diff --git a/ansible/ansible.cfg b/ansible/ansible.cfg index 3c5ff5d..6b59508 100644 --- a/ansible/ansible.cfg +++ b/ansible/ansible.cfg @@ -10,4 +10,3 @@ become = True host_key_checking = False deprecation_warnings = False callback_whitelist = profile_tasks -ansible_stdout_callback=debug diff --git a/ansible/inventory/.gitignore b/ansible/inventory/.gitignore index ccef122..184d4c6 100644 --- a/ansible/inventory/.gitignore +++ b/ansible/inventory/.gitignore @@ -1 +1,3 @@ -inventory.yaml \ No newline at end of file +* +!.gitignore +!sample \ No newline at end of file diff --git a/ansible/inventory/example.inventory.yaml b/ansible/inventory/example.inventory.yaml deleted file mode 100644 index 5926b52..0000000 --- a/ansible/inventory/example.inventory.yaml +++ /dev/null @@ -1,40 +0,0 @@ -# TuringPi Server ---- -all: - children: - hosts: - master: - ansible_user: node - ansible_host: 192.168.xx.xx - static_hostname: master - static_ip: 192.168.xx.xx - node1: - ansible_user: node - ansible_host: 192.168.xx.xx - static_hostname: node1 - static_ip: 192.168.xx.xx - node2: - ansible_user: node - ansible_host: 192.168.xx.xx - static_hostname: node2 - static_ip: 192.168.xx.xx - node3: - ansible_user: node - ansible_host: 192.168.xx.xx - static_hostname: node3 - static_ip: 192.168.xx.xx - node4: - ansible_user: node - ansible_host: 192.168.xx.xx - static_hostname: node4 - static_ip: 192.168.xx.xx - node5: - ansible_user: node - ansible_host: 192.168.xx.xx - static_hostname: node5 - static_ip: 192.168.xx.xx - node6: - ansible_user: node - ansible_host: 192.168.xx.xx - static_hostname: node6 - static_ip: 192.168.xx.xx diff --git a/ansible/playbooks/k3s.yml b/ansible/playbooks/k3s.yml new file mode 100644 index 0000000..31cc96e --- /dev/null +++ b/ansible/playbooks/k3s.yml @@ -0,0 +1,19 @@ +--- + +- hosts: k3s_cluster + gather_facts: yes + become: yes + roles: + - role: prereq + - role: download + - role: raspberrypi + +- hosts: master + become: yes + roles: + - role: k3s/master + +- hosts: node + become: yes + roles: + - role: k3s/node diff --git a/ansible/playbooks/reset-k3s.yml b/ansible/playbooks/reset-k3s.yml new file mode 100644 index 0000000..77577fd --- /dev/null +++ b/ansible/playbooks/reset-k3s.yml @@ -0,0 +1,7 @@ +--- + +- hosts: k3s_cluster + gather_facts: yes + become: yes + roles: + - role: reset diff --git a/ansible/roles/download/tasks/main.yml b/ansible/roles/download/tasks/main.yml new file mode 100644 index 0000000..ede10f5 --- /dev/null +++ b/ansible/roles/download/tasks/main.yml @@ -0,0 +1,36 @@ +--- + +- name: Download k3s binary x64 + get_url: + url: https://github.com/k3s-io/k3s/releases/download/{{ k3s_version }}/k3s + checksum: sha256:https://github.com/k3s-io/k3s/releases/download/{{ k3s_version }}/sha256sum-amd64.txt + dest: /usr/local/bin/k3s + owner: root + group: root + mode: 0755 + when: ansible_facts.architecture == "x86_64" + +- name: Download k3s binary arm64 + get_url: + url: https://github.com/k3s-io/k3s/releases/download/{{ k3s_version }}/k3s-arm64 + checksum: sha256:https://github.com/k3s-io/k3s/releases/download/{{ k3s_version }}/sha256sum-arm64.txt + dest: /usr/local/bin/k3s + owner: root + group: root + mode: 0755 + when: + - ( ansible_facts.architecture is search("arm") and + ansible_facts.userspace_bits == "64" ) or + ansible_facts.architecture is search("aarch64") + +- name: Download k3s binary armhf + get_url: + url: https://github.com/k3s-io/k3s/releases/download/{{ k3s_version }}/k3s-armhf + checksum: sha256:https://github.com/k3s-io/k3s/releases/download/{{ k3s_version }}/sha256sum-arm.txt + dest: /usr/local/bin/k3s + owner: root + group: root + mode: 0755 + when: + - ansible_facts.architecture is search("arm") + - ansible_facts.userspace_bits == "32" \ No newline at end of file diff --git a/ansible/roles/hostname/README.md b/ansible/roles/hostname/README.md deleted file mode 100644 index 225dd44..0000000 --- a/ansible/roles/hostname/README.md +++ /dev/null @@ -1,38 +0,0 @@ -Role Name -========= - -A brief description of the role goes here. - -Requirements ------------- - -Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required. - -Role Variables --------------- - -A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well. - -Dependencies ------------- - -A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles. - -Example Playbook ----------------- - -Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too: - - - hosts: servers - roles: - - { role: username.rolename, x: 42 } - -License -------- - -BSD - -Author Information ------------------- - -An optional section for the role authors to include contact information, or a website (HTML is not allowed). diff --git a/ansible/roles/hostname/defaults/main.yml b/ansible/roles/hostname/defaults/main.yml deleted file mode 100644 index 246065f..0000000 --- a/ansible/roles/hostname/defaults/main.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -# defaults file for hostname -static_hostname: node diff --git a/ansible/roles/hostname/meta/main.yml b/ansible/roles/hostname/meta/main.yml deleted file mode 100644 index 2329a03..0000000 --- a/ansible/roles/hostname/meta/main.yml +++ /dev/null @@ -1,38 +0,0 @@ ---- -galaxy_info: - author: ztnel - description: set static hostname on base debian OS - - # Choose a valid license ID from https://spdx.org - some suggested licenses: - # - BSD-3-Clause (default) - # - MIT - # - GPL-2.0-or-later - # - GPL-3.0-only - # - Apache-2.0 - # - CC-BY-4.0 - license: GPL-3.0-only - - min_ansible_version: 2.1 - - # - # Provide a list of supported platforms, and for each platform a list of versions. - # If you don't wish to enumerate all versions for a particular platform, use 'all'. - # To view available platforms and versions (or releases), visit: - # https://galaxy.ansible.com/api/v1/platforms/ - # - platforms: - - name: Debian - versions: - - all - - # List tags for your role here, one per line. A tag is a keyword that describes - # and categorizes the role. Users find roles by searching for tags. Be sure to - # remove the '[]' above, if you add tags to this list. - # - # NOTE: A tag is limited to a single word comprised of alphanumeric characters. - # Maximum 20 tags per role. - galaxy_tags: [] - -# List your role dependencies here, one per line. Be sure to remove the '[]' above, -# if you add dependencies to this list. -dependencies: [] diff --git a/ansible/roles/hostname/tasks/main.yml b/ansible/roles/hostname/tasks/main.yml deleted file mode 100644 index 5c04df8..0000000 --- a/ansible/roles/hostname/tasks/main.yml +++ /dev/null @@ -1,27 +0,0 @@ ---- -- name: Clear hostname file - become: true - lineinfile: - path: /etc/hostname - state: absent - # match all lines - regexp: "^.*$" - -- name: Set hostname - become: true - lineinfile: - path: /etc/hostname - line: "{{ static_hostname }}" - create: true - -- name: Update hosts file - become: true - lineinfile: - path: /etc/hosts - line: "127.0.0.1 {{ static_hostname }}" - create: true - regexp: '^127\.0\.0\.1\s+localhost$' - -- name: Reboot system - become: true - reboot: diff --git a/ansible/roles/hostname/tests/inventory b/ansible/roles/hostname/tests/inventory deleted file mode 100644 index 878877b..0000000 --- a/ansible/roles/hostname/tests/inventory +++ /dev/null @@ -1,2 +0,0 @@ -localhost - diff --git a/ansible/roles/hostname/tests/test.yml b/ansible/roles/hostname/tests/test.yml deleted file mode 100644 index 8a43845..0000000 --- a/ansible/roles/hostname/tests/test.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -- hosts: localhost - remote_user: root - roles: - - hostname diff --git a/ansible/roles/hostname/vars/main.yml b/ansible/roles/hostname/vars/main.yml deleted file mode 100644 index 3afc2e0..0000000 --- a/ansible/roles/hostname/vars/main.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -# vars file for hostname diff --git a/ansible/roles/k3s/master/defaults/main.yml b/ansible/roles/k3s/master/defaults/main.yml new file mode 100644 index 0000000..c56778f --- /dev/null +++ b/ansible/roles/k3s/master/defaults/main.yml @@ -0,0 +1,2 @@ +--- +k3s_server_location: /var/lib/rancher/k3s diff --git a/ansible/roles/k3s/master/tasks/main.yml b/ansible/roles/k3s/master/tasks/main.yml new file mode 100644 index 0000000..77b58f6 --- /dev/null +++ b/ansible/roles/k3s/master/tasks/main.yml @@ -0,0 +1,79 @@ +--- + +- name: Copy K3s service file + register: k3s_service + template: + src: "k3s.service.j2" + dest: "{{ systemd_dir }}/k3s.service" + owner: root + group: root + mode: 0644 + +- name: Enable and check K3s service + systemd: + name: k3s + daemon_reload: yes + state: restarted + enabled: yes + +- name: Wait for node-token + wait_for: + path: "{{ k3s_server_location }}/server/node-token" + +- name: Register node-token file access mode + stat: + path: "{{ k3s_server_location }}/server/node-token" + register: p + +- name: Change file access node-token + file: + path: "{{ k3s_server_location }}/server/node-token" + mode: "g+rx,o+rx" + +- name: Read node-token from master + slurp: + path: "{{ k3s_server_location }}/server/node-token" + register: node_token + +- name: Store Master node-token + set_fact: + token: "{{ node_token.content | b64decode | regex_replace('\n', '') }}" + +- name: Restore node-token file access + file: + path: "{{ k3s_server_location }}/server/node-token" + mode: "{{ p.stat.mode }}" + +- name: Create directory .kube + file: + path: ~{{ ansible_user }}/.kube + state: directory + owner: "{{ ansible_user }}" + mode: "u=rwx,g=rx,o=" + +- name: Copy config file to user home directory + copy: + src: /etc/rancher/k3s/k3s.yaml + dest: ~{{ ansible_user }}/.kube/config + remote_src: yes + owner: "{{ ansible_user }}" + mode: "u=rw,g=,o=" + +- name: Replace https://localhost:6443 by https://master-ip:6443 + command: >- + k3s kubectl config set-cluster default + --server=https://{{ master_ip }}:6443 + --kubeconfig ~{{ ansible_user }}/.kube/config + changed_when: true + +- name: Create kubectl symlink + file: + src: /usr/local/bin/k3s + dest: /usr/local/bin/kubectl + state: link + +- name: Create crictl symlink + file: + src: /usr/local/bin/k3s + dest: /usr/local/bin/crictl + state: link diff --git a/ansible/roles/k3s/master/templates/k3s.service.j2 b/ansible/roles/k3s/master/templates/k3s.service.j2 new file mode 100644 index 0000000..a56ab10 --- /dev/null +++ b/ansible/roles/k3s/master/templates/k3s.service.j2 @@ -0,0 +1,24 @@ +[Unit] +Description=Lightweight Kubernetes +Documentation=https://k3s.io +After=network-online.target + +[Service] +Type=notify +ExecStartPre=-/sbin/modprobe br_netfilter +ExecStartPre=-/sbin/modprobe overlay +ExecStart=/usr/local/bin/k3s server --data-dir {{ k3s_server_location }} {{ extra_server_args | default("") }} +KillMode=process +Delegate=yes +# Having non-zero Limit*s causes performance problems due to accounting overhead +# in the kernel. We recommend using cgroups to do container-local accounting. +LimitNOFILE=1048576 +LimitNPROC=infinity +LimitCORE=infinity +TasksMax=infinity +TimeoutStartSec=0 +Restart=always +RestartSec=5s + +[Install] +WantedBy=multi-user.target diff --git a/ansible/roles/k3s/node/tasks/main.yml b/ansible/roles/k3s/node/tasks/main.yml new file mode 100644 index 0000000..0ce8e08 --- /dev/null +++ b/ansible/roles/k3s/node/tasks/main.yml @@ -0,0 +1,16 @@ +--- + +- name: Copy K3s service file + template: + src: "k3s.service.j2" + dest: "{{ systemd_dir }}/k3s-node.service" + owner: root + group: root + mode: 0755 + +- name: Enable and check K3s service + systemd: + name: k3s-node + daemon_reload: yes + state: restarted + enabled: yes diff --git a/ansible/roles/k3s/node/templates/k3s.service.j2 b/ansible/roles/k3s/node/templates/k3s.service.j2 new file mode 100644 index 0000000..99a0ac3 --- /dev/null +++ b/ansible/roles/k3s/node/templates/k3s.service.j2 @@ -0,0 +1,24 @@ +[Unit] +Description=Lightweight Kubernetes +Documentation=https://k3s.io +After=network-online.target + +[Service] +Type=notify +ExecStartPre=-/sbin/modprobe br_netfilter +ExecStartPre=-/sbin/modprobe overlay +ExecStart=/usr/local/bin/k3s agent --server https://{{ master_ip }}:6443 --token {{ hostvars[groups['master'][0]]['token'] }} {{ extra_agent_args | default("") }} +KillMode=process +Delegate=yes +# Having non-zero Limit*s causes performance problems due to accounting overhead +# in the kernel. We recommend using cgroups to do container-local accounting. +LimitNOFILE=1048576 +LimitNPROC=infinity +LimitCORE=infinity +TasksMax=infinity +TimeoutStartSec=0 +Restart=always +RestartSec=5s + +[Install] +WantedBy=multi-user.target diff --git a/ansible/roles/prereq/tasks/main.yml b/ansible/roles/prereq/tasks/main.yml new file mode 100644 index 0000000..e857729 --- /dev/null +++ b/ansible/roles/prereq/tasks/main.yml @@ -0,0 +1,54 @@ +--- +- name: Set SELinux to disabled state + selinux: + state: disabled + when: ansible_distribution in ['CentOS', 'Red Hat Enterprise Linux'] + +- name: Enable IPv4 forwarding + sysctl: + name: net.ipv4.ip_forward + value: "1" + state: present + reload: yes + +- name: Enable IPv6 forwarding + sysctl: + name: net.ipv6.conf.all.forwarding + value: "1" + state: present + reload: yes + when: ansible_all_ipv6_addresses + +- name: Add br_netfilter to /etc/modules-load.d/ + copy: + content: "br_netfilter" + dest: /etc/modules-load.d/br_netfilter.conf + mode: "u=rw,g=,o=" + when: ansible_distribution in ['CentOS', 'Red Hat Enterprise Linux'] + +- name: Load br_netfilter + modprobe: + name: br_netfilter + state: present + when: ansible_distribution in ['CentOS', 'Red Hat Enterprise Linux'] + +- name: Set bridge-nf-call-iptables (just to be sure) + sysctl: + name: "{{ item }}" + value: "1" + state: present + reload: yes + when: ansible_distribution in ['CentOS', 'Red Hat Enterprise Linux'] + loop: + - net.bridge.bridge-nf-call-iptables + - net.bridge.bridge-nf-call-ip6tables + +- name: Add /usr/local/bin to sudo secure_path + lineinfile: + line: 'Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin' + regexp: "Defaults(\\s)*secure_path(\\s)*=" + state: present + insertafter: EOF + path: /etc/sudoers + validate: 'visudo -cf %s' + when: ansible_distribution in ['CentOS', 'Red Hat Enterprise Linux'] diff --git a/ansible/roles/raspberrypi/handlers/main.yml b/ansible/roles/raspberrypi/handlers/main.yml new file mode 100644 index 0000000..d25cf90 --- /dev/null +++ b/ansible/roles/raspberrypi/handlers/main.yml @@ -0,0 +1,3 @@ +--- +- name: reboot + reboot: diff --git a/ansible/roles/raspberrypi/tasks/main.yml b/ansible/roles/raspberrypi/tasks/main.yml new file mode 100644 index 0000000..b80c91f --- /dev/null +++ b/ansible/roles/raspberrypi/tasks/main.yml @@ -0,0 +1,51 @@ +--- +- name: Test for raspberry pi /proc/cpuinfo + command: grep -E "Raspberry Pi|BCM2708|BCM2709|BCM2835|BCM2836" /proc/cpuinfo + register: grep_cpuinfo_raspberrypi + failed_when: false + changed_when: false + +- name: Test for raspberry pi /proc/device-tree/model + command: grep -E "Raspberry Pi" /proc/device-tree/model + register: grep_device_tree_model_raspberrypi + failed_when: false + changed_when: false + +- name: Set raspberry_pi fact to true + set_fact: + raspberry_pi: true + when: + grep_cpuinfo_raspberrypi.rc == 0 or grep_device_tree_model_raspberrypi.rc == 0 + +- name: Set detected_distribution to Raspbian + set_fact: + detected_distribution: Raspbian + when: > + raspberry_pi|default(false) and + ( ansible_facts.lsb.id|default("") == "Raspbian" or + ansible_facts.lsb.description|default("") is match("[Rr]aspbian.*") ) + +- name: Set detected_distribution to Raspbian (ARM64 on Debian Buster) + set_fact: + detected_distribution: Raspbian + when: + - ansible_facts.architecture is search("aarch64") + - raspberry_pi|default(false) + - ansible_facts.lsb.description|default("") is match("Debian.*buster") + +- name: Set detected_distribution_major_version + set_fact: + detected_distribution_major_version: "{{ ansible_facts.lsb.major_release }}" + when: + - detected_distribution | default("") == "Raspbian" + +- name: execute OS related tasks on the Raspberry Pi + include_tasks: "{{ item }}" + with_first_found: + - "prereq/{{ detected_distribution }}-{{ detected_distribution_major_version }}.yml" + - "prereq/{{ detected_distribution }}.yml" + - "prereq/{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml" + - "prereq/{{ ansible_distribution }}.yml" + - "prereq/default.yml" + when: + - raspberry_pi|default(false) diff --git a/ansible/roles/raspberrypi/tasks/prereq/CentOS.yml b/ansible/roles/raspberrypi/tasks/prereq/CentOS.yml new file mode 100644 index 0000000..af83564 --- /dev/null +++ b/ansible/roles/raspberrypi/tasks/prereq/CentOS.yml @@ -0,0 +1,8 @@ +--- +- name: Enable cgroup via boot commandline if not already enabled for Centos + lineinfile: + path: /boot/cmdline.txt + backrefs: yes + regexp: '^((?!.*\bcgroup_enable=cpuset cgroup_memory=1 cgroup_enable=memory\b).*)$' + line: '\1 cgroup_enable=cpuset cgroup_memory=1 cgroup_enable=memory' + notify: reboot diff --git a/ansible/roles/raspberrypi/tasks/prereq/Raspbian.yml b/ansible/roles/raspberrypi/tasks/prereq/Raspbian.yml new file mode 100644 index 0000000..42bfe7d --- /dev/null +++ b/ansible/roles/raspberrypi/tasks/prereq/Raspbian.yml @@ -0,0 +1,25 @@ +--- +- name: Activating cgroup support + lineinfile: + path: /boot/cmdline.txt + regexp: '^((?!.*\bcgroup_enable=cpuset cgroup_memory=1 cgroup_enable=memory\b).*)$' + line: '\1 cgroup_enable=cpuset cgroup_memory=1 cgroup_enable=memory' + backrefs: true + notify: reboot + +- name: Flush iptables before changing to iptables-legacy + iptables: + flush: true + changed_when: false # iptables flush always returns changed + +- name: Changing to iptables-legacy + alternatives: + path: /usr/sbin/iptables-legacy + name: iptables + register: ip4_legacy + +- name: Changing to ip6tables-legacy + alternatives: + path: /usr/sbin/ip6tables-legacy + name: ip6tables + register: ip6_legacy diff --git a/ansible/roles/raspberrypi/tasks/prereq/Ubuntu.yml b/ansible/roles/raspberrypi/tasks/prereq/Ubuntu.yml new file mode 100644 index 0000000..742fc21 --- /dev/null +++ b/ansible/roles/raspberrypi/tasks/prereq/Ubuntu.yml @@ -0,0 +1,8 @@ +--- +- name: Enable cgroup via boot commandline if not already enabled for Ubuntu on a Raspberry Pi + lineinfile: + path: /boot/firmware/cmdline.txt + backrefs: yes + regexp: '^((?!.*\bcgroup_enable=cpuset cgroup_memory=1 cgroup_enable=memory\b).*)$' + line: '\1 cgroup_enable=cpuset cgroup_memory=1 cgroup_enable=memory' + notify: reboot diff --git a/ansible/roles/raspberrypi/tasks/prereq/default.yml b/ansible/roles/raspberrypi/tasks/prereq/default.yml new file mode 100644 index 0000000..ed97d53 --- /dev/null +++ b/ansible/roles/raspberrypi/tasks/prereq/default.yml @@ -0,0 +1 @@ +--- diff --git a/ansible/roles/reset/tasks/main.yml b/ansible/roles/reset/tasks/main.yml new file mode 100644 index 0000000..728447f --- /dev/null +++ b/ansible/roles/reset/tasks/main.yml @@ -0,0 +1,42 @@ +--- +- name: Disable services + systemd: + name: "{{ item }}" + state: stopped + enabled: no + failed_when: false + with_items: + - k3s + - k3s-node + +- name: pkill -9 -f "k3s/data/[^/]+/bin/containerd-shim-runc" + register: pkill_containerd_shim_runc + command: pkill -9 -f "k3s/data/[^/]+/bin/containerd-shim-runc" + changed_when: "pkill_containerd_shim_runc.rc == 0" + failed_when: false + +- name: Umount k3s filesystems + include_tasks: umount_with_children.yml + with_items: + - /run/k3s + - /var/lib/kubelet + - /run/netns + - /var/lib/rancher/k3s + loop_control: + loop_var: mounted_fs + +- name: Remove service files, binaries and data + file: + name: "{{ item }}" + state: absent + with_items: + - /usr/local/bin/k3s + - "{{ systemd_dir }}/k3s.service" + - "{{ systemd_dir }}/k3s-node.service" + - /etc/rancher/k3s + - /var/lib/kubelet + - /var/lib/rancher/k3s + +- name: daemon_reload + systemd: + daemon_reload: yes diff --git a/ansible/roles/reset/tasks/umount_with_children.yml b/ansible/roles/reset/tasks/umount_with_children.yml new file mode 100644 index 0000000..5883b70 --- /dev/null +++ b/ansible/roles/reset/tasks/umount_with_children.yml @@ -0,0 +1,16 @@ +--- +- name: Get the list of mounted filesystems + shell: set -o pipefail && cat /proc/mounts | awk '{ print $2}' | grep -E "^{{ mounted_fs }}" + register: get_mounted_filesystems + args: + executable: /bin/bash + failed_when: false + changed_when: get_mounted_filesystems.stdout | length > 0 + check_mode: false + +- name: Umount filesystem + mount: + path: "{{ item }}" + state: unmounted + with_items: + "{{ get_mounted_filesystems.stdout_lines | reverse | list }}" diff --git a/ansible/roles/tasks/main.yml b/ansible/roles/tasks/main.yml new file mode 100644 index 0000000..1450fd8 --- /dev/null +++ b/ansible/roles/tasks/main.yml @@ -0,0 +1,36 @@ +--- + +- name: Download k3s binary x64 + get_url: + url: https://github.com/k3s-io/k3s/releases/download/{{ k3s_version }}/k3s + checksum: sha256:https://github.com/k3s-io/k3s/releases/download/{{ k3s_version }}/sha256sum-amd64.txt + dest: /usr/local/bin/k3s + owner: root + group: root + mode: 0755 + when: ansible_facts.architecture == "x86_64" + +- name: Download k3s binary arm64 + get_url: + url: https://github.com/k3s-io/k3s/releases/download/{{ k3s_version }}/k3s-arm64 + checksum: sha256:https://github.com/k3s-io/k3s/releases/download/{{ k3s_version }}/sha256sum-arm64.txt + dest: /usr/local/bin/k3s + owner: root + group: root + mode: 0755 + when: + - ( ansible_facts.architecture is search("arm") and + ansible_facts.userspace_bits == "64" ) or + ansible_facts.architecture is search("aarch64") + +- name: Download k3s binary armhf + get_url: + url: https://github.com/k3s-io/k3s/releases/download/{{ k3s_version }}/k3s-armhf + checksum: sha256:https://github.com/k3s-io/k3s/releases/download/{{ k3s_version }}/sha256sum-arm.txt + dest: /usr/local/bin/k3s + owner: root + group: root + mode: 0755 + when: + - ansible_facts.architecture is search("arm") + - ansible_facts.userspace_bits == "32"