Install packages and handle reboots

Ansible/roles/common/tasks/base_packages.yml

@@ -0,0 +1,16 @@
+---
+- name: Update apt repo and cache on all Debian/Ubuntu boxes
+  apt: update_cache=yes force_apt_get=yes cache_valid_time=3600
+
+- name: Upgrade all packages
+  apt: upgrade=dist force_apt_get=yes
+
+- name: Install Base Packages
+  apt:
+    pkg:
+      - thefuck
+      - vim
+      - net-tools
+      - nfs-common
+      - dbus
+      - avahi-daemon

Ansible/roles/common/tasks/main.yml

@@ -2,3 +2,8 @@
   import_tasks: users.yml
   #  when: ansible_facts['os_family']|lower == 'redhat'
 
+- name: Installing Base Packages
+  import_tasks: base_packages.yml
+
+- name: Rebooting if necessary
+  import_tasks: reboot.yml

Ansible/roles/common/tasks/reboot.yml

@@ -0,0 +1,15 @@
+---
+- name: Check if a reboot is needed on all servers
+  register: reboot_required_file
+  stat: path=/var/run/reboot-required get_md5=no
+
+- name: Reboot the box if kernel updated
+  reboot:
+    msg: "Reboot initiated by Ansible for kernel updates"
+    connect_timeout: 5
+    reboot_timeout: 300
+    pre_reboot_delay: 0
+    post_reboot_delay: 30
+    test_command: uptime
+    serial: 1
+  when: reboot_required_file.stat.exists

Ansible/roles/common/tasks/users.yml

@@ -1,5 +1,5 @@
 ---
-- name: Create fdamstra user
+- name: Validate fdamstra user
   ansible.builtin.user:
     name: fdamstra
     state: present
@@ -9,13 +9,13 @@
     groups:
       - sudo
     home: /home/fdamstra
-    password: $6$hYFN1pnIw3Gi8Lca$HdoHUUVVPbBdp/HGeBdo2rpWjhvBYcpV2EbCkZqW0Sqp1nsxQmuAy6sy6wjLHv1EdODG8oNUBPys94bxOOwbp/
+    password: "{{ password }}"
     update_password: on_create
 - name: Create authorized key
   authorized_key:
     user: fdamstra
     state: present
-    key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDF3pGU9+HufgfEhPP7P0Lt7kqfGWLTGd6sfJgSypcSo3FP1XhwFOWkaNvZIpoIeQXhux5vTm+RoqYZ/3Gj7hcGMLdoHWArvLHD2AGjxbFnsmiCioQgsC/rYLBjiWNsDdVF5Arofby/RwzivMAi7yivhY4nGzXPsHZoucB0Wi34/9AmxbvXWv6ckuWkMjrXVe+uwFje3U7jQHRW9jQRpCRRfUjVA4FmH0PWqWFBlt/zqsDPOzbxNNhAvyrJho7jVBNjCLsq0++lT8BDKrYbaZiT0F2c9uIDRpHJSdjpqVCf9bghmeJWYMoNHAkGR7WCFjPCJ7QM57a2oRBtm1A/EWcr fdamstra@io"
+    key: "{{ public_ssh_key }}"
 - name: Set nopassword for sudo group
   lineinfile:
     path: /etc/sudoers.d/20-sudo-group-nopasswd
@@ -43,9 +43,15 @@
     repo: ssh://git@git.monkeybox.org:2222/fdamstra/MyEnvironment.git
     dest: /home/fdamstra/MyEnvironment
     accept_hostkey: yes
+  register: git_myenvironment
 - name: Create Environment Links
   become: yes
   become_user: fdamstra
   command:
     chdir: /home/fdamstra/MyEnvironment
     cmd: ./CreateLinks.sh
+  when: git_myenvironment.changed
+- name: Remove Ubuntu user
+  ansible.builtin.user:
+    name: ubuntu
+    state: absent

Ansible/roles/k8s/handlers/main.yml

@@ -0,0 +1,11 @@
+---
+- name: Reboot Server
+  throttle: 1
+  reboot:
+    msg: "Reboot Handler"
+    connect_timeout: 5
+    reboot_timeout: 300
+    pre_reboot_delay: 0
+    post_reboot_delay: 30
+    test_command: uptime
+  listen: "Reboot Server"

Ansible/roles/k8s/tasks/cmdline.yml

@@ -0,0 +1,33 @@
+---
+# CPUSet
+- name: Check cpuset cgroup
+  shell: cat /boot/firmware/cmdline.txt | grep -c 'cgroup_enable=cpuset' || true
+  register: pi_cgroup_cpuset
+  changed_when: false # Do not mark as 'changed'
+
+- name: Add cpuset cgroup
+  replace: dest=/boot/firmware/cmdline.txt regexp='(\s*)$' replace=' cgroup_enable=cpuset'
+  when: pi_cgroup_cpuset.stdout == "0"
+  notify: "Reboot Server"
+
+# Memory
+- name: Check memory cgroup enabled
+  shell: cat /boot/firmware/cmdline.txt | grep -c 'cgroup_enable=memory' || true
+  register: pi_cgroup_memory_enable
+  changed_when: false # Do not mark as 'changed'
+
+- name: Add memory cgroup enabled
+  replace: dest=/boot/firmware/cmdline.txt regexp='(\s*)$' replace=' cgroup_enable=memory'
+  when: pi_cgroup_memory_enable.stdout == "0"
+  notify: "Reboot Server"
+
+# Memory Group
+- name: Check memory cgroup
+  shell: cat /boot/firmware/cmdline.txt | grep -c 'cgroup_memory' || true
+  register: pi_cgroup_memory
+  changed_when: false # Do not mark as 'changed'
+
+- name: Add memory cgroup
+  replace: dest=/boot/firmware/cmdline.txt regexp='(\s*)$' replace=' cgroup_memory=1'
+  when: pi_cgroup_memory.stdout == "0"
+  notify: "Reboot Server"

Ansible/roles/k8s/tasks/main.yml

@@ -0,0 +1,16 @@
+---
+- name: Set the Hostname
+  ansible.builtin.hostname:
+    name: "{{ inventory_hostname }}"
+
+- name: Fix cmdline.txt
+  import_tasks: cmdline.yml
+
+- name: system.yml
+  import_tasks: system.yml
+
+#- name: Installing Base Packages
+#  import_tasks: base_packages.yml
+#
+#- name: Rebooting if necessary
+#  import_tasks: reboot.yml

Ansible/roles/k8s/tasks/system.yml

@@ -0,0 +1,23 @@
+---
+- name: /etc/sysctl.d/99-kubernetes-cri.conf
+  copy:
+    dest: /etc/sysctl.d/99-kubernetes-cri.conf
+    content: |
+      net.bridge.bridge-nf-call-iptables  = 1
+      net.ipv4.ip_forward                 = 1
+      net.bridge.bridge-nf-call-ip6tables = 1
+    mode: 0644
+    owner: root
+    group: root
+  notify: "Reboot Server"
+
+- name: /etc/modules-load.d/netfilter.conf
+  copy:
+    dest: /etc/modules-load.d/netfilter.conf
+    content: |
+      overlay
+      br_netfilter
+    mode: 0644
+    owner: root
+    group: root
+  notify: "Reboot Server"

Ansible/tasks/initial_users.yml

@@ -33,12 +33,12 @@
       - name: Install public key
         copy: 
           dest: /home/fdamstra/.ssh/id_rsa.pub
-          content: {{ public_ssh_key }}
+          content: "{{ public_ssh_key }}"
           mode: 0644
           owner: fdamstra
       - name: Install private key
         copy: 
           dest: /home/fdamstra/.ssh/id_rsa
-          content: {{ private_ssh_key }}
+          content: "{{ private_ssh_key }}"
           mode: 0600
           owner: fdamstra

Ansible/tasks/patch.yml

@@ -2,7 +2,6 @@
 - hosts: all
   become: true
   become_user: root
-  serial: 1 # one host at a time
   tasks:
     - name: Update apt repo and cache on all Debian/Ubuntu boxes
       apt: update_cache=yes force_apt_get=yes cache_valid_time=3600
@@ -15,6 +14,7 @@
       stat: path=/var/run/reboot-required get_md5=no
 
     - name: Reboot the box if kernel updated
+      throttle: 1 # one host at a time
       reboot:
         msg: "Reboot initiated by Ansible for kernel updates"
         connect_timeout: 5

Ansible/test.yml

@@ -0,0 +1,6 @@
+---
+- hosts: k8s
+  become: yes
+  become_user: root
+  roles:
+    - k8s