# K3s 集群安装 Playbook --- # ============================================ # 阶段 0: 提前检测 检测环境变量和 SSH 端口 # ============================================ - name: Pre-check Environment and SSH Port hosts: k3s_cluster gather_facts: false tags: [always] tasks: # 环境验证 (run_once 确保只执行一次) - name: Check TAILSCALE_AUTH_KEY ansible.builtin.fail: msg: "请设置: export TAILSCALE_AUTH_KEY='tskey-auth-xxx'" when: lookup('env', 'TAILSCALE_AUTH_KEY') | length == 0 run_once: true delegate_to: localhost - name: Check SSH credentials ansible.builtin.debug: msg: | {% if lookup('env', 'SSH_PASSWORD') | length > 0 %} ✓ 优先使用密码登录 {% else %} ✓ 使用密钥登录 {% endif %} run_once: true delegate_to: localhost # SSH 端口探测 - name: Try new SSH port ({{ ssh_new_port }}) ansible.builtin.wait_for: host: "{{ ansible_host }}" port: "{{ ssh_new_port }}" timeout: 3 delegate_to: localhost become: false register: new_port_check ignore_errors: true - name: Set SSH port based on availability ansible.builtin.set_fact: ansible_port: "{{ ssh_new_port if new_port_check is succeeded else 22 }}" - name: Display detected SSH port ansible.builtin.debug: msg: "{{ inventory_hostname }}: 使用端口 {{ ansible_port }}" when: ansible_verbosity > 0 # ============================================ # 阶段 1: SSH 安全加固 (可选,首次安装时使用) # ============================================ - name: SSH Security Hardening hosts: k3s_cluster gather_facts: false tags: [ssh, never] roles: - ssh # ============================================ # 阶段 2: 基础配置 # ============================================ - name: Common Setup hosts: k3s_cluster gather_facts: true tags: [common] roles: - common # ============================================ # 阶段 3: 安装 K3s (按顺序: init -> masters -> agents) # ============================================ - name: Install K3s on init node hosts: masters gather_facts: true serial: 1 tags: [k3s] roles: - role: k3s when: cluster_init | default(false) - name: Fetch K3S_TOKEN & K3S_SERVER_URL from init node hosts: k3s_cluster gather_facts: false run_once: true tags: [k3s] tasks: - name: Find init node ansible.builtin.set_fact: init_node: "{{ item }}" loop: "{{ groups['masters'] }}" when: hostvars[item].cluster_init | default(false) - name: Detect init node SSH port ansible.builtin.wait_for: host: "{{ hostvars[init_node].ansible_host }}" port: "{{ ssh_new_port }}" timeout: 3 delegate_to: localhost become: false register: init_node_port_check ignore_errors: true - name: Set init node SSH port ansible.builtin.set_fact: init_node_port: "{{ ssh_new_port if init_node_port_check is succeeded else 22 }}" - name: Read K3S_TOKEN from init node ansible.builtin.slurp: src: /var/lib/rancher/k3s/server/node-token register: k3s_token_content delegate_to: "{{ init_node }}" vars: ansible_port: "{{ hostvars[inventory_hostname].init_node_port }}" - name: Determine K3S_SERVER_URL ansible.builtin.set_fact: # 优先使用 HA_SERVER_URL 环境变量,否则使用 init 节点地址 k3s_server_url: "{{ ha_server_url if (ha_server_url | length > 0) else 'https://' + hostvars[init_node].ansible_host + ':6443' }}" - name: Set K3S_TOKEN and K3S_SERVER_URL for target hosts ansible.builtin.set_fact: k3s_token: "{{ k3s_token_content.content | b64decode | trim }}" k3s_server_url: "{{ k3s_server_url }}" delegate_to: "{{ item }}" delegate_facts: true loop: "{{ ansible_play_hosts }}" - name: Install K3s on other masters hosts: masters gather_facts: true serial: 1 tags: [k3s] roles: - role: k3s when: not (cluster_init | default(false)) - name: Install K3s on agents hosts: agents gather_facts: true tags: [k3s] roles: - k3s # ============================================ # 阶段 4: 显示集群状态 # ============================================ - name: Show cluster status hosts: masters gather_facts: false tags: [status] run_once: true tasks: - name: Get nodes ansible.builtin.command: kubectl get nodes -o wide environment: KUBECONFIG: /etc/rancher/k3s/k3s.yaml register: nodes changed_when: false when: cluster_init | default(false) - name: Display nodes ansible.builtin.debug: msg: | ══════════════════════════════════════════════════════════════ K3s 集群节点: {{ nodes.stdout }} ══════════════════════════════════════════════════════════════ when: cluster_init | default(false) # ============================================ # K3s 卸载 (需显式指定: --tags uninstall) # ============================================ - name: Uninstall K3s agents hosts: agents gather_facts: false tags: [uninstall, never] tasks: - name: Check agent uninstall script ansible.builtin.stat: path: /usr/local/bin/k3s-agent-uninstall.sh register: agent_uninstall_script - name: Run k3s-agent-uninstall.sh ansible.builtin.command: /usr/local/bin/k3s-agent-uninstall.sh when: agent_uninstall_script.stat.exists changed_when: true - name: Uninstall K3s masters hosts: masters gather_facts: false serial: 1 tags: [uninstall, never] tasks: - name: Check server uninstall script ansible.builtin.stat: path: /usr/local/bin/k3s-uninstall.sh register: server_uninstall_script - name: Run k3s-uninstall.sh ansible.builtin.command: /usr/local/bin/k3s-uninstall.sh when: server_uninstall_script.stat.exists changed_when: true