diff --git a/ansible.cfg b/ansible.cfg index 20332e8..f33df2f 100644 --- a/ansible.cfg +++ b/ansible.cfg @@ -84,7 +84,7 @@ callback_whitelist = profile_tasks #sudo_flags = -H -S -n # SSH timeout -#timeout = 10 +timeout = 300 # default user to use for playbooks if user is not specified # (/usr/bin/ansible will use current user as default) @@ -303,7 +303,7 @@ ansible_managed = Ansible managed # ssh arguments to use # Leaving off ControlPersist will result in poor performance, so use # paramiko on older platforms rather than removing it, -C controls compression use -#ssh_args = -C -o ControlMaster=auto -o ControlPersist=60s +ssh_args = -C -o ControlMaster=auto -o ControlPersist=60s # The base directory for the ControlPath sockets. # This is the "%(directory)s" in the control_path option diff --git a/inventory/group_vars/all/all.yml b/inventory/group_vars/all/all.yml index d5b28d0..0df4b5e 100644 --- a/inventory/group_vars/all/all.yml +++ b/inventory/group_vars/all/all.yml @@ -21,7 +21,7 @@ dhcp_scope_start_range: "{{ dhcp_scope_subnet }}.128" dhcp_scope_subnet: 192.168.100 # Defines jumphost IP address to use as bastion host to reach isolated hosts -jumphost_ip: 172.16.24.186 +jumphost_ip: "{{ hostvars[groups['rpi_k8s_master'][0]]['ansible_host'] }}" # Defines IPTABLES rules to define on jumphost jumphost_iptables_rules: diff --git a/inventory/group_vars/all/apt-cacher-ng.yml b/inventory/group_vars/all/apt-cacher-ng.yml index 56b2007..47d3dcd 100644 --- a/inventory/group_vars/all/apt-cacher-ng.yml +++ b/inventory/group_vars/all/apt-cacher-ng.yml @@ -3,4 +3,4 @@ apt_cacher_server: "{{ groups['rpi_k8s_master'][0] }}" # Defines if apt-caching should be used for clients -enable_apt_caching: true +enable_apt_caching: false diff --git a/inventory/group_vars/all/dnsmasq.yml b/inventory/group_vars/all/dnsmasq.yml index 0a1d679..28a62e0 100644 --- a/inventory/group_vars/all/dnsmasq.yml +++ b/inventory/group_vars/all/dnsmasq.yml @@ -29,6 +29,8 @@ dnsmasq_dhcp_scopes: end: "{{ dhcp_scope_end_range }}" netmask: "{{ dhcp_scope_netmask }}" +dnsmasq_disable_lo: true + # Defines if DHCP services are provided by DNSMASQ dnsmasq_enable_dhcp: true diff --git a/inventory/group_vars/all/k8s.yml b/inventory/group_vars/all/k8s.yml index d8aecc2..acf6274 100644 --- a/inventory/group_vars/all/k8s.yml +++ b/inventory/group_vars/all/k8s.yml @@ -5,7 +5,7 @@ k8s_cluster_group: rpi_k8s k8s_cluster_init_skip_ca_verification: true -k8s_dashboard: https://raw.githubusercontent.com/kubernetes/dashboard/master/aio/deploy/recommended/kubernetes-dashboard-arm.yaml +k8s_dashboard: https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard-arm.yaml k8s_helm_architecture: arm @@ -13,10 +13,9 @@ k8s_helm_install: true k8s_helm_version: 2.8.1 -k8s_pod_network_config: "https://cloud.weave.works/k8s/net?k8s-version=$(kubectl version | base64 | tr -d '\n')" +# k8s_pod_network_config: "https://cloud.weave.works/k8s/net?k8s-version=$(kubectl version | base64 | tr -d '\n')" # k8s_pod_network_config: https://gist.githubusercontent.com/mrlesmithjr/eab451b45641db6c108ca3f362563621/raw/93569a17d4085975fc2305ae117ce720766174ec/weave-daemonset-2.2.0.yaml k8s_users: - user: pi - -k8s_version: 1.11.2 +# k8s_version: 1.11.2 diff --git a/inventory/hosts.inv b/inventory/hosts.inv index ab946bd..73d99d9 100644 --- a/inventory/hosts.inv +++ b/inventory/hosts.inv @@ -3,7 +3,7 @@ rpi_k8s_master rpi_k8s_slaves [rpi_k8s_master] -rpi-k8s-1 ansible_host=172.16.24.186 +rpi-k8s-1 ansible_host=192.168.1.102 [rpi_k8s_slaves] rpi-k8s-2 ansible_host=192.168.100.128 diff --git a/playbooks/bootstrap.yml b/playbooks/bootstrap.yml index cd72693..3a5389d 100644 --- a/playbooks/bootstrap.yml +++ b/playbooks/bootstrap.yml @@ -7,13 +7,13 @@ set_fact: _current_dhcp_scope_end: "{{ dhcp_scope_end_range.split('.')[3] }}" -# We need to subtract here to account for the starting ip as well as for the -# first node as it will not need a DHCP address + # We need to subtract here to account for the starting ip as well as for the + # first node as it will not need a DHCP address - name: Calculating The Required DHCP Scope Ending IP set_fact: _required_dhcp_scope_end: "{{ (dhcp_scope_start_range.split('.')[3]|int - 1) + (rpi_nodes - 1) }}" -# We fail here if the DHCP ending address is not correct based on the number of nodes. + # We fail here if the DHCP ending address is not correct based on the number of nodes. - name: Fail When DHCP Scope Ending Is Not Correct fail: msg="dhcp_scope_end_range should be set to {{ _required_dhcp_scope_end }}" when: _required_dhcp_scope_end != _current_dhcp_scope_end @@ -22,13 +22,13 @@ pre_tasks: - name: Checking To Make Sure Both DNSMasq and ISC-DHCP Are Not True fail: msg="Bailing out. Choose either DNSMasq or ISC-DHCP, not both" - when: > - rpi_k8s_use_isc_dhcp and - rpi_k8s_use_dnsmasq + when: + - rpi_k8s_use_isc_dhcp + - rpi_k8s_use_dnsmasq - name: Updating APT Cache apt: - cache_valid_time: 1800 + # cache_valid_time: 3600 become: true - name: Installing iptables-persistent @@ -123,10 +123,10 @@ register: _wifi_configured tags: - rpi-manage-wifi - when: > - k8s_wifi_country is defined and - k8s_wifi_password is defined and - k8s_wifi_ssid is defined + when: + - k8s_wifi_country is defined + - k8s_wifi_password is defined + - k8s_wifi_ssid is defined - name: Restarting Networking After WI-FI Configured service: @@ -155,9 +155,9 @@ state: absent purge: true become: true - when: > - rpi_k8s_use_isc_dhcp and - not rpi_k8s_use_dnsmasq + when: + - rpi_k8s_use_isc_dhcp + - not rpi_k8s_use_dnsmasq - name: Uninstalling ISC-DHCP apt: @@ -165,20 +165,20 @@ state: absent purge: true become: true - when: > - rpi_k8s_use_dnsmasq and - not rpi_k8s_use_isc_dhcp + when: + - rpi_k8s_use_dnsmasq + - not rpi_k8s_use_isc_dhcp roles: - role: ansible-change-hostname - role: ansible-dnsmasq - when: > - rpi_k8s_use_dnsmasq and - not rpi_k8s_use_isc_dhcp + when: + - rpi_k8s_use_dnsmasq + - not rpi_k8s_use_isc_dhcp - role: ansible-isc-dhcp - when: > - rpi_k8s_use_isc_dhcp and - not rpi_k8s_use_dnsmasq + when: + - rpi_k8s_use_isc_dhcp + - not rpi_k8s_use_dnsmasq post_tasks: - name: Ensuring dnsmasq Is Started And Enabled On Boot @@ -187,9 +187,9 @@ state: started enabled: true become: true - when: > - rpi_k8s_use_dnsmasq and - not rpi_k8s_use_isc_dhcp + when: + - rpi_k8s_use_dnsmasq + - not rpi_k8s_use_isc_dhcp - name: Ensuring isc-dhcp-server Is Started And Enabled On Boot service: @@ -197,9 +197,9 @@ state: started enabled: true become: true - when: > - rpi_k8s_use_isc_dhcp and - not rpi_k8s_use_dnsmasq + when: + - rpi_k8s_use_isc_dhcp + - not rpi_k8s_use_dnsmasq - hosts: rpi_k8s_master vars: @@ -212,10 +212,31 @@ retries: 18 delay: 10 until: > - _dnsmasq_dhcp_leases['stdout_lines'] != [] and - _dnsmasq_dhcp_leases['stdout_lines']|length == (rpi_nodes - 1 ) + _dnsmasq_dhcp_leases['stdout_lines'] != [] and + _dnsmasq_dhcp_leases['stdout_lines']|length == (rpi_nodes - 1) when: rpi_k8s_use_dnsmasq + - name: Capturing SSH Keys + command: ssh-keyscan {{ hostvars[item]['ansible_host'] }} + loop: "{{ groups['rpi_k8s_slaves'] }}" + register: ssh_keys + changed_when: false + + - name: Ensuring Slave SSH Keys Are Added + known_hosts: + name: "{{ hostvars[item['item']]['ansible_host'] }}" + key: "{{ item['stdout'] }}" + state: present + loop: "{{ ssh_keys['results'] }}" + + # - name: Ensuring Slave SSH Keys Are Added + # lineinfile: + # path: $HOME/.ssh/known_hosts + # create: true + # state: present + # line: "{{ lookup('pipe', 'ssh-keyscan -trsa ' + hostvars[item]['ansible_host']) }}" + # loop: "{{ groups['rpi_k8s_slaves'] }}" + - hosts: rpi_k8s_slaves any_errors_fatal: true tasks: @@ -273,7 +294,7 @@ state: present become: true -# We install dnsutils to provide us dig on the cluster nodes + # We install dnsutils to provide us dig on the cluster nodes - name: Installing dnsutils apt: name: dnsutils @@ -307,9 +328,9 @@ ignore_errors: true become: true register: _reboot_slaves - when: > - _cmdline_boot['changed'] and - inventory_hostname in groups['rpi_k8s_slaves'] + when: + - _cmdline_boot['changed'] + - inventory_hostname in groups['rpi_k8s_slaves'] - name: Waiting For Host To Respond wait_for_connection: @@ -331,15 +352,14 @@ ignore_errors: true become: true register: _reboot_master - when: > - _cmdline_boot['changed'] and - inventory_hostname in groups['rpi_k8s_master'] + when: + - _cmdline_boot['changed'] + - inventory_hostname in groups['rpi_k8s_master'] - name: Waiting For Host To Respond wait_for_connection: delay: 20 when: _reboot_master['changed'] - # - name: Wait 300 seconds for port 22 to become open and contain "OpenSSH" # wait_for: # port: 22 diff --git a/roles/ansible-dnsmasq b/roles/ansible-dnsmasq index 283732a..0c3c2d6 160000 --- a/roles/ansible-dnsmasq +++ b/roles/ansible-dnsmasq @@ -1 +1 @@ -Subproject commit 283732a4898785bb51a0103763378040db1cd132 +Subproject commit 0c3c2d630658bbf3d1d4ccc75164b06a4893f97a diff --git a/roles/ansible-glusterfs b/roles/ansible-glusterfs index aeee21c..75d2451 160000 --- a/roles/ansible-glusterfs +++ b/roles/ansible-glusterfs @@ -1 +1 @@ -Subproject commit aeee21c541af151a444980d7547f58fca62135b5 +Subproject commit 75d2451403a885ff468c94f8892246079978693a