Functional deployment after tweaks for new roles

- After switching to submodules for Ansible roles, there were many
settings that needed to be tweaked to successfully install.

ansible.cfg

@@ -84,7 +84,7 @@ callback_whitelist = profile_tasks
 #sudo_flags = -H -S -n
 
 # SSH timeout
-#timeout = 10
+timeout = 300
 
 # default user to use for playbooks if user is not specified
 # (/usr/bin/ansible will use current user as default)
@@ -303,7 +303,7 @@ ansible_managed = Ansible managed
 # ssh arguments to use
 # Leaving off ControlPersist will result in poor performance, so use
 # paramiko on older platforms rather than removing it, -C controls compression use
-#ssh_args = -C -o ControlMaster=auto -o ControlPersist=60s
+ssh_args = -C -o ControlMaster=auto -o ControlPersist=60s
 
 # The base directory for the ControlPath sockets.
 # This is the "%(directory)s" in the control_path option

inventory/group_vars/all/all.yml

@@ -21,7 +21,7 @@ dhcp_scope_start_range: "{{ dhcp_scope_subnet }}.128"
 dhcp_scope_subnet: 192.168.100
 
 # Defines jumphost IP address to use as bastion host to reach isolated hosts
-jumphost_ip: 172.16.24.186
+jumphost_ip: "{{ hostvars[groups['rpi_k8s_master'][0]]['ansible_host'] }}"
 
 # Defines IPTABLES rules to define on jumphost
 jumphost_iptables_rules:

inventory/group_vars/all/apt-cacher-ng.yml

@@ -3,4 +3,4 @@
 apt_cacher_server: "{{ groups['rpi_k8s_master'][0] }}"
 
 # Defines if apt-caching should be used for clients
-enable_apt_caching: true
+enable_apt_caching: false

inventory/group_vars/all/dnsmasq.yml

@@ -29,6 +29,8 @@ dnsmasq_dhcp_scopes:
     end: "{{ dhcp_scope_end_range }}"
     netmask: "{{ dhcp_scope_netmask }}"
 
+dnsmasq_disable_lo: true
+
 # Defines if DHCP services are provided by DNSMASQ
 dnsmasq_enable_dhcp: true
 

inventory/group_vars/all/k8s.yml

@@ -5,18 +5,17 @@ k8s_cluster_group: rpi_k8s
 
 k8s_cluster_init_skip_ca_verification: true
 
-k8s_dashboard: https://raw.githubusercontent.com/kubernetes/dashboard/master/aio/deploy/recommended/kubernetes-dashboard-arm.yaml
+k8s_dashboard: https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard-arm.yaml
 
 k8s_helm_architecture: arm
 
 k8s_helm_install: true
 
 k8s_helm_version: 2.8.1
 
-k8s_pod_network_config: "https://cloud.weave.works/k8s/net?k8s-version=$(kubectl version | base64 | tr -d '\n')"
+# k8s_pod_network_config: "https://cloud.weave.works/k8s/net?k8s-version=$(kubectl version | base64 | tr -d '\n')"
 # k8s_pod_network_config: https://gist.githubusercontent.com/mrlesmithjr/eab451b45641db6c108ca3f362563621/raw/93569a17d4085975fc2305ae117ce720766174ec/weave-daemonset-2.2.0.yaml
 
 k8s_users:
   - user: pi
-
-k8s_version: 1.11.2
+# k8s_version: 1.11.2

inventory/hosts.inv

@@ -3,7 +3,7 @@ rpi_k8s_master
 rpi_k8s_slaves
 
 [rpi_k8s_master]
-rpi-k8s-1 ansible_host=172.16.24.186
+rpi-k8s-1 ansible_host=192.168.1.102
 
 [rpi_k8s_slaves]
 rpi-k8s-2 ansible_host=192.168.100.128

playbooks/bootstrap.yml

@@ -7,13 +7,13 @@
       set_fact:
         _current_dhcp_scope_end: "{{ dhcp_scope_end_range.split('.')[3] }}"
 
-# We need to subtract here to account for the starting ip as well as for the
-# first node as it will not need a DHCP address
+    # We need to subtract here to account for the starting ip as well as for the
+    # first node as it will not need a DHCP address
     - name: Calculating The Required DHCP Scope Ending IP
       set_fact:
         _required_dhcp_scope_end: "{{ (dhcp_scope_start_range.split('.')[3]|int - 1) + (rpi_nodes - 1) }}"
 
-# We fail here if the DHCP ending address is not correct based on the number of nodes.
+    # We fail here if the DHCP ending address is not correct based on the number of nodes.
     - name: Fail When DHCP Scope Ending Is Not Correct
       fail: msg="dhcp_scope_end_range should be set to {{ _required_dhcp_scope_end }}"
       when: _required_dhcp_scope_end != _current_dhcp_scope_end
@@ -22,13 +22,13 @@
   pre_tasks:
     - name: Checking To Make Sure Both DNSMasq and ISC-DHCP Are Not True
       fail: msg="Bailing out. Choose either DNSMasq or ISC-DHCP, not both"
-      when: >
-            rpi_k8s_use_isc_dhcp and
-            rpi_k8s_use_dnsmasq
+      when:
+        - rpi_k8s_use_isc_dhcp
+        - rpi_k8s_use_dnsmasq
 
     - name: Updating APT Cache
       apt:
-        cache_valid_time: 1800
+        # cache_valid_time: 3600
       become: true
 
     - name: Installing iptables-persistent
@@ -123,10 +123,10 @@
       register: _wifi_configured
       tags:
         - rpi-manage-wifi
-      when: >
-            k8s_wifi_country is defined and
-            k8s_wifi_password is defined and
-            k8s_wifi_ssid is defined
+      when:
+        - k8s_wifi_country is defined
+        - k8s_wifi_password is defined
+        - k8s_wifi_ssid is defined
 
     - name: Restarting Networking After WI-FI Configured
       service:
@@ -155,30 +155,30 @@
         state: absent
         purge: true
       become: true
-      when: >
-            rpi_k8s_use_isc_dhcp and
-            not rpi_k8s_use_dnsmasq
+      when:
+        - rpi_k8s_use_isc_dhcp
+        - not rpi_k8s_use_dnsmasq
 
     - name: Uninstalling ISC-DHCP
       apt:
         name: isc-dhcp-server
         state: absent
         purge: true
       become: true
-      when: >
-            rpi_k8s_use_dnsmasq and
-            not rpi_k8s_use_isc_dhcp
+      when:
+        - rpi_k8s_use_dnsmasq
+        - not rpi_k8s_use_isc_dhcp
 
   roles:
     - role: ansible-change-hostname
     - role: ansible-dnsmasq
-      when: >
-            rpi_k8s_use_dnsmasq and
-            not rpi_k8s_use_isc_dhcp
+      when:
+        - rpi_k8s_use_dnsmasq
+        - not rpi_k8s_use_isc_dhcp
     - role: ansible-isc-dhcp
-      when: >
-            rpi_k8s_use_isc_dhcp and
-            not rpi_k8s_use_dnsmasq
+      when:
+        - rpi_k8s_use_isc_dhcp
+        - not rpi_k8s_use_dnsmasq
 
   post_tasks:
     - name: Ensuring dnsmasq Is Started And Enabled On Boot
@@ -187,19 +187,19 @@
         state: started
         enabled: true
       become: true
-      when: >
-            rpi_k8s_use_dnsmasq and
-            not rpi_k8s_use_isc_dhcp
+      when:
+        - rpi_k8s_use_dnsmasq
+        - not rpi_k8s_use_isc_dhcp
 
     - name: Ensuring isc-dhcp-server Is Started And Enabled On Boot
       service:
         name: isc-dhcp-server
         state: started
         enabled: true
       become: true
-      when: >
-            rpi_k8s_use_isc_dhcp and
-            not rpi_k8s_use_dnsmasq
+      when:
+        - rpi_k8s_use_isc_dhcp
+        - not rpi_k8s_use_dnsmasq
 
 - hosts: rpi_k8s_master
   vars:
@@ -212,10 +212,31 @@
       retries: 18
       delay: 10
       until: >
-             _dnsmasq_dhcp_leases['stdout_lines'] != [] and
-             _dnsmasq_dhcp_leases['stdout_lines']|length == (rpi_nodes - 1 )
+        _dnsmasq_dhcp_leases['stdout_lines'] != [] and
+        _dnsmasq_dhcp_leases['stdout_lines']|length == (rpi_nodes - 1)
       when: rpi_k8s_use_dnsmasq
 
+    - name: Capturing SSH Keys
+      command: ssh-keyscan {{ hostvars[item]['ansible_host'] }}
+      loop: "{{ groups['rpi_k8s_slaves'] }}"
+      register: ssh_keys
+      changed_when: false
+
+    - name: Ensuring Slave SSH Keys Are Added
+      known_hosts:
+        name: "{{ hostvars[item['item']]['ansible_host'] }}"
+        key: "{{ item['stdout'] }}"
+        state: present
+      loop: "{{ ssh_keys['results'] }}"
+
+    # - name: Ensuring Slave SSH Keys Are Added
+    #   lineinfile:
+    #     path: $HOME/.ssh/known_hosts
+    #     create: true
+    #     state: present
+    #     line: "{{ lookup('pipe', 'ssh-keyscan -trsa ' + hostvars[item]['ansible_host']) }}"
+    #   loop: "{{ groups['rpi_k8s_slaves'] }}"
+
 - hosts: rpi_k8s_slaves
   any_errors_fatal: true
   tasks:
@@ -273,7 +294,7 @@
         state: present
       become: true
 
-# We install dnsutils to provide us dig on the cluster nodes
+    # We install dnsutils to provide us dig on the cluster nodes
     - name: Installing dnsutils
       apt:
         name: dnsutils
@@ -307,9 +328,9 @@
       ignore_errors: true
       become: true
       register: _reboot_slaves
-      when: >
-            _cmdline_boot['changed'] and
-            inventory_hostname in groups['rpi_k8s_slaves']
+      when:
+        - _cmdline_boot['changed']
+        - inventory_hostname in groups['rpi_k8s_slaves']
 
     - name: Waiting For Host To Respond
       wait_for_connection:
@@ -331,15 +352,14 @@
       ignore_errors: true
       become: true
       register: _reboot_master
-      when: >
-            _cmdline_boot['changed'] and
-            inventory_hostname in groups['rpi_k8s_master']
+      when:
+        - _cmdline_boot['changed']
+        - inventory_hostname in groups['rpi_k8s_master']
 
     - name: Waiting For Host To Respond
       wait_for_connection:
         delay: 20
       when: _reboot_master['changed']
-
     # - name: Wait 300 seconds for port 22 to become open and contain "OpenSSH"
     #   wait_for:
     #     port: 22