v0.0.2

group_vars/control_plane.yml

@@ -1,3 +1,20 @@
 ---
 # Group vars for Kubernetes control plane nodes
 kubernetes_role: control_plane
+iptables_forward_policy: ACCEPT
+iptables_open_ports:
+  - interface: any
+    protocol: tcp
+    port: 6443
+  - interface: any
+    protocol: tcp
+    port: '2379:2380'
+  - interface: any
+    protocol: tcp
+    port: 10250
+  - interface: any
+    protocol: tcp
+    port: 10257
+  - interface: any
+    protocol: tcp
+    port: 10259

group_vars/workers.yml

@@ -1,3 +1,14 @@
 ---
 # Group vars for Kubernetes worker nodes
 kubernetes_role: node
+iptables_forward_policy: ACCEPT
+iptables_open_ports:
+  - interface: any
+    protocol: tcp
+    port: 10250
+  - interface: any
+    protocol: tcp
+    port: 10256
+  - interface: any
+    protocol: tcp
+    port: "30000:32767"

host_vars/alpha-control-plane.yml

@@ -1,3 +1,16 @@
 ---
 # Host vars for alpha-control-plane
-os: debin
+network_interfaces: "
+# The primary network interface
+auto eno8303
+iface eno8303 inet static
+    address 10.0.0.2/16
+    gateway 10.0.0.1
+iface eno8303 inet6 static
+    address fc00:6572:6963:a::2/64
+    gateway fc00:6572:6963:a::1
+
+# The secondary network interface
+allow-hotplug eno8403
+iface eno8403 inet dhcp
+"

host_vars/alpha-worker-0.yml

@@ -1,3 +1,16 @@
 ---
 # Host vars for alpha-worker-0
-os: debian
+network_interfaces: "
+# The primary network interface
+auto eno1np0
+iface eno1np0 inet static
+    address 10.0.0.3/16
+    gateway 10.0.0.1
+iface eno1np0 inet6 static
+    address fc00:6572:6963:a::3/64
+    gateway fc00:6572:6963:a::1
+
+# The secondary network interface
+allow-hotplug eno2np1
+iface eno2np1 inet dhcp
+"

roles/ericomeehan.configure_network/README.md

@@ -0,0 +1,38 @@
+ericomeehan.configure_network
+=========
+
+Role to configure network interfaces for eom.dev.
+
+Requirements
+------------
+
+None
+
+Role Variables
+--------------
+
+network_interfaces: A string defining network interfaces for a Debian node
+
+Dependencies
+------------
+
+None
+
+Example Playbook
+----------------
+
+Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
+
+    - hosts: servers
+      roles:
+         - { role: username.rolename, x: 42 }
+
+License
+-------
+
+BSD
+
+Author Information
+------------------
+
+Eric O'Neill Meehan

roles/ericomeehan.configure_network/defaults/main.yml

@@ -0,0 +1,2 @@
+---
+# defaults file for configure_network

roles/ericomeehan.configure_network/handlers/main.yml

@@ -0,0 +1,2 @@
+---
+# handlers file for configure_network

roles/ericomeehan.configure_network/tasks/Debian_firewall.yml

@@ -0,0 +1,7 @@
+---
+# tasks file for Debian_firewall
+- name: Enable nftables
+  service:
+    name: nftables
+    state: started
+    enabled: true

roles/ericomeehan.configure_network/tasks/Debian_interfaces.yml

@@ -0,0 +1,6 @@
+---
+# tasks file for Debian_interfaces
+- name: Configure network interfaces for a Debian node
+  template:
+    src: "Debian_interfaces.j2"
+    dest: /etc/network/interfaces

roles/ericomeehan.configure_network/tasks/main.yml

@@ -0,0 +1,7 @@
+---
+# tasks file for configure_network
+- include_tasks: Debian_interfaces.yml
+  when: ansible_os_family == "Debian"
+
+- include_tasks: Debian_firewall.yml
+  when: ansible_os_family == "Debian"

roles/ericomeehan.configure_network/templates/Debian_interfaces.j2

@@ -0,0 +1,10 @@
+# This file describes the network interfaces available on your system
+# and how to activate them. For more information, see interfaces(5).
+
+source /etc/network/interfaces.d/*
+
+# The loopback network interface
+auto lo
+iface lo inet loopback
+
+{{ network_interfaces }}

roles/ericomeehan.configure_network/tests/test.yml

@@ -0,0 +1,5 @@
+---
+- hosts: localhost
+  remote_user: root
+  roles:
+    - configure_network

roles/ericomeehan.configure_network/vars/main.yml

@@ -0,0 +1,2 @@
+---
+# vars file for configure_network

roles/ericomeehan.save_initial_configuration/meta/main.yml

@@ -0,0 +1,34 @@
+galaxy_info:
+  author: your name
+  description: your role description
+  company: your company (optional)
+
+  # If the issue tracker for your role is not on github, uncomment the
+  # next line and provide a value
+  # issue_tracker_url: http://example.com/issue/tracker
+
+  # Choose a valid license ID from https://spdx.org - some suggested licenses:
+  # - BSD-3-Clause (default)
+  # - MIT
+  # - GPL-2.0-or-later
+  # - GPL-3.0-only
+  # - Apache-2.0
+  # - CC-BY-4.0
+  license: license (GPL-2.0-or-later, MIT, etc)
+
+  min_ansible_version: 2.1
+
+  # If this a Container Enabled role, provide the minimum Ansible Container version.
+  # min_ansible_container_version:
+
+  galaxy_tags: []
+    # List tags for your role here, one per line. A tag is a keyword that describes
+    # and categorizes the role. Users find roles by searching for tags. Be sure to
+    # remove the '[]' above, if you add tags to this list.
+    #
+    # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
+    #       Maximum 20 tags per role.
+
+dependencies: []
+  # List your role dependencies here, one per line. Be sure to remove the '[]' above,
+  # if you add dependencies to this list.

roles/ericomeehan.save_initial_configuration/tasks/dump_debconf_db.yml

@@ -1,5 +1,5 @@
 ---
-# tasks file for dump_debconf_database
+# tasks file for dump_debconf_db
 - name: Install debconf-utils
   apt:
     name: debconf-utils

roles/ericomeehan.save_initial_configuration/tasks/main.yml

@@ -0,0 +1,4 @@
+---
+# tasks file for dump_debconf_database
+- include_tasks: dump_debconf_db.yml
+  when: ansible_os_family == "Debian"

roles/ericomeehan.save_initial_configuration/tests/inventory

@@ -0,0 +1,2 @@
+localhost
+

site.yml

@@ -4,5 +4,5 @@
   hosts: all
   become: true
   roles:
-    - role: ericomeehan.dump-debconf-database
+    - role: ericomeehan.save_initial_configuration
-      where: os == "debian"
+    - role: ericomeehan.configure_network