Ansible for rke2 install on Alpine contiainers

roles/kube_prep/handlers/main.yml

@@ -0,0 +1,5 @@
+---
+- name: Reboot server
+  ansible.builtin.reboot:
+    reboot_command: "{{ custom_reboot_command | default(omit) }}"
+  listen: reboot server

roles/kube_prep/tasks/main.yml

@@ -0,0 +1,39 @@
+---
+- name: Set timezone
+  community.general.timezone:
+    name: "{{ timezone }}"
+  when: timezone is defined
+
+- name: Enable IPv4 forwarding
+  ansible.posix.sysctl:
+    name: net.ipv4.ip_forward
+    value: "1"
+    state: present
+    reload: true
+
+- name: Add kmsg service
+  ansible.builtin.copy:
+    content: >
+      #!/sbin/openrc-run
+
+      start() {
+        if [ ! -e /dev/kmsg ]; then
+            ln -s /dev/console /dev/kmsg
+        fi
+        mount --make-rshared /
+      }
+    dest: /etc/init.d/kmsg
+    mode: "0755"
+
+- name: Enable and start kmsg service
+  ansible.builtin.service:
+    name: kmsg
+    enabled: true
+    state: started
+
+- name: Configure containerd socket path for rke2 crictl
+  ansible.builtin.lineinfile:
+    regexp: "^  address = \"/run/containerd/containerd.sock\"$"
+    line: "  address = \"/run/k3s/containerd/containerd.sock\""
+    dest: /etc/containerd/config.toml
+    mode: "0600"

roles/proxmox/handlers/main.yml

@@ -0,0 +1,6 @@
+---
+- name: Reboot LXC containers
+  ansible.builtin.command: pct reboot {{ item }}
+  loop: "{{ kube_ids }}"
+  changed_when: true
+  listen: reboot containers

roles/proxmox/tasks/main.yml

@@ -0,0 +1,32 @@
+---
+- name: Set apparmor profile unconfined
+  ansible.builtin.lineinfile:
+    dest: "/etc/pve/lxc/{{ item }}.conf"
+    regexp: ^lxc.apparmor.profile
+    line: "lxc.apparmor.profile: unconfined"
+  loop: "{{ kube_ids }}"
+  notify: reboot containers
+
+- name: Allow cgroup devices
+  ansible.builtin.lineinfile:
+    dest: "/etc/pve/lxc/{{ item }}.conf"
+    regexp: ^lxc.cgroup.devices.allow
+    line: "lxc.cgroup.devices.allow: a"
+  loop: "{{ kube_ids }}"
+  notify: reboot containers
+
+- name: Blank out lxc.cap.drop
+  ansible.builtin.lineinfile:
+    dest: "/etc/pve/lxc/{{ item }}.conf"
+    regexp: ^lxc.cap.drop
+    line: "lxc.cap.drop: "
+  loop: "{{ kube_ids }}"
+  notify: reboot containers
+
+- name: LXC auto mount proc and sys
+  ansible.builtin.lineinfile:
+    dest: "/etc/pve/lxc/{{ item }}.conf"
+    regexp: ^lxc.mount.auto
+    line: 'lxc.mount.auto: "proc:rw sys:rw"'
+  loop: "{{ kube_ids }}"
+  notify: reboot containers

roles/rke2/tasks/main.yml

@@ -0,0 +1,16 @@
+---
+- name: Fetch install script
+  ansible.builtin.get_url:
+    url: https://get.rke2.io
+    dest: /usr/local/bin/install-rke2.sh
+    mode: 755
+
+- name: Run install script
+  ansible.builtin.raw: INSTALL_RKE2_SKIP_RELOAD=1 install-rke2.sh
+  register: install_rke2
+  changed_when: install_rke2.rc == 0
+
+- name: Remove install script
+  ansible.builtin.file:
+    path: /usr/local/bin/install-rke2.sh
+    state: absent