From 859957f1f08db2ad901ba7e594ecad7c4e79d3fb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andreas=20L=C3=BCdtke?= Date: Tue, 8 Jan 2019 12:56:59 +0100 Subject: [PATCH] Erster Commit mit 3 neuen Playbooks --- .gitignore | 4 + README_FORK.md | 31 +++ playbooks/createCluster.yml | 22 ++ playbooks/destroyCluster.yml | 4 + playbooks/group_vars/all | 2 - playbooks/host_vars/localhost | 3 - playbooks/inventories/hosts.yml | 7 +- playbooks/prepareHost.yml | 27 +++ .../roles/checkUserIsRoot/tasks/main.yml | 10 + .../roles/downloadNodeIso/tasks/main.yml | 4 +- playbooks/roles/downloadNodeIso/vars/main.yml | 3 +- .../roles/installTerraform/tasks/main.yml | 24 +- .../roles/installTerraform/vars/main.yml | 7 +- playbooks/roles/runTerraform/tasks/create.yml | 95 ++++++++ .../roles/runTerraform/tasks/destroy.yml | 25 ++ playbooks/roles/runTerraform/tasks/main.yml | 2 + .../runTerraform/templates/cloudconfig.j2.cfg | 15 ++ .../roles/runTerraform/templates/hosts.j2.yml | 25 ++ .../runTerraform/templates/multiNode.j2.tf | 225 ++++++++++++++++++ playbooks/roles/runTerraform/vars/main.yml | 2 + .../roles/setupAnsibleHost/tasks/main.yml | 34 ++- .../setupAnsibleHost/templates/ansible.j2.cfg | 12 +- .../templates/ansible_logrotate.j2 | 2 +- .../setupAnsibleHost/templates/user.j2.sudo | 2 +- playbooks/roles/setupKubeTools/tasks/main.yml | 7 +- playbooks/roles/setupKvmHost/tasks/main.yml | 4 +- .../setupRkeCluster/files/create_rbac.yml | 12 + .../roles/setupRkeCluster/files/create_sa.yml | 5 + .../roles/setupRkeCluster/tasks/main.yml | 27 ++- 29 files changed, 586 insertions(+), 56 deletions(-) create mode 100644 README_FORK.md create mode 100644 playbooks/createCluster.yml create mode 100644 playbooks/destroyCluster.yml delete mode 100644 playbooks/host_vars/localhost create mode 100644 playbooks/prepareHost.yml create mode 100644 playbooks/roles/checkUserIsRoot/tasks/main.yml create mode 100644 playbooks/roles/runTerraform/tasks/create.yml create mode 100644 playbooks/roles/runTerraform/tasks/destroy.yml create mode 100644 playbooks/roles/runTerraform/tasks/main.yml create mode 100644 playbooks/roles/runTerraform/templates/cloudconfig.j2.cfg create mode 100644 playbooks/roles/runTerraform/templates/hosts.j2.yml create mode 100644 playbooks/roles/runTerraform/templates/multiNode.j2.tf create mode 100644 playbooks/roles/runTerraform/vars/main.yml create mode 100644 playbooks/roles/setupRkeCluster/files/create_rbac.yml create mode 100644 playbooks/roles/setupRkeCluster/files/create_sa.yml diff --git a/.gitignore b/.gitignore index 890cace..08a0e9b 100644 --- a/.gitignore +++ b/.gitignore @@ -6,6 +6,10 @@ *.qcow2 playbooks/roles/downloadNodeIso/files/ playbooks/roles/setupRkeCluster/files/id_rsa.pub +playbooks/roles/setupRkeCluster/files/rke_linux-amd64 +playbooks/roles/runTerraform/workspace/ +playbooks/inventories/hosts.yml *.tfstate *.tfstate.backup +*.tfstate.lock.info .terraform diff --git a/README_FORK.md b/README_FORK.md new file mode 100644 index 0000000..5ad479d --- /dev/null +++ b/README_FORK.md @@ -0,0 +1,31 @@ +# Fork von aluedtke7 +Ansible Projekt um einen Kubernetes Cluster lokal auf einer Ubuntu 18.04 Maschine zu installieren + +Das Projekt ist in 3 Playbooks aufgeteilt. Das erste (prepareHost.yml) dient zur Vorbereitung der Linux Maschine, um die nötigen Tools bzw. die nötige Software zu installieren. Dieses Playbook muß normalerweise nur einmal ausgeführt werden. + +Das zweite Playbook (createCluster.yml) dient dem Aufsetzen und starten des K8S Clusters. + +Das dritte Playbook (destroyCluster.yml) dient dem Zerstören des K8S Clusters. + +## Voraussetzungen +Ansible muss installiert sein (`sudo apt install ansible`). Die Playbooks müssen als normaler User ausgeführt werden (kein sudo). + + +## Playbooks +### Host vorbereiten (einmalig als erstes ausführen): +```` +ansible-playbook prepareHost.yml +```` + +### K8S Cluster erstellen: +```` +ansible-playbook createCluster.yml +```` +Am Ende des Skriptes wird der Token für den admin_user angezeigt, damit man sich am K8S Dashboard anmelden kann. +Hierzu einmalig `kubectl proxy` in einer Shell starten und dann im Webbrowser die Adresse +http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/ aufrufen. + +### K8S Cluster zerstören: +```` +ansible-playbook destroyCluster.yml +```` diff --git a/playbooks/createCluster.yml b/playbooks/createCluster.yml new file mode 100644 index 0000000..ca4fba6 --- /dev/null +++ b/playbooks/createCluster.yml @@ -0,0 +1,22 @@ +--- +- hosts: local + roles: + - checkUserIsRoot + - { role: runTerraform, action: create } + tags: + - createCluster + +- hosts: kvm + gather_facts: no + tasks: + - setup: + tags: + - createCluster + +- hosts: kvm + gather_facts: no + roles: + - installDocker + - setupRkeCluster + tags: + - createCluster diff --git a/playbooks/destroyCluster.yml b/playbooks/destroyCluster.yml new file mode 100644 index 0000000..c21c3a9 --- /dev/null +++ b/playbooks/destroyCluster.yml @@ -0,0 +1,4 @@ +--- +- hosts: local + roles: + - { role: runTerraform, action: destroy } diff --git a/playbooks/group_vars/all b/playbooks/group_vars/all index 45f0a73..53312b3 100644 --- a/playbooks/group_vars/all +++ b/playbooks/group_vars/all @@ -1,6 +1,4 @@ --- -groupVarAnsibleGroup: swalker groupVarAnsibleGid: 1000 -groupVarAnsibleUser: swalker groupVarAnsibleUid: 1000 ... diff --git a/playbooks/host_vars/localhost b/playbooks/host_vars/localhost deleted file mode 100644 index d8d78b4..0000000 --- a/playbooks/host_vars/localhost +++ /dev/null @@ -1,3 +0,0 @@ ---- -hostVarAnsibleUserHome: /home/swalker -... diff --git a/playbooks/inventories/hosts.yml b/playbooks/inventories/hosts.yml index 5a5527e..80a0f73 100644 --- a/playbooks/inventories/hosts.yml +++ b/playbooks/inventories/hosts.yml @@ -17,10 +17,9 @@ all: k8s-master: hosts: - 192.168.122.142: + 192.168.122.99: k8s-worker: hosts: - 192.168.122.36: - 192.168.122.6: -... + 192.168.122.113: + 192.168.122.251: diff --git a/playbooks/prepareHost.yml b/playbooks/prepareHost.yml new file mode 100644 index 0000000..4d96e3f --- /dev/null +++ b/playbooks/prepareHost.yml @@ -0,0 +1,27 @@ +--- +- hosts: local + tags: ['init', 'ansible', 'kvm', 'terraform', 'tools'] + roles: + - checkUserIsRoot + +- hosts: local + tags: ['ansible'] + roles: + - setupAnsibleHost + +- hosts: local + tags: ['kvm'] + become: yes + roles: + - setupKvmHost + +- hosts: local + tags: ['terraform'] + roles: + - downloadNodeIso + - installTerraform + +- hosts: local + tags: ['tools'] + roles: + - setupKubeTools diff --git a/playbooks/roles/checkUserIsRoot/tasks/main.yml b/playbooks/roles/checkUserIsRoot/tasks/main.yml new file mode 100644 index 0000000..bd0dc06 --- /dev/null +++ b/playbooks/roles/checkUserIsRoot/tasks/main.yml @@ -0,0 +1,10 @@ +--- + +- name: Aktuell angemeldeter Benutzer und Home Verzeichnis ausgeben + debug: + msg: "{{ ansible_user_id }} - {{ lookup('env','HOME') }} - {{ playbook_dir }} - {{ role_path }}" + tags: debug + +- fail: msg="Das Playbook darf NICHT als Benutzer root (sudo) ausgeführt werden!!!" + when: "ansible_user_id == 'root' " + tags: debug diff --git a/playbooks/roles/downloadNodeIso/tasks/main.yml b/playbooks/roles/downloadNodeIso/tasks/main.yml index 69f2e16..fb1db87 100644 --- a/playbooks/roles/downloadNodeIso/tasks/main.yml +++ b/playbooks/roles/downloadNodeIso/tasks/main.yml @@ -3,8 +3,8 @@ file: path: "{{ role_path }}/files/" state: directory - owner: "{{ groupVarAnsibleUser }}" - group: "{{ groupVarAnsibleGroup }}" + owner: "{{ ansible_user_id }}" + group: "{{ ansible_user_id }}" mode: 0755 tags: - alpine diff --git a/playbooks/roles/downloadNodeIso/vars/main.yml b/playbooks/roles/downloadNodeIso/vars/main.yml index 56d9712..76fbd4e 100644 --- a/playbooks/roles/downloadNodeIso/vars/main.yml +++ b/playbooks/roles/downloadNodeIso/vars/main.yml @@ -2,5 +2,4 @@ roleVarAlpineDownload: http://dl-cdn.alpinelinux.org/alpine/v3.8/releases/x86_64/alpine-virt-3.8.1-x86_64.iso roleVarAlpineDownloadChecksum: sha256:83ede521b174d99a0975c3653e7310b58075fa68fb773ed6995b974a44df60ce roleVarUbuntuDownload: https://cloud-images.ubuntu.com/releases/18.04/release/ubuntu-18.04-server-cloudimg-amd64.img -roleVarUbuntuDownloadChecksum: sha256:5a80b6116471229482b5c5246b412e4716ac501e7aa3dd0f60b0debdcebbcfc1 -... +roleVarUbuntuDownloadChecksum: sha256:19e9853d8267b3f546e8f3824bbe04756d65ddf9c0068373079933e3359331d3 diff --git a/playbooks/roles/installTerraform/tasks/main.yml b/playbooks/roles/installTerraform/tasks/main.yml index 6cfe41c..78b4645 100644 --- a/playbooks/roles/installTerraform/tasks/main.yml +++ b/playbooks/roles/installTerraform/tasks/main.yml @@ -4,27 +4,27 @@ path: "{{ item }}" mode: 0700 recurse: yes - owner: "{{ groupVarAnsibleUser }}" - group: "{{ groupVarAnsibleGroup }}" + owner: "{{ ansible_user_id }}" + group: "{{ ansible_user_id }}" with_items: - - "{{ hostVarAnsibleUserHome }}/.terraform.d/plugins/" - - "{{ hostVarAnsibleUserHome }}/bin/" + - "{{ lookup('env','HOME') }}/.terraform.d/plugins/" + - "{{ lookup('env','HOME') }}/bin/" - name: creating temporary file dir file: path: "{{ role_path }}/files/" mode: 0775 recurse: yes - owner: "{{ groupVarAnsibleUser }}" - group: "{{ groupVarAnsibleGroup }}" + owner: "{{ ansible_user_id }}" + group: "{{ ansible_user_id }}" - name: Download terraform with check (sha256) and terraform-provider-libvirt get_url: url: "{{ item.src }}" dest: "{{ item.dst }}" checksum: "{{ item.cks | default(omit) }}" - owner: "{{ groupVarAnsibleUser }}" - group: "{{ groupVarAnsibleGroup }}" + owner: "{{ ansible_user_id }}" + group: "{{ ansible_user_id }}" mode: 0600 with_items: - { src: "{{ roleVarTerraformDownload }}", dst: "{{ role_path }}/files/{{ roleVarTerraformDownload | basename }}", cks: "{{ roleVarTerraformDownloadChecksum }}" } @@ -35,11 +35,11 @@ src: "{{ item.src }}" dest: "{{ item.dst }}" mode: 0700 - owner: "{{ groupVarAnsibleUser }}" - group: "{{ groupVarAnsibleGroup }}" + owner: "{{ ansible_user_id }}" + group: "{{ ansible_user_id }}" with_items: - - { src: "{{ role_path }}/files/{{ roleVarTerraformDownload | basename }}", dst: "{{ hostVarAnsibleUserHome }}/bin/" } - - { src: "{{ role_path }}/files/{{ roleVarTerraformProviderLibvirtDownload | basename }}", dst: "{{ hostVarAnsibleUserHome }}/.terraform.d/plugins/" } + - { src: "{{ role_path }}/files/{{ roleVarTerraformDownload | basename }}", dst: "{{ lookup('env','HOME') }}/bin/" } + - { src: "{{ role_path }}/files/{{ roleVarTerraformProviderLibvirtDownload | basename }}", dst: "{{ lookup('env','HOME') }}/.terraform.d/plugins/" } - name: deleting zipfile of terraform and terraform-provider-libvirt file: diff --git a/playbooks/roles/installTerraform/vars/main.yml b/playbooks/roles/installTerraform/vars/main.yml index f7083c3..61c8f1b 100644 --- a/playbooks/roles/installTerraform/vars/main.yml +++ b/playbooks/roles/installTerraform/vars/main.yml @@ -1,5 +1,4 @@ --- -roleVarTerraformDownload: https://releases.hashicorp.com/terraform/0.11.10/terraform_0.11.10_linux_amd64.zip -roleVarTerraformDownloadChecksum: sha256:43543a0e56e31b0952ea3623521917e060f2718ab06fe2b2d506cfaa14d54527 -roleVarTerraformProviderLibvirtDownload: https://github.com/dmacvicar/terraform-provider-libvirt/releases/download/v0.5.0/terraform-provider-libvirt-0.5.0.Ubuntu_18.04.amd64.tar.gz -... +roleVarTerraformDownload: https://releases.hashicorp.com/terraform/0.11.11/terraform_0.11.11_linux_amd64.zip +roleVarTerraformDownloadChecksum: sha256:94504f4a67bad612b5c8e3a4b7ce6ca2772b3c1559630dfd71e9c519e3d6149c +roleVarTerraformProviderLibvirtDownload: https://github.com/dmacvicar/terraform-provider-libvirt/releases/download/v0.5.1/terraform-provider-libvirt-0.5.1.Ubuntu_18.04.amd64.tar.gz diff --git a/playbooks/roles/runTerraform/tasks/create.yml b/playbooks/roles/runTerraform/tasks/create.yml new file mode 100644 index 0000000..dd085f7 --- /dev/null +++ b/playbooks/roles/runTerraform/tasks/create.yml @@ -0,0 +1,95 @@ +--- +- name: Create workspace folder + file: + path: "{{ role_path }}/{{ workspacefolder }}" + state: directory + owner: "{{ ansible_user_id }}" + group: "{{ ansible_user_id }}" + tags: prepareCluster, createCluster + +- name: prepare Terraform file + template: + src: multiNode.j2.tf + dest: "{{ role_path }}/{{ workspacefolder }}/multiNode.tf" + force: yes + owner: "{{ ansible_user_id }}" + group: "{{ ansible_user_id }}" + mode: "u=rw,g=r,o=r" + tags: prepareCluster, createCluster + +- name: prepare cloudconfig.cfg + template: + src: cloudconfig.j2.cfg + dest: "{{ role_path }}/{{ workspacefolder }}/cloudconfig.cfg" + force: yes + owner: "{{ ansible_user_id }}" + group: "{{ ansible_user_id }}" + mode: "u=rw,g=r,o=r" + tags: prepareCluster, createCluster + +- name: run Terraform to create cluster + terraform: + project_path: '{{ role_path }}/{{ workspacefolder }}' + state: present + force_init: yes + register: terraform + tags: createCluster + +- name: Terraform Command + debug: + msg: "{{ terraform.command }}" + tags: createCluster + +- name: Print return value + debug: + msg: "{{ terraform.outputs.ips.value }}" + tags: createCluster + +- name: Variable setzen master + set_fact: + ip_master: "{{ terraform.outputs.ip_master.value }}" + tags: createCluster + +- name: Variable setzen worker 1 + set_fact: + ip_worker1: "{{ terraform.outputs.ip_worker1.value }}" + tags: createCluster + +- name: Variable setzen worker 2 + set_fact: + ip_worker2: "{{ terraform.outputs.ip_worker2.value }}" + tags: createCluster + +- name: IPs ausgeben + debug: + msg: 'Master {{ ip_master }} - Worker1 {{ ip_worker1 }} - Worker2 {{ ip_worker2 }}' + tags: createCluster + +- name: prepare host file + template: + src: hosts.j2.yml + dest: "{{ playbook_dir }}/inventories/hosts.yml" + owner: "{{ ansible_user_id }}" + group: "{{ ansible_user_id }}" + mode: "u=rw,g=r,o=r" + tags: createCluster + +- name: Refresh inventory + meta: refresh_inventory + tags: createCluster + +- name: remove ssh_keys of actual cluster members from known hosts + known_hosts: + state: absent + name: "{{ item }}" + with_items: + - "{{ ip_master }}" + - "{{ ip_worker1 }}" + - "{{ ip_worker2 }}" + tags: createCluster + +- name: sleep for 10 seconds and continue with play + wait_for: + timeout: 10 + delegate_to: localhost + tags: createCluster diff --git a/playbooks/roles/runTerraform/tasks/destroy.yml b/playbooks/roles/runTerraform/tasks/destroy.yml new file mode 100644 index 0000000..ac7a23a --- /dev/null +++ b/playbooks/roles/runTerraform/tasks/destroy.yml @@ -0,0 +1,25 @@ +--- +- name: Create workspace folder + file: + path: "{{ role_path }}/{{ workspacefolder }}" + state: directory + owner: "{{ ansible_user_id }}" + group: "{{ ansible_user_id }}" + tags: prepareCluster, createCluster, destroyCluster + +- name: prepare Terraform file + template: + src: multiNode.j2.tf + dest: "{{ role_path }}/{{ workspacefolder }}/multiNode.tf" + force: yes + owner: "{{ ansible_user_id }}" + group: "{{ ansible_user_id }}" + mode: "u=rw,g=r,o=r" + tags: prepareCluster, destroyCluster + +- name: run Terraform to destroy cluster + terraform: + project_path: '{{ role_path }}/{{ workspacefolder }}' + state: absent + register: terraform + tags: destroyCluster diff --git a/playbooks/roles/runTerraform/tasks/main.yml b/playbooks/roles/runTerraform/tasks/main.yml new file mode 100644 index 0000000..2f86562 --- /dev/null +++ b/playbooks/roles/runTerraform/tasks/main.yml @@ -0,0 +1,2 @@ +# anhand des Parameters wird die auszuführende Aktion ausgewählt +- include: "{{ action }}.yml" diff --git a/playbooks/roles/runTerraform/templates/cloudconfig.j2.cfg b/playbooks/roles/runTerraform/templates/cloudconfig.j2.cfg new file mode 100644 index 0000000..70bdbe7 --- /dev/null +++ b/playbooks/roles/runTerraform/templates/cloudconfig.j2.cfg @@ -0,0 +1,15 @@ +#cloud-config +# +# Goal here is to just extend the default root LVM to the full size of the disk during boot +# Tested with CentOS 7 +# Ensure that the image has cloud-init and cloud-utils-growpart installed prior to running this cloud-init + +growpart: + mode: growpart + devices: ['/dev/vda1'] + ignore_growroot_disabled: false + +runcmd: + - pvresize /dev/vda1 + - lvmdev="$(mount | grep 'on / ' | awk '{print $1}')" + - lvresize -r $lvmdev /dev/vda1 diff --git a/playbooks/roles/runTerraform/templates/hosts.j2.yml b/playbooks/roles/runTerraform/templates/hosts.j2.yml new file mode 100644 index 0000000..cb4abdb --- /dev/null +++ b/playbooks/roles/runTerraform/templates/hosts.j2.yml @@ -0,0 +1,25 @@ +--- +all: + children: + + local: + hosts: + localhost: + vars: + ansible_connection: local + ansible_python_interpreter: /usr/bin/python3 + + kvm: + vars: + ansible_python_interpreter: /usr/bin/python3 + docker_service_dir: /root/docker + children: + + k8s-master: + hosts: + {{ ip_master }}: + + k8s-worker: + hosts: + {{ ip_worker1 }}: + {{ ip_worker2 }}: diff --git a/playbooks/roles/runTerraform/templates/multiNode.j2.tf b/playbooks/roles/runTerraform/templates/multiNode.j2.tf new file mode 100644 index 0000000..5b7726f --- /dev/null +++ b/playbooks/roles/runTerraform/templates/multiNode.j2.tf @@ -0,0 +1,225 @@ +provider "libvirt" { + uri = "qemu:///system" +} + +# Defining cloud config template file +data "template_file" "ebsdeploy"{ + template = "${file("./cloudconfig.cfg")}" +} + +data "template_cloudinit_config" "ebsdeploy_config" { + gzip = false + base64_encode = false + + part { + filename = "cloudconfig.cfg" + content_type = "text/cloud-config" + content = "${data.template_file.ebsdeploy.rendered}" + } +} + +resource "libvirt_volume" "os_image_ubuntu" { + name = "os_image_ubuntu" + pool = "default" + source = "{{ playbook_dir }}/roles/downloadNodeIso/files/ubuntu-18.04-server-cloudimg-amd64.img" +} + +resource "libvirt_volume" "disk_ubuntu_k8s_master" { + name = "disk_k8s_master" + base_volume_id = "${libvirt_volume.os_image_ubuntu.id}" + pool = "default" + size = 10000000000 +} + +# Use CloudInit to add our ssh-key to the instance +resource "libvirt_cloudinit_disk" "cloudinit_ubuntu_k8s_master" { + name = "cloudinit_ubuntu_k8s_master.iso" + pool = "default" + + user_data = <