From c6906e15048f6b1cc928cef2389103a93c1e8f06 Mon Sep 17 00:00:00 2001
From: vincent <vincent@ducamps.win>
Date: Sun, 4 Aug 2024 11:54:53 +0200
Subject: [PATCH] finalize role

---
 defaults/main.yml             | 16 +++++++
 handlers/main.yml             |  3 ++
 tasks/main.yml                | 83 +++++++++++++++++++++++++++++++++++
 templates/config.yaml.j2      | 10 +++++
 templates/consul.d/k3s.hcl.j2 | 16 +++++++
 templates/k3s.service.j2      | 24 ++++++++++
 6 files changed, 152 insertions(+)
 create mode 100644 templates/config.yaml.j2
 create mode 100644 templates/consul.d/k3s.hcl.j2
 create mode 100644 templates/k3s.service.j2

diff --git a/defaults/main.yml b/defaults/main.yml
index 968734c..437e62d 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -1,2 +1,18 @@
 ---
 # defaults file for ansible-k3s
+k3s_cluster_group: "cluster"
+k3s_token_file: "/etc/rancher/node/password"
+k3s_control_plane_endpoint: k3s.service.consul
+k3s_consul_service: false
+k3s_server_config:
+  tls-san:
+    - "{{ k3s_control_plane_endpoint }}"
+  disable:
+    #    - local-storage
+    # - servicelb
+    # - traefik
+  # disable-helm-controller: true
+  # disable-kube-proxy: true
+  # disable-network-policy: true
+  # flannel-backend: none
+  # secrets-encryption: true
diff --git a/handlers/main.yml b/handlers/main.yml
index a0495bb..4859160 100644
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -1,2 +1,5 @@
 ---
 # handlers file for ansible-k3s
+- name: Reload consul configuration on Linux
+  ansible.builtin.command: "consul reload"
+  listen: "reload consul configuration"
diff --git a/tasks/main.yml b/tasks/main.yml
index 1e24194..9f8ba2a 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -1,2 +1,85 @@
 ---
 # tasks file for ansible-k3s
+
+- name: K3s aur instalation (Archlinux)
+  aur:
+    name: k3s-bin
+    state: present
+  become: true
+  become_user: aur_builder
+
+- name: create config directory
+  ansible.builtin.file:
+    state: directory
+    path: "{{ item }}"
+    owner: root
+    mode: 733
+  become: true
+  loop:
+    - "/etc/rancher/node/"
+    - "/etc/rancher/k3s/"
+
+- name: Check if k3s token file exists on the first node
+  run_once: true
+  ansible.builtin.stat:
+    path: "{{ k3s_token_file }}"
+  register: k3s_token_file_stat
+  become: true
+
+
+- name: Generate k3s token file on the first node if not exist yet
+  run_once: true
+  when: not k3s_token_file_stat.stat.exists
+  ansible.builtin.copy:
+    content: "{{ lookup('community.general.random_string', length=32) }}"
+    dest: "{{ k3s_token_file }}"
+    mode: 0600
+  become: true
+
+- name: Get k3s token from the first node
+  run_once: true
+  ansible.builtin.slurp:
+    src: "{{ k3s_token_file }}"
+  register: k3s_token_base64
+  become: true
+
+- name: Ensure all nodes has the same token
+  ansible.builtin.copy:
+    content: "{{ k3s_token_base64.content | b64decode }}"
+    dest: "{{ k3s_token_file }}"
+    mode: 0600
+  become: true
+
+- name: Copy k3s config files
+  ansible.builtin.template:
+    src: "{{ item.src }}"
+    dest: "{{ item.dest }}"
+    mode: 0644
+  loop:
+    - src: config.yaml.j2
+      dest: "/etc/rancher/k3s/config.yaml"
+    - src: k3s.service.j2
+      dest: "/etc/systemd/system/k3s.service"
+  become: true
+
+
+- name: Template consul service
+  ansible.builtin.template:
+    src: consul.d/k3s.hcl.j2
+    dest: /etc/consul.d/k3s.hcl
+    owner: consul
+    mode: "0644"
+  notify: Reload consul configuration on Linux
+  when: k3s_consul_service
+  become: true
+
+
+- name: Enable k3s service
+  ansible.builtin.systemd:
+    name: k3s
+    enabled: true
+    state: started
+  register: k3s_service
+  until: k3s_service is succeeded
+  retries: 5
+  become: true
diff --git a/templates/config.yaml.j2 b/templates/config.yaml.j2
new file mode 100644
index 0000000..017b26d
--- /dev/null
+++ b/templates/config.yaml.j2
@@ -0,0 +1,10 @@
+{% if inventory_hostname == groups[k3s_cluster_group][0]%}
+cluster-init: true
+{% else %}
+server: https://{{ k3s_control_plane_endpoint }}:6443
+{% endif %}
+token-file: {{ k3s_token_file }}
+{% if  k3s_cluster_group in group_names %}
+{{ k3s_server_config | to_nice_yaml }}
+{% endif %}
+snapshotter: stargz
diff --git a/templates/consul.d/k3s.hcl.j2 b/templates/consul.d/k3s.hcl.j2
new file mode 100644
index 0000000..fe99905
--- /dev/null
+++ b/templates/consul.d/k3s.hcl.j2
@@ -0,0 +1,16 @@
+service {
+  name = "k3s"
+  id   = "k3s"
+  port = 6443
+  tags = []
+  check
+  {
+     id =  "check-k3s",
+     name = "k3s status check",
+     service_id = "k3s",
+     tcp  = "localhost:6443",
+     interval = "5s",
+     timeout = "5s"
+  }
+}
+
diff --git a/templates/k3s.service.j2 b/templates/k3s.service.j2
new file mode 100644
index 0000000..5a2feee
--- /dev/null
+++ b/templates/k3s.service.j2
@@ -0,0 +1,24 @@
+[Unit]
+Description=Lightweight Kubernetes
+Documentation=https://k3s.io
+After=network-online.target
+
+[Service]
+Type=notify
+ExecStartPre=-/sbin/modprobe br_netfilter
+ExecStartPre=-/sbin/modprobe overlay
+ExecStart=/usr/bin/k3s {{ 'server' if  k3s_cluster_group in group_names else 'agent' }}
+KillMode=process
+Delegate=yes
+# Having non-zero Limit*s causes performance problems due to accounting overhead
+# in the kernel. We recommend using cgroups to do container-local accounting.
+LimitNOFILE=1048576
+LimitNPROC=infinity
+LimitCORE=infinity
+TasksMax=infinity
+TimeoutStartSec=0
+Restart=always
+RestartSec=5s
+
+[Install]
+WantedBy=multi-user.target