From 2baecbbf5cebda4519d4c2fe3668faccf3250108 Mon Sep 17 00:00:00 2001
From: thweber <thomas.weber@wu.ac.at>
Date: Mon, 5 Sep 2022 14:32:04 +0200
Subject: [PATCH] cleanup handlers, add wait condition for k8s-api
---
roles/create_infrastructure/defaults/main.yml | 21 ----
.../create_infrastructure/tasks/inventory.yml | 60 ----------
roles/create_infrastructure/tasks/keypair.yml | 23 ----
.../tasks/lb_members.yml | 79 -------------
.../tasks/loadbalancer.yml | 13 ---
roles/create_infrastructure/tasks/main.yml | 88 --------------
roles/create_infrastructure/tasks/network.yml | 38 ------
.../tasks/security_groups.yml | 44 -------
roles/create_infrastructure/tasks/vm.yml | 110 ------------------
.../templates/agents.yml.j2 | 6 -
.../templates/all.yml.j2 | 9 --
.../create_infrastructure/templates/hosts.j2 | 16 ---
.../templates/master.yml.j2 | 6 -
.../templates/servers.yml.j2 | 6 -
roles/rke2/handlers/main.yml | 13 +--
.../{registries.yml => config_registries.yml} | 0
roles/rke2/tasks/config_rke2.yml | 10 +-
roles/rke2/tasks/kubeconfig.yml | 68 -----------
roles/rke2/tasks/main.yml | 33 ++++--
roles/rke2/tasks/save_kubeconfig.yml | 31 +++++
20 files changed, 58 insertions(+), 616 deletions(-)
delete mode 100644 roles/create_infrastructure/defaults/main.yml
delete mode 100644 roles/create_infrastructure/tasks/inventory.yml
delete mode 100644 roles/create_infrastructure/tasks/keypair.yml
delete mode 100644 roles/create_infrastructure/tasks/lb_members.yml
delete mode 100644 roles/create_infrastructure/tasks/loadbalancer.yml
delete mode 100644 roles/create_infrastructure/tasks/main.yml
delete mode 100644 roles/create_infrastructure/tasks/network.yml
delete mode 100644 roles/create_infrastructure/tasks/security_groups.yml
delete mode 100644 roles/create_infrastructure/tasks/vm.yml
delete mode 100644 roles/create_infrastructure/templates/agents.yml.j2
delete mode 100644 roles/create_infrastructure/templates/all.yml.j2
delete mode 100644 roles/create_infrastructure/templates/hosts.j2
delete mode 100644 roles/create_infrastructure/templates/master.yml.j2
delete mode 100644 roles/create_infrastructure/templates/servers.yml.j2
rename roles/rke2/tasks/{registries.yml => config_registries.yml} (100%)
delete mode 100644 roles/rke2/tasks/kubeconfig.yml
create mode 100644 roles/rke2/tasks/save_kubeconfig.yml
diff --git a/roles/create_infrastructure/defaults/main.yml b/roles/create_infrastructure/defaults/main.yml
deleted file mode 100644
index 88d20f7..0000000
--- a/roles/create_infrastructure/defaults/main.yml
+++ /dev/null
@@ -1,21 +0,0 @@
-ssh_key_name: "rke2-{{ cluster_name }}-ssh-key"
-ssh_key_file: "{{ ssh_key_name }}.pem"
-network_name: "rke2-{{ cluster_name }}"
-subnet_name: "rke2-{{ cluster_name }}"
-cidr: 10.0.0.0/24
-router_name: "rke2-{{ cluster_name }}"
-
-server_volume_size: 50
-agent_volume_size: 100
-server_flavor: m1a.large
-agent_flavor: m1a.xlarge
-image: 1fe615f0-9dad-447d-bf54-9071defafb77
-
-server_count: 3
-agent_count: 3
-
-loadbalancer_name: "rke2_{{ cluster_name }}"
-security_group: "rke2_{{ cluster_name }}"
-state: present
-
-ssh_keys_dir: ssh_keys
\ No newline at end of file
diff --git a/roles/create_infrastructure/tasks/inventory.yml b/roles/create_infrastructure/tasks/inventory.yml
deleted file mode 100644
index c50e818..0000000
--- a/roles/create_infrastructure/tasks/inventory.yml
+++ /dev/null
@@ -1,60 +0,0 @@
-- block:
- # - pause:
- # seconds: 5
-
- - openstack.cloud.server_info:
- auth: "{{ openstack_auth }}"
- auth_type: "{{ openstack_auth_type }}"
- server: "rke2-{{ cluster_name }}-server-{{ item }}"
- loop: "{{ range(1, agent_count, 1) | list }}"
- register: servers_result
-
- - openstack.cloud.server_info:
- auth: "{{ openstack_auth }}"
- auth_type: "{{ openstack_auth_type }}"
- server: "rke2-{{ cluster_name }}-agent-{{ item }}"
- loop: "{{ range(0, agent_count, 1) | list }}"
- register: agents_result
-
- - set_fact:
- agents: "{{ agents_result.results | community.general.json_query('[].openstack_servers[].{name: name, private_v4: private_v4}') }}"
- servers: "{{ servers_result.results | community.general.json_query('[].openstack_servers[].{name: name, private_v4: private_v4}') }}"
-
- when: agents | length > 0 and agents[0].private_v4 == '' or servers | length > 1 and servers[0].private_v4 == ''
-
-
-- name: update inventory in project
- template:
- src: hosts.j2
- dest: hosts
-
-- name: create inventory folders
- file:
- path: "{{ item }}"
- state: directory
- loop:
- - group_vars
- - group_vars/all
- - group_vars/master
- - group_vars/servers
- - group_vars/agents
-
-- name: update all inventory
- template:
- src: all.yml.j2
- dest: group_vars/all/infrastructure.yml
-
-- name: update master inventory
- template:
- src: master.yml.j2
- dest: group_vars/master/infrastructure.yml
-
-- name: update servers inventory
- template:
- src: servers.yml.j2
- dest: group_vars/servers/infrastructure.yml
-
-- name: update agents inventory
- template:
- src: agents.yml.j2
- dest: group_vars/agents/infrastructure.yml
diff --git a/roles/create_infrastructure/tasks/keypair.yml b/roles/create_infrastructure/tasks/keypair.yml
deleted file mode 100644
index 933d7b3..0000000
--- a/roles/create_infrastructure/tasks/keypair.yml
+++ /dev/null
@@ -1,23 +0,0 @@
-- name: ssh key pair
- openstack.cloud.keypair:
- auth: "{{ openstack_auth }}"
- auth_type: "{{ openstack_auth_type }}"
- name: "{{ ssh_key_name }}"
- state: "{{ state }}"
- register: ssh_key
-
-# - debug:
-# var: ssh_key
-
-
-- name: create inventory folders
- file:
- path: "{{ ssh_keys_dir }}"
- state: directory
-
-- name: store private key locally
- copy:
- dest: "{{ ssh_keys_dir }}/{{ ssh_key_name }}.pem"
- content: "{{ ssh_key.key.private_key }}"
- mode: "0600"
- when: state == 'present' and ssh_key.key.private_key != none
\ No newline at end of file
diff --git a/roles/create_infrastructure/tasks/lb_members.yml b/roles/create_infrastructure/tasks/lb_members.yml
deleted file mode 100644
index 595ffcc..0000000
--- a/roles/create_infrastructure/tasks/lb_members.yml
+++ /dev/null
@@ -1,79 +0,0 @@
-- name: wait for loadbalancer
- async_status:
- jid: "{{ _create_loadbalancer.ansible_job_id }}"
- register: loadbalancer_result
- until: loadbalancer_result.finished
- delay: 1
- retries: 600
-
-- name: store loadbalancer ip
- set_fact:
- new_loadbalancer_ip: "{{ loadbalancer_result.loadbalancer.public_vip_address | default(loadbalancer_ip) }}"
-
-- name: add listener
- openstack.cloud.lb_listener:
- auth: "{{ openstack_auth }}"
- auth_type: "{{ openstack_auth_type }}"
- name: "{{ loadbalancer_name }}-listener-{{ item }}"
- loadbalancer: "{{ loadbalancer_name }}"
- protocol: TCP
- protocol_port: "{{ item }}"
- state: "{{ state }}"
- loop:
- - 6443
- - 9345
- - 80
- - 443
-
-- name: add pool
- openstack.cloud.lb_pool:
- auth: "{{ openstack_auth }}"
- auth_type: "{{ openstack_auth_type }}"
- name: "{{ loadbalancer_name }}-pool-{{ item }}"
- listener: "{{ loadbalancer_name }}-listener-{{ item }}"
- protocol: TCP
- lb_algorithm: ROUND_ROBIN
- state: "{{ state }}"
- loop:
- - 6443
- - 9345
- - 80
- - 443
-
-- name: add health monitor
- openstack.cloud.lb_health_monitor:
- auth: "{{ openstack_auth }}"
- auth_type: "{{ openstack_auth_type }}"
- pool: "{{ loadbalancer_name }}-pool-{{ item }}"
- name: "{{ loadbalancer_name }}-pool-{{ item }}-healthmonitor"
- delay: '20'
- max_retries: '5'
- max_retries_down: '5'
- resp_timeout: '10'
- type: TCP
- loop:
- - 6443
- - 9345
- - 80
- - 443
-
-
-- set_fact:
- pool_members:
- - { pool: 6443, port: 6443, vm: "{{ servers + [ master ] }}" }
- - { pool: 9345, port: 9345, vm: "{{ servers + [ master ] }}" }
- - { pool: 80, port: 80, vm: "{{ agents }}" }
- - { pool: 443, port: 443, vm: "{{ agents }}" }
-
-- name: add members
- openstack.cloud.lb_member:
- auth: "{{ openstack_auth }}"
- auth_type: "{{ openstack_auth_type }}"
- name: "{{ loadbalancer_name }}-pool-{{ item.0.pool }}-{{ item.1.name }}"
- pool: "{{ loadbalancer_name }}-pool-{{ item.0.pool }}"
- address: "{{ item.1.private_v4 }}"
- protocol_port: "{{ item.0.port }}"
- with_subelements:
- - "{{ pool_members }}"
- - vm
-
diff --git a/roles/create_infrastructure/tasks/loadbalancer.yml b/roles/create_infrastructure/tasks/loadbalancer.yml
deleted file mode 100644
index f1a17f1..0000000
--- a/roles/create_infrastructure/tasks/loadbalancer.yml
+++ /dev/null
@@ -1,13 +0,0 @@
-- name: loadbalancer
- openstack.cloud.loadbalancer:
- auth: "{{ openstack_auth }}"
- auth_type: "{{ openstack_auth_type }}"
- name: "{{ loadbalancer_name }}"
- vip_subnet: "{{ subnet_name }}"
- auto_public_ip: yes
- public_network: public
- state: "{{ state }}"
- register: _create_loadbalancer
- async: 600
- poll: 0
-
diff --git a/roles/create_infrastructure/tasks/main.yml b/roles/create_infrastructure/tasks/main.yml
deleted file mode 100644
index 8416c7b..0000000
--- a/roles/create_infrastructure/tasks/main.yml
+++ /dev/null
@@ -1,88 +0,0 @@
-- block:
- - name: network
- include_tasks: network.yml
- args:
- apply:
- tags:
- - network
- tags:
- - network
-
- - name: loadbalancer
- include_tasks: loadbalancer.yml
- args:
- apply:
- tags:
- - loadbalancer
- tags:
- - loadbalancer
-
- - name: security groups
- include_tasks: security_groups.yml
- args:
- apply:
- tags:
- - security_groups
- tags:
- - security_groups
-
- - name: keypair
- include_tasks: keypair.yml
- args:
- apply:
- tags:
- - keypair
- tags:
- - keypair
-
- - name: vm
- include_tasks: vm.yml
- args:
- apply:
- tags:
- - vm
- tags:
- - vm
-
- - name: lb elements
- include_tasks: lb_members.yml
- args:
- apply:
- tags:
- - loadbalancer
- tags:
- - loadbalancer
-
- - name: inventory
- include_tasks: inventory.yml
-
- when: state == 'present'
-
-- block:
- - name: loadbalancer
- include_tasks: loadbalancer.yml
-
- - name: vm
- include_tasks: vm.yml
-
- - name: security groups
- include_tasks: security_groups.yml
-
- - name: network
- include_tasks: network.yml
- args:
- apply:
- tags:
- - network
- tags:
- - network
-
- - name: delete inventory
- file:
- path: "{{ item }}"
- state: absent
- loop:
- - group_vars
- - hosts
-
- when: state == 'absent'
\ No newline at end of file
diff --git a/roles/create_infrastructure/tasks/network.yml b/roles/create_infrastructure/tasks/network.yml
deleted file mode 100644
index 6c0597e..0000000
--- a/roles/create_infrastructure/tasks/network.yml
+++ /dev/null
@@ -1,38 +0,0 @@
-- name: delete router
- openstack.cloud.router:
- auth: "{{ openstack_auth }}"
- auth_type: "{{ openstack_auth_type }}"
- name: "{{ router_name }}"
- state: "{{ state }}"
- when: state == 'absent'
-
-- name: network
- openstack.cloud.network:
- auth: "{{ openstack_auth }}"
- auth_type: "{{ openstack_auth_type }}"
- name: "{{ network_name }}"
- state: "{{ state }}"
-
-- name: subnet
- openstack.cloud.subnet:
- auth: "{{ openstack_auth }}"
- auth_type: "{{ openstack_auth_type }}"
- network_name: "{{ network_name }}"
- name: "{{ subnet_name }}"
- cidr: "{{ cidr }}"
- state: "{{ state }}"
- register: subnet_result
-
-- set_fact:
- new_subnet_id: "{{ subnet_result.subnet.id }}"
- when: state == 'present'
-
-- name: router
- openstack.cloud.router:
- auth: "{{ openstack_auth }}"
- auth_type: "{{ openstack_auth_type }}"
- name: "{{ router_name }}"
- network: public
- interfaces:
- - "{{ network_name }}"
- when: state == 'present'
diff --git a/roles/create_infrastructure/tasks/security_groups.yml b/roles/create_infrastructure/tasks/security_groups.yml
deleted file mode 100644
index 76c9ec0..0000000
--- a/roles/create_infrastructure/tasks/security_groups.yml
+++ /dev/null
@@ -1,44 +0,0 @@
-- name: security group
- openstack.cloud.security_group:
- auth: "{{ openstack_auth }}"
- auth_type: "{{ openstack_auth_type }}"
- name: "{{ security_group }}"
- state: "{{ state }}"
- register: _create_security_group
- async: 600
- poll: 0
-
-- name: wait for security group
- async_status:
- jid: "{{ _create_security_group.ansible_job_id }}"
- register: security_group_result
- until: security_group_result.finished
- delay: 1
- retries: 600
-
-- name: rules
- openstack.cloud.security_group_rule:
- auth: "{{ openstack_auth }}"
- auth_type: "{{ openstack_auth_type }}"
- security_group: "{{ security_group }}"
- protocol: "{{ item.protocol }}"
- port_range_min: "{{ item.min }}"
- port_range_max: "{{ item.max }}"
- remote_ip_prefix: "{{ item.cidr }}"
- state: "{{ state }}"
- loop:
- - { protocol: TCP, min: 2379, max: 2380, cidr: "{{ cidr }}" } # etcd
- - { protocol: TCP, min: 6443, max: 6443, cidr: "{{ cidr }}" } # Kubernetes API
- - { protocol: TCP, min: 80, max: 80, cidr: "{{ cidr }}" } # Ingress HTTP
- - { protocol: TCP, min: 443, max: 80, cidr: "{{ cidr }}" } # Ingress HTTPS
- - { protocol: TCP, min: 8443, max: 8443, cidr: "{{ cidr }}" } # Ingress Webhook
- - { protocol: TCP, min: 9345, max: 9345, cidr: "{{ cidr }}" } # RKE2 API
- - { protocol: TCP, min: 10250, max: 10250, cidr: "{{ cidr }}" } # kubelet metrics
- - { protocol: TCP, min: 30000, max: 32767, cidr: "{{ cidr }}" } # NodePort port range
- - { protocol: UDP, min: 8472, max: 8472, cidr: "{{ cidr }}" } # flannel
- - { protocol: TCP, min: 4240, max: 4240, cidr: "{{ cidr }}" } # cni-health
- - { protocol: TCP, min: 22, max: 22, cidr: "0.0.0.0/0" } # SSH
- #ignore_errors: yes
- async: 600
- poll: 0
- when: state == 'present'
\ No newline at end of file
diff --git a/roles/create_infrastructure/tasks/vm.yml b/roles/create_infrastructure/tasks/vm.yml
deleted file mode 100644
index 5d957f1..0000000
--- a/roles/create_infrastructure/tasks/vm.yml
+++ /dev/null
@@ -1,110 +0,0 @@
-- name: master VM
- openstack.cloud.server:
- auth: "{{ openstack_auth }}"
- auth_type: "{{ openstack_auth_type }}"
- name: "rke2-{{ cluster_name }}-master"
- boot_from_volume: yes
- terminate_volume: yes
- volume_size: "{{ server_volume_size }}"
- network: "{{ network_name }}"
- key_name: "{{ ssh_key_name }}"
- flavor: "{{ server_flavor }}"
- image: "{{ image }}"
- security_groups:
- - "{{ security_group }}"
- delete_fip: yes
- floating_ip_pools:
- - public
- state: "{{ state }}"
- userdata: |-
- #cloud-config
- package_update: true
- package_upgrade: true
- register: _create_master
- async: 600
- poll: 0
-
-- name: server VMs
- openstack.cloud.server:
- auth: "{{ openstack_auth }}"
- auth_type: "{{ openstack_auth_type }}"
- name: "rke2-{{ cluster_name }}-server-{{ item }}"
- boot_from_volume: yes
- terminate_volume: yes
- volume_size: "{{ server_volume_size }}"
- network: "{{ network_name }}"
- key_name: "{{ ssh_key_name }}"
- flavor: "{{ server_flavor }}"
- image: "{{ image }}"
- security_groups:
- - "{{ security_group }}"
- auto_ip: no
- state: "{{ state }}"
- userdata: |-
- #cloud-config
- package_update: true
- package_upgrade: true
- loop: "{{ range(1, server_count, 1) | list }}"
- register: _create_servers
- async: 600
- poll: 0
-
-- name: agent VM
- openstack.cloud.server:
- auth: "{{ openstack_auth }}"
- auth_type: "{{ openstack_auth_type }}"
- name: "rke2-{{ cluster_name }}-agent-{{ item }}"
- boot_from_volume: yes
- terminate_volume: yes
- volume_size: "{{ agent_volume_size }}"
- network: "{{ network_name }}"
- key_name: "{{ ssh_key_name }}"
- flavor: "{{ agent_flavor }}"
- image: "{{ image }}"
- security_groups:
- - "{{ security_group }}"
- auto_ip: no
- state: "{{ state }}"
- userdata: |-
- #cloud-config
- package_update: true
- package_upgrade: true
- loop: "{{ range(0, agent_count, 1) | list }}"
- register: _create_agents
- async: 600
- poll: 0
-
-- name: wait for master vm
- async_status:
- jid: "{{ _create_master.ansible_job_id }}"
- register: master_result
- until: master_result.finished
- delay: 1
- retries: 600
-
-- block:
- - name: wait for server vms
- async_status:
- jid: "{{ item.ansible_job_id }}"
- register: servers_result
- until: servers_result.finished
- delay: 1
- retries: 600
- loop: "{{ _create_servers.results }}"
-
-- block:
- - name: wait for agents vm
- async_status:
- jid: "{{ item.ansible_job_id }}"
- register: agents_result
- until: agents_result.finished
- delay: 1
- retries: 600
- loop: "{{ _create_agents.results }}"
-
-- set_fact:
- master: "{{ master_result | community.general.json_query('server.{name: name, private_v4: private_v4, public_v4: public_v4}') }}"
- servers: "{{ servers_result.results | community.general.json_query('[].server.{name: name, private_v4: private_v4}') }}"
- agents: "{{ agents_result.results | community.general.json_query('[].server.{name: name, private_v4: private_v4}') }}"
- new_master_floating_ip: "{{ master_result.server.public_v4 }}"
- when: state == 'present'
\ No newline at end of file
diff --git a/roles/create_infrastructure/templates/agents.yml.j2 b/roles/create_infrastructure/templates/agents.yml.j2
deleted file mode 100644
index ab719f0..0000000
--- a/roles/create_infrastructure/templates/agents.yml.j2
+++ /dev/null
@@ -1,6 +0,0 @@
-{% raw %}
-ansible_user: "ubuntu"
-ansible_ssh_private_key_file: "{{ ssh_key_file }}"
-ansible_ssh_common_args: "-o ProxyCommand='ssh -q ubuntu@{{ master_floating_ip }} -o StrictHostKeyChecking=no -i {{ ssh_key_file }} -W %h:%p' -o StrictHostKeyChecking=no"
-node_type: agent
-{% endraw %}
\ No newline at end of file
diff --git a/roles/create_infrastructure/templates/all.yml.j2 b/roles/create_infrastructure/templates/all.yml.j2
deleted file mode 100644
index 836b6a8..0000000
--- a/roles/create_infrastructure/templates/all.yml.j2
+++ /dev/null
@@ -1,9 +0,0 @@
-loadbalancer_ip: {{ new_loadbalancer_ip }}
-
-master_floating_ip: {{ new_master_floating_ip }}
-
-{% if new_subnet_id is defined %}
-subnet_id: {{ new_subnet_id }}
-{% endif %}
-
-ssh_key_file: {{ ssh_keys_dir }}/{{ ssh_key_file }}
\ No newline at end of file
diff --git a/roles/create_infrastructure/templates/hosts.j2 b/roles/create_infrastructure/templates/hosts.j2
deleted file mode 100644
index a687156..0000000
--- a/roles/create_infrastructure/templates/hosts.j2
+++ /dev/null
@@ -1,16 +0,0 @@
-[master]
-{{ master.name }} ansible_host="{{ master.public_v4 }}"
-
-[servers]
-{% if servers is defined and servers | length > 0 %}
-{% for server in servers %}
-{{ server.name }} ansible_host="{{ server.private_v4 }}"
-{% endfor %}
-{% endif %}
-
-[agents]
-{% if agents is defined and agents | length > 0 %}
-{% for agent in agents %}
-{{ agent.name }} ansible_host="{{ agent.private_v4 }}"
-{% endfor %}
-{% endif %}
\ No newline at end of file
diff --git a/roles/create_infrastructure/templates/master.yml.j2 b/roles/create_infrastructure/templates/master.yml.j2
deleted file mode 100644
index 39c75b6..0000000
--- a/roles/create_infrastructure/templates/master.yml.j2
+++ /dev/null
@@ -1,6 +0,0 @@
-{% raw %}
-ansible_user: "ubuntu"
-ansible_ssh_private_key_file: "{{ ssh_key_file }}"
-ansible_ssh_common_args: "-o StrictHostKeyChecking=no"
-node_type: server
-{% endraw %}
\ No newline at end of file
diff --git a/roles/create_infrastructure/templates/servers.yml.j2 b/roles/create_infrastructure/templates/servers.yml.j2
deleted file mode 100644
index 562da52..0000000
--- a/roles/create_infrastructure/templates/servers.yml.j2
+++ /dev/null
@@ -1,6 +0,0 @@
-{% raw %}
-ansible_user: "ubuntu"
-ansible_ssh_private_key_file: "{{ ssh_key_file }}"
-ansible_ssh_common_args: "-o ProxyCommand='ssh -q ubuntu@{{ master_floating_ip }} -o StrictHostKeyChecking=no -i {{ ssh_key_file }} -W %h:%p' -o StrictHostKeyChecking=no"
-node_type: server
-{% endraw %}
\ No newline at end of file
diff --git a/roles/rke2/handlers/main.yml b/roles/rke2/handlers/main.yml
index 8dc0e2f..9eda227 100644
--- a/roles/rke2/handlers/main.yml
+++ b/roles/rke2/handlers/main.yml
@@ -14,8 +14,6 @@
enabled: yes
state: restarted
daemon_reload: yes
- ignore_errors: True
- when: upgrade
- name: reload rke2
ansible.builtin.systemd:
@@ -23,13 +21,4 @@
masked: no
enabled: yes
state: reloaded
- daemon_reload: yes
-
-- name: wait for RANCHER to come up
- uri:
- url: "http://{{ rancher_ui_dns }}"
- status_code: [200, 404]
- register: result
- until: result.status == 200 or result.status == 404
- retries: 100 # retry X times
- delay: 30 # pause for X sec b/w each call
\ No newline at end of file
+ daemon_reload: yes
\ No newline at end of file
diff --git a/roles/rke2/tasks/registries.yml b/roles/rke2/tasks/config_registries.yml
similarity index 100%
rename from roles/rke2/tasks/registries.yml
rename to roles/rke2/tasks/config_registries.yml
diff --git a/roles/rke2/tasks/config_rke2.yml b/roles/rke2/tasks/config_rke2.yml
index b418917..9861b0e 100644
--- a/roles/rke2/tasks/config_rke2.yml
+++ b/roles/rke2/tasks/config_rke2.yml
@@ -30,15 +30,9 @@
- name: read token
include_vars: group_vars/all/token.yml
-- name: rke2 config
+- name: copy rke2 config
template:
src: config.yaml.j2
dest: /etc/rancher/rke2/config.yaml
notify:
- - restart rke2
-
-- name: enable rke2
- ansible.builtin.systemd:
- name: "rke2-{{ node_type }}"
- enabled: yes
- masked: no
+ - start rke2
\ No newline at end of file
diff --git a/roles/rke2/tasks/kubeconfig.yml b/roles/rke2/tasks/kubeconfig.yml
deleted file mode 100644
index 2d19b94..0000000
--- a/roles/rke2/tasks/kubeconfig.yml
+++ /dev/null
@@ -1,68 +0,0 @@
-
-- name: start rke2 on master
- ansible.builtin.systemd:
- name: "rke2-{{ node_type }}"
- enabled: yes
- masked: no
- state: started
- daemon_reload: yes
- ignore_errors: True
- when: ( 'master' in group_names )
-# notify:
-# - wait for RANCHER to come up
-- name: start rke2 on the servers
- ansible.builtin.systemd:
- name: "rke2-{{ node_type }}"
- enabled: yes
- masked: no
- state: started
- daemon_reload: yes
- ignore_errors: True
-# when: ( 'servers' in group_names )
-
-- name: start rke2 everywhere
- ansible.builtin.systemd:
- name: "rke2-{{ node_type }}"
- enabled: yes
- masked: no
- state: started
- daemon_reload: yes
- ignore_errors: True
-
-- name: wait for kubeconfig
- wait_for:
- path: /etc/rancher/rke2/rke2.yaml
- when: ( 'master' in group_names )
-
-- name: fetch kubeconfig from master
- ansible.builtin.fetch:
- src: /etc/rancher/rke2/rke2.yaml
- dest: kubeconfig.yaml
- flat: yes
- when: ( 'master' in group_names )
-
-- name: replace endpoint in kubeconfig NEW
- delegate_to: localhost
- become: false
- ansible.builtin.replace:
- path: kubeconfig.yaml
- regexp: '^(\s+server: ).*'
- replace: '\1https://{{ lb_ip_mgmt }}:6443'
- when: ( 'master' in group_names )
-
-- name: fetch kubeconfig from master and copy it
- ansible.builtin.fetch:
- src: /etc/rancher/rke2/rke2.yaml
- dest: kubeconfigext.yaml
- flat: yes
- when: ( 'master' in group_names )
-
-
-- name: replace endpoint in external kubeconfig
- delegate_to: localhost
- become: false
- ansible.builtin.replace:
- path: kubeconfigext.yaml
- regexp: '^(\s+server: ).*'
- replace: '\1https://rancher.{{ domain }}:6443'
- when: ( 'master' in group_names )
\ No newline at end of file
diff --git a/roles/rke2/tasks/main.yml b/roles/rke2/tasks/main.yml
index 873af86..d94fdce 100644
--- a/roles/rke2/tasks/main.yml
+++ b/roles/rke2/tasks/main.yml
@@ -9,22 +9,37 @@
when: ( not rke2_installed.stat.exists and state != 'absent' ) or (upgrade and state != 'absent' )
- include_tasks: templates.yml
- when: "state != 'absent' and 'master' in group_names "
+ when: state != 'absent' and 'master' in group_names
- block:
- - include_tasks: registries.yml
+ - include_tasks: config_registries.yml
- include_tasks: config_rke2.yml
- when: state != 'absent'
-
-- include_tasks: kubeconfig.yml
- when: state != 'absent' #and 'master' in group_names
+ when: state != 'absent'
+- include_tasks: save_kubeconfig.yml
+ when: state != 'absent' and 'master' in group_names
+- include_tasks: rotate_encryption.yml
+ when: state != 'absent' and 'control-plane' in group_names and rotate
- name: uninstall rke2
command: rke2-uninstall.sh
when: rke2_installed.stat.exists and state == 'absent'
-
-- include_tasks: rotate_encryption.yml
- when: state != 'absent' and 'control-plane' in group_names and rotate
+- name: Flush handlers
+ meta: flush_handlers
+
+- name: wait for k8s to come up till 401 unauthorized
+ delegate_to: localhost
+ uri:
+ url: "https://{{ LB_IP_MGMT }}:6443"
+ status_code: [401]
+ register: result
+ until: result.status == 401
+ retries: 10 # retry X times
+ delay: 10 # pause for X sec b/w each call
+
+- name: add secrets for CCM
+ ansible.builtin.debug:
+ var: result
+ verbosity: 2
\ No newline at end of file
diff --git a/roles/rke2/tasks/save_kubeconfig.yml b/roles/rke2/tasks/save_kubeconfig.yml
new file mode 100644
index 0000000..2ed2ff7
--- /dev/null
+++ b/roles/rke2/tasks/save_kubeconfig.yml
@@ -0,0 +1,31 @@
+- name: wait for kubeconfig
+ wait_for:
+ path: /etc/rancher/rke2/rke2.yaml
+
+- name: fetch kubeconfig from master
+ ansible.builtin.fetch:
+ src: /etc/rancher/rke2/rke2.yaml
+ dest: kubeconfig.yaml
+ flat: yes
+
+- name: replace endpoint in kubeconfig NEW
+ delegate_to: localhost
+ become: false
+ ansible.builtin.replace:
+ path: kubeconfig.yaml
+ regexp: '^(\s+server: ).*'
+ replace: '\1https://{{ lb_ip_mgmt }}:6443'
+
+- name: fetch kubeconfig from master and copy it
+ ansible.builtin.fetch:
+ src: /etc/rancher/rke2/rke2.yaml
+ dest: kubeconfigext.yaml
+ flat: yes
+
+- name: replace endpoint in external kubeconfig
+ delegate_to: localhost
+ become: false
+ ansible.builtin.replace:
+ path: kubeconfigext.yaml
+ regexp: '^(\s+server: ).*'
+ replace: '\1https://rancher.{{ domain }}'
\ No newline at end of file
--
GitLab