WoodSmellParticle/ansible-infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
ansible-infra/ansible_collections/nullified/infrastructure/roles/k3s/tasks/main.yml

55 lines
2.4 KiB
YAML
Raw Blame History

---
- name: group by cluster name
ansible.builtin.group_by:
key: "k3s_clusters_{{ k3s_cluster_name }}_{{ k3s_cluster_role }}"
changed_when: false
- name: determine cluster type and members
ansible.builtin.set_fact:
k3s_cluster_type: "{{ 'ha' if groups['k3s_clusters_' ~ k3s_cluster_name ~ '_' ~ k3s_cluster_role] | length > 1 else 'single' }}"
k3s_cluster_servers: "{{ groups['k3s_clusters_' ~ k3s_cluster_name ~ '_server'] }}"
k3s_cluster_agents: "{{ groups['k3s_clusters_' ~ k3s_cluster_name ~ '_agent'] | default([]) }}"
k3s_nft_servers4: "{{ groups['k3s_clusters_' ~ k3s_cluster_name ~ '_server'] | default([]) | map('extract', hostvars, ['k3s_cluster_ip']) | ansible.utils.ipv4 }}"
k3s_nft_agents4: "{{ groups['k3s_clusters_' ~ k3s_cluster_name ~ '_agent'] | default([]) | map('extract', hostvars, ['k3s_cluster_ip']) | ansible.utils.ipv4 }}"
k3s_nft_servers6: "{{ groups['k3s_clusters_' ~ k3s_cluster_name ~ '_server'] | default([]) | map('extract', hostvars, ['k3s_cluster_ip']) | ansible.utils.ipv6 }}"
k3s_nft_agents6: "{{ groups['k3s_clusters_' ~ k3s_cluster_name ~ '_agent'] | default([]) | map('extract', hostvars, ['k3s_cluster_ip']) | ansible.utils.ipv6 }}"
k3s_nft_operators4: "{{ k3s_operator_ips | ansible.utils.ipv4 }}"
k3s_nft_operators6: "{{ k3s_operator_ips | ansible.utils.ipv6 }}"
changed_when: false
- name: setup permissions
become: true
block:
- name: install sudo
ansible.builtin.apt:
update_cache: true
force_apt_get: true
cache_valid_time: 3600
pkg: [ sudo ]
state: present
- name: add operator to sudoers
ansible.builtin.lineinfile:
backup: true
path: /etc/sudoers
regexp: "^{{ k3s_operator_username }}\b.+$"
line: "{{ k3s_operator_username }} ALL=(ALL) NOPASSWD: ALL"
state: present
register: backup_sudoers
changed_when: false
- name: setup server role
ansible.builtin.include_tasks: server.yml
tags: [helm, opentofu]
when: k3s_cluster_role is match("server")
- name: setup agent role
ansible.builtin.include_tasks: agent.yml
tags: [helm, opentofu]
when: k3s_cluster_role is match("agent")
- name: reset permissions
become: true
ansible.builtin.command:
cmd: "mv {{ backup_sudoers.backup }} /etc/sudoers"
removes: "{{ backup_sudoers.backup }}"
when: backup_sudoers.backup
changed_when: false
Reference in a new issue View git blame Copy permalink