--- # 单文件化说明: # - 01-05.yml 默认仍做“最小 verify”(kube-system pods) # - 如需“准备数据盘/安装 K3s”,必须显式开启开关: # -e k3s_do_prepare_storage=true # 内联原 01-05-prepare-storage.yml # -e k3s_do_install=true # 内联原 01-05-install.yml # 或 source ansible/env/.env.verify 后由环境变量 K3S_DO_PREPARE_STORAGE / K3S_DO_INSTALL(true/false)开启 - name: Prepare data disk and mount to k3s_data_dir (opt-in) hosts: k3s_nodes become: true vars: _k3s_do_prepare_storage: "{{ k3s_do_prepare_storage | default((lookup('env', 'K3S_DO_PREPARE_STORAGE') | default('', true) | trim | lower in ['true', '1', 'yes']) | bool) }}" k3s_do_prepare_storage_enabled: "{{ _k3s_do_prepare_storage | bool }}" pre_tasks: - name: Gate - skip prepare storage when k3s_do_prepare_storage=false when: not k3s_do_prepare_storage_enabled block: - ansible.builtin.debug: msg: "[SKIP] optional doc_id=01-05 action=prepare-storage var=k3s_do_prepare_storage" - meta: end_play tasks: - name: Skip notice when storage prep disabled ansible.builtin.debug: msg: "k3s_prepare_storage is false — skipping (see group_vars/all.yml)" when: not (k3s_prepare_storage | default(false) | bool) - name: Prepare block storage for k3s_data_dir when: k3s_prepare_storage | default(false) | bool block: # 先判挂载:已挂载则不再要求 k3s_data_disk_device(避免「目录已就绪仍 assert 磁盘」) - name: Check whether k3s_data_dir is already a mountpoint ansible.builtin.command: mountpoint -q {{ k3s_data_dir }} register: mp_k3s changed_when: false failed_when: false - name: Skip when k3s_data_dir already mounted ansible.builtin.debug: msg: "{{ k3s_data_dir }} already mounted — skipping partitioning on {{ inventory_hostname }}" when: mp_k3s.rc == 0 - name: Require k3s_data_disk_device only when partition work is needed ansible.builtin.assert: that: - k3s_data_disk_device is defined - (k3s_data_disk_device | string | length) > 0 fail_msg: "Set k3s_data_disk_device (e.g. /dev/vdb) in group_vars or host_vars" when: mp_k3s.rc != 0 - name: Verify k3s_data_disk_device is a block device ansible.builtin.command: test -b {{ k3s_data_disk_device }} changed_when: false when: mp_k3s.rc != 0 - name: Install partitioning and filesystem tools ansible.builtin.package: name: - parted - e2fsprogs state: present when: mp_k3s.rc != 0 - name: Compute first partition path (nvme*n* -> p1, else 1) ansible.builtin.set_fact: k3s_data_partition: >- {{ k3s_data_disk_device }}{{ 'p1' if (k3s_data_disk_device | regex_search('nvme[0-9]+n[0-9]+$')) else '1' }} when: mp_k3s.rc != 0 - name: Create GPT and single ext4 partition ansible.builtin.command: >- parted -s {{ k3s_data_disk_device }} mklabel gpt mkpart primary ext4 0% 100% args: creates: "{{ k3s_data_partition }}" when: mp_k3s.rc != 0 - name: Wait for partition node in /dev ansible.builtin.wait_for: path: "{{ k3s_data_partition }}" state: present timeout: 60 when: mp_k3s.rc != 0 - name: Detect existing filesystem on partition ansible.builtin.command: blkid -s TYPE -o value {{ k3s_data_partition }} register: fs_type changed_when: false failed_when: false when: mp_k3s.rc != 0 - name: Create ext4 on partition ansible.builtin.command: mkfs.ext4 -F {{ k3s_data_partition }} when: - mp_k3s.rc != 0 - (fs_type.stdout | default('') | trim | length) == 0 - name: Read UUID of partition ansible.builtin.command: blkid -s UUID -o value {{ k3s_data_partition }} register: blk_uuid changed_when: false when: mp_k3s.rc != 0 - name: Ensure mount directory exists ansible.builtin.file: path: "{{ k3s_data_dir }}" state: directory mode: "0755" when: mp_k3s.rc != 0 - name: Add fstab entry for k3s_data_dir ansible.builtin.lineinfile: path: /etc/fstab regexp: "^UUID={{ blk_uuid.stdout | trim }}\\s" line: "UUID={{ blk_uuid.stdout | trim }} {{ k3s_data_dir }} ext4 defaults,nofail 0 2" create: true mode: "0644" when: mp_k3s.rc != 0 - name: Mount all from fstab ansible.builtin.command: mount -a changed_when: true when: mp_k3s.rc != 0 - name: Install K3s (opt-in) hosts: k3s_server become: true run_once: true vars: _k3s_do_install: "{{ k3s_do_install | default((lookup('env', 'K3S_DO_INSTALL') | default('', true) | trim | lower in ['true', '1', 'yes']) | bool) }}" k3s_do_install_enabled: "{{ _k3s_do_install | bool }}" k3s_kubeconfig: /etc/rancher/k3s/k3s.yaml k3s_verify_storage_mount_enabled: "{{ k3s_verify_storage_mount | default(true) | bool }}" pre_tasks: - name: Gate - skip install when k3s_do_install=false when: not k3s_do_install_enabled block: - ansible.builtin.debug: msg: "[SKIP] optional doc_id=01-05 action=install var=k3s_do_install" - meta: end_play tasks: - name: Require k3s_server_ip ansible.builtin.assert: that: - k3s_server_ip is defined - (k3s_server_ip | string | length) > 0 fail_msg: "k3s_server_ip 未配置,请在 ansible/group_vars/all.yml 设置" - name: Verify /storage mountpoint when enabled when: k3s_verify_storage_mount_enabled block: - name: Ensure k3s_data_dir is mountpoint ansible.builtin.command: mountpoint -q {{ k3s_data_dir }} changed_when: false - name: Read root and k3s_data_dir mount sources ansible.builtin.shell: | set -euo pipefail root_src=$(findmnt -n -o SOURCE /) data_src=$(findmnt -n -o SOURCE {{ k3s_data_dir }}) echo "root=${root_src}" echo "data=${data_src}" test "${root_src}" != "${data_src}" args: executable: /bin/bash changed_when: false - name: Install required packages for k3s install ansible.builtin.package: name: - curl - tar - iproute state: present - name: Check k3s binary ansible.builtin.stat: path: /usr/local/bin/k3s register: _k3s_bin - name: Note k3s server install network expectations when: not _k3s_bin.stat.exists ansible.builtin.debug: msg: "正在下载安装 k3s server(get.k3s.io,最长约 {{ k3s_install_curl_max_time | default(600) }}s);久无输出多为网络问题,可在 group_vars 设 k3s_install_mirror: cn 或调大 k3s_install_curl_max_time" - name: Install k3s server when binary absent when: not _k3s_bin.stat.exists ansible.builtin.shell: | set -euo pipefail curl --connect-timeout 30 --max-time {{ k3s_install_curl_max_time | default(600) | int }} -sfL https://get.k3s.io | \ {{ ('INSTALL_K3S_MIRROR=' ~ (k3s_install_mirror | default('') | trim) ~ ' ') if (k3s_install_mirror | default('') | trim | length > 0) else '' }}{{ ('INSTALL_K3S_VERSION=' ~ k3s_version ~ ' ') if (k3s_version | default('') | trim | length > 0) else '' }}INSTALL_K3S_EXEC="server --data-dir {{ k3s_data_dir }} --write-kubeconfig-mode 644" sh - args: executable: /bin/bash timeout: "{{ k3s_install_task_timeout | default(720) | int }}" - name: Ensure k3s service enabled and started ansible.builtin.service: name: k3s enabled: true state: started - name: Wait k3s kubeconfig ready ansible.builtin.wait_for: path: "{{ k3s_kubeconfig }}" state: present timeout: 300 - name: Wait server node Ready ansible.builtin.shell: | set -euo pipefail KUBECONFIG={{ k3s_kubeconfig }} kubectl get node "{{ inventory_hostname }}" -o jsonpath='{.status.conditions[?(@.type=="Ready")].status}' args: executable: /bin/bash register: _server_ready changed_when: false until: _server_ready.stdout | trim == "True" retries: 60 delay: 5 - name: Read k3s server token ansible.builtin.slurp: path: "{{ k3s_data_dir }}/server/token" register: _server_token_raw - name: Save k3s token for workers ansible.builtin.set_fact: k3s_server_token: "{{ _server_token_raw.content | b64decode | trim }}" - name: Install K3s workers (opt-in) hosts: k3s_worker become: true serial: 1 vars: _k3s_do_install: "{{ k3s_do_install | default((lookup('env', 'K3S_DO_INSTALL') | default('', true) | trim | lower in ['true', '1', 'yes']) | bool) }}" k3s_do_install_enabled: "{{ _k3s_do_install | bool }}" k3s_kubeconfig: /etc/rancher/k3s/k3s.yaml k3s_verify_storage_mount_enabled: "{{ k3s_verify_storage_mount | default(true) | bool }}" k3s_server_host: "{{ groups['k3s_server'][0] }}" k3s_join_token: "{{ hostvars[k3s_server_host].k3s_server_token | default('') }}" pre_tasks: - name: Gate - skip worker install when k3s_do_install=false when: not k3s_do_install_enabled block: - ansible.builtin.debug: msg: "[SKIP] optional doc_id=01-05 action=worker-install var=k3s_do_install" - meta: end_play tasks: - name: Require k3s join token ansible.builtin.assert: that: - (k3s_join_token | trim | length) > 0 fail_msg: "k3s join token 为空,请先确保 server 安装成功" - name: Verify /storage mountpoint on worker when enabled when: k3s_verify_storage_mount_enabled block: - name: Ensure k3s_data_dir is mountpoint ansible.builtin.command: mountpoint -q {{ k3s_data_dir }} changed_when: false - name: Read root and k3s_data_dir mount sources ansible.builtin.shell: | set -euo pipefail root_src=$(findmnt -n -o SOURCE /) data_src=$(findmnt -n -o SOURCE {{ k3s_data_dir }}) test "${root_src}" != "${data_src}" args: executable: /bin/bash changed_when: false - name: Install required packages for worker install ansible.builtin.package: name: - curl - tar - iproute state: present - name: Check k3s-agent binary ansible.builtin.stat: path: /usr/local/bin/k3s-agent register: _k3s_agent_bin - name: Note k3s agent install network expectations when: not _k3s_agent_bin.stat.exists ansible.builtin.debug: msg: "正在本节点下载安装 k3s-agent(get.k3s.io → GitHub,最长约 {{ k3s_install_curl_max_time | default(600) }}s);卡住时请检查 worker 出网或设 k3s_install_mirror: cn" - name: Install k3s worker when binary absent when: not _k3s_agent_bin.stat.exists ansible.builtin.shell: | set -euo pipefail curl --connect-timeout 30 --max-time {{ k3s_install_curl_max_time | default(600) | int }} -sfL https://get.k3s.io | \ {{ ('INSTALL_K3S_MIRROR=' ~ (k3s_install_mirror | default('') | trim) ~ ' ') if (k3s_install_mirror | default('') | trim | length > 0) else '' }}{{ ('INSTALL_K3S_VERSION=' ~ k3s_version ~ ' ') if (k3s_version | default('') | trim | length > 0) else '' }}K3S_URL="https://{{ k3s_server_ip }}:6443" K3S_TOKEN={{ k3s_join_token | quote }} INSTALL_K3S_EXEC="agent --data-dir {{ k3s_data_dir }}" sh - args: executable: /bin/bash timeout: "{{ k3s_install_task_timeout | default(720) | int }}" - name: Ensure k3s-agent service enabled and started ansible.builtin.service: name: k3s-agent enabled: true state: started # 不在 worker 上 delegate_to server:部分环境下会从 worker 上下文连控制机 SSH 失败(如 192.168.2.61:22 timeout)。 # 改为独立 play,仅由控制端 SSH → k3s_server 执行 kubectl,与「Install K3s server」连接路径一致。 - name: Wait k3s workers Ready from server (post-install) hosts: k3s_server become: true run_once: true vars: _k3s_do_install: "{{ k3s_do_install | default((lookup('env', 'K3S_DO_INSTALL') | default('', true) | trim | lower in ['true', '1', 'yes']) | bool) }}" k3s_do_install_enabled: "{{ _k3s_do_install | bool }}" k3s_kubeconfig: /etc/rancher/k3s/k3s.yaml pre_tasks: - name: Gate - skip when k3s_do_install=false when: not k3s_do_install_enabled block: - ansible.builtin.debug: msg: "[SKIP] optional doc_id=01-05 action=wait-workers-ready var=k3s_do_install" - meta: end_play tasks: - name: Wait each worker node Ready when: (groups['k3s_worker'] | default([])) | length > 0 ansible.builtin.shell: | set -euo pipefail export KUBECONFIG={{ k3s_kubeconfig | quote }} kubectl wait --for=condition=Ready "node/{{ item }}" --timeout=320s args: executable: /bin/bash loop: "{{ groups['k3s_worker'] }}" changed_when: false - name: "01-05 k3s baseline verify (kube-system pods)" hosts: k3s_server become: true run_once: true vars: k3s_kubeconfig: /etc/rancher/k3s/k3s.yaml tasks: - name: kubectl get nodes ansible.builtin.shell: KUBECONFIG={{ k3s_kubeconfig }} kubectl get nodes -o wide changed_when: false - name: kube-system pods summary ansible.builtin.shell: KUBECONFIG={{ k3s_kubeconfig }} kubectl get pods -n kube-system -o wide changed_when: false