From 7e6347464bbb95b86f16c137d1c558c4d8632ec3 Mon Sep 17 00:00:00 2001 From: Michael DAmato Date: Fri, 19 Apr 2024 12:44:52 -0400 Subject: [PATCH] Add ability to specify TAR urls for installing RKE2 and downloading image tars, convert samples to using yaml based inventories, fix boolean in statement for backwards compatibility, fix rpm versioned repo condition check from issue 210 --- .ansible-lint | 1 + .ansible-lint-ignore | 1 + .github/workflows/rocky8.yml | 80 ++++++++++-------- .github/workflows/ubuntu20.yml | 78 ++++++++++-------- README.md | 54 +++++------- ansible.cfg | 2 +- inventory/.gitignore | 1 + inventory/sample/hosts.ini | 21 ----- inventory/sample/hosts.yml | 82 +++++++++++++++++++ roles/rke2_common/defaults/main.yml | 2 + .../tasks/images_tarball_install.yml | 15 ++++ roles/rke2_common/tasks/main.yml | 10 ++- roles/rke2_common/tasks/rpm_install.yml | 2 +- roles/rke2_common/tasks/tarball_install.yml | 18 +++- 14 files changed, 238 insertions(+), 129 deletions(-) delete mode 100644 inventory/sample/hosts.ini create mode 100644 inventory/sample/hosts.yml diff --git a/.ansible-lint b/.ansible-lint index 32dfeadd..ba0c6d31 100644 --- a/.ansible-lint +++ b/.ansible-lint @@ -6,5 +6,6 @@ warn_list: - no-handler - var-spacing - var-naming + - yaml[comments-indentation] skip_list: - experimental \ No newline at end of file diff --git a/.ansible-lint-ignore b/.ansible-lint-ignore index d31a25bc..dc3fc6ac 100644 --- a/.ansible-lint-ignore +++ b/.ansible-lint-ignore @@ -1,3 +1,4 @@ # This file contains ignores rule violations for ansible-lint roles/testing/tasks/troubleshooting.yml ignore-errors +inventory/sample/hosts.yml yaml[line-length] \ No newline at end of file diff --git a/.github/workflows/rocky8.yml b/.github/workflows/rocky8.yml index 986e0527..b4d9973e 100644 --- a/.github/workflows/rocky8.yml +++ b/.github/workflows/rocky8.yml @@ -106,15 +106,20 @@ jobs: - name: Ansible Version check run: ansible --version - - name: Create inventory hosts.ini - run: | - touch hosts.ini - echo "[rke2_servers]" > hosts.ini - aws ec2 describe-instances --filters "Name=tag:Owner,Values=rke2-ansible-github-actions" "Name=tag:NodeType,Values=Server" "Name=tag:github_run,Values=$GITHUB_RUN_ID" --query "Reservations[*].Instances[*].PublicIpAddress" --output text >> hosts.ini - echo "[rke2_agents]" >> hosts.ini - aws ec2 describe-instances --filters "Name=tag:Owner,Values=rke2-ansible-github-actions" "Name=tag:NodeType,Values=Agent" "Name=tag:github_run,Values=$GITHUB_RUN_ID" --query "Reservations[*].Instances[*].PublicIpAddress" --output text >> hosts.ini - echo "[all:vars]" >> hosts.ini - echo "kubernetes_api_server_host=$(aws ec2 describe-instances --filters "Name=tag:Owner,Values=rke2-ansible-github-actions" "Name=tag:NodeType,Values=Server" "Name=tag:github_run,Values=$GITHUB_RUN_ID" --query "Reservations[*].Instances[*].PrivateIpAddress" --output text | head -1)" >> hosts.ini + - name: Create inventory hosts.yml + run: | + touch hosts.yml + echo "rke2_cluster:" > hosts.yml + echo " children:" >> hosts.yml + echo " rke2_servers:" >> hosts.yml + echo " hosts:" >> hosts.yml + echo " $(aws ec2 describe-instances --filters "Name=instance-state-name,Values=running" "Name=tag:Owner,Values=rke2-ansible-github-actions" "Name=tag:NodeType,Values=Server" "Name=tag:github_run,Values=$GITHUB_RUN_ID" --query "Reservations[*].Instances[*].PublicIpAddress" --output text | head -1):" >> hosts.yml + echo " rke2_agents:" >> hosts.yml + echo " hosts:" >> hosts.yml + echo " $(aws ec2 describe-instances --filters "Name=instance-state-name,Values=running" "Name=tag:Owner,Values=rke2-ansible-github-actions" "Name=tag:NodeType,Values=Agent" "Name=tag:github_run,Values=$GITHUB_RUN_ID" --query "Reservations[*].Instances[*].PublicIpAddress" --output text | head -1):" >> hosts.yml + echo "all:" >> hosts.yml + echo " vars:" >> hosts.yml + echo " kubernetes_api_server_host: $(aws ec2 describe-instances --filters "Name=instance-state-name,Values=running" "Name=tag:Owner,Values=rke2-ansible-github-actions" "Name=tag:NodeType,Values=Server" "Name=tag:github_run,Values=$GITHUB_RUN_ID" --query "Reservations[*].Instances[*].PrivateIpAddress" --output text | head -1)" >> hosts.yml echo "" >> ansible.cfg echo "" >> ansible.cfg echo "remote_user=centos" >> ansible.cfg @@ -124,46 +129,51 @@ jobs: AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} AWS_DEFAULT_REGION: us-gov-west-1 - - name: Check hosts.ini and ansible.cfg + - name: Check hosts.yml and ansible.cfg run: | - cat hosts.ini + cat hosts.yml cat ansible.cfg - name: Prep inventory run: | cp -R inventory/sample inventory/rocky8 - cp hosts.ini inventory/rocky8/hosts.ini + cp hosts.yml inventory/rocky8/hosts.yml - name: Run playbook run: | - ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -i inventory/rocky8/hosts.ini -u centos -vv --private-key .key site.yml + ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -i inventory/rocky8/hosts.yml -u centos -vv --private-key .key site.yml - name: Run playbook again for idempotency run: | - ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -i inventory/rocky8/hosts.ini -u centos -vv --private-key .key site.yml + ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -i inventory/rocky8/hosts.yml -u centos -vv --private-key .key site.yml - name: Run Ansible Tests run: | - ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -i inventory/rocky8/hosts.ini -u centos --verbose --skip-tags "troubleshooting" --private-key .key testing.yml + ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -i inventory/rocky8/hosts.yml -u centos --verbose --skip-tags "troubleshooting" --private-key .key testing.yml - name: Run Python Tests run: | export DEFAULT_PRIVATE_KEY_FILE=.key - pytest --hosts=rke2_servers --ansible-inventory=inventory/rocky8/hosts.ini --force-ansible --connection=ansible --sudo testing/basic_server_tests.py - pytest --hosts=rke2_agents --ansible-inventory=inventory/rocky8/hosts.ini --force-ansible --connection=ansible --sudo testing/basic_agent_tests.py - - - name: Create new inventory hosts.ini with added hosts - run: | - rm hosts.ini - touch hosts.ini - echo "[rke2_servers]" > hosts.ini - aws ec2 describe-instances --filters "Name=tag:Owner,Values=rke2-ansible-github-actions" "Name=tag:NodeType,Values=Server" "Name=tag:github_run,Values=$GITHUB_RUN_ID" --query "Reservations[*].Instances[*].PublicIpAddress" --output text >> hosts.ini - echo "[rke2_agents]" >> hosts.ini - aws ec2 describe-instances --filters "Name=tag:Owner,Values=rke2-ansible-github-actions" "Name=tag:NodeType,Values=Agent" "Name=tag:github_run,Values=$GITHUB_RUN_ID" --query "Reservations[*].Instances[*].PublicIpAddress" --output text >> hosts.ini - aws ec2 describe-instances --filters "Name=tag:Owner,Values=rke2-ansible-github-actions" "Name=tag:NodeType,Values=ExtraNode" "Name=tag:github_run,Values=$GITHUB_RUN_ID" --query "Reservations[*].Instances[*].PublicIpAddress" --output text >> hosts.ini - echo "[all:vars]" >> hosts.ini - echo "kubernetes_api_server_host=$(aws ec2 describe-instances --filters "Name=tag:Owner,Values=rke2-ansible-github-actions" "Name=tag:NodeType,Values=Server" "Name=tag:github_run,Values=$GITHUB_RUN_ID" --query "Reservations[*].Instances[*].PrivateIpAddress" --output text | head -1)" >> hosts.ini - cp hosts.ini inventory/rocky8/hosts.ini + pytest --hosts=rke2_servers --ansible-inventory=inventory/rocky8/hosts.yml --force-ansible --connection=ansible --sudo testing/basic_server_tests.py + pytest --hosts=rke2_agents --ansible-inventory=inventory/rocky8/hosts.yml --force-ansible --connection=ansible --sudo testing/basic_agent_tests.py + + - name: Create new inventory hosts.yml with added hosts + run: | + rm hosts.yml + touch hosts.yml + echo "rke2_cluster:" > hosts.yml + echo " children:" >> hosts.yml + echo " rke2_servers:" >> hosts.yml + echo " hosts:" >> hosts.yml + echo " $(aws ec2 describe-instances --filters "Name=instance-state-name,Values=running" "Name=tag:Owner,Values=rke2-ansible-github-actions" "Name=tag:NodeType,Values=Server" "Name=tag:github_run,Values=$GITHUB_RUN_ID" --query "Reservations[*].Instances[*].PublicIpAddress" --output text | head -1):" >> hosts.yml + echo " rke2_agents:" >> hosts.yml + echo " hosts:" >> hosts.yml + echo " $(aws ec2 describe-instances --filters "Name=instance-state-name,Values=running" "Name=tag:Owner,Values=rke2-ansible-github-actions" "Name=tag:NodeType,Values=Agent" "Name=tag:github_run,Values=$GITHUB_RUN_ID" --query "Reservations[*].Instances[*].PublicIpAddress" --output text | head -1):" >> hosts.yml + echo " $(aws ec2 describe-instances --filters "Name=instance-state-name,Values=running" "Name=tag:Owner,Values=rke2-ansible-github-actions" "Name=tag:NodeType,Values=ExtraNode" "Name=tag:github_run,Values=$GITHUB_RUN_ID" --query "Reservations[*].Instances[*].PublicIpAddress" --output text | head -1):" >> hosts.yml + echo "all:" >> hosts.yml + echo " vars:" >> hosts.yml + echo " kubernetes_api_server_host: $(aws ec2 describe-instances --filters "Name=instance-state-name,Values=running" "Name=tag:Owner,Values=rke2-ansible-github-actions" "Name=tag:NodeType,Values=Server" "Name=tag:github_run,Values=$GITHUB_RUN_ID" --query "Reservations[*].Instances[*].PrivateIpAddress" --output text | head -1)" >> hosts.yml + cp hosts.yml inventory/rocky8/hosts.yml env: AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} @@ -171,22 +181,22 @@ jobs: - name: Run playbook again with added hosts run: | - ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -i inventory/rocky8/hosts.ini -u centos --verbose --private-key .key site.yml + ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -i inventory/rocky8/hosts.yml -u centos --verbose --private-key .key site.yml - name: Run Ansible Tests with added hosts run: | - ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -i inventory/rocky8/hosts.ini -u centos --verbose --skip-tags "troubleshooting" --private-key .key testing.yml + ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -i inventory/rocky8/hosts.yml -u centos --verbose --skip-tags "troubleshooting" --private-key .key testing.yml - name: Run Python Tests with added hosts run: | export DEFAULT_PRIVATE_KEY_FILE=.key - pytest --hosts=rke2_servers --ansible-inventory=inventory/rocky8/hosts.ini --force-ansible --connection=ansible --sudo testing/basic_server_tests.py - pytest --hosts=rke2_agents --ansible-inventory=inventory/rocky8/hosts.ini --force-ansible --connection=ansible --sudo testing/basic_agent_tests.py + pytest --hosts=rke2_servers --ansible-inventory=inventory/rocky8/hosts.yml --force-ansible --connection=ansible --sudo testing/basic_server_tests.py + pytest --hosts=rke2_agents --ansible-inventory=inventory/rocky8/hosts.yml --force-ansible --connection=ansible --sudo testing/basic_agent_tests.py - name: Run troubleshoot tasks if: ${{ failure() }} run: | - ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -i inventory/rocky8/hosts.ini -u centos -vvv --tags "troubleshooting" --private-key .key testing.yml + ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -i inventory/rocky8/hosts.yml -u centos -vvv --tags "troubleshooting" --private-key .key testing.yml - name: Delete Stack if: ${{ always() }} diff --git a/.github/workflows/ubuntu20.yml b/.github/workflows/ubuntu20.yml index 6adac9e6..b3dbeeb5 100644 --- a/.github/workflows/ubuntu20.yml +++ b/.github/workflows/ubuntu20.yml @@ -104,15 +104,20 @@ jobs: - name: Ansible Version check run: ansible --version - - name: Create inventory hosts.ini - run: | - touch hosts.ini - echo "[rke2_servers]" > hosts.ini - aws ec2 describe-instances --filters "Name=tag:Owner,Values=rke2-ansible-github-actions" "Name=tag:NodeType,Values=Server" "Name=tag:github_run,Values=$GITHUB_RUN_ID" --query "Reservations[*].Instances[*].PublicIpAddress" --output text >> hosts.ini - echo "[rke2_agents]" >> hosts.ini - aws ec2 describe-instances --filters "Name=tag:Owner,Values=rke2-ansible-github-actions" "Name=tag:NodeType,Values=Agent" "Name=tag:github_run,Values=$GITHUB_RUN_ID" --query "Reservations[*].Instances[*].PublicIpAddress" --output text >> hosts.ini - echo "[all:vars]" >> hosts.ini - echo "kubernetes_api_server_host=$(aws ec2 describe-instances --filters "Name=tag:Owner,Values=rke2-ansible-github-actions" "Name=tag:NodeType,Values=Server" "Name=tag:github_run,Values=$GITHUB_RUN_ID" --query "Reservations[*].Instances[*].PrivateIpAddress" --output text | head -1)" >> hosts.ini + - name: Create inventory hosts.yml + run: | + touch hosts.yml + echo "rke2_cluster:" > hosts.yml + echo " children:" >> hosts.yml + echo " rke2_servers:" >> hosts.yml + echo " hosts:" >> hosts.yml + echo " $(aws ec2 describe-instances --filters "Name=instance-state-name,Values=running" "Name=tag:Owner,Values=rke2-ansible-github-actions" "Name=tag:NodeType,Values=Server" "Name=tag:github_run,Values=$GITHUB_RUN_ID" --query "Reservations[*].Instances[*].PublicIpAddress" --output text | head -1):" >> hosts.yml + echo " rke2_agents:" >> hosts.yml + echo " hosts:" >> hosts.yml + echo " $(aws ec2 describe-instances --filters "Name=instance-state-name,Values=running" "Name=tag:Owner,Values=rke2-ansible-github-actions" "Name=tag:NodeType,Values=Agent" "Name=tag:github_run,Values=$GITHUB_RUN_ID" --query "Reservations[*].Instances[*].PublicIpAddress" --output text | head -1):" >> hosts.yml + echo "all:" >> hosts.yml + echo " vars:" >> hosts.yml + echo " kubernetes_api_server_host: $(aws ec2 describe-instances --filters "Name=instance-state-name,Values=running" "Name=tag:Owner,Values=rke2-ansible-github-actions" "Name=tag:NodeType,Values=Server" "Name=tag:github_run,Values=$GITHUB_RUN_ID" --query "Reservations[*].Instances[*].PrivateIpAddress" --output text | head -1)" >> hosts.yml echo "" >> ansible.cfg echo "" >> ansible.cfg echo "remote_user=ubuntu" >> ansible.cfg @@ -122,46 +127,51 @@ jobs: AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} AWS_DEFAULT_REGION: us-gov-west-1 - - name: Check hosts.ini and ansible.cfg + - name: Check hosts.yml and ansible.cfg run: | - cat hosts.ini + cat hosts.yml cat ansible.cfg - name: Prep inventory run: | cp -R inventory/sample inventory/ubuntu20 - cp hosts.ini inventory/ubuntu20/hosts.ini + cp hosts.yml inventory/ubuntu20/hosts.yml - name: Run playbook run: | - ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -i inventory/ubuntu20/hosts.ini -u ubuntu --verbose --private-key .key site.yml + ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -i inventory/ubuntu20/hosts.yml -u ubuntu --verbose --private-key .key site.yml - name: Run playbook again for idempotency run: | - ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -i inventory/ubuntu20/hosts.ini -u ubuntu --verbose --private-key .key site.yml + ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -i inventory/ubuntu20/hosts.yml -u ubuntu --verbose --private-key .key site.yml - name: Run Ansible Tests run: | - ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -i inventory/ubuntu20/hosts.ini -u ubuntu --verbose --private-key .key testing.yml + ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -i inventory/ubuntu20/hosts.yml -u ubuntu --verbose --private-key .key testing.yml - name: Run Python Tests run: | export DEFAULT_PRIVATE_KEY_FILE=.key - pytest --hosts=rke2_servers --ansible-inventory=inventory/ubuntu20/hosts.ini --force-ansible --connection=ansible --sudo testing/basic_server_tests.py - pytest --hosts=rke2_agents --ansible-inventory=inventory/ubuntu20/hosts.ini --force-ansible --connection=ansible --sudo testing/basic_agent_tests.py - - - name: Create new inventory hosts.ini with added hosts - run: | - rm hosts.ini - touch hosts.ini - echo "[rke2_servers]" > hosts.ini - aws ec2 describe-instances --filters "Name=tag:Owner,Values=rke2-ansible-github-actions" "Name=tag:NodeType,Values=Server" "Name=tag:github_run,Values=$GITHUB_RUN_ID" --query "Reservations[*].Instances[*].PublicIpAddress" --output text >> hosts.ini - echo "[rke2_agents]" >> hosts.ini - aws ec2 describe-instances --filters "Name=tag:Owner,Values=rke2-ansible-github-actions" "Name=tag:NodeType,Values=Agent" "Name=tag:github_run,Values=$GITHUB_RUN_ID" --query "Reservations[*].Instances[*].PublicIpAddress" --output text >> hosts.ini - aws ec2 describe-instances --filters "Name=tag:Owner,Values=rke2-ansible-github-actions" "Name=tag:NodeType,Values=ExtraNode" "Name=tag:github_run,Values=$GITHUB_RUN_ID" --query "Reservations[*].Instances[*].PublicIpAddress" --output text >> hosts.ini - echo "[all:vars]" >> hosts.ini - echo "kubernetes_api_server_host=$(aws ec2 describe-instances --filters "Name=tag:Owner,Values=rke2-ansible-github-actions" "Name=tag:NodeType,Values=Server" "Name=tag:github_run,Values=$GITHUB_RUN_ID" --query "Reservations[*].Instances[*].PrivateIpAddress" --output text | head -1)" >> hosts.ini - cp hosts.ini inventory/ubuntu20/hosts.ini + pytest --hosts=rke2_servers --ansible-inventory=inventory/ubuntu20/hosts.yml --force-ansible --connection=ansible --sudo testing/basic_server_tests.py + pytest --hosts=rke2_agents --ansible-inventory=inventory/ubuntu20/hosts.yml --force-ansible --connection=ansible --sudo testing/basic_agent_tests.py + + - name: Create new inventory hosts.yml with added hosts + run: | + rm -f hosts.yml + touch hosts.yml + echo "rke2_cluster:" > hosts.yml + echo " children:" >> hosts.yml + echo " rke2_servers:" >> hosts.yml + echo " hosts:" >> hosts.yml + echo " $(aws ec2 describe-instances --filters "Name=instance-state-name,Values=running" "Name=tag:Owner,Values=rke2-ansible-github-actions" "Name=tag:NodeType,Values=Server" "Name=tag:github_run,Values=$GITHUB_RUN_ID" --query "Reservations[*].Instances[*].PublicIpAddress" --output text | head -1):" >> hosts.yml + echo " rke2_agents:" >> hosts.yml + echo " hosts:" >> hosts.yml + echo " $(aws ec2 describe-instances --filters "Name=instance-state-name,Values=running" "Name=tag:Owner,Values=rke2-ansible-github-actions" "Name=tag:NodeType,Values=Agent" "Name=tag:github_run,Values=$GITHUB_RUN_ID" --query "Reservations[*].Instances[*].PublicIpAddress" --output text | head -1):" >> hosts.yml + echo " $(aws ec2 describe-instances --filters "Name=instance-state-name,Values=running" "Name=tag:Owner,Values=rke2-ansible-github-actions" "Name=tag:NodeType,Values=ExtraNode" "Name=tag:github_run,Values=$GITHUB_RUN_ID" --query "Reservations[*].Instances[*].PublicIpAddress" --output text | head -1):" >> hosts.yml + echo "all:" >> hosts.yml + echo " vars:" >> hosts.yml + echo " kubernetes_api_server_host: $(aws ec2 describe-instances --filters "Name=instance-state-name,Values=running" "Name=tag:Owner,Values=rke2-ansible-github-actions" "Name=tag:NodeType,Values=Server" "Name=tag:github_run,Values=$GITHUB_RUN_ID" --query "Reservations[*].Instances[*].PrivateIpAddress" --output text | head -1)" >> hosts.yml + cp hosts.yml inventory/ubuntu20/hosts.yml env: AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} @@ -169,17 +179,17 @@ jobs: - name: Run playbook again with added hosts run: | - ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -i inventory/ubuntu20/hosts.ini -u ubuntu --verbose --private-key .key site.yml + ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -i inventory/ubuntu20/hosts.yml -u ubuntu --verbose --private-key .key site.yml - name: Run Ansible Tests with added hosts run: | - ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -i inventory/ubuntu20/hosts.ini -u ubuntu --verbose --private-key .key testing.yml + ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -i inventory/ubuntu20/hosts.yml -u ubuntu --verbose --private-key .key testing.yml - name: Run Python Tests with added hosts run: | export DEFAULT_PRIVATE_KEY_FILE=.key - pytest --hosts=rke2_servers --ansible-inventory=inventory/ubuntu20/hosts.ini --force-ansible --connection=ansible --sudo testing/basic_server_tests.py - pytest --hosts=rke2_agents --ansible-inventory=inventory/ubuntu20/hosts.ini --force-ansible --connection=ansible --sudo testing/basic_agent_tests.py + pytest --hosts=rke2_servers --ansible-inventory=inventory/ubuntu20/hosts.yml --force-ansible --connection=ansible --sudo testing/basic_server_tests.py + pytest --hosts=rke2_agents --ansible-inventory=inventory/ubuntu20/hosts.yml --force-ansible --connection=ansible --sudo testing/basic_agent_tests.py - name: Delete Stack if: ${{ always() }} diff --git a/README.md b/README.md index e0c36dba..20d0f805 100644 --- a/README.md +++ b/README.md @@ -30,19 +30,10 @@ Platforms The RKE2 Ansible playbook supports all [RKE2 Supported Operating Systems](https://docs.rke2.io/install/requirements/#operating-systems) Supported Operating Systems: -```yaml -SLES: - - 15 SP2 (amd64) -CentOS: - - 7.8 (amd64) - - 8.2 (amd64) -Red Hat: - - 7.8 (amd64) - - 8.2 (amd64) -Ubuntu: - - bionic/18.04 (amd64) - - focal/20.04 (amd64) -``` +- SLES 15 +- Rocky 8 and 9 +- RedHat: 8 and 9 +- Ubuntu: 18, 20, and 22 System requirements @@ -67,18 +58,23 @@ Create a new directory based on the `sample` directory within the `inventory` di cp -R inventory/sample inventory/my-cluster ``` -Second, edit `inventory/my-cluster/hosts.ini` to match the system information gathered above. For example: - -```bash -[rke2_servers] -192.16.35.12 - -[rke2_agents] -192.16.35.[10:11] +Second, edit `inventory/my-cluster/hosts.yaml` to match the system information gathered above. For example: -[rke2_cluster:children] -rke2_servers -rke2_agents +```yaml +rke2_cluster: + children: + rke2_servers: + hosts: + server1.example.com: + rke2_agents: + hosts: + agent1.example.com: + agent2.example.com: + node_labels: + - agent2Label=true" +all: + vars: + install_rke2_version: v1.27.10+rke2r1 ``` If needed, you can also edit `inventory/my-cluster/group_vars/rke2_agents.yml` and `inventory/my-cluster/group_vars/rke2_servers.yml` to match your environment. @@ -86,7 +82,7 @@ If needed, you can also edit `inventory/my-cluster/group_vars/rke2_agents.yml` a Start provisioning of the cluster using the following command: ```bash -ansible-playbook site.yml -i inventory/my-cluster/hosts.ini +ansible-playbook site.yml -i inventory/my-cluster/hosts.yml ``` Tarball Install/Air-Gap Install @@ -148,10 +144,4 @@ systemctl restart fapolicyd Author Information ------------------ -[Dave Vigil](https://github.com/dgvigil) - -[Brandon Gulla](https://github.com/bgulla) - -[Rancher Federal](https://rancherfederal.com/) - -[Mike D'Amato](https://github.com/mdamato) +[Rancher Government Solutions](https://ranchergovernment.com/) diff --git a/ansible.cfg b/ansible.cfg index 8570c43b..43a4415d 100644 --- a/ansible.cfg +++ b/ansible.cfg @@ -1,7 +1,7 @@ [defaults] nocows = True roles_path = ./roles -inventory = ./inventory/my-cluster/hosts.ini +inventory = ./inventory/my-cluster/hosts.yml remote_tmp = $HOME/.ansible/tmp local_tmp = $HOME/.ansible/tmp diff --git a/inventory/.gitignore b/inventory/.gitignore index 5ae5024e..520c0f44 100644 --- a/inventory/.gitignore +++ b/inventory/.gitignore @@ -1,3 +1,4 @@ * !.gitignore !sample/ +!sample/hosts.yml diff --git a/inventory/sample/hosts.ini b/inventory/sample/hosts.ini deleted file mode 100644 index fffeced0..00000000 --- a/inventory/sample/hosts.ini +++ /dev/null @@ -1,21 +0,0 @@ - -; Optional hostvars that can be pased in to individual nodes include node_ip, node_name, bind_address, advertise_address, node_taints=[], node_labels=[], and node_external_ip -; Example: -[rke2_servers] -; host0 node_labels='["extraLabel0=true"]' node_ip="10.10.10.10" node_name="customName0" bind_address="10.10.10.10" advertise_address="10.10.10.10" node_external_ip="52.52.52.52" node_taints='["CriticalAddonsOnly=true:NoSchedule"]' cloud_provider_name="aws" -; host1 node_labels='["extraLabel1=true"]' node_ip="10.10.10.11" node_name="customName1" node_taints='["CriticalAddonsOnly=true:NoSchedule"]' cloud_provider_name="aws" -; host2 node_labels='["extraLabel0=true"]' node_ip="10.10.10.12" node_name="customName1" node_taints='["CriticalAddonsOnly=true:NoSchedule"]' cloud_provider_name="aws" - -[rke2_agents] -; host4 -; host5 -; host6 - -[rke2_cluster:children] -rke2_servers -rke2_agents - -[all:vars] - -# Specify full version, by default latest stable version will be used -# install_rke2_version = v1.25.4+rke2r1 \ No newline at end of file diff --git a/inventory/sample/hosts.yml b/inventory/sample/hosts.yml new file mode 100644 index 00000000..56811651 --- /dev/null +++ b/inventory/sample/hosts.yml @@ -0,0 +1,82 @@ +--- +all: + vars: + install_rke2_version: v1.27.10+rke2r1 + # # In air-gapped envs, it might be convenient to download the tar files from custom URLs + # rke2_tarball_url: https://github.com/rancher/rke2/releases/download/v1.26.15%2Brke2r1/rke2.linux-amd64.tar.gz + # rke2_image_tar_urls: + # - https://github.com/rancher/rke2/releases/download/v1.26.15%2Brke2r1/rke2-images-canal.linux-amd64.tar.zst + # - https://github.com/rancher/rke2/releases/download/v1.26.15%2Brke2r1/rke2-images-core.linux-amd64.tar.zst + +rke2_cluster: + children: + rke2_servers: + vars: + # # Set generic rke2_config at the group level. + # # Every host in this group will inherit these rke2 configurations + # # See https://docs.rke2.io/reference/server_config for more options + # # These options can also be set in the group_vars folder + rke2_config: + node-label: + - serverGroupLabel=true + # profile: cis-1.6 + # kube-controller-manager-arg: + # - "tls-min-version=VersionTLS12" + # - "tls-cipher-suites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384" + # kube-scheduler-arg: + # - "tls-min-version=VersionTLS12" + # - "tls-cipher-suites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384" + # kube-apiserver-arg: + # - "tls-min-version=VersionTLS12" + # - "tls-cipher-suites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384" + # - "enable-admission-plugins=ValidatingAdmissionWebhook,NodeRestriction,PodSecurityPolicy" + # - "request-timeout=300s" + # # Enable only when auditing is enabled, blocks API when audit fails + # #- "audit-log-mode=blocking-strict" + # + # kubelet-arg: + # - "feature-gates=DynamicKubeletConfig=false" + # - "protect-kernel-defaults=true" + # - "streaming-connection-idle-timeout=5m" + # + # etcd-extra-env: + # - "ETCD_AUTO_TLS=false" + # - "ETCD_PEER_AUTO_TLS=false" + # + # write-kubeconfig-mode: "0640" + # # See https://kubernetes.io/docs/tasks/debug-application-cluster/audit/ + # # Add a policy configuration file by specifying the file path on the control host + # audit_policy_config_file_path: "{{ playbook_dir }}/sample_files/audit-policy.yaml" + # # See https://docs.rke2.io/install/containerd_registry_configuration/ + # # Add a registry configuration file by specifying the file path on the control host + # registry_config_file_path: "{{ playbook_dir }}/sample_files/registries.yaml" + # # See https://docs.rke2.io/helm/#automatically-deploying-manifests-and-helm-charts + # # Add manifest files by specifying the directory path on the control host + # manifest_config_file_path: "{{ playbook_dir }}/sample_files/manifest/" + hosts: + # # Optional hostvars that can be pased in to individual nodes include + # # node_ip, node_name, bind_address, advertise_address, node_taints=[], + # # node_labels=[], and node_external_ip + server0.example.com: + node_labels: + - server0Label=true + # node_ip: "10.10.10.10" + # node_name: "server0.example.com" + # bind_address: "10.10.10.10" + # advertise_address: "10.10.10.10" + # node_external_ip: "52.52.52.52" + # node_taints: + # - CriticalAddonsOnly=true:NoSchedule + # cloud_provider_name: "aws" + rke2_agents: + vars: + rke2_config: + node-label: + - agentGroupLabel=true + hosts: + agent0.example.com: + node_labels: + - agent0Label=true + agent1.example.com: + node_labels: + - agent1Label=true diff --git a/roles/rke2_common/defaults/main.yml b/roles/rke2_common/defaults/main.yml index 71eca998..715d6a4e 100644 --- a/roles/rke2_common/defaults/main.yml +++ b/roles/rke2_common/defaults/main.yml @@ -1,5 +1,7 @@ --- tarball_dir: "/usr/local" +rke2_tarball_url: "" +rke2_images_urls: [] rke2_channel: stable audit_policy_config_file_path: "" registry_config_file_path: "" diff --git a/roles/rke2_common/tasks/images_tarball_install.yml b/roles/rke2_common/tasks/images_tarball_install.yml index 4942ac2a..f16ea251 100644 --- a/roles/rke2_common/tasks/images_tarball_install.yml +++ b/roles/rke2_common/tasks/images_tarball_install.yml @@ -15,6 +15,21 @@ delegate_to: 127.0.0.1 become: false +- name: Create images directory + ansible.builtin.file: + path: /var/lib/rancher/rke2/agent/images + state: directory + mode: '0644' + +- name: Download images tar files url + ansible.builtin.get_url: + url: "{{item}}" + dest: "/var/lib/rancher/rke2/agent/images" + mode: "0644" + when: + - rke2_images_urls != [] + with_items: "{{rke2_images_urls}}" + - name: Add images tar.gz to needed directory if provided ansible.builtin.copy: src: "{{ playbook_dir }}/tarball_install/rke2-images.linux-amd64.tar.gz" diff --git a/roles/rke2_common/tasks/main.yml b/roles/rke2_common/tasks/main.yml index 56840b3c..78502759 100644 --- a/roles/rke2_common/tasks/main.yml +++ b/roles/rke2_common/tasks/main.yml @@ -22,7 +22,9 @@ - name: Include calculate_rke2_version.yml ansible.builtin.include_tasks: calculate_rke2_version.yml - when: not rke2_binary_tarball_check.stat.exists + when: + - not rke2_binary_tarball_check.stat.exists + - rke2_tarball_url == "" - name: SLES/Ubuntu/Tarball Installation ansible.builtin.include_tasks: tarball_install.yml @@ -30,12 +32,14 @@ - |- ((ansible_facts['os_family'] != 'RedHat' and ansible_facts['os_family'] != 'Rocky') or - rke2_binary_tarball_check.stat.exists ) + rke2_binary_tarball_check.stat.exists or + rke2_tarball_url != "" ) - name: RHEL/CentOS Installation when: - ansible_os_family == 'RedHat' or ansible_os_family == 'Rocky' - not rke2_binary_tarball_check.stat.exists + - rke2_tarball_url == "" ansible.builtin.include_tasks: rpm_install.yml # Disable Firewalld @@ -59,7 +63,7 @@ ansible.builtin.include_tasks: iptables_rules.yml when: - ansible_facts.services["iptables.service"] is defined - - add_iptables_rules is true + - add_iptables_rules | bool - name: Include task file add-audit-policy-config.yml ansible.builtin.include_tasks: add-audit-policy-config.yml diff --git a/roles/rke2_common/tasks/rpm_install.yml b/roles/rke2_common/tasks/rpm_install.yml index e9d5f230..35935b17 100644 --- a/roles/rke2_common/tasks/rpm_install.yml +++ b/roles/rke2_common/tasks/rpm_install.yml @@ -38,7 +38,7 @@ gpgkey: "{{ rke2_versioned_yum_repo.gpgkey }}" enabled: "{{ rke2_versioned_yum_repo.enabled }}" when: - - not stat_rke2_common_repo.stat.exists + - not stat_rke2_versioned_repo.stat.exists - ansible_facts['os_family'] == "RedHat" or ansible_facts['os_family'] == "Rocky" - ansible_facts['distribution_major_version'] == "7" or ansible_facts['distribution_major_version'] == "8" or diff --git a/roles/rke2_common/tasks/tarball_install.yml b/roles/rke2_common/tasks/tarball_install.yml index ba1c6f92..ca0d3f5f 100644 --- a/roles/rke2_common/tasks/tarball_install.yml +++ b/roles/rke2_common/tasks/tarball_install.yml @@ -23,13 +23,26 @@ src: "{{ playbook_dir }}/tarball_install/rke2.linux-amd64.tar.gz" dest: "{{ temp_dir.path }}/rke2.linux-amd64.tar.gz" mode: '0644' - when: rke2_binary_tarball_check.stat.exists + when: + - rke2_binary_tarball_check.stat.exists + - rke2_tarball_url == "" + +- name: Download Tar from provided URL + ansible.builtin.get_url: + url: "{{ rke2_tarball_url }}" + dest: "{{ temp_dir.path }}/rke2.linux-amd64.tar.gz" + mode: "0644" + when: + - not rke2_binary_tarball_check.stat.exists + - rke2_tarball_url != "" + - name: Determine if current version differs what what is being installed ansible.builtin.set_fact: rke2_version_changed: true when: - not rke2_binary_tarball_check.stat.exists + - rke2_tarball_url == "" - not installed or installed_rke2_version != rke2_full_version - name: TARBALL | Download the tarball @@ -39,6 +52,7 @@ mode: "0644" when: - not rke2_binary_tarball_check.stat.exists + - rke2_tarball_url == "" - rke2_version_changed - name: TARBALL | Install tar package @@ -49,7 +63,7 @@ - name: Get version of provided tarball when: - - rke2_binary_tarball_check.stat.exists + - (rke2_binary_tarball_check.stat.exists or rke2_tarball_url != "") block: - name: Unarchive tarball into temp location ansible.builtin.unarchive: