Ansible provisionning (#217)

Ansible provisionning contrib

README.md

@@ -0,0 +1,43 @@
+# Build a Kubernetes cluster using k3s via Ansible.
+
+## K3s Ansible Playbook
+
+Build a Kubernetes cluster using Ansible with k3s. The goal is easily install a Kubernetes cluster on machines running:
+
+- [X] Debian 
+- [ ] Ubuntu 
+- [ ] CentOS 
+
+on processor architecture:
+
+- [X] x64
+- [X] arm64
+- [X] armhf
+
+## System requirements:
+
+Deployment environment must have Ansible 2.4.0+
+Master and nodes must have passwordless SSH access
+
+## Usage
+
+Add the system information gathered above into a file called hosts.ini. For example:
+
+```
+[master]
+192.16.35.12
+
+[node]
+192.16.35.[10:11]
+
+[kube-cluster:children]
+master
+node
+```
+
+Start provisioning of the cluster using the following command:
+
+```
+ansible-playbook site.yaml
+```
+

ansible.cfg

@@ -0,0 +1,11 @@
+[defaults]
+roles_path = ./roles
+inventory  = ./hosts.ini
+
+remote_tmp = $HOME/.ansible/tmp
+local_tmp  = $HOME/.ansible/tmp
+pipelining = True
+become = True
+host_key_checking = False
+deprecation_warnings = False
+callback_whitelist = profile_tasks

group_vars/all.yml

@@ -0,0 +1,4 @@
+k3s_version: v0.3.0
+ansible_user: debian
+systemd_dir: /etc/systemd/system
+master_ip: "{{ hostvars[groups['master'][0]]['ansible_host'] | default(groups['master'][0]) }}"

hosts.ini

@@ -0,0 +1,12 @@
+[master]
+192.168.1.26
+
+[node]
+192.168.1.34
+192.168.1.39
+192.168.1.16
+192.168.1.32
+
+[k3s-cluster:children]
+master
+node

roles/download/tasks/main.yml

@@ -0,0 +1,36 @@
+---
+
+- name: Delete k3s if already present
+  file:
+    path: /usr/local/bin/k3s
+    state: absent
+
+- name: Download k3s binary x64
+  get_url:                                                           
+      url: https://github.com/rancher/k3s/releases/download/{{ k3s_version }}/k3s
+      dest: /usr/local/bin/k3s
+      owner: root
+      group: root
+      mode: 755
+#  when: ( ansible_facts.userspace_architecture == "x86_64" )
+  when: ( ansible_facts.architecture == "x86_64" )
+
+- name: Download k3s binary arm64
+  get_url:                                                           
+      url: https://github.com/rancher/k3s/releases/download/{{ k3s_version }}/k3s-arm64
+      dest: /usr/local/bin/k3s
+      owner: root
+      group: root
+      mode: 755
+  when: ( ansible_facts.architecture is search "arm" and 
+          ansible_facts.userspace_bits == "64" )
+
+- name: Download k3s binary armhf
+  get_url:                                                           
+      url: https://github.com/rancher/k3s/releases/download/{{ k3s_version }}/k3s-armhf
+      dest: /usr/local/bin/k3s
+      owner: root
+      group: root
+      mode: 755
+  when: ( ansible_facts.architecture is search "arm" and 
+          ansible_facts.userspace_bits == "32" )

roles/k3s/master/tasks/main.yml

@@ -0,0 +1,43 @@
+---
+
+- name: Copy K3s service file
+  register: k3s_service
+  template:
+    src: "k3s.service.j2"
+    dest: "{{ systemd_dir }}/k3s.service"
+    owner: root
+    group: root
+    mode: 0755
+
+- name: Enable and check K3s service
+  systemd:
+    name: k3s
+    daemon_reload: yes
+    state: restarted
+    enabled: yes
+
+- name: Register file access mode
+  stat:
+    path: /var/lib/rancher/k3s/server
+  register: p
+
+- name: Change file access node-token
+  file:
+    path: /var/lib/rancher/k3s/server
+    mode: "g+rx,o+rx"
+
+- name: Read Node Token from Master
+  slurp:
+    src: /var/lib/rancher/k3s/server/node-token
+  register: node_token
+
+- name: Store Master Token
+  set_fact: 
+   token: "{{ node_token.content | b64decode | regex_replace('\n', '') }}"
+
+- name: Restore file access 
+  file:
+    path: /var/lib/rancher/k3s/server
+    mode: "{{ p.stat.mode }}"
+
+#- debug: msg="Node TOKEN {{ token }}"

roles/k3s/master/templates/k3s.service.j2

@@ -0,0 +1,16 @@
+[Unit]
+Description=Lightweight Kubernetes
+Documentation=https://k3s.io
+After=network.target
+[Service]
+ExecStartPre=-/sbin/modprobe br_netfilter
+ExecStartPre=-/sbin/modprobe overlay
+ExecStart=/usr/local/bin/k3s server
+KillMode=process
+Delegate=yes
+LimitNOFILE=infinity
+LimitNPROC=infinity
+LimitCORE=infinity
+TasksMax=infinity
+[Install]
+WantedBy=multi-user.target

roles/k3s/node/tasks/main.yml

@@ -0,0 +1,16 @@
+---
+
+- name: Copy K3s service file
+  template:
+    src: "k3s.service.j2"
+    dest: "{{ systemd_dir }}/k3s.service"
+    owner: root
+    group: root
+    mode: 0755
+
+- name: Enable and check K3s service
+  systemd:
+    name: k3s
+    daemon_reload: yes
+    state: restarted
+    enabled: yes

roles/k3s/node/templates/k3s.service.j2

@@ -0,0 +1,14 @@
+[Unit]
+Description=Lightweight Kubernetes
+Documentation=https://k3s.io
+After=network.target
+[Service]
+ExecStart=/usr/local/bin/k3s agent --server https://{{ master_ip }}:6443 --token {{ hostvars[groups['master'][0]]['token'] }}
+KillMode=process
+Delegate=yes
+LimitNOFILE=infinity
+LimitNPROC=infinity
+LimitCORE=infinity
+TasksMax=infinity
+[Install]
+WantedBy=multi-user.target

roles/raspbian/tasks/main.yml

@@ -0,0 +1,14 @@
+---
+
+- name: Activating cgroup on Raspbian
+  lineinfile:
+    path: /boot/cmdline.txt
+    regexp: '^(.*rootwait)$'
+    line: '\1 cgroup_enable=cpuset cgroup_memory=1 cgroup_enable=memory'
+    backrefs: true
+  when: ( ansible_facts.architecture is search "arm" )
+
+- name: Rebooting on Raspbian 
+  shell: reboot now
+  ignore_errors: true
+  when: ( ansible_facts.architecture is search "arm" )

site.yml

@@ -0,0 +1,21 @@
+---
+
+- hosts: k3s-cluster
+  gather_facts: yes
+  become: yes
+  roles:
+    - { role: download }
+    - { role: raspbian }
+
+
+- hosts: master
+#  gather_facts: yes
+  become: yes
+  roles:
+    - { role: k3s/master }
+
+- hosts: node
+#  gather_facts: yes
+  become: yes
+  roles:
+    - { role: k3s/node }