--- # Master playbook for eom.dev - name: Initialize systems hosts: all become: true pre_tasks: - name: Install debconf-utils apt: name: debconf-utils state: present - name: Create preseed file command: echo "#_preseed_V1" > /root/preseed.txt - name: Append installer's debconf database to the preseed file command: debconf-get-selections --installer >> /root/preseed.txt - name: Append debconf database to the preseed file command: debconf-get-selections >> /root/preseed.txt - name: Append text from files/motd to the beginning of remote motd file blockinfile: path: /etc/motd marker: "" block: | {{ lookup('file', 'files/motd') }} - name: Copy nftables configuration template template: src: "nftables.conf.j2" dest: /etc/nftables.conf - name: Enable nftables service: name: nftables state: started enabled: true - name: Install prometheus node exporter apt: name: prometheus-node-exporter state: present - name: Enable prometheus node exporter service: name: prometheus-node-exporter state: started enabled: true roles: - role: ericomeehan.ericomeehan - name: Initialize cluster nodes hosts: clusters become: true pre_tasks: - name: Update sysctl configuration to enable IPv4 packet forwarding lineinfile: path: /etc/sysctl.conf line: 'net.ipv4.ip_forward = 1' state: present - name: Update sysctl configuration to enable IPv6 packet forwarding lineinfile: path: /etc/sysctl.conf line: 'net.ipv6.conf.all.forwarding = 1' state: present - name: Reload sysctl configuration command: sysctl --system - name: Enable br_netfilter kernel module command: modprobe br_netfilter - name: Add the module to a configuration file for persistence lineinfile: path: /etc/modules-load.d/modules.conf line: "br_netfilter" - name: Install kubernetes library apt: name: python3-kubernetes state: present roles: - role: geerlingguy.containerd - role: geerlingguy.kubernetes - role: geerlingguy.helm when: kubernetes_role == 'control_plane' - role: ericomeehan.nvidia_driver_debian when: nvidia_driver_needed == true - name: Prepare cluster environment hosts: control_plane become: true tasks: - name: Apply deploy.yaml from ingress-nginx release k8s: src: https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.10.1/deploy/static/provider/baremetal/deploy.yaml apply: yes - name: Wait 10 seconds for ingress-nginx to initialize wait_for: timeout: 10 - name: Get the ingress-nginx-controller service ports k8s_info: kind: Service name: ingress-nginx-controller namespace: ingress-nginx register: service_details - name: Print ingress-nginx ports debug: var: service_details.resources[0].spec.ports - name: Manually update port forwarding rules pause: prompt: Press enter once port forwarding rules are updated - name: Apply cert-manager.yaml from cert-manager release k8s: src: https://github.com/cert-manager/cert-manager/releases/download/v1.15.1/cert-manager.yaml apply: yes - name: Wait 10 seconds for cert-manager to initialize wait_for: timeout: 10 - name: Create issuer for letsencrypt staging k8s: state: present definition: apiVersion: cert-manager.io/v1 kind: ClusterIssuer metadata: name: letsencrypt-staging spec: acme: email: eric@eom.dev server: https://acme-staging-v02.api.letsencrypt.org/directory privateKeySecretRef: name: letsencrypt-staging solvers: - http01: ingress: ingressClassName: nginx - name: Create issuer for letsencrypt production k8s: state: present definition: apiVersion: cert-manager.io/v1 kind: ClusterIssuer metadata: name: letsencrypt-production spec: acme: email: eric@eom.dev server: https://acme-v02.api.letsencrypt.org/directory privateKeySecretRef: name: letsencrypt-production solvers: - http01: ingress: ingressClassName: nginx - name: Wait 10 seconds for letsencrypt to initialize wait_for: timeout: 10 - name: Deploy services hosts: alpha-control-plane become: true roles: - role: ericomeehan.eom.dev - role: ericomeehan.gondwanamc