Ansible

Overview

Use Ansible for repeatable, idempotent changes across nodes. Keep playbooks minimal, explicit about hosts, and safe to re-run.

When to use

• You need to apply the same change on multiple hosts.
• The change touches OS packages, services, or system config.
• You are bootstrapping or maintaining k3s, Rancher, or Tailscale on nodes.

Inventory and groups

Inventory lives in ansible/inventory/hosts.ini. Common groups:

• kube_masters (k3s masters)
• kube_workers (k3s workers)
• k3s_cluster (masters + workers)
• proxy (nuc)
• docker_hosts (docker-host)

Quick start

Ping all nodes in the cluster:

ansible -i ansible/inventory/hosts.ini k3s_cluster -m ping -u kalmyk

Run a playbook on all nodes in the cluster:

ansible-playbook -i ansible/inventory/hosts.ini ansible/playbooks/install_nfs_client.yml -u kalmyk -b

Limit to a single host:

ansible-playbook -i ansible/inventory/hosts.ini ansible/playbooks/install_tailscale.yml -u kalmyk -b --limit kube-worker-00

Common playbooks in this repo

• install_nfs_client.yml - install NFS client tools on nodes
• install_tailscale.yml - install Tailscale packages
• start_enable_tailscale.yml - enable and start tailscaled
• start_enable_tailscale_client.yml - start Tailscale client services
• k3s-ha.yml - configure k3s HA cluster
• k3s-oidc.yml - configure OIDC for k3s
• rancher2.yml - install Rancher
• wait_for_rancher.yml - wait until Rancher is ready
• rancher_bootstrap_logs.yml - capture Rancher bootstrap logs
• start_rancher2_container.yml - start Rancher container

Safety and idempotency

• Prefer Ansible modules over shell commands.
• Use --check and --diff when validating a risky change.
• Use --limit to scope changes during testing.
• Keep playbooks idempotent so re-runs are safe.

Validation

• Service check: systemctl status tailscaled
• Logs: journalctl -u tailscaled --no-pager -n 50
• Cluster check: kubectl get nodes -o wide

Resources

• Reference: references/ansible-runbook.md
• Runner: scripts/run-playbook.sh
• Template: assets/playbook-template.yml