Disable swap

kubernetes/tasks/k8s-dqlite_deploy.yml

@@ -1,21 +0,0 @@
-- name: Add Dqlite/dev Repository
-  ansible.builtin.apt_repository:
-    repo: ppa:dqlite/dev
-    codename: bionic
-
-- name: Install dependencies
-  package:
-      name:
-          #- musl-dev
-          - libraft-dev
-          - libsqlite3-dev
-          - libdqlite-dev
-          - dqlite
-      state: latest
-
-- name: Deploy binary
-  ansible.builtin.copy:
-    src: k8s-dqlite/k8s-dqlite
-    dest: /usr/local/bin/
-    mode: u=rwx,g=rx,o=rx
-

kubernetes/tasks/k8s-dqlite_setup.yml

@@ -1,40 +0,0 @@
-- name: Create folder for data
-  ansible.builtin.file:
-    path: /var/data/
-    state: directory
-    mode: '0755'
-
-- name: Deploy init.yaml from template
-  ansible.builtin.template:
-    src: k8s-dqlite/init.yaml.template
-    dest: /var/data/init.yaml
-
-- name: Deploy cert-config-file from template
-  when: "inventory_hostname == groups['kubernetes'][0]"
-  ansible.builtin.template:
-    src: k8s-dqlite/csr-dqlite.conf.template
-    dest: /var/tmp/csr-dqlite.conf
-
-- name: dqlite Generate certificate
-  when: "inventory_hostname == groups['kubernetes'][0]"
-  command: openssl req -x509 -newkey rsa:4096 -sha256 -days 3650 -nodes -keyout /var/data/cluster.key -out /var/data/cluster.crt -subj "/CN=k8s" -config /var/tmp/csr-dqlite.conf -extensions v3_ext
-
-- name: Fetch cluster.crt and cluster.key
-  when: "inventory_hostname == groups['kubernetes'][0]"
-  synchronize:
-    src: "{{ item }}"
-    dest: /tmp/
-    mode: pull
-  with_items:
-    - /var/data/cluster.crt
-    - /var/data/cluster.key
-
-- name: Copy cluster.crt and cluster.key to joining nodes
-  when: "inventory_hostname != groups['kubernetes'][0]"
-  ansible.builtin.copy:
-    src: "{{ item }}"
-    dest: /var/data/
-    mode: u=rw,g=r,o=r
-  with_items:
-    - /tmp/cluster.crt
-    - /tmp/cluster.key

kubernetes/tasks/prerequisites.yml

@@ -11,19 +11,9 @@
           net.bridge.bridge-nf-call-iptables = 1
   notify: reload_sysctl
 
-- name: Disable swap
-  command: swapoff -a
+-  import_tasks: ./prerequisites/swap.yml
 
-- name: Deploy containerd-config
-  ansible.builtin.copy:
-    src: containerd_config.toml
-    dest: /etc/containerd/config.toml
-    mode: u=rw,g=r,o=r
-
-- name: restart_containerd
-  ansible.builtin.service:
-    name: containerd
-    state: restarted
+-  import_tasks: ./prerequisites/containerd.yml
 
 - name: Set control-plane-dns-endpoint towards local-ip
   lineinfile:

kubernetes/tasks/prerequisites/containerd.yml

@@ -0,0 +1,24 @@
+- name: Check if containerd-service exists & is started
+  service:
+    name: containerd
+    state: started
+  ignore_errors: true
+  register: containerd_status
+  
+- name: Install containerd when not exists
+  package:
+    name:
+      - containerd
+  when: containerd_status is failed
+
+- name: Create containerd config-folder
+  file:
+    path: /etc/containerd
+    state: directory
+
+- name: Deploy containerd-config
+  ansible.builtin.copy:
+    src: containerd_config.toml
+    dest: /etc/containerd/config.toml
+    mode: u=rw,g=r,o=r
+  notify: restart_containerd

kubernetes/tasks/prerequisites/swap.yml

@@ -0,0 +1,10 @@
+- name: Disable swap-mounts
+  replace:
+    path: /etc/fstab
+    regexp: '^([ \t]*(?!#)\S+[ \t]+swap[ \t]+.*)'
+    replace: '# \1'
+
+- name: Disable active swap immediately
+  command: swapoff -va
+  changed_when: "command.stdout != ''"
+  register: command

kubernetes/templates/k8s-dqlite/csr-dqlite.conf.template

@@ -1,28 +0,0 @@
-[ req ]
-default_bits = 2048
-prompt = no
-default_md = sha256
-req_extensions = req_ext
-distinguished_name = dn
-
-[ dn ]
-C = GB
-ST = Canonical
-L = Canonical
-O = Canonical
-OU = Canonical
-CN = k8s
-
-[ req_ext ]
-subjectAltName = @alt_names
-
-[ alt_names ]
-DNS = {{ ansible_facts.fqdn }}
-IP = {{ ansible_facts.default_ipv6.address }}
-
-[ v3_ext ]
-authorityKeyIdentifier=keyid,issuer:always
-basicConstraints=CA:FALSE
-keyUsage=keyEncipherment,dataEncipherment,digitalSignature
-extendedKeyUsage=serverAuth,clientAuth
-subjectAltName=@alt_names