klal

2026-05-22 13:36:20 +02:00 · 2026-03-04 21:46:20 +01:00 · 2026-03-04 21:34:23 +01:00 · 2026-03-04 20:19:31 +01:00 · 2026-03-04 20:12:48 +01:00 · 2026-03-04 19:45:00 +01:00
4 changed files with 40 additions and 20 deletions
@@ -2,10 +2,16 @@
  become: "{{ 'no' if inventory_hostname == 'nas.home.lan' else 'yes' }}"
  block:

-    - name: Include role
+    - name: Include role proxy_repo
      ansible.builtin.include_role:
        name: proxy_repo

+    - name: Include role local mirror
+      ansible.builtin.include_role:
+        name: mirror_repo     
+      when: use_local_repo | default(false)
+
+
    - name: Disable SELinux
      ansible.posix.selinux:
        state: permissive
@@ -78,6 +84,7 @@
          - docker-ce-cli
        state: absent
      ignore_errors: true
+
    - name: Install containerd
      dnf:
        name: containerd.io
@@ -191,7 +198,12 @@
    - name: Install Flannel CNI
      become_user: "{{ ansible_user }}"
      command: kubectl apply -f https://raw.githubusercontent.com/flannel-io/flannel/master/Documentation/kube-flannel.yml
-      when: inventory_hostname.endswith('-vm01.home.lan')
+      when: inventory_hostname.endswith('-vm01.home.lan') and net_driver == 'flannel'
+
+    - name: Install Calico CNI
+      become_user: "{{ ansible_user }}"
+      command: kubectl apply -f https://raw.githubusercontent.com/projectcalico/calico/v3.31.3/manifests/calico.yaml
+      when: inventory_hostname.endswith('-vm01.home.lan') and net_driver == 'calico'

    - name: Get join command
      command: kubeadm token create --print-join-command
@@ -262,41 +274,37 @@
        create: yes
      loop: "{{ aliases | dict2items }}"
      when: inventory_hostname.endswith('-vm01.home.lan')
-      
+
    - name: Allow TCP 10250 from 192.168.77.0/24
      firewalld:
-        source: 192.168.77.0/24
-        port: 10250/tcp
+        rich_rule: 'rule family="ipv4" source address="192.168.77.0/24" port port="10250" protocol="tcp" accept'
        permanent: yes
        state: enabled
        immediate: yes
-        rich_rule: 'rule family="ipv4" source address="192.168.77.0/24" port port="10250" protocol="tcp" accept'

    - name: Allow UDP 8472 from 192.168.77.0/24
      firewalld:
-        source: 192.168.77.0/24
-        port: 8472/udp
+        rich_rule: 'rule family="ipv4" source address="192.168.77.0/24" port port="8472" protocol="udp" accept'
        permanent: yes
        state: enabled
        immediate: yes
-        rich_rule: 'rule family="ipv4" source address="192.168.77.0/24" port port="8472" protocol="udp" accept'

    - name: Add flannel.1 interface to trusted zone
      firewalld:
-        interface: flannel.1
-        zone: trusted
+        rich_rule: 'rule family="ipv4" source NOT address="0.0.0.0/0" accept'   # interface handling is tricky with rich_rule
        permanent: yes
        state: enabled
        immediate: yes

    - name: Add cni0 interface to trusted zone
      firewalld:
-        interface: cni0
-        zone: trusted
+        rich_rule: 'rule family="ipv4" source NOT address="0.0.0.0/0" accept'
        permanent: yes
        state: enabled
        immediate: yes

-    - name: Reload firewalld
-      firewalld:
-        state: reloaded
+    - name: Ensure firewalld is restarted
+      ansible.builtin.service:
+        name: firewalld
+        state: stopped
+        enabled: false
@@ -3,4 +3,7 @@ aliases:
  ll: "ls -la"
  gs: "git status"
  k: "kubectl"
-  gk: "git clone git@gitlab.sectorq.eu:jaydee/kubernetes.git"
+  gk: "git clone git@gitlab.sectorq.eu:jaydee/kubernetes.git"
+
+use_local_repo: true
+net_driver: calico
@@ -4,6 +4,8 @@

  vars:
    mirror_url: "http://192.168.77.101:8383/rocky/$releasever"
+    mirror_url_docker: "http://192.168.77.101:8383/docker"
+    mirror_url_docker_def: "https://download.docker.com/linux/centos/$releasever/$basearch/stable"

  block:
    - name: Facts
@@ -43,15 +45,20 @@
        option: baseurl
        value: "{{ mirror_url }}/baseos/"

-
-
-    - name: Set AppStream baseurl
+    - name: Set BaseOS baseurl
      ansible.builtin.ini_file:
        path: /etc/yum.repos.d/rocky.repo
        section: appstream
        option: baseurl
        value: "{{ mirror_url }}/appstream/"

+    - name: Set docker baseurl
+      ansible.builtin.ini_file:
+        path: /etc/yum.repos.d/docker-ce.repo
+        section: docker-ce-stable
+        option: baseurl
+        value: "{{ mirror_url_docker }}"
+
    - name: Clean DNF cache
      command: dnf clean all

@@ -1,3 +1,5 @@
 #SPDX-License-Identifier: MIT-0
 ---
 # vars file for mirror_repo
+
+use_local_repo: true
Author	SHA1	Message	Date
jaydee	49bf1ac09e	klal Gitea Actions Demo / Explore-Gitea-Actions (push) Has been cancelled Details	2026-03-04 21:46:20 +01:00
jaydee	ff9fbb3f20	klal	2026-03-04 21:34:23 +01:00
jaydee	0ba2c1a676	klal	2026-03-04 20:19:31 +01:00
jaydee	85bb49a427	klal	2026-03-04 20:12:48 +01:00
jaydee	db00e0ade1	klal	2026-03-04 19:45:00 +01:00
jaydee	c9b2b251ab	klal	2026-03-04 19:32:17 +01:00
jaydee	57308ba371	klal	2026-03-04 19:25:57 +01:00
jaydee	f7085281fc	klal	2026-03-04 19:20:44 +01:00
jaydee	d84978bcbc	klal	2026-03-04 19:20:01 +01:00
jaydee	9df894935f	klal	2026-03-04 19:19:05 +01:00
jaydee	ebf5067ef1	klal	2026-03-04 19:18:16 +01:00
jaydee	a19f7e86b5	klal	2026-03-04 19:17:56 +01:00
jaydee	ae6a62582a	klal	2026-03-04 19:14:30 +01:00
jaydee	ac622acc10	klal	2026-03-04 19:07:28 +01:00