tea/browsertrix
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
36cfb2591f
browsertrix/ansible/playbooks/install_microk8s.yml
Francis Kayiwa 3ba77f0ed2
ansible: rocky firewall (#635) 
* modify the template file to highlight optional host that stores WAC
files

* numerically reorder the tcp ports - fix the 404's on the documentation

* add a configuration file - this allows automatic selection of inventory directory

* provide better examples on documentation
2023-02-24 17:28:21 -08:00

430 lines
12 KiB
YAML
Raw Blame History

---
# by default this playbook will add the ip address of your endpoint
# pass '-e host_name="my-domain.example.edu"' for it to work best
#
- name: deploy microk8s
gather_facts: true
hosts: "{{ host_ip | default('inventory_hostname') }}"
remote_user: "{{ your_user }}"
become: true
vars_files:
- ../group_vars/microk8s/main.yml
tasks:
# ===========================================
# Install pre-requisites (RedHat)
#
- name: microk8s | enable epel-release (RedHat)
ansible.builtin.dnf:
name: "{{ item }}"
state: present
loop:
- git
- epel-release
- python3
- python3-pip
- python3-firewall
become: true
when:
- ansible_os_family == "RedHat"
tags:
- microk8s
- microk8s.dependencies
- microk8s.dependencies.apt
- name: microk8s | set permissive selinux (RedHat)
ansible.builtin.command: /usr/sbin/setenforce 0
when:
- ansible_os_family == "RedHat"
become: true
- name: microk8s | allow permissive to persist (RedHat)
ansible.posix.selinux:
policy: targeted
state: permissive
when:
- ansible_os_family == "RedHat"
become: true
- name: microk8s | open microk8s web service
ansible.posix.firewalld:
service: "{{ item }}"
permanent: true
immediate: true
state: enabled
loop:
- https
- http
when:
- ansible_os_family == "RedHat"
- name: microk8s | open microk8s firewall ports
ansible.posix.firewalld:
port: "{{ item }}"
permanent: true
immediate: true
state: enabled
loop:
- 10250/tcp
- 10255/tcp
- 10257/tcp
- 10259/tcp
- 12379/tcp
- 16443/tcp
- 19001/tcp
- 25000/tcp
- 4789/udp
when:
- ansible_os_family == "RedHat"
# ===========================================
# Install microk8s
#
- name: microk8s | ensure dependencies are installed (Debian)
ansible.builtin.apt:
name:
- snapd
- fuse
- udev
state: present
update_cache: true
cache_valid_time: "{{ microk8s_cache_valid_time }}"
when:
- ansible_os_family == "Debian"
tags:
- microk8s
- microk8s.dependencies
- microk8s.dependencies.apt
- name: microk8s | ensure dependencies are installed (RedHat)
ansible.builtin.dnf:
name:
- snapd
- fuse
- udev
state: present
update_cache: true
when:
- ansible_os_family == "RedHat"
tags:
- microk8s
- microk8s.dependencies
- microk8s.dependencies.apt
- name: microk8s | start and enable services
ansible.builtin.service:
name: "{{ microk8s_service }}"
state: started
enabled: true
loop:
- snapd
loop_control:
loop_var: microk8s_service
label: "{{ microk8s_service }}"
tags:
- microk8s
- microk8s.dependencies
- microk8s.dependencies.services
- name: microk8s | start and enable services (Debian)
ansible.builtin.service:
name: "{{ microk8s_service }}"
state: started
enabled: true
loop:
- udev
loop_control:
loop_var: microk8s_service
label: "{{ microk8s_service }}"
when:
- ansible_os_family == "Debian"
tags:
- microk8s
- microk8s.dependencies
- microk8s.dependencies.services
- name: microk8s | create symlinks (RedHat)
ansible.builtin.file:
src: /var/lib/snapd/snap
dest: /snap
state: link
when:
- ansible_os_family == "RedHat"
tags:
- microk8s
- microk8s.dependencies
- microk8s.dependencies.services
- name: microk8s | create new snap file (RedHat)
ansible.builtin.file:
path: /etc/profile.d/snap.sh
state: touch
when:
- ansible_os_family == "RedHat"
- name: microk8s | create new path (RedHat)
ansible.builtin.set_fact:
snap_path: "export PATH=$PATH:/var/lib/snapd/snap/bin"
when:
- ansible_os_family == "RedHat"
- name: microk8s | create config for file (RedHat)
ansible.builtin.copy:
content: "{{ snap_path }}"
dest: /etc/profile.d/snap.sh
when:
- ansible_os_family == "RedHat"
- name: microk8s | source environment (RedHat)
ansible.builtin.shell: source /etc/profile.d/snap.sh
when:
- ansible_os_family == "RedHat"
- name: microk8s | Install microk8s
community.general.snap:
name: microk8s
classic: true
channel: "{{ microk8s_channel }}"
notify: microk8s ready
tags:
- microk8s
- microk8s.install
- name: microk8s | create kubectl alias
ansible.builtin.command:
cmd: snap alias microk8s.kubectl kubectl
changed_when: false
tags:
- microk8s
- microk8s.alias
- microk8s.alias.kubectl
- name: microk8s | create helm3 alias
ansible.builtin.command:
cmd: snap alias microk8s.helm3 helm
changed_when: false
when:
- microk8s_plugins is defined
- microk8s_plugins.helm3 is defined
- microk8s_plugins.helm3
tags:
- microk8s
- microk8s.alias
- microk8s.alias.helm
- name: microk8s | create dir for microk8s certificates
ansible.builtin.file:
path: /usr/share/ca-certificates/extra
state: directory
mode: 0755
tags:
- microk8s
- microk8s.certs
- microk8s.certs.dir
- name: microk8s | Disable snap autoupdate
ansible.builtin.blockinfile:
dest: /etc/hosts
marker: "# {mark} ANSIBLE MANAGED: microk8s Disable snap autoupdate"
content: |
127.0.0.1 api.snapcraft.io
when:
- (microk8s_disable_snap_autoupdate | bool)
tags:
- microk8s
- microk8s.disable_autoupdate
# ===========================================
# Configure microk8s user and group
- name: microk8s user group | create {{ microk8s_user }} group
ansible.builtin.group:
name: "{{ microk8s_user }}"
state: present
- name: microk8s user group | add user to group
ansible.builtin.user:
name: "{{ microk8s_user }}"
group: "{{ microk8s_user }}"
groups: microk8s
append: true
- name: microk8s user group | Create .kube folder for the user
ansible.builtin.file:
path: "{{ microk8s_user_home }}/.kube"
state: directory
owner: '{{ microk8s_user }}'
group: '{{ microk8s_user }}'
mode: 0750
- name: microk8s user group | create kubectl config
ansible.builtin.shell:
cmd: microk8s config > {{ microk8s_user_home }}/.kube/config
args:
executable: /bin/bash
creates: "{{ microk8s_user_home }}/.kube/config"
environment:
PATH: '${PATH}:/snap/bin/'
- name: microk8s user group | check permissions on config directory
ansible.builtin.file:
path: "{{ microk8s_user_home }}/.kube"
state: directory
owner: '{{ microk8s_user }}'
group: '{{ microk8s_user }}'
recurse: true
- name: microk8s user group | check permission on config file
ansible.builtin.file:
path: "{{ microk8s_user_home }}/.kube/config"
state: file
owner: '{{ microk8s_user }}'
group: '{{ microk8s_user }}'
mode: 0600
# ===========================================
# Configure plugins
- name: microk8s plugins | enable plugins
ansible.builtin.command:
cmd: "microk8s.enable {{ microk8s_plugin.key }}"
with_dict: "{{ microk8s_plugins }}"
loop_control:
loop_var: microk8s_plugin
label: "{{ microk8s_plugin.key }}"
when:
- microk8s_plugins is defined
- microk8s_plugin.value
- microk8s_plugin.key != "registry"
- microk8s_plugin.key != "dns"
register: microk8s_cmd_result
changed_when:
- "'Addon {{ microk8s_plugin.key }} is already enabled'
not in microk8s_cmd_result.stdout"
- name: microk8s plugins | disable plugins
ansible.builtin.command:
cmd: "microk8s.disable {{ microk8s_plugin.key }}"
with_dict: "{{ microk8s_plugins | default({}) }}"
loop_control:
loop_var: microk8s_plugin
label: "{{ microk8s_plugin.key }}"
register: microk8s_cmd_result
changed_when:
- "'Addon {{ microk8s_plugin.key }} is already disabled'
not in microk8s_cmd_result.stdout"
when:
- microk8s_plugins is defined
- not (microk8s_plugin.value | bool)
- microk8s_plugin.key != "registry"
- name: microk8s plugins | Enable registry
ansible.builtin.command:
cmd: "microk8s.enable registry:size={{ microk8s_registry_size }}"
register: microk8s_cmd_result
changed_when:
- "'Addon registry is already enabled' not in microk8s_cmd_result.stdout"
when:
- microk8s_plugins is defined
- microk8s_plugins.registry is defined
- (microk8s_plugins.registry | bool)
- name: microk8s plugins | Disable registry
ansible.builtin.command:
cmd: "microk8s.disable registry:size={{ microk8s_registry_size }}"
register: microk8s_cmd_result
changed_when:
- "'Addon registry is already disabled' not in microk8s_cmd_result.stdout"
when:
- microk8s_plugins is defined
- microk8s_plugins.registry is defined
- not (microk8s_plugins.registry | bool)
- name: microk8s plugins | Enable DNS
ansible.builtin.command:
cmd: 'microk8s.enable dns:{{ microk8s_dns_servers | join(",") }}'
register: microk8s_cmd_result
changed_when:
- "'Addon dns is already enabled' not in microk8s_cmd_result.stdout"
when:
- microk8s_plugins is defined
- microk8s_plugins.dns is defined
- (microk8s_plugins.dns | bool)
# ===========================================
# deploy browsertrix
- name: microk8s deploy | create browsertrix repo
ansible.builtin.git:
repo: "https://github.com/webrecorder/browsertrix-cloud"
dest: "{{ browsertrix_cloud_home }}"
clone: true
update: true
force: true
version: main
tags:
- helm_upgrade
- name: microk8s deploy | Make repos git safe
ansible.builtin.command: git config --global --add safe.directory "{{ browsertrix_cloud_home }}"
become: true
changed_when: false
tags:
- helm_upgrade
- name: microk8s deploy | grant permissions on deploy user
ansible.builtin.file:
path: "{{ browsertrix_cloud_home }}"
state: directory
owner: '{{ microk8s_user }}'
group: '{{ microk8s_user }}'
follow: false
recurse: true
mode: 0775
tags:
- helm_upgrade
- name: micork8s deploy | helm | output values yaml
ansible.builtin.template:
src: ../group_vars/microk8s/btrix_values.j2
dest: "{{ microk8s_user_home }}/values.yaml"
mode: u+rw
tags:
- helm_upgrade
- name: microk8s deploy | helm | deploy btrix (Debian)
ansible.builtin.command: helm upgrade --install -f ./chart/values.yaml -f {{ microk8s_user_home }}/values.yaml btrix ./chart/
args:
chdir: "{{ browsertrix_cloud_home }}"
register: helm_result
become: true
become_user: "{{ microk8s_user }}"
changed_when: helm_result.rc == 0
when:
- ansible_os_family == "Debian"
tags:
- helm_upgrade
- name: microk8s deploy | helm | deploy btrix (RedHat)
ansible.builtin.command: /var/lib/snapd/snap/bin/helm upgrade --install -f ./chart/values.yaml -f {{ microk8s_user_home }}/values.yaml btrix ./chart/
args:
chdir: "{{ browsertrix_cloud_home }}"
register: helm_result
become: true
become_user: "{{ microk8s_user }}"
changed_when: helm_result.rc == 0
when:
- ansible_os_family == "RedHat"
tags:
- helm_upgrade
handlers:
- name: Reboot System
ansible.builtin.reboot:
when:
- skip_handlers | default("false") == "false"
- name: microk8s ready
ansible.builtin.command:
cmd: microk8s.status --wait-ready
changed_when: false
when:
- skip_handlers | default("false") == "false"
Reference in New Issue View Git Blame Copy Permalink