Numerous bug fixes to do with permissions and regressions.

Fix issue #25, check k3s_bind_address for readiness check Fix issue #24, become for tasks that require root
2025-01-07 10:10:19 +01:00 · 2020-05-20 18:50:58 +01:00 · 2020-05-20 18:50:58 +01:00 · 141b6f2018
commit 141b6f2018
parent 5ce8dec6ff
19 changed files with 38 additions and 3 deletions
--- a/.gitignore
+++ b/.gitignore
@ -7,3 +7,4 @@ VAULT_PASS
 vagramt/fetch
 vagrant/ubuntu-*.log
 __pycache__
 ansible.cfg
--- a/README.md
+++ b/README.md
@ -81,9 +81,12 @@ consistency.
 | `k3s_datastore_certfile`         | Define the database TLS Cert file.                                                  | _NULL_                                  |
 | `k3s_datastore_keyfile`          | Define the database TLS Key file.                                                   | _NULL_                                  |
 | `k3s_become_for_all`             | Enable become for all (where value for `k3s_become_for_*` is _NULL_                 | `false`                                 |
-| `k3s_become_for_systemd`         | Enable become for systemd                                                           | _NULL_                                  |
+| `k3s_become_for_systemd`         | Enable become for systemd commands.                                                 | _NULL_                                  |
-| `k3s_become_for_install_dir`     | Enable become for writing to `k3s_install_dir`                                      | _NULL_                                  |
+| `k3s_become_for_install_dir`     | Enable become for writing to `k3s_install_dir`.                                     | _NULL_                                  |
-| `k3s_become_for_usr_local_bin`   | Enable become for writing to /usr/local/bin/                                        | _NULL_                                  |
+| `k3s_become_for_usr_local_bin`   | Enable become for writing to `/usr/local/bin/`.                                     | _NULL_                                  |
 | `k3s_become_for_package_install` | Enable become for installing prerequisite packages.                                 | _NULL_                                  |
 | `k3s_become_for_kubectl`         | Enable become for kubectl commands.                                                 | _NULL_                                  |
 | `k3s_become_for_uninstall`       | Enable become for running uninstall scripts.                                        | _NULL_                                  |
 | `k3s_dqlite_datastore`           | Use DQLite as the database backend for HA. (EXPERIMENTAL)                           | `false`                                 |
 | `k3s_secrets_encryption`         | Use secrets encryption at rest. (EXPERIMENTAL)                                      | `false`                                 |
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -109,3 +109,6 @@ k3s_become_for_all: false
 k3s_become_for_systemd: null
 k3s_become_for_install_dir: null
 k3s_become_for_usr_local_bin: null
 k3s_become_for_package_install: null
 k3s_become_for_kubectl: null
 k3s_become_for_uninstall: null
--- a/handlers/main.yml
+++ b/handlers/main.yml
@ -19,3 +19,4 @@
    name: docker
    state: restarted
    enabled: true
  become: "{{ k3s_become_for_systemd | ternary(true, false, k3s_become_for_all) }}"
--- a/tasks/build/configure-k3s-cluster.yml
+++ b/tasks/build/configure-k3s-cluster.yml
@ -6,6 +6,7 @@
  register: k3s_slurped_control_token
  delegate_to: "{{ k3s_control_delegate }}"
  when: k3s_control_token is not defined
  become: "{{ k3s_become_for_kubectl | ternary(true, false, k3s_become_for_all) }}"
 - name: Ensure NODE_TOKEN is formatted correctly for use in templates
  set_fact:
@ -35,6 +36,7 @@
 - name: Wait for control plane to be ready to accept connections
  wait_for:
    port: "{{ k3s_https_port }}"
    host: "{{ k3s_bind_address | default('127.0.0.1') }}"
    delay: 5
    sleep: 5
    timeout: 300
@ -52,3 +54,4 @@
  retries: 30
  delay: 20
  when: k3s_control_node and not k3s_no_flannel
  become: "{{ k3s_become_for_kubectl | ternary(true, false, k3s_become_for_all) }}"
--- a/tasks/build/install-docker-amazon.yml
+++ b/tasks/build/install-docker-amazon.yml
@ -6,5 +6,6 @@
    creates: /etc/docker
  notify:
    - restart docker
  become: "{{ k3s_become_for_package_install | ternary(true, false, k3s_become_for_all) }}"
 - meta: flush_handlers
--- a/tasks/build/install-docker-opensuse-leap.yml
+++ b/tasks/build/install-docker-opensuse-leap.yml
@ -10,5 +10,6 @@
  delay: 10
  notify:
    - restart docker
  become: "{{ k3s_become_for_package_install | ternary(true, false, k3s_become_for_all) }}"
 - meta: flush_handlers
--- a/tasks/build/install-docker-prerequisites-debian.yml
+++ b/tasks/build/install-docker-prerequisites-debian.yml
@ -10,6 +10,7 @@
      - software-properties-common
    state: present
  register: ensure_docker_prerequisites_installed
  become: "{{ k3s_become_for_package_install | ternary(true, false, k3s_become_for_all) }}"
  until: ensure_docker_prerequisites_installed is succeeded
  retries: 3
  delay: 10
@ -18,9 +19,11 @@
  apt_key:
    url: https://download.docker.com/linux/{{ ansible_distribution | lower }}/gpg
    state: present
  become: "{{ k3s_become_for_package_install | ternary(true, false, k3s_become_for_all) }}"
 - name: Ensure Docker repository is installed and configured
  apt_repository:
    filename: docker-ce
    repo: "deb https://download.docker.com/linux/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} stable"
    update_cache: true
  become: "{{ k3s_become_for_package_install | ternary(true, false, k3s_become_for_all) }}"
--- a/tasks/build/install-docker-prerequisites-redhat.yml
+++ b/tasks/build/install-docker-prerequisites-redhat.yml
@ -5,6 +5,7 @@
    name: "{{ 'python-dnf' if ansible_python_version is version_compare('3.0.0', '<') else 'python3-dnf' }}"
    state: present
  register: ensure_python_dnf_installed
  become: "{{ k3s_become_for_package_install | ternary(true, false, k3s_become_for_all) }}"
  until: ensure_python_dnf_installed is succeeded
  retries: 3
  delay: 10
@ -21,6 +22,7 @@
  until: ensure_docker_prerequisites_installed is succeeded
  retries: 3
  delay: 10
  become: "{{ k3s_become_for_package_install | ternary(true, false, k3s_become_for_all) }}"
 - name: Check to see if Docker repository is available for this distribution
  uri:
@ -40,6 +42,7 @@
    state: present
  when: ansible_distribution | lower not in ['amazon']
        and k3s_redhat_repo_check.status == 200
  become: "{{ k3s_become_for_package_install | ternary(true, false, k3s_become_for_all) }}"
 - name: Ensure Docker repository is installed and configured from file
  command: yum-config-manager --add-repo=https://download.docker.com/linux/centos/docker-ce.repo
@ -47,3 +50,4 @@
    creates: /etc/yum.repos.d/docker-ce.repo
  when: ansible_distribution | lower not in ['amazon']
        and k3s_redhat_repo_check.status != 200
  become: "{{ k3s_become_for_package_install | ternary(true, false, k3s_become_for_all) }}"
--- a/tasks/build/install-docker-suse.yml
+++ b/tasks/build/install-docker-suse.yml
@ -10,5 +10,6 @@
  delay: 10
  notify:
    - restart docker
  become: "{{ k3s_become_for_package_install | ternary(true, false, k3s_become_for_all) }}"
 - meta: flush_handlers
--- a/tasks/build/install-docker.yml
+++ b/tasks/build/install-docker.yml
@ -13,5 +13,6 @@
  delay: 10
  notify:
    - restart docker
  become: "{{ k3s_become_for_package_install | ternary(true, false, k3s_become_for_all) }}"
 - meta: flush_handlers
--- a/tasks/teardown/drain-and-remove-nodes.yml
+++ b/tasks/teardown/drain-and-remove-nodes.yml
@ -4,6 +4,7 @@
  stat:
    path: "{{ k3s_install_dir }}/kubectl"
  register: k3s_check_kubectl
  become: "{{ k3s_become_for_kubectl | ternary(true, false, k3s_become_for_all) }}"
 - name: Clean up nodes that are in an uninstalled state
  block:
@ -15,6 +16,7 @@
      delegate_to: "{{ k3s_control_delegate }}"
      run_once: true
      register: kubectl_get_nodes_result
      become: "{{ k3s_become_for_kubectl | ternary(true, false, k3s_become_for_all) }}"
    - name: Ensure uninstalled nodes are drained
      command: "{{ k3s_install_dir }}/kubectl drain {{ item }} --ignore-daemonsets"
@ -24,6 +26,7 @@
            and hostvars[item].k3s_cluster_state is defined
            and hostvars[item].k3s_cluster_state == 'uninstalled'
      loop: "{{ play_hosts }}"
      become: "{{ k3s_become_for_kubectl | ternary(true, false, k3s_become_for_all) }}"
    - name: Ensure uninstalled nodes are removed
      command: "{{ k3s_install_dir }}/kubectl delete node {{ item }}"
@ -33,6 +36,7 @@
            and hostvars[item].k3s_cluster_state is defined
            and hostvars[item].k3s_cluster_state == 'uninstalled'
      loop: "{{ play_hosts }}"
      become: "{{ k3s_become_for_kubectl | ternary(true, false, k3s_become_for_all) }}"
  when: k3s_check_kubectl.stat.exists is defined
        and k3s_check_kubectl.stat.exists
--- a/tasks/teardown/uninstall-docker-amazon.yml
+++ b/tasks/teardown/uninstall-docker-amazon.yml
@ -4,3 +4,4 @@
  command: amazon-linux-extras uninstall docker
  register: uninstall_docker_from_amazon_linux
  changed_when: uninstall_docker_from_amazon_linux.rc == 0
  become: "{{ k3s_become_for_uninstall | ternary(true, false, k3s_become_for_all) }}"
--- a/tasks/teardown/uninstall-docker-opensuse-leap.yml
+++ b/tasks/teardown/uninstall-docker-opensuse-leap.yml
@ -8,3 +8,4 @@
  until: ensure_docker_uninstalled is succeeded
  retries: 3
  delay: 10
  become: "{{ k3s_become_for_uninstall | ternary(true, false, k3s_become_for_all) }}"
--- a/tasks/teardown/uninstall-docker-prerequisites-debian.yml
+++ b/tasks/teardown/uninstall-docker-prerequisites-debian.yml
@ -6,8 +6,10 @@
    repo: "deb https://download.docker.com/linux/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} stable"
    update_cache: false
    state: absent
  become: "{{ k3s_become_for_uninstall | ternary(true, false, k3s_become_for_all) }}"
 - name: Ensure Docker APT key is uninstalled
  apt_key:
    url: https://download.docker.com/linux/{{ ansible_distribution | lower }}/gpg
    state: absent
  become: "{{ k3s_become_for_uninstall | ternary(true, false, k3s_become_for_all) }}"
--- a/tasks/teardown/uninstall-docker-prerequisites-redhat.yml
+++ b/tasks/teardown/uninstall-docker-prerequisites-redhat.yml
@ -10,3 +10,4 @@
    gpgcheck: true
    state: absent
  when: ansible_distribution | lower not in ['amazon']
  become: "{{ k3s_become_for_uninstall | ternary(true, false, k3s_become_for_all) }}"
--- a/tasks/teardown/uninstall-docker-suse.yml
+++ b/tasks/teardown/uninstall-docker-suse.yml
@ -8,3 +8,4 @@
  until: ensure_docker_uninstalled is succeeded
  retries: 3
  delay: 10
  become: "{{ k3s_become_for_uninstall | ternary(true, false, k3s_become_for_all) }}"
--- a/tasks/teardown/uninstall-docker.yml
+++ b/tasks/teardown/uninstall-docker.yml
@ -11,3 +11,4 @@
  until: ensure_docker_uninstalled is succeeded
  retries: 3
  delay: 10
  become: "{{ k3s_become_for_uninstall | ternary(true, false, k3s_become_for_all) }}"
--- a/tasks/teardown/uninstall-k3s.yml
+++ b/tasks/teardown/uninstall-k3s.yml
@ -21,6 +21,7 @@
  register: k3s_killall
  changed_when: k3s_killall.rc == 0
  when: check_k3s_killall_script.stat.exists
  become: "{{ k3s_become_for_uninstall | ternary(true, false, k3s_become_for_all) }}"
 - name: Run k3s-uninstall.sh
  command: /usr/local/bin/k3s-uninstall.sh
@ -29,6 +30,7 @@
  register: k3s_uninstall
  changed_when: k3s_uninstall.rc == 0
  when: check_k3s_uninstall_script.stat.exists
  become: "{{ k3s_become_for_uninstall | ternary(true, false, k3s_become_for_all) }}"
 - name: Clean up Docker
  command: docker system prune -a --force