add Ansible playbooks for ETSI MEC Sandbox multi-node Kubernetes setup

skip_list:  # rules to skip

  - fqcn

  - name

  - risky-shell-pipe

  - role-name[path]

 No newline at end of file

# AdvantEDGE Playbooks

# ETSI MEC Sandbox Ansible Setup

This folder contains AdvantEDGE ansible playbooks.

 No newline at end of file

This folder provides an **Ansible-based automation framework** to set up a multi-node Kubernetes cluster for ETSI MEC Sandbox.

---

## Pre-requisites

Before running the playbooks, ensure:

1. You have **Ansible** installed on your control machine.

2. You have **SSH access** to all remote nodes (master & workers, if applicable).  

   > **Note:** If your playbooks are running on `localhost` (control machine itself), **SSH is not required**. SSH setup is only necessary for remote worker or master nodes.  

   For remote worker nodes, follow these steps:

```bash

# Generate a new SSH key (ED25519)

ssh-keygen -t ed25519 -C "<your-username>@<your-local-host>"

# Copy the public key to the remote host

ssh-copy-id -i ~/.ssh/id_ed25519.pub <your-username>@<remote-host-ip>

```

> Replace `<remote-host-ip>` with the IP of your worker node.

---

## Folder Structure

```

mec-sandbox-ansible-best-practices-multinode/

├── ansible.cfg                # Ansible configuration

├── requirements.yml           # External role/collection dependencies

├── site.yml                   # Main playbook entrypoint

├── inventories/

│   └── dev/

│       ├── hosts.ini          # Inventory file (IP addresses & groups)

│       └── group_vars/

│           └── all.yml        # Global variables

└── roles/

    ├── common/                # Base setup (packages, users, system prep)

    ├── kernel/                # Kernel tuning & modules for Kubernetes

    ├── containerd/            # Install & configure containerd runtime

    ├── docker/                # Install Docker runtime & daemon configs

    ├── cni_calico/            # Deploy Calico CNI plugin

    ├── kubernetes/

    │   ├── common/            # Common Kubernetes configs

    │   ├── master/            # Master node setup (API server, etcd, controller)

    │   └── worker/            # Worker node join configuration

    ├── helm/                  # Install Helm package manager

    └── dev_env/

        ├── golang/            # Install Go environment

        └── node/              # Install Node.js environment (via NVM)

```

---

##  Roles & Tasks Overview

| Role                  | Purpose                                 |

| --------------------- | --------------------------------------- |

| **common**            | Base system setup and dependencies      |

| **kernel**            | Kernel modules, sysctl, network tuning  |

| **containerd**        | Install & configure containerd runtime  |

| **docker**            | Optional Docker setup & configuration   |

| **cni\_calico**       | Deploy Calico networking                |

| **kubernetes/common** | Install kubeadm, kubelet, kubectl       |

| **kubernetes/master** | Initialize master & control-plane setup |

| **kubernetes/worker** | Join worker nodes (requires SSH)        |

| **helm**              | Install Helm for package management     |

| **dev\_env/golang**   | Setup Go development environment        |

| **dev\_env/node**     | Setup Node.js/NVM environment           |

---

## Running the Playbooks

### Worker Nodes (Optional)

If you want to add worker nodes to your cluster, you need to **uncomment both the inventory entries and the worker play in `site.yml`**.

1. Update the **inventory file** with your node IPs:

`inventories/dev/hosts.ini`

```ini

[k8s_masters]

#localhost ansible_connection=local ansible_python_interpreter=auto_silent ansible_user=xflow

<control-node> ansible_connection=local ansible_python_interpreter=auto_silent ansible_user=<username>

# Optional: define worker nodes here. Uncomment to enable workers

#[k8s_workers]

#worker1 ansible_host=192.168.40.59 ansible_user=ubuntu # change ansible_user if needed

#worker2 ansible_host=192.168.56.12 ansible_user=ubuntu

```

2. Uncomment the worker play in `site.yml`:

```yaml

# Uncomment to run worker setup

#- hosts: k8s_workers

#  become: true

#  vars_prompt:

#    - name: ansible_become_pass

#      prompt: "Enter sudo password for workers"

#      private: true

#  roles:

#    - common

#    - kernel

#    - containerd

#    - kubernetes/common

#    - kubernetes/worker

```

3. Run the main playbook:

```bash

ansible-playbook -i inventories/dev/hosts.ini site.yml -K

```

> `-K` prompts for sudo password if required. You can also export `ANSIBLE_BECOME_PASSWORD` or configure passwordless sudo.

## Variables

* `container_runtime`: `"containerd"` (default) or `"docker"`

* `kube_version`: `"1.29.*"`

* `pod_network_cidr`: `"192.168.0.0/16"`

* `calico_version`: `"v3.30.0"`

* `install_dev_env`: `true` → set to `false` to disable Node/Go tooling

## Tags

You can run just parts of the setup with `--tags` or skip parts with `--skip-tags`. (The roles here are intentionally simple and do not define custom tags; feel free to add them if you want finer control.)

## 📖 Notes

* Ensure worker nodes have SSH access configured before running.

* Use `--tags` if you want to run specific roles (e.g. `--tags kubernetes,helm`).

---

# MEC Sandbox Ansible Deployment Guide

## Inventory Layout

- **k8s_masters** → Control plane (API server, etcd, scheduler, controller-manager)

- **k8s_workers** → Optional worker nodes (run pods, kubelet, container runtime)

Example `inventories/dev/hosts.ini`:

```ini

[k8s_masters]

localhost ansible_connection=local ansible_python_interpreter=auto_silent

[k8s_workers]

# worker1 ansible_host=192.168.1.11 ansible_user=ubuntu

# worker2 ansible_host=192.168.1.12 ansible_user=ubuntu

[all:vars]

ansible_become=true

ansible_become_method=sudo

```

## Running Playbooks

1. Install required collections:

   ```bash

   ansible-galaxy collection install -r requirements.yml

   ```

2. Run site.yml (masters + optional workers):

   ```bash

   ansible-playbook -i inventories/dev/hosts.ini site.yml

   ```

3. Single-node cluster: keep `k8s_workers` empty → only master node runs.

4. Multi-node cluster: add worker nodes under `[k8s_workers]` in inventory.

## Multi-node (Masters + Optional Workers)

If you want to add worker nodes (separate machines), follow these steps:

1. On each worker node prepare SSH access and ensure Ansible can reach them (or run the play locally on that host).

2. Edit `inventories/dev/hosts.ini` and add entries under `[k8s_workers]` like:

   ```ini

   [k8s_workers]

   worker1 ansible_host=192.168.56.11 ansible_user=ubuntu

   worker2 ansible_host=192.168.56.12 ansible_user=ubuntu

   ```

3. Run the playbook for master first (to initialize control plane and produce join script):

   ```bash

   ansible-playbook -K -l k8s_masters site.yml

   ```

   After successful run, a join command will be generated on the master at `/tmp/kube_join_cmd.sh`. You can retrieve it with `scp` or `ansible.builtin.fetch`.

4. Copy the `/tmp/kube_join_cmd.sh` to each worker node (e.g., `/tmp/kube_join_cmd.sh`) so that the worker play can use it. Example using scp:

   ```bash

   scp /tmp/kube_join_cmd.sh user@worker1:/tmp/kube_join_cmd.sh

   ```

   Alternatively, you can fetch it programmatically in Ansible from master and distribute to workers via a small play/role.

5. Run the worker play:

   ```bash

   ansible-playbook -K -l k8s_workers site.yml

   ```

Notes:

- Worker nodes will only run `common`, `kernel`, `container_runtime`, and `kubernetes/worker` roles as requested.

- The `kubernetes/worker` role expects a join script (created on master) at `/tmp/kube_join_cmd.sh`. If you prefer, you can expose the master token & CA hash via a secure variable and run `kubeadm join` directly in the role.

 No newline at end of file

[defaults]

roles_path = ./roles

inventory  = ./hosts.ini

remote_tmp = $HOME/.ansible/tmp

local_tmp  = $HOME/.ansible/tmp

pipelining = True

inventory = inventories/dev/hosts.ini

roles_path = roles

host_key_checking = False

deprecation_warnings = False

callback_whitelist = profile_tasks

ask_pass = True

stdout_callback = yaml

bin_ansible_callbacks = True

interpreter_python = auto

[privilege_escalation]

become = True

become_ask_pass = True

[ssh_connection]

pipelining = True

 No newline at end of file

---

# Ansible

# ansible_user: root

ansible_python_interpreter: /usr/bin/python3

# Ubuntu

ubuntu_dist: "Ubuntu"

ubuntu_release: "bionic"

ubuntu_dist_major: "18"

ubuntu_dist_version: "18.04"

# Docker

docker_version: "5:20.10"

# Containerd

containerd_version: "1.5.11-1"

# Kubernetes

kube_version: "1.24"

cni_version: "0.8.7"

master_ip: "{{ hostvars[groups['master'][0]]['ansible_default_ipv4'].address | default(groups['master'][0]) }}"

network_dir: /etc/kubernetes/network

kubeadmin_config: /etc/kubernetes/admin.conf

# Helm

helm_version: "3.7/stable"

# Go

go_version: "1.18.1"

golangci_lint_version: "v1.46.0"

# Node and NPM

node_version: "12.19.0"

npm_version: "6.14.8"

eslint_version: "5.16.0"

 No newline at end of file