diff --git a/.drone.yml b/.drone.yml index 585deb0..a4bfbf4 100644 --- a/.drone.yml +++ b/.drone.yml @@ -27,4 +27,4 @@ steps: - terraform validate - terraform apply -auto-approve -var "hcloud_token=$HCLOUD_TOKEN" -var "pvt_key=../ssh_keys/id_ed25519" -var "pub_key=../ssh_keys/id_ed25519.pub" -var "hcloud_serverctl_ssh_key_id=$HCLOUD_SSH_KEY_ID" - cd ansible - - ANSIBLE_HOST_KEY_CHECKING=False /usr/bin/ansible-playbook -i 'inventory/hosts.cfg' -u root --key-file '../../ssh_keys/id_ed25519' -e 'pub_key=../../ssh_keys/id_ed25519.pub' server-install.yml + - /usr/bin/ansible-playbook -u root --key-file '../../ssh_keys/id_ed25519' -e 'pub_key=../../ssh_keys/id_ed25519.pub' site.yml diff --git a/infrastructure/create-resources/ansible/.yamllint b/infrastructure/create-resources/ansible/.yamllint new file mode 100644 index 0000000..4ab5811 --- /dev/null +++ b/infrastructure/create-resources/ansible/.yamllint @@ -0,0 +1,9 @@ +--- +extends: default + +rules: + line-length: + max: 120 + level: warning + truthy: + allowed-values: ['true', 'false', 'yes', 'no'] \ No newline at end of file diff --git a/infrastructure/create-resources/ansible/ansible.cfg b/infrastructure/create-resources/ansible/ansible.cfg new file mode 100644 index 0000000..e9a6baf --- /dev/null +++ b/infrastructure/create-resources/ansible/ansible.cfg @@ -0,0 +1,12 @@ +[defaults] +nocows = True +roles_path = ./roles +inventory = ./inventory/hosts.cfg + +remote_tmp = $HOME/.ansible/tmp +local_tmp = $HOME/.ansible/tmp +pipelining = True +become = True +host_key_checking = False +deprecation_warnings = True +callback_whitelist = profile_tasks \ No newline at end of file diff --git a/infrastructure/create-resources/ansible/collections/requirements.yml b/infrastructure/create-resources/ansible/collections/requirements.yml new file mode 100644 index 0000000..afc836d --- /dev/null +++ b/infrastructure/create-resources/ansible/collections/requirements.yml @@ -0,0 +1,3 @@ +--- +collections: + - name: community.general diff --git a/infrastructure/create-resources/ansible/inventory/group_vars/all.yml b/infrastructure/create-resources/ansible/inventory/group_vars/all.yml new file mode 100644 index 0000000..f3e1b78 --- /dev/null +++ b/infrastructure/create-resources/ansible/inventory/group_vars/all.yml @@ -0,0 +1,7 @@ +--- +k3s_version: v1.22.3+k3s1 +ansible_user: debian +systemd_dir: /etc/systemd/system +master_ip: "{{ hostvars[groups['serverctl_master_hosts'][0]]['ansible_host'] | default(groups['serverctl_master_hosts'][0]) }}" +extra_server_args: "" +extra_agent_args: "" diff --git a/infrastructure/create-resources/ansible/inventory/hosts.cfg b/infrastructure/create-resources/ansible/inventory/hosts.cfg index f95e58b..69302a7 100755 --- a/infrastructure/create-resources/ansible/inventory/hosts.cfg +++ b/infrastructure/create-resources/ansible/inventory/hosts.cfg @@ -1,2 +1,8 @@ [serverctl_master_hosts] 65.21.153.18 + +[serverctl_node_hosts] + +[serverctl_cluster:children] +serverctl_master_hosts +serverctl_node_hosts \ No newline at end of file diff --git a/infrastructure/create-resources/ansible/roles/download/tasks/main.yml b/infrastructure/create-resources/ansible/roles/download/tasks/main.yml new file mode 100644 index 0000000..543009e --- /dev/null +++ b/infrastructure/create-resources/ansible/roles/download/tasks/main.yml @@ -0,0 +1,10 @@ +--- +- name: Download k3s binary x64 + get_url: + url: https://github.com/k3s-io/k3s/releases/download/{{ k3s_version }}/k3s + checksum: sha256:https://github.com/k3s-io/k3s/releases/download/{{ k3s_version }}/sha256sum-amd64.txt + dest: /usr/local/bin/k3s + owner: root + group: root + mode: 0755 + when: ansible_facts.architecture == "x86_64" diff --git a/infrastructure/create-resources/ansible/roles/prereq/tasks/main.yml b/infrastructure/create-resources/ansible/roles/prereq/tasks/main.yml new file mode 100644 index 0000000..eb0ad53 --- /dev/null +++ b/infrastructure/create-resources/ansible/roles/prereq/tasks/main.yml @@ -0,0 +1,31 @@ +--- +- name: Enable IPv4 forwarding + sysctl: + name: net.ipv4.ip_forward + value: "1" + state: present + reload: yes + +- name: Enable IPv6 forwarding + sysctl: + name: net.ipv6.conf.all.forwarding + value: "1" + state: present + reload: yes + when: ansible_all_ipv6_addresses + +# Setup user +- name: Add the user 'kjuulh' and add it to 'sudo' + user: + name: kjuulh + group: sudo + state: present + +- name: "add authorized keys" + authorized_key: + user: kjuulh + state: present + key: "{{ lookup('file', pub_key) }}" + +- name: Wait for apt to unlock + shell: while sudo fuser /var/lib/dpkg/lock >/dev/null >2&1; do sleep 5; done; diff --git a/infrastructure/create-resources/ansible/site.yml b/infrastructure/create-resources/ansible/site.yml new file mode 100644 index 0000000..85a77db --- /dev/null +++ b/infrastructure/create-resources/ansible/site.yml @@ -0,0 +1,17 @@ +--- +- hosts: serverctl_cluster + gather_facts: yes + become: yes + roles: + - role: prereq + - role: download +#- hosts: serverctl_master_hosts +# become: yes +# roles: +# - role: "./k3s/master" +# +#- hosts: serverctl_node_hosts +# become: yes +# roles: +# - role: "./k3s/node" +# diff --git a/infrastructure/create-resources/templates/hosts.tpl b/infrastructure/create-resources/templates/hosts.tpl index 5320ea4..df1da0a 100644 --- a/infrastructure/create-resources/templates/hosts.tpl +++ b/infrastructure/create-resources/templates/hosts.tpl @@ -1,4 +1,10 @@ [serverctl_master_hosts] %{ for ip in serverctl_masters ~} ${ip} -%{ endfor ~} \ No newline at end of file +%{ endfor ~} + +[serverctl_node_hosts] + +[serverctl_cluster:children] +serverctl_master_hosts +serverctl_node_hosts \ No newline at end of file