feat(ansible): ansible 初步稳定

ansible/playbooks/add-node.yml

@@ -1,19 +0,0 @@
-# 添加新节点到集群
-# 使用: export K3S_TOKEN='xxx' K3S_SERVER_URL='xxx' TAILSCALE_AUTH_KEY='xxx'
-#       ansible-playbook playbooks/add-node.yml -l <node_name>
----
-- name: Validate
-  hosts: localhost
-  gather_facts: no
-  tasks:
-    - ansible.builtin.fail:
-        msg: "请设置: export K3S_TOKEN='xxx'"
-      when: lookup('env', 'K3S_TOKEN') | length == 0
-
-- name: Add node
-  hosts: masters:agents:!master_init
-  gather_facts: yes
-  roles:
-    - common
-    - k3s
-

ansible/playbooks/init.yml

@@ -1,8 +0,0 @@
-# 首次安装 (包含 SSH 加固)
-# 使用: export SSH_PASSWORD='xxx' TAILSCALE_AUTH_KEY='xxx'
-#       ansible-playbook playbooks/init.yml
----
-- name: First time installation with SSH hardening
-  import_playbook: site.yml
-  tags: [ssh, common, k3s, status]
-

ansible/playbooks/site.yml

@@ -2,7 +2,7 @@
 ---
 - name: Validate environment
   hosts: localhost
-  gather_facts: no
+  gather_facts: false
   tasks:
     - name: Check TAILSCALE_AUTH_KEY
       ansible.builtin.fail:
@@ -23,7 +23,7 @@
 # ============================================
 - name: SSH Security Hardening
   hosts: k3s_cluster
-  gather_facts: no
+  gather_facts: false
   tags: [ssh, never]
   roles:
     - ssh
@@ -33,7 +33,7 @@
 # ============================================
 - name: Common Setup
   hosts: k3s_cluster
-  gather_facts: yes
+  gather_facts: true
   tags: [common]
   roles:
     - common
@@ -43,16 +43,46 @@
 # ============================================
 - name: Install K3s on init node
   hosts: masters
-  gather_facts: yes
+  gather_facts: true
   serial: 1
   tags: [k3s]
   roles:
     - role: k3s
       when: cluster_init | default(false)
 
+- name: Fetch K3S_TOKEN & K3S_SERVER_URL from init node
+  hosts: localhost
+  gather_facts: false
+  tags: [k3s]
+  tasks:
+    - name: Find init node
+      ansible.builtin.set_fact:
+        init_node: "{{ item }}"
+      loop: "{{ groups['masters'] }}"
+      when: hostvars[item].cluster_init | default(false)
+
+    - name: Read K3S_TOKEN from init node
+      ansible.builtin.slurp:
+        src: /var/lib/rancher/k3s/server/node-token
+      register: k3s_token_content
+      delegate_to: "{{ init_node }}"
+
+    - name: Determine K3S_SERVER_URL
+      ansible.builtin.set_fact:
+        # 优先使用 HA_SERVER_URL 环境变量，否则使用 init 节点地址
+        k3s_server_url_or_ha: "{{ ha_server_url if (ha_server_url | length > 0) else 'https://' + hostvars[init_node].ansible_host + ':6443' }}"
+
+    - name: Set K3S_TOKEN and K3S_SERVER_URL for all hosts
+      ansible.builtin.set_fact:
+        k3s_token: "{{ k3s_token_content.content | b64decode | trim }}"
+        k3s_server_url: "{{ k3s_server_url_or_ha }}"
+      delegate_to: "{{ item }}"
+      delegate_facts: true
+      loop: "{{ groups['k3s_cluster'] }}"
+
 - name: Install K3s on other masters
   hosts: masters
-  gather_facts: yes
+  gather_facts: true
   serial: 1
   tags: [k3s]
   roles:
@@ -61,7 +91,7 @@
 
 - name: Install K3s on agents
   hosts: agents
-  gather_facts: yes
+  gather_facts: true
   tags: [k3s]
   roles:
     - k3s
@@ -71,15 +101,16 @@
 # ============================================
 - name: Show cluster status
   hosts: masters
-  gather_facts: no
+  gather_facts: false
   tags: [status]
   run_once: true
   tasks:
     - name: Get nodes
-      ansible.builtin.shell: kubectl get nodes -o wide
+      ansible.builtin.command: kubectl get nodes -o wide
       environment:
         KUBECONFIG: /etc/rancher/k3s/k3s.yaml
       register: nodes
+      changed_when: false
       when: cluster_init | default(false)
 
     - name: Display nodes
@@ -90,4 +121,3 @@
           {{ nodes.stdout }}
           ══════════════════════════════════════════════════════════════
       when: cluster_init | default(false)
-