Ruakij/Ansible-roles
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: Ruakij:role_kubernetes
Branches Tags
Ruakij:main Ruakij:role_kubernetes-k3s Ruakij:role_nftables Ruakij:role_wireguard-ipv6-converter Ruakij:role_netbird_client Ruakij:role_nomad Ruakij:role_netmaker_server Ruakij:role_netmaker Ruakij:role_common Ruakij:role_kubernetes-rke2 Ruakij:role_kubernetes Ruakij:role_docker Ruakij:role_ansible Ruakij:role_zsh
..
compare: Ruakij:role_ansible
Branches Tags
Ruakij:role_kubernetes-k3s Ruakij:main Ruakij:role_nftables Ruakij:role_wireguard-ipv6-converter Ruakij:role_netbird_client Ruakij:role_nomad Ruakij:role_netmaker_server Ruakij:role_netmaker Ruakij:role_common Ruakij:role_kubernetes-rke2 Ruakij:role_kubernetes Ruakij:role_docker Ruakij:role_ansible Ruakij:role_zsh

1 Commits
role_kuber ... role_ansib

Author SHA1 Message Date
Ruakij
8537ea2b9e Add role ansible 2022-10-17 13:00:24 +02:00
25 changed files with 5 additions and 437 deletions
Expand all files Collapse all files

5
ansible/tasks/main.yml Normal file
View File

@@ -0,0 +1,5 @@
- name: Install ansible packages
package:
name:
- python3
state: latest

2
common/handlers/main.yml
View File

@@ -1,2 +0,0 @@
- name: reload_sysctl
command: sysctl --system

20
common/tasks/aliases.yml
View File

@@ -1,20 +0,0 @@
- name: General aliases
blockinfile:
path: "{{ ansible_facts.env.HOME }}/.bashrc"
marker: "# {mark} ANSIBLE MANAGED BLOCK | General aliases"
block: |
alias clr="clear"
alias hgrep="history | grep"
alias syslog="tail -f --lines=100 /var/log/syslog"
alias cp="rsync -hlAXEptgoDS --numeric-ids --info=progress2"
- name: ls aliases and colors
blockinfile:
path: "{{ ansible_facts.env.HOME }}/.bashrc"
marker: "# {mark} ANSIBLE MANAGED BLOCK | ls aliases and colors"
block: |
export LS_OPTIONS='--color=auto'
eval "`dircolors`"
alias ls='ls $LS_OPTIONS'
alias ll='ls $LS_OPTIONS -l'
alias l='ls $LS_OPTIONS -la'

7
common/tasks/main.yml
View File

@@ -1,7 +0,0 @@
- import_tasks: ./packages.yml
- import_tasks: ./ssh.yml
- import_tasks: ./packages.yml
- import_tasks: ./aliases.yml

20
common/tasks/packages.yml
View File

@@ -1,20 +0,0 @@
- name: Update Packages
apt:
update_cache: yes
upgrade: yes
when: ansible_facts.distribution == "Debian"
- name: Install Packages
package:
name:
- gpg
- htop
- iotop
- slurm
- sudo
- screen
- curl
- rsync
- zstd
state: latest
when: ansible_facts.distribution == "Debian"

12
common/tasks/ssh.yml
View File

@@ -1,12 +0,0 @@
- name: Disable SSH password auth
lineinfile:
dest: /etc/ssh/sshd_config
regexp: '^PasswordAuthentication\s*yes'
line: "PasswordAuthentication no"
register: sshd_config
- name: Restart SSH daemon
service:
name: sshd
state: restarted
when: sshd_config.changed

2
docker/files/docker-compose
View File

@@ -1,2 +0,0 @@
#!/bin/sh
docker compose $@

4
docker/handlers/main.yml
View File

@@ -1,4 +0,0 @@
- name: restart_docker
service:
name: "docker"
state: restarted

40
docker/tasks/main.yml
View File

@@ -1,40 +0,0 @@
#- name: Check if docker is already installed
# stat:
# path: /usr/bin/docker
# register: docker_file
- name: Install Packages
# when: docker_file.stat.exists == False
package:
name:
- gpg
- gpg-agent
- name: Add docker-key
apt_key:
url: https://download.docker.com/linux/debian/gpg
state: present
- name: Add docker-repository
apt_repository:
repo: "deb https://download.docker.com/linux/{{ ansible_facts.distribution | lower }} {{ ansible_facts.distribution_release }} stable"
state: present
filename: docker
update_cache: yes
- name: Install docker
package:
name:
- docker-ce
- docker-ce-cli
- containerd.io
- docker-compose-plugin
- pass
state: latest
- name: Deploy docker-compose command to new docker compose plugin
ansible.builtin.copy:
src: docker-compose
dest: "/usr/local/bin/docker-compose"
mode: preserve

36
kubernetes/files/containerd_config.toml
View File

@@ -1,36 +0,0 @@
# Copyright 2018-2022 Docker Inc.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
disabled_plugins = []
#root = "/var/lib/containerd"
#state = "/run/containerd"
#subreaper = true
#oom_score = 0
#[grpc]
# address = "/run/containerd/containerd.sock"
# uid = 0
# gid = 0
#[debug]
# address = "/run/containerd/debug.sock"
# uid = 0
# gid = 0
# level = "info"
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
SystemdCgroup = true

15
kubernetes/files/k8s-dqlite/Dockerfile
View File

@@ -1,15 +0,0 @@
FROM golang:1-buster
# Add PPA
RUN echo "deb http://ppa.launchpad.net/dqlite/dev/ubuntu bionic main" > /etc/apt/sources.list.d/ppa_dqlite_dev_bionic.list
RUN apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 50FB3D04
# Install dependencies
RUN apt update -y && apt install -y build-essential git libraft-dev libsqlite3-dev libdqlite-dev
# Clone
RUN git clone https://github.com/canonical/k8s-dqlite --branch v1.0.4 /k8s-dqlite
WORKDIR /k8s-dqlite
# Compile
ENV CGO_LDFLAGS_ALLOW="-Wl,-z,now"
RUN go build -o k8s-dqlite -tags libsqlite3,dqlite k8s-dqlite.go

BIN
kubernetes/files/k8s-dqlite/k8s-dqlite
View File

Binary file not shown.

3
kubernetes/handlers/main.yml
View File

@@ -1,3 +0,0 @@
- name: reload_sysctl
command: sysctl --system

3
kubernetes/meta/main.yml
View File

@@ -1,3 +0,0 @@
---
dependencies:
- { role: docker }

12
kubernetes/tasks/deploy_cilium.yml
View File

@@ -1,12 +0,0 @@
- name: Deploy Cilium-CLI
ansible.builtin.unarchive:
src: https://github.com/cilium/cilium-cli/releases/latest/download/cilium-linux-amd64.tar.gz
dest: /usr/local/bin
remote_src: yes
mode: u=rwx,g=rx,o=rx
- name: Install Cilium
when: "inventory_hostname == groups['kubernetes'][0]"
command: -cilium install
environment:
KUBECONFIG: /etc/kubernetes/admin.conf

28
kubernetes/tasks/k8s_deploy.yml
View File

@@ -1,28 +0,0 @@
- name: Add Google-Cloud key
apt_key:
url: https://packages.cloud.google.com/apt/doc/apt-key.gpg
state: present
- name: Add Kubernetes Repository
apt_repository:
repo: "deb https://apt.kubernetes.io/ kubernetes-xenial main"
state: present
filename: kubernetes
update_cache: yes
- name: Install kubernetes-tools
package:
name:
- kubeadm
- kubelet
- kubectl
state: latest
- name: Hold upgrades for kubernetes-tools
dpkg_selections:
name: "{{ item }}"
selection: hold
loop:
- kubeadm
- kubelet
- kubectl

4
kubernetes/tasks/k8s_setup-cluster.yml
View File

@@ -1,4 +0,0 @@
- name: Join other nodes to cluster
when: "inventory_hostname != groups['kubernetes'][0]"
command:

9
kubernetes/tasks/k8s_setup.yml
View File

@@ -1,9 +0,0 @@
- name: Initialize Kubernetes Cluster
when: "inventory_hostname == groups['kubernetes'][0]"
command: kubeadm init --control-plane-endpoint={{ control_plane.dns_name }}
#--upload-certs
- name: Set environment-var for config
lineinfile:
dest: ~/.bashrc
line: "export KUBECONFIG=/etc/kubernetes/admin.conf"

9
kubernetes/tasks/main.yml
View File

@@ -1,9 +0,0 @@
- import_tasks: ./prerequisites.yml
- import_tasks: ./k8s_deploy.yml
- import_tasks: ./k8s_setup.yml
- import_tasks: ./deploy_cilium.yml
#- import_tasks: ./k8s_setup-cluster.yml

21
kubernetes/tasks/prerequisites.yml
View File

@@ -1,21 +0,0 @@
- name: Load br_netfilter kernel-module
modprobe:
name: br_netfilter
state: present
- name: Set sysctl settings for iptables bridged traffic
copy:
dest: "/etc/sysctl.d/kubernetes.conf"
content: |
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
notify: reload_sysctl
- import_tasks: ./prerequisites/swap.yml
- import_tasks: ./prerequisites/containerd.yml
- name: Set control-plane-dns-endpoint towards local-ip
lineinfile:
dest: /etc/hosts
line: "{{ ansible_facts.default_ipv6.address }} k8s-control-plane.system.ruekov.eu"

24
kubernetes/tasks/prerequisites/containerd.yml
View File

@@ -1,24 +0,0 @@
- name: Check if containerd-service exists & is started
service:
name: containerd
state: started
ignore_errors: true
register: containerd_status
- name: Install containerd when not exists
package:
name:
- containerd
when: containerd_status is failed
- name: Create containerd config-folder
file:
path: /etc/containerd
state: directory
- name: Deploy containerd-config
ansible.builtin.copy:
src: containerd_config.toml
dest: /etc/containerd/config.toml
mode: u=rw,g=r,o=r
notify: restart_containerd

10
kubernetes/tasks/prerequisites/swap.yml
View File

@@ -1,10 +0,0 @@
- name: Disable swap-mounts
replace:
path: /etc/fstab
regexp: '^([ \t]*(?!#)\S+[ \t]+swap[ \t]+.*)'
replace: '# \1'
- name: Disable active swap immediately
command: swapoff -va
changed_when: "command.stdout != ''"
register: command

7
kubernetes/templates/k8s-dqlite/init.yaml.jinja2
View File

@@ -1,7 +0,0 @@
{% if inventory_hostname != groups['kubernetes'][0] %}
Cluster:
{% for node in groups['kubernetes'] if node != inventory_hostname %}
- {{ node }}:29001
{% endfor %}
{% endif %}
Address: 0.0.0.0:29001

105
zsh/files/.zshrc
View File

@@ -1,105 +0,0 @@
# If you come from bash you might have to change your $PATH.
# export PATH=$HOME/bin:/usr/local/bin:$PATH
# Path to your oh-my-zsh installation.
export ZSH="$HOME/.oh-my-zsh"
# Set name of the theme to load --- if set to "random", it will
# load a random theme each time oh-my-zsh is loaded, in which case,
# to know which specific one was loaded, run: echo $RANDOM_THEME
# See https://github.com/ohmyzsh/ohmyzsh/wiki/Themes
ZSH_THEME="agnoster"
# Set list of themes to pick from when loading at random
# Setting this variable when ZSH_THEME=random will cause zsh to load
# a theme from this variable instead of looking in $ZSH/themes/
# If set to an empty array, this variable will have no effect.
# ZSH_THEME_RANDOM_CANDIDATES=( "robbyrussell" "agnoster" )
# Uncomment the following line to use case-sensitive completion.
# CASE_SENSITIVE="true"
# Uncomment the following line to use hyphen-insensitive completion.
# Case-sensitive completion must be off. _ and - will be interchangeable.
# HYPHEN_INSENSITIVE="true"
# Uncomment one of the following lines to change the auto-update behavior
# zstyle ':omz:update' mode disabled # disable automatic updates
# zstyle ':omz:update' mode auto # update automatically without asking
# zstyle ':omz:update' mode reminder # just remind me to update when it's time
# Uncomment the following line to change how often to auto-update (in days).
# zstyle ':omz:update' frequency 13
# Uncomment the following line if pasting URLs and other text is messed up.
# DISABLE_MAGIC_FUNCTIONS="true"
# Uncomment the following line to disable colors in ls.
# DISABLE_LS_COLORS="true"
# Uncomment the following line to disable auto-setting terminal title.
# DISABLE_AUTO_TITLE="true"
# Uncomment the following line to enable command auto-correction.
# ENABLE_CORRECTION="true"
# Uncomment the following line to display red dots whilst waiting for completion.
# You can also set it to another string to have that shown instead of the default red dots.
# e.g. COMPLETION_WAITING_DOTS="%F{yellow}waiting...%f"
# Caution: this setting can cause issues with multiline prompts in zsh < 5.7.1 (see #5765)
# COMPLETION_WAITING_DOTS="true"
# Uncomment the following line if you want to disable marking untracked files
# under VCS as dirty. This makes repository status check for large repositories
# much, much faster.
# DISABLE_UNTRACKED_FILES_DIRTY="true"
# Uncomment the following line if you want to change the command execution time
# stamp shown in the history command output.
# You can set one of the optional three formats:
# "mm/dd/yyyy"|"dd.mm.yyyy"|"yyyy-mm-dd"
# or set a custom format using the strftime function format specifications,
# see 'man strftime' for details.
# HIST_STAMPS="mm/dd/yyyy"
# Would you like to use another custom folder than $ZSH/custom?
# ZSH_CUSTOM=/path/to/new-custom-folder
# Which plugins would you like to load?
# Standard plugins can be found in $ZSH/plugins/
# Custom plugins may be added to $ZSH_CUSTOM/plugins/
# Example format: plugins=(rails git textmate ruby lighthouse)
# Add wisely, as too many plugins slow down shell startup.
plugins=(
git
zsh-autosuggestions
fast-syntax-highlighting
)
source $ZSH/oh-my-zsh.sh
# User configuration
# export MANPATH="/usr/local/man:$MANPATH"
# You may need to manually set your language environment
# export LANG=en_US.UTF-8
# Preferred editor for local and remote sessions
# if [[ -n $SSH_CONNECTION ]]; then
# export EDITOR='vim'
# else
# export EDITOR='mvim'
# fi
# Compilation flags
# export ARCHFLAGS="-arch x86_64"
# Set personal aliases, overriding those provided by oh-my-zsh libs,
# plugins, and themes. Aliases can be placed here, though oh-my-zsh
# users are encouraged to define aliases within the ZSH_CUSTOM folder.
# For a full list of active aliases, run `alias`.
#
# Example aliases
# alias zshconfig="mate ~/.zshrc"
# alias ohmyzsh="mate ~/.oh-my-zsh"

44
zsh/tasks/main.yml
View File

@@ -1,44 +0,0 @@
- name: Check if user is not root
meta: end_play
when: ansible_facts.user_id == "root"
- name: Install zsh
package:
name:
- zsh
state: latest
become: yes
- name: Setup Oh-my-zsh using yay/pacman
community.general.pacman:
name:
- oh-my-zsh
- oh-my-zsh-plugin-autosuggestions
- fast-syntax-highlighting
state: latest
executable: yay
when: ansible_facts.distribution == "Archlinux"
become: yes
- name: Setup Oh-my-zsh using sh
command: 'sh -c "$(curl -fsSL https://raw.github.com/ohmyzsh/ohmyzsh/master/tools/install.sh)"'
when: ansible_facts.distribution != "Archlinux"
become: yes
- name: Symlink custom-plugins
file:
src: "/usr/share/zsh/plugins/fast-syntax-highlighting"
dest: "/usr/share/oh-my-zsh/custom/plugins/"
state: link
- name: Deploy user-config-file
ansible.builtin.copy:
src: .zshrc
dest: "{{ ansible_facts.env.HOME }}/"
- name: Symlink oh-my-zsh user-settings folder from shared
file:
src: "/usr/share/oh-my-zsh/"
dest: "{{ ansible_facts.env.HOME }}/.oh-my-zsh"
state: link