ansible: add dynamic inventory & playbooks to install k3s hosts

bootstrap.yml will now be used to install any configuration on new
provisionned servers, based on tags given by the dynamic inventory

9 files changed, 96 insertions, 7 deletions

diff --git a/.gitignore b/.gitignore
index 9709716..ab1e641 100644
--- a/.gitignore
+++ b/.gitignore
@@ -11,6 +11,7 @@ inventory.ini
 # Ansible
 *.retry
 inventory.yaml
+.vault_password
 
 # Packer
 packer_cache/
diff --git a/ansible/ansible.cfg b/ansible/ansible.cfg
index 5a7e920..4419295 100644
--- a/ansible/ansible.cfg
+++ b/ansible/ansible.cfg
@@ -1,3 +1,8 @@
 [defaults]
-roles_path = ./roles/:./kubespray/roles/
-library    = ./library/:./kubespray/library/
+roles_path = ./roles/
+library    = ./library/
+forks = 5
+host_key_checking = False
+retry_files_enabled = False
+inventory = ./inventory.proxmox.yaml
+vault_password_file = ./.vault_password
diff --git a/ansible/inventory.proxmox.yaml b/ansible/inventory.proxmox.yaml
new file mode 100644
index 0000000..10b8353
--- /dev/null
+++ b/ansible/inventory.proxmox.yaml
@@ -0,0 +1,31 @@
+---
+plugin: community.general.proxmox
+url: https://pve.vpn:8006
+validate_certs: false
+want_facts: true
+
+user: inventory@pam
+token_id: inventory
+token_secret: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          30396461303633373334316433333932376238393031356233363563653330643833373038383966
+          3739353834386339393933366337653939313666303561660a393336636664623735353062343361
+          39366233373931323665333933356336326439636335333135356436343732313765306466366138
+          3637653737343537660a346336666430373437323562643761336532386365623465323732393762
+          66363064613162616463336135633639373530303866623133623139306362333432643361643766
+          6465356638653963333934636336306533333133333164366661
+
+
+proxmox_usable: (proxmox_status == "running")
+
+# Group VMs by tags for reference in playbooks.
+keyed_groups:
+  # proxmox_tags_parsed is an example of a fact only returned when 'want_facts=true'
+  - key: proxmox_tags_parsed
+    separator: ""
+    prefix: "tag_"
+
+want_proxmox_nodes_ansible_host: false
+compose:
+  ansible_host: proxmox_ipconfig0["ip"].split('/')[0]
+...
diff --git a/ansible/playbooks/bootstrap.yml b/ansible/playbooks/bootstrap.yml
new file mode 100644
index 0000000..c9d75a4
--- /dev/null
+++ b/ansible/playbooks/bootstrap.yml
@@ -0,0 +1,8 @@
+---
+# Bootstrap playbook for post-provisioning tasks.
+- name: Include Docker playbook if the host has the 'tag_docker' tag
+  ansible.builtin.import_playbook: docker.yml
+
+- name: Include K8s playbook if the host is a k3s master or worker
+  ansible.builtin.import_playbook: k8s.yml
+...
diff --git a/ansible/playbooks/docker.yml b/ansible/playbooks/docker.yml
index 12ff431..ec1bd74 100644
--- a/ansible/playbooks/docker.yml
+++ b/ansible/playbooks/docker.yml
@@ -1,6 +1,6 @@
 ---
 - name: Install Docker on Ubuntu or Debian
-  hosts: all
+  hosts: tag_docker
   become: true
   roles:
     - role: docker
diff --git a/ansible/playbooks/k8s.yml b/ansible/playbooks/k8s.yml
index 45f03ee..b3a7e43 100644
--- a/ansible/playbooks/k8s.yml
+++ b/ansible/playbooks/k8s.yml
@@ -1,10 +1,7 @@
 ---
 - name: Deploy a Production Ready Kubernetes Cluster
-  hosts: all
+  hosts: tag_k3s_master:tag_k3s_worker
   become: true
   roles:
     - role: k8s
-
-- name: Import kubespray playbook to deploy k8s cluster
-  ansible.builtin.import_playbook: ../kubespray/cluster.yml
 ...
diff --git a/ansible/roles/k8s/tasks/install_k3s_master.yml b/ansible/roles/k8s/tasks/install_k3s_master.yml
new file mode 100644
index 0000000..71d880e
--- /dev/null
+++ b/ansible/roles/k8s/tasks/install_k3s_master.yml
@@ -0,0 +1,20 @@
+---
+- name: Download k3s installer
+  ansible.builtin.get_url:
+    url: https://get.k3s.io
+    dest: /tmp/install_k3s.sh
+    mode: '0755'
+
+- name: Install k3s server
+  ansible.builtin.command: /tmp/install_k3s.sh server --cluster-init
+  become: true
+
+- name: Retrieve k3s token
+  ansible.builtin.slurp:
+    path: /var/lib/rancher/k3s/server/node-token
+  register: k3s_token_file
+
+- name: Set k3s token as a fact, for workers
+  ansible.builtin.set_fact:
+    k3s_token: "{{ k3s_token_file.content | b64decode }}"
+...
diff --git a/ansible/roles/k8s/tasks/install_k3s_worker.yml b/ansible/roles/k8s/tasks/install_k3s_worker.yml
new file mode 100644
index 0000000..ffe2af0
--- /dev/null
+++ b/ansible/roles/k8s/tasks/install_k3s_worker.yml
@@ -0,0 +1,19 @@
+---
+- name: Retrieve k3s token and master IP from master node
+  ansible.builtin.set_fact:
+    k3s_token: "{{ hostvars[groups['tag_k3s_master'][0]].k3s_token }}"
+    k3s_master_ip: "{{ hostvars[groups['tag_k3s_master'][0]].ansible_default_ipv4.address }}"
+
+- name: Download k3s installation script
+  ansible.builtin.get_url:
+    url: https://get.k3s.io
+    dest: /tmp/install_k3s.sh
+    mode: '0755'
+
+- name: Install k3s agent
+  ansible.builtin.command: >
+    /tmp/install_k3s.sh agent
+    --server https://{{ k3s_master_ip }}:6443
+    --token {{ k3s_token }}
+  become: true
+...
diff --git a/ansible/roles/k8s/tasks/main.yml b/ansible/roles/k8s/tasks/main.yml
index c784c7c..fb58c1b 100644
--- a/ansible/roles/k8s/tasks/main.yml
+++ b/ansible/roles/k8s/tasks/main.yml
@@ -1,4 +1,12 @@
 ---
 - name: Include UFW tasks
   ansible.builtin.include_tasks: ufw.yml
+
+- name: Install k3s on master nodes
+  ansible.builtin.include_tasks: install_k3s_master.yml
+  when: inventory_hostname in groups['tag_k3s_master']
+
+- name: Install k3s on worker nodes
+  ansible.builtin.include_tasks: install_k3s_worker.yml
+  when: inventory_hostname in groups['tag_k3s_worker']
 ...