lino/k3s-ansible
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feat: Added k3s, metallb, tried adding traefik

Browse Source
This commit is contained in:
Lino Silva
2022-11-15 09:35:05 +00:00
parent f783d35513
commit 645dacdca4
47 changed files with 49105 additions and 196 deletions
Download Patch File Download Diff File Expand all files Collapse all files
roles/provision/cgroup/tasks/main.yml
+28
View File
@@ -0,0 +1,28 @@
---
- name: Add cgroup rule
ansible.builtin.lineinfile:
path: /etc/pve/nodes/{{ ansible_hostname }}/lxc/"{{ hostvars[ansible_hostname]['k3s_vmid'] }}".conf
state: present
line: lxc.apparmor.profile{{":"}} unconfined
validate: /usr/sbin/visudo -cf %s
- name: Add cgroup rule
ansible.builtin.lineinfile:
path: /etc/pve/nodes/{{ ansible_hostname }}/lxc/"{{ hostvars[ansible_hostname]['k3s_vmid'] }}".conf
state: present
line: lxc.cap.drop{{":"}}
validate: /usr/sbin/visudo -cf %s
- name: Add cgroup rule
ansible.builtin.lineinfile:
path: /etc/pve/nodes/{{ ansible_hostname }}/lxc/"{{ hostvars[ansible_hostname]['k3s_vmid'] }}".conf
state: present
line: lxc.mount.auto"{{":"}}" "proc{{":"}}rw sys{{":"}}rw"
validate: /usr/sbin/visudo -cf %s
- name: Add cgroup rule
ansible.builtin.lineinfile:
path: /etc/pve/nodes/{{ ansible_hostname }}/lxc/"{{ hostvars[ansible_hostname]['k3s_vmid'] }}".conf
state: present
line: lxc.cgroup2.devices.allow{{":"}} c 10{{":"}}200 rwm
validate: /usr/sbin/visudo -cf %s
roles/provision/create/tasks/main.yml
+27
View File
@@ -0,0 +1,27 @@
---
- name: Create containers
community.general.proxmox:
vmid: "{{ hostvars[item]['k3s_vmid'] }}"
node: "{{ item }}"
api_user: root@pam
api_password: "{{ proxmox_api_password }}"
api_host: 10.0.2.2
password: "{{ lxc_password }}"
hostname: "{{ hostvars[item]['k3s_hostname'] }}"
ostemplate: "hyrule-8tb-nfs:vztmpl/debian-11-standard_11.3-1_amd64.tar.zst"
netif: "{'net0':'name=eth0,\
gw=10.0.0.1,\
ip={{ hostvars[item]['k3s_lxc_host'] }}/21,\
hwaddr={{ hostvars[item]['k3s_mac_addr'] }},\
bridge=vmbr0'}"
cores: "{{ hostvars[item]['k3s_cores'] }}"
memory: "{{ hostvars[item]['k3s_memory'] }}"
unprivileged: no
swap: 0
searchdomain: "home"
onboot: 1
features:
- nesting=1
disk: local-lvm:{{ hostvars[item]['k3s_disk'] }}
force: yes
loop: "{{ groups['baremetal'] }}"
roles/provision/delete/tasks/main.yml
+27
View File
@@ -0,0 +1,27 @@
---
- name: Stop containers
community.general.proxmox:
vmid: "{{ hostvars[item]['k3s_vmid'] }}"
api_user: root@pam
api_password: "{{ proxmox_api_password }}"
api_host: 10.0.2.2
state: stopped
loop: "{{ groups['baremetal'] }}"
ignore_errors: true
- name: Remove containers
community.general.proxmox:
vmid: "{{ hostvars[item]['k3s_vmid'] }}"
api_user: root@pam
api_password: "{{ proxmox_api_password }}"
api_host: "{{ hostvars[item]['ip_addr'] }}"
state: absent
loop: "{{ groups['baremetal'] }}"
ignore_errors: true
- name: Remove .ssh/known_hosts lines
ansible.builtin.lineinfile:
path: /Users/lino.silva/.ssh/known_hosts
state: absent
regexp: '^{{ hostvars[item]["k3s_lxc_host"] }}'
loop: "{{ groups['baremetal'] }}"
roles/provision/enable-ssh/tasks/main.yml
+8
View File
@@ -0,0 +1,8 @@
---
# Unable to use ansible.builtin.lineinfile, because we need to run this through the proxmox host (because SSH is not enabled duh)
- name: Allow SSH into LXC
ansible.builtin.command: lxc-attach -n "{{ k3s_vmid }}" -- sed -i "s/#PermitRootLogin prohibit-password/PermitRootLogin yes/g" /etc/ssh/sshd_config
- name: Restart SSH Service
ansible.builtin.command: lxc-attach -n "{{ k3s_vmid }}" service ssh restart
roles/provision/pre/tasks/main.yml
+12
View File
@@ -0,0 +1,12 @@
---
- name: Allow ipv4 forwarding
ansible.builtin.shell: "sysctl net.ipv4.ip_forward=1"
- name: Allow ipv6 forwarding
ansible.builtin.shell: "sysctl net.ipv6.conf.all.forwarding=1"
- name: Uncomment ipv4 forward line on /etc/sysctl.conf
ansible.builtin.shell: "sed -i 's/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/g' /etc/sysctl.conf"
- name: Uncomment ipv6 forward line on /etc/sysctl.conf
ansible.builtin.shell: "sed -i 's/#net.ipv6.conf.all.forwarding=1/net.ipv6.conf.all.forwarding=1/g' /etc/sysctl.conf"
roles/provision/start/tasks/main.yml
+9
View File
@@ -0,0 +1,9 @@
---
- name: Start deployments
community.general.proxmox:
vmid: "{{ hostvars[item]['k3s_vmid'] }}"
api_user: root@pam
api_password: "{{ proxmox_api_password }}"
api_host: 10.0.2.2
state: started
loop: "{{ groups['baremetal'] }}"