From e7a642969526e695527e4133ebf73e9e8b49004b Mon Sep 17 00:00:00 2001 From: John Ratliff Date: Thu, 9 May 2024 09:57:47 +0000 Subject: [PATCH 1/8] add devcontainer for rke2 --- .devcontainer/rke2/Dockerfile | 26 ++++++++++++++ .devcontainer/rke2/devcontainer.json | 54 ++++++++++++++++++++++++++++ 2 files changed, 80 insertions(+) create mode 100644 .devcontainer/rke2/Dockerfile create mode 100644 .devcontainer/rke2/devcontainer.json diff --git a/.devcontainer/rke2/Dockerfile b/.devcontainer/rke2/Dockerfile new file mode 100644 index 0000000..e435a03 --- /dev/null +++ b/.devcontainer/rke2/Dockerfile @@ -0,0 +1,26 @@ +FROM mcr.microsoft.com/devcontainers/python:1-3.12-bookworm + +# enable git bash completion +RUN ln -s /usr/share/bash-completion/completions/git /usr/share/bash-completion/bash_completion + +# install sshpass for ansible SSH password auth and vim just in case +RUN apt-get update && apt-get upgrade -y +RUN apt-get install -y sshpass vim +RUN apt-get clean + +# install ansible and ansible-lint +RUN python3 -m pip install ansible-core~=2.16.6 ansible-lint~=24.2.3 + +# create /workspace directory +WORKDIR /workspace +RUN chown -R vscode:vscode /workspace + +# run commands as non-root user +USER vscode + +# make prompt multiline cause it's too long by default +RUN sed -i -E -e '/PS1="\$/c\ PS1="${userpart} ${lightblue}\\w ${gitbranch}${removecolor}\\n\\$ "' ~/.bashrc + +# install collection requirements +COPY collections/requirements.yaml . +RUN ansible-galaxy collection install -r requirements.yaml diff --git a/.devcontainer/rke2/devcontainer.json b/.devcontainer/rke2/devcontainer.json new file mode 100644 index 0000000..da1a1f0 --- /dev/null +++ b/.devcontainer/rke2/devcontainer.json @@ -0,0 +1,54 @@ +{ + "name": "ansible-rke2", + "build": { + "dockerfile": "Dockerfile", + "context": "../../Ansible/Playbooks/RKE2" + }, + "mounts": ["source=${env:HOME}/.ssh,target=/home/vscode/.ssh,type=bind"], + + "customizations": { + "vscode": { + "extensions": [ + "bierner.markdown-preview-github-styles", + "DavidAnson.vscode-markdownlint", + "dhoeric.ansible-vault", + "eamodio.gitlens", + "esbenp.prettier-vscode", + "mhutchie.git-graph", + "ms-python.black-formatter", + "ms-python.flake8", + "ms-python.isort", + "oderwat.indent-rainbow", + "redhat.ansible", + "samuelcolvin.jinjahtml", + "tamasfe.even-better-toml", + "yzhang.markdown-all-in-one" + ], + "settings": { + "[json]": { + "editor.defaultFormatter": "esbenp.prettier-vscode" + }, + "[jsonc]": { + "editor.defaultFormatter": "esbenp.prettier-vscode" + }, + "[markdown]": { + "editor.defaultFormatter": "esbenp.prettier-vscode" + }, + "[python]": { + "editor.codeActionsOnSave": { + "source.organizeImports": "explicit" + } + }, + "ansible.python.interpreterPath": "/usr/local/bin/python", + "ansibleVault.executable": "/home/vscode/venv/bin/ansible-vault", + "editor.formatOnSave": true, + "files.associations": { + "*.yaml": "ansible" + }, + "files.trimFinalNewlines": true, + "files.trimTrailingWhitespace": true, + "python.defaultInterpreterPath": "/usr/local/bin/python" + } + } + } +} From c67c9780b52959331861828465af522059bf760b Mon Sep 17 00:00:00 2001 From: John Ratliff Date: Thu, 9 May 2024 10:10:38 +0000 Subject: [PATCH 2/8] update rke2 inventory add rke2 group for added targeting --- Ansible/Playbooks/RKE2/inventory/group_vars/all.yaml | 1 - Ansible/Playbooks/RKE2/inventory/hosts.ini | 9 +++++++++ 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/Ansible/Playbooks/RKE2/inventory/group_vars/all.yaml b/Ansible/Playbooks/RKE2/inventory/group_vars/all.yaml index 458b16e..c35b3e0 100644 --- a/Ansible/Playbooks/RKE2/inventory/group_vars/all.yaml +++ b/Ansible/Playbooks/RKE2/inventory/group_vars/all.yaml @@ -13,6 +13,5 @@ rke2_version: "v1.29.4+rke2r1" rke2_install_dir: "/usr/local/bin" rke2_binary_url: "https://github.com/rancher/rke2/releases/download/{{ rke2_version }}/rke2.linux-amd64" -ansible_user: ubuntu ansible_become: true ansible_become_method: sudo diff --git a/Ansible/Playbooks/RKE2/inventory/hosts.ini b/Ansible/Playbooks/RKE2/inventory/hosts.ini index 2ebbc5d..2cd7cac 100644 --- a/Ansible/Playbooks/RKE2/inventory/hosts.ini +++ b/Ansible/Playbooks/RKE2/inventory/hosts.ini @@ -9,3 +9,12 @@ server3 ansible_host=192.168.3.23 [agents] agent1 ansible_host=192.168.3.24 agent2 ansible_host=192.168.3.25 + +[rke2] + +[rke2:children] +servers +agents + +[rke2:vars] +ansible_user=ansible From f70bd28c564f5c1dc61b719bea367429dcf0c599 Mon Sep 17 00:00:00 2001 From: John Ratliff Date: Thu, 9 May 2024 10:16:30 +0000 Subject: [PATCH 3/8] add ansible config specifies inventory automatically disables host key checking --- Ansible/Playbooks/RKE2/ansible.cfg | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 Ansible/Playbooks/RKE2/ansible.cfg diff --git a/Ansible/Playbooks/RKE2/ansible.cfg b/Ansible/Playbooks/RKE2/ansible.cfg new file mode 100644 index 0000000..db1bdd4 --- /dev/null +++ b/Ansible/Playbooks/RKE2/ansible.cfg @@ -0,0 +1,3 @@ +[defaults] +inventory = inventory/hosts.ini +host_key_checking = false From dffd6962a445bb73f931d8956fe26c901032c409 Mon Sep 17 00:00:00 2001 From: John Ratliff Date: Thu, 9 May 2024 10:25:29 +0000 Subject: [PATCH 4/8] move rke2 vars to role default values are in defaults url in vars since that pattern should never change --- Ansible/Playbooks/RKE2/inventory/group_vars/all.yaml | 5 ++--- Ansible/Playbooks/RKE2/roles/rke2-download/defaults/main.yml | 3 +++ Ansible/Playbooks/RKE2/roles/rke2-download/vars/main.yaml | 2 ++ 3 files changed, 7 insertions(+), 3 deletions(-) create mode 100644 Ansible/Playbooks/RKE2/roles/rke2-download/defaults/main.yml diff --git a/Ansible/Playbooks/RKE2/inventory/group_vars/all.yaml b/Ansible/Playbooks/RKE2/inventory/group_vars/all.yaml index c35b3e0..5af9f3f 100644 --- a/Ansible/Playbooks/RKE2/inventory/group_vars/all.yaml +++ b/Ansible/Playbooks/RKE2/inventory/group_vars/all.yaml @@ -9,9 +9,8 @@ metallb_version: v0.13.12 lb_range: 192.168.3.80-192.168.3.90 lb_pool_name: first-pool -rke2_version: "v1.29.4+rke2r1" -rke2_install_dir: "/usr/local/bin" -rke2_binary_url: "https://github.com/rancher/rke2/releases/download/{{ rke2_version }}/rke2.linux-amd64" +# Set this if you want a different rke2 version than the default +# rke2_version: "v1.29.4+rke2r1" ansible_become: true ansible_become_method: sudo diff --git a/Ansible/Playbooks/RKE2/roles/rke2-download/defaults/main.yml b/Ansible/Playbooks/RKE2/roles/rke2-download/defaults/main.yml new file mode 100644 index 0000000..b2cd72c --- /dev/null +++ b/Ansible/Playbooks/RKE2/roles/rke2-download/defaults/main.yml @@ -0,0 +1,3 @@ +--- +rke2_install_dir: "/usr/local/bin" +rke2_version: "v1.29.4+rke2r1" diff --git a/Ansible/Playbooks/RKE2/roles/rke2-download/vars/main.yaml b/Ansible/Playbooks/RKE2/roles/rke2-download/vars/main.yaml index e69de29..64557b6 100644 --- a/Ansible/Playbooks/RKE2/roles/rke2-download/vars/main.yaml +++ b/Ansible/Playbooks/RKE2/roles/rke2-download/vars/main.yaml @@ -0,0 +1,2 @@ +--- +rke2_binary_url: "https://github.com/rancher/rke2/releases/download/{{ rke2_version }}/rke2.{{ os }}-{{ arch }}" From a6e93c5f9ea4a02a4fcf339c9bc6df09075d3efb Mon Sep 17 00:00:00 2001 From: John Ratliff Date: Thu, 9 May 2024 10:34:36 +0000 Subject: [PATCH 5/8] fix directory permissions --- Ansible/Playbooks/RKE2/roles/kube-vip/tasks/main.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Ansible/Playbooks/RKE2/roles/kube-vip/tasks/main.yaml b/Ansible/Playbooks/RKE2/roles/kube-vip/tasks/main.yaml index aaa500b..9593515 100644 --- a/Ansible/Playbooks/RKE2/roles/kube-vip/tasks/main.yaml +++ b/Ansible/Playbooks/RKE2/roles/kube-vip/tasks/main.yaml @@ -3,7 +3,7 @@ ansible.builtin.file: path: "/var/lib/rancher/rke2/server/manifests" state: directory - mode: '0644' + mode: "0755" when: inventory_hostname in groups['servers'] # Copy kube-vip to server 1 manifest folder for auto deployment at bootstrap @@ -13,5 +13,5 @@ dest: /var/lib/rancher/rke2/server/manifests/kube-vip.yaml owner: root group: root - mode: '0644' + mode: "0644" when: inventory_hostname == groups['servers'][0] From eb346e7fb0e3e7965f6c5479329ebc1a73baa23f Mon Sep 17 00:00:00 2001 From: John Ratliff Date: Thu, 9 May 2024 10:46:51 +0000 Subject: [PATCH 6/8] move defaults into role --- Ansible/Playbooks/RKE2/inventory/group_vars/all.yaml | 12 +++++++----- .../Playbooks/RKE2/roles/kube-vip/defaults/main.yaml | 3 +++ 2 files changed, 10 insertions(+), 5 deletions(-) create mode 100644 Ansible/Playbooks/RKE2/roles/kube-vip/defaults/main.yaml diff --git a/Ansible/Playbooks/RKE2/inventory/group_vars/all.yaml b/Ansible/Playbooks/RKE2/inventory/group_vars/all.yaml index 5af9f3f..dcf978e 100644 --- a/Ansible/Playbooks/RKE2/inventory/group_vars/all.yaml +++ b/Ansible/Playbooks/RKE2/inventory/group_vars/all.yaml @@ -1,16 +1,18 @@ +--- os: "linux" arch: "amd64" -kube_vip_version: "v0.8.0" -vip_interface: eth0 vip: 192.168.3.50 metallb_version: v0.13.12 lb_range: 192.168.3.80-192.168.3.90 lb_pool_name: first-pool -# Set this if you want a different rke2 version than the default -# rke2_version: "v1.29.4+rke2r1" - ansible_become: true ansible_become_method: sudo +################################################################################ +# options to change default values +# kube_vip_version: "v0.8.0" +# vip_interface: "eth0" +# rke2_version: "v1.29.4+rke2r1" +# rke2_install_dir: "/usr/local/bin" diff --git a/Ansible/Playbooks/RKE2/roles/kube-vip/defaults/main.yaml b/Ansible/Playbooks/RKE2/roles/kube-vip/defaults/main.yaml new file mode 100644 index 0000000..4de5242 --- /dev/null +++ b/Ansible/Playbooks/RKE2/roles/kube-vip/defaults/main.yaml @@ -0,0 +1,3 @@ +--- +kube_vip_version: v0.8.0 +vip_interface: eth0 From 26e36348f94844a5733a18ea2f5606bac29f3bbe Mon Sep 17 00:00:00 2001 From: John Ratliff Date: Thu, 9 May 2024 10:47:03 +0000 Subject: [PATCH 7/8] add role argument validation --- .../roles/kube-vip/meta/argument_specs.yml | 22 +++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 Ansible/Playbooks/RKE2/roles/kube-vip/meta/argument_specs.yml diff --git a/Ansible/Playbooks/RKE2/roles/kube-vip/meta/argument_specs.yml b/Ansible/Playbooks/RKE2/roles/kube-vip/meta/argument_specs.yml new file mode 100644 index 0000000..08e7240 --- /dev/null +++ b/Ansible/Playbooks/RKE2/roles/kube-vip/meta/argument_specs.yml @@ -0,0 +1,22 @@ +--- +argument_specs: + main: + short_description: Install kube-vip manifest + description: Install kube-vip manifest + author: + - James Turland + options: + kube_vip_version: + type: str + required: false + default: v0.8.0 + description: Version of kube-vip to install + vip_interface: + type: str + required: false + default: eth0 + description: Interface to bind kube-vip + vip: + type: str + required: true + description: The virtual IP to use with kube-vip From 4a231dc838f800c7ca088cecfc503cdbd0ebbf16 Mon Sep 17 00:00:00 2001 From: John Ratliff Date: Thu, 9 May 2024 10:48:51 +0000 Subject: [PATCH 8/8] combine roles Use one play for both roles since the targets are the same Fact gathering disabled because it's slow and not needed for anything in the roles --- Ansible/Playbooks/RKE2/site.yaml | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) diff --git a/Ansible/Playbooks/RKE2/site.yaml b/Ansible/Playbooks/RKE2/site.yaml index d885cbb..fe833c6 100644 --- a/Ansible/Playbooks/RKE2/site.yaml +++ b/Ansible/Playbooks/RKE2/site.yaml @@ -13,16 +13,11 @@ # bootstraps first server and copies configs for others/agents - name: Prepare all nodes - hosts: servers,agents - gather_facts: true # enables us to gather lots of useful variables: https://docs.ansible.com/ansible/latest/collections/ansible/builtin/setup_module.html + hosts: rke2 + gather_facts: false # fact gathering is slow and not needed for any of our tasks + become: true roles: - prepare-nodes - -# creates directories for download and then downloads RKE2 and changes permissions -- name: Download RKE2 - hosts: servers,agents - gather_facts: true - roles: - rke2-download # Creates RKE2 bootstrap manifests folder and copies kube-vip template over (configured with variables)