Merge pull request #36 from PyratLabs/release-hardlink_check_mode

Release hardlink + check mode

README.md

@@ -21,8 +21,10 @@ This role has been tested on Ansible 2.7.0+ against the following Linux Distribu
   - Fedora 29
   - Fedora 30
   - Fedora 31
+  - Fedora 32
   - openSUSE Leap 15
   - Ubuntu 18.04 LTS
+  - Ubuntu 20.04 LTS
 
 ## Disclaimer
 
@@ -50,6 +52,7 @@ consistency.
 | `k3s_build_cluster`                      | When multiple `play_hosts` are available, attempt to cluster. Read notes below.     | `true`                                  |
 | `k3s_github_url`                         | Set the GitHub URL to install k3s from.                                             | https://github.com/rancher/k3s          |
 | `k3s_install_dir`                        | Installation directory for k3s.                                                     | `/usr/local/bin`                        |
+| `k3s_install_hard_links`                 | Install using hard links rather than symbolic links.                                | `false`                                 |
 | `k3s_server_manifests_dir`               | Path for place the `k3s_server_manifests_templates`.                                | `/var/lib/rancher/k3s/server/manifests` |
 | `k3s_server_manifests_templates`         | A list of Auto-Deploying Manifests Templates.                                       | []                                      |
 | `k3s_use_experimental`                   | Allow the use of experimental features in k3s.                                      | `false`                                 |
@@ -117,6 +120,48 @@ k3s_release_version: v1.18          # latest v1.18 release
 k3s_release_version: v1.17-testing  # latest v1.17 testing release
 ```
 
+#### Important node about `k3s_install_hard_links`
+
+If you are using the [system-upgrade-controller](https://github.com/rancher/system-upgrade-controller)
+you will need to use hard links rather than symbolic links as the controller
+will not be able to follow symbolic links. This option has been added however
+is not enabled by default to avoid breaking existing installations.
+
+To enable the use of hard links, ensure `k3s_install_hard_links` is set
+to `true`.
+
+```yaml
+k3s_install_hard_links: true
+```
+
+The result of this can be seen by running the following in `k3s_install_dir`:
+
+`ls -larthi | grep -E 'k3s|ctr|ctl' | grep -vE ".sh$" | sort`
+
+Symbolic Links:
+
+```text
+[root@node1 bin]# ls -larthi | grep -E 'k3s|ctr|ctl' | grep -vE ".sh$" | sort
+3277823 -rwxr-xr-x 1 root root  52M Jul 25 12:50 k3s-v1.18.4+k3s1
+3279565 lrwxrwxrwx 1 root root   31 Jul 25 12:52 k3s -> /usr/local/bin/k3s-v1.18.6+k3s1
+3279644 -rwxr-xr-x 1 root root  51M Jul 25 12:52 k3s-v1.18.6+k3s1
+3280079 lrwxrwxrwx 1 root root   31 Jul 25 12:52 ctr -> /usr/local/bin/k3s-v1.18.6+k3s1
+3280080 lrwxrwxrwx 1 root root   31 Jul 25 12:52 crictl -> /usr/local/bin/k3s-v1.18.6+k3s1
+3280081 lrwxrwxrwx 1 root root   31 Jul 25 12:52 kubectl -> /usr/local/bin/k3s-v1.18.6+k3s1
+```
+
+Hard Links:
+
+```text
+[root@node1 bin]# ls -larthi | grep -E 'k3s|ctr|ctl' | grep -vE ".sh$" | sort
+3277823 -rwxr-xr-x 1 root root  52M Jul 25 12:50 k3s-v1.18.4+k3s1
+3279644 -rwxr-xr-x 5 root root  51M Jul 25 12:52 crictl
+3279644 -rwxr-xr-x 5 root root  51M Jul 25 12:52 ctr
+3279644 -rwxr-xr-x 5 root root  51M Jul 25 12:52 k3s
+3279644 -rwxr-xr-x 5 root root  51M Jul 25 12:52 k3s-v1.18.6+k3s1
+3279644 -rwxr-xr-x 5 root root  51M Jul 25 12:52 kubectl
+```
+
 #### Important note about `k3s_build_cluster`
 
 If you set `k3s_build_cluster` to `false`, this role will install each play

defaults/main.yml

@@ -19,6 +19,9 @@ k3s_github_url: https://github.com/rancher/k3s
 # Installation directory for k3s
 k3s_install_dir: /usr/local/bin
 
+# Install using hard links rather than symbolic links
+k3s_install_hard_links: false
+
 # Path for additional Kubernetes Manifests
 # https://rancher.com/docs/k3s/latest/en/advanced/#auto-deploying-manifests
 k3s_server_manifests_dir: /var/lib/rancher/k3s/server/manifests

molecule/default/playbook.yml

@@ -4,5 +4,7 @@
   become: true
   vars:
     molecule_is_test: true
+    k3s_release_version: v1.18.6+k3s1
+    k3s_install_hard_links: true
   roles:
     - role: xanmanning.k3s

tasks/build/configure-k3s-cluster.yml

@@ -5,13 +5,19 @@
     path: "/var/lib/rancher/k3s/server/node-token"
   register: k3s_slurped_control_token
   delegate_to: "{{ k3s_control_delegate }}"
-  when: k3s_control_token is not defined
+  when: k3s_control_token is not defined and not ansible_check_mode
   become: "{{ k3s_become_for_kubectl | ternary(true, false, k3s_become_for_all) }}"
 
 - name: Ensure NODE_TOKEN is formatted correctly for use in templates
   set_fact:
     k3s_control_token: "{{ k3s_slurped_control_token.content | b64decode }}"
-  when: k3s_control_token is not defined
+  when: k3s_control_token is not defined and not ansible_check_mode
+
+- name: Ensure dummy NODE_TOKEN is defined for ansible_check_mode
+  set_fact:
+    k3s_control_token: "{{ k3s_control_delegate | to_uuid }}"
+  check_mode: false
+  when: k3s_control_token is not defined and ansible_check_mode
 
 - name: Ensure k3s service unit file is present
   template:
@@ -54,5 +60,5 @@
          and kubectl_get_nodes_result.stdout.find("NotReady") == -1
   retries: 30
   delay: 20
-  when: k3s_control_node and not k3s_no_flannel
+  when: k3s_control_node and not k3s_no_flannel and not ansible_check_mode
   become: "{{ k3s_become_for_kubectl | ternary(true, false, k3s_become_for_all) }}"

tasks/build/download-k3s.yml

@@ -4,17 +4,20 @@
   set_fact:
     k3s_arch: "{{ k3s_arch_lookup[ansible_architecture].arch }}"
     k3s_arch_suffix: "{{ k3s_arch_lookup[ansible_architecture].suffix }}"
+  check_mode: false
 
 - name: Ensure URLs are set as facts for downloading binaries
   set_fact:
     k3s_binary_url: "{{ k3s_github_download_url }}/{{ k3s_release_version }}/k3s{{ k3s_arch_suffix }}"
     k3s_hash_url: "{{ k3s_github_download_url }}/{{ k3s_release_version }}/sha256sum-{{ k3s_arch }}.txt"
+  check_mode: false
 
 - name: Ensure the k3s hashsum is downloaded
   uri:
     url: "{{ k3s_hash_url }}"
     return_content: true
   register: k3s_hash_sum_raw
+  check_mode: false
 
 - name: Ensure sha256sum is set from hashsum variable
   set_fact:
@@ -23,6 +26,7 @@
       reject('search', 'images') |
       first).split() | first }}"
   changed_when: false
+  check_mode: false
 
 - name: Ensure installation directory exists
   file:

tasks/build/get-version.yml

@@ -3,11 +3,13 @@
 - name: Ensure k3s_release_version is set to default if false
   set_fact:
     k3s_release_version: "{{ k3s_release_channel }}"
+  check_mode: false
   when: k3s_release_version is defined and not k3s_release_version
 
 - name: Ensure the default release channel is set
   set_fact:
     k3s_release_channel: "{{ k3s_release_version | default('stable') }}"
+  check_mode: false
 
 - name: Get the latest release version from k3s.io
   uri:
@@ -15,10 +17,12 @@
     return_content: true
     body_format: json
   register: k3s_latest_release
+  check_mode: false
 
 - name: Ensure the release version is set as a fact
   set_fact:
     k3s_release_version: "{{ item.latest }}"
   loop: "{{ k3s_latest_release.json.data }}"
+  check_mode: false
   when: item.name == k3s_release_channel
         and item.type == "channel"

tasks/build/install-k3s.yml

@@ -1,12 +1,13 @@
 ---
 
-- name: Ensure k3s is symlinked into the installation destination on the contol plane
+- name: Ensure k3s is linked into the installation destination on the contol plane
   file:
     src: "{{ k3s_install_dir }}/k3s-{{ k3s_release_version }}"
     dest: "{{ k3s_install_dir }}/k3s"
-    state: link
-  when: (k3s_control_node and k3s_controller_count | length == 1)
-        or (k3s_primary_control_node and k3s_controller_count | length > 1)
+    state: "{{ 'hard' if k3s_install_hard_links else 'link' }}"
+    force: "{{ k3s_install_hard_links }}"
+  when: ((k3s_control_node and k3s_controller_count | length == 1)
+        or (k3s_primary_control_node and k3s_controller_count | length > 1)) and not ansible_check_mode
   notify:
     - restart k3s
   become: "{{ k3s_become_for_install_dir | ternary(true, false, k3s_become_for_all) }}"
@@ -44,11 +45,12 @@
     mode: 0700
   become: "{{ k3s_become_for_usr_local_bin | ternary(true, false, k3s_become_for_all) }}"
 
-- name: Ensure k3s is symlinked into the installation destinations across all nodes
+- name: Ensure k3s is linked into the installation destinations across all nodes
   file:
     src: "{{ k3s_install_dir }}/k3s-{{ k3s_release_version }}"
     dest: "{{ k3s_install_dir }}/{{ item }}"
-    state: link
+    state: "{{ 'hard' if k3s_install_hard_links else 'link' }}"
+    force: "{{ k3s_install_hard_links }}"
   notify:
     - restart k3s
   loop:
@@ -56,6 +58,7 @@
     - kubectl
     - crictl
     - ctr
+  when: not ansible_check_mode
   become: "{{ k3s_become_for_install_dir | ternary(true, false, k3s_become_for_all) }}"
 
 - name: Ensure k3s control plane is started

tasks/build/preconfigure-k3s.yml

@@ -48,6 +48,7 @@
     create: true
     regexp: "^{{ item }} @@@ {{ hostvars[item].ansible_host | default(hostvars[item].ansible_fqdn) }}"
   loop: "{{ play_hosts }}"
+  check_mode: false
   when: hostvars[item].k3s_control_node is defined
 
 - name: Delegate a master control plane node
@@ -55,16 +56,19 @@
     - name: Lookup control node from file
       command: "grep '{{ 'P_True' if (k3s_controller_count | length > 1) else 'C_True' }}' /tmp/inventory.txt"
       changed_when: false
+      check_mode: false
       register: k3s_control_delegate_raw
 
     - name: Ensure control node is delegated to for obtaining a token
       set_fact:
         k3s_control_delegate: "{{ k3s_control_delegate_raw.stdout.split(' @@@ ')[0] }}"
+      check_mode: false
       when: k3s_control_delegate is not defined
 
     - name: Ensure the control node address is registered in Ansible
       set_fact:
         k3s_control_node_address: "{{ hostvars[k3s_control_delegate].ansible_host | default(hostvars[k3s_control_delegate].ansible_fqdn) }}"
+      check_mode: false
       when: k3s_control_node_address is not defined
 
   when: k3s_control_node_address is not defined

tasks/teardown/drain-and-remove-nodes.yml

@@ -41,3 +41,4 @@
   when: k3s_check_kubectl.stat.exists is defined
         and k3s_check_kubectl.stat.exists
         and k3s_control_delegate is defined
+        and not ansible_check_mode

templates/k3s-uninstall.sh.j2

@@ -30,8 +30,11 @@ K3SSVC=$(ls /etc/systemd/system/k3s*.service || true)
 
 if [[ "${K3SSVC}" != "" ]] ; then
     for unit in /etc/systemd/system/k3s*.service ; do
+        unit_name="$(basename "${unit}")"
+        systemctl stop "${unit_name}"
         [ -f "${unit}" ] && rm -f "${unit}"
     done
+    systemctl daemon-reload
 fi
 
 K3SINIT=$(ls /etc/init.d/k3s* || true)
@@ -42,17 +45,17 @@ if [[ "${K3SINIT}" != "" ]] ; then
 fi
 
 for cmd in {kubectl,crictl,ctr} ; do
-    if [ -L "{{ k3s_install_dir }}/${cmd}" ]; then
+    if [ -f "{{ k3s_install_dir }}/${cmd}" ]; then
         rm -f "{{ k3s_install_dir }}/${cmd}"
     fi
 done
 
+for bin in {{ k3s_install_dir }}/k3s*; do
+    [ -f "${bin}" ] && rm -f "${bin}"
+done
+
 [ -d /etc/rancher/k3s ] && rm -rf /etc/rancher/k3s
 [ -d /var/lib/rancher/k3s ] && rm -rf /var/lib/rancher/k3s
 [ -d /var/lib/kubelet ] && rm -rf /var/lib/kubelet
 
-for bin in {{ k3s_install_dir }}/k3s*; do
-    [ -f "${bin}" ] && rm -f "${bin}"
-done
-
 [ -f /usr/local/bin/k3s-killall.sh ] && rm -f /usr/local/bin/k3s-killall.sh