mirror of
https://gitlab.sectorq.eu/jaydee/ansible.git
synced 2026-05-22 13:36:20 +02:00
Compare commits
14 Commits
bd0034cc2e
...
49bf1ac09e
| Author | SHA1 | Date | |
|---|---|---|---|
 jaydee
|
49bf1ac09e | ||
|
jaydee
|
ff9fbb3f20 | ||
|
jaydee
|
0ba2c1a676 | ||
|
jaydee
|
85bb49a427 | ||
|
jaydee
|
db00e0ade1 | ||
|
jaydee
|
c9b2b251ab | ||
|
jaydee
|
57308ba371 | ||
|
jaydee
|
f7085281fc | ||
|
jaydee
|
d84978bcbc | ||
|
jaydee
|
9df894935f | ||
|
jaydee
|
ebf5067ef1 | ||
|
jaydee
|
a19f7e86b5 | ||
|
jaydee
|
ae6a62582a | ||
|
jaydee
|
ac622acc10 |
@@ -2,10 +2,16 @@
|
|||||||
become: "{{ 'no' if inventory_hostname == 'nas.home.lan' else 'yes' }}"
|
become: "{{ 'no' if inventory_hostname == 'nas.home.lan' else 'yes' }}"
|
||||||
block:
|
block:
|
||||||
|
|
||||||
- name: Include role
|
- name: Include role proxy_repo
|
||||||
ansible.builtin.include_role:
|
ansible.builtin.include_role:
|
||||||
name: proxy_repo
|
name: proxy_repo
|
||||||
|
|
||||||
|
- name: Include role local mirror
|
||||||
|
ansible.builtin.include_role:
|
||||||
|
name: mirror_repo
|
||||||
|
when: use_local_repo | default(false)
|
||||||
|
|
||||||
|
|
||||||
- name: Disable SELinux
|
- name: Disable SELinux
|
||||||
ansible.posix.selinux:
|
ansible.posix.selinux:
|
||||||
state: permissive
|
state: permissive
|
||||||
@@ -78,6 +84,7 @@
|
|||||||
- docker-ce-cli
|
- docker-ce-cli
|
||||||
state: absent
|
state: absent
|
||||||
ignore_errors: true
|
ignore_errors: true
|
||||||
|
|
||||||
- name: Install containerd
|
- name: Install containerd
|
||||||
dnf:
|
dnf:
|
||||||
name: containerd.io
|
name: containerd.io
|
||||||
@@ -191,7 +198,12 @@
|
|||||||
- name: Install Flannel CNI
|
- name: Install Flannel CNI
|
||||||
become_user: "{{ ansible_user }}"
|
become_user: "{{ ansible_user }}"
|
||||||
command: kubectl apply -f https://raw.githubusercontent.com/flannel-io/flannel/master/Documentation/kube-flannel.yml
|
command: kubectl apply -f https://raw.githubusercontent.com/flannel-io/flannel/master/Documentation/kube-flannel.yml
|
||||||
when: inventory_hostname.endswith('-vm01.home.lan')
|
when: inventory_hostname.endswith('-vm01.home.lan') and net_driver == 'flannel'
|
||||||
|
|
||||||
|
- name: Install Calico CNI
|
||||||
|
become_user: "{{ ansible_user }}"
|
||||||
|
command: kubectl apply -f https://raw.githubusercontent.com/projectcalico/calico/v3.31.3/manifests/calico.yaml
|
||||||
|
when: inventory_hostname.endswith('-vm01.home.lan') and net_driver == 'calico'
|
||||||
|
|
||||||
- name: Get join command
|
- name: Get join command
|
||||||
command: kubeadm token create --print-join-command
|
command: kubeadm token create --print-join-command
|
||||||
@@ -262,41 +274,37 @@
|
|||||||
create: yes
|
create: yes
|
||||||
loop: "{{ aliases | dict2items }}"
|
loop: "{{ aliases | dict2items }}"
|
||||||
when: inventory_hostname.endswith('-vm01.home.lan')
|
when: inventory_hostname.endswith('-vm01.home.lan')
|
||||||
|
|
||||||
- name: Allow TCP 10250 from 192.168.77.0/24
|
- name: Allow TCP 10250 from 192.168.77.0/24
|
||||||
firewalld:
|
firewalld:
|
||||||
source: 192.168.77.0/24
|
rich_rule: 'rule family="ipv4" source address="192.168.77.0/24" port port="10250" protocol="tcp" accept'
|
||||||
port: 10250/tcp
|
|
||||||
permanent: yes
|
permanent: yes
|
||||||
state: enabled
|
state: enabled
|
||||||
immediate: yes
|
immediate: yes
|
||||||
rich_rule: 'rule family="ipv4" source address="192.168.77.0/24" port port="10250" protocol="tcp" accept'
|
|
||||||
|
|
||||||
- name: Allow UDP 8472 from 192.168.77.0/24
|
- name: Allow UDP 8472 from 192.168.77.0/24
|
||||||
firewalld:
|
firewalld:
|
||||||
source: 192.168.77.0/24
|
rich_rule: 'rule family="ipv4" source address="192.168.77.0/24" port port="8472" protocol="udp" accept'
|
||||||
port: 8472/udp
|
|
||||||
permanent: yes
|
permanent: yes
|
||||||
state: enabled
|
state: enabled
|
||||||
immediate: yes
|
immediate: yes
|
||||||
rich_rule: 'rule family="ipv4" source address="192.168.77.0/24" port port="8472" protocol="udp" accept'
|
|
||||||
|
|
||||||
- name: Add flannel.1 interface to trusted zone
|
- name: Add flannel.1 interface to trusted zone
|
||||||
firewalld:
|
firewalld:
|
||||||
interface: flannel.1
|
rich_rule: 'rule family="ipv4" source NOT address="0.0.0.0/0" accept' # interface handling is tricky with rich_rule
|
||||||
zone: trusted
|
|
||||||
permanent: yes
|
permanent: yes
|
||||||
state: enabled
|
state: enabled
|
||||||
immediate: yes
|
immediate: yes
|
||||||
|
|
||||||
- name: Add cni0 interface to trusted zone
|
- name: Add cni0 interface to trusted zone
|
||||||
firewalld:
|
firewalld:
|
||||||
interface: cni0
|
rich_rule: 'rule family="ipv4" source NOT address="0.0.0.0/0" accept'
|
||||||
zone: trusted
|
|
||||||
permanent: yes
|
permanent: yes
|
||||||
state: enabled
|
state: enabled
|
||||||
immediate: yes
|
immediate: yes
|
||||||
|
|
||||||
- name: Reload firewalld
|
- name: Ensure firewalld is restarted
|
||||||
firewalld:
|
ansible.builtin.service:
|
||||||
state: reloaded
|
name: firewalld
|
||||||
|
state: stopped
|
||||||
|
enabled: false
|
||||||
@@ -3,4 +3,7 @@ aliases:
|
|||||||
ll: "ls -la"
|
ll: "ls -la"
|
||||||
gs: "git status"
|
gs: "git status"
|
||||||
k: "kubectl"
|
k: "kubectl"
|
||||||
gk: "git clone git@gitlab.sectorq.eu:jaydee/kubernetes.git"
|
gk: "git clone git@gitlab.sectorq.eu:jaydee/kubernetes.git"
|
||||||
|
|
||||||
|
use_local_repo: true
|
||||||
|
net_driver: calico
|
||||||
@@ -4,6 +4,8 @@
|
|||||||
|
|
||||||
vars:
|
vars:
|
||||||
mirror_url: "http://192.168.77.101:8383/rocky/$releasever"
|
mirror_url: "http://192.168.77.101:8383/rocky/$releasever"
|
||||||
|
mirror_url_docker: "http://192.168.77.101:8383/docker"
|
||||||
|
mirror_url_docker_def: "https://download.docker.com/linux/centos/$releasever/$basearch/stable"
|
||||||
|
|
||||||
block:
|
block:
|
||||||
- name: Facts
|
- name: Facts
|
||||||
@@ -43,15 +45,20 @@
|
|||||||
option: baseurl
|
option: baseurl
|
||||||
value: "{{ mirror_url }}/baseos/"
|
value: "{{ mirror_url }}/baseos/"
|
||||||
|
|
||||||
|
- name: Set BaseOS baseurl
|
||||||
|
|
||||||
- name: Set AppStream baseurl
|
|
||||||
ansible.builtin.ini_file:
|
ansible.builtin.ini_file:
|
||||||
path: /etc/yum.repos.d/rocky.repo
|
path: /etc/yum.repos.d/rocky.repo
|
||||||
section: appstream
|
section: appstream
|
||||||
option: baseurl
|
option: baseurl
|
||||||
value: "{{ mirror_url }}/appstream/"
|
value: "{{ mirror_url }}/appstream/"
|
||||||
|
|
||||||
|
- name: Set docker baseurl
|
||||||
|
ansible.builtin.ini_file:
|
||||||
|
path: /etc/yum.repos.d/docker-ce.repo
|
||||||
|
section: docker-ce-stable
|
||||||
|
option: baseurl
|
||||||
|
value: "{{ mirror_url_docker }}"
|
||||||
|
|
||||||
- name: Clean DNF cache
|
- name: Clean DNF cache
|
||||||
command: dnf clean all
|
command: dnf clean all
|
||||||
|
|
||||||
|
|||||||
@@ -1,3 +1,5 @@
|
|||||||
#SPDX-License-Identifier: MIT-0
|
#SPDX-License-Identifier: MIT-0
|
||||||
---
|
---
|
||||||
# vars file for mirror_repo
|
# vars file for mirror_repo
|
||||||
|
|
||||||
|
use_local_repo: true
|
||||||
Reference in New Issue
Block a user