Added k3s agents

Signed-off-by: Tuan-Dat Tran <tuan-dat.tran@tudattr.dev>
2024-09-20 16:57:59 +02:00 · 2024-09-20 16:57:59 +02:00 · 8fb4eaf610
parent 3aa56be025
commit 8fb4eaf610
13 changed files with 157 additions and 42 deletions
--- a/group_vars/k3s/vars.yml
+++ b/group_vars/k3s/vars.yml
@ -14,8 +14,14 @@ k3s:
      - 192.168.20.24
  loadbalancer:
    ip: 192.168.20.22
+    default_port: 6443
  db:
    ip: 192.168.20.23
    default_port: "5432"
+  agent:
+    ips:
+      - 192.168.20.25
+      - 192.168.20.26
+      - 192.168.20.27

 k3s_db_connection_string: "postgres://{{db.user}}:{{db.password}}@{{k3s.db.ip}}:{{k3s.db.default_port}}/{{db.name}}"
--- a/host_vars/k3s-agent00.yml
+++ b/host_vars/k3s-agent00.yml
@ -0,0 +1,10 @@
+---
+ansible_user: "{{ user }}"
+ansible_host: 192.168.20.25
+ansible_port: 22
+ansible_ssh_private_key_file: "{{ pk_path }}"
+ansible_become_pass: "{{ vault.k3s.server01.sudo }}"
+
+host:
+  hostname: "k3s-agent00"
+  ip: "{{ ansible_host }}"
--- a/host_vars/k3s-agent01.yml
+++ b/host_vars/k3s-agent01.yml
@ -0,0 +1,10 @@
+---
+ansible_user: "{{ user }}"
+ansible_host: 192.168.20.26
+ansible_port: 22
+ansible_ssh_private_key_file: "{{ pk_path }}"
+ansible_become_pass: "{{ vault.k3s.server01.sudo }}"
+
+host:
+  hostname: "k3s-agent01"
+  ip: "{{ ansible_host }}"
--- a/host_vars/k3s-agent02.yml
+++ b/host_vars/k3s-agent02.yml
@ -0,0 +1,10 @@
+---
+ansible_user: "{{ user }}"
+ansible_host: 192.168.20.27
+ansible_port: 22
+ansible_ssh_private_key_file: "{{ pk_path }}"
+ansible_become_pass: "{{ vault.k3s.server01.sudo }}"
+
+host:
+  hostname: "k3s-agent02"
+  ip: "{{ ansible_host }}"
--- a/k3s-agents.yml
+++ b/k3s-agents.yml
@ -0,0 +1,31 @@
+- name: Set up Agents
+  hosts: k3s_nodes
+  gather_facts: yes
+  vars_files:
+    - secrets.yml
+  pre_tasks:
+    - name: Get K3s token from the first server
+      when: host.ip == k3s.server.ips[0] and inventory_hostname in groups["k3s_server"]
+      slurp:
+        src: /var/lib/rancher/k3s/server/node-token
+      register: k3s_token
+      become: true
+
+    - name: Set fact on k3s.server.ips[0]
+      when: host.ip == k3s.server.ips[0] and inventory_hostname in groups["k3s_server"]
+      set_fact: k3s_token="{{ k3s_token['content'] | b64decode | trim }}"
+
+  roles:
+    - role: common
+      when: inventory_hostname in groups["k3s_agent"]
+      tags:
+        - common
+    - role: k3s_agent
+      when: inventory_hostname in groups["k3s_agent"]
+      k3s_token: "{{ hostvars[(hostvars | dict2items | map(attribute='value') | map('dict2items') | map('selectattr', 'key', 'match', 'host') | map('selectattr', 'value.ip', 'match', k3s.server.ips[0] ) | select() | first | items2dict).host.hostname].k3s_token }}"
+      tags:
+        - k3s_agent
+    - role: node_exporter
+      when: inventory_hostname in groups["k3s_agent"]
+      tags:
+        - node_exporter
--- a/22
+++ b/22
@ -2,21 +2,39 @@
 mii

 [k3s]
-k3s-server00
-k3s-server01
 k3s-postgres
 k3s-loadbalancer
+k3s-server00
+k3s-server01
+k3s-agent00
+k3s-agent01
+k3s-agent02

 [k3s_server]
 k3s-server00
 k3s-server01

+[k3s_agent]
+k3s-agent00
+k3s-agent01
+k3s-agent02
+
 [vm]
+k3s-agent00
+k3s-agent01
+k3s-agent02
 k3s-server00
 k3s-server01
 k3s-postgres
 k3s-loadbalancer

+[k3s_nodes]
+k3s-server00
+k3s-server01
+k3s-agent00
+k3s-agent01
+k3s-agent02
+
 [db]
 k3s-postgres

--- a/roles/helm/tasks/main.yml
+++ b/roles/helm/tasks/main.yml
@ -0,0 +1,3 @@
+---
+- include_tasks: installation.yml
+- include_tasks: apps.yml
--- a/roles/k3s_agent/handlers/main.yml
+++ b/roles/k3s_agent/handlers/main.yml
@ -0,0 +1,6 @@
+---
+- name: Restart k3s
+  service:
+    name: k3s
+    state: restarted
+  become: yes
--- a/roles/k3s_agent/tasks/installation.yml
+++ b/roles/k3s_agent/tasks/installation.yml
@ -0,0 +1,21 @@
+---
+- name: See if k3s file exists
+  stat:
+    path: /usr/local/bin/k3s
+  register: k3s_status
+
+- name: Download K3s install script to /tmp/
+  when: not k3s_status.stat.exists
+  ansible.builtin.get_url:
+    url: https://get.k3s.io
+    dest: /tmp/k3s_install.sh
+    mode: "0755"
+
+- name: Install K3s on the secondary servers
+  when: not k3s_status.stat.exists
+  command: |
+    /tmp/k3s_install.sh
+  environment:
+    K3S_URL: "https://{{ k3s.loadbalancer.ip }}:{{k3s.loadbalancer.default_port}}"
+    K3S_TOKEN: "{{ k3s_token }}"
+  become: true
--- a/roles/k3s_agent/tasks/main.yml
+++ b/roles/k3s_agent/tasks/main.yml
@ -0,0 +1,2 @@
+---
+- include_tasks: installation.yml
--- a/roles/k3s_server/handlers/main.yml
+++ b/roles/k3s_server/handlers/main.yml
@ -1,5 +1,5 @@
 ---
- name: Restart sshd
+- name: Restart k3s
  service:
    name: k3s
    state: restarted
--- a/roles/k3s_server/tasks/installation.yml
+++ b/roles/k3s_server/tasks/installation.yml
@ -1,32 +1,38 @@
 ---
-# - name: Download K3s install script to /tmp/
-#   ansible.builtin.get_url:
-#     url: https://get.k3s.io
-#     dest: /tmp/k3s_install.sh
-#     mode: "0755"
-#
-# - name: Install K3s server with node taint and TLS SAN
-#   when: host.ip == k3s.server.ips[0]
-#   command: |
-#     /tmp/k3s_install.sh server \
-#     --node-taint CriticalAddonsOnly=true:NoExecute \
-#     --tls-san {{ k3s.loadbalancer.ip }}
-#   environment:
-#     K3S_DATASTORE_ENDPOINT: "{{ k3s_db_connection_string }}"
-#   become: true
-#   async: 300
-#   poll: 0
-#   register: k3s_primary_install
-#
-# - name: Wait for K3s to be installed
-#   when: host.ip == k3s.server.ips[0]
-#   async_status:
-#     jid: "{{ k3s_primary_install.ansible_job_id }}"
-#   register: k3s_primary_install_status
-#   until: k3s_primary_install_status.finished
-#   retries: 60
-#   delay: 5
-#   become: true
+- name: See if k3s file exists
+  stat:
+    path: /usr/local/bin/k3s
+  register: k3s_status
+
+- name: Download K3s install script to /tmp/
+  when: not k3s_status.stat.exists
+  ansible.builtin.get_url:
+    url: https://get.k3s.io
+    dest: /tmp/k3s_install.sh
+    mode: "0755"
+
+- name: Install K3s server with node taint and TLS SAN
+  when: (host.ip == k3s.server.ips[0] and (not k3s_status.stat.exists))
+  command: |
+    /tmp/k3s_install.sh server \
+    --node-taint CriticalAddonsOnly=true:NoExecute \
+    --tls-san {{ k3s.loadbalancer.ip }}
+  environment:
+    K3S_DATASTORE_ENDPOINT: "{{ k3s_db_connection_string }}"
+  become: true
+  async: 300
+  poll: 0
+  register: k3s_primary_install
+
+- name: Wait for K3s to be installed
+  when: (host.ip == k3s.server.ips[0] and (not k3s_status.stat.exists))
+  async_status:
+    jid: "{{ k3s_primary_install.ansible_job_id }}"
+  register: k3s_primary_install_status
+  until: k3s_primary_install_status.finished
+  retries: 60
+  delay: 5
+  become: true

 - name: Get K3s token from the first server
  when: host.ip == k3s.server.ips[0]
@ -39,16 +45,8 @@
  when: host.ip == k3s.server.ips[0]
  set_fact: k3s_token="{{ k3s_token['content'] | b64decode | trim }}"

- name: showdata
-  when: host.ip != k3s.server.ips[0]
-  debug:
-    msg: "{{a}} {{k3s_datastore_endpoint}}"
-  vars:
-    k3s_datastore_endpoint: "{{ k3s_db_connection_string }}"
-    a: "{{ hostvars[(hostvars | dict2items | map(attribute='value') | map('dict2items') | map('selectattr', 'key', 'match', 'host') | map('selectattr', 'value.ip', 'match', k3s.server.ips[0] ) | select() | first | items2dict).host.hostname].k3s_token }}"
-
 - name: Install K3s on the secondary servers
-  when: host.ip != k3s.server.ips[0]
+  when: (host.ip != k3s.server.ips[0] and (not k3s_status.stat.exists))
  command: |
    /tmp/k3s_install.sh server \
    --node-taint CriticalAddonsOnly=true:NoExecute \
--- a/roles/loadbalancer/templates/nginx.conf.j2
+++ b/roles/loadbalancer/templates/nginx.conf.j2
@ -5,12 +5,12 @@ events {}
 stream {
  upstream k3s_servers {
    {% for ip in k3s_server_ips %}
-    server {{ ip }}:6443;
+    server {{ ip }}:{{k3s.loadbalancer.default_port}};
    {% endfor %}
  }

  server {
-    listen 6443;
+    listen {{k3s.loadbalancer.default_port}};
    proxy_pass k3s_servers;
  }
 }