edwardtheharris · edwardtheharris · Jul 23, 2024 · Jul 23, 2024 · Jul 23, 2024 · Jul 23, 2024
diff --git a/.ansible-lint b/.ansible-lint
@@ -132,6 +132,9 @@ profile: null
 # ```
 skip_list:
   - skip_this_tag
+  - command-instead-of-shell
+  - no-changed-when
+  - loop-var-prefix[missing]
 ###
 # Define required Ansible's variables to satisfy syntax check
 # extra_vars:

diff --git a/.github/workflows/pages.yml b/.github/workflows/pages.yml
@@ -107,7 +107,7 @@ jobs:
           .sphinx/bin/pipenv install --dev
           .sphinx/bin/pipenv install --categories docs
       - name: Build artifact
-        run: .venv/bin/sphinx-build -a -E . deploy
+        run: .venv/bin/sphinx-build -a -b html -E . deploy
       - name: Upload artifact
         uses: actions/upload-pages-artifact@main
         with:

diff --git a/.gitignore b/.gitignore
@@ -9,3 +9,5 @@ node_modules
 package-lock.json
 package.json
 roles/reset/files/*.reset.md
+roles/join/files/join.md
+roles/init/files/admin.conf
diff --git a/Pipfile b/Pipfile
@@ -12,8 +12,10 @@ gitpython = "*"
 loguru = "*"
 pipenv = "*"
 redis = "*"
+sphinxcontrib-yaml = "*"
 
 [dev-packages]
+ansible-lint = "*"
 molecule = "*"
 pytest = "*"
 pytest-cov = "*"

diff --git a/Pipfile.lock b/Pipfile.lock
diff --git a/cicd.md b/cicd.md
@@ -14,7 +14,8 @@ title: CI/CD
 
 Stay away from zero days with Dependabot.
 
-```{autoyaml} .github/dependabot.yml
+```{literalinclude} /.github/dependabot.yml
+:language: yaml
 ```
 
 ## Workflows
@@ -26,21 +27,24 @@ run a lot of pipelines for free.
 
 The CodeQL workflow provided by GitHub is actually pretty good also.
 
-```{autoyaml} .github/workflows/codeql.yml
+```{literalinclude} .github/workflows/codeql.yml
+:language: yaml
 ```
 
 ### pages
 
 Build and deploy the GitHub Pages docs.
 
-```{autoyaml} .github/workflows/pages.yml
+```{literalinclude} .github/workflows/pages.yml
+:language: yaml
 ```
 
 ### shell
 
 And ShellCheck never hurt anybody either.
 
-```{autoyaml} .github/workflows/shell.yml
+```{literalinclude} .github/workflows/shell.yml
+:language: yaml
 ```
 
 ## Lint
@@ -49,5 +53,6 @@ This is the configuration for the various lint tools used here.
 
 ### ansible-lint
 
-```{autoyaml} .ansible-lint
+```{literalinclude} .ansible-lint
+:language: yaml
 ```
diff --git a/conf.py b/conf.py
@@ -31,10 +31,10 @@ def get_version():
 exclude_patterns = [
     "_build",
     "Thumbs.db",
+    'roles/join/files/join.md',
     ".DS_Store",
     ".pytest_cache/*",
     ".tox/*",
-    'roles/reset/files/kcp01.breeze-blocks.net.reset.md/kcp01.breeze-blocks.net/root/reset.md',
     ".venv/*",
 ]
 extensions = [

diff --git a/index.md b/index.md
@@ -18,7 +18,7 @@ title: Ansible Bare Metal K8S
 ```{rubric} site.yml
 ```
 
-```{autoyaml} ./site.yml
+```{literalinclude} ./site.yml
 ```
 
 ### Roles

diff --git a/roles/init/files/reset.yaml b/roles/init/files/reset.yaml
diff --git a/roles/init/index.md b/roles/init/index.md
@@ -18,3 +18,12 @@ More information about the process for HA setup is available
 
 A handy tool for switching k8s contexts is called
 [kubie](https://github.com/sbstp/kubie).
+
+## Tasks
+
+```{literalinclude} /roles/init/tasks/main.yml
+:language: yaml
+```
+
+```{sectionauthor} Xander Harris <[email protected]>
+```
diff --git a/roles/init/tasks/main.yml b/roles/init/tasks/main.yml
@@ -1,4 +1,15 @@
 ---
+  ###
+  # ```{rubric} Prep for Kubeadm
+  # ```
+  # ---
+  # Prepare the first control plane for init.
+  #
+  # ```{literalinclude} /roles/init/tasks/main.yml
+  # :language: yaml
+  # :start-at: "- name: Create kube group\n"
+  # :end-at: "    mode: ugo+rw\n"
+  # ```
 - name: Create kube group
   ansible.builtin.group:
     name: kube
@@ -20,13 +31,9 @@
   ansible.builtin.file:
     dest: /etc/kubeadm/init.token
     state: absent
-
-- name: Reset existing cluster
+- name: Generate a boostrap token
   ansible.builtin.shell:
-    chdir: /etc/kubeadm
-    cmd: >-
-      kubeadm token generate > init.token && cat init.token
-    creates: /etc/kubeadm/init.token
+    cmd: kubeadm token generate
   register: token_out
 - name: Template token init config
   ansible.builtin.template:
@@ -35,12 +42,44 @@
     owner: kube
     group: kube
     mode: ugo+rw
-# - name: Init new cluster
-#   ansible.builtin.command:
-#     chdir: /etc/kubeadm
-#     cmd: kubeadm init --config init.yaml
-#     creates: /etc/kubernetes/admin.conf
-#   register: init_result
-# - name: Debug
-#   ansible.builtin.debug:
-#     var: init_result
+  ###
+  # ```{rubric} Init 1
+  # ```
+  # ---
+  # Run the command to initialize the first control plane.
+  #
+  # ```{literalinclude} /roles/init/tasks/main.yml
+  # :language: yaml
+  # :start-at: "- name: Init new cluster\n"
+  # ```
+- name: Init new cluster
+  ansible.builtin.shell:
+    chdir: /etc/kubeadm
+    cmd: kubeadm init --config init.yaml --upload-certs &> /root/join.md
+    creates: /etc/kubernetes/admin.conf
+  register: init_result
+- name: Debug
+  ansible.builtin.debug:
+    var: init_result
+- name: Pull stored output from host
+  ansible.builtin.fetch:
+    src: /root/join.md
+    dest: roles/join/files/
+    flat: true
+- name: Pull admin conf from remote
+  ansible.builtin.fetch:
+    src: /etc/kubernetes/admin.conf
+    dest: roles/init/files/
+    flat: true
+- name: Copy admin conf back to remote
+  ansible.builtin.copy:
+    src: roles/init/files/admin.conf
+    dest: "{{ item.path }}"
+    owner: "{{ item.owner }}"
+    group: kube
+    mode: u+rw,go-rwx
+  loop:
+    - path: /root/.kube/config
+      owner: root
+    - path: "/home/{{ kcp_nonroot }}/.kube/config"
+      owner: "{{ kcp_nonroot }}"
diff --git a/roles/init/templates/init.yaml b/roles/init/templates/init.yaml
@@ -26,9 +26,9 @@ clusterName: breeze-blocks
 controllerManager: {}
 controlPlaneEndpoint: {{ kcp_aa }}
 dns: {}
-etcd:
-  local:
-    dataDir: /var/lib/etcd
+# etcd:
+#   local:
+#     dataDir: /var/lib/etcd
 imageRepository: registry.k8s.io
 kind: ClusterConfiguration
 kubernetesVersion: 1.30.0

diff --git a/roles/init/templates/join.yaml b/roles/init/templates/join.yaml
diff --git a/roles/join/tasks/main.yml b/roles/join/tasks/main.yml
@@ -0,0 +1,4 @@
+---
+- name: Output nothing
+  ansible.builtin.debug:
+    msg: "nothing here"
diff --git a/roles/reset/index.md b/roles/reset/index.md
@@ -9,7 +9,8 @@ title: Reset Cluster
 
 ## Reset Role Usage
 
-```{autoyaml} roles/reset/tasks/main.yml
+```{literalinclude} /roles/reset/tasks/main.yml
+:language: yaml
 ```
 
 ```{index} role; reset

diff --git a/roles/reset/tasks/main.yml b/roles/reset/tasks/main.yml
@@ -29,7 +29,7 @@
 - name: Show output
   ansible.builtin.debug:
     var: reset_out
-- name: Pull stored output from hosts
-  ansible.builtin.fetch:
-    src: /root/reset.md
-    dest: "roles/reset/files/{{ inventory_hostname }}.reset.md"
+- name: Drop reset output
+  ansible.builtin.file:
+    dest: /root/reset.md
+    state: absent
diff --git a/site.yml b/site.yml
@@ -4,10 +4,21 @@
 # ```
 # ---
 # This playbook defines the primary site deployment code for this repository.
+#
+# ```{literalinclude} /site.yml
+# :language: yaml
+# ```
 - name: Reset Kubernetes Control Planes
   hosts: kcp
   become: true
   roles:
     - role: reset
       tags:
         - reset
+- name: Initialize the first control plane
+  hosts: kcp01
+  become: true
+  roles:
+    - role: init
+      tags:
+        - init