- name: Create directory for RKE2 config ansible.builtin.file: path: "/etc/rancher/rke2" state: directory mode: '0644' - name: Create directory for RKE2 token ansible.builtin.file: path: "/var/lib/rancher/rke2/server" state: directory mode: '0644' # Copy server config to server 1 for bootstrap - we need to change server2 & 3 later with the token - name: Deploy RKE2 server Configuration ansible.builtin.template: src: templates/rke2-server-config.j2 dest: /etc/rancher/rke2/config.yaml owner: root group: root mode: '0644' when: inventory_hostname in groups['servers'] - name: Create systemd service file for RKE2 server ansible.builtin.template: src: templates/rke2-server.service.j2 dest: /etc/systemd/system/rke2-server.service owner: root group: root mode: '0644' when: inventory_hostname in groups['servers'] - name: Create systemd service file for RKE2 agent ansible.builtin.template: src: templates/rke2-agent.service.j2 dest: /etc/systemd/system/rke2-agent.service owner: root group: root mode: '0644' when: inventory_hostname in groups['agents'] # we enable the first server to generate tokens etc, copy this afterwards to other servers - name: Ensure RKE2 server is enabled and running ansible.builtin.systemd: name: rke2-server enabled: true state: restarted daemon_reload: true when: inventory_hostname in groups['servers'][0] # wait for node token to be availale so that we can copy it, we need this to join other nodes - name: Wait for node-token ansible.builtin.wait_for: path: /var/lib/rancher/rke2/server/node-token when: inventory_hostname == groups['servers'][0] # wait for kubectl to be downloaded, part of the rke2 installation - name: Wait for kubectl ansible.builtin.wait_for: path: /var/lib/rancher/rke2/bin/kubectl when: inventory_hostname == groups['servers'][0] # copy kubectl to usr bin so that all users can run kubectl commands - name: Copy kubectl to user bin ansible.builtin.copy: src: /var/lib/rancher/rke2/bin/kubectl dest: /usr/local/bin/kubectl mode: '0755' remote_src: true become: true when: inventory_hostname == groups['servers'][0] # wait for the kubectl copy to complete - name: Wait for kubectl ansible.builtin.wait_for: path: /usr/local/bin/kubectl when: inventory_hostname == groups['servers'][0] # modify token access - name: Register node-token file access mode ansible.builtin.stat: path: /var/lib/rancher/rke2/server register: p - name: Change file access for node-token ansible.builtin.file: path: /var/lib/rancher/rke2/server mode: "g+rx,o+rx" when: inventory_hostname == groups['servers'][0] # Save token as variable - name: Fetch the token from the first server node ansible.builtin.slurp: src: /var/lib/rancher/rke2/server/token register: rke2_token when: inventory_hostname == groups['servers'][0] run_once: true # convert token to fact - name: Save Master node-token for later ansible.builtin.set_fact: token: "{{ rke2_token.content | b64decode | regex_replace('\n', '') }}" # revert token file access - name: Restore node-token file access ansible.builtin.file: path: /var/lib/rancher/rke2/server mode: "{{ p.stat.mode }}" when: inventory_hostname == groups['servers'][0] # check .kube folder exists so that we can use kubectl (config resides here) - name: Ensure .kube directory exists in user's home ansible.builtin.file: path: "/home/{{ ansible_user }}/.kube" state: directory mode: '0755' become: true # copy kubectl config file to .kube folder - name: Copy config file to user home directory ansible.builtin.copy: src: /etc/rancher/rke2/rke2.yaml dest: "/home/{{ ansible_user }}/.kube/config" remote_src: true owner: "{{ ansible_user }}" mode: "u=rw,g=,o=" when: inventory_hostname == groups['servers'][0] # change IP from local to server 1 IP - name: Replace IP address with server1 ansible.builtin.replace: path: /home/{{ ansible_user }}/.kube/config regexp: '127.0.0.1' replace: "{{ hostvars['server1']['ansible_host'] }}" when: inventory_hostname == groups['servers'][0]