks/main.yml create mode 100644 roles/k3s/node/templates/k3s.service.j2 create mode 100644 roles/raspbian/tasks/main.yml create mode 100644 site.yml diff --git a/README.md b/README.md new file mode 100644 index 0000000..96400d0 --- /dev/null +++ b/README.md @@ -0,0 +1,43 @@ +# Build a Kubernetes cluster using k3s via Ansible. + +## K3s Ansible Playbook + +Build a Kubernetes cluster using Ansible with k3s. The goal is easily install a Kubernetes cluster on machines running: + +- [X] Debian +- [ ] Ubuntu +- [ ] CentOS + +on processor architecture: + +- [X] x64 +- [X] arm64 +- [X] armhf + +## System requirements: + +Deployment environment must have Ansible 2.4.0+ +Master and nodes must have passwordless SSH access + +## Usage + +Add the system information gathered above into a file called hosts.ini. For example: + +``` +[master] +192.16.35.12 + +[node] +192.16.35.[10:11] + +[kube-cluster:children] +master +node +``` + +Start provisioning of the cluster using the following command: + +``` +ansible-playbook site.yaml +``` + diff --git a/ansible.cfg b/ansible.cfg new file mode 100644 index 0000000..747586b --- /dev/null +++ b/ansible.cfg @@ -0,0 +1,11 @@ +[defaults] +roles_path = ./roles +inventory = ./hosts.ini + +remote_tmp = $HOME/.ansible/tmp +local_tmp = $HOME/.ansible/tmp +pipelining = True +become = True +host_key_checking = False +deprecation_warnings = False +callback_whitelist = profile_tasks diff --git a/group_vars/all.yml b/group_vars/all.yml new file mode 100644 index 0000000..65d9143 --- /dev/null +++ b/group_vars/all.yml @@ -0,0 +1,4 @@ +k3s_version: v0.3.0 +ansible_user: debian +systemd_dir: /etc/systemd/system +master_ip: "{{ hostvars[groups['master'][0]]['ansible_host'] | default(groups['master'][0]) }}" diff --git a/hosts.ini b/hosts.ini new file mode 100644 index 0000000..e45c65c --- /dev/null +++ b/hosts.ini @@ -0,0 +1,12 @@ +[master] +192.168.1.26 + +[node] +192.168.1.34 +192.168.1.39 +192.168.1.16 +192.168.1.32 + +[k3s-cluster:children] +master +node diff --git a/roles/download/tasks/main.yml b/roles/download/tasks/main.yml new file mode 100644 index 0000000..20b0aeb --- /dev/null +++ b/roles/download/tasks/main.yml @@ -0,0 +1,36 @@ +--- + +- name: Delete k3s if already present + file: + path: /usr/local/bin/k3s + state: absent + +- name: Download k3s binary x64 + get_url: + url: https://github.com/rancher/k3s/releases/download/{{ k3s_version }}/k3s + dest: /usr/local/bin/k3s + owner: root + group: root + mode: 755 +# when: ( ansible_facts.userspace_architecture == "x86_64" ) + when: ( ansible_facts.architecture == "x86_64" ) + +- name: Download k3s binary arm64 + get_url: + url: https://github.com/rancher/k3s/releases/download/{{ k3s_version }}/k3s-arm64 + dest: /usr/local/bin/k3s + owner: root + group: root + mode: 755 + when: ( ansible_facts.architecture is search "arm" and + ansible_facts.userspace_bits == "64" ) + +- name: Download k3s binary armhf + get_url: + url: https://github.com/rancher/k3s/releases/download/{{ k3s_version }}/k3s-armhf + dest: /usr/local/bin/k3s + owner: root + group: root + mode: 755 + when: ( ansible_facts.architecture is search "arm" and + ansible_facts.userspace_bits == "32" ) diff --git a/roles/k3s/master/tasks/main.yml b/roles/k3s/master/tasks/main.yml new file mode 100644 index 0000000..b30fd34 --- /dev/null +++ b/roles/k3s/master/tasks/main.yml @@ -0,0 +1,43 @@ +--- + +- name: Copy K3s service file + register: k3s_service + template: + src: "k3s.service.j2" + dest: "{{ systemd_dir }}/k3s.service" + owner: root + group: root + mode: 0755 + +- name: Enable and check K3s service + systemd: + name: k3s + daemon_reload: yes + state: restarted + enabled: yes + +- name: Register file access mode + stat: + path: /var/lib/rancher/k3s/server + register: p + +- name: Change file access node-token + file: + path: /var/lib/rancher/k3s/server + mode: "g+rx,o+rx" + +- name: Read Node Token from Master + slurp: + src: /var/lib/rancher/k3s/server/node-token + register: node_token + +- name: Store Master Token + set_fact: + token: "{{ node_token.content | b64decode | regex_replace('\n', '') }}" + +- name: Restore file access + file: + path: /var/lib/rancher/k3s/server + mode: "{{ p.stat.mode }}" + +#- debug: msg="Node TOKEN {{ token }}" diff --git a/roles/k3s/master/templates/k3s.service.j2 b/roles/k3s/master/templates/k3s.service.j2 new file mode 100644 index 0000000..e68fc8c --- /dev/null +++ b/roles/k3s/master/templates/k3s.service.j2 @@ -0,0 +1,16 @@ +[Unit] +Description=Lightweight Kubernetes +Documentation=https://k3s.io +After=network.target +[Service] +ExecStartPre=-/sbin/modprobe br_netfilter +ExecStartPre=-/sbin/modprobe overlay +ExecStart=/usr/local/bin/k3s server +KillMode=process +Delegate=yes +LimitNOFILE=infinity +LimitNPROC=infinity +LimitCORE=infinity +TasksMax=infinity +[Install] +WantedBy=multi-user.target diff --git a/roles/k3s/node/tasks/main.yml b/roles/k3s/node/tasks/main.yml new file mode 100644 index 0000000..a88a9c1 --- /dev/null +++ b/roles/k3s/node/tasks/main.yml @@ -0,0 +1,16 @@ +--- + +- name: Copy K3s service file + template: + src: "k3s.service.j2" + dest: "{{ systemd_dir }}/k3s.service" + owner: root + group: root + mode: 0755 + +- name: Enable and check K3s service + systemd: + name: k3s + daemon_reload: yes + state: restarted + enabled: yes diff --git a/roles/k3s/node/templates/k3s.service.j2 b/roles/k3s/node/templates/k3s.service.j2 new file mode 100644 index 0000000..2e14031 --- /dev/null +++ b/roles/k3s/node/templates/k3s.service.j2 @@ -0,0 +1,14 @@ +[Unit] +Description=Lightweight Kubernetes +Documentation=https://k3s.io +After=network.target +[Service] +ExecStart=/usr/local/bin/k3s agent --server https://{{ master_ip }}:6443 --token {{ hostvars[groups['master'][0]]['token'] }} +KillMode=process +Delegate=yes +LimitNOFILE=infinity +LimitNPROC=infinity +LimitCORE=infinity +TasksMax=infinity +[Install] +WantedBy=multi-user.target diff --git a/roles/raspbian/tasks/main.yml b/roles/raspbian/tasks/main.yml new file mode 100644 index 0000000..189ef90 --- /dev/null +++ b/roles/raspbian/tasks/main.yml @@ -0,0 +1,14 @@ +--- + +- name: Activating cgroup on Raspbian + lineinfile: + path: /boot/cmdline.txt + regexp: '^(.*rootwait)$' + line: '\1 cgroup_enable=cpuset cgroup_memory=1 cgroup_enable=memory' + backrefs: true + when: ( ansible_facts.architecture is search "arm" ) + +- name: Rebooting on Raspbian + shell: reboot now + ignore_errors: true + when: ( ansible_facts.architecture is search "arm" ) diff --git a/site.yml b/site.yml new file mode 100644 index 0000000..f815c5c --- /dev/null +++ b/site.yml @@ -0,0 +1,21 @@ +--- + +- hosts: k3s-cluster + gather_facts: yes + become: yes + roles: + - { role: download } + - { role: raspbian } + + +- hosts: master +# gather_facts: yes + become: yes + roles: + - { role: k3s/master } + +- hosts: node +# gather_facts: yes + become: yes + roles: + - { role: k3s/node }