Re-gatherfacts at the end for other plays

netmaker doesnt handle concurrent joins to different server-nodes well and will duplicate addresses

kubernetes/files/containerd_config.toml

@@ -1,36 +0,0 @@
-#   Copyright 2018-2022 Docker Inc.
-
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-
-#       http://www.apache.org/licenses/LICENSE-2.0
-
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
-
-disabled_plugins = []
-
-#root = "/var/lib/containerd"
-#state = "/run/containerd"
-#subreaper = true
-#oom_score = 0
-
-#[grpc]
-#  address = "/run/containerd/containerd.sock"
-#  uid = 0
-#  gid = 0
-
-#[debug]
-#  address = "/run/containerd/debug.sock"
-#  uid = 0
-#  gid = 0
-#  level = "info"
-
-[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
-  
-  [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
-    SystemdCgroup = true

kubernetes/files/k8s-dqlite/Dockerfile

@@ -1,15 +0,0 @@
-FROM golang:1-buster
-
-# Add PPA
-RUN echo "deb http://ppa.launchpad.net/dqlite/dev/ubuntu bionic main" > /etc/apt/sources.list.d/ppa_dqlite_dev_bionic.list
-RUN apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 50FB3D04
-# Install dependencies
-RUN apt update -y && apt install -y build-essential git libraft-dev libsqlite3-dev libdqlite-dev
-
-# Clone
-RUN git clone https://github.com/canonical/k8s-dqlite --branch v1.0.4 /k8s-dqlite
-WORKDIR /k8s-dqlite
-
-# Compile
-ENV CGO_LDFLAGS_ALLOW="-Wl,-z,now"
-RUN go build -o k8s-dqlite -tags libsqlite3,dqlite k8s-dqlite.go

kubernetes/handlers/main.yml

@@ -1,3 +0,0 @@
-- name: reload_sysctl
-  command: sysctl --system
-

kubernetes/meta/main.yml

@@ -1,3 +0,0 @@
----
-dependencies:
-    - { role: docker }

kubernetes/tasks/deploy_cilium.yml

@@ -1,12 +0,0 @@
-- name: Deploy Cilium-CLI
-  ansible.builtin.unarchive:
-    src: https://github.com/cilium/cilium-cli/releases/latest/download/cilium-linux-amd64.tar.gz
-    dest: /usr/local/bin
-    remote_src: yes
-    mode: u=rwx,g=rx,o=rx
-
-- name: Install Cilium
-  when: "inventory_hostname == groups['kubernetes'][0]"
-  command: -cilium install
-  environment: 
-    KUBECONFIG: /etc/kubernetes/admin.conf

kubernetes/tasks/k8s-dqlite_deploy.yml

@@ -1,21 +0,0 @@
-- name: Add Dqlite/dev Repository
-  ansible.builtin.apt_repository:
-    repo: ppa:dqlite/dev
-    codename: bionic
-
-- name: Install dependencies
-  package:
-      name:
-          #- musl-dev
-          - libraft-dev
-          - libsqlite3-dev
-          - libdqlite-dev
-          - dqlite
-      state: latest
-
-- name: Deploy binary
-  ansible.builtin.copy:
-    src: k8s-dqlite/k8s-dqlite
-    dest: /usr/local/bin/
-    mode: u=rwx,g=rx,o=rx
-

kubernetes/tasks/k8s-dqlite_setup.yml

@@ -1,40 +0,0 @@
-- name: Create folder for data
-  ansible.builtin.file:
-    path: /var/data/
-    state: directory
-    mode: '0755'
-
-- name: Deploy init.yaml from template
-  ansible.builtin.template:
-    src: k8s-dqlite/init.yaml.template
-    dest: /var/data/init.yaml
-
-- name: Deploy cert-config-file from template
-  when: "inventory_hostname == groups['kubernetes'][0]"
-  ansible.builtin.template:
-    src: k8s-dqlite/csr-dqlite.conf.template
-    dest: /var/tmp/csr-dqlite.conf
-
-- name: dqlite Generate certificate
-  when: "inventory_hostname == groups['kubernetes'][0]"
-  command: openssl req -x509 -newkey rsa:4096 -sha256 -days 3650 -nodes -keyout /var/data/cluster.key -out /var/data/cluster.crt -subj "/CN=k8s" -config /var/tmp/csr-dqlite.conf -extensions v3_ext
-
-- name: Fetch cluster.crt and cluster.key
-  when: "inventory_hostname == groups['kubernetes'][0]"
-  synchronize:
-    src: "{{ item }}"
-    dest: /tmp/
-    mode: pull
-  with_items:
-    - /var/data/cluster.crt
-    - /var/data/cluster.key
-
-- name: Copy cluster.crt and cluster.key to joining nodes
-  when: "inventory_hostname != groups['kubernetes'][0]"
-  ansible.builtin.copy:
-    src: "{{ item }}"
-    dest: /var/data/
-    mode: u=rw,g=r,o=r
-  with_items:
-    - /tmp/cluster.crt
-    - /tmp/cluster.key

kubernetes/tasks/k8s_deploy.yml

@@ -1,28 +0,0 @@
-- name: Add Google-Cloud key
-  apt_key:
-      url: https://packages.cloud.google.com/apt/doc/apt-key.gpg
-      state: present
-
-- name: Add Kubernetes Repository
-  apt_repository:
-      repo: "deb https://apt.kubernetes.io/ kubernetes-xenial main"
-      state: present
-      filename: kubernetes
-      update_cache: yes
-
-- name: Install kubernetes-tools
-  package:
-      name:
-          - kubeadm
-          - kubelet
-          - kubectl
-      state: latest
-
-- name: Hold upgrades for kubernetes-tools
-  dpkg_selections:
-      name: "{{ item }}"
-      selection: hold
-  loop:
-      - kubeadm
-      - kubelet
-      - kubectl

kubernetes/tasks/k8s_setup-cluster.yml

@@ -1,4 +0,0 @@
-- name: Join other nodes to cluster
-  when: "inventory_hostname != groups['kubernetes'][0]"
-  command: 
-

kubernetes/tasks/k8s_setup.yml

@@ -1,9 +0,0 @@
-- name: Initialize Kubernetes Cluster
-  when: "inventory_hostname == groups['kubernetes'][0]"
-  command: kubeadm init --control-plane-endpoint={{ control_plane.dns_name }}
-  #--upload-certs
-
-- name: Set environment-var for config
-  lineinfile:
-      dest: ~/.bashrc
-      line: "export KUBECONFIG=/etc/kubernetes/admin.conf"

kubernetes/tasks/main.yml

@@ -1,9 +0,0 @@
-- import_tasks: ./prerequisites.yml
-
-- import_tasks: ./k8s_deploy.yml
-
-- import_tasks: ./k8s_setup.yml
-
-- import_tasks: ./deploy_cilium.yml
-
-#- import_tasks: ./k8s_setup-cluster.yml

kubernetes/tasks/prerequisites.yml

@@ -1,31 +0,0 @@
-- name: Load br_netfilter kernel-module
-  modprobe:
-      name: br_netfilter
-      state: present
-
-- name: Set sysctl settings for iptables bridged traffic
-  copy:
-      dest: "/etc/sysctl.d/kubernetes.conf"
-      content: |
-          net.bridge.bridge-nf-call-ip6tables = 1
-          net.bridge.bridge-nf-call-iptables = 1
-  notify: reload_sysctl
-
-- name: Disable swap
-  command: swapoff -a
-
-- name: Deploy containerd-config
-  ansible.builtin.copy:
-    src: containerd_config.toml
-    dest: /etc/containerd/config.toml
-    mode: u=rw,g=r,o=r
-
-- name: restart_containerd
-  ansible.builtin.service:
-    name: containerd
-    state: restarted
-
-- name: Set control-plane-dns-endpoint towards local-ip
-  lineinfile:
-      dest: /etc/hosts
-      line: "{{ ansible_facts.default_ipv6.address }} k8s-control-plane.system.ruekov.eu" 

kubernetes/templates/k8s-dqlite/csr-dqlite.conf.template

@@ -1,28 +0,0 @@
-[ req ]
-default_bits = 2048
-prompt = no
-default_md = sha256
-req_extensions = req_ext
-distinguished_name = dn
-
-[ dn ]
-C = GB
-ST = Canonical
-L = Canonical
-O = Canonical
-OU = Canonical
-CN = k8s
-
-[ req_ext ]
-subjectAltName = @alt_names
-
-[ alt_names ]
-DNS = {{ ansible_facts.fqdn }}
-IP = {{ ansible_facts.default_ipv6.address }}
-
-[ v3_ext ]
-authorityKeyIdentifier=keyid,issuer:always
-basicConstraints=CA:FALSE
-keyUsage=keyEncipherment,dataEncipherment,digitalSignature
-extendedKeyUsage=serverAuth,clientAuth
-subjectAltName=@alt_names

kubernetes/templates/k8s-dqlite/init.yaml.template

@@ -1,7 +0,0 @@
-{% if inventory_hostname != groups['kubernetes'][0] %}
-Cluster:
-{% for node in groups['kubernetes'] if node != inventory_hostname %}
-  - {{ node }}:29001
-{% endfor %}
-{% endif %}
-Address: 0.0.0.0:29001

netmaker/defauls/netmaker.yml

@@ -0,0 +1,4 @@
+netclient:
+  # Token to join default-network
+  #  leave empty to ignore
+  join_network_token:

netmaker/meta/main.yml

@@ -0,0 +1,3 @@
+---
+  dependencies:
+    - role: docker

netmaker/tasks/certs.yml

@@ -0,0 +1,4 @@
+- name: Deploy CA Certificate
+  ansible.builtin.copy:
+    src: secret_files/netmaker_server/ca/ca.crt
+    dest: /etc/ssl/certs/netmaker-ca.pem

netmaker/tasks/install.yml

@@ -0,0 +1,25 @@
+- name: Install Packages
+#  when: docker_file.stat.exists == False
+  package:
+    name:
+      - gpg
+      - gpg-agent
+
+- name: Add netmaker-key
+  apt_key:
+    url: https://apt.netmaker.org/gpg.key
+    state: present
+
+- name: Add netmaker-repository
+  apt_repository:
+    repo: "deb https:apt.netmaker.org stable main"
+    state: present
+    filename: netmaker
+    update_cache: yes
+
+- name: Install wireguard & netclient
+  package:
+    name:
+      - wireguard
+      - netclient
+    state: latest

netmaker/tasks/join-network.yml

@@ -0,0 +1,7 @@
+- name: Join netmaker-network
+  when: "netclient.join_network_token is defined"
+  command: "netclient join -t {{ netclient.join_network_token }}"
+  failed_when: command.rc != 0
+  changed_when: "'starting wireguard' in command.stdout"
+  register: command
+  throttle: 1

netmaker/tasks/main.yml

@@ -0,0 +1,8 @@
+- import_tasks: ./certs.yml
+
+- import_tasks: ./install.yml
+
+- import_tasks: ./join-network.yml
+
+- name: Gather facts to get changes
+  ansible.builtin.gather_facts: