From 1cc30ed50309ac0c8e1aca88ae0d27e80db1d745 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?c=C4=83t=C4=83lin?= <catalin@roboces.dev>
Date: Sat, 10 Feb 2024 19:44:11 +0100
Subject: [PATCH] feat: migrate ansible/k3s from
 https://gitlab.com/fukurokuju/vm-foundation

---
 ansible/inventory                             | 17 ++++++++-
 ansible/k3s/playbooks/base.yml                |  6 ++++
 ansible/k3s/playbooks/k3s.yml                 | 12 +++++++
 ansible/k3s/roles/base/tasks/main.yml         | 36 +++++++++++++++++++
 ansible/k3s/roles/base/tasks/mounts.yml       | 19 ++++++++++
 ansible/k3s/roles/base/tasks/packages.yml     | 17 +++++++++
 ansible/k3s/roles/k3s/tasks/agent.yml         | 17 +++++++++
 .../k3s/roles/k3s/tasks/copy-kubeconfig.yml   | 19 ++++++++++
 ansible/k3s/roles/k3s/tasks/download.yml      |  7 ++++
 ansible/k3s/roles/k3s/tasks/main.yml          | 14 ++++++++
 ansible/k3s/roles/k3s/tasks/master.yml        | 19 ++++++++++
 .../roles/k3s/templates/agent.config.yaml.j2  |  2 ++
 .../roles/k3s/templates/master.config.yaml.j2 | 12 +++++++
 ansible/k3s/roles/k3s/vars/main.yml           |  4 +++
 ansible/k3s/sample.env                        |  2 ++
 15 files changed, 202 insertions(+), 1 deletion(-)
 create mode 100644 ansible/k3s/playbooks/base.yml
 create mode 100644 ansible/k3s/playbooks/k3s.yml
 create mode 100644 ansible/k3s/roles/base/tasks/main.yml
 create mode 100644 ansible/k3s/roles/base/tasks/mounts.yml
 create mode 100644 ansible/k3s/roles/base/tasks/packages.yml
 create mode 100644 ansible/k3s/roles/k3s/tasks/agent.yml
 create mode 100644 ansible/k3s/roles/k3s/tasks/copy-kubeconfig.yml
 create mode 100644 ansible/k3s/roles/k3s/tasks/download.yml
 create mode 100644 ansible/k3s/roles/k3s/tasks/main.yml
 create mode 100644 ansible/k3s/roles/k3s/tasks/master.yml
 create mode 100644 ansible/k3s/roles/k3s/templates/agent.config.yaml.j2
 create mode 100644 ansible/k3s/roles/k3s/templates/master.config.yaml.j2
 create mode 100644 ansible/k3s/roles/k3s/vars/main.yml
 create mode 100644 ansible/k3s/sample.env

diff --git a/ansible/inventory b/ansible/inventory
index e82750b..ed8373b 100644
--- a/ansible/inventory
+++ b/ansible/inventory
@@ -2,4 +2,19 @@
 cloud.fuku
 
 [nextclouds:vars]
-ansible_user=root
\ No newline at end of file
+ansible_user=root
+
+[k3s_masters]
+master1.ramiel.fuku
+master2.ireul.fuku
+master3.ireul.fuku
+
+[k3s_agents]
+agent1.zeruel.fuku
+sandalphon.fuku
+
+[k3s_masters:vars]
+ansible_user=ci
+
+[k3s_agents:vars]
+ansible_user=ci
diff --git a/ansible/k3s/playbooks/base.yml b/ansible/k3s/playbooks/base.yml
new file mode 100644
index 0000000..436bb6a
--- /dev/null
+++ b/ansible/k3s/playbooks/base.yml
@@ -0,0 +1,6 @@
+- name: Apply base configuration
+  hosts: all
+
+  roles:
+    - role: ../roles/base
+      become: yes
\ No newline at end of file
diff --git a/ansible/k3s/playbooks/k3s.yml b/ansible/k3s/playbooks/k3s.yml
new file mode 100644
index 0000000..0556511
--- /dev/null
+++ b/ansible/k3s/playbooks/k3s.yml
@@ -0,0 +1,12 @@
+- name: Install k3s nodes
+  hosts:
+    - k3s_masters
+    - k3s_agents
+
+  roles:
+    - role: ../roles/k3s
+      become: yes
+      vars:
+        first_master_hostname: "{{ groups['k3s_masters'][0] }}"
+        is_first_master: "{{ inventory_hostname in groups['k3s_masters'][0] }}"
+        short_hostname: "{{ inventory_hostname.split('.')[0] }}"
\ No newline at end of file
diff --git a/ansible/k3s/roles/base/tasks/main.yml b/ansible/k3s/roles/base/tasks/main.yml
new file mode 100644
index 0000000..b948de4
--- /dev/null
+++ b/ansible/k3s/roles/base/tasks/main.yml
@@ -0,0 +1,36 @@
+---
+- name: Set same timezone on every Server
+  community.general.timezone:
+    name: "{{ system_timezone }}"
+  when: (system_timezone is defined) and (system_timezone != "Your/Timezone")
+  
+- name: Enable IPv4 forwarding
+  ansible.posix.sysctl:
+    name: net.ipv4.ip_forward
+    value: "1"
+    state: present
+    reload: yes
+
+- name: Enable IPv6 forwarding
+  ansible.posix.sysctl:
+    name: net.ipv6.conf.all.forwarding
+    value: "1"
+    state: present
+    reload: yes
+
+- name: Enable IPv6 router advertisements
+  ansible.posix.sysctl:
+    name: net.ipv6.conf.all.accept_ra
+    value: "2"
+    state: present
+    reload: yes
+
+- import_tasks: packages.yml
+  name: Install base packages
+  tags:
+    - packages
+
+- import_tasks: mounts.yml
+  name: Mount NFS shares
+  tags:
+    - nfs
\ No newline at end of file
diff --git a/ansible/k3s/roles/base/tasks/mounts.yml b/ansible/k3s/roles/base/tasks/mounts.yml
new file mode 100644
index 0000000..0e4c4d9
--- /dev/null
+++ b/ansible/k3s/roles/base/tasks/mounts.yml
@@ -0,0 +1,19 @@
+---
+- name: Create mountpoint directory
+  file:
+    path: /nfs/nas1
+    state: directory
+    owner: 10000
+    group: 10000
+
+- name: Mount nas1 share
+  mount:
+    fstype: nfs
+    src: zeruel.fuku:/mnt/pool1/nas1
+    path: /nfs/nas1
+    state: mounted
+    fstab: /etc/fstab
+    opts: _netdev,nofail,tcp,bg,retrans=2,timeo=150,rsize=32768,wsize=32768,noresvport
+    backup: true
+  become: yes
+  become_user: root
diff --git a/ansible/k3s/roles/base/tasks/packages.yml b/ansible/k3s/roles/base/tasks/packages.yml
new file mode 100644
index 0000000..70e9a54
--- /dev/null
+++ b/ansible/k3s/roles/base/tasks/packages.yml
@@ -0,0 +1,17 @@
+- name: Install base packages
+  apt:
+    name: "{{ item }}"
+    state: present
+    update_cache: yes
+  loop:
+    - qemu-guest-agent
+    - git
+    - tmux
+    - vim
+    - curl
+    - nfs-common
+
+- name: Update all packages
+  apt:
+    upgrade: dist
+    update_cache: yes
\ No newline at end of file
diff --git a/ansible/k3s/roles/k3s/tasks/agent.yml b/ansible/k3s/roles/k3s/tasks/agent.yml
new file mode 100644
index 0000000..6e07591
--- /dev/null
+++ b/ansible/k3s/roles/k3s/tasks/agent.yml
@@ -0,0 +1,17 @@
+---
+- name: Create rancher folder
+  file:
+    state: directory
+    path: /etc/rancher/k3s
+    owner: root
+    group: root
+    mode: 755
+
+- name: Copy k3s config file
+  template:
+    src: agent.config.yaml.j2
+    dest: /etc/rancher/k3s/config.yaml
+    mode: 600
+
+- name: Install k3s agent
+  shell: "bash /tmp/k3s.install.sh agent"
\ No newline at end of file
diff --git a/ansible/k3s/roles/k3s/tasks/copy-kubeconfig.yml b/ansible/k3s/roles/k3s/tasks/copy-kubeconfig.yml
new file mode 100644
index 0000000..563f661
--- /dev/null
+++ b/ansible/k3s/roles/k3s/tasks/copy-kubeconfig.yml
@@ -0,0 +1,19 @@
+---
+- name: Create .kube directory
+  become: yes
+  file:
+    path: /home/ci/.kube
+    state: directory
+    mode: '0755'
+    owner: ci
+    group: ci
+
+- name: Copy kubeconfig
+  copy:
+    remote_src: true
+    src: /etc/rancher/k3s/k3s.yaml
+    dest: /home/ci/.kube/config
+    mode: 0644
+    owner: ci
+    group: ci
+  become: yes
diff --git a/ansible/k3s/roles/k3s/tasks/download.yml b/ansible/k3s/roles/k3s/tasks/download.yml
new file mode 100644
index 0000000..81801d7
--- /dev/null
+++ b/ansible/k3s/roles/k3s/tasks/download.yml
@@ -0,0 +1,7 @@
+---
+
+- name: Download k3s script
+  get_url:
+    url: https://get.k3s.io
+    dest: /tmp/k3s.install.sh
+
diff --git a/ansible/k3s/roles/k3s/tasks/main.yml b/ansible/k3s/roles/k3s/tasks/main.yml
new file mode 100644
index 0000000..307b44d
--- /dev/null
+++ b/ansible/k3s/roles/k3s/tasks/main.yml
@@ -0,0 +1,14 @@
+- import_tasks: download.yml
+  name: Download install script
+
+- import_tasks: master.yml
+  name: Install master node
+  when: inventory_hostname in groups["k3s_masters"]
+
+- import_tasks: agent.yml
+  name: Install agent node
+  when: inventory_hostname in groups["k3s_agents"]
+
+- import_tasks: copy-kubeconfig.yml
+  name: Copy kubeconfig
+  when: inventory_hostname in groups["k3s_masters"] and is_first_master
diff --git a/ansible/k3s/roles/k3s/tasks/master.yml b/ansible/k3s/roles/k3s/tasks/master.yml
new file mode 100644
index 0000000..f64fdec
--- /dev/null
+++ b/ansible/k3s/roles/k3s/tasks/master.yml
@@ -0,0 +1,19 @@
+---
+- name: Create rancher folder
+  file:
+    state: directory
+    path: /etc/rancher/k3s
+    owner: root
+    group: root
+    mode: 755
+
+- name: Copy k3s config file
+  template:
+    src: master.config.yaml.j2
+    dest: /etc/rancher/k3s/config.yaml
+    mode: 600
+  vars:
+    etcd_snapshot_dir: "/nfs/nas1/backups/{{ short_hostname }}"
+
+- name: Install k3s master
+  command: bash /tmp/k3s.install.sh
\ No newline at end of file
diff --git a/ansible/k3s/roles/k3s/templates/agent.config.yaml.j2 b/ansible/k3s/roles/k3s/templates/agent.config.yaml.j2
new file mode 100644
index 0000000..b0f7313
--- /dev/null
+++ b/ansible/k3s/roles/k3s/templates/agent.config.yaml.j2
@@ -0,0 +1,2 @@
+token: {{ cluster_token }}
+server: https://{{ tls_san }}:6443
\ No newline at end of file
diff --git a/ansible/k3s/roles/k3s/templates/master.config.yaml.j2 b/ansible/k3s/roles/k3s/templates/master.config.yaml.j2
new file mode 100644
index 0000000..ee0bb40
--- /dev/null
+++ b/ansible/k3s/roles/k3s/templates/master.config.yaml.j2
@@ -0,0 +1,12 @@
+tls-san:
+  - {{ inventory_hostname }}
+  - {{ tls_san }}
+node-label:
+  - name={{ inventory_hostname }}
+token: "{{ cluster_token }}"
+etcd-snapshot-dir: {{ etcd_snapshot_dir }}
+{% if is_first_master %}
+cluster-init: "{{ is_first_master }}"
+{% else %}
+server: https://{{ first_master_hostname }}:6443
+{% endif %}
diff --git a/ansible/k3s/roles/k3s/vars/main.yml b/ansible/k3s/roles/k3s/vars/main.yml
new file mode 100644
index 0000000..cb5396e
--- /dev/null
+++ b/ansible/k3s/roles/k3s/vars/main.yml
@@ -0,0 +1,4 @@
+---
+k3s_version: "v1.27.4+k3s1"
+tls_san: "{{ lookup('env', 'ANSIBLE_TLS_SAN') | mandatory }}"
+cluster_token: "{{ lookup('env', 'ANSIBLE_CLUSTER_TOKEN') | mandatory }}"
\ No newline at end of file
diff --git a/ansible/k3s/sample.env b/ansible/k3s/sample.env
new file mode 100644
index 0000000..ac7bdf4
--- /dev/null
+++ b/ansible/k3s/sample.env
@@ -0,0 +1,2 @@
+ANSIBLE_K3S_CLUSTER_TOKEN=
+ANSIBLE_K3S_TLS_SAN=
\ No newline at end of file