Loading ansible/inventory.yml 0 → 100644 +31 −0 Original line number Diff line number Diff line --- # Copyright 2024 David Araújo # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # https://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. nodes: hosts: hub: ansible_host: 192.168.56.10 containerlab_host: true # Mandatory microk8s_master: true # Mandatory tfs_branch: develop # Optional spoke1: ansible_host: 192.168.56.11 spoke2: ansible_host: 192.168.56.12 vars: ansible_user: vagrant ansible_ssh_private_key_file: ~/.ssh/id_rsa # Prevents from having to interact to approve a new remote host fingerprint ansible_ssh_common_args: -o StrictHostKeyChecking=accept-new ansible/playbook.yml 0 → 100644 +279 −0 Original line number Diff line number Diff line --- # Copyright 2024 David Araújo # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # https://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - name: TFS Cluster platform hosts: nodes become: true remote_user: "{{ ansible_user }}" tasks: - name: Wait for /var/lib/dpkg/lock-frontend to be released ansible.builtin.shell: while lsof /var/lib/dpkg/lock-frontend; do sleep 10; done register: out changed_when: out.rc != 0 - name: Configure all packages ansible.builtin.command: dpkg --configure -a register: out changed_when: out.rc != 0 - name: Update repositories ansible.builtin.apt: update_cache: true - name: Fix any broken packages ansible.builtin.apt: name: "*" state: fixed - name: Upgrade the OS (apt-get dist-upgrade) ansible.builtin.apt: upgrade: dist - name: Install dependencies ansible.builtin.apt: pkg: - ca-certificates - curl - gnupg - lsb-release - snapd - jq - docker.io - docker-buildx state: fixed update_cache: true - name: Update Docker daemon.json with insecure-registries ansible.builtin.shell: | if [ -s /etc/docker/daemon.json ]; then sudo cat /etc/docker/daemon.json; else echo '{}'; fi \ | jq 'if has("insecure-registries") then . else .+ {"insecure-registries": []} end' -- \ | jq '."insecure-registries" |= (.+ ["localhost:32000"] | unique)' -- \ | tee tmp.daemon.json register: out changed_when: out.rc != 0 - name: Copy tmp.daemon.json ansible.builtin.copy: remote_src: true src: tmp.daemon.json dest: /etc/docker/daemon.json owner: root group: root mode: "600" - name: Remove workdir tmp.daemon.json file ansible.builtin.file: path: tmp.daemon.json state: absent - name: Restart docker service ansible.builtin.service: name: docker state: restarted - name: Add address of all hosts to all hosts ansible.builtin.lineinfile: dest: /etc/hosts regexp: .*{{ item }}$ line: "{{ hostvars[item].ansible_host }} {{ item }}" state: present when: hostvars[item].ansible_host is defined with_items: "{{ groups.all }}" - name: Find the Containerlab host IP ansible.builtin.set_fact: containerlab_host_address: "{{ hostvars[item].ansible_host }}" when: hostvars[item].containerlab_host is defined with_items: "{{ groups['all'] }}" run_once: true - name: Specify ip route to Containerlab network ansible.builtin.shell: sudo ip route add 172.100.100.0/24 via {{ containerlab_host_address }} when: hostvars[inventory_hostname].containerlab_host is not defined register: out changed_when: out.rc != 0 - name: Install Containerlab ansible.builtin.shell: | curl -sL https://containerlab.dev/setup \ | sudo bash -s "all" register: out changed_when: out.rc != 0 when: containerlab_host is defined - name: Install gnmic ansible.builtin.shell: | curl -sL https://get-gnmic.kmrd.dev \ | sudo bash register: out changed_when: out.rc != 0 - name: Install MicroK8s community.general.snap: name: microk8s classic: true channel: 1.24/stable - name: Create kubectl alias community.general.snap_alias: name: microk8s.kubectl alias: kubectl - name: Ensure group "microk8s" exists ansible.builtin.group: name: microk8s state: present - name: Ensure group "docker" exists ansible.builtin.group: name: docker state: present - name: Add user to docker and microk8s groups ansible.builtin.user: name: "{{ ansible_user }}" groups: docker, microk8s - name: Create .kube directory ansible.builtin.file: path: /home/{{ ansible_user }}/.kube state: directory owner: "{{ ansible_user }}" group: "{{ ansible_user }}" mode: "0644" - name: Create .kube/config file ansible.builtin.file: path: /home/{{ ansible_user }}/.kube/config state: touch owner: "{{ ansible_user }}" group: "{{ ansible_user }}" mode: "0644" - name: Get microk8s config ansible.builtin.command: sudo microk8s config register: microk8s_config changed_when: microk8s_config.rc != 0 - name: Keep microk8s config ansible.builtin.copy: remote_src: true content: "{{ microk8s_config.stdout }}" dest: /home/{{ ansible_user }}/.kube/config mode: "0644" register: out - name: Add IP address to microk8s certificate template ansible.builtin.lineinfile: dest: /var/snap/microk8s/current/certs/csr.conf.template search_string: "#MOREIPS" line: IP.3 = {{ ansible_host }} state: present - name: Start MicroK8s ansible.builtin.command: microk8s start register: out changed_when: out.rc != 0 - name: Forming MicroK8s cluster hosts: all become: true remote_user: "{{ ansible_user }}" serial: 1 tasks: - name: MicroK8s add-node ansible.builtin.shell: | microk8s add-node \ | grep -m 1 "{{ hostvars[item].ansible_host }}" register: master_output delegate_to: "{{ item }}" with_items: "{{ groups.all }}" when: (microk8s_master is not defined) and (hostvars[item].microk8s_master is defined) - name: Join command ansible.builtin.set_fact: join_command: "{{ (dict(master_output).results | selectattr('changed', 'true') | first).stdout }} --skip-verify" when: microk8s_master is not defined - name: MicroK8s join-node ansible.builtin.command: "{{ join_command }}" register: out changed_when: out.rc != 0 when: microk8s_master is not defined - name: Enabling MicroK8s hosts: all become: true remote_user: "{{ ansible_user }}" tasks: - name: MicroK8s refresh certificate ansible.builtin.command: microk8s refresh-certs -e ca.crt register: out changed_when: out.rc != 0 when: microk8s_master is not defined - name: MicroK8s refresh config file ansible.builtin.command: microk8s config > /home/$USER/.kube/config register: out changed_when: out.rc != 0 when: microk8s_master is not defined - name: Enable add-ons ansible.builtin.command: microk8s.enable {{ item }} loop: - community - dns - helm3 - hostpath-storage - ingress - registry - prometheus - metrics-server - linkerd register: out changed_when: out.rc != 0 when: microk8s_master is defined - name: Create kubectl helm3 alias community.general.snap_alias: name: microk8s.helm3 alias: helm3 when: microk8s_master is defined - name: Create kubectl linkerd alias community.general.snap_alias: name: microk8s.linkerd alias: linkerd when: microk8s_master is defined - name: Ensure MicroK8s started ansible.builtin.command: microk8s start register: out changed_when: out.rc != 0 - name: Cloning TFS hosts: all remote_user: "{{ ansible_user }}" tasks: - name: Clone repository and switch to desired branch ansible.builtin.git: repo: 'https://labs.etsi.org/rep/tfs/controller.git' dest: ./tfs-ctrl version: "{{ tfs_branch | default('master') }}" when: microk8s_master is defined Loading
ansible/inventory.yml 0 → 100644 +31 −0 Original line number Diff line number Diff line --- # Copyright 2024 David Araújo # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # https://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. nodes: hosts: hub: ansible_host: 192.168.56.10 containerlab_host: true # Mandatory microk8s_master: true # Mandatory tfs_branch: develop # Optional spoke1: ansible_host: 192.168.56.11 spoke2: ansible_host: 192.168.56.12 vars: ansible_user: vagrant ansible_ssh_private_key_file: ~/.ssh/id_rsa # Prevents from having to interact to approve a new remote host fingerprint ansible_ssh_common_args: -o StrictHostKeyChecking=accept-new
ansible/playbook.yml 0 → 100644 +279 −0 Original line number Diff line number Diff line --- # Copyright 2024 David Araújo # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # https://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - name: TFS Cluster platform hosts: nodes become: true remote_user: "{{ ansible_user }}" tasks: - name: Wait for /var/lib/dpkg/lock-frontend to be released ansible.builtin.shell: while lsof /var/lib/dpkg/lock-frontend; do sleep 10; done register: out changed_when: out.rc != 0 - name: Configure all packages ansible.builtin.command: dpkg --configure -a register: out changed_when: out.rc != 0 - name: Update repositories ansible.builtin.apt: update_cache: true - name: Fix any broken packages ansible.builtin.apt: name: "*" state: fixed - name: Upgrade the OS (apt-get dist-upgrade) ansible.builtin.apt: upgrade: dist - name: Install dependencies ansible.builtin.apt: pkg: - ca-certificates - curl - gnupg - lsb-release - snapd - jq - docker.io - docker-buildx state: fixed update_cache: true - name: Update Docker daemon.json with insecure-registries ansible.builtin.shell: | if [ -s /etc/docker/daemon.json ]; then sudo cat /etc/docker/daemon.json; else echo '{}'; fi \ | jq 'if has("insecure-registries") then . else .+ {"insecure-registries": []} end' -- \ | jq '."insecure-registries" |= (.+ ["localhost:32000"] | unique)' -- \ | tee tmp.daemon.json register: out changed_when: out.rc != 0 - name: Copy tmp.daemon.json ansible.builtin.copy: remote_src: true src: tmp.daemon.json dest: /etc/docker/daemon.json owner: root group: root mode: "600" - name: Remove workdir tmp.daemon.json file ansible.builtin.file: path: tmp.daemon.json state: absent - name: Restart docker service ansible.builtin.service: name: docker state: restarted - name: Add address of all hosts to all hosts ansible.builtin.lineinfile: dest: /etc/hosts regexp: .*{{ item }}$ line: "{{ hostvars[item].ansible_host }} {{ item }}" state: present when: hostvars[item].ansible_host is defined with_items: "{{ groups.all }}" - name: Find the Containerlab host IP ansible.builtin.set_fact: containerlab_host_address: "{{ hostvars[item].ansible_host }}" when: hostvars[item].containerlab_host is defined with_items: "{{ groups['all'] }}" run_once: true - name: Specify ip route to Containerlab network ansible.builtin.shell: sudo ip route add 172.100.100.0/24 via {{ containerlab_host_address }} when: hostvars[inventory_hostname].containerlab_host is not defined register: out changed_when: out.rc != 0 - name: Install Containerlab ansible.builtin.shell: | curl -sL https://containerlab.dev/setup \ | sudo bash -s "all" register: out changed_when: out.rc != 0 when: containerlab_host is defined - name: Install gnmic ansible.builtin.shell: | curl -sL https://get-gnmic.kmrd.dev \ | sudo bash register: out changed_when: out.rc != 0 - name: Install MicroK8s community.general.snap: name: microk8s classic: true channel: 1.24/stable - name: Create kubectl alias community.general.snap_alias: name: microk8s.kubectl alias: kubectl - name: Ensure group "microk8s" exists ansible.builtin.group: name: microk8s state: present - name: Ensure group "docker" exists ansible.builtin.group: name: docker state: present - name: Add user to docker and microk8s groups ansible.builtin.user: name: "{{ ansible_user }}" groups: docker, microk8s - name: Create .kube directory ansible.builtin.file: path: /home/{{ ansible_user }}/.kube state: directory owner: "{{ ansible_user }}" group: "{{ ansible_user }}" mode: "0644" - name: Create .kube/config file ansible.builtin.file: path: /home/{{ ansible_user }}/.kube/config state: touch owner: "{{ ansible_user }}" group: "{{ ansible_user }}" mode: "0644" - name: Get microk8s config ansible.builtin.command: sudo microk8s config register: microk8s_config changed_when: microk8s_config.rc != 0 - name: Keep microk8s config ansible.builtin.copy: remote_src: true content: "{{ microk8s_config.stdout }}" dest: /home/{{ ansible_user }}/.kube/config mode: "0644" register: out - name: Add IP address to microk8s certificate template ansible.builtin.lineinfile: dest: /var/snap/microk8s/current/certs/csr.conf.template search_string: "#MOREIPS" line: IP.3 = {{ ansible_host }} state: present - name: Start MicroK8s ansible.builtin.command: microk8s start register: out changed_when: out.rc != 0 - name: Forming MicroK8s cluster hosts: all become: true remote_user: "{{ ansible_user }}" serial: 1 tasks: - name: MicroK8s add-node ansible.builtin.shell: | microk8s add-node \ | grep -m 1 "{{ hostvars[item].ansible_host }}" register: master_output delegate_to: "{{ item }}" with_items: "{{ groups.all }}" when: (microk8s_master is not defined) and (hostvars[item].microk8s_master is defined) - name: Join command ansible.builtin.set_fact: join_command: "{{ (dict(master_output).results | selectattr('changed', 'true') | first).stdout }} --skip-verify" when: microk8s_master is not defined - name: MicroK8s join-node ansible.builtin.command: "{{ join_command }}" register: out changed_when: out.rc != 0 when: microk8s_master is not defined - name: Enabling MicroK8s hosts: all become: true remote_user: "{{ ansible_user }}" tasks: - name: MicroK8s refresh certificate ansible.builtin.command: microk8s refresh-certs -e ca.crt register: out changed_when: out.rc != 0 when: microk8s_master is not defined - name: MicroK8s refresh config file ansible.builtin.command: microk8s config > /home/$USER/.kube/config register: out changed_when: out.rc != 0 when: microk8s_master is not defined - name: Enable add-ons ansible.builtin.command: microk8s.enable {{ item }} loop: - community - dns - helm3 - hostpath-storage - ingress - registry - prometheus - metrics-server - linkerd register: out changed_when: out.rc != 0 when: microk8s_master is defined - name: Create kubectl helm3 alias community.general.snap_alias: name: microk8s.helm3 alias: helm3 when: microk8s_master is defined - name: Create kubectl linkerd alias community.general.snap_alias: name: microk8s.linkerd alias: linkerd when: microk8s_master is defined - name: Ensure MicroK8s started ansible.builtin.command: microk8s start register: out changed_when: out.rc != 0 - name: Cloning TFS hosts: all remote_user: "{{ ansible_user }}" tasks: - name: Clone repository and switch to desired branch ansible.builtin.git: repo: 'https://labs.etsi.org/rep/tfs/controller.git' dest: ./tfs-ctrl version: "{{ tfs_branch | default('master') }}" when: microk8s_master is defined
