Merge branch 'TemporaryMergeToMaster' of...

inventory = inventories/dev/hosts.ini

roles_path = roles

host_key_checking = False

stdout_callback = yaml

stdout_callback = default

result_format = yaml

bin_ansible_callbacks = True

interpreter_python = auto

disable_swap: true

# Container runtime

containerd_version: "1.7.27-1"

docker_package_state: present

containerd_config_path: /etc/containerd/config.toml

# Docker

docker_version: "5:20.10.22~3-0~ubuntu-{{ ansible_distribution_release }}"

# Docker (latest from official repo, no version pin)

docker_gpg_key_url: "https://download.docker.com/linux/ubuntu/gpg"

docker_gpg_key_path: "/usr/share/keyrings/docker-archive-keyring.gpg"

docker_repo_list_path: "/etc/apt/sources.list.d/docker.list"

# Kubernetes

kubernetes_version: "v1.33.1"

kubernetes_repo_apt_key_url: "https://pkgs.k8s.io/core:/stable:/v1.33/deb/Release.key"

kubernetes_repo_apt_entry: "deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.33/deb/ /"

kubernetes_version: "v1.35.1"

kubernetes_repo_apt_key_url: "https://pkgs.k8s.io/core:/stable:/v1.35/deb/Release.key"

kubernetes_repo_apt_entry: "deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.35/deb/ /"

kubeadm_cluster_name: "mec-sandbox"

pod_network_cidr: "192.168.0.0/16"

pod_network_cidr: "92.68.0.0/16"

service_cidr: "10.96.0.0/12"

apiserver_advertise_address: "127.0.0.1"

# CNI (Calico)

calico_version: "v3.30.0"

calico_version: "v3.31.4"

calico_operator_crds_manifest: "https://raw.githubusercontent.com/projectcalico/calico/{{ calico_version }}/manifests/operator-crds.yaml"

calico_operator_manifest: "https://raw.githubusercontent.com/projectcalico/calico/{{ calico_version }}/manifests/tigera-operator.yaml"

calico_custom_resources_manifest: "https://raw.githubusercontent.com/projectcalico/calico/{{ calico_version }}/manifests/custom-resources.yaml"

install_dev_env: true

go_version: "1.17"

go_tar: "go{{ go_version }}.linux-amd64.tar.gz"

go_url: "https://dl.google.com/go/go{{ go_version }}.linux-amd64.tar.gz"

go_url: "https://go.dev/dl/go{{ go_version }}.linux-amd64.tar.gz"

node_major: 20

node_version: "12.19.0"

npm_version: "6.14.8"

eslint_version: "5.16.0"

python_packages: [pyyaml]

# MEC Sandbox paths (derived from target_home)

mec_sandbox_dir: "{{ target_home }}/etsi-mec-sandbox"

mec_frontend_dir: "{{ target_home }}/etsi-mec-sandbox-frontend"

# Optional local registry & CA trust

docker_registry_host: "meep-docker-registry"                # e.g., "registry.local:5000"

docker_insecure_registries: []                              # e.g., ["registry.local:5000"]

  failed_when: false

  changed_when: false

- name: Install Calico operator

# Step 1: Install Calico operator CRDs

- name: Install Calico operator CRDs

  when: calico_ns.rc != 0

  command: >

    kubectl apply -f {{ calico_operator_manifest }}

    kubectl create -f {{ calico_operator_crds_manifest }}

    --kubeconfig /etc/kubernetes/admin.conf

  register: calico_crds_result

  changed_when: "'created' in calico_crds_result.stdout"

  failed_when: calico_crds_result.rc != 0 and 'AlreadyExists' not in calico_crds_result.stderr

# Step 2: Install Tigera operator

- name: Install Tigera operator

  when: calico_ns.rc != 0

  command: >

    kubectl create -f {{ calico_operator_manifest }}

    --kubeconfig /etc/kubernetes/admin.conf

  register: calico_operator_result

  changed_when: "'created' in calico_operator_result.stdout"

  failed_when: calico_operator_result.rc != 0 and 'AlreadyExists' not in calico_operator_result.stderr

- name: Wait before applying Calico custom resources (allow operator to initialize)

  pause:

    seconds: 30

  when: calico_ns.rc != 0

# Step 3: Download custom-resources.yaml

- name: Download Calico custom resources manifest

  get_url:

    url: "{{ calico_custom_resources_manifest }}"

    dest: /tmp/calico-custom-resources.yaml

    mode: '0644'

    force: true

- name: Install Calico custom resources

  when: calico_ns.rc != 0

# Step 4: Patch CIDR in custom-resources.yaml to match pod_network_cidr

- name: Patch Calico custom resources CIDR to {{ pod_network_cidr }}

  replace:

    path: /tmp/calico-custom-resources.yaml

    regexp: 'cidr:\s*192\.168\.0\.0/16'

    replace: 'cidr: {{ pod_network_cidr }}'

# Step 5: Wait for operator CRDs to be ready, then apply

- name: Wait for Tigera operator CRDs to be registered

  command: >

    kubectl apply -f {{ calico_custom_resources_manifest }}

    kubectl get crd installations.operator.tigera.io

    --kubeconfig /etc/kubernetes/admin.conf

  register: tigera_crd_check

  until: tigera_crd_check.rc == 0

  retries: 30

  delay: 10

  changed_when: false

- name: Apply Calico custom resources

  command: >

    kubectl apply -f /tmp/calico-custom-resources.yaml

    --kubeconfig /etc/kubernetes/admin.conf

  register: calico_cr_result

  changed_when: "'created' in calico_cr_result.stdout"

  changed_when: "'created' in calico_cr_result.stdout or 'configured' in calico_cr_result.stdout"

  retries: 5

  delay: 15

  until: calico_cr_result.rc == 0

- name: Display CNI installation notice

  debug:

    msg: |

      CNI (Calico) is being installed — this involves downloading container images and may take several minutes.

      You can check the status in another terminal by running:

        kubectl get po -A

      Wait until every pod (especially coredns, calico-node, tigera-operator) shows Running/Ready.

- name: Wait for control-plane node to be Ready

  command: >

    kubectl get nodes -o jsonpath='{.items[0].status.conditions[?(@.type=="Ready")].status}'

    --kubeconfig /etc/kubernetes/admin.conf

  register: node_ready

  until: node_ready.stdout == "True"

  retries: 60

  delay: 30

  changed_when: false

- name: Wait for all kube-system pods to be Ready

  shell: |

    set -o pipefail

    not_ready=$(kubectl get pods -A --kubeconfig /etc/kubernetes/admin.conf --no-headers | grep -v -E 'Running|Completed' | grep -v -c '^$' || true)

    echo "$not_ready"

  args:

    executable: /bin/bash

  register: pods_not_ready

  until: (pods_not_ready.stdout | trim | int) == 0

  retries: 60

  delay: 30

  changed_when: false

- name: Show cluster status

  shell: "kubectl get po -A --kubeconfig /etc/kubernetes/admin.conf"

  register: cluster_status

  changed_when: false

- name: Display cluster pod status

  debug:

    msg: "{{ cluster_status.stdout }}"

- name: Control plane is Ready

  debug:

    msg: "All pods are in Running/Ready state. Control plane is fully operational. Proceeding with MEC Sandbox setup."

# --- Post-CNI setup ---

- name: Add kubectl bash completion to .bashrc

  lineinfile:

    path: "{{ target_home }}/.bashrc"

    line: 'source <(kubectl completion bash)'

    state: present

  become: true

  become_user: "{{ target_user }}"

- name: Add docker registry entry to /etc/hosts

  lineinfile:

    path: /etc/hosts

    line: "{{ mec_host_address }} meep-docker-registry"

    state: present

- name: Copy Kubernetes CA cert to system trust store

  copy:

    src: /etc/kubernetes/pki/ca.crt

    dest: /usr/local/share/ca-certificates/kubernetes-ca.crt

    remote_src: true

    mode: "0644"

- name: Update system CA certificates

  command: update-ca-certificates

  changed_when: true

- name: Restart docker daemon

  systemd:

    name: docker

    state: restarted

- name: Restart containerd daemon

  systemd:

    name: containerd

    state: restarted

---

- name: Restart containerd

  systemd:

    name: containerd

    state: restarted

    enabled: true

  become: true

# Containerd handlers moved to docker role.

# This file is intentionally left empty.

---

- name: Ensure Docker repo exists for containerd

  import_role:

    name: docker

    tasks_from: repo.yml

- name: Ensure containerd is installed

  apt:

    name: "containerd.io={{ containerd_version }}"

    state: present

    update_cache: true

  become: true

  retries: 3        # try up to 3 times

  delay: 10         # wait 10 between retries

- name: Generate default containerd config

  shell: containerd config default > {{ containerd_config_path }}

  args:

    executable: /bin/bash

  become: true

  changed_when: true

- name: Ensure SystemdCgroup is true

  replace:

    path: "{{ containerd_config_path }}"

    regexp: 'SystemdCgroup = false'

    replace: 'SystemdCgroup = true'

  become: true

  notify: Restart containerd

- name: Replace containerd sandbox image

  replace:

    path: "{{ containerd_config_path }}"

    regexp: 'sandbox_image = "registry.k8s.io/pause:3.8'

    replace: 'sandbox_image = "registry.k8s.io/pause:3.10'

  become: true

- name: Trigger containerd restart

# Containerd configuration is now handled by the docker role (roles/docker/tasks/install.yml).

# This role is intentionally left empty.

- name: Containerd - handled by docker role

  debug:

    msg: "Triggering handler restart"

  notify: Restart containerd

  changed_when: true

- name: Debug - Containerd setup completed

  debug:

    msg: |

      ✅ Containerd setup completed successfully:

      - Installed

      - Config generated

      - SystemdCgroup enabled

    msg: "Containerd configuration is managed as part of the Docker role."