Set embedded Etcd as stable, deprecate docker

This commit is contained in:
Xan Manning 2020-12-12 14:27:59 +00:00
parent 5d3524d729
commit 34e2af3d47
44 changed files with 124 additions and 104 deletions

View file

@ -14,6 +14,22 @@
--- ---
--> -->
## 2020-12-12, v2.2.0
### Notable changes
- Use of FQCNs enforced, minimum Ansible version now v2.10
- `k3s_etcd_datastore` no longer experimental after K3s version v1.19.5+k3s1
- Docker marked as deprecated for K3s > v1.20.0+k3s1
### Breaking changes
- Use of FQCNs enforced, minimum Ansible version now v2.10
- Use of Docker requires `k3s_use_unsupported_config` to be `true` after
v1.20.0+k3s1
---
## 2020-12-05, v2.1.1 ## 2020-12-05, v2.1.1
### Notable changes ### Notable changes

View file

@ -86,7 +86,7 @@ consistency. These are generally cluster-level configuration.
| `k3s_server_manifests_templates` | A list of Auto-Deploying Manifests Templates. | [] | | `k3s_server_manifests_templates` | A list of Auto-Deploying Manifests Templates. | [] |
| `k3s_use_experimental` | Allow the use of experimental features in k3s. | `false` | | `k3s_use_experimental` | Allow the use of experimental features in k3s. | `false` |
| `k3s_use_unsupported_config` | Allow the use of unsupported configurations in k3s. | `false` | | `k3s_use_unsupported_config` | Allow the use of unsupported configurations in k3s. | `false` |
| `k3s_etcd_datastore` | Enable etcd embedded datastore (EXPERIMENTAL, read notes below). | `false` | | `k3s_etcd_datastore` | Enable etcd embedded datastore (read notes below). | `false` |
| `k3s_debug` | Enable debug logging on the k3s service. | `false` | | `k3s_debug` | Enable debug logging on the k3s service. | `false` |
### Ansible Controller Configuration Variables ### Ansible Controller Configuration Variables
@ -269,13 +269,12 @@ with a `datastore-endpoint` defined. As this is not a typically supported
configuration you will need to set `k3s_use_unsupported_config` to `true`. configuration you will need to set `k3s_use_unsupported_config` to `true`.
Since K3s v1.19.1 it is possible to use an embedded Etcd as the backend Since K3s v1.19.1 it is possible to use an embedded Etcd as the backend
database, and this is done by setting `k3s_etcd_datastore` to true. database, and this is done by setting `k3s_etcd_datastore` to `true`.
As this is an experimental feature you will also need to set The best practice for Etcd is to define at least 3 members to ensure quorum is
`k3s_use_experimental` to `true`. The best practice for Etcd is to define at established. In addition to this, an odd number of members is recommended to
least 3 members to ensure quorum is established. In addition to this, an odd ensure a majority in the event of a network partition. If you want to use 2
number of members is recommended to ensure a majority in the event of a network members or an even number of members, please set `k3s_use_unsupported_config`
partition. If you want to use 2 members or an even number of members, to `true`.
please set `k3s_use_unsupported_config` to `true`.
## Dependencies ## Dependencies

View file

@ -41,7 +41,7 @@ k3s_use_experimental: false
# Allow for unsupported configurations in k3s? # Allow for unsupported configurations in k3s?
k3s_use_unsupported_config: false k3s_use_unsupported_config: false
# Enable etcd embedded datastore (EXPERIMENTAL) # Enable etcd embedded datastore
k3s_etcd_datastore: false k3s_etcd_datastore: false

View file

@ -92,7 +92,7 @@ Here is our playbook for the k3s cluster (`ha_cluster.yml`):
vars: vars:
k3s_become_for_all: true k3s_become_for_all: true
k3s_etcd_datastore: true k3s_etcd_datastore: true
k3s_use_experimental: true # Note this is required for k3s v1.19.4+k3s1 k3s_use_experimental: true # Note this is required for k3s < v1.19.5+k3s1
roles: roles:
- xanmanning.k3s - xanmanning.k3s
``` ```

View file

@ -1,13 +1,13 @@
--- ---
- name: reload systemd - name: reload systemd
systemd: ansible.builtin.systemd:
daemon_reload: true daemon_reload: true
scope: "{{ k3s_systemd_context }}" scope: "{{ k3s_systemd_context }}"
become: "{{ k3s_become_for_systemd | ternary(true, false, k3s_become_for_all) }}" become: "{{ k3s_become_for_systemd | ternary(true, false, k3s_become_for_all) }}"
- name: restart k3s - name: restart k3s
systemd: ansible.builtin.systemd:
name: k3s name: k3s
state: restarted state: restarted
scope: "{{ k3s_systemd_context }}" scope: "{{ k3s_systemd_context }}"
@ -17,7 +17,7 @@
become: "{{ k3s_become_for_systemd | ternary(true, false, k3s_become_for_all) }}" become: "{{ k3s_become_for_systemd | ternary(true, false, k3s_become_for_all) }}"
- name: restart docker - name: restart docker
systemd: ansible.builtin.systemd:
name: docker name: docker
state: restarted state: restarted
enabled: true enabled: true

View file

@ -5,5 +5,5 @@
hosts: all hosts: all
tasks: tasks:
- name: Example assertion - name: Example assertion
assert: ansible.builtin.assert:
that: true that: true

View file

@ -5,5 +5,5 @@
hosts: all hosts: all
tasks: tasks:
- name: Example assertion - name: Example assertion
assert: ansible.builtin.assert:
that: true that: true

View file

@ -4,18 +4,18 @@
become: true become: true
tasks: tasks:
- name: Ensure a user group exists - name: Ensure a user group exists
group: ansible.builtin.group:
name: user name: user
state: present state: present
- name: Ensure a normal user exists - name: Ensure a normal user exists
user: ansible.builtin.user:
name: k3suser name: k3suser
group: user group: user
state: present state: present
- name: Ensure a normal user has bin directory - name: Ensure a normal user has bin directory
file: ansible.builtin.file:
path: /home/k3suser/bin path: /home/k3suser/bin
state: directory state: directory
owner: k3suser owner: k3suser

View file

@ -3,6 +3,6 @@
hosts: all hosts: all
tasks: tasks:
- name: Ensure apt cache is updated - name: Ensure apt cache is updated
apt: ansible.builtin.apt:
update_cache: true update_cache: true
when: ansible_pkg_mgr == 'apt' when: ansible_pkg_mgr == 'apt'

View file

@ -3,6 +3,6 @@
hosts: all hosts: all
tasks: tasks:
- name: Ensure apt cache is updated - name: Ensure apt cache is updated
apt: ansible.builtin.apt:
update_cache: true update_cache: true
when: ansible_pkg_mgr == 'apt' when: ansible_pkg_mgr == 'apt'

View file

@ -3,23 +3,23 @@
hosts: loadbalancer hosts: loadbalancer
tasks: tasks:
- name: Ensure apt cache is updated - name: Ensure apt cache is updated
apt: ansible.builtin.apt:
update_cache: true update_cache: true
when: ansible_pkg_mgr == 'apt' when: ansible_pkg_mgr == 'apt'
- name: Ensure HAProxy is installed - name: Ensure HAProxy is installed
package: ansible.builtin.package:
name: haproxy name: haproxy
state: present state: present
- name: Ensure HAProxy config directory exists - name: Ensure HAProxy config directory exists
file: ansible.builtin.file:
path: /usr/local/etc/haproxy path: /usr/local/etc/haproxy
state: directory state: directory
mode: 0755 mode: 0755
- name: Ensure HAProxy is configured - name: Ensure HAProxy is configured
template: ansible.builtin.template:
src: haproxy-loadbalancer.conf.j2 src: haproxy-loadbalancer.conf.j2
dest: /usr/local/etc/haproxy/haproxy.cfg dest: /usr/local/etc/haproxy/haproxy.cfg
mode: 0644 mode: 0644

View file

@ -3,23 +3,23 @@
hosts: loadbalancer hosts: loadbalancer
tasks: tasks:
- name: Ensure apt cache is updated - name: Ensure apt cache is updated
apt: ansible.builtin.apt:
update_cache: true update_cache: true
when: ansible_pkg_mgr == 'apt' when: ansible_pkg_mgr == 'apt'
- name: Ensure HAProxy is installed - name: Ensure HAProxy is installed
package: ansible.builtin.package:
name: haproxy name: haproxy
state: present state: present
- name: Ensure HAProxy config directory exists - name: Ensure HAProxy config directory exists
file: ansible.builtin.file:
path: /usr/local/etc/haproxy path: /usr/local/etc/haproxy
state: directory state: directory
mode: 0755 mode: 0755
- name: Ensure HAProxy is configured - name: Ensure HAProxy is configured
template: ansible.builtin.template:
src: haproxy-loadbalancer.conf.j2 src: haproxy-loadbalancer.conf.j2
dest: /usr/local/etc/haproxy/haproxy.cfg dest: /usr/local/etc/haproxy/haproxy.cfg
mode: 0644 mode: 0644

View file

@ -5,5 +5,5 @@
hosts: all hosts: all
tasks: tasks:
- name: Example assertion - name: Example assertion
assert: ansible.builtin.assert:
that: true that: true

View file

@ -1,7 +1,7 @@
--- ---
- name: Ensure NODE_TOKEN is captured from control node - name: Ensure NODE_TOKEN is captured from control node
slurp: ansible.builtin.slurp:
path: "{{ k3s_runtime_config['data-dir'] | default ('/var/lib/rancher/k3s') }}/server/node-token" path: "{{ k3s_runtime_config['data-dir'] | default ('/var/lib/rancher/k3s') }}/server/node-token"
register: k3s_slurped_control_token register: k3s_slurped_control_token
delegate_to: "{{ k3s_control_delegate }}" delegate_to: "{{ k3s_control_delegate }}"
@ -20,14 +20,14 @@
when: k3s_control_token is not defined and ansible_check_mode when: k3s_control_token is not defined and ansible_check_mode
- name: Ensure the cluster NODE_TOKEN file location exists - name: Ensure the cluster NODE_TOKEN file location exists
file: ansible.builtin.file:
path: "{{ k3s_token_location | dirname }}" path: "{{ k3s_token_location | dirname }}"
state: directory state: directory
mode: 0755 mode: 0755
become: "{{ k3s_become_for_systemd | ternary(true, false, k3s_become_for_all) }}" become: "{{ k3s_become_for_systemd | ternary(true, false, k3s_become_for_all) }}"
- name: Ensure k3s cluster token file is present on workers and secondary control nodes - name: Ensure k3s cluster token file is present on workers and secondary control nodes
template: ansible.builtin.template:
src: cluster-token.j2 src: cluster-token.j2
dest: "{{ k3s_token_location }}" dest: "{{ k3s_token_location }}"
mode: 0600 mode: 0600
@ -38,7 +38,7 @@
- restart k3s - restart k3s
- name: Ensure k3s service unit file is present - name: Ensure k3s service unit file is present
template: ansible.builtin.template:
src: k3s.service.j2 src: k3s.service.j2
dest: "{{ k3s_systemd_unit_dir }}/k3s.service" dest: "{{ k3s_systemd_unit_dir }}/k3s.service"
mode: 0644 mode: 0644
@ -48,7 +48,7 @@
- restart k3s - restart k3s
- name: Ensure k3s config file exists - name: Ensure k3s config file exists
template: ansible.builtin.template:
src: config.yaml.j2 src: config.yaml.j2
dest: "{{ k3s_config_file }}" dest: "{{ k3s_config_file }}"
mode: 0644 mode: 0644
@ -58,7 +58,7 @@
become: "{{ k3s_become_for_install_dir | ternary(true, false, k3s_become_for_all) }}" become: "{{ k3s_become_for_install_dir | ternary(true, false, k3s_become_for_all) }}"
- name: Ensure secondary controllers are started - name: Ensure secondary controllers are started
service: ansible.builtin.systemd:
name: k3s name: k3s
state: started state: started
enabled: true enabled: true

View file

@ -21,7 +21,7 @@
check_mode: false check_mode: false
- name: Ensure the k3s hashsum is downloaded - name: Ensure the k3s hashsum is downloaded
uri: ansible.builtin.uri:
url: "{{ k3s_hash_url }}" url: "{{ k3s_hash_url }}"
return_content: true return_content: true
register: k3s_hash_sum_raw register: k3s_hash_sum_raw
@ -37,13 +37,13 @@
check_mode: false check_mode: false
- name: Ensure installation directory exists - name: Ensure installation directory exists
file: ansible.builtin.file:
path: "{{ k3s_install_dir }}" path: "{{ k3s_install_dir }}"
state: directory state: directory
mode: 0755 mode: 0755
- name: Ensure k3s binary is downloaded - name: Ensure k3s binary is downloaded
get_url: ansible.builtin.get_url:
url: "{{ k3s_binary_url }}" url: "{{ k3s_binary_url }}"
dest: "{{ k3s_install_dir }}/k3s-{{ k3s_release_version }}" dest: "{{ k3s_install_dir }}/k3s-{{ k3s_release_version }}"
checksum: "sha256:{{ k3s_hash_sum }}" checksum: "sha256:{{ k3s_hash_sum }}"

View file

@ -12,7 +12,7 @@
check_mode: false check_mode: false
- name: Get the latest release version from k3s.io - name: Get the latest release version from k3s.io
uri: ansible.builtin.uri:
url: "{{ k3s_api_releases }}" url: "{{ k3s_api_releases }}"
return_content: true return_content: true
body_format: json body_format: json

View file

@ -1,7 +1,7 @@
--- ---
- name: Ensure docker is installed using Pacman - name: Ensure docker is installed using Pacman
pacman: community.general.pacman:
name: docker name: docker
state: present state: present
register: ensure_docker_prerequisites_installed register: ensure_docker_prerequisites_installed

View file

@ -1,7 +1,7 @@
--- ---
- name: Ensure docker is installed using Zypper - name: Ensure docker is installed using Zypper
zypper: community.general.zypper:
name: docker name: docker
state: present state: present
register: ensure_docker_prerequisites_installed register: ensure_docker_prerequisites_installed

View file

@ -1,7 +1,7 @@
--- ---
- name: Ensure Docker prerequisites are installed - name: Ensure Docker prerequisites are installed
apt: ansible.builtin.apt:
name: name:
- apt-transport-https - apt-transport-https
- ca-certificates - ca-certificates
@ -16,13 +16,13 @@
become: "{{ k3s_become_for_package_install | ternary(true, false, k3s_become_for_all) }}" become: "{{ k3s_become_for_package_install | ternary(true, false, k3s_become_for_all) }}"
- name: Ensure Docker APT key is present - name: Ensure Docker APT key is present
apt_key: ansible.builtin.apt_key:
url: https://download.docker.com/linux/{{ ansible_distribution | lower }}/gpg url: https://download.docker.com/linux/{{ ansible_distribution | lower }}/gpg
state: present state: present
become: "{{ k3s_become_for_package_install | ternary(true, false, k3s_become_for_all) }}" become: "{{ k3s_become_for_package_install | ternary(true, false, k3s_become_for_all) }}"
- name: Ensure Docker repository is installed and configured - name: Ensure Docker repository is installed and configured
apt_repository: ansible.builtin.apt_repository:
filename: docker-ce filename: docker-ce
repo: "deb https://download.docker.com/linux/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} stable" repo: "deb https://download.docker.com/linux/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} stable"
update_cache: true update_cache: true

View file

@ -1,7 +1,7 @@
--- ---
- name: Ensure python-dnf is installed - name: Ensure python-dnf is installed
package: ansible.builtin.package:
name: "{{ 'python-dnf' if ansible_python_version is version_compare('3.0.0', '<') else 'python3-dnf' }}" name: "{{ 'python-dnf' if ansible_python_version is version_compare('3.0.0', '<') else 'python3-dnf' }}"
state: present state: present
register: ensure_python_dnf_installed register: ensure_python_dnf_installed
@ -12,7 +12,7 @@
when: ansible_pkg_mgr == 'dnf' when: ansible_pkg_mgr == 'dnf'
- name: Ensure Docker prerequisites are installed - name: Ensure Docker prerequisites are installed
yum: ansible.builtin.yum:
name: name:
- yum-utils - yum-utils
- device-mapper-persistent-data - device-mapper-persistent-data
@ -25,14 +25,14 @@
become: "{{ k3s_become_for_package_install | ternary(true, false, k3s_become_for_all) }}" become: "{{ k3s_become_for_package_install | ternary(true, false, k3s_become_for_all) }}"
- name: Check to see if Docker repository is available for this distribution - name: Check to see if Docker repository is available for this distribution
uri: ansible.builtin.uri:
url: "https://download.docker.com/linux/{{ ansible_distribution | lower }}/{{ ansible_distribution_major_version }}" url: "https://download.docker.com/linux/{{ ansible_distribution | lower }}/{{ ansible_distribution_major_version }}"
register: k3s_redhat_repo_check register: k3s_redhat_repo_check
failed_when: false failed_when: false
changed_when: false changed_when: false
- name: Ensure Docker repository is installed and configured - name: Ensure Docker repository is installed and configured
yum_repository: ansible.builtin.yum_repository:
name: docker-ce name: docker-ce
description: Docker CE Repository description: Docker CE Repository
baseurl: https://download.docker.com/linux/{{ ansible_distribution | lower }}/{{ ansible_distribution_major_version }}/$basearch/stable baseurl: https://download.docker.com/linux/{{ ansible_distribution | lower }}/{{ ansible_distribution_major_version }}/$basearch/stable

View file

@ -1,7 +1,7 @@
--- ---
- name: Ensure docker is installed using Zypper - name: Ensure docker is installed using Zypper
zypper: community.general.zypper:
name: docker name: docker
state: present state: present
register: ensure_docker_prerequisites_installed register: ensure_docker_prerequisites_installed

View file

@ -1,7 +1,7 @@
--- ---
- name: Ensure docker is installed - name: Ensure docker is installed
package: ansible.builtin.package:
name: name:
- docker-ce - docker-ce
- docker-ce-cli - docker-ce-cli

View file

@ -1,7 +1,7 @@
--- ---
- name: Ensure k3s is linked into the installation destination - name: Ensure k3s is linked into the installation destination
file: ansible.builtin.file:
src: "{{ k3s_install_dir }}/k3s-{{ k3s_release_version }}" src: "{{ k3s_install_dir }}/k3s-{{ k3s_release_version }}"
dest: "{{ k3s_install_dir }}/{{ item }}" dest: "{{ k3s_install_dir }}/{{ item }}"
state: "{{ 'hard' if k3s_install_hard_links else 'link' }}" state: "{{ 'hard' if k3s_install_hard_links else 'link' }}"
@ -18,7 +18,7 @@
become: "{{ k3s_become_for_install_dir | ternary(true, false, k3s_become_for_all) }}" become: "{{ k3s_become_for_install_dir | ternary(true, false, k3s_become_for_all) }}"
- name: Ensure k3s config file exists - name: Ensure k3s config file exists
template: ansible.builtin.template:
src: config.yaml.j2 src: config.yaml.j2
dest: "{{ k3s_config_file }}" dest: "{{ k3s_config_file }}"
mode: 0644 mode: 0644
@ -28,7 +28,7 @@
become: "{{ k3s_become_for_install_dir | ternary(true, false, k3s_become_for_all) }}" become: "{{ k3s_become_for_install_dir | ternary(true, false, k3s_become_for_all) }}"
- name: Ensure k3s service unit file is present - name: Ensure k3s service unit file is present
template: ansible.builtin.template:
src: k3s.service.j2 src: k3s.service.j2
dest: "{{ k3s_systemd_unit_dir }}/k3s.service" dest: "{{ k3s_systemd_unit_dir }}/k3s.service"
mode: 0644 mode: 0644
@ -38,7 +38,7 @@
become: "{{ k3s_become_for_systemd | ternary(true, false, k3s_become_for_all) }}" become: "{{ k3s_become_for_systemd | ternary(true, false, k3s_become_for_all) }}"
- name: Ensure k3s killall script is present - name: Ensure k3s killall script is present
template: ansible.builtin.template:
src: k3s-killall.sh.j2 src: k3s-killall.sh.j2
dest: "/usr/local/bin/k3s-killall.sh" dest: "/usr/local/bin/k3s-killall.sh"
mode: 0700 mode: 0700
@ -48,7 +48,7 @@
or not k3s_runtime_config.rootless) or not k3s_runtime_config.rootless)
- name: Ensure k3s uninstall script is present - name: Ensure k3s uninstall script is present
template: ansible.builtin.template:
src: k3s-uninstall.sh.j2 src: k3s-uninstall.sh.j2
dest: "/usr/local/bin/k3s-uninstall.sh" dest: "/usr/local/bin/k3s-uninstall.sh"
mode: 0700 mode: 0700

View file

@ -1,21 +1,21 @@
--- ---
- name: Ensure config directory exists - name: Ensure config directory exists
file: ansible.builtin.file:
path: "{{ k3s_config_file | dirname }}" path: "{{ k3s_config_file | dirname }}"
state: directory state: directory
mode: 0755 mode: 0755
become: "{{ k3s_become_for_install_dir | ternary(true, false, k3s_become_for_all) }}" become: "{{ k3s_become_for_install_dir | ternary(true, false, k3s_become_for_all) }}"
- name: Ensure systemd unit file directory exists - name: Ensure systemd unit file directory exists
file: ansible.builtin.file:
path: "{{ k3s_systemd_unit_dir }}" path: "{{ k3s_systemd_unit_dir }}"
state: directory state: directory
mode: 0755 mode: 0755
become: "{{ k3s_become_for_systemd | ternary(true, false, k3s_become_for_all) }}" become: "{{ k3s_become_for_systemd | ternary(true, false, k3s_become_for_all) }}"
- name: Ensure data directory exists when not using the default - name: Ensure data directory exists when not using the default
file: ansible.builtin.file:
path: "{{ k3s_runtime_config['data-dir'] | default('/var/lib/rancher/k3s') }}" path: "{{ k3s_runtime_config['data-dir'] | default('/var/lib/rancher/k3s') }}"
state: directory state: directory
mode: 0755 mode: 0755
@ -34,7 +34,7 @@
when: k3s_build_cluster when: k3s_build_cluster
- name: Ensure k3s control plane is started - name: Ensure k3s control plane is started
systemd: ansible.builtin.systemd:
name: k3s name: k3s
state: started state: started
enabled: true enabled: true

View file

@ -1,7 +1,7 @@
--- ---
- name: Ensure that the manifests directory exists - name: Ensure that the manifests directory exists
file: ansible.builtin.file:
state: directory state: directory
path: "{{ k3s_server_manifests_dir }}" path: "{{ k3s_server_manifests_dir }}"
mode: 0755 mode: 0755
@ -9,7 +9,7 @@
# https://rancher.com/docs/k3s/latest/en/advanced/#auto-deploying-manifests # https://rancher.com/docs/k3s/latest/en/advanced/#auto-deploying-manifests
- name: Ensure Auto-Deploying Manifests are copied to controllers - name: Ensure Auto-Deploying Manifests are copied to controllers
template: ansible.builtin.template:
src: "{{ item }}" src: "{{ item }}"
dest: "{{ k3s_server_manifests_dir }}/{{ item | basename | replace('.j2','') }}" dest: "{{ k3s_server_manifests_dir }}/{{ item | basename | replace('.j2','') }}"
mode: 0644 mode: 0644

View file

@ -41,7 +41,7 @@
and k3s_build_cluster is defined and k3s_build_cluster and k3s_build_cluster is defined and k3s_build_cluster
- name: Ensure ansible_host is mapped to inventory_hostname - name: Ensure ansible_host is mapped to inventory_hostname
lineinfile: ansible.builtin.lineinfile:
path: /tmp/inventory.txt path: /tmp/inventory.txt
line: >- line: >-
{{ item }} {{ item }}

View file

@ -1,14 +1,14 @@
--- ---
- name: Ensure k3s service is started - name: Ensure k3s service is started
systemd: ansible.builtin.systemd:
name: k3s name: k3s
state: started state: started
enabled: true enabled: true
when: k3s_non_root is not defined or not k3s_non_root when: k3s_non_root is not defined or not k3s_non_root
- name: Ensure k3s service is started - name: Ensure k3s service is started
systemd: ansible.builtin.systemd:
name: k3s name: k3s
state: started state: started
enabled: true enabled: true

View file

@ -1,14 +1,14 @@
--- ---
- name: Ensure k3s service is stopped - name: Ensure k3s service is stopped
systemd: ansible.builtin.systemd:
name: k3s name: k3s
state: stopped state: stopped
enabled: false enabled: false
when: k3s_non_root is not defined or not k3s_non_root when: k3s_non_root is not defined or not k3s_non_root
- name: Ensure k3s service is started - name: Ensure k3s service is started
systemd: ansible.builtin.systemd:
name: k3s name: k3s
state: stopped state: stopped
enabled: false enabled: false

View file

@ -1,7 +1,7 @@
--- ---
- name: Check if kubectl exists - name: Check if kubectl exists
stat: ansible.builtin.stat:
path: "{{ k3s_install_dir }}/kubectl" path: "{{ k3s_install_dir }}/kubectl"
register: k3s_check_kubectl register: k3s_check_kubectl
become: "{{ k3s_become_for_kubectl | ternary(true, false, k3s_become_for_all) }}" become: "{{ k3s_become_for_kubectl | ternary(true, false, k3s_become_for_all) }}"

View file

@ -1,7 +1,7 @@
--- ---
- name: Ensure docker is uninstalled using Pacman - name: Ensure docker is uninstalled using Pacman
pacman: community.general.pacman:
name: docker name: docker
state: absent state: absent
register: ensure_docker_uninstalled register: ensure_docker_uninstalled

View file

@ -1,7 +1,7 @@
--- ---
- name: Ensure docker is installed using Zypper - name: Ensure docker is installed using Zypper
zypper: community.general.zypper:
name: docker name: docker
state: absent state: absent
register: ensure_docker_uninstalled register: ensure_docker_uninstalled

View file

@ -1,7 +1,7 @@
--- ---
- name: Ensure Docker repository is uninstalled - name: Ensure Docker repository is uninstalled
apt_repository: ansible.builtin.apt_repository:
filename: docker-ce filename: docker-ce
repo: "deb https://download.docker.com/linux/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} stable" repo: "deb https://download.docker.com/linux/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} stable"
update_cache: false update_cache: false
@ -9,7 +9,7 @@
become: "{{ k3s_become_for_uninstall | ternary(true, false, k3s_become_for_all) }}" become: "{{ k3s_become_for_uninstall | ternary(true, false, k3s_become_for_all) }}"
- name: Ensure Docker APT key is uninstalled - name: Ensure Docker APT key is uninstalled
apt_key: ansible.builtin.apt_key:
url: https://download.docker.com/linux/{{ ansible_distribution | lower }}/gpg url: https://download.docker.com/linux/{{ ansible_distribution | lower }}/gpg
state: absent state: absent
become: "{{ k3s_become_for_uninstall | ternary(true, false, k3s_become_for_all) }}" become: "{{ k3s_become_for_uninstall | ternary(true, false, k3s_become_for_all) }}"

View file

@ -1,7 +1,7 @@
--- ---
- name: Ensure Docker repository is removed - name: Ensure Docker repository is removed
yum_repository: ansible.builtin.yum_repository:
name: docker-ce name: docker-ce
description: Docker CE Repository description: Docker CE Repository
baseurl: https://download.docker.com/linux/{{ ansible_distribution | lower }}/{{ ansible_distribution_major_version }}/$basearch/stable baseurl: https://download.docker.com/linux/{{ ansible_distribution | lower }}/{{ ansible_distribution_major_version }}/$basearch/stable

View file

@ -1,7 +1,7 @@
--- ---
- name: Ensure docker is uninstalled using Zypper - name: Ensure docker is uninstalled using Zypper
zypper: community.general.zypper:
name: docker name: docker
state: absent state: absent
register: ensure_docker_uninstalled register: ensure_docker_uninstalled

View file

@ -1,7 +1,7 @@
--- ---
- name: Ensure docker is uninstalled - name: Ensure docker is uninstalled
package: ansible.builtin.package:
name: name:
- docker-ce - docker-ce
- docker-ce-cli - docker-ce-cli

View file

@ -1,12 +1,12 @@
--- ---
- name: Check to see if k3s-killall.sh exits - name: Check to see if k3s-killall.sh exits
stat: ansible.builtin.stat:
path: /usr/local/bin/k3s-killall.sh path: /usr/local/bin/k3s-killall.sh
register: check_k3s_killall_script register: check_k3s_killall_script
- name: Check to see if k3s-uninstall.sh exits - name: Check to see if k3s-uninstall.sh exits
stat: ansible.builtin.stat:
path: /usr/local/bin/k3s-uninstall.sh path: /usr/local/bin/k3s-uninstall.sh
register: check_k3s_uninstall_script register: check_k3s_uninstall_script

View file

@ -1,7 +1,7 @@
--- ---
- name: Check the conditions when a single controller is defined - name: Check the conditions when a single controller is defined
assert: ansible.builtin.assert:
that: that:
- (k3s_controller_count | length == 1) - (k3s_controller_count | length == 1)
and ("datastore-endpoint" not in k3s_runtime_config or not k3s_runtime_config['datastore-endpoint']) and ("datastore-endpoint" not in k3s_runtime_config or not k3s_runtime_config['datastore-endpoint'])
@ -13,7 +13,7 @@
and k3s_control_node and k3s_control_node
- name: Check the conditions when multiple controllers are defined - name: Check the conditions when multiple controllers are defined
assert: ansible.builtin.assert:
that: that:
- (k3s_controller_count | length >= 2) - (k3s_controller_count | length >= 2)
and (("datastore-endpoint" in k3s_runtime_config and k3s_runtime_config['datastore-endpoint']) and (("datastore-endpoint" in k3s_runtime_config and k3s_runtime_config['datastore-endpoint'])
@ -24,7 +24,7 @@
and k3s_control_node and k3s_control_node
- name: Check the conditions when embedded etcd is defined - name: Check the conditions when embedded etcd is defined
assert: ansible.builtin.assert:
that: that:
- (k3s_controller_count | length >= 3) - (k3s_controller_count | length >= 3)
and (((k3s_controller_count | length) % 2) == 1) and (((k3s_controller_count | length) % 2) == 1)

View file

@ -1,7 +1,7 @@
--- ---
- name: Check that the control plane to is available to accept connections - name: Check that the control plane to is available to accept connections
wait_for: ansible.builtin.wait_for:
port: "{{ k3s_runtime_config['https-listen-port'] | default('6443') }}" port: "{{ k3s_runtime_config['https-listen-port'] | default('6443') }}"
host: "{{ k3s_runtime_config['bind-address'] | default('127.0.0.1') }}" host: "{{ k3s_runtime_config['bind-address'] | default('127.0.0.1') }}"
delay: 5 delay: 5

View file

@ -1,16 +1,16 @@
--- ---
- name: Check if any experimental variables are configure and if they are enabled with k3s_use_experimental - name: Check if any experimental variables are configure and if they are enabled with k3s_use_experimental
assert: ansible.builtin.assert:
that: that:
- k3s_use_experimental is defined and k3s_use_experimental - k3s_use_experimental is defined and k3s_use_experimental
success_msg: "Experimental variables are defined and enabled." success_msg: "Experimental variables are defined and enabled."
fail_msg: "Experimental variables have been configured. If you want to use them ensure you set k3s_use_experimental" fail_msg: "Experimental variable k3s_etcd_datastore has been configured. If you want to use this ensure you set k3s_use_experimental"
loop: "{{ k3s_experimental_config }}"
when: k3s_etcd_datastore is defined and k3s_etcd_datastore when: k3s_etcd_datastore is defined and k3s_etcd_datastore
and (k3s_release_version | replace('v', '')) is version_compare("1.19.5", '<')
- name: Check if any experimental variables are configure and if they are enabled with k3s_use_experimental - name: Check if any experimental variables are configure and if they are enabled with k3s_use_experimental
assert: ansible.builtin.assert:
that: that:
- k3s_use_experimental is defined and k3s_use_experimental - k3s_use_experimental is defined and k3s_use_experimental
success_msg: "Experimental variables are defined and enabled." success_msg: "Experimental variables are defined and enabled."

View file

@ -7,7 +7,7 @@
register: check_k3s_process register: check_k3s_process
- name: Fail if k3s is still running - name: Fail if k3s is still running
fail: ansible.builtin.fail:
msg: k3s is still running, uninstall script failed. Please investigate. msg: k3s is still running, uninstall script failed. Please investigate.
when: check_k3s_process.rc == 0 when: check_k3s_process.rc == 0
@ -19,12 +19,12 @@
when: ("docker" in k3s_runtime_config and k3s_runtime_config.docker) when: ("docker" in k3s_runtime_config and k3s_runtime_config.docker)
- name: Fail if docker is still running - name: Fail if docker is still running
fail: ansible.builtin.fail:
msg: docker is still running, uninstall script failed. Please investigate. msg: docker is still running, uninstall script failed. Please investigate.
when: ("docker" in k3s_runtime_config and k3s_runtime_config.docker) when: ("docker" in k3s_runtime_config and k3s_runtime_config.docker)
- name: Fail if k3s binaries have not been removed - name: Fail if k3s binaries have not been removed
stat: ansible.builtin.stat:
path: "{{ k3s_install_dir }}/{{ item }}" path: "{{ k3s_install_dir }}/{{ item }}"
register: check_k3s_binaries_removed register: check_k3s_binaries_removed
failed_when: check_k3s_binaries_removed.stat.exists failed_when: check_k3s_binaries_removed.stat.exists
@ -35,21 +35,21 @@
- ctr - ctr
- name: Check k3s-killall.sh is removed - name: Check k3s-killall.sh is removed
stat: ansible.builtin.stat:
path: /usr/local/bin/k3s-killall.sh path: /usr/local/bin/k3s-killall.sh
register: check_k3s_killall register: check_k3s_killall
- name: Fail if k3s-killall.sh script still exists - name: Fail if k3s-killall.sh script still exists
fail: ansible.builtin.fail:
msg: k3s-killall.sh is still running, uninstall script failed. Please investigate. msg: k3s-killall.sh is still running, uninstall script failed. Please investigate.
when: check_k3s_killall.stat.exists when: check_k3s_killall.stat.exists
- name: Check k3s-uninstall.sh is removed - name: Check k3s-uninstall.sh is removed
stat: ansible.builtin.stat:
path: /usr/local/bin/k3s-uninstall.sh path: /usr/local/bin/k3s-uninstall.sh
register: check_k3s_uninstall register: check_k3s_uninstall
- name: Fail if k3s-uninstall.sh script still exists - name: Fail if k3s-uninstall.sh script still exists
fail: ansible.builtin.fail:
msg: k3s-uninstall.sh is still running, uninstall script failed. Please investigate. msg: k3s-uninstall.sh is still running, uninstall script failed. Please investigate.
when: check_k3s_uninstall.stat.exists when: check_k3s_uninstall.stat.exists

View file

@ -7,12 +7,12 @@
register: k3s_check_newuidmap_installed register: k3s_check_newuidmap_installed
- name: Check if /proc/sys/kernel/unprivileged_userns_clone exists - name: Check if /proc/sys/kernel/unprivileged_userns_clone exists
stat: ansible.builtin.stat:
path: /proc/sys/kernel/unprivileged_userns_clone path: /proc/sys/kernel/unprivileged_userns_clone
register: k3s_check_unprivileged_userns_exists register: k3s_check_unprivileged_userns_exists
- name: Get the value of /proc/sys/kernel/unprivileged_userns_clone - name: Get the value of /proc/sys/kernel/unprivileged_userns_clone
slurp: ansible.builtin.slurp:
src: /proc/sys/kernel/unprivileged_userns_clone src: /proc/sys/kernel/unprivileged_userns_clone
register: k3s_get_unprivileged_userns_clone register: k3s_get_unprivileged_userns_clone
when: k3s_check_unprivileged_userns_exists.stat.exists when: k3s_check_unprivileged_userns_exists.stat.exists
@ -24,17 +24,17 @@
when: not k3s_check_unprivileged_userns_exists.stat.exists when: not k3s_check_unprivileged_userns_exists.stat.exists
- name: Get the value of /proc/sys/user/max_user_namespaces - name: Get the value of /proc/sys/user/max_user_namespaces
slurp: ansible.builtin.slurp:
src: /proc/sys/user/max_user_namespaces src: /proc/sys/user/max_user_namespaces
register: k3s_get_max_user_namespaces register: k3s_get_max_user_namespaces
- name: Get the contents of /etc/subuid - name: Get the contents of /etc/subuid
slurp: ansible.builtin.slurp:
src: /etc/subuid src: /etc/subuid
register: k3s_get_subuid register: k3s_get_subuid
- name: Get the contents of /etc/subgid - name: Get the contents of /etc/subgid
slurp: ansible.builtin.slurp:
src: /etc/subgid src: /etc/subgid
register: k3s_get_subgid register: k3s_get_subgid
@ -46,7 +46,7 @@
| select('search', ansible_user_id) | first | default('UserNotFound:0:0') }}" | select('search', ansible_user_id) | first | default('UserNotFound:0:0') }}"
- name: Check user namespaces kernel parameters are adequate - name: Check user namespaces kernel parameters are adequate
assert: ansible.builtin.assert:
that: that:
- k3s_get_unprivileged_userns_clone['content'] | b64decode | int == 1 - k3s_get_unprivileged_userns_clone['content'] | b64decode | int == 1
- k3s_get_max_user_namespaces['content'] | b64decode | int >= 28633 - k3s_get_max_user_namespaces['content'] | b64decode | int >= 28633

View file

@ -1,14 +1,14 @@
--- ---
- name: "Check that k3s_release_version >= {{ k3s_min_version }}" - name: "Check that k3s_release_version >= {{ k3s_min_version }}"
assert: ansible.builtin.assert:
that: that:
- (k3s_release_version | replace('v', '')) is version_compare(k3s_min_version, '>=') - (k3s_release_version | replace('v', '')) is version_compare(k3s_min_version, '>=')
success_msg: "{{ k3s_release_version }} is supported by this role." success_msg: "{{ k3s_release_version }} is supported by this role."
fail_msg: "{{ k3s_release_version }} is not supported by this role, please use xanmanning.k3s v1.x." fail_msg: "{{ k3s_release_version }} is not supported by this role, please use xanmanning.k3s v1.x."
- name: Check configuration in k3s_server and k3s_agent that needs special configuration - name: Check configuration in k3s_server and k3s_agent that needs special configuration
assert: ansible.builtin.assert:
that: that:
- (item.setting not in k3s_runtime_config) - (item.setting not in k3s_runtime_config)
success_msg: "{{ item.setting }} not found in server/agent config" success_msg: "{{ item.setting }} not found in server/agent config"
@ -16,17 +16,18 @@
loop: "{{ k3s_config_exclude }}" loop: "{{ k3s_config_exclude }}"
- name: Check configuration in k3s_server and k3s_agent for deprecated configuration - name: Check configuration in k3s_server and k3s_agent for deprecated configuration
assert: ansible.builtin.assert:
that: that:
- (item.setting not in k3s_runtime_config) - (item.setting not in k3s_runtime_config)
success_msg: "{{ item.setting }} not found in server/agent config" success_msg: "{{ item.setting }} not found in server/agent config"
fail_msg: "{{ item.setting }} found in server/agent config. Please set {{ item.correction }} to use this option." fail_msg: "{{ item.setting }} found in server/agent config. Please set {{ item.correction }} to use this option."
loop: "{{ k3s_deprecated_config }}" loop: "{{ k3s_deprecated_config }}"
when: item.when is not defined when: (item.when is not defined
or (item.when is defined and (k3s_release_version | replace('v', '')) is version_compare(item.when, '>=')) or (item.when is defined and (k3s_release_version | replace('v', '')) is version_compare(item.when, '>=')))
and not k3s_use_unsupported_config
- name: Check configuration in k3s_server and k3s_agent against release version - name: Check configuration in k3s_server and k3s_agent against release version
assert: ansible.builtin.assert:
that: that:
- (k3s_release_version | replace('v', '')) is version_compare(item.version, '>=') - (k3s_release_version | replace('v', '')) is version_compare(item.version, '>=')
success_msg: "{{ item.setting }} is supported by {{ k3s_release_version }}" success_msg: "{{ item.setting }} is supported by {{ k3s_release_version }}"

View file

@ -1,7 +1,7 @@
--- ---
- name: Check to see if k3s_state is a supported value - name: Check to see if k3s_state is a supported value
assert: ansible.builtin.assert:
that: that:
- k3s_state in k3s_valid_states - k3s_state in k3s_valid_states
fail_msg: "k3s_state not valid. Check README.md for details." fail_msg: "k3s_state not valid. Check README.md for details."

View file

@ -94,6 +94,7 @@ k3s_experimental_config:
- setting: agent-token - setting: agent-token
- setting: agent-token-file - setting: agent-token-file
- setting: cluster-reset - setting: cluster-reset
until: 1.19.5
# Config items that should be marked as deprecated # Config items that should be marked as deprecated
k3s_deprecated_config: k3s_deprecated_config:
@ -104,3 +105,6 @@ k3s_deprecated_config:
correction: token correction: token
- setting: no-deploy - setting: no-deploy
correction: "disable: VALUE" correction: "disable: VALUE"
- setting: docker
correction: "docker: false"
when: 1.20.0