feat: migrate ansible/k3s from https://gitlab.com/fukurokuju/vm-foundation

ansible/inventory

@@ -2,4 +2,19 @@
 cloud.fuku
 
 [nextclouds:vars]
-ansible_user=root
+ansible_user=root
+
+[k3s_masters]
+master1.ramiel.fuku
+master2.ireul.fuku
+master3.ireul.fuku
+
+[k3s_agents]
+agent1.zeruel.fuku
+sandalphon.fuku
+
+[k3s_masters:vars]
+ansible_user=ci
+
+[k3s_agents:vars]
+ansible_user=ci

ansible/k3s/playbooks/base.yml

@@ -0,0 +1,6 @@
+- name: Apply base configuration
+  hosts: all
+
+  roles:
+    - role: ../roles/base
+      become: yes

ansible/k3s/playbooks/k3s.yml

@@ -0,0 +1,12 @@
+- name: Install k3s nodes
+  hosts:
+    - k3s_masters
+    - k3s_agents
+
+  roles:
+    - role: ../roles/k3s
+      become: yes
+      vars:
+        first_master_hostname: "{{ groups['k3s_masters'][0] }}"
+        is_first_master: "{{ inventory_hostname in groups['k3s_masters'][0] }}"
+        short_hostname: "{{ inventory_hostname.split('.')[0] }}"

ansible/k3s/roles/base/tasks/main.yml

@@ -0,0 +1,36 @@
+---
+- name: Set same timezone on every Server
+  community.general.timezone:
+    name: "{{ system_timezone }}"
+  when: (system_timezone is defined) and (system_timezone != "Your/Timezone")
+  
+- name: Enable IPv4 forwarding
+  ansible.posix.sysctl:
+    name: net.ipv4.ip_forward
+    value: "1"
+    state: present
+    reload: yes
+
+- name: Enable IPv6 forwarding
+  ansible.posix.sysctl:
+    name: net.ipv6.conf.all.forwarding
+    value: "1"
+    state: present
+    reload: yes
+
+- name: Enable IPv6 router advertisements
+  ansible.posix.sysctl:
+    name: net.ipv6.conf.all.accept_ra
+    value: "2"
+    state: present
+    reload: yes
+
+- import_tasks: packages.yml
+  name: Install base packages
+  tags:
+    - packages
+
+- import_tasks: mounts.yml
+  name: Mount NFS shares
+  tags:
+    - nfs

ansible/k3s/roles/base/tasks/mounts.yml

@@ -0,0 +1,19 @@
+---
+- name: Create mountpoint directory
+  file:
+    path: /nfs/nas1
+    state: directory
+    owner: 10000
+    group: 10000
+
+- name: Mount nas1 share
+  mount:
+    fstype: nfs
+    src: zeruel.fuku:/mnt/pool1/nas1
+    path: /nfs/nas1
+    state: mounted
+    fstab: /etc/fstab
+    opts: _netdev,nofail,tcp,bg,retrans=2,timeo=150,rsize=32768,wsize=32768,noresvport
+    backup: true
+  become: yes
+  become_user: root

ansible/k3s/roles/base/tasks/packages.yml

@@ -0,0 +1,17 @@
+- name: Install base packages
+  apt:
+    name: "{{ item }}"
+    state: present
+    update_cache: yes
+  loop:
+    - qemu-guest-agent
+    - git
+    - tmux
+    - vim
+    - curl
+    - nfs-common
+
+- name: Update all packages
+  apt:
+    upgrade: dist
+    update_cache: yes

ansible/k3s/roles/k3s/tasks/agent.yml

@@ -0,0 +1,17 @@
+---
+- name: Create rancher folder
+  file:
+    state: directory
+    path: /etc/rancher/k3s
+    owner: root
+    group: root
+    mode: 755
+
+- name: Copy k3s config file
+  template:
+    src: agent.config.yaml.j2
+    dest: /etc/rancher/k3s/config.yaml
+    mode: 600
+
+- name: Install k3s agent
+  shell: "bash /tmp/k3s.install.sh agent"

ansible/k3s/roles/k3s/tasks/copy-kubeconfig.yml

@@ -0,0 +1,19 @@
+---
+- name: Create .kube directory
+  become: yes
+  file:
+    path: /home/ci/.kube
+    state: directory
+    mode: '0755'
+    owner: ci
+    group: ci
+
+- name: Copy kubeconfig
+  copy:
+    remote_src: true
+    src: /etc/rancher/k3s/k3s.yaml
+    dest: /home/ci/.kube/config
+    mode: 0644
+    owner: ci
+    group: ci
+  become: yes

ansible/k3s/roles/k3s/tasks/download.yml

@@ -0,0 +1,7 @@
+---
+
+- name: Download k3s script
+  get_url:
+    url: https://get.k3s.io
+    dest: /tmp/k3s.install.sh
+

ansible/k3s/roles/k3s/tasks/main.yml

@@ -0,0 +1,14 @@
+- import_tasks: download.yml
+  name: Download install script
+
+- import_tasks: master.yml
+  name: Install master node
+  when: inventory_hostname in groups["k3s_masters"]
+
+- import_tasks: agent.yml
+  name: Install agent node
+  when: inventory_hostname in groups["k3s_agents"]
+
+- import_tasks: copy-kubeconfig.yml
+  name: Copy kubeconfig
+  when: inventory_hostname in groups["k3s_masters"] and is_first_master

ansible/k3s/roles/k3s/tasks/master.yml

@@ -0,0 +1,19 @@
+---
+- name: Create rancher folder
+  file:
+    state: directory
+    path: /etc/rancher/k3s
+    owner: root
+    group: root
+    mode: 755
+
+- name: Copy k3s config file
+  template:
+    src: master.config.yaml.j2
+    dest: /etc/rancher/k3s/config.yaml
+    mode: 600
+  vars:
+    etcd_snapshot_dir: "/nfs/nas1/backups/{{ short_hostname }}"
+
+- name: Install k3s master
+  command: bash /tmp/k3s.install.sh

ansible/k3s/roles/k3s/templates/agent.config.yaml.j2

@@ -0,0 +1,2 @@
+token: {{ cluster_token }}
+server: https://{{ tls_san }}:6443

ansible/k3s/roles/k3s/templates/master.config.yaml.j2

@@ -0,0 +1,12 @@
+tls-san:
+  - {{ inventory_hostname }}
+  - {{ tls_san }}
+node-label:
+  - name={{ inventory_hostname }}
+token: "{{ cluster_token }}"
+etcd-snapshot-dir: {{ etcd_snapshot_dir }}
+{% if is_first_master %}
+cluster-init: "{{ is_first_master }}"
+{% else %}
+server: https://{{ first_master_hostname }}:6443
+{% endif %}

ansible/k3s/roles/k3s/vars/main.yml

@@ -0,0 +1,4 @@
+---
+k3s_version: "v1.27.4+k3s1"
+tls_san: "{{ lookup('env', 'ANSIBLE_TLS_SAN') | mandatory }}"
+cluster_token: "{{ lookup('env', 'ANSIBLE_CLUSTER_TOKEN') | mandatory }}"

ansible/k3s/sample.env

@@ -0,0 +1,2 @@
+ANSIBLE_K3S_CLUSTER_TOKEN=
+ANSIBLE_K3S_TLS_SAN=