terraform script add

2023-10-19 16:35:47 +09:00
commit 65f305d107
947 changed files with 81629 additions and 0 deletions
--- a/packer/ansible/roles/docker/tasks/00-amazon-os-main.yml
+++ b/packer/ansible/roles/docker/tasks/00-amazon-os-main.yml
@@ -0,0 +1,86 @@
+---
+- name: Update and upgrade yum packages
+  yum:
+    name: "*"
+    state: latest
+
+- name: Install yum packages
+  yum:
+    name: "{{ item }}"
+    state: present
+  with_items:
+    - python-pip
+    - yum-utils
+    - device-mapper-persistent-data
+    - lvm2
+    - amazon-linux-extras      
+
+- name: Add extras repository
+  shell: yum-config-manager --enable extras
+
+- name: Disable firewalld
+  systemd: name=firewalld state=stopped
+  ignore_errors: yes
+  tags:
+   - install
+   - atomic
+   - firewalld
+
+- name: Disable SWAP since kubernetes can't work with swap enabled (1/2)
+  command: 'swapoff -a'
+
+    # - name: Disable SWAP in fstab since kubernetes can't work with swap enabled (2/2)
+    #   replace:
+    #     path: /etc/fstab
+    #     regexp: '^([^#].*?\sswap\s+sw\s+.*)$'
+    #     replace: '# \1'
+
+- name: Disable SWAP in fstab since kubernetes can't work with swap enabled (2/2)
+  become: true
+  lineinfile:
+    path: /etc/fstab
+    regexp: '^/dev/mapper/.*swap'
+    line: '# {{ item }}'
+      #  when: item is search('^/dev/mapper/.*swap')
+  loop: "{{ lookup('file', '/etc/fstab').split('\n') }}"
+
+- name: Add br_netfilter to module autoload
+  lineinfile:
+    path: /etc/modules-load.d/k8s2.conf
+    line: "{{ item }}"
+    create: true
+  with_items:
+    - 'overlay'
+    - 'br_netfilter'
+
+- name: Add br_netfilter to module autoload
+  modprobe:
+    name: "{{ item }}"
+    state: present
+  become: true
+  with_items:
+    - 'overlay'
+    - 'br_netfilter'
+
+- name: Add br_netfilter to module autoload
+  lineinfile:
+    path: /etc/sysctl.d/k8s.conf
+    line: "{{ item }}"
+    create: true
+  with_items:
+    - 'net.bridge.bridge-nf-call-iptables  = 1'
+    - 'net.bridge.bridge-nf-call-ip6tables = 1'
+    - 'net.ipv4.ip_forward                 = 1'
+
+- name: Disable net.bridge.bridge-nf-call-iptables
+  sysctl:
+    name: "{{ item }}"
+    value: 1
+  with_items:
+    - 'net.bridge.bridge-nf-call-iptables'
+    - 'net.bridge.bridge-nf-call-ip6tables'
+
+- name: Disable net.ipv4.ip_forward
+  sysctl:
+    name: net.ipv4.ip_forward
+    value: "1"
--- a/packer/ansible/roles/docker/tasks/00-ubuntu-os-main.yml
+++ b/packer/ansible/roles/docker/tasks/00-ubuntu-os-main.yml
@@ -0,0 +1,66 @@
+---
+- name: Update and upgrade apt packages
+  apt:
+    upgrade: yes
+    update_cache: yes
+    force_apt_get: yes
+    cache_valid_time: 86400
+
+- name: Install apt packages
+  apt:
+    name: ['apt-transport-https', 'ca-certificates', 'curl', 'gnupg', 'lsb-release']
+    state: present
+
+- name: Disable ufw 
+  command: 'ufw disable'
+  when: ansible_distribution_version == '20.04'
+
+- name: Disable SWAP since kubernetes can't work with swap enabled (1/2)
+  command: 'swapoff -a'
+
+- name: Disable SWAP in fstab since kubernetes can't work with swap enabled (2/2)
+  replace:
+    path: /etc/fstab
+    regexp: '^([^#].*?\sswap\s+sw\s+.*)$'
+    replace: '# \1'
+
+- name: Add br_netfilter to module autoload
+  lineinfile:
+    path: /etc/modules-load.d/k8s.conf
+    line: "{{ item }}"
+    create: true
+  with_items:
+    - 'overlay'
+    - 'br_netfilter'
+
+- name: Add br_netfilter to module autoload
+  modprobe:
+    name: "{{ item }}"
+    state: present
+  become: true
+  with_items:
+    - 'overlay'
+    - 'br_netfilter'
+
+- name: Add br_netfilter to module autoload
+  lineinfile:
+    path: /etc/sysctl.d/k8s.conf
+    line: "{{ item }}"
+    create: true
+  with_items:
+    - 'net.bridge.bridge-nf-call-iptables  = 1'
+    - 'net.bridge.bridge-nf-call-ip6tables = 1'
+    - 'net.ipv4.ip_forward                 = 1'
+
+- name: Disable net.bridge.bridge-nf-call-iptables
+  sysctl:
+    name: "{{ item }}"
+    value: 1
+  with_items:
+    - 'net.bridge.bridge-nf-call-iptables'
+    - 'net.bridge.bridge-nf-call-ip6tables'
+
+- name: Disable net.ipv4.ip_forward
+  sysctl:
+    name: net.ipv4.ip_forward
+    value: "1"
--- a/packer/ansible/roles/docker/tasks/01-amazon-os-docker.yml
+++ b/packer/ansible/roles/docker/tasks/01-amazon-os-docker.yml
@@ -0,0 +1,53 @@
+---
+- name: Install docker-ce (centos) via amazon-linux-extras packages
+  shell: "amazon-linux-extras install docker -y"
+
+- name: Ensure Python pip packages are installed
+  pip:
+    name: "{{ item }}"
+  with_items:
+    - boto
+    - boto3
+    - docker-compose
+
+#- name: Add docker script
+#  command: curl -fsSL https://get.docker.com -o /root/get-docker.sh
+#
+#- name: install docker
+#  command: sh /root/get-docker.sh
+#
+- name: Create docker configuration directory
+  file:
+    path: /etc/docker
+    state: directory
+
+#- name: Install required packages
+#  yum:
+#    name: ['docker-ce']
+#    state: present
+#  notify:
+#    - Reload systemd configuration
+#    - Restart docker service
+
+- name: Configure docker
+  template:
+    src: daemon.json.j2
+    dest: /etc/docker/daemon.json
+  notify:
+    - Reload systemd configuration
+    - Restart docker service
+
+#- name: Delete containerd config
+#  file:
+#    path: /etc/containerd/config.toml
+#    state: absent
+#  notify:
+#    - Restart containerd service
+
+- meta: flush_handlers
+
+- name: Enable docker service
+  service:
+    name: docker
+    enabled: True
+    state: started
--- a/packer/ansible/roles/docker/tasks/01-ubuntu-os-docker.yml
+++ b/packer/ansible/roles/docker/tasks/01-ubuntu-os-docker.yml
@@ -0,0 +1,19 @@
+---
+- name: Add docker script
+  command: curl -fsSL https://get.docker.com -o /root/get-docker.sh
+
+- name: install docker
+  command: sh /root/get-docker.sh
+
+- name: Create docker configuration directory
+  file:
+    path: /etc/docker
+    state: directory
+
+- name: Configure docker
+  template:
+    src: daemon.json.j2
+    dest: /etc/docker/daemon.json
+  notify:
+    - Reload systemd configuration
+    - Restart docker service
--- a/packer/ansible/roles/docker/tasks/main.yml
+++ b/packer/ansible/roles/docker/tasks/main.yml
@@ -0,0 +1,19 @@
+---
+- name: Gather Ansible Facts
+  ansible.builtin.setup:
+
+- include: 00-amazon-os-main.yml
+  tags: amazon
+  when: ansible_facts.os_family == 'RedHat' 
+
+- include: 00-ubuntu-os-main.yml
+  tags: ubuntu
+  when: ansible_facts.os_family == 'Debian'
+
+- include: 01-amazon-os-docker.yml
+  tags: cent-docker
+  when: ansible_facts.os_family == 'RedHat'
+
+- include: 01-ubuntu-os-docker.yml
+  tags: ubuntu-docker
+  when: ansible_facts.os_family == 'Debian'
--- a/packer/ansible/roles/docker/tasks/sysctl.yml
+++ b/packer/ansible/roles/docker/tasks/sysctl.yml
@@ -0,0 +1,8 @@
+---
+- name: Add pam_tally2.so 
+  template:
+    src: sysctl.j2
+    dest: /etc/sysctl.conf
+    owner: root
+    group: root
+    mode: 0644