diff --git a/.ansible-lint b/.ansible-lint index 32dfeadd..ba0c6d31 100644 --- a/.ansible-lint +++ b/.ansible-lint @@ -6,5 +6,6 @@ warn_list: - no-handler - var-spacing - var-naming + - yaml[comments-indentation] skip_list: - experimental \ No newline at end of file diff --git a/.ansible-lint-ignore b/.ansible-lint-ignore index d31a25bc..dc3fc6ac 100644 --- a/.ansible-lint-ignore +++ b/.ansible-lint-ignore @@ -1,3 +1,4 @@ # This file contains ignores rule violations for ansible-lint roles/testing/tasks/troubleshooting.yml ignore-errors +inventory/sample/hosts.yml yaml[line-length] \ No newline at end of file diff --git a/.github/workflows/rocky8.yml b/.github/workflows/rocky8.yml index 986e0527..b4d9973e 100644 --- a/.github/workflows/rocky8.yml +++ b/.github/workflows/rocky8.yml @@ -106,15 +106,20 @@ jobs: - name: Ansible Version check run: ansible --version - - name: Create inventory hosts.ini - run: | - touch hosts.ini - echo "[rke2_servers]" > hosts.ini - aws ec2 describe-instances --filters "Name=tag:Owner,Values=rke2-ansible-github-actions" "Name=tag:NodeType,Values=Server" "Name=tag:github_run,Values=$GITHUB_RUN_ID" --query "Reservations[*].Instances[*].PublicIpAddress" --output text >> hosts.ini - echo "[rke2_agents]" >> hosts.ini - aws ec2 describe-instances --filters "Name=tag:Owner,Values=rke2-ansible-github-actions" "Name=tag:NodeType,Values=Agent" "Name=tag:github_run,Values=$GITHUB_RUN_ID" --query "Reservations[*].Instances[*].PublicIpAddress" --output text >> hosts.ini - echo "[all:vars]" >> hosts.ini - echo "kubernetes_api_server_host=$(aws ec2 describe-instances --filters "Name=tag:Owner,Values=rke2-ansible-github-actions" "Name=tag:NodeType,Values=Server" "Name=tag:github_run,Values=$GITHUB_RUN_ID" --query "Reservations[*].Instances[*].PrivateIpAddress" --output text | head -1)" >> hosts.ini + - name: Create inventory hosts.yml + run: | + touch hosts.yml + echo "rke2_cluster:" > hosts.yml + echo " children:" >> hosts.yml + echo " rke2_servers:" >> hosts.yml + echo " hosts:" >> hosts.yml + echo " $(aws ec2 describe-instances --filters "Name=instance-state-name,Values=running" "Name=tag:Owner,Values=rke2-ansible-github-actions" "Name=tag:NodeType,Values=Server" "Name=tag:github_run,Values=$GITHUB_RUN_ID" --query "Reservations[*].Instances[*].PublicIpAddress" --output text | head -1):" >> hosts.yml + echo " rke2_agents:" >> hosts.yml + echo " hosts:" >> hosts.yml + echo " $(aws ec2 describe-instances --filters "Name=instance-state-name,Values=running" "Name=tag:Owner,Values=rke2-ansible-github-actions" "Name=tag:NodeType,Values=Agent" "Name=tag:github_run,Values=$GITHUB_RUN_ID" --query "Reservations[*].Instances[*].PublicIpAddress" --output text | head -1):" >> hosts.yml + echo "all:" >> hosts.yml + echo " vars:" >> hosts.yml + echo " kubernetes_api_server_host: $(aws ec2 describe-instances --filters "Name=instance-state-name,Values=running" "Name=tag:Owner,Values=rke2-ansible-github-actions" "Name=tag:NodeType,Values=Server" "Name=tag:github_run,Values=$GITHUB_RUN_ID" --query "Reservations[*].Instances[*].PrivateIpAddress" --output text | head -1)" >> hosts.yml echo "" >> ansible.cfg echo "" >> ansible.cfg echo "remote_user=centos" >> ansible.cfg @@ -124,46 +129,51 @@ jobs: AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} AWS_DEFAULT_REGION: us-gov-west-1 - - name: Check hosts.ini and ansible.cfg + - name: Check hosts.yml and ansible.cfg run: | - cat hosts.ini + cat hosts.yml cat ansible.cfg - name: Prep inventory run: | cp -R inventory/sample inventory/rocky8 - cp hosts.ini inventory/rocky8/hosts.ini + cp hosts.yml inventory/rocky8/hosts.yml - name: Run playbook run: | - ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -i inventory/rocky8/hosts.ini -u centos -vv --private-key .key site.yml + ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -i inventory/rocky8/hosts.yml -u centos -vv --private-key .key site.yml - name: Run playbook again for idempotency run: | - ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -i inventory/rocky8/hosts.ini -u centos -vv --private-key .key site.yml + ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -i inventory/rocky8/hosts.yml -u centos -vv --private-key .key site.yml - name: Run Ansible Tests run: | - ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -i inventory/rocky8/hosts.ini -u centos --verbose --skip-tags "troubleshooting" --private-key .key testing.yml + ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -i inventory/rocky8/hosts.yml -u centos --verbose --skip-tags "troubleshooting" --private-key .key testing.yml - name: Run Python Tests run: | export DEFAULT_PRIVATE_KEY_FILE=.key - pytest --hosts=rke2_servers --ansible-inventory=inventory/rocky8/hosts.ini --force-ansible --connection=ansible --sudo testing/basic_server_tests.py - pytest --hosts=rke2_agents --ansible-inventory=inventory/rocky8/hosts.ini --force-ansible --connection=ansible --sudo testing/basic_agent_tests.py - - - name: Create new inventory hosts.ini with added hosts - run: | - rm hosts.ini - touch hosts.ini - echo "[rke2_servers]" > hosts.ini - aws ec2 describe-instances --filters "Name=tag:Owner,Values=rke2-ansible-github-actions" "Name=tag:NodeType,Values=Server" "Name=tag:github_run,Values=$GITHUB_RUN_ID" --query "Reservations[*].Instances[*].PublicIpAddress" --output text >> hosts.ini - echo "[rke2_agents]" >> hosts.ini - aws ec2 describe-instances --filters "Name=tag:Owner,Values=rke2-ansible-github-actions" "Name=tag:NodeType,Values=Agent" "Name=tag:github_run,Values=$GITHUB_RUN_ID" --query "Reservations[*].Instances[*].PublicIpAddress" --output text >> hosts.ini - aws ec2 describe-instances --filters "Name=tag:Owner,Values=rke2-ansible-github-actions" "Name=tag:NodeType,Values=ExtraNode" "Name=tag:github_run,Values=$GITHUB_RUN_ID" --query "Reservations[*].Instances[*].PublicIpAddress" --output text >> hosts.ini - echo "[all:vars]" >> hosts.ini - echo "kubernetes_api_server_host=$(aws ec2 describe-instances --filters "Name=tag:Owner,Values=rke2-ansible-github-actions" "Name=tag:NodeType,Values=Server" "Name=tag:github_run,Values=$GITHUB_RUN_ID" --query "Reservations[*].Instances[*].PrivateIpAddress" --output text | head -1)" >> hosts.ini - cp hosts.ini inventory/rocky8/hosts.ini + pytest --hosts=rke2_servers --ansible-inventory=inventory/rocky8/hosts.yml --force-ansible --connection=ansible --sudo testing/basic_server_tests.py + pytest --hosts=rke2_agents --ansible-inventory=inventory/rocky8/hosts.yml --force-ansible --connection=ansible --sudo testing/basic_agent_tests.py + + - name: Create new inventory hosts.yml with added hosts + run: | + rm hosts.yml + touch hosts.yml + echo "rke2_cluster:" > hosts.yml + echo " children:" >> hosts.yml + echo " rke2_servers:" >> hosts.yml + echo " hosts:" >> hosts.yml + echo " $(aws ec2 describe-instances --filters "Name=instance-state-name,Values=running" "Name=tag:Owner,Values=rke2-ansible-github-actions" "Name=tag:NodeType,Values=Server" "Name=tag:github_run,Values=$GITHUB_RUN_ID" --query "Reservations[*].Instances[*].PublicIpAddress" --output text | head -1):" >> hosts.yml + echo " rke2_agents:" >> hosts.yml + echo " hosts:" >> hosts.yml + echo " $(aws ec2 describe-instances --filters "Name=instance-state-name,Values=running" "Name=tag:Owner,Values=rke2-ansible-github-actions" "Name=tag:NodeType,Values=Agent" "Name=tag:github_run,Values=$GITHUB_RUN_ID" --query "Reservations[*].Instances[*].PublicIpAddress" --output text | head -1):" >> hosts.yml + echo " $(aws ec2 describe-instances --filters "Name=instance-state-name,Values=running" "Name=tag:Owner,Values=rke2-ansible-github-actions" "Name=tag:NodeType,Values=ExtraNode" "Name=tag:github_run,Values=$GITHUB_RUN_ID" --query "Reservations[*].Instances[*].PublicIpAddress" --output text | head -1):" >> hosts.yml + echo "all:" >> hosts.yml + echo " vars:" >> hosts.yml + echo " kubernetes_api_server_host: $(aws ec2 describe-instances --filters "Name=instance-state-name,Values=running" "Name=tag:Owner,Values=rke2-ansible-github-actions" "Name=tag:NodeType,Values=Server" "Name=tag:github_run,Values=$GITHUB_RUN_ID" --query "Reservations[*].Instances[*].PrivateIpAddress" --output text | head -1)" >> hosts.yml + cp hosts.yml inventory/rocky8/hosts.yml env: AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} @@ -171,22 +181,22 @@ jobs: - name: Run playbook again with added hosts run: | - ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -i inventory/rocky8/hosts.ini -u centos --verbose --private-key .key site.yml + ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -i inventory/rocky8/hosts.yml -u centos --verbose --private-key .key site.yml - name: Run Ansible Tests with added hosts run: | - ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -i inventory/rocky8/hosts.ini -u centos --verbose --skip-tags "troubleshooting" --private-key .key testing.yml + ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -i inventory/rocky8/hosts.yml -u centos --verbose --skip-tags "troubleshooting" --private-key .key testing.yml - name: Run Python Tests with added hosts run: | export DEFAULT_PRIVATE_KEY_FILE=.key - pytest --hosts=rke2_servers --ansible-inventory=inventory/rocky8/hosts.ini --force-ansible --connection=ansible --sudo testing/basic_server_tests.py - pytest --hosts=rke2_agents --ansible-inventory=inventory/rocky8/hosts.ini --force-ansible --connection=ansible --sudo testing/basic_agent_tests.py + pytest --hosts=rke2_servers --ansible-inventory=inventory/rocky8/hosts.yml --force-ansible --connection=ansible --sudo testing/basic_server_tests.py + pytest --hosts=rke2_agents --ansible-inventory=inventory/rocky8/hosts.yml --force-ansible --connection=ansible --sudo testing/basic_agent_tests.py - name: Run troubleshoot tasks if: ${{ failure() }} run: | - ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -i inventory/rocky8/hosts.ini -u centos -vvv --tags "troubleshooting" --private-key .key testing.yml + ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -i inventory/rocky8/hosts.yml -u centos -vvv --tags "troubleshooting" --private-key .key testing.yml - name: Delete Stack if: ${{ always() }} diff --git a/.github/workflows/ubuntu20.yml b/.github/workflows/ubuntu20.yml index 6adac9e6..b3dbeeb5 100644 --- a/.github/workflows/ubuntu20.yml +++ b/.github/workflows/ubuntu20.yml @@ -104,15 +104,20 @@ jobs: - name: Ansible Version check run: ansible --version - - name: Create inventory hosts.ini - run: | - touch hosts.ini - echo "[rke2_servers]" > hosts.ini - aws ec2 describe-instances --filters "Name=tag:Owner,Values=rke2-ansible-github-actions" "Name=tag:NodeType,Values=Server" "Name=tag:github_run,Values=$GITHUB_RUN_ID" --query "Reservations[*].Instances[*].PublicIpAddress" --output text >> hosts.ini - echo "[rke2_agents]" >> hosts.ini - aws ec2 describe-instances --filters "Name=tag:Owner,Values=rke2-ansible-github-actions" "Name=tag:NodeType,Values=Agent" "Name=tag:github_run,Values=$GITHUB_RUN_ID" --query "Reservations[*].Instances[*].PublicIpAddress" --output text >> hosts.ini - echo "[all:vars]" >> hosts.ini - echo "kubernetes_api_server_host=$(aws ec2 describe-instances --filters "Name=tag:Owner,Values=rke2-ansible-github-actions" "Name=tag:NodeType,Values=Server" "Name=tag:github_run,Values=$GITHUB_RUN_ID" --query "Reservations[*].Instances[*].PrivateIpAddress" --output text | head -1)" >> hosts.ini + - name: Create inventory hosts.yml + run: | + touch hosts.yml + echo "rke2_cluster:" > hosts.yml + echo " children:" >> hosts.yml + echo " rke2_servers:" >> hosts.yml + echo " hosts:" >> hosts.yml + echo " $(aws ec2 describe-instances --filters "Name=instance-state-name,Values=running" "Name=tag:Owner,Values=rke2-ansible-github-actions" "Name=tag:NodeType,Values=Server" "Name=tag:github_run,Values=$GITHUB_RUN_ID" --query "Reservations[*].Instances[*].PublicIpAddress" --output text | head -1):" >> hosts.yml + echo " rke2_agents:" >> hosts.yml + echo " hosts:" >> hosts.yml + echo " $(aws ec2 describe-instances --filters "Name=instance-state-name,Values=running" "Name=tag:Owner,Values=rke2-ansible-github-actions" "Name=tag:NodeType,Values=Agent" "Name=tag:github_run,Values=$GITHUB_RUN_ID" --query "Reservations[*].Instances[*].PublicIpAddress" --output text | head -1):" >> hosts.yml + echo "all:" >> hosts.yml + echo " vars:" >> hosts.yml + echo " kubernetes_api_server_host: $(aws ec2 describe-instances --filters "Name=instance-state-name,Values=running" "Name=tag:Owner,Values=rke2-ansible-github-actions" "Name=tag:NodeType,Values=Server" "Name=tag:github_run,Values=$GITHUB_RUN_ID" --query "Reservations[*].Instances[*].PrivateIpAddress" --output text | head -1)" >> hosts.yml echo "" >> ansible.cfg echo "" >> ansible.cfg echo "remote_user=ubuntu" >> ansible.cfg @@ -122,46 +127,51 @@ jobs: AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} AWS_DEFAULT_REGION: us-gov-west-1 - - name: Check hosts.ini and ansible.cfg + - name: Check hosts.yml and ansible.cfg run: | - cat hosts.ini + cat hosts.yml cat ansible.cfg - name: Prep inventory run: | cp -R inventory/sample inventory/ubuntu20 - cp hosts.ini inventory/ubuntu20/hosts.ini + cp hosts.yml inventory/ubuntu20/hosts.yml - name: Run playbook run: | - ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -i inventory/ubuntu20/hosts.ini -u ubuntu --verbose --private-key .key site.yml + ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -i inventory/ubuntu20/hosts.yml -u ubuntu --verbose --private-key .key site.yml - name: Run playbook again for idempotency run: | - ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -i inventory/ubuntu20/hosts.ini -u ubuntu --verbose --private-key .key site.yml + ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -i inventory/ubuntu20/hosts.yml -u ubuntu --verbose --private-key .key site.yml - name: Run Ansible Tests run: | - ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -i inventory/ubuntu20/hosts.ini -u ubuntu --verbose --private-key .key testing.yml + ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -i inventory/ubuntu20/hosts.yml -u ubuntu --verbose --private-key .key testing.yml - name: Run Python Tests run: | export DEFAULT_PRIVATE_KEY_FILE=.key - pytest --hosts=rke2_servers --ansible-inventory=inventory/ubuntu20/hosts.ini --force-ansible --connection=ansible --sudo testing/basic_server_tests.py - pytest --hosts=rke2_agents --ansible-inventory=inventory/ubuntu20/hosts.ini --force-ansible --connection=ansible --sudo testing/basic_agent_tests.py - - - name: Create new inventory hosts.ini with added hosts - run: | - rm hosts.ini - touch hosts.ini - echo "[rke2_servers]" > hosts.ini - aws ec2 describe-instances --filters "Name=tag:Owner,Values=rke2-ansible-github-actions" "Name=tag:NodeType,Values=Server" "Name=tag:github_run,Values=$GITHUB_RUN_ID" --query "Reservations[*].Instances[*].PublicIpAddress" --output text >> hosts.ini - echo "[rke2_agents]" >> hosts.ini - aws ec2 describe-instances --filters "Name=tag:Owner,Values=rke2-ansible-github-actions" "Name=tag:NodeType,Values=Agent" "Name=tag:github_run,Values=$GITHUB_RUN_ID" --query "Reservations[*].Instances[*].PublicIpAddress" --output text >> hosts.ini - aws ec2 describe-instances --filters "Name=tag:Owner,Values=rke2-ansible-github-actions" "Name=tag:NodeType,Values=ExtraNode" "Name=tag:github_run,Values=$GITHUB_RUN_ID" --query "Reservations[*].Instances[*].PublicIpAddress" --output text >> hosts.ini - echo "[all:vars]" >> hosts.ini - echo "kubernetes_api_server_host=$(aws ec2 describe-instances --filters "Name=tag:Owner,Values=rke2-ansible-github-actions" "Name=tag:NodeType,Values=Server" "Name=tag:github_run,Values=$GITHUB_RUN_ID" --query "Reservations[*].Instances[*].PrivateIpAddress" --output text | head -1)" >> hosts.ini - cp hosts.ini inventory/ubuntu20/hosts.ini + pytest --hosts=rke2_servers --ansible-inventory=inventory/ubuntu20/hosts.yml --force-ansible --connection=ansible --sudo testing/basic_server_tests.py + pytest --hosts=rke2_agents --ansible-inventory=inventory/ubuntu20/hosts.yml --force-ansible --connection=ansible --sudo testing/basic_agent_tests.py + + - name: Create new inventory hosts.yml with added hosts + run: | + rm -f hosts.yml + touch hosts.yml + echo "rke2_cluster:" > hosts.yml + echo " children:" >> hosts.yml + echo " rke2_servers:" >> hosts.yml + echo " hosts:" >> hosts.yml + echo " $(aws ec2 describe-instances --filters "Name=instance-state-name,Values=running" "Name=tag:Owner,Values=rke2-ansible-github-actions" "Name=tag:NodeType,Values=Server" "Name=tag:github_run,Values=$GITHUB_RUN_ID" --query "Reservations[*].Instances[*].PublicIpAddress" --output text | head -1):" >> hosts.yml + echo " rke2_agents:" >> hosts.yml + echo " hosts:" >> hosts.yml + echo " $(aws ec2 describe-instances --filters "Name=instance-state-name,Values=running" "Name=tag:Owner,Values=rke2-ansible-github-actions" "Name=tag:NodeType,Values=Agent" "Name=tag:github_run,Values=$GITHUB_RUN_ID" --query "Reservations[*].Instances[*].PublicIpAddress" --output text | head -1):" >> hosts.yml + echo " $(aws ec2 describe-instances --filters "Name=instance-state-name,Values=running" "Name=tag:Owner,Values=rke2-ansible-github-actions" "Name=tag:NodeType,Values=ExtraNode" "Name=tag:github_run,Values=$GITHUB_RUN_ID" --query "Reservations[*].Instances[*].PublicIpAddress" --output text | head -1):" >> hosts.yml + echo "all:" >> hosts.yml + echo " vars:" >> hosts.yml + echo " kubernetes_api_server_host: $(aws ec2 describe-instances --filters "Name=instance-state-name,Values=running" "Name=tag:Owner,Values=rke2-ansible-github-actions" "Name=tag:NodeType,Values=Server" "Name=tag:github_run,Values=$GITHUB_RUN_ID" --query "Reservations[*].Instances[*].PrivateIpAddress" --output text | head -1)" >> hosts.yml + cp hosts.yml inventory/ubuntu20/hosts.yml env: AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} @@ -169,17 +179,17 @@ jobs: - name: Run playbook again with added hosts run: | - ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -i inventory/ubuntu20/hosts.ini -u ubuntu --verbose --private-key .key site.yml + ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -i inventory/ubuntu20/hosts.yml -u ubuntu --verbose --private-key .key site.yml - name: Run Ansible Tests with added hosts run: | - ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -i inventory/ubuntu20/hosts.ini -u ubuntu --verbose --private-key .key testing.yml + ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -i inventory/ubuntu20/hosts.yml -u ubuntu --verbose --private-key .key testing.yml - name: Run Python Tests with added hosts run: | export DEFAULT_PRIVATE_KEY_FILE=.key - pytest --hosts=rke2_servers --ansible-inventory=inventory/ubuntu20/hosts.ini --force-ansible --connection=ansible --sudo testing/basic_server_tests.py - pytest --hosts=rke2_agents --ansible-inventory=inventory/ubuntu20/hosts.ini --force-ansible --connection=ansible --sudo testing/basic_agent_tests.py + pytest --hosts=rke2_servers --ansible-inventory=inventory/ubuntu20/hosts.yml --force-ansible --connection=ansible --sudo testing/basic_server_tests.py + pytest --hosts=rke2_agents --ansible-inventory=inventory/ubuntu20/hosts.yml --force-ansible --connection=ansible --sudo testing/basic_agent_tests.py - name: Delete Stack if: ${{ always() }} diff --git a/README.md b/README.md index e0c36dba..20d0f805 100644 --- a/README.md +++ b/README.md @@ -30,19 +30,10 @@ Platforms The RKE2 Ansible playbook supports all [RKE2 Supported Operating Systems](https://docs.rke2.io/install/requirements/#operating-systems) Supported Operating Systems: -```yaml -SLES: - - 15 SP2 (amd64) -CentOS: - - 7.8 (amd64) - - 8.2 (amd64) -Red Hat: - - 7.8 (amd64) - - 8.2 (amd64) -Ubuntu: - - bionic/18.04 (amd64) - - focal/20.04 (amd64) -``` +- SLES 15 +- Rocky 8 and 9 +- RedHat: 8 and 9 +- Ubuntu: 18, 20, and 22 System requirements @@ -67,18 +58,23 @@ Create a new directory based on the `sample` directory within the `inventory` di cp -R inventory/sample inventory/my-cluster ``` -Second, edit `inventory/my-cluster/hosts.ini` to match the system information gathered above. For example: - -```bash -[rke2_servers] -192.16.35.12 - -[rke2_agents] -192.16.35.[10:11] +Second, edit `inventory/my-cluster/hosts.yaml` to match the system information gathered above. For example: -[rke2_cluster:children] -rke2_servers -rke2_agents +```yaml +rke2_cluster: + children: + rke2_servers: + hosts: + server1.example.com: + rke2_agents: + hosts: + agent1.example.com: + agent2.example.com: + node_labels: + - agent2Label=true" +all: + vars: + install_rke2_version: v1.27.10+rke2r1 ``` If needed, you can also edit `inventory/my-cluster/group_vars/rke2_agents.yml` and `inventory/my-cluster/group_vars/rke2_servers.yml` to match your environment. @@ -86,7 +82,7 @@ If needed, you can also edit `inventory/my-cluster/group_vars/rke2_agents.yml` a Start provisioning of the cluster using the following command: ```bash -ansible-playbook site.yml -i inventory/my-cluster/hosts.ini +ansible-playbook site.yml -i inventory/my-cluster/hosts.yml ``` Tarball Install/Air-Gap Install @@ -148,10 +144,4 @@ systemctl restart fapolicyd Author Information ------------------ -[Dave Vigil](https://github.com/dgvigil) - -[Brandon Gulla](https://github.com/bgulla) - -[Rancher Federal](https://rancherfederal.com/) - -[Mike D'Amato](https://github.com/mdamato) +[Rancher Government Solutions](https://ranchergovernment.com/) diff --git a/ansible.cfg b/ansible.cfg index 8570c43b..43a4415d 100644 --- a/ansible.cfg +++ b/ansible.cfg @@ -1,7 +1,7 @@ [defaults] nocows = True roles_path = ./roles -inventory = ./inventory/my-cluster/hosts.ini +inventory = ./inventory/my-cluster/hosts.yml remote_tmp = $HOME/.ansible/tmp local_tmp = $HOME/.ansible/tmp diff --git a/inventory/.gitignore b/inventory/.gitignore index 5ae5024e..520c0f44 100644 --- a/inventory/.gitignore +++ b/inventory/.gitignore @@ -1,3 +1,4 @@ * !.gitignore !sample/ +!sample/hosts.yml diff --git a/inventory/sample/hosts.ini b/inventory/sample/hosts.ini deleted file mode 100644 index fffeced0..00000000 --- a/inventory/sample/hosts.ini +++ /dev/null @@ -1,21 +0,0 @@ - -; Optional hostvars that can be pased in to individual nodes include node_ip, node_name, bind_address, advertise_address, node_taints=[], node_labels=[], and node_external_ip -; Example: -[rke2_servers] -; host0 node_labels='["extraLabel0=true"]' node_ip="10.10.10.10" node_name="customName0" bind_address="10.10.10.10" advertise_address="10.10.10.10" node_external_ip="52.52.52.52" node_taints='["CriticalAddonsOnly=true:NoSchedule"]' cloud_provider_name="aws" -; host1 node_labels='["extraLabel1=true"]' node_ip="10.10.10.11" node_name="customName1" node_taints='["CriticalAddonsOnly=true:NoSchedule"]' cloud_provider_name="aws" -; host2 node_labels='["extraLabel0=true"]' node_ip="10.10.10.12" node_name="customName1" node_taints='["CriticalAddonsOnly=true:NoSchedule"]' cloud_provider_name="aws" - -[rke2_agents] -; host4 -; host5 -; host6 - -[rke2_cluster:children] -rke2_servers -rke2_agents - -[all:vars] - -# Specify full version, by default latest stable version will be used -# install_rke2_version = v1.25.4+rke2r1 \ No newline at end of file diff --git a/inventory/sample/hosts.yml b/inventory/sample/hosts.yml new file mode 100644 index 00000000..56811651 --- /dev/null +++ b/inventory/sample/hosts.yml @@ -0,0 +1,82 @@ +--- +all: + vars: + install_rke2_version: v1.27.10+rke2r1 + # # In air-gapped envs, it might be convenient to download the tar files from custom URLs + # rke2_tarball_url: https://github.com/rancher/rke2/releases/download/v1.26.15%2Brke2r1/rke2.linux-amd64.tar.gz + # rke2_image_tar_urls: + # - https://github.com/rancher/rke2/releases/download/v1.26.15%2Brke2r1/rke2-images-canal.linux-amd64.tar.zst + # - https://github.com/rancher/rke2/releases/download/v1.26.15%2Brke2r1/rke2-images-core.linux-amd64.tar.zst + +rke2_cluster: + children: + rke2_servers: + vars: + # # Set generic rke2_config at the group level. + # # Every host in this group will inherit these rke2 configurations + # # See https://docs.rke2.io/reference/server_config for more options + # # These options can also be set in the group_vars folder + rke2_config: + node-label: + - serverGroupLabel=true + # profile: cis-1.6 + # kube-controller-manager-arg: + # - "tls-min-version=VersionTLS12" + # - "tls-cipher-suites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384" + # kube-scheduler-arg: + # - "tls-min-version=VersionTLS12" + # - "tls-cipher-suites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384" + # kube-apiserver-arg: + # - "tls-min-version=VersionTLS12" + # - "tls-cipher-suites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384" + # - "enable-admission-plugins=ValidatingAdmissionWebhook,NodeRestriction,PodSecurityPolicy" + # - "request-timeout=300s" + # # Enable only when auditing is enabled, blocks API when audit fails + # #- "audit-log-mode=blocking-strict" + # + # kubelet-arg: + # - "feature-gates=DynamicKubeletConfig=false" + # - "protect-kernel-defaults=true" + # - "streaming-connection-idle-timeout=5m" + # + # etcd-extra-env: + # - "ETCD_AUTO_TLS=false" + # - "ETCD_PEER_AUTO_TLS=false" + # + # write-kubeconfig-mode: "0640" + # # See https://kubernetes.io/docs/tasks/debug-application-cluster/audit/ + # # Add a policy configuration file by specifying the file path on the control host + # audit_policy_config_file_path: "{{ playbook_dir }}/sample_files/audit-policy.yaml" + # # See https://docs.rke2.io/install/containerd_registry_configuration/ + # # Add a registry configuration file by specifying the file path on the control host + # registry_config_file_path: "{{ playbook_dir }}/sample_files/registries.yaml" + # # See https://docs.rke2.io/helm/#automatically-deploying-manifests-and-helm-charts + # # Add manifest files by specifying the directory path on the control host + # manifest_config_file_path: "{{ playbook_dir }}/sample_files/manifest/" + hosts: + # # Optional hostvars that can be pased in to individual nodes include + # # node_ip, node_name, bind_address, advertise_address, node_taints=[], + # # node_labels=[], and node_external_ip + server0.example.com: + node_labels: + - server0Label=true + # node_ip: "10.10.10.10" + # node_name: "server0.example.com" + # bind_address: "10.10.10.10" + # advertise_address: "10.10.10.10" + # node_external_ip: "52.52.52.52" + # node_taints: + # - CriticalAddonsOnly=true:NoSchedule + # cloud_provider_name: "aws" + rke2_agents: + vars: + rke2_config: + node-label: + - agentGroupLabel=true + hosts: + agent0.example.com: + node_labels: + - agent0Label=true + agent1.example.com: + node_labels: + - agent1Label=true diff --git a/roles/rke2_common/defaults/main.yml b/roles/rke2_common/defaults/main.yml index 71eca998..715d6a4e 100644 --- a/roles/rke2_common/defaults/main.yml +++ b/roles/rke2_common/defaults/main.yml @@ -1,5 +1,7 @@ --- tarball_dir: "/usr/local" +rke2_tarball_url: "" +rke2_images_urls: [] rke2_channel: stable audit_policy_config_file_path: "" registry_config_file_path: "" diff --git a/roles/rke2_common/tasks/images_tarball_install.yml b/roles/rke2_common/tasks/images_tarball_install.yml index 4942ac2a..f16ea251 100644 --- a/roles/rke2_common/tasks/images_tarball_install.yml +++ b/roles/rke2_common/tasks/images_tarball_install.yml @@ -15,6 +15,21 @@ delegate_to: 127.0.0.1 become: false +- name: Create images directory + ansible.builtin.file: + path: /var/lib/rancher/rke2/agent/images + state: directory + mode: '0644' + +- name: Download images tar files url + ansible.builtin.get_url: + url: "{{item}}" + dest: "/var/lib/rancher/rke2/agent/images" + mode: "0644" + when: + - rke2_images_urls != [] + with_items: "{{rke2_images_urls}}" + - name: Add images tar.gz to needed directory if provided ansible.builtin.copy: src: "{{ playbook_dir }}/tarball_install/rke2-images.linux-amd64.tar.gz" diff --git a/roles/rke2_common/tasks/main.yml b/roles/rke2_common/tasks/main.yml index 56840b3c..78502759 100644 --- a/roles/rke2_common/tasks/main.yml +++ b/roles/rke2_common/tasks/main.yml @@ -22,7 +22,9 @@ - name: Include calculate_rke2_version.yml ansible.builtin.include_tasks: calculate_rke2_version.yml - when: not rke2_binary_tarball_check.stat.exists + when: + - not rke2_binary_tarball_check.stat.exists + - rke2_tarball_url == "" - name: SLES/Ubuntu/Tarball Installation ansible.builtin.include_tasks: tarball_install.yml @@ -30,12 +32,14 @@ - |- ((ansible_facts['os_family'] != 'RedHat' and ansible_facts['os_family'] != 'Rocky') or - rke2_binary_tarball_check.stat.exists ) + rke2_binary_tarball_check.stat.exists or + rke2_tarball_url != "" ) - name: RHEL/CentOS Installation when: - ansible_os_family == 'RedHat' or ansible_os_family == 'Rocky' - not rke2_binary_tarball_check.stat.exists + - rke2_tarball_url == "" ansible.builtin.include_tasks: rpm_install.yml # Disable Firewalld @@ -59,7 +63,7 @@ ansible.builtin.include_tasks: iptables_rules.yml when: - ansible_facts.services["iptables.service"] is defined - - add_iptables_rules is true + - add_iptables_rules | bool - name: Include task file add-audit-policy-config.yml ansible.builtin.include_tasks: add-audit-policy-config.yml diff --git a/roles/rke2_common/tasks/rpm_install.yml b/roles/rke2_common/tasks/rpm_install.yml index e9d5f230..35935b17 100644 --- a/roles/rke2_common/tasks/rpm_install.yml +++ b/roles/rke2_common/tasks/rpm_install.yml @@ -38,7 +38,7 @@ gpgkey: "{{ rke2_versioned_yum_repo.gpgkey }}" enabled: "{{ rke2_versioned_yum_repo.enabled }}" when: - - not stat_rke2_common_repo.stat.exists + - not stat_rke2_versioned_repo.stat.exists - ansible_facts['os_family'] == "RedHat" or ansible_facts['os_family'] == "Rocky" - ansible_facts['distribution_major_version'] == "7" or ansible_facts['distribution_major_version'] == "8" or diff --git a/roles/rke2_common/tasks/tarball_install.yml b/roles/rke2_common/tasks/tarball_install.yml index ba1c6f92..ca0d3f5f 100644 --- a/roles/rke2_common/tasks/tarball_install.yml +++ b/roles/rke2_common/tasks/tarball_install.yml @@ -23,13 +23,26 @@ src: "{{ playbook_dir }}/tarball_install/rke2.linux-amd64.tar.gz" dest: "{{ temp_dir.path }}/rke2.linux-amd64.tar.gz" mode: '0644' - when: rke2_binary_tarball_check.stat.exists + when: + - rke2_binary_tarball_check.stat.exists + - rke2_tarball_url == "" + +- name: Download Tar from provided URL + ansible.builtin.get_url: + url: "{{ rke2_tarball_url }}" + dest: "{{ temp_dir.path }}/rke2.linux-amd64.tar.gz" + mode: "0644" + when: + - not rke2_binary_tarball_check.stat.exists + - rke2_tarball_url != "" + - name: Determine if current version differs what what is being installed ansible.builtin.set_fact: rke2_version_changed: true when: - not rke2_binary_tarball_check.stat.exists + - rke2_tarball_url == "" - not installed or installed_rke2_version != rke2_full_version - name: TARBALL | Download the tarball @@ -39,6 +52,7 @@ mode: "0644" when: - not rke2_binary_tarball_check.stat.exists + - rke2_tarball_url == "" - rke2_version_changed - name: TARBALL | Install tar package @@ -49,7 +63,7 @@ - name: Get version of provided tarball when: - - rke2_binary_tarball_check.stat.exists + - (rke2_binary_tarball_check.stat.exists or rke2_tarball_url != "") block: - name: Unarchive tarball into temp location ansible.builtin.unarchive: