Initial commit

ansible/playbooks/k3s-server-join.yml

@@ -0,0 +1,170 @@
+---
+- name: Join a server node to an existing k3s HA cluster
+  hosts: k3s
+  become: true
+  serial: 1
+  vars:
+    k3s_server_url: "https://{{ k3s_first_server_ip }}:6443"
+
+  pre_tasks:
+    - name: Detect network interface for ansible_host
+      ansible.builtin.shell: |
+        set -o pipefail
+        ip route get {{ ansible_host }} | grep -oP 'dev \K\w+' | head -1
+      register: detected_iface
+      changed_when: false
+      failed_when: false
+
+    - name: Set fact for node interface
+      ansible.builtin.set_fact:
+        k3s_node_iface: "{{ detected_iface.stdout | default('') }}"
+      when: detected_iface.rc == 0 and detected_iface.stdout | length > 0
+
+    - name: Warn if mac-shim interface detected
+      ansible.builtin.debug:
+        msg: "WARNING: mac-shim-like interface detected on {{ inventory_hostname }} (iface: {{ k3s_node_iface }}). This can cause k3s cluster join issues."
+      when:
+        - k3s_node_iface is defined
+        - "'mac' in k3s_node_iface or 'shim' in k3s_node_iface"
+
+    - name: Check if k3s is installed
+      ansible.builtin.command: k3s --version
+      register: k3s_installed
+      changed_when: false
+      failed_when: false
+
+    - name: Check if k3s service is active
+      ansible.builtin.systemd:
+        name: k3s
+      register: k3s_service_active
+      changed_when: false
+      failed_when: false
+
+    - name: Check if node is already in the cluster
+      ansible.builtin.shell: |
+        set -o pipefail
+        k3s kubectl get nodes --no-headers | grep -w "{{ ansible_hostname }}" || true
+      register: node_in_cluster
+      changed_when: false
+      failed_when: false
+      when: k3s_service_active.status.ActiveState | default('') == 'active'
+
+    - name: Set fact if already installed and joined
+      ansible.builtin.set_fact:
+        k3s_already_joined: true
+      when:
+        - k3s_installed.rc == 0
+        - k3s_service_active.status.ActiveState | default('') == 'active'
+        - node_in_cluster.stdout | default('') | length > 0
+
+    - name: Display status if already joined
+      ansible.builtin.debug:
+        msg: "k3s is already installed and joined to the cluster on {{ inventory_hostname }}"
+      when: k3s_already_joined | default(false) | bool
+
+    - name: Validate required vault variables
+      ansible.builtin.assert:
+        that:
+          - k3s_token is defined
+          - k3s_token | length > 0
+        fail_msg: "k3s_token is not defined. Create vault/k3s-cluster.yml with 'ansible-vault create vault/k3s-cluster.yml' and set k3s_token."
+        success_msg: "k3s_token is defined and accessible"
+      when: not (k3s_already_joined | default(false) | bool)
+
+  tasks:
+    - name: Create k3s config directory
+      ansible.builtin.file:
+        path: /etc/rancher/k3s
+        state: directory
+        mode: '0755'
+      when: not (k3s_already_joined | default(false) | bool)
+
+    - name: Deploy k3s server configuration
+      ansible.builtin.template:
+        src: config.yaml
+        dest: /etc/rancher/k3s/config.yaml
+        mode: '0644'
+      when: not (k3s_already_joined | default(false) | bool)
+
+    - name: Download k3s install script
+      ansible.builtin.get_url:
+        url: https://get.k3s.io
+        dest: /tmp/k3s-install.sh
+        mode: '0755'
+        force: true
+      when: not (k3s_already_joined | default(false) | bool)
+
+    - name: Install and join server to the k3s cluster
+      ansible.builtin.command:
+        cmd: /tmp/k3s-install.sh server --server {{ k3s_server_url }}
+      environment:
+        K3S_TOKEN: "{{ k3s_token }}"
+      register: k3s_join_result
+      changed_when: "'already installed' not in k3s_join_result.stdout"
+      when: not (k3s_already_joined | default(false) | bool)
+
+    - name: Wait for k3s service to become active
+      ansible.builtin.systemd:
+        name: k3s
+        state: started
+        enabled: true
+      register: k3s_service
+      when: not (k3s_already_joined | default(false) | bool)
+
+    - name: Verify node has joined the cluster
+      ansible.builtin.command: k3s kubectl get nodes
+      register: nodes_result
+      changed_when: false
+      retries: 10
+      delay: 10
+      until: nodes_result.rc == 0 and ansible_hostname in nodes_result.stdout
+      when: not (k3s_already_joined | default(false) | bool)
+
+    - name: Display cluster nodes
+      ansible.builtin.debug:
+        msg: "{{ nodes_result.stdout_lines }}"
+      when: not (k3s_already_joined | default(false) | bool)
+
+  post_tasks:
+    - name: Create .kube directory in ansible_user home
+      ansible.builtin.file:
+        path: "~{{ ansible_user }}/.kube"
+        state: directory
+        mode: '0755'
+        owner: "{{ ansible_user }}"
+        group: "{{ ansible_user }}"
+
+    - name: Copy kubeconfig to ansible_user home
+      ansible.builtin.copy:
+        src: /etc/rancher/k3s/k3s.yaml
+        dest: "~{{ ansible_user }}/.kube/config"
+        mode: '0644'
+        owner: "{{ ansible_user }}"
+        group: "{{ ansible_user }}"
+        remote_src: true
+      when: not (k3s_already_joined | default(false) | bool)
+
+    - name: Set KUBECONFIG in ansible_user profile
+      ansible.builtin.lineinfile:
+        path: "~{{ ansible_user }}/.profile"
+        line: "export KUBECONFIG=~{{ ansible_user }}/.kube/config"
+        regexp: "^export KUBECONFIG=.*"
+        create: true
+        mode: '0644'
+        owner: "{{ ansible_user }}"
+        group: "{{ ansible_user }}"
+
+    - name: Verify secrets encryption is enabled
+      ansible.builtin.command: k3s secrets-encrypt status
+      register: encryption_status
+      changed_when: false
+      failed_when: false
+      when: not (k3s_already_joined | default(false) | bool)
+
+    - name: Display encryption status
+      ansible.builtin.debug:
+        msg: "{{ encryption_status.stdout_lines }}"
+      when:
+        - not (k3s_already_joined | default(false) | bool)
+        - encryption_status is defined
+        - encryption_status.stdout_lines is defined