fix systemd service for k3s

roles/etcd/tasks/main.yaml

@@ -5,5 +5,5 @@
 - name: etcd configuration
   template:
     src: defaults-etcd.j2
-    dest: /etc/defaults/etcd
+    dest: /etc/default/etcd
   notify: restart etcd

roles/gluster/handlers/main.yaml

@@ -0,0 +1,5 @@
+---
+- name: restart rpcbind
+  service:
+    name: rpcbind
+    state: restarted

roles/gluster/tasks/main.yaml

@@ -1,4 +1,40 @@
 ---
+- name: install rpcbind
+  apt:
+    name: rpcbind
+- name: disable rpcbind from the internet
+  iptables:
+    action: insert
+    chain: INPUT
+    comment: drop portmapper
+    in_interface: "!nodevpn"
+    jump: DROP
+    protocol: "{{item}}"
+    destination_port: "111"
+  with_items:
+    - tcp
+    - udp
+- name: bind rpcbind to vpn ip
+  lineinfile:
+     create: yes
+     path: /etc/rpcbind.conf
+     line: "OPTIONS=-w -h {{wg_ip}}"
+     regexp: "^OPTIONS.*"
+  notify: restart rpcbind
+- name: add vpn to hosts.allow
+  lineinfile:
+     path: /etc/hosts.allow
+     line: "rpcbind: 10.0.0.0/8"
+     regexp: "rpbcind.*"
+  notify: restart rpcbind
+- name: block everyone
+  lineinfile:
+     path: /etc/hosts.deny
+     line: "rpcbind: ALL"
+     regexp: "rpcbind.*"
+  notify: restart rpcbind
+- name: fire handlers
+  meta: flush_handlers
 - name: install gluster package
   apt:
     name: glusterfs-server
@@ -15,25 +51,29 @@
   mount:
     path: /mnt/gluster
     src: /dev/sdb
-    options: noatime
+    opts: noatime
     fstype: ext4
     state: mounted
-- name: gluster peers
-  gluster_peer:
-    nodes:
-      - node01
-      - node02
-      - node03
-- name: gluster volume
-  gluster_volume:
-    name: data
-    replicas: 3
-    state: started
-    bricks: /mnt/gluster/data
-    cluster:
-      - node01
-      - node02
-      - node03
+- name: bootstrap gluster cluster
+  block:
+  - name: gluster peers
+    gluster_peer:
+      nodes:
+        - node01
+        - node02
+        - node03
+  - name: gluster volume
+    gluster_volume:
+      name: data
+      replicas: 3
+      state: present
+      bricks: /mnt/gluster/data
+      start_on_create: yes
+      cluster:
+        - node01
+        - node02
+        - node03
+  when: ansible_nodename == "node01"
 - name: gluster client package
   apt:
      name: glusterfs-client
@@ -41,6 +81,6 @@
   mount:
     path: /data
     src: "{{ansible_nodename}}:/data"
-    options: noatime
+    opts: noatime
     fstype: glusterfs
     state: mounted

roles/k3s/tasks/main.yaml

@@ -10,3 +10,8 @@
     dest: /etc/systemd/system/k3s.service
   notify: start k3s
 - name: enable and start k3s
+  systemd:
+    daemon_reload: yes
+    enabled: yes
+    name: k3s
+    state: restarted

roles/k3s/templates/service-k3s.j2

@@ -5,4 +5,4 @@ After=network-online.target
 [Service]
 Environment=K3S_TOKEN={{k3s_token}}
 Environment=K3S_DATASTORE_ENDPOINT=http://node01:2379,http://node02:2379,http://node03:2379
-Exec=/usr/local/sbin/k3s server --no-deploy traefik --bind-address {{wg_ip}} --advertise_address {{wg_ip}}
+ExecStart=/usr/local/sbin/k3s server --no-deploy traefik --bind-address {{wg_ip}} --advertise-address {{wg_ip}}

roles/wireguard/tasks/main.yaml

@@ -35,3 +35,5 @@
     path: /etc/hosts
     line: "{{item.value.wg_ip}} {{item.key}}"
   loop: "{{hostvars|dict2items}}"
+- name: fire handlers
+  meta: flush_handlers