initial commit

.gitignore

@@ -0,0 +1,13 @@
+.DS_Store
+*retry
+.vagrant
+~*
+*rsa
+*rsa.pub
+osrc*
+.vaultpass
+work
+oneview_config.json
+*.code-workspace
+hosts.yml
+credentials

README.md

@@ -0,0 +1,124 @@
+# K3S Tools
+
+K3S is a certified Lightweight Kubernetes distro from Rancher that is focused on:
+* Edge
+* IoT
+* CI
+* ARM
+
+see https://k3s.io/
+
+## Tools
+
+Ansible roles for k3s_masters, k3s_workers
+
+## Usage
+
+### Deploy physical or virtual hosts with Ubuntu or CentOS.
+
+Tested:
+* Ubuntu 18.04 LTS
+* CentOS 7.7
+
+### Modify hosts file for local environment
+
+[hosts-example.yml example](hosts-example.yml)
+
+Take care to specify hosts for the different roles.  
+*At this point, only a single master is supported, although you can include multiple masters in the list*
+*Only the first host in the k3s_masters group will be included in the cluster*
+
+### Run k3s-site.yml
+
+```
+$ ansible-playbook k3s-site.yml
+```
+
+### Note you will see output from k3s installer for the master and workers
+
+#### Master sample output
+
+```
+TASK [k3s-master : install k3s on master without agent] ******************************************************************************************************************
+changed: [node-19]
+
+TASK [k3s-master : results of installation] ******************************************************************************************************************************
+ok: [node-19] => {
+    "master_install_result.stdout_lines": [
+        "[INFO]  Finding latest release",
+        "[INFO]  Using v0.10.2 as release",
+        "[INFO]  Downloading hash https://github.com/rancher/k3s/releases/download/v0.10.2/sha256sum-amd64.txt",
+        "[INFO]  Downloading binary https://github.com/rancher/k3s/releases/download/v0.10.2/k3s",
+        "[INFO]  Verifying binary download",
+        "[INFO]  Installing k3s to /usr/local/bin/k3s",
+        "[INFO]  Creating /usr/local/bin/kubectl symlink to k3s",
+        "[INFO]  Creating /usr/local/bin/crictl symlink to k3s",
+        "[INFO]  Creating /usr/local/bin/ctr symlink to k3s",
+        "[INFO]  Creating killall script /usr/local/bin/k3s-killall.sh",
+        "[INFO]  Creating uninstall script /usr/local/bin/k3s-uninstall.sh",
+        "[INFO]  env: Creating environment file /etc/systemd/system/k3s.service.env",
+        "[INFO]  systemd: Creating service file /etc/systemd/system/k3s.service",
+        "[INFO]  systemd: Enabling k3s unit",
+        "[INFO]  systemd: Starting k3s"
+    ]
+}
+```
+
+#### Workers sample output
+Note that the output specifies that an agent has been started.
+```
+TASK [k3s-workers : install k3s on workers] ******************************************************************************************************************************
+changed: [node-30]
+changed: [node-27]
+changed: [node-28]
+changed: [node-29]
+
+TASK [k3s-workers : results of installation] *****************************************************************************************************************************
+ok: [node-27] => {
+    "workers_install_result.stdout_lines": [
+        "[INFO]  Finding latest release",
+        "[INFO]  Using v0.10.2 as release",
+        "[INFO]  Downloading hash https://github.com/rancher/k3s/releases/download/v0.10.2/sha256sum-amd64.txt",
+        "[INFO]  Downloading binary https://github.com/rancher/k3s/releases/download/v0.10.2/k3s",
+        "[INFO]  Verifying binary download",
+        "[INFO]  Installing k3s to /usr/local/bin/k3s",
+        "[INFO]  Creating /usr/local/bin/kubectl symlink to k3s",
+        "[INFO]  Creating /usr/local/bin/crictl symlink to k3s",
+        "[INFO]  Creating /usr/local/bin/ctr symlink to k3s",
+        "[INFO]  Creating killall script /usr/local/bin/k3s-killall.sh",
+        "[INFO]  Creating uninstall script /usr/local/bin/k3s-agent-uninstall.sh",
+        "[INFO]  env: Creating environment file /etc/systemd/system/k3s-agent.service.env",
+        "[INFO]  systemd: Creating service file /etc/systemd/system/k3s-agent.service",
+        "[INFO]  systemd: Enabling k3s-agent unit",
+        "[INFO]  systemd: Starting k3s-agent"
+    ]
+}
+```
+
+### kubeconfig gets copied to localhost
+
+```
+TASK [k3s-master : create credentials directory] *************************************************************************************************************************
+changed: [node-19 -> localhost]
+
+TASK [k3s-master : fetch k3s.yaml] ***************************************************************************************************************************************
+changed: [node-19]
+
+TASK [k3s-master : update master ip in k3s.yaml] *************************************************************************************************************************
+changed: [node-19 -> localhost]
+```
+
+## Troubleshooting
+
+### .vaultpass
+The [ansible.cfg](ansible.cfg) file assumes a local `.vaultpass` file.  
+If you don't have one, you may see an error like:
+```
+$ ansible-playbook k3s-site.yml
+ERROR! The vault password file /Users/jeff/work/k3s-tools/.vaultpass was not found
+```
+FIX: remove the `vault_password_file = .vaultpass` line from ansible.cfg, or create .vaultpass
+
+## Next Steps / Ideas
+
+- [ ] Update roles for manual installation, instead of *trusting* the shell script

ansible.cfg

@@ -0,0 +1,5 @@
+[defaults]
+inventory = ./hosts.yml
+forks = 20
+host_key_checking = False
+vault_password_file = .vaultpass

hosts-example.yml

@@ -0,0 +1,39 @@
+all:
+  hosts:
+    localhost:
+    node-19:
+    node-21:
+    node-22:
+    node-27:
+    node-28:
+    node-29:
+    node-30:
+
+
+  children:
+
+    k3s:
+      children:
+        k3s_masters:
+        k3s_workers:
+      vars:
+        ansible_user: ubuntu
+        proxy: "http://proxy.kightlabs.net:8080"
+        no_proxy: "localhost,127.0.0.1,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16"
+
+
+    k3s_masters:
+      hosts:
+        node-19:
+        node-21:
+        node-22:
+      vars:
+
+    k3s_workers:
+      hosts:
+        node-27:
+        node-28:
+        node-29:
+        node-30:
+      vars:
+

k3s-site.yml

@@ -0,0 +1,21 @@
+---
+
+- hosts: k3s_masters k3s_workers
+  gather_facts: yes
+
+  roles:
+  - common
+
+
+- hosts: k3s_masters
+  gather_facts: yes
+
+  roles:
+  - k3s-master
+
+
+- hosts: k3s_workers
+  gather_facts: yes
+
+  roles:
+  - k3s-workers

roles/common/README.md

@@ -0,0 +1,38 @@
+Role Name
+=========
+
+A brief description of the role goes here.
+
+Requirements
+------------
+
+Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
+
+Role Variables
+--------------
+
+A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
+
+Dependencies
+------------
+
+A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
+
+Example Playbook
+----------------
+
+Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
+
+    - hosts: servers
+      roles:
+         - { role: username.rolename, x: 42 }
+
+License
+-------
+
+BSD
+
+Author Information
+------------------
+
+An optional section for the role authors to include contact information, or a website (HTML is not allowed).

roles/common/defaults/main.yml

@@ -0,0 +1,2 @@
+---
+# defaults file for common

roles/common/handlers/main.yml

@@ -0,0 +1,2 @@
+---
+# handlers file for common

roles/common/meta/main.yml

@@ -0,0 +1,53 @@
+galaxy_info:
+  author: your name
+  description: your description
+  company: your company (optional)
+
+  # If the issue tracker for your role is not on github, uncomment the
+  # next line and provide a value
+  # issue_tracker_url: http://example.com/issue/tracker
+
+  # Choose a valid license ID from https://spdx.org - some suggested licenses:
+  # - BSD-3-Clause (default)
+  # - MIT
+  # - GPL-2.0-or-later
+  # - GPL-3.0-only
+  # - Apache-2.0
+  # - CC-BY-4.0
+  license: license (GPL-2.0-or-later, MIT, etc)
+
+  min_ansible_version: 2.4
+
+  # If this a Container Enabled role, provide the minimum Ansible Container version.
+  # min_ansible_container_version:
+
+  #
+  # Provide a list of supported platforms, and for each platform a list of versions.
+  # If you don't wish to enumerate all versions for a particular platform, use 'all'.
+  # To view available platforms and versions (or releases), visit:
+  # https://galaxy.ansible.com/api/v1/platforms/
+  #
+  # platforms:
+  # - name: Fedora
+  #   versions:
+  #   - all
+  #   - 25
+  # - name: SomePlatform
+  #   versions:
+  #   - all
+  #   - 1.0
+  #   - 7
+  #   - 99.99
+
+  galaxy_tags: []
+    # List tags for your role here, one per line. A tag is a keyword that describes
+    # and categorizes the role. Users find roles by searching for tags. Be sure to
+    # remove the '[]' above, if you add tags to this list.
+    #
+    # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
+    #       Maximum 20 tags per role.
+
+dependencies: []
+  # List your role dependencies here, one per line. Be sure to remove the '[]' above,
+  # if you add dependencies to this list.
+

roles/common/tasks/main.yml

@@ -0,0 +1,89 @@
+---
+# tasks file for common
+
+- name: add http_proxy to /etc/environment
+  lineinfile:
+    path: /etc/environment
+    regexp: '^http_proxy='
+    line: http_proxy="{{ proxy }}"
+  become: yes
+
+- name: add https_proxy to /etc/environment
+  lineinfile:
+    path: /etc/environment
+    regexp: '^https_proxy='
+    line: https_proxy="{{ proxy }}"
+  become: yes
+
+- name: add no_proxy to /etc/environment
+  lineinfile:
+    path: /etc/environment
+    regexp: '^no_proxy='
+    line: no_proxy="{{ no_proxy }}"
+  become: yes
+
+- name: add proxy to yum.conf
+  ini_file:
+    path: /etc/yum.conf
+    section: main
+    option: proxy
+    no_extra_spaces: yes
+    value: "{{ proxy }}"
+  become: yes
+  when: ansible_facts['os_family'] == "RedHat"
+
+- name: update apt cache
+  apt:
+    update_cache: yes
+  become: yes
+  when: ansible_facts['os_family'] == "Debian"
+
+- name: update yum cache
+  yum:
+    update_cache: yes
+  become: yes
+  when: ansible_facts['os_family'] == "RedHat"
+
+- name: apt autoclean
+  apt:
+    autoclean: yes
+  become: yes
+  when: ansible_facts['os_family'] == "Debian"
+
+- name: apt autoremove
+  apt:
+    autoremove: yes
+  become: yes
+  when: ansible_facts['os_family'] == "Debian"
+
+- name: yum autoremove
+  yum:
+    autoremove: yes
+  become: yes
+  when: ansible_facts['os_family'] == "RedHat"
+
+- name: update all apt packages
+  apt:
+    name: "*"
+    state: latest
+  become: yes
+  when: ansible_facts['os_family'] == "Debian"
+
+- name: update all yum packages
+  yum:
+    name: "*"
+    state: latest
+  become: yes
+  when: ansible_facts['os_family'] == "RedHat"
+
+- name: install apt packages
+  apt:
+    name: "{{ apt_packages }}"
+  become: yes
+  when: ansible_facts['os_family'] == "Debian"
+
+- name: install yum packages
+  yum:
+    name: "{{ yum_packages }}"
+  become: yes
+  when: ansible_facts['os_family'] == "RedHat"