{"id":46881239,"url":"https://github.com/cozystack/ansible-cozystack","last_synced_at":"2026-04-22T08:00:39.876Z","repository":{"id":340323356,"uuid":"1164780180","full_name":"cozystack/ansible-cozystack","owner":"cozystack","description":"Ansible collection for installing Cozystack on generic Kubernetes clusters","archived":false,"fork":false,"pushed_at":"2026-04-09T08:13:23.000Z","size":75,"stargazers_count":10,"open_issues_count":5,"forks_count":2,"subscribers_count":1,"default_branch":"main","last_synced_at":"2026-04-09T10:13:10.297Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Jinja","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/cozystack.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.rst","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-02-23T13:30:08.000Z","updated_at":"2026-04-09T08:12:56.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/cozystack/ansible-cozystack","commit_stats":null,"previous_names":["cozystack/ansible-cozystack"],"tags_count":5,"template":false,"template_full_name":null,"purl":"pkg:github/cozystack/ansible-cozystack","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cozystack%2Fansible-cozystack","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cozystack%2Fansible-cozystack/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cozystack%2Fansible-cozystack/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cozystack%2Fansible-cozystack/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cozystack","download_url":"https://codeload.github.com/cozystack/ansible-cozystack/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cozystack%2Fansible-cozystack/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32126709,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-22T07:37:52.372Z","status":"ssl_error","status_checked_at":"2026-04-22T07:37:51.635Z","response_time":58,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-03-10T21:34:30.026Z","updated_at":"2026-04-22T08:00:39.867Z","avatar_url":"https://github.com/cozystack.png","language":"Jinja","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Ansible Collection: cozystack.installer\n\nInstall [Cozystack](https://cozystack.io) on generic Kubernetes clusters (k3s, kubeadm, RKE2).\n\nSupported targets:\n\n| Example playbook | Distributions | Validated end-to-end |\n| --- | --- | --- |\n| `examples/ubuntu/` | Ubuntu 22.04, Ubuntu 24.04, Debian 12 | Ubuntu 22.04, Ubuntu 24.04, Debian 12 on OCI: 3-node multi-master, 87/87 HelmReleases Ready |\n| `examples/rhel/` | RHEL 8+, CentOS Stream 8+, Rocky 9/10, Alma 9/10 | Rocky 10 on OCI: 3-node multi-master, 87/87 HelmReleases Ready (`cozystack_enable_zfs: false` required — see Known limitations) |\n| `examples/suse/` | openSUSE Leap 15.6+, openSUSE Tumbleweed, SLES 15 | — |\n\nCloud-image users **must** set `cozystack_flush_iptables: true` for multi-master k3s to bootstrap — Ubuntu cloud images ship with `REJECT icmp-host-prohibited` in INPUT that blocks etcd peer port 2380 between nodes. See **Node Prerequisites → Known limitations** below.\n\nDeploys the Cozystack operator and Platform Package using the\n`kubernetes.core.helm` module with automatic Helm and helm-diff\ninstallation.\n\n## Prerequisites\n\n### Controller (where you run Ansible)\n\n- Python \u003e= 3.9\n- Ansible \u003e= 2.15\n- Required collections (install via `requirements.yml` in the repository root):\n\n```bash\nansible-galaxy collection install --requirements-file requirements.yml\n```\n\n- SSH access to the target nodes\n\nThe role automatically installs Helm and the\n[helm-diff](https://github.com/databus23/helm-diff) plugin\non the control-plane node. No manual Helm installation is needed.\n\n### Node Prerequisites\n\n\u003e **Important:** Cozystack components have several non-obvious node requirements that must be configured on ALL cluster nodes. The example prepare playbooks install everything, load required kernel modules, and apply a critical multipath blacklist. Running Cozystack on hand-prepared nodes without these will cause silent failures: LINSTOR volumes inaccessible after reboot, VMs stuck in Pending, OVN tunnels not coming up.\n\nUse the per-distro example playbooks as the authoritative list of what to set up:\n\n- `examples/ubuntu/prepare-ubuntu.yml` (Ubuntu 22.04+, Debian 12)\n- `examples/rhel/prepare-rhel.yml` (RHEL 8+/CentOS Stream 8+/Rocky/Alma)\n- `examples/suse/prepare-suse.yml` (openSUSE/SLE)\n\nThe sections below document each subsystem's requirement so you understand why the prepare playbook installs what it installs. Package names are verified against the current LTS repos (Ubuntu 22.04/24.04, RHEL 9, openSUSE Leap 15.6).\n\n#### Required: Base storage I/O\n\n| Purpose | Ubuntu/Debian | RHEL/CentOS | openSUSE/SLE |\n| --- | --- | --- | --- |\n| NFS client | `nfs-common` | `nfs-utils` | `nfs-client` |\n| iSCSI initiator | `open-iscsi` | `iscsi-initiator-utils` | `open-iscsi` |\n| Multipath I/O | `multipath-tools` | `device-mapper-multipath` | `multipath-tools` |\n\nThe `iscsid` and `multipathd` services must be enabled and running.\n\n#### Required: LINSTOR LVM/thin provisioning\n\nLINSTOR uses LVM thin pools by default for local block storage.\n\n| Purpose | Ubuntu/Debian | RHEL/CentOS | openSUSE/SLE |\n| --- | --- | --- | --- |\n| LVM2 | `lvm2` | `lvm2` | `lvm2` |\n| Thin provisioning | `thin-provisioning-tools` | `device-mapper-persistent-data` | `thin-provisioning-tools` |\n\n#### Required: Kernel headers (Piraeus DRBD loader)\n\nLINSTOR uses DRBD 9.x for replication. The Piraeus operator's init container compiles the DRBD kernel module from source **against the running kernel** at runtime, so only kernel headers must be installed on the host — **no DRBD host packages are needed**. Pin the headers package to `ansible_kernel` so a staged-but-not-yet-booted kernel update doesn't install headers for the wrong kernel.\n\n| Ubuntu/Debian | RHEL/CentOS | openSUSE/SLE |\n| --- | --- | --- |\n| `linux-headers-{{ ansible_kernel }}` | `kernel-devel-{{ ansible_kernel }}` plus `kernel-modules-extra-{{ ansible_kernel }}` | `kernel-default-devel` (zypper resolves to running kernel — SUSE's NVR format differs from `uname -r`) |\n\nOn Oracle Linux the playbook auto-detects the UEK kernel (`uek` substring in `ansible_kernel`) and installs `kernel-uek-devel-{{ ansible_kernel }}` / `kernel-uek-modules-extra-{{ ansible_kernel }}` instead. Oracle Linux is not on the validated-end-to-end list; this code path is retained best-effort for users who still run the example playbook there. ZFS automation skips on UEK kernels because OpenZFS does not publish kmod builds for UEK.\n\n#### Required: Multipath DRBD blacklist\n\n\u003e **Silent failure if omitted.** `multipathd` defaults to grabbing any device matching common patterns including DRBD's `drbd*`. Once that happens LINSTOR cannot access its own volumes and volumes become unreadable after the next reboot.\n\nThe prepare playbooks drop this file into place:\n\n```text\n# /etc/multipath/conf.d/cozystack-drbd-blacklist.conf\nblacklist {\n    devnode \"^drbd[0-9]+\"\n}\n```\n\n#### Required: Containerd + Kubernetes kernel modules\n\nRequired for containerd's overlay storage driver and standard Kubernetes bridge networking. Loaded via `/etc/modules-load.d/cozystack.conf`:\n\n```text\noverlay\nbr_netfilter\n```\n\nPlus the following sysctls:\n\n| Parameter | Value | Why |\n| --- | --- | --- |\n| `fs.inotify.max_user_watches` | `524288` | Kubernetes watch events |\n| `fs.inotify.max_user_instances` | `8192` | Multiple inotify watchers |\n| `fs.inotify.max_queued_events` | `65536` | Event queue depth |\n| `fs.file-max` | `2097152` | Open file descriptors limit |\n| `fs.aio-max-nr` | `1048576` | Async I/O operations (databases) |\n| `vm.swappiness` | `1` | Minimize swap usage |\n| `net.ipv4.ip_forward` | `1` | Pod-to-pod routing |\n| `net.ipv4.conf.all.forwarding` | `1` | Global IP forwarding |\n| `net.ipv6.conf.all.forwarding` | `1` | Required for Kube-OVN dual-stack |\n| `net.bridge.bridge-nf-call-iptables` | `1` | Bridge traffic visible to iptables |\n| `net.bridge.bridge-nf-call-ip6tables` | `1` | Same for IPv6 |\n\n#### Required: Kube-OVN kernel modules\n\nKube-OVN bundles the OVS userspace daemon in its own DaemonSet — only the kernel modules are needed on the host:\n\n```text\n# /etc/modules-load.d/cozystack.conf (same file)\nopenvswitch\ngeneve\nip_tables\niptable_nat\n```\n\nThe `openvswitch` kernel module is in the upstream kernel since 3.3; no OVS userspace package is required on the host.\n\n#### Enabled by default: ZFS backend for LINSTOR\n\n`cozystack_enable_zfs: true` (default) installs ZFS userspace tools and loads the kernel module. Set to `false` to skip.\n\n| Distribution | Package | Repo |\n| --- | --- | --- |\n| Ubuntu 22.04 / 24.04 | `zfsutils-linux` | Default repos (kernel module ships in `linux-modules-extra-*`) |\n| RHEL 8+ / Rocky 8+ / Alma 8+ / CentOS Stream 8+ | `zfs` | OpenZFS release RPM — prepare playbook imports the GPG key and installs it automatically. No release RPM is yet published for EL10; set `cozystack_enable_zfs: false` on Rocky 10 / Alma 10 until upstream ships one. |\n| openSUSE Leap 15.6 / SLE 15 | `zfs` | OBS `filesystems` repo — prepare playbook imports the repo key and adds it automatically |\n\n#### Enabled by default: KubeVirt virtualization\n\n`cozystack_enable_kubevirt: true` (default) loads the kernel modules KubeVirt needs. Set to `false` to skip.\n\n\u003e **No host userspace packages are installed.** KubeVirt bundles QEMU and libvirt in its own pods. Only the kernel modules listed below are loaded on the host.\n\nLoaded via `/etc/modules-load.d/cozystack-kubevirt.conf`. The prepare playbook detects the CPU vendor (via `ansible_processor`) and writes only the matching `kvm_*` module so `systemd-modules-load` does not report a failure at boot:\n\n```text\nvhost_net\ntun\nkvm_intel  # or kvm_amd depending on the CPU\n```\n\n#### Known limitations\n\nZFS support depends on the OS ecosystem and kernel flavor. The prepare\nplaybooks skip ZFS automation gracefully in these cases and emit an\ninformational notice:\n\n| OS / kernel | ZFS automation | Reason |\n| --- | --- | --- |\n| Ubuntu 22.04 / 24.04 | Automated | `zfsutils-linux` in main repo; kernel module ships in `linux-modules-extra-*` |\n| Debian 12+ | **Not automated** | `zfsutils-linux` lives in `contrib`; kernel module requires `zfs-dkms`. Enable contrib and install manually, or set `cozystack_enable_zfs: false`. |\n| RHEL 9 / Rocky 9 / Alma 9 (stock kernel) | Automated | OpenZFS release RPM via `cozystack_zfs_release_rpm_by_major` |\n| RHEL 10 (stock kernel) | **Fails fast** when `cozystack_enable_zfs: true` (default). Skipped cleanly when set to `false`. | OpenZFS has not yet published an el10 release RPM. Set `cozystack_enable_zfs: false` for now; once upstream publishes one, supply the URL from inventory via `cozystack_zfs_release_rpm_extra: {\"10\": \"\u003curl\u003e\"}`. |\n| openSUSE Leap 15.6 / Tumbleweed / SLE | Automated | OBS `filesystems` repo; the playbook auto-detects the path segment |\n\nOther subsystem notes:\n\n- **Cloud providers (Ubuntu on OCI, AWS, GCP):** stock Ubuntu cloud images ship an iptables INPUT chain that ends with `REJECT icmp-host-prohibited`, which blocks k3s ports 2380/6443 between nodes. Set `cozystack_flush_iptables: true` in your inventory so the prepare playbook flushes the INPUT chain before k3s installs. Oracle Linux images on OCI do not have this restriction out of the box.\n- **Rocky 10 / Alma 10 (and other RHEL 10 rebuilds):** the `iptables` userspace binary is not installed by default. `examples/rhel/prepare-rhel.yml` installs `iptables-nft` so the `cozystack_flush_iptables` task and k3s kube-proxy replacement have a working `iptables` wrapper over nftables.\n- **ARM64 (aarch64):** OpenZFS does not publish aarch64 RPMs for RHEL-family distributions via `zfsonlinux.org/epel`. Cozystack itself targets x86_64.\n- **Piraeus DRBD loader + staged kernel updates:** kernel headers must match the *running* kernel. The playbooks pin `linux-headers-{{ ansible_kernel }}` / `kernel-devel-{{ ansible_kernel }}` for this reason. On openSUSE/SLE, zypper rejects the version suffix because SUSE's NVR format differs from `uname -r`; `kernel-default-devel` is used unversioned and zypper resolves it to the installed kernel. Reboot after any kernel update before running the playbook.\n\n#### Recommended: BPF filesystem mount for Cilium\n\nCilium stores eBPF maps at `/sys/fs/bpf`. The Cilium DaemonSet mounts this path itself when missing, but for production durability across reboots add:\n\n```text\n# /etc/fstab\nbpffs /sys/fs/bpf bpf defaults 0 0\n```\n\nThe prepare playbook does not automate this.\n\n#### System services\n\nEnable and start:\n\n- `iscsid` — iSCSI initiator daemon\n- `multipathd` — multipath device manager\n\n#### iptables (cloud providers)\n\nCloud providers (OCI, AWS, GCP) may ship images with restrictive iptables\nINPUT rules that block inter-node Kubernetes traffic (API 6443, kubelet 10250,\netcd 2379-2380) even when security groups allow it.\n\nFix: flush the INPUT chain and set policy to ACCEPT before deploying k3s.\n\n#### k3s configuration\n\nCozystack replaces several k3s built-in components. Required server flags:\n\n```text\n--disable=traefik,servicelb,local-storage,metrics-server\n--disable-network-policy --disable-kube-proxy\n--flannel-backend=none --cluster-domain=cozy.local\n--kubelet-arg=max-pods=220\n```\n\n| Flag | Reason |\n| --- | --- |\n| `--disable=traefik` | Cozystack deploys its own Ingress |\n| `--disable=servicelb` | Replaced by MetalLB |\n| `--disable=local-storage` | Replaced by LINSTOR |\n| `--disable=metrics-server` | Replaced by VictoriaMetrics |\n| `--disable-network-policy` | Network policies managed by KubeOVN |\n| `--disable-kube-proxy` | Replaced by Cilium/KubeOVN |\n| `--flannel-backend=none` | CNI provided by Cozystack (Cilium + KubeOVN) |\n| `--cluster-domain=cozy.local` | Required service discovery domain |\n| `--kubelet-arg=max-pods=220` | Cozystack runs many pods per node |\n\nRequired server config (`/etc/rancher/k3s/config.yaml`):\n\n```yaml\ncluster-cidr: 10.42.0.0/16\nservice-cidr: 10.43.0.0/16\n```\n\nThese CIDRs are the k3s defaults. The example prepare playbooks\n(e.g., `examples/ubuntu/prepare-ubuntu.yml`) set them via the\n`server_config_yaml` variable used by `k3s.orchestration`. The role\nvariables `cozystack_pod_cidr` and `cozystack_svc_cidr` must match —\nthey default to the same values.\n\n## Installation\n\n```bash\nansible-galaxy collection install git+https://github.com/cozystack/ansible-cozystack.git\n```\n\nOr via `requirements.yml`:\n\n```yaml\ncollections:\n  - name: cozystack.installer\n    source: https://github.com/cozystack/ansible-cozystack.git\n    type: git\n    version: main\n```\n\n## Quick start\n\n1. Create your environment (pick your distro — see `examples/ubuntu/`,\n   `examples/rhel/`, or `examples/suse/`):\n\n```text\nmy-env/\n├── ansible.cfg\n├── inventory.yml\n├── requirements.yml\n├── prepare-\u003cdistro\u003e.yml  (copy from examples/\u003cdistro\u003e/)\n└── site.yml              (copy from examples/\u003cdistro\u003e/)\n```\n\n2. Install collections:\n\n```bash\nansible-galaxy collection install --requirements-file requirements.yml\n```\n\n3. Run the full pipeline:\n\n```bash\nansible-playbook site.yml\n```\n\n## How it works\n\nThe collection uses a **two-stage installation**:\n\n1. **Stage 1** (Helm install): Deploys the Cozystack operator. The operator starts, installs CRDs via `--install-crds`, and creates the PackageSource.\n2. **Stage 2** (Platform Package): Creates the Platform Package CR with variant, networking CIDRs, and optional publishing config.\n\nBoth stages are handled automatically by the `cozystack` role.\n\n## Playbooks\n\n| Playbook | Description |\n| --- | --- |\n| `cozystack.installer.site` | Install Cozystack on `server[0]` |\n\n## Role: cozystack.installer.cozystack\n\nInstalls Cozystack via the official `cozy-installer` Helm chart using\nthe `kubernetes.core.helm` module with automatic Helm and helm-diff\ninstallation.\n\nRuns on `server[0]` only.\n\n### Required variables\n\n| Variable | Description | Example |\n| --- | --- | --- |\n| `cozystack_api_server_host` | Internal IP of the control-plane node (NOT public/NAT IP) | `10.0.0.10` |\n\n### Optional variables\n\n| Variable | Default | Description |\n| --- | --- | --- |\n| `cozystack_chart_ref` | `oci://ghcr.io/cozystack/cozystack/cozy-installer` | Helm chart OCI reference |\n| `cozystack_chart_version` | `1.2.2` | Helm chart version |\n| `cozystack_release_name` | `cozy-installer` | Helm release name |\n| `cozystack_namespace` | `cozy-system` | Namespace for operator and resources |\n| `cozystack_release_namespace` | `kube-system` | Namespace for Helm release secret |\n| `cozystack_operator_variant` | `generic` | Operator variant: generic, talos, hosted |\n| `cozystack_api_server_port` | `6443` | API server port |\n| `cozystack_kubeconfig` | `/etc/rancher/k3s/k3s.yaml` | Kubeconfig path on target |\n| `cozystack_helm_version` | `3.20.0` | Helm binary version to install |\n| `cozystack_helm_binary` | `/usr/local/bin/helm` | Path to Helm binary on target |\n| `cozystack_create_platform_package` | `true` | Create Platform Package CR after install |\n| `cozystack_platform_variant` | `isp-full-generic` | Platform variant: default, isp-full, isp-hosted, isp-full-generic |\n| `cozystack_root_host` | `\"\"` | Domain for Cozystack services (empty = skip publishing) |\n| `cozystack_external_ips` | `[]` | List of external IPs for ingress-nginx Service. Required on platforms without a native LB (cloud VMs, bare metal). Each entry must be a valid IPv4/IPv6 address. |\n| `cozystack_tenant_root_ingress` | `false` | Enable ingress on the root tenant. When `true`, patches the root Tenant CR after Platform Package apply to create IngressClass and ingress-nginx controller. |\n| `cozystack_pod_cidr` | `10.42.0.0/16` | Pod CIDR for Platform Package |\n| `cozystack_pod_gateway` | `10.42.0.1` | Pod gateway |\n| `cozystack_svc_cidr` | `10.43.0.0/16` | Service CIDR |\n| `cozystack_join_cidr` | `100.64.0.0/16` | Join CIDR |\n| `cozystack_master_nodes` | `\"\"` (auto-detect) | Comma-separated control-plane node IPs for kube-ovn RAFT. Empty = auto-detect from `server` group |\n| `cozystack_operator_wait_timeout` | `300` | Timeout for operator/CRD readiness (seconds) |\n\n### Example playbook variables\n\nThese variables are consumed only by the example prepare playbooks in\n`examples/*/`, not by the role itself. Set them as inventory host/group\nvars to opt out of the corresponding prepare step:\n\n| Variable | Default | Description |\n| --- | --- | --- |\n| `cozystack_enable_zfs` | `true` | Example playbooks: install ZFS userspace and load the module. Set `false` to skip. |\n| `cozystack_enable_kubevirt` | `true` | Example playbooks: load KubeVirt kernel modules. Set `false` to skip. |\n| `cozystack_flush_iptables` | `false` | Example playbooks: flush the iptables INPUT chain before k3s installs. Set `true` on Ubuntu/Debian cloud images (OCI/AWS/GCP) where the default INPUT chain ends with `REJECT icmp-host-prohibited` and blocks k3s inter-node ports 2380/6443. |\n| `cozystack_zfs_release_rpm_extra` | `{}` | `examples/rhel/` only: merged on top of the built-in `cozystack_zfs_release_rpm_by_major` dict, so you can add (or override) a single EL-major → OpenZFS release RPM entry from inventory without wiping the base dict. Example: `{\"10\": \"https://zfsonlinux.org/epel/zfs-release-X-Y.el10.noarch.rpm\"}` once upstream ships one. |\n\n## Using with k3s\n\nThis collection is designed to work alongside [k3s.orchestration](https://github.com/k3s-io/k3s-ansible). The inventory structure (groups: `cluster`, `server`, `agent`) is fully compatible.\n\nExample full pipeline (`site.yml`) — see `examples/ubuntu/`, `examples/rhel/`,\nor `examples/suse/`:\n\n```yaml\n- name: Prepare nodes\n  ansible.builtin.import_playbook: prepare-\u003cdistro\u003e.yml\n\n- name: Deploy k3s cluster\n  ansible.builtin.import_playbook: k3s.orchestration.site\n\n- name: Install Cozystack\n  ansible.builtin.import_playbook: cozystack.installer.site\n```\n\n## Important notes\n\n### apiServerHost must be the internal IP\n\nOn cloud providers with NAT (OCI, AWS, GCP), nodes have internal IPs different from public IPs. KubeOVN validates the host IP against `NODE_IPS` and crashes if they don't match. Always use the IP visible on the node's network interface.\n\n### Multi-master setup (kube-ovn RAFT)\n\nKube-ovn requires `MASTER_NODES` — a comma-separated list of all\ncontrol-plane node IPs for OVN RAFT consensus. By default, the role\nauto-detects these IPs from the `server` inventory group host keys.\n\nThis works when host keys are internal IPs (the recommended inventory\npattern):\n\n```yaml\nserver:\n  hosts:\n    10.0.0.10:\n      ansible_host: 203.0.113.10\n    10.0.0.11:\n      ansible_host: 203.0.113.11\n```\n\nIf your inventory uses hostnames or non-IP host keys, set\n`cozystack_master_nodes` explicitly:\n\n```yaml\ncozystack_master_nodes: \"10.0.0.10,10.0.0.11,10.0.0.12\"\n```\n\n### Automatic Helm installation\n\nThe role installs Helm and the\n[helm-diff](https://github.com/databus23/helm-diff) plugin on the\ntarget node automatically. The `helm-diff` plugin enables true\nidempotency — repeated runs report no changes when the release is\nalready up to date.\n\n### Customizing variables\n\nThe example prepare playbooks define internal variables (like\n`cozystack_k3s_server_args`) in the play `vars` section. User-facing\nvariables such as `cozystack_k3s_extra_args` and\n`cozystack_flush_iptables` should be set **in the inventory**, not in\nthe playbook. Ansible play `vars` take precedence over inventory\nvariables, so defining them in both places causes the inventory values\nto be silently ignored.\n\n### Idempotency\n\nAll tasks are idempotent. Running the playbook multiple times produces no changes if the state is already correct. The `--check` mode is supported.\n\n## License\n\nApache-2.0\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcozystack%2Fansible-cozystack","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcozystack%2Fansible-cozystack","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcozystack%2Fansible-cozystack/lists"}