feat(playbook): enhance SSH port detection and validation in K3s installation playbook

ansible/inventory/hosts.yml

@@ -2,10 +2,11 @@
 ---
 all:
   vars:
-    # SSH 配置 (初始连接使用密码)
+    # SSH 配置
     ansible_user: root
-    ansible_port: 2103
+    # 默认端口，首次安装时使用22，后续会被动态覆盖
-    ansible_password: "{{ lookup('env', 'SSH_PASSWORD') }}"
+    ansible_port: 22
+    ansible_password: "{{ lookup('env', 'SSH_PASSWORD') | default(omit, true) }}"
 
     # SSH 安全配置
     ssh_new_port: 2103

ansible/playbooks/site.yml

@@ -1,13 +1,20 @@
 # K3s 集群安装 Playbook
 ---
-- name: Validate environment
+# ============================================
-  hosts: localhost
+# 阶段 0: 提前检测 检测环境变量和 SSH 端口
+# ============================================
+- name: Pre-check Environment and SSH Port
+  hosts: k3s_cluster
   gather_facts: false
+  tags: [always]
   tasks:
+    # 环境验证 (run_once 确保只执行一次)
     - name: Check TAILSCALE_AUTH_KEY
       ansible.builtin.fail:
         msg: "请设置: export TAILSCALE_AUTH_KEY='tskey-auth-xxx'"
       when: lookup('env', 'TAILSCALE_AUTH_KEY') | length == 0
+      run_once: true
+      delegate_to: localhost
 
     - name: Check SSH credentials
       ansible.builtin.debug:
@@ -17,6 +24,28 @@
           {% else %}
           ✓ 使用密钥登录
           {% endif %}
+      run_once: true
+      delegate_to: localhost
+
+    # SSH 端口探测
+    - name: Try new SSH port ({{ ssh_new_port }})
+      ansible.builtin.wait_for:
+        host: "{{ ansible_host }}"
+        port: "{{ ssh_new_port }}"
+        timeout: 3
+      delegate_to: localhost
+      become: false
+      register: new_port_check
+      ignore_errors: true
+
+    - name: Set SSH port based on availability
+      ansible.builtin.set_fact:
+        ansible_port: "{{ ssh_new_port if new_port_check is succeeded else 22 }}"
+
+    - name: Display detected SSH port
+      ansible.builtin.debug:
+        msg: "{{ inventory_hostname }}: 使用端口 {{ ansible_port }}"
+      when: ansible_verbosity > 0
 
 # ============================================
 # 阶段 1: SSH 安全加固 (可选，首次安装时使用)
@@ -51,8 +80,9 @@
       when: cluster_init | default(false)
 
 - name: Fetch K3S_TOKEN & K3S_SERVER_URL from init node
-  hosts: localhost
+  hosts: k3s_cluster
   gather_facts: false
+  run_once: true
   tags: [k3s]
   tasks:
     - name: Find init node
@@ -61,24 +91,40 @@
       loop: "{{ groups['masters'] }}"
       when: hostvars[item].cluster_init | default(false)
 
+    - name: Detect init node SSH port
+      ansible.builtin.wait_for:
+        host: "{{ hostvars[init_node].ansible_host }}"
+        port: "{{ ssh_new_port }}"
+        timeout: 3
+      delegate_to: localhost
+      become: false
+      register: init_node_port_check
+      ignore_errors: true
+
+    - name: Set init node SSH port
+      ansible.builtin.set_fact:
+        init_node_port: "{{ ssh_new_port if init_node_port_check is succeeded else 22 }}"
+
     - name: Read K3S_TOKEN from init node
       ansible.builtin.slurp:
         src: /var/lib/rancher/k3s/server/node-token
       register: k3s_token_content
       delegate_to: "{{ init_node }}"
+      vars:
+        ansible_port: "{{ hostvars[inventory_hostname].init_node_port }}"
 
     - name: Determine K3S_SERVER_URL
       ansible.builtin.set_fact:
         # 优先使用 HA_SERVER_URL 环境变量，否则使用 init 节点地址
         k3s_server_url: "{{ ha_server_url if (ha_server_url | length > 0) else 'https://' + hostvars[init_node].ansible_host + ':6443' }}"
 
-    - name: Set K3S_TOKEN and K3S_SERVER_URL for all hosts
+    - name: Set K3S_TOKEN and K3S_SERVER_URL for target hosts
       ansible.builtin.set_fact:
         k3s_token: "{{ k3s_token_content.content | b64decode | trim }}"
         k3s_server_url: "{{ k3s_server_url }}"
       delegate_to: "{{ item }}"
       delegate_facts: true
-      loop: "{{ groups['k3s_cluster'] }}"
+      loop: "{{ ansible_play_hosts }}"
 
 - name: Install K3s on other masters
   hosts: masters