jack/Deploy-Laboratory
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
befdefd2229c705d8601b1bd611d7de29bbcd39d
Deploy-Laboratory/ansible/playbooks/verify/01-05.yml
Jack befdefd222 日常更新
2026-03-29 09:08:01 +08:00

348 lines
14 KiB
YAML
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
---
# 单文件化说明:
# - 01-05.yml 默认仍做“最小 verify”kube-system pods
# - 如需“准备数据盘/安装 K3s”必须显式开启开关
# -e k3s_do_prepare_storage=true # 内联原 01-05-prepare-storage.yml
# -e k3s_do_install=true # 内联原 01-05-install.yml
# 或 source ansible/env/.env.verify 后由环境变量 K3S_DO_PREPARE_STORAGE / K3S_DO_INSTALLtrue/false开启
- name: Prepare data disk and mount to k3s_data_dir (opt-in)
hosts: k3s_nodes
become: true
vars:
_k3s_do_prepare_storage: "{{ k3s_do_prepare_storage | default((lookup('env', 'K3S_DO_PREPARE_STORAGE') | default('', true) | trim | lower in ['true', '1', 'yes']) | bool) }}"
k3s_do_prepare_storage_enabled: "{{ _k3s_do_prepare_storage | bool }}"
pre_tasks:
- name: Gate - skip prepare storage when k3s_do_prepare_storage=false
when: not k3s_do_prepare_storage_enabled
block:
- ansible.builtin.debug:
msg: "[SKIP] optional doc_id=01-05 action=prepare-storage var=k3s_do_prepare_storage"
- meta: end_play
tasks:
- name: Skip notice when storage prep disabled
ansible.builtin.debug:
msg: "k3s_prepare_storage is false — skipping (see group_vars/all.yml)"
when: not (k3s_prepare_storage | default(false) | bool)
- name: Prepare block storage for k3s_data_dir
when: k3s_prepare_storage | default(false) | bool
block:
# 先判挂载:已挂载则不再要求 k3s_data_disk_device避免「目录已就绪仍 assert 磁盘」)
- name: Check whether k3s_data_dir is already a mountpoint
ansible.builtin.command: mountpoint -q {{ k3s_data_dir }}
register: mp_k3s
changed_when: false
failed_when: false
- name: Skip when k3s_data_dir already mounted
ansible.builtin.debug:
msg: "{{ k3s_data_dir }} already mounted — skipping partitioning on {{ inventory_hostname }}"
when: mp_k3s.rc == 0
- name: Require k3s_data_disk_device only when partition work is needed
ansible.builtin.assert:
that:
- k3s_data_disk_device is defined
- (k3s_data_disk_device | string | length) > 0
fail_msg: "Set k3s_data_disk_device (e.g. /dev/vdb) in group_vars or host_vars"
when: mp_k3s.rc != 0
- name: Verify k3s_data_disk_device is a block device
ansible.builtin.command: test -b {{ k3s_data_disk_device }}
changed_when: false
when: mp_k3s.rc != 0
- name: Install partitioning and filesystem tools
ansible.builtin.package:
name:
- parted
- e2fsprogs
state: present
when: mp_k3s.rc != 0
- name: Compute first partition path (nvme*n* -> p1, else 1)
ansible.builtin.set_fact:
k3s_data_partition: >-
{{ k3s_data_disk_device }}{{ 'p1' if (k3s_data_disk_device | regex_search('nvme[0-9]+n[0-9]+$')) else '1' }}
when: mp_k3s.rc != 0
- name: Create GPT and single ext4 partition
ansible.builtin.command: >-
parted -s {{ k3s_data_disk_device }} mklabel gpt mkpart primary ext4 0% 100%
args:
creates: "{{ k3s_data_partition }}"
when: mp_k3s.rc != 0
- name: Wait for partition node in /dev
ansible.builtin.wait_for:
path: "{{ k3s_data_partition }}"
state: present
timeout: 60
when: mp_k3s.rc != 0
- name: Detect existing filesystem on partition
ansible.builtin.command: blkid -s TYPE -o value {{ k3s_data_partition }}
register: fs_type
changed_when: false
failed_when: false
when: mp_k3s.rc != 0
- name: Create ext4 on partition
ansible.builtin.command: mkfs.ext4 -F {{ k3s_data_partition }}
when:
- mp_k3s.rc != 0
- (fs_type.stdout | default('') | trim | length) == 0
- name: Read UUID of partition
ansible.builtin.command: blkid -s UUID -o value {{ k3s_data_partition }}
register: blk_uuid
changed_when: false
when: mp_k3s.rc != 0
- name: Ensure mount directory exists
ansible.builtin.file:
path: "{{ k3s_data_dir }}"
state: directory
mode: "0755"
when: mp_k3s.rc != 0
- name: Add fstab entry for k3s_data_dir
ansible.builtin.lineinfile:
path: /etc/fstab
regexp: "^UUID={{ blk_uuid.stdout | trim }}\\s"
line: "UUID={{ blk_uuid.stdout | trim }} {{ k3s_data_dir }} ext4 defaults,nofail 0 2"
create: true
mode: "0644"
when: mp_k3s.rc != 0
- name: Mount all from fstab
ansible.builtin.command: mount -a
changed_when: true
when: mp_k3s.rc != 0
- name: Install K3s (opt-in)
hosts: k3s_server
become: true
run_once: true
vars:
_k3s_do_install: "{{ k3s_do_install | default((lookup('env', 'K3S_DO_INSTALL') | default('', true) | trim | lower in ['true', '1', 'yes']) | bool) }}"
k3s_do_install_enabled: "{{ _k3s_do_install | bool }}"
k3s_kubeconfig: /etc/rancher/k3s/k3s.yaml
k3s_verify_storage_mount_enabled: "{{ k3s_verify_storage_mount | default(true) | bool }}"
pre_tasks:
- name: Gate - skip install when k3s_do_install=false
when: not k3s_do_install_enabled
block:
- ansible.builtin.debug:
msg: "[SKIP] optional doc_id=01-05 action=install var=k3s_do_install"
- meta: end_play
tasks:
- name: Require k3s_server_ip
ansible.builtin.assert:
that:
- k3s_server_ip is defined
- (k3s_server_ip | string | length) > 0
fail_msg: "k3s_server_ip 未配置,请在 ansible/group_vars/all.yml 设置"
- name: Verify /storage mountpoint when enabled
when: k3s_verify_storage_mount_enabled
block:
- name: Ensure k3s_data_dir is mountpoint
ansible.builtin.command: mountpoint -q {{ k3s_data_dir }}
changed_when: false
- name: Read root and k3s_data_dir mount sources
ansible.builtin.shell: |
set -euo pipefail
root_src=$(findmnt -n -o SOURCE /)
data_src=$(findmnt -n -o SOURCE {{ k3s_data_dir }})
echo "root=${root_src}"
echo "data=${data_src}"
test "${root_src}" != "${data_src}"
args:
executable: /bin/bash
changed_when: false
- name: Install required packages for k3s install
ansible.builtin.package:
name:
- curl
- tar
- iproute
state: present
- name: Check k3s binary
ansible.builtin.stat:
path: /usr/local/bin/k3s
register: _k3s_bin
- name: Note k3s server install network expectations
when: not _k3s_bin.stat.exists
ansible.builtin.debug:
msg: "正在下载安装 k3s serverget.k3s.io最长约 {{ k3s_install_curl_max_time | default(600) }}s久无输出多为网络问题可在 group_vars 设 k3s_install_mirror: cn 或调大 k3s_install_curl_max_time"
- name: Install k3s server when binary absent
when: not _k3s_bin.stat.exists
ansible.builtin.shell: |
set -euo pipefail
curl --connect-timeout 30 --max-time {{ k3s_install_curl_max_time | default(600) | int }} -sfL https://get.k3s.io | \
{{ ('INSTALL_K3S_MIRROR=' ~ (k3s_install_mirror | default('') | trim) ~ ' ') if (k3s_install_mirror | default('') | trim | length > 0) else '' }}{{ ('INSTALL_K3S_VERSION=' ~ k3s_version ~ ' ') if (k3s_version | default('') | trim | length > 0) else '' }}INSTALL_K3S_EXEC="server --data-dir {{ k3s_data_dir }} --write-kubeconfig-mode 644" sh -
args:
executable: /bin/bash
timeout: "{{ k3s_install_task_timeout | default(720) | int }}"
- name: Ensure k3s service enabled and started
ansible.builtin.service:
name: k3s
enabled: true
state: started
- name: Wait k3s kubeconfig ready
ansible.builtin.wait_for:
path: "{{ k3s_kubeconfig }}"
state: present
timeout: 300
- name: Wait server node Ready
ansible.builtin.shell: |
set -euo pipefail
KUBECONFIG={{ k3s_kubeconfig }} kubectl get node "{{ inventory_hostname }}" -o jsonpath='{.status.conditions[?(@.type=="Ready")].status}'
args:
executable: /bin/bash
register: _server_ready
changed_when: false
until: _server_ready.stdout | trim == "True"
retries: 60
delay: 5
- name: Read k3s server token
ansible.builtin.slurp:
path: "{{ k3s_data_dir }}/server/token"
register: _server_token_raw
- name: Save k3s token for workers
ansible.builtin.set_fact:
k3s_server_token: "{{ _server_token_raw.content | b64decode | trim }}"
- name: Install K3s workers (opt-in)
hosts: k3s_worker
become: true
serial: 1
vars:
_k3s_do_install: "{{ k3s_do_install | default((lookup('env', 'K3S_DO_INSTALL') | default('', true) | trim | lower in ['true', '1', 'yes']) | bool) }}"
k3s_do_install_enabled: "{{ _k3s_do_install | bool }}"
k3s_kubeconfig: /etc/rancher/k3s/k3s.yaml
k3s_verify_storage_mount_enabled: "{{ k3s_verify_storage_mount | default(true) | bool }}"
k3s_server_host: "{{ groups['k3s_server'][0] }}"
k3s_join_token: "{{ hostvars[k3s_server_host].k3s_server_token | default('') }}"
pre_tasks:
- name: Gate - skip worker install when k3s_do_install=false
when: not k3s_do_install_enabled
block:
- ansible.builtin.debug:
msg: "[SKIP] optional doc_id=01-05 action=worker-install var=k3s_do_install"
- meta: end_play
tasks:
- name: Require k3s join token
ansible.builtin.assert:
that:
- (k3s_join_token | trim | length) > 0
fail_msg: "k3s join token 为空,请先确保 server 安装成功"
- name: Verify /storage mountpoint on worker when enabled
when: k3s_verify_storage_mount_enabled
block:
- name: Ensure k3s_data_dir is mountpoint
ansible.builtin.command: mountpoint -q {{ k3s_data_dir }}
changed_when: false
- name: Read root and k3s_data_dir mount sources
ansible.builtin.shell: |
set -euo pipefail
root_src=$(findmnt -n -o SOURCE /)
data_src=$(findmnt -n -o SOURCE {{ k3s_data_dir }})
test "${root_src}" != "${data_src}"
args:
executable: /bin/bash
changed_when: false
- name: Install required packages for worker install
ansible.builtin.package:
name:
- curl
- tar
- iproute
state: present
- name: Check k3s-agent binary
ansible.builtin.stat:
path: /usr/local/bin/k3s-agent
register: _k3s_agent_bin
- name: Note k3s agent install network expectations
when: not _k3s_agent_bin.stat.exists
ansible.builtin.debug:
msg: "正在本节点下载安装 k3s-agentget.k3s.io → GitHub最长约 {{ k3s_install_curl_max_time | default(600) }}s卡住时请检查 worker 出网或设 k3s_install_mirror: cn"
- name: Install k3s worker when binary absent
when: not _k3s_agent_bin.stat.exists
ansible.builtin.shell: |
set -euo pipefail
curl --connect-timeout 30 --max-time {{ k3s_install_curl_max_time | default(600) | int }} -sfL https://get.k3s.io | \
{{ ('INSTALL_K3S_MIRROR=' ~ (k3s_install_mirror | default('') | trim) ~ ' ') if (k3s_install_mirror | default('') | trim | length > 0) else '' }}{{ ('INSTALL_K3S_VERSION=' ~ k3s_version ~ ' ') if (k3s_version | default('') | trim | length > 0) else '' }}K3S_URL="https://{{ k3s_server_ip }}:6443" K3S_TOKEN={{ k3s_join_token | quote }} INSTALL_K3S_EXEC="agent --data-dir {{ k3s_data_dir }}" sh -
args:
executable: /bin/bash
timeout: "{{ k3s_install_task_timeout | default(720) | int }}"
- name: Ensure k3s-agent service enabled and started
ansible.builtin.service:
name: k3s-agent
enabled: true
state: started
# 不在 worker 上 delegate_to server部分环境下会从 worker 上下文连控制机 SSH 失败(如 192.168.2.61:22 timeout
# 改为独立 play仅由控制端 SSH → k3s_server 执行 kubectl与「Install K3s server」连接路径一致。
- name: Wait k3s workers Ready from server (post-install)
hosts: k3s_server
become: true
run_once: true
vars:
_k3s_do_install: "{{ k3s_do_install | default((lookup('env', 'K3S_DO_INSTALL') | default('', true) | trim | lower in ['true', '1', 'yes']) | bool) }}"
k3s_do_install_enabled: "{{ _k3s_do_install | bool }}"
k3s_kubeconfig: /etc/rancher/k3s/k3s.yaml
pre_tasks:
- name: Gate - skip when k3s_do_install=false
when: not k3s_do_install_enabled
block:
- ansible.builtin.debug:
msg: "[SKIP] optional doc_id=01-05 action=wait-workers-ready var=k3s_do_install"
- meta: end_play
tasks:
- name: Wait each worker node Ready
when: (groups['k3s_worker'] | default([])) | length > 0
ansible.builtin.shell: |
set -euo pipefail
export KUBECONFIG={{ k3s_kubeconfig | quote }}
kubectl wait --for=condition=Ready "node/{{ item }}" --timeout=320s
args:
executable: /bin/bash
loop: "{{ groups['k3s_worker'] }}"
changed_when: false
- name: "01-05 k3s baseline verify (kube-system pods)"
hosts: k3s_server
become: true
run_once: true
vars:
k3s_kubeconfig: /etc/rancher/k3s/k3s.yaml
tasks:
- name: kubectl get nodes
ansible.builtin.shell: KUBECONFIG={{ k3s_kubeconfig }} kubectl get nodes -o wide
changed_when: false
- name: kube-system pods summary
ansible.builtin.shell: KUBECONFIG={{ k3s_kubeconfig }} kubectl get pods -n kube-system -o wide
changed_when: false
Reference in New Issue View Git Blame Copy Permalink