refactor(k3s): replace code with what the provisioner role now offers and store opentofu data accordingly
This commit is contained in:
NaeiKinDus
parent
1b3e0c401c
commit
95bb861049
GPG key ID:
8E52ADFF7CA8AE56
4 changed files with 22 additions and 83 deletions
|
|
@ -1,9 +1,4 @@
|
||||||
---
|
---
|
||||||
- name: gather facts if not already done
|
|
||||||
ansible.builtin.setup:
|
|
||||||
gather_subset:
|
|
||||||
- user_id
|
|
||||||
|
|
||||||
- name: group by cluster name
|
- name: group by cluster name
|
||||||
ansible.builtin.group_by:
|
ansible.builtin.group_by:
|
||||||
key: "k3s_clusters_{{ k3s_cluster_name }}_{{ k3s_cluster_role }}"
|
key: "k3s_clusters_{{ k3s_cluster_name }}_{{ k3s_cluster_role }}"
|
||||||
|
|
@ -22,40 +17,6 @@
|
||||||
k3s_nft_operators6: "{{ k3s_operator_ips | ansible.utils.ipv6 }}"
|
k3s_nft_operators6: "{{ k3s_operator_ips | ansible.utils.ipv6 }}"
|
||||||
changed_when: false
|
changed_when: false
|
||||||
|
|
||||||
- name: get local controller account information
|
|
||||||
connection: local
|
|
||||||
ansible.builtin.getent:
|
|
||||||
database: passwd
|
|
||||||
key: "{{ ansible_facts.user_id }}"
|
|
||||||
split: ":"
|
|
||||||
changed_when: false
|
|
||||||
when: ansible_facts['getent_passwd'] is undefined or ansible_facts['user_id'] not in ansible_facts['getent_passwd']
|
|
||||||
|
|
||||||
- name: set controller environment variables
|
|
||||||
ansible.builtin.set_fact:
|
|
||||||
controller_user_home: "{{ ansible_facts['getent_passwd'][ansible_facts['user_id']][4] }}"
|
|
||||||
k3sup_binary: "{{ ansible_facts['getent_passwd'][ansible_facts['user_id']][4] }}/.local/bin/k3sup"
|
|
||||||
kubeconfig_repository: "{{ ansible_facts['getent_passwd'][ansible_facts['user_id']][4] }}/.kubeconfig_repository"
|
|
||||||
changed_when: false
|
|
||||||
|
|
||||||
- name: retrieve k3sup on Ansible controller
|
|
||||||
connection: local
|
|
||||||
nullified.infrastructure.github_artifact:
|
|
||||||
asset_name: k3sup
|
|
||||||
asset_type: release
|
|
||||||
repository: alexellis/k3sup
|
|
||||||
creates: '{{ k3sup_binary }}'
|
|
||||||
cmds:
|
|
||||||
- mkdir -p $HOME/.local/bin
|
|
||||||
- "install --mode=750 {asset_dirname}/{asset_filename} {{ k3sup_binary }}"
|
|
||||||
|
|
||||||
- name: setup kubeconfig repository
|
|
||||||
connection: local
|
|
||||||
ansible.builtin.file:
|
|
||||||
path: "{{ kubeconfig_repository }}"
|
|
||||||
state: directory
|
|
||||||
mode: '0700'
|
|
||||||
|
|
||||||
- name: setup permissions
|
- name: setup permissions
|
||||||
become: true
|
become: true
|
||||||
block:
|
block:
|
||||||
|
|
|
||||||
|
|
@ -1,75 +1,56 @@
|
||||||
- name: deploy OpenTofu resource
|
- name: deploy OpenTofu resource
|
||||||
connection: local
|
connection: local
|
||||||
block:
|
block:
|
||||||
- name: find terraform binary
|
- name: set TF resource facts
|
||||||
ansible.builtin.command:
|
|
||||||
cmd: bash -c 'command -v terraform || command -v tofu || echo /usr/local/bin/terraform'
|
|
||||||
register: located_tf_binary
|
|
||||||
when: terraform_binary_path is undefined
|
|
||||||
changed_when: false
|
|
||||||
|
|
||||||
- name: set terraform binary
|
|
||||||
ansible.builtin.set_fact:
|
ansible.builtin.set_fact:
|
||||||
terraform_binary_path: '{{ terraform_binary_path | default(located_tf_binary.stdout, true) }}'
|
k3s_tf_safe_item_name: "{{ item.name | regex_replace('[^\\w]', '') }}"
|
||||||
when: terraform_binary_path is undefined
|
k3s_tf_project_git_path: "{{ provisioner_facts.artifacts_dir }}/{{ item.name | regex_replace('[^\\w]', '') }}.git"
|
||||||
|
|
||||||
- name: create temp directory
|
- name: check pre-existing TF state file
|
||||||
ansible.builtin.tempfile:
|
ansible.builtin.file:
|
||||||
state: directory
|
path: "{{ provisioner_facts.k8s_states_dir }}/{{ k3s_tf_safe_item_name }}.tfstate"
|
||||||
register: tmp_file
|
register: tfstate_file_info
|
||||||
changed_when: false
|
changed_when: false
|
||||||
when: item.storage_dir is not defined
|
failed_when: false
|
||||||
|
|
||||||
- name: set target directory for git repository
|
|
||||||
ansible.builtin.set_fact:
|
|
||||||
git_clone_dir: '{{ item.storage_dir | default(tmp_file.path, true) }}'
|
|
||||||
|
|
||||||
- name: fetch git repository
|
- name: fetch git repository
|
||||||
ansible.builtin.git:
|
ansible.builtin.git:
|
||||||
repo: '{{ item.git_repository }}'
|
repo: '{{ item.git_repository }}'
|
||||||
dest: '{{ git_clone_dir }}'
|
dest: '{{ k3s_tf_project_git_path }}'
|
||||||
version: '{{ item.git_revision }}'
|
version: '{{ item.git_revision }}'
|
||||||
force: true
|
force: true
|
||||||
|
|
||||||
- name: prepare variables file
|
- name: prepare variables file
|
||||||
ansible.builtin.copy:
|
ansible.builtin.copy:
|
||||||
content: '{{ item.tfvars_content }}'
|
content: '{{ item.tfvars_content }}'
|
||||||
dest: '{{ git_clone_dir }}/{{ item.terraform_dir }}/terraform.tfvars'
|
dest: '{{ k3s_tf_project_git_path }}/{{ item.terraform_dir }}/terraform.tfvars'
|
||||||
mode: '0500'
|
mode: '0600'
|
||||||
force: true
|
force: true
|
||||||
|
|
||||||
- name: prepare tfstate file
|
- name: prepare tfstate file
|
||||||
ansible.builtin.copy:
|
ansible.builtin.copy:
|
||||||
src: '{{ item.tfstate_path }}'
|
src: '{{ provisioner_facts.k8s_states_dir }}/{{ k3s_tf_safe_item_name }}.tfstate'
|
||||||
dest: '{{ git_clone_dir }}/{{ item.terraform_dir }}/terraform.tfstate'
|
dest: '{{ k3s_tf_project_git_path }}/{{ item.terraform_dir }}/terraform.tfstate'
|
||||||
force: true
|
force: true
|
||||||
mode: '0600'
|
mode: '0600'
|
||||||
when: git_clone_dir not in item.tfstate_path
|
|
||||||
|
|
||||||
- name: deploy k8s resources
|
- name: deploy k8s resources
|
||||||
community.general.terraform:
|
community.general.terraform:
|
||||||
binary_path: "{{ terraform_binary_path }}"
|
binary_path: "{{ provisioner_facts.tofu_binary_path }}"
|
||||||
project_path: '{{ git_clone_dir }}/{{ item.terraform_dir}}'
|
project_path: '{{ k3s_tf_project_git_path }}/{{ item.terraform_dir }}'
|
||||||
provider_upgrade: true
|
provider_upgrade: true
|
||||||
force_init: true
|
force_init: true
|
||||||
|
|
||||||
- name: backup source stored state
|
- name: backup source state file
|
||||||
ansible.builtin.copy:
|
ansible.builtin.copy:
|
||||||
src: '{{ item.tfstate_path }}'
|
src: '{{ provisioner_facts.k8s_states_dir }}/{{ k3s_tf_safe_item_name }}.tfstate'
|
||||||
dest: '{{ item.tfstate_path }}.ansible.backup'
|
dest: '{{ provisioner_facts.k8s_states_dir }}/{{ k3s_tf_safe_item_name }}.tfstate.previous'
|
||||||
force: true
|
force: true
|
||||||
mode: '0600'
|
mode: '0600'
|
||||||
|
|
||||||
- name: update source tfstate file
|
- name: update source tfstate file
|
||||||
ansible.builtin.copy:
|
ansible.builtin.copy:
|
||||||
src: '{{ git_clone_dir }}/{{ item.terraform_dir}}/terraform.tfstate'
|
src: '{{ k3s_tf_project_git_path }}/{{ item.terraform_dir }}/terraform.tfstate'
|
||||||
dest: '{{ item.tfstate_path }}'
|
dest: '{{ provisioner_facts.k8s_states_dir }}/{{ k3s_tf_safe_item_name }}.tfstate'
|
||||||
force: true
|
force: true
|
||||||
mode: '0600'
|
mode: '0600'
|
||||||
when: git_clone_dir not in item.tfstate_path
|
|
||||||
|
|
||||||
- name: cleanup
|
|
||||||
ansible.builtin.file:
|
|
||||||
path: '{{ tmp_file.path }}'
|
|
||||||
state: absent
|
|
||||||
when: item.storage_dir is not defined
|
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,5 @@
|
||||||
---
|
---
|
||||||
# TODO: disable swap
|
# TODO: disable swap
|
||||||
|
|
||||||
- name: setup firewall rules
|
- name: setup firewall rules
|
||||||
become: true
|
become: true
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
|
|
@ -18,11 +17,11 @@
|
||||||
connection: local
|
connection: local
|
||||||
ansible.builtin.command:
|
ansible.builtin.command:
|
||||||
argv:
|
argv:
|
||||||
- "{{ k3sup_binary }}"
|
- "{{ provisioner_facts.k3sup_binary_path }}"
|
||||||
- install
|
- install
|
||||||
- "--merge"
|
- "--merge"
|
||||||
- "--local-path"
|
- "--local-path"
|
||||||
- "{{ kubeconfig_repository }}/{{ k3s_cluster_name }}.kubeconfig"
|
- "{{ provisioner_facts.kubeconfig_repository }}/{{ k3s_cluster_name }}.kubeconfig"
|
||||||
- "--context"
|
- "--context"
|
||||||
- "{{ k3s_kube_context }}"
|
- "{{ k3s_kube_context }}"
|
||||||
- "--k3s-extra-args"
|
- "--k3s-extra-args"
|
||||||
|
|
|
||||||
|
|
@ -28,8 +28,6 @@ k3s_cluster_additional_tf_resources:
|
||||||
git_revision: 0.0.5
|
git_revision: 0.0.5
|
||||||
terraform_dir: 'terraform'
|
terraform_dir: 'terraform'
|
||||||
tfvars_content: '{{ vault_invoice_ninja_tfvars }}'
|
tfvars_content: '{{ vault_invoice_ninja_tfvars }}'
|
||||||
tfstate_path: '{{ vault_invoice_ninja_tfstate_path }}'
|
|
||||||
# storage_dir:
|
|
||||||
|
|
||||||
hc_vault_server_tls_cert_data: '{{ vault_hc_vault_server_tls_cert_data }}'
|
hc_vault_server_tls_cert_data: '{{ vault_hc_vault_server_tls_cert_data }}'
|
||||||
hc_vault_server_tls_key_data: '{{ vault_hc_vault_server_tls_key_data }}'
|
hc_vault_server_tls_key_data: '{{ vault_hc_vault_server_tls_key_data }}'
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue