123 lines
3.6 KiB
YAML
123 lines
3.6 KiB
YAML
---
|
|
- hosts: all
|
|
tasks:
|
|
- name: deactivate swap
|
|
command: swapoff -a
|
|
when:
|
|
- ansible_swaptotal_mb != 0
|
|
notify: disable swap
|
|
- name: upgrade all the packages
|
|
apt:
|
|
name: '*'
|
|
state: latest
|
|
update_cache: yes
|
|
tags: ['initial', 'never']
|
|
- name: install deps
|
|
apt:
|
|
name: ['aptitude', 'sudo', 'nfs-common', 'apt-transport-https', 'ca-certificates', 'curl', 'gnupg2', 'software-properties-common']
|
|
state: present
|
|
- name: import docker gpg key
|
|
apt_key:
|
|
url: "https://download.docker.com/linux/debian/gpg"
|
|
state: present
|
|
- name: add docker repository
|
|
apt_repository:
|
|
repo: "deb [arch=amd64] https://download.docker.com/linux/debian {{ansible_lsb.codename}} stable"
|
|
state: present
|
|
- name: install docker
|
|
apt:
|
|
update_cache: yes
|
|
name: ['docker-ce', 'python-pip', 'python-setuptools']
|
|
state: present
|
|
- name: enable & start docker
|
|
systemd:
|
|
name: docker
|
|
enabled: yes
|
|
state: started
|
|
- name: install wireguard repo
|
|
apt_repository:
|
|
repo: "deb http://deb.debian.org/debian/ unstable main"
|
|
state: present
|
|
- name: pin unstables
|
|
blockinfile:
|
|
path: /etc/apt/preferences.d/limit-unstable
|
|
create: yes
|
|
block: |
|
|
Package: *
|
|
Pin: release a=unstable
|
|
Pin-Priority: 90
|
|
- name: install wireguard
|
|
apt:
|
|
update_cache: yes
|
|
name: wireguard
|
|
state: present
|
|
#- name: generate wireguard keys
|
|
# shell: wg genkey | tee wg-private.key | wg pubkey > wg-public.key
|
|
# args:
|
|
# creates: wg-private.key
|
|
- name: configure wireguard interface
|
|
template:
|
|
src: templates/wireguard.cfg
|
|
dest: /etc/network/interfaces.d/wireguard.cfg
|
|
notify: restart wireguard
|
|
- name: configure wireguard connections
|
|
template:
|
|
src: templates/wg-k8s.conf
|
|
dest: /etc/wireguard/wg-k8s.conf
|
|
notify: restart wireguard
|
|
|
|
- name: install k8s apt key
|
|
apt_key:
|
|
url: https://packages.cloud.google.com/apt/doc/apt-key.gpg
|
|
state: present
|
|
- name: add k8s repository
|
|
apt_repository:
|
|
repo: "deb https://apt.kubernetes.io/ kubernetes-xenial main"
|
|
state: present
|
|
- name: install k8s
|
|
apt:
|
|
update_cache: yes
|
|
name: ["kubelet", "kubeadm", "kubectl"]
|
|
state: present
|
|
#- name: init kubeadm
|
|
# command: kubeadm init --apiserver-advertise-address 10.42.23.11 --pod-network-cidr=10.244.0.0/16 > kubeadm.log
|
|
# args:
|
|
# creates: kubeadm.log
|
|
#kubectl apply -f https://docs.projectcalico.org/v3.3/getting-started/kubernetes/installation/hosted/canal/rbac.yaml
|
|
#kubectl apply -f https://docs.projectcalico.org/v3.3/getting-started/kubernetes/installation/hosted/canal/canal.yaml
|
|
- name: restart system
|
|
command: reboot
|
|
tags: ['initial', 'never']
|
|
|
|
handlers:
|
|
- name: disable swap
|
|
lineinfile:
|
|
path: /etc/fstab
|
|
regexp: '.*swap.*'
|
|
state: absent
|
|
- name: restart wireguard
|
|
shell: ifdown wg-k8s; ifup wg-k8s
|
|
|
|
- hosts: master
|
|
tasks:
|
|
- name: install haproxy
|
|
apt:
|
|
name: haproxy
|
|
state: present
|
|
notify: restart haproxy
|
|
- name: copy haproxy template
|
|
template:
|
|
src: templates/haproxy.cfg
|
|
dest: /etc/haproxy/haproxy.cfg
|
|
notify: restart haproxy
|
|
- name: enable haproxy service
|
|
service:
|
|
name: haproxy
|
|
enabled: true
|
|
notify: restart haproxy
|
|
handlers:
|
|
- name: restart haproxy
|
|
service:
|
|
name: haproxy
|
|
state: restarted
|