154 lines
4.8 KiB
YAML
154 lines
4.8 KiB
YAML
---
|
|
# Master playbook for eom.dev
|
|
- name: Initialize systems
|
|
hosts: all
|
|
become: true
|
|
pre_tasks:
|
|
- name: Install debconf-utils
|
|
apt:
|
|
name: debconf-utils
|
|
state: present
|
|
- name: Create preseed file
|
|
command: echo "#_preseed_V1" > /root/preseed.txt
|
|
- name: Append installer's debconf database to the preseed file
|
|
command: debconf-get-selections --installer >> /root/preseed.txt
|
|
- name: Append debconf database to the preseed file
|
|
command: debconf-get-selections >> /root/preseed.txt
|
|
- name: Append text from files/motd to the beginning of remote motd file
|
|
blockinfile:
|
|
path: /etc/motd
|
|
marker: ""
|
|
block: |
|
|
{{ lookup('file', 'files/motd') }}
|
|
- name: Copy nftables configuration template
|
|
template:
|
|
src: "nftables.conf.j2"
|
|
dest: /etc/nftables.conf
|
|
- name: Enable nftables
|
|
service:
|
|
name: nftables
|
|
state: started
|
|
enabled: true
|
|
- name: Install prometheus node exporter
|
|
apt:
|
|
name: prometheus-node-exporter
|
|
state: present
|
|
- name: Enable prometheus node exporter
|
|
service:
|
|
name: prometheus-node-exporter
|
|
state: started
|
|
enabled: true
|
|
roles:
|
|
- role: ericomeehan.ericomeehan
|
|
|
|
- name: Initialize cluster nodes
|
|
hosts: clusters
|
|
become: true
|
|
pre_tasks:
|
|
- name: Update sysctl configuration to enable IPv4 packet forwarding
|
|
lineinfile:
|
|
path: /etc/sysctl.conf
|
|
line: 'net.ipv4.ip_forward = 1'
|
|
state: present
|
|
- name: Update sysctl configuration to enable IPv6 packet forwarding
|
|
lineinfile:
|
|
path: /etc/sysctl.conf
|
|
line: 'net.ipv6.conf.all.forwarding = 1'
|
|
state: present
|
|
- name: Reload sysctl configuration
|
|
command: sysctl --system
|
|
- name: Enable br_netfilter kernel module
|
|
command: modprobe br_netfilter
|
|
- name: Add the module to a configuration file for persistence
|
|
lineinfile:
|
|
path: /etc/modules-load.d/modules.conf
|
|
line: "br_netfilter"
|
|
- name: Install kubernetes library
|
|
apt:
|
|
name: python3-kubernetes
|
|
state: present
|
|
roles:
|
|
- role: geerlingguy.containerd
|
|
- role: geerlingguy.kubernetes
|
|
- role: geerlingguy.helm
|
|
when: kubernetes_role == 'control_plane'
|
|
- role: ericomeehan.nvidia_driver_debian
|
|
when: nvidia_driver_needed == true
|
|
|
|
- name: Prepare cluster environment
|
|
hosts: control_plane
|
|
become: true
|
|
tasks:
|
|
- name: Apply deploy.yaml from ingress-nginx release
|
|
k8s:
|
|
src: https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.10.1/deploy/static/provider/baremetal/deploy.yaml
|
|
apply: yes
|
|
- name: Wait 10 seconds for ingress-nginx to initialize
|
|
wait_for:
|
|
timeout: 10
|
|
- name: Get the ingress-nginx-controller service ports
|
|
k8s_info:
|
|
kind: Service
|
|
name: ingress-nginx-controller
|
|
namespace: ingress-nginx
|
|
register: service_details
|
|
- name: Print ingress-nginx ports
|
|
debug:
|
|
var: service_details.resources[0].spec.ports
|
|
- name: Manually update port forwarding rules
|
|
pause:
|
|
prompt: Press enter once port forwarding rules are updated
|
|
- name: Apply cert-manager.yaml from cert-manager release
|
|
k8s:
|
|
src: https://github.com/cert-manager/cert-manager/releases/download/v1.15.1/cert-manager.yaml
|
|
apply: yes
|
|
- name: Wait 10 seconds for cert-manager to initialize
|
|
wait_for:
|
|
timeout: 10
|
|
- name: Create issuer for letsencrypt staging
|
|
k8s:
|
|
state: present
|
|
definition:
|
|
apiVersion: cert-manager.io/v1
|
|
kind: ClusterIssuer
|
|
metadata:
|
|
name: letsencrypt-staging
|
|
spec:
|
|
acme:
|
|
email: eric@eom.dev
|
|
server: https://acme-staging-v02.api.letsencrypt.org/directory
|
|
privateKeySecretRef:
|
|
name: letsencrypt-staging
|
|
solvers:
|
|
- http01:
|
|
ingress:
|
|
ingressClassName: nginx
|
|
- name: Create issuer for letsencrypt production
|
|
k8s:
|
|
state: present
|
|
definition:
|
|
apiVersion: cert-manager.io/v1
|
|
kind: ClusterIssuer
|
|
metadata:
|
|
name: letsencrypt-production
|
|
spec:
|
|
acme:
|
|
email: eric@eom.dev
|
|
server: https://acme-v02.api.letsencrypt.org/directory
|
|
privateKeySecretRef:
|
|
name: letsencrypt-production
|
|
solvers:
|
|
- http01:
|
|
ingress:
|
|
ingressClassName: nginx
|
|
- name: Wait 10 seconds for letsencrypt to initialize
|
|
wait_for:
|
|
timeout: 10
|
|
|
|
- name: Deploy services
|
|
hosts: alpha-control-plane
|
|
become: true
|
|
roles:
|
|
- role: ericomeehan.eom.dev
|
|
- role: ericomeehan.gondwanamc
|