Disable swap

common/handlers/main.yml

@@ -0,0 +1,2 @@
+- name: reload_sysctl
+  command: sysctl --system

common/tasks/aliases.yml

@@ -0,0 +1,20 @@
+- name: General aliases
+  blockinfile:
+      path: "{{ ansible_facts.env.HOME }}/.bashrc"
+      marker: "# {mark} ANSIBLE MANAGED BLOCK | General aliases"
+      block: |
+        alias clr="clear"
+        alias hgrep="history | grep"
+        alias syslog="tail -f --lines=100 /var/log/syslog"
+        alias cp="rsync -hlAXEptgoDS --numeric-ids --info=progress2"
+
+- name: ls aliases and colors
+  blockinfile:
+      path: "{{ ansible_facts.env.HOME }}/.bashrc"
+      marker: "# {mark} ANSIBLE MANAGED BLOCK | ls aliases and colors"
+      block: |
+        export LS_OPTIONS='--color=auto'
+        eval "`dircolors`"
+        alias ls='ls $LS_OPTIONS'
+        alias ll='ls $LS_OPTIONS -l'
+        alias l='ls $LS_OPTIONS -la'

common/tasks/main.yml

@@ -0,0 +1,7 @@
+- import_tasks: ./packages.yml
+
+- import_tasks: ./ssh.yml
+
+- import_tasks: ./packages.yml
+
+- import_tasks: ./aliases.yml

common/tasks/packages.yml

@@ -0,0 +1,20 @@
+- name: Update Packages
+  apt:
+      update_cache: yes
+      upgrade: yes
+  when: ansible_facts.distribution == "Debian"
+
+- name: Install Packages
+  package:
+      name:
+          - gpg
+          - htop
+          - iotop
+          - slurm
+          - sudo
+          - screen
+          - curl
+          - rsync
+          - zstd
+      state: latest
+  when: ansible_facts.distribution == "Debian"

common/tasks/ssh.yml

@@ -0,0 +1,12 @@
+- name: Disable SSH password auth
+  lineinfile:
+      dest: /etc/ssh/sshd_config
+      regexp: '^PasswordAuthentication\s*yes'
+      line: "PasswordAuthentication no"
+  register: sshd_config
+
+- name: Restart SSH daemon
+  service:
+      name: sshd
+      state: restarted
+  when: sshd_config.changed

docker/files/docker-compose

@@ -0,0 +1,2 @@
+#!/bin/sh
+docker compose $@

docker/handlers/main.yml

@@ -0,0 +1,4 @@
+- name: restart_docker
+  service:
+      name: "docker"
+      state: restarted

docker/tasks/main.yml

@@ -0,0 +1,40 @@
+#- name: Check if docker is already installed
+#  stat:
+#    path: /usr/bin/docker
+#  register: docker_file
+
+- name: Install Packages
+#  when: docker_file.stat.exists == False
+  package:
+      name:
+          - gpg
+          - gpg-agent
+
+- name: Add docker-key
+  apt_key:
+      url: https://download.docker.com/linux/debian/gpg
+      state: present
+
+- name: Add docker-repository
+  apt_repository:
+      repo: "deb https://download.docker.com/linux/{{ ansible_facts.distribution | lower }} {{ ansible_facts.distribution_release }} stable"
+      state: present
+      filename: docker
+      update_cache: yes
+
+- name: Install docker
+  package:
+      name:
+          - docker-ce
+          - docker-ce-cli
+          - containerd.io
+          - docker-compose-plugin
+          - pass
+      state: latest
+
+- name: Deploy docker-compose command to new docker compose plugin
+  ansible.builtin.copy:
+    src: docker-compose
+    dest: "/usr/local/bin/docker-compose"
+    mode: preserve
+

kubernetes/files/containerd_config.toml

@@ -0,0 +1,36 @@
+#   Copyright 2018-2022 Docker Inc.
+
+#   Licensed under the Apache License, Version 2.0 (the "License");
+#   you may not use this file except in compliance with the License.
+#   You may obtain a copy of the License at
+
+#       http://www.apache.org/licenses/LICENSE-2.0
+
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+
+disabled_plugins = []
+
+#root = "/var/lib/containerd"
+#state = "/run/containerd"
+#subreaper = true
+#oom_score = 0
+
+#[grpc]
+#  address = "/run/containerd/containerd.sock"
+#  uid = 0
+#  gid = 0
+
+#[debug]
+#  address = "/run/containerd/debug.sock"
+#  uid = 0
+#  gid = 0
+#  level = "info"
+
+[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
+  
+  [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
+    SystemdCgroup = true

kubernetes/files/k8s-dqlite/Dockerfile

@@ -0,0 +1,15 @@
+FROM golang:1-buster
+
+# Add PPA
+RUN echo "deb http://ppa.launchpad.net/dqlite/dev/ubuntu bionic main" > /etc/apt/sources.list.d/ppa_dqlite_dev_bionic.list
+RUN apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 50FB3D04
+# Install dependencies
+RUN apt update -y && apt install -y build-essential git libraft-dev libsqlite3-dev libdqlite-dev
+
+# Clone
+RUN git clone https://github.com/canonical/k8s-dqlite --branch v1.0.4 /k8s-dqlite
+WORKDIR /k8s-dqlite
+
+# Compile
+ENV CGO_LDFLAGS_ALLOW="-Wl,-z,now"
+RUN go build -o k8s-dqlite -tags libsqlite3,dqlite k8s-dqlite.go

kubernetes/handlers/main.yml

@@ -0,0 +1,3 @@
+- name: reload_sysctl
+  command: sysctl --system
+

kubernetes/meta/main.yml

@@ -0,0 +1,3 @@
+---
+dependencies:
+    - { role: docker }

kubernetes/tasks/deploy_cilium.yml

@@ -0,0 +1,12 @@
+- name: Deploy Cilium-CLI
+  ansible.builtin.unarchive:
+    src: https://github.com/cilium/cilium-cli/releases/latest/download/cilium-linux-amd64.tar.gz
+    dest: /usr/local/bin
+    remote_src: yes
+    mode: u=rwx,g=rx,o=rx
+
+- name: Install Cilium
+  when: "inventory_hostname == groups['kubernetes'][0]"
+  command: -cilium install
+  environment: 
+    KUBECONFIG: /etc/kubernetes/admin.conf

kubernetes/tasks/k8s_deploy.yml

@@ -0,0 +1,28 @@
+- name: Add Google-Cloud key
+  apt_key:
+      url: https://packages.cloud.google.com/apt/doc/apt-key.gpg
+      state: present
+
+- name: Add Kubernetes Repository
+  apt_repository:
+      repo: "deb https://apt.kubernetes.io/ kubernetes-xenial main"
+      state: present
+      filename: kubernetes
+      update_cache: yes
+
+- name: Install kubernetes-tools
+  package:
+      name:
+          - kubeadm
+          - kubelet
+          - kubectl
+      state: latest
+
+- name: Hold upgrades for kubernetes-tools
+  dpkg_selections:
+      name: "{{ item }}"
+      selection: hold
+  loop:
+      - kubeadm
+      - kubelet
+      - kubectl

kubernetes/tasks/k8s_setup-cluster.yml

@@ -0,0 +1,4 @@
+- name: Join other nodes to cluster
+  when: "inventory_hostname != groups['kubernetes'][0]"
+  command: 
+

kubernetes/tasks/k8s_setup.yml

@@ -0,0 +1,9 @@
+- name: Initialize Kubernetes Cluster
+  when: "inventory_hostname == groups['kubernetes'][0]"
+  command: kubeadm init --control-plane-endpoint={{ control_plane.dns_name }}
+  #--upload-certs
+
+- name: Set environment-var for config
+  lineinfile:
+      dest: ~/.bashrc
+      line: "export KUBECONFIG=/etc/kubernetes/admin.conf"

kubernetes/tasks/main.yml

@@ -0,0 +1,9 @@
+- import_tasks: ./prerequisites.yml
+
+- import_tasks: ./k8s_deploy.yml
+
+- import_tasks: ./k8s_setup.yml
+
+- import_tasks: ./deploy_cilium.yml
+
+#- import_tasks: ./k8s_setup-cluster.yml

kubernetes/tasks/prerequisites.yml

@@ -0,0 +1,21 @@
+- name: Load br_netfilter kernel-module
+  modprobe:
+      name: br_netfilter
+      state: present
+
+- name: Set sysctl settings for iptables bridged traffic
+  copy:
+      dest: "/etc/sysctl.d/kubernetes.conf"
+      content: |
+          net.bridge.bridge-nf-call-ip6tables = 1
+          net.bridge.bridge-nf-call-iptables = 1
+  notify: reload_sysctl
+
+-  import_tasks: ./prerequisites/swap.yml
+
+-  import_tasks: ./prerequisites/containerd.yml
+
+- name: Set control-plane-dns-endpoint towards local-ip
+  lineinfile:
+      dest: /etc/hosts
+      line: "{{ ansible_facts.default_ipv6.address }} k8s-control-plane.system.ruekov.eu" 

kubernetes/tasks/prerequisites/containerd.yml

@@ -0,0 +1,24 @@
+- name: Check if containerd-service exists & is started
+  service:
+    name: containerd
+    state: started
+  ignore_errors: true
+  register: containerd_status
+  
+- name: Install containerd when not exists
+  package:
+    name:
+      - containerd
+  when: containerd_status is failed
+
+- name: Create containerd config-folder
+  file:
+    path: /etc/containerd
+    state: directory
+
+- name: Deploy containerd-config
+  ansible.builtin.copy:
+    src: containerd_config.toml
+    dest: /etc/containerd/config.toml
+    mode: u=rw,g=r,o=r
+  notify: restart_containerd

kubernetes/tasks/prerequisites/swap.yml

@@ -0,0 +1,10 @@
+- name: Disable swap-mounts
+  replace:
+    path: /etc/fstab
+    regexp: '^([ \t]*(?!#)\S+[ \t]+swap[ \t]+.*)'
+    replace: '# \1'
+
+- name: Disable active swap immediately
+  command: swapoff -va
+  changed_when: "command.stdout != ''"
+  register: command

kubernetes/templates/k8s-dqlite/init.yaml.jinja2

@@ -0,0 +1,7 @@
+{% if inventory_hostname != groups['kubernetes'][0] %}
+Cluster:
+{% for node in groups['kubernetes'] if node != inventory_hostname %}
+  - {{ node }}:29001
+{% endfor %}
+{% endif %}
+Address: 0.0.0.0:29001