Manager and worker differentiation

ansible.cfg

@@ -0,0 +1,5 @@
+[defaults]
+#added parameters for actual management of LXC nodes with ansible because of bridged
+#networking packet loss
+gather_timeout = 30
+timeout = 30

ansible_swarm_config.sh

@@ -1,3 +1,3 @@
 #!/bin/bash
 [ `id -u` -ne 0 ] && exit 1
-ansible-playbook -i inventory/hosts --tags swarm --diff -v galera.yml
+ansible-playbook -i inventory/hosts --tags swarm --diff -v stack.yml

roles/lxc_swarm/tasks/lxc_nodes.yml

@@ -1,5 +1,4 @@
 ---
-
 - name: Create debian containers for swarm
   lxc_container:
     name: "{{ item }}"
@@ -17,14 +16,14 @@
   with_items:
     - "worker1"
     - "worker2"
-  tags: lxc
+  when: inventory_hostname in groups['manager']
 
 - name: Start lxc containers
   shell: lxc-start --name {{ item }}
   with_items:
     - "worker1"
     - "worker2"
-  tags: lxc
+  when: inventory_hostname in groups['manager']
 
 - name: Remove old container identification keys
   shell: ssh-keygen -f /root/.ssh/known_hosts -R {{ item }}
@@ -34,7 +33,7 @@
   when: inventory_hostname in groups['manager']
 
 - name: Ensure container key is up-to-date locally
-  shell: ssh-keyscan {{ item }} >> /root/.ssh/known_hosts
+  shell: ssh-keyscan -T 15 {{ item }} >> /root/.ssh/known_hosts
   with_items:
     - "10.0.3.100"
     - "10.0.3.101"
@@ -43,4 +42,10 @@
 - name: Install python on LXC container
   raw: which python || (apt-get -y update && apt-get install -y python)
   when: inventory_hostname in groups['workers']
-  tags: python
+
+- name: Allow container network communication with host via linux bridge
+  ufw:
+    rule: allow
+    interface: lxcbr0
+    direction: in
+  when: inventory_hostname in groups['manager']   

roles/lxc_swarm/tasks/main.yml

@@ -1,6 +1,6 @@
 ---
 # tasks file for roles/galera_swarm
-- include: prepare_host.yml 
+- include: prepare_manager_host.yml 
   when: inventory_hostname in groups['manager']
 
 - include: lxc_prepare.yml
@@ -8,7 +8,7 @@
 
 - include: lxc_nodes.yml
 
-- include: prepare_host.yml
+- include: prepare_worker_host.yml
   when: inventory_hostname in groups['workers']
 
 - include: swarm.yml

roles/lxc_swarm/tasks/prepare_host.yml → roles/lxc_swarm/tasks/prepare_manager_host.yml

@@ -2,13 +2,11 @@
 - name: Load in local SSH key path
   set_fact:
     my_ssh_key: "/root/.ssh/id_rsa.pub"
-  when: inventory_hostname in groups['manager']
 
 - name: Local user has an SSH key
   command: stat {{ my_ssh_key }}
   changed_when: false
   run_once: true
-  when: inventory_hostname in groups['manager']
 
 - name: Install python-apt to use ansible apt module
   shell: apt update && apt install -y python-apt
@@ -46,16 +44,4 @@
       - docker
       - docker-ce
       - python-lxc
-  when: inventory_hostname in groups['manager']
-
-- name: Install docker on worker nodes
-  apt:
-    name:
-      - docker-ce
-  when: inventory_hostname in groups['workers']
-
-- name: Fix docker module missing issue
-  command: touch /.dockerenv
-  run_once: true
-  when: inventory_hostname in groups['workers']
   notify: Restart docker

roles/lxc_swarm/tasks/prepare_worker_host.yml

@@ -0,0 +1,38 @@
+---
+- name: Install python-apt to use ansible apt module
+  shell: apt update && apt install -y python-apt
+
+- name: Ensure python and other dependencies are installed.
+  apt:
+    name:
+      - apt-transport-https
+      - ca-certificates
+      - gnupg
+      - python-pip
+    state: present
+
+- name: pip install docker
+  pip:
+    name: docker
+    state: present
+
+- name: Add docker gpg key
+  apt_key: 
+    url: "https://download.docker.com/linux/debian/gpg"
+    state: present
+
+- name: Add docker stable repository for debian
+  apt_repository:
+    repo: "deb https://download.docker.com/linux/debian stretch stable"
+    state: present
+
+- name: Install docker engine on worker nodes
+  apt:
+    name:
+      - docker-ce
+
+- name: Fix docker kernel module (from bridge utils) missing issue
+  command: touch /.dockerenv
+  run_once: true
+  notify: Restart docker
+

roles/lxc_swarm/tasks/swarm.yml

@@ -30,7 +30,7 @@
   shell: |
     docker node update --label-add node1=true worker1
     docker node update --label-add node2=true worker2
-  when: inventory_hostname in groups['workers']
+  when: inventory_hostname in groups['manager']
 
 #- name: Add docker labels for galera secondary nodes
 #  docker_node: