Erich Blume
b096df4c71
- Check containerd registry config before writing to avoid unnecessary changes - Fix ansible_env deprecation warnings (use ansible_facts['env']) - Document macOS network permission popup for minikube mount - Document passwordless sudo configuration for indri - Add checks to skip sudo tasks when state already matches Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
168 lines
6.3 KiB
YAML
168 lines
6.3 KiB
YAML
---
|
|
# Minikube installation and cluster setup for indri
|
|
# Uses qemu2 driver for full VM with kernel mount capabilities (NFS, SMB, etc.)
|
|
# Requires socket_vmnet for proper networking (minikube service/tunnel commands)
|
|
#
|
|
# NOTE: minikube start may have issues when run via SSH.
|
|
# If cluster fails to start, manually run on indri:
|
|
# minikube start --driver=qemu2 --network=socket_vmnet --container-runtime=containerd \
|
|
# --cpus=6 --memory=12288 --disk-size=200g \
|
|
# --apiserver-names=k8s.tail8d86e.ts.net --apiserver-names=indri \
|
|
# --apiserver-port=6443 --listen-address=0.0.0.0
|
|
|
|
- name: Install qemu via homebrew (required for qemu2 driver)
|
|
community.general.homebrew:
|
|
name: qemu
|
|
state: present
|
|
|
|
- name: Install socket_vmnet via homebrew (required for qemu2 networking)
|
|
community.general.homebrew:
|
|
name: socket_vmnet
|
|
state: present
|
|
|
|
- name: Check if socket_vmnet process is running
|
|
ansible.builtin.command:
|
|
cmd: pgrep socket_vmnet
|
|
register: minikube_socket_vmnet_status
|
|
changed_when: false
|
|
failed_when: false
|
|
|
|
- name: Start socket_vmnet service
|
|
ansible.builtin.command:
|
|
cmd: brew services start socket_vmnet
|
|
become: true
|
|
register: minikube_socket_vmnet_start
|
|
changed_when: "'Successfully started' in minikube_socket_vmnet_start.stdout"
|
|
failed_when: false
|
|
when: minikube_socket_vmnet_status.rc != 0
|
|
|
|
- name: Install minikube via homebrew
|
|
community.general.homebrew:
|
|
name: minikube
|
|
state: present
|
|
|
|
- name: Install kubectl via homebrew
|
|
community.general.homebrew:
|
|
name: kubectl
|
|
state: present
|
|
|
|
- name: Check if minikube cluster exists
|
|
ansible.builtin.command:
|
|
cmd: minikube status --format={% raw %}'{{.Host}}'{% endraw %}
|
|
register: minikube_status
|
|
changed_when: false
|
|
failed_when: false
|
|
|
|
- name: Start minikube cluster
|
|
ansible.builtin.command:
|
|
cmd: >
|
|
minikube start
|
|
--driver={{ minikube_driver }}
|
|
--network={{ minikube_network }}
|
|
--container-runtime={{ minikube_container_runtime }}
|
|
--cpus={{ minikube_cpus }}
|
|
--memory={{ minikube_memory }}
|
|
--disk-size={{ minikube_disk_size }}
|
|
{% for name in minikube_apiserver_names %}
|
|
--apiserver-names={{ name }}
|
|
{% endfor %}
|
|
--apiserver-port={{ minikube_apiserver_port }}
|
|
--listen-address={{ minikube_listen_address }}
|
|
register: minikube_start
|
|
changed_when: minikube_start.rc == 0
|
|
failed_when: false # Don't fail - may need manual intervention like podman
|
|
when: minikube_status.rc != 0 or 'Running' not in minikube_status.stdout
|
|
|
|
- name: Check minikube status after start attempt
|
|
ansible.builtin.command:
|
|
cmd: minikube status --format={% raw %}'{{.Host}}'{% endraw %}
|
|
register: minikube_final_status
|
|
changed_when: false
|
|
failed_when: false
|
|
|
|
- name: Warn if minikube failed to start
|
|
ansible.builtin.debug:
|
|
msg: "WARNING: minikube may not have started properly. Run 'minikube start' manually on indri if needed. Status: {{ minikube_final_status.stdout | default('unknown') }}"
|
|
when: minikube_final_status.rc != 0 or 'Running' not in minikube_final_status.stdout
|
|
|
|
# Configure VM to access zot registry on host
|
|
# The VM can't resolve Tailscale hostnames, so we add a hosts entry
|
|
# and configure containerd to use the local zot instance
|
|
- name: Add registry hostname to VM hosts file
|
|
ansible.builtin.command:
|
|
cmd: minikube ssh --native-ssh=false "grep -q 'registry.tail8d86e.ts.net' /etc/hosts || echo '192.168.105.1 registry.tail8d86e.ts.net' | sudo tee -a /etc/hosts"
|
|
register: minikube_hosts_entry
|
|
changed_when: "'registry.tail8d86e.ts.net' in minikube_hosts_entry.stdout"
|
|
when: minikube_final_status.rc == 0 and 'Running' in minikube_final_status.stdout
|
|
|
|
- name: Create containerd registry mirror directory
|
|
ansible.builtin.command:
|
|
cmd: minikube ssh --native-ssh=false "sudo mkdir -p /etc/containerd/certs.d/registry.tail8d86e.ts.net"
|
|
register: minikube_registry_dir
|
|
changed_when: false
|
|
when: minikube_final_status.rc == 0 and 'Running' in minikube_final_status.stdout
|
|
|
|
- name: Check containerd registry mirror config
|
|
ansible.builtin.command:
|
|
cmd: minikube ssh --native-ssh=false "cat /etc/containerd/certs.d/registry.tail8d86e.ts.net/hosts.toml 2>/dev/null || echo ''"
|
|
register: minikube_registry_config_current
|
|
changed_when: false
|
|
when: minikube_final_status.rc == 0 and 'Running' in minikube_final_status.stdout
|
|
|
|
- name: Configure containerd registry mirror for zot
|
|
ansible.builtin.command:
|
|
cmd: |
|
|
minikube ssh --native-ssh=false 'echo "server = \"http://host.minikube.internal:5050\"
|
|
|
|
[host.\"http://host.minikube.internal:5050\"]
|
|
capabilities = [\"pull\", \"resolve\"]
|
|
skip_verify = true" | sudo tee /etc/containerd/certs.d/registry.tail8d86e.ts.net/hosts.toml'
|
|
register: minikube_registry_config
|
|
changed_when: true
|
|
when:
|
|
- minikube_final_status.rc == 0 and 'Running' in minikube_final_status.stdout
|
|
- "'host.minikube.internal:5050' not in minikube_registry_config_current.stdout"
|
|
notify: Restart containerd in minikube
|
|
|
|
# Set up persistent NFS mount from sifaka and minikube mount passthrough
|
|
# NFS mount uses LaunchDaemon (runs as root at boot)
|
|
# Minikube mount uses LaunchAgent (runs in user GUI session at login)
|
|
#
|
|
# NOTE: Tasks with become:true require passwordless sudo on indri
|
|
# (configured via /etc/sudoers.d/erichblume)
|
|
|
|
- name: Check if NFS mount point exists
|
|
ansible.builtin.stat:
|
|
path: /Volumes/torrents-nfs
|
|
register: minikube_nfs_mount_point
|
|
|
|
- name: Create NFS mount point
|
|
ansible.builtin.file:
|
|
path: /Volumes/torrents-nfs
|
|
state: directory
|
|
mode: "0755"
|
|
become: true
|
|
when: not minikube_nfs_mount_point.stat.exists
|
|
|
|
- name: Check if NFS LaunchDaemon is installed
|
|
ansible.builtin.stat:
|
|
path: /Library/LaunchDaemons/com.blumeops.nfs-torrents.plist
|
|
register: minikube_nfs_launchdaemon
|
|
|
|
- name: Install NFS mount LaunchDaemon
|
|
ansible.builtin.copy:
|
|
src: com.blumeops.nfs-torrents.plist
|
|
dest: /Library/LaunchDaemons/com.blumeops.nfs-torrents.plist
|
|
owner: root
|
|
group: wheel
|
|
mode: "0644"
|
|
become: true
|
|
notify: Load NFS mount LaunchDaemon
|
|
when: not minikube_nfs_launchdaemon.stat.exists
|
|
|
|
- name: Install minikube mount LaunchAgent
|
|
ansible.builtin.copy:
|
|
src: com.blumeops.minikube-mount.plist
|
|
dest: "{{ ansible_facts['env']['HOME'] }}/Library/LaunchAgents/com.blumeops.minikube-mount.plist"
|
|
mode: "0644"
|
|
notify: Load minikube mount LaunchAgent
|