|
8
|
1 from pyinfra import host
|
|
|
2 from pyinfra.operations import server, files, apt, ssh, systemd
|
|
|
3 from pyinfra.facts.server import LinuxDistribution, Arch
|
|
|
4 from pyinfra.facts.files import FindInFile
|
|
|
5
|
|
|
6 bang_is_old = True # remove after upgrade
|
|
|
7 is_pi = host.get_fact(LinuxDistribution)['name'] in ['Debian', 'Raspbian GNU/Linux']
|
|
|
8 is_wifi_pi = host.name in ['frontdoor', 'living']
|
|
|
9
|
|
|
10 k3s_version = 'v1.21.2+k3s1'
|
|
|
11 master_ip = "10.5.0.1"
|
|
|
12
|
|
|
13 token = open('secrets/k3s_token', 'rt').read().strip()
|
|
|
14
|
|
|
15 server.sysctl(key='net.ipv4.ip_forward', value="1", persist=True)
|
|
|
16 server.sysctl(key='net.ipv6.conf.all.forwarding', value="1", persist=True)
|
|
|
17
|
|
|
18 # - role: download
|
|
|
19 if host.get_fact(Arch) == 'x86_64':
|
|
|
20 src = f'https://github.com/rancher/k3s/releases/download/{k3s_version}/k3s'
|
|
|
21 else:
|
|
|
22 src = f'https://github.com/rancher/k3s/releases/download/{k3s_version}/k3s-armhf'
|
|
|
23
|
|
|
24 files.download(src=src, dest='/usr/local/bin/k3s', user='root', group='root', mode='755')
|
|
|
25
|
|
|
26 # - role: raspbian
|
|
|
27 if is_pi:
|
|
|
28 old_cmdline = host.get_fact(FindInFile, path='/boot/cmdline.txt', pattern=r'.*')[0]
|
|
|
29 print(repr(old_cmdline))
|
|
|
30 if 'cgroup' not in old_cmdline:
|
|
|
31 cmdline = old_cmdline + ' cgroup_enable=cpuset cgroup_memory=1 cgroup_enable=memory'
|
|
|
32 files.line(path='/boot/cmdline.txt', line='.*', replace=cmdline)
|
|
|
33 # pi needs reboot now
|
|
|
34
|
|
|
35 server.shell(commands=[
|
|
|
36 'update-alternatives --set iptables /usr/sbin/iptables-legacy',
|
|
|
37 'update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy',
|
|
|
38 ])
|
|
|
39 # needs reboot if this changed
|
|
|
40
|
|
|
41 # - role: registries_fix
|
|
|
42 # See https://github.com/rancher/k3s/issues/1802 and https://rancher.com/docs/k3s/latest/en/installation/private-registry/
|
|
|
43 files.directory(path='/etc/rancher/k3s')
|
|
|
44 files.template(src='templates/registries.yaml.j2', dest='/etc/rancher/k3s/registries.yaml')
|
|
|
45
|
|
|
46 if host.name == 'bang':
|
|
|
47 # - role: k3s/master
|
|
|
48 files.template(
|
|
|
49 src='templates/k3s-server.service.j2',
|
|
|
50 dest='/etc/systemd/system/k3s.service',
|
|
|
51 master_ip=master_ip,
|
|
|
52 )
|
|
|
53 systemd.service(service='k3s.service', daemon_reload=True, enabled=True, restarted=True)
|
|
|
54 # /var/lib/rancher/k3s/server/node-token will soon contain secrets/k3s_token
|
|
|
55
|
|
|
56 # one-time thing at cluster create time? not sure
|
|
|
57 # - name: Replace https://localhost:6443 by https://master-ip:6443
|
|
|
58 # command: >-
|
|
|
59 # k3s kubectl config set-cluster default
|
|
|
60 # --server=https://{{ master_ip }}:6443
|
|
|
61 # --kubeconfig ~{{ ansible_user }}/.kube/config
|
|
|
62
|
|
|
63 if host.name in ['slash', 'dash', 'frontbed', 'garage']: # nodes
|
|
|
64 # - role: k3s/node
|
|
|
65 files.template(
|
|
|
66 src='templates/k3s-node.service.j2',
|
|
|
67 dest='/etc/systemd/system/k3s-node.service',
|
|
|
68 master_ip=master_ip,
|
|
|
69 token=token,
|
|
|
70 )
|
|
|
71
|
|
|
72 systemd.service(service='k3s-node.service', daemon_reload=True, enabled=True, restarted=True)
|
|
|
73
|
|
|
74 if host.name in ['bang', 'slash', 'dash']: # hosts to admin from
|
|
|
75 files.link(path='/usr/local/bin/kubectl', target='/usr/local/bin/k3s')
|
|
|
76 files.directory(path='/home/drewp/.kube', user='drewp', group='drewp')
|
|
|
77 # files.template(
|
|
|
78 # src='templates/kube-config.j2',
|
|
|
79 # dest='/home/drewp/.kube/config',
|
|
|
80 # user='drewp',
|
|
|
81 # group='drewp',
|
|
|
82 # mode='600',
|
|
|
83 # master_ip=master_ip,
|
|
|
84 # token=token,
|
|
|
85 # )
|
|
|
86 files.line(path="/home/drewp/.zshrc", line="KUBECONFIG", replace='export KUBECONFIG=/etc/rancher/k3s/k3s.yaml')
|
|
|
87
|
|
|
88 files.chown(target='/etc/rancher/k3s/k3s.yaml', user='root', group='drewp')
|
|
|
89 files.chmod(target='/etc/rancher/k3s/k3s.yaml', mode='640')
|
