Add ansible for k3s

.drone.yml

@@ -27,4 +27,4 @@ steps:
       - terraform validate
       - terraform apply -auto-approve -var "hcloud_token=$HCLOUD_TOKEN" -var "pvt_key=../ssh_keys/id_ed25519" -var "pub_key=../ssh_keys/id_ed25519.pub" -var "hcloud_serverctl_ssh_key_id=$HCLOUD_SSH_KEY_ID"
       - cd ansible
-      - ANSIBLE_HOST_KEY_CHECKING=False /usr/bin/ansible-playbook -i 'inventory/hosts.cfg' -u root --key-file '../../ssh_keys/id_ed25519'  -e 'pub_key=../../ssh_keys/id_ed25519.pub' server-install.yml
+      - /usr/bin/ansible-playbook -u root --key-file '../../ssh_keys/id_ed25519'  -e 'pub_key=../../ssh_keys/id_ed25519.pub' site.yml

infrastructure/create-resources/ansible/.yamllint

@@ -0,0 +1,9 @@
+---
+extends: default
+
+rules:
+  line-length:
+    max: 120
+    level: warning
+  truthy:
+    allowed-values: ['true', 'false', 'yes', 'no']

infrastructure/create-resources/ansible/ansible.cfg

@@ -0,0 +1,12 @@
+[defaults]
+nocows = True
+roles_path = ./roles
+inventory = ./inventory/hosts.cfg
+
+remote_tmp = $HOME/.ansible/tmp
+local_tmp = $HOME/.ansible/tmp
+pipelining = True
+become = True
+host_key_checking = False
+deprecation_warnings = True
+callback_whitelist = profile_tasks

infrastructure/create-resources/ansible/collections/requirements.yml

@@ -0,0 +1,3 @@
+---
+collections:
+  - name: community.general

infrastructure/create-resources/ansible/inventory/group_vars/all.yml

@@ -0,0 +1,7 @@
+---
+k3s_version: v1.22.3+k3s1
+ansible_user: debian
+systemd_dir: /etc/systemd/system
+master_ip: "{{ hostvars[groups['serverctl_master_hosts'][0]]['ansible_host'] | default(groups['serverctl_master_hosts'][0]) }}"
+extra_server_args: ""
+extra_agent_args: ""

infrastructure/create-resources/ansible/inventory/hosts.cfg

@@ -1,2 +1,8 @@
 [serverctl_master_hosts]
 65.21.153.18
+
+[serverctl_node_hosts]
+
+[serverctl_cluster:children]
+serverctl_master_hosts
+serverctl_node_hosts

infrastructure/create-resources/ansible/roles/download/tasks/main.yml

@@ -0,0 +1,10 @@
+---
+- name: Download k3s binary x64
+  get_url:
+    url: https://github.com/k3s-io/k3s/releases/download/{{ k3s_version }}/k3s
+    checksum: sha256:https://github.com/k3s-io/k3s/releases/download/{{ k3s_version }}/sha256sum-amd64.txt
+    dest: /usr/local/bin/k3s
+    owner: root
+    group: root
+    mode: 0755
+  when: ansible_facts.architecture == "x86_64"

infrastructure/create-resources/ansible/roles/prereq/tasks/main.yml

@@ -0,0 +1,31 @@
+---
+- name: Enable IPv4 forwarding
+  sysctl:
+    name: net.ipv4.ip_forward
+    value: "1"
+    state: present
+    reload: yes
+
+- name: Enable IPv6 forwarding
+  sysctl:
+    name: net.ipv6.conf.all.forwarding
+    value: "1"
+    state: present
+    reload: yes
+  when: ansible_all_ipv6_addresses
+
+# Setup user
+- name: Add the user 'kjuulh' and add it to 'sudo'
+  user:
+    name: kjuulh
+    group: sudo
+    state: present
+
+- name: "add authorized keys"
+  authorized_key:
+    user: kjuulh
+    state: present
+    key: "{{ lookup('file', pub_key) }}"
+
+- name: Wait for apt to unlock
+  shell: while sudo fuser /var/lib/dpkg/lock >/dev/null >2&1; do sleep 5; done;

infrastructure/create-resources/ansible/site.yml

@@ -0,0 +1,17 @@
+---
+- hosts: serverctl_cluster
+  gather_facts: yes
+  become: yes
+  roles:
+    - role: prereq
+    - role: download
+#- hosts: serverctl_master_hosts
+#  become: yes
+#  roles:
+#    - role: "./k3s/master"
+#
+#- hosts: serverctl_node_hosts
+#  become: yes
+#  roles:
+#    - role: "./k3s/node"
+#

infrastructure/create-resources/templates/hosts.tpl

@@ -2,3 +2,9 @@
 %{ for ip in serverctl_masters ~}
 ${ip}
 %{ endfor ~}
+
+[serverctl_node_hosts]
+
+[serverctl_cluster:children]
+serverctl_master_hosts
+serverctl_node_hosts