mirror of
https://github.com/PyratLabs/ansible-role-k3s
synced 2025-01-08 10:40:19 +01:00
Set embedded Etcd as stable, deprecate docker
This commit is contained in:
parent
5d3524d729
commit
34e2af3d47
44 changed files with 124 additions and 104 deletions
16
CHANGELOG.md
16
CHANGELOG.md
|
@ -14,6 +14,22 @@
|
||||||
---
|
---
|
||||||
-->
|
-->
|
||||||
|
|
||||||
|
## 2020-12-12, v2.2.0
|
||||||
|
|
||||||
|
### Notable changes
|
||||||
|
|
||||||
|
- Use of FQCNs enforced, minimum Ansible version now v2.10
|
||||||
|
- `k3s_etcd_datastore` no longer experimental after K3s version v1.19.5+k3s1
|
||||||
|
- Docker marked as deprecated for K3s > v1.20.0+k3s1
|
||||||
|
|
||||||
|
### Breaking changes
|
||||||
|
|
||||||
|
- Use of FQCNs enforced, minimum Ansible version now v2.10
|
||||||
|
- Use of Docker requires `k3s_use_unsupported_config` to be `true` after
|
||||||
|
v1.20.0+k3s1
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
## 2020-12-05, v2.1.1
|
## 2020-12-05, v2.1.1
|
||||||
|
|
||||||
### Notable changes
|
### Notable changes
|
||||||
|
|
15
README.md
15
README.md
|
@ -86,7 +86,7 @@ consistency. These are generally cluster-level configuration.
|
||||||
| `k3s_server_manifests_templates` | A list of Auto-Deploying Manifests Templates. | [] |
|
| `k3s_server_manifests_templates` | A list of Auto-Deploying Manifests Templates. | [] |
|
||||||
| `k3s_use_experimental` | Allow the use of experimental features in k3s. | `false` |
|
| `k3s_use_experimental` | Allow the use of experimental features in k3s. | `false` |
|
||||||
| `k3s_use_unsupported_config` | Allow the use of unsupported configurations in k3s. | `false` |
|
| `k3s_use_unsupported_config` | Allow the use of unsupported configurations in k3s. | `false` |
|
||||||
| `k3s_etcd_datastore` | Enable etcd embedded datastore (EXPERIMENTAL, read notes below). | `false` |
|
| `k3s_etcd_datastore` | Enable etcd embedded datastore (read notes below). | `false` |
|
||||||
| `k3s_debug` | Enable debug logging on the k3s service. | `false` |
|
| `k3s_debug` | Enable debug logging on the k3s service. | `false` |
|
||||||
|
|
||||||
### Ansible Controller Configuration Variables
|
### Ansible Controller Configuration Variables
|
||||||
|
@ -269,13 +269,12 @@ with a `datastore-endpoint` defined. As this is not a typically supported
|
||||||
configuration you will need to set `k3s_use_unsupported_config` to `true`.
|
configuration you will need to set `k3s_use_unsupported_config` to `true`.
|
||||||
|
|
||||||
Since K3s v1.19.1 it is possible to use an embedded Etcd as the backend
|
Since K3s v1.19.1 it is possible to use an embedded Etcd as the backend
|
||||||
database, and this is done by setting `k3s_etcd_datastore` to true.
|
database, and this is done by setting `k3s_etcd_datastore` to `true`.
|
||||||
As this is an experimental feature you will also need to set
|
The best practice for Etcd is to define at least 3 members to ensure quorum is
|
||||||
`k3s_use_experimental` to `true`. The best practice for Etcd is to define at
|
established. In addition to this, an odd number of members is recommended to
|
||||||
least 3 members to ensure quorum is established. In addition to this, an odd
|
ensure a majority in the event of a network partition. If you want to use 2
|
||||||
number of members is recommended to ensure a majority in the event of a network
|
members or an even number of members, please set `k3s_use_unsupported_config`
|
||||||
partition. If you want to use 2 members or an even number of members,
|
to `true`.
|
||||||
please set `k3s_use_unsupported_config` to `true`.
|
|
||||||
|
|
||||||
## Dependencies
|
## Dependencies
|
||||||
|
|
||||||
|
|
|
@ -41,7 +41,7 @@ k3s_use_experimental: false
|
||||||
# Allow for unsupported configurations in k3s?
|
# Allow for unsupported configurations in k3s?
|
||||||
k3s_use_unsupported_config: false
|
k3s_use_unsupported_config: false
|
||||||
|
|
||||||
# Enable etcd embedded datastore (EXPERIMENTAL)
|
# Enable etcd embedded datastore
|
||||||
k3s_etcd_datastore: false
|
k3s_etcd_datastore: false
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -92,7 +92,7 @@ Here is our playbook for the k3s cluster (`ha_cluster.yml`):
|
||||||
vars:
|
vars:
|
||||||
k3s_become_for_all: true
|
k3s_become_for_all: true
|
||||||
k3s_etcd_datastore: true
|
k3s_etcd_datastore: true
|
||||||
k3s_use_experimental: true # Note this is required for k3s v1.19.4+k3s1
|
k3s_use_experimental: true # Note this is required for k3s < v1.19.5+k3s1
|
||||||
roles:
|
roles:
|
||||||
- xanmanning.k3s
|
- xanmanning.k3s
|
||||||
```
|
```
|
||||||
|
|
|
@ -1,13 +1,13 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- name: reload systemd
|
- name: reload systemd
|
||||||
systemd:
|
ansible.builtin.systemd:
|
||||||
daemon_reload: true
|
daemon_reload: true
|
||||||
scope: "{{ k3s_systemd_context }}"
|
scope: "{{ k3s_systemd_context }}"
|
||||||
become: "{{ k3s_become_for_systemd | ternary(true, false, k3s_become_for_all) }}"
|
become: "{{ k3s_become_for_systemd | ternary(true, false, k3s_become_for_all) }}"
|
||||||
|
|
||||||
- name: restart k3s
|
- name: restart k3s
|
||||||
systemd:
|
ansible.builtin.systemd:
|
||||||
name: k3s
|
name: k3s
|
||||||
state: restarted
|
state: restarted
|
||||||
scope: "{{ k3s_systemd_context }}"
|
scope: "{{ k3s_systemd_context }}"
|
||||||
|
@ -17,7 +17,7 @@
|
||||||
become: "{{ k3s_become_for_systemd | ternary(true, false, k3s_become_for_all) }}"
|
become: "{{ k3s_become_for_systemd | ternary(true, false, k3s_become_for_all) }}"
|
||||||
|
|
||||||
- name: restart docker
|
- name: restart docker
|
||||||
systemd:
|
ansible.builtin.systemd:
|
||||||
name: docker
|
name: docker
|
||||||
state: restarted
|
state: restarted
|
||||||
enabled: true
|
enabled: true
|
||||||
|
|
|
@ -5,5 +5,5 @@
|
||||||
hosts: all
|
hosts: all
|
||||||
tasks:
|
tasks:
|
||||||
- name: Example assertion
|
- name: Example assertion
|
||||||
assert:
|
ansible.builtin.assert:
|
||||||
that: true
|
that: true
|
||||||
|
|
|
@ -5,5 +5,5 @@
|
||||||
hosts: all
|
hosts: all
|
||||||
tasks:
|
tasks:
|
||||||
- name: Example assertion
|
- name: Example assertion
|
||||||
assert:
|
ansible.builtin.assert:
|
||||||
that: true
|
that: true
|
||||||
|
|
|
@ -4,18 +4,18 @@
|
||||||
become: true
|
become: true
|
||||||
tasks:
|
tasks:
|
||||||
- name: Ensure a user group exists
|
- name: Ensure a user group exists
|
||||||
group:
|
ansible.builtin.group:
|
||||||
name: user
|
name: user
|
||||||
state: present
|
state: present
|
||||||
|
|
||||||
- name: Ensure a normal user exists
|
- name: Ensure a normal user exists
|
||||||
user:
|
ansible.builtin.user:
|
||||||
name: k3suser
|
name: k3suser
|
||||||
group: user
|
group: user
|
||||||
state: present
|
state: present
|
||||||
|
|
||||||
- name: Ensure a normal user has bin directory
|
- name: Ensure a normal user has bin directory
|
||||||
file:
|
ansible.builtin.file:
|
||||||
path: /home/k3suser/bin
|
path: /home/k3suser/bin
|
||||||
state: directory
|
state: directory
|
||||||
owner: k3suser
|
owner: k3suser
|
||||||
|
|
|
@ -3,6 +3,6 @@
|
||||||
hosts: all
|
hosts: all
|
||||||
tasks:
|
tasks:
|
||||||
- name: Ensure apt cache is updated
|
- name: Ensure apt cache is updated
|
||||||
apt:
|
ansible.builtin.apt:
|
||||||
update_cache: true
|
update_cache: true
|
||||||
when: ansible_pkg_mgr == 'apt'
|
when: ansible_pkg_mgr == 'apt'
|
||||||
|
|
|
@ -3,6 +3,6 @@
|
||||||
hosts: all
|
hosts: all
|
||||||
tasks:
|
tasks:
|
||||||
- name: Ensure apt cache is updated
|
- name: Ensure apt cache is updated
|
||||||
apt:
|
ansible.builtin.apt:
|
||||||
update_cache: true
|
update_cache: true
|
||||||
when: ansible_pkg_mgr == 'apt'
|
when: ansible_pkg_mgr == 'apt'
|
||||||
|
|
|
@ -3,23 +3,23 @@
|
||||||
hosts: loadbalancer
|
hosts: loadbalancer
|
||||||
tasks:
|
tasks:
|
||||||
- name: Ensure apt cache is updated
|
- name: Ensure apt cache is updated
|
||||||
apt:
|
ansible.builtin.apt:
|
||||||
update_cache: true
|
update_cache: true
|
||||||
when: ansible_pkg_mgr == 'apt'
|
when: ansible_pkg_mgr == 'apt'
|
||||||
|
|
||||||
- name: Ensure HAProxy is installed
|
- name: Ensure HAProxy is installed
|
||||||
package:
|
ansible.builtin.package:
|
||||||
name: haproxy
|
name: haproxy
|
||||||
state: present
|
state: present
|
||||||
|
|
||||||
- name: Ensure HAProxy config directory exists
|
- name: Ensure HAProxy config directory exists
|
||||||
file:
|
ansible.builtin.file:
|
||||||
path: /usr/local/etc/haproxy
|
path: /usr/local/etc/haproxy
|
||||||
state: directory
|
state: directory
|
||||||
mode: 0755
|
mode: 0755
|
||||||
|
|
||||||
- name: Ensure HAProxy is configured
|
- name: Ensure HAProxy is configured
|
||||||
template:
|
ansible.builtin.template:
|
||||||
src: haproxy-loadbalancer.conf.j2
|
src: haproxy-loadbalancer.conf.j2
|
||||||
dest: /usr/local/etc/haproxy/haproxy.cfg
|
dest: /usr/local/etc/haproxy/haproxy.cfg
|
||||||
mode: 0644
|
mode: 0644
|
||||||
|
|
|
@ -3,23 +3,23 @@
|
||||||
hosts: loadbalancer
|
hosts: loadbalancer
|
||||||
tasks:
|
tasks:
|
||||||
- name: Ensure apt cache is updated
|
- name: Ensure apt cache is updated
|
||||||
apt:
|
ansible.builtin.apt:
|
||||||
update_cache: true
|
update_cache: true
|
||||||
when: ansible_pkg_mgr == 'apt'
|
when: ansible_pkg_mgr == 'apt'
|
||||||
|
|
||||||
- name: Ensure HAProxy is installed
|
- name: Ensure HAProxy is installed
|
||||||
package:
|
ansible.builtin.package:
|
||||||
name: haproxy
|
name: haproxy
|
||||||
state: present
|
state: present
|
||||||
|
|
||||||
- name: Ensure HAProxy config directory exists
|
- name: Ensure HAProxy config directory exists
|
||||||
file:
|
ansible.builtin.file:
|
||||||
path: /usr/local/etc/haproxy
|
path: /usr/local/etc/haproxy
|
||||||
state: directory
|
state: directory
|
||||||
mode: 0755
|
mode: 0755
|
||||||
|
|
||||||
- name: Ensure HAProxy is configured
|
- name: Ensure HAProxy is configured
|
||||||
template:
|
ansible.builtin.template:
|
||||||
src: haproxy-loadbalancer.conf.j2
|
src: haproxy-loadbalancer.conf.j2
|
||||||
dest: /usr/local/etc/haproxy/haproxy.cfg
|
dest: /usr/local/etc/haproxy/haproxy.cfg
|
||||||
mode: 0644
|
mode: 0644
|
||||||
|
|
|
@ -5,5 +5,5 @@
|
||||||
hosts: all
|
hosts: all
|
||||||
tasks:
|
tasks:
|
||||||
- name: Example assertion
|
- name: Example assertion
|
||||||
assert:
|
ansible.builtin.assert:
|
||||||
that: true
|
that: true
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- name: Ensure NODE_TOKEN is captured from control node
|
- name: Ensure NODE_TOKEN is captured from control node
|
||||||
slurp:
|
ansible.builtin.slurp:
|
||||||
path: "{{ k3s_runtime_config['data-dir'] | default ('/var/lib/rancher/k3s') }}/server/node-token"
|
path: "{{ k3s_runtime_config['data-dir'] | default ('/var/lib/rancher/k3s') }}/server/node-token"
|
||||||
register: k3s_slurped_control_token
|
register: k3s_slurped_control_token
|
||||||
delegate_to: "{{ k3s_control_delegate }}"
|
delegate_to: "{{ k3s_control_delegate }}"
|
||||||
|
@ -20,14 +20,14 @@
|
||||||
when: k3s_control_token is not defined and ansible_check_mode
|
when: k3s_control_token is not defined and ansible_check_mode
|
||||||
|
|
||||||
- name: Ensure the cluster NODE_TOKEN file location exists
|
- name: Ensure the cluster NODE_TOKEN file location exists
|
||||||
file:
|
ansible.builtin.file:
|
||||||
path: "{{ k3s_token_location | dirname }}"
|
path: "{{ k3s_token_location | dirname }}"
|
||||||
state: directory
|
state: directory
|
||||||
mode: 0755
|
mode: 0755
|
||||||
become: "{{ k3s_become_for_systemd | ternary(true, false, k3s_become_for_all) }}"
|
become: "{{ k3s_become_for_systemd | ternary(true, false, k3s_become_for_all) }}"
|
||||||
|
|
||||||
- name: Ensure k3s cluster token file is present on workers and secondary control nodes
|
- name: Ensure k3s cluster token file is present on workers and secondary control nodes
|
||||||
template:
|
ansible.builtin.template:
|
||||||
src: cluster-token.j2
|
src: cluster-token.j2
|
||||||
dest: "{{ k3s_token_location }}"
|
dest: "{{ k3s_token_location }}"
|
||||||
mode: 0600
|
mode: 0600
|
||||||
|
@ -38,7 +38,7 @@
|
||||||
- restart k3s
|
- restart k3s
|
||||||
|
|
||||||
- name: Ensure k3s service unit file is present
|
- name: Ensure k3s service unit file is present
|
||||||
template:
|
ansible.builtin.template:
|
||||||
src: k3s.service.j2
|
src: k3s.service.j2
|
||||||
dest: "{{ k3s_systemd_unit_dir }}/k3s.service"
|
dest: "{{ k3s_systemd_unit_dir }}/k3s.service"
|
||||||
mode: 0644
|
mode: 0644
|
||||||
|
@ -48,7 +48,7 @@
|
||||||
- restart k3s
|
- restart k3s
|
||||||
|
|
||||||
- name: Ensure k3s config file exists
|
- name: Ensure k3s config file exists
|
||||||
template:
|
ansible.builtin.template:
|
||||||
src: config.yaml.j2
|
src: config.yaml.j2
|
||||||
dest: "{{ k3s_config_file }}"
|
dest: "{{ k3s_config_file }}"
|
||||||
mode: 0644
|
mode: 0644
|
||||||
|
@ -58,7 +58,7 @@
|
||||||
become: "{{ k3s_become_for_install_dir | ternary(true, false, k3s_become_for_all) }}"
|
become: "{{ k3s_become_for_install_dir | ternary(true, false, k3s_become_for_all) }}"
|
||||||
|
|
||||||
- name: Ensure secondary controllers are started
|
- name: Ensure secondary controllers are started
|
||||||
service:
|
ansible.builtin.systemd:
|
||||||
name: k3s
|
name: k3s
|
||||||
state: started
|
state: started
|
||||||
enabled: true
|
enabled: true
|
||||||
|
|
|
@ -21,7 +21,7 @@
|
||||||
check_mode: false
|
check_mode: false
|
||||||
|
|
||||||
- name: Ensure the k3s hashsum is downloaded
|
- name: Ensure the k3s hashsum is downloaded
|
||||||
uri:
|
ansible.builtin.uri:
|
||||||
url: "{{ k3s_hash_url }}"
|
url: "{{ k3s_hash_url }}"
|
||||||
return_content: true
|
return_content: true
|
||||||
register: k3s_hash_sum_raw
|
register: k3s_hash_sum_raw
|
||||||
|
@ -37,13 +37,13 @@
|
||||||
check_mode: false
|
check_mode: false
|
||||||
|
|
||||||
- name: Ensure installation directory exists
|
- name: Ensure installation directory exists
|
||||||
file:
|
ansible.builtin.file:
|
||||||
path: "{{ k3s_install_dir }}"
|
path: "{{ k3s_install_dir }}"
|
||||||
state: directory
|
state: directory
|
||||||
mode: 0755
|
mode: 0755
|
||||||
|
|
||||||
- name: Ensure k3s binary is downloaded
|
- name: Ensure k3s binary is downloaded
|
||||||
get_url:
|
ansible.builtin.get_url:
|
||||||
url: "{{ k3s_binary_url }}"
|
url: "{{ k3s_binary_url }}"
|
||||||
dest: "{{ k3s_install_dir }}/k3s-{{ k3s_release_version }}"
|
dest: "{{ k3s_install_dir }}/k3s-{{ k3s_release_version }}"
|
||||||
checksum: "sha256:{{ k3s_hash_sum }}"
|
checksum: "sha256:{{ k3s_hash_sum }}"
|
||||||
|
|
|
@ -12,7 +12,7 @@
|
||||||
check_mode: false
|
check_mode: false
|
||||||
|
|
||||||
- name: Get the latest release version from k3s.io
|
- name: Get the latest release version from k3s.io
|
||||||
uri:
|
ansible.builtin.uri:
|
||||||
url: "{{ k3s_api_releases }}"
|
url: "{{ k3s_api_releases }}"
|
||||||
return_content: true
|
return_content: true
|
||||||
body_format: json
|
body_format: json
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- name: Ensure docker is installed using Pacman
|
- name: Ensure docker is installed using Pacman
|
||||||
pacman:
|
community.general.pacman:
|
||||||
name: docker
|
name: docker
|
||||||
state: present
|
state: present
|
||||||
register: ensure_docker_prerequisites_installed
|
register: ensure_docker_prerequisites_installed
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- name: Ensure docker is installed using Zypper
|
- name: Ensure docker is installed using Zypper
|
||||||
zypper:
|
community.general.zypper:
|
||||||
name: docker
|
name: docker
|
||||||
state: present
|
state: present
|
||||||
register: ensure_docker_prerequisites_installed
|
register: ensure_docker_prerequisites_installed
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- name: Ensure Docker prerequisites are installed
|
- name: Ensure Docker prerequisites are installed
|
||||||
apt:
|
ansible.builtin.apt:
|
||||||
name:
|
name:
|
||||||
- apt-transport-https
|
- apt-transport-https
|
||||||
- ca-certificates
|
- ca-certificates
|
||||||
|
@ -16,13 +16,13 @@
|
||||||
become: "{{ k3s_become_for_package_install | ternary(true, false, k3s_become_for_all) }}"
|
become: "{{ k3s_become_for_package_install | ternary(true, false, k3s_become_for_all) }}"
|
||||||
|
|
||||||
- name: Ensure Docker APT key is present
|
- name: Ensure Docker APT key is present
|
||||||
apt_key:
|
ansible.builtin.apt_key:
|
||||||
url: https://download.docker.com/linux/{{ ansible_distribution | lower }}/gpg
|
url: https://download.docker.com/linux/{{ ansible_distribution | lower }}/gpg
|
||||||
state: present
|
state: present
|
||||||
become: "{{ k3s_become_for_package_install | ternary(true, false, k3s_become_for_all) }}"
|
become: "{{ k3s_become_for_package_install | ternary(true, false, k3s_become_for_all) }}"
|
||||||
|
|
||||||
- name: Ensure Docker repository is installed and configured
|
- name: Ensure Docker repository is installed and configured
|
||||||
apt_repository:
|
ansible.builtin.apt_repository:
|
||||||
filename: docker-ce
|
filename: docker-ce
|
||||||
repo: "deb https://download.docker.com/linux/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} stable"
|
repo: "deb https://download.docker.com/linux/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} stable"
|
||||||
update_cache: true
|
update_cache: true
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- name: Ensure python-dnf is installed
|
- name: Ensure python-dnf is installed
|
||||||
package:
|
ansible.builtin.package:
|
||||||
name: "{{ 'python-dnf' if ansible_python_version is version_compare('3.0.0', '<') else 'python3-dnf' }}"
|
name: "{{ 'python-dnf' if ansible_python_version is version_compare('3.0.0', '<') else 'python3-dnf' }}"
|
||||||
state: present
|
state: present
|
||||||
register: ensure_python_dnf_installed
|
register: ensure_python_dnf_installed
|
||||||
|
@ -12,7 +12,7 @@
|
||||||
when: ansible_pkg_mgr == 'dnf'
|
when: ansible_pkg_mgr == 'dnf'
|
||||||
|
|
||||||
- name: Ensure Docker prerequisites are installed
|
- name: Ensure Docker prerequisites are installed
|
||||||
yum:
|
ansible.builtin.yum:
|
||||||
name:
|
name:
|
||||||
- yum-utils
|
- yum-utils
|
||||||
- device-mapper-persistent-data
|
- device-mapper-persistent-data
|
||||||
|
@ -25,14 +25,14 @@
|
||||||
become: "{{ k3s_become_for_package_install | ternary(true, false, k3s_become_for_all) }}"
|
become: "{{ k3s_become_for_package_install | ternary(true, false, k3s_become_for_all) }}"
|
||||||
|
|
||||||
- name: Check to see if Docker repository is available for this distribution
|
- name: Check to see if Docker repository is available for this distribution
|
||||||
uri:
|
ansible.builtin.uri:
|
||||||
url: "https://download.docker.com/linux/{{ ansible_distribution | lower }}/{{ ansible_distribution_major_version }}"
|
url: "https://download.docker.com/linux/{{ ansible_distribution | lower }}/{{ ansible_distribution_major_version }}"
|
||||||
register: k3s_redhat_repo_check
|
register: k3s_redhat_repo_check
|
||||||
failed_when: false
|
failed_when: false
|
||||||
changed_when: false
|
changed_when: false
|
||||||
|
|
||||||
- name: Ensure Docker repository is installed and configured
|
- name: Ensure Docker repository is installed and configured
|
||||||
yum_repository:
|
ansible.builtin.yum_repository:
|
||||||
name: docker-ce
|
name: docker-ce
|
||||||
description: Docker CE Repository
|
description: Docker CE Repository
|
||||||
baseurl: https://download.docker.com/linux/{{ ansible_distribution | lower }}/{{ ansible_distribution_major_version }}/$basearch/stable
|
baseurl: https://download.docker.com/linux/{{ ansible_distribution | lower }}/{{ ansible_distribution_major_version }}/$basearch/stable
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- name: Ensure docker is installed using Zypper
|
- name: Ensure docker is installed using Zypper
|
||||||
zypper:
|
community.general.zypper:
|
||||||
name: docker
|
name: docker
|
||||||
state: present
|
state: present
|
||||||
register: ensure_docker_prerequisites_installed
|
register: ensure_docker_prerequisites_installed
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- name: Ensure docker is installed
|
- name: Ensure docker is installed
|
||||||
package:
|
ansible.builtin.package:
|
||||||
name:
|
name:
|
||||||
- docker-ce
|
- docker-ce
|
||||||
- docker-ce-cli
|
- docker-ce-cli
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- name: Ensure k3s is linked into the installation destination
|
- name: Ensure k3s is linked into the installation destination
|
||||||
file:
|
ansible.builtin.file:
|
||||||
src: "{{ k3s_install_dir }}/k3s-{{ k3s_release_version }}"
|
src: "{{ k3s_install_dir }}/k3s-{{ k3s_release_version }}"
|
||||||
dest: "{{ k3s_install_dir }}/{{ item }}"
|
dest: "{{ k3s_install_dir }}/{{ item }}"
|
||||||
state: "{{ 'hard' if k3s_install_hard_links else 'link' }}"
|
state: "{{ 'hard' if k3s_install_hard_links else 'link' }}"
|
||||||
|
@ -18,7 +18,7 @@
|
||||||
become: "{{ k3s_become_for_install_dir | ternary(true, false, k3s_become_for_all) }}"
|
become: "{{ k3s_become_for_install_dir | ternary(true, false, k3s_become_for_all) }}"
|
||||||
|
|
||||||
- name: Ensure k3s config file exists
|
- name: Ensure k3s config file exists
|
||||||
template:
|
ansible.builtin.template:
|
||||||
src: config.yaml.j2
|
src: config.yaml.j2
|
||||||
dest: "{{ k3s_config_file }}"
|
dest: "{{ k3s_config_file }}"
|
||||||
mode: 0644
|
mode: 0644
|
||||||
|
@ -28,7 +28,7 @@
|
||||||
become: "{{ k3s_become_for_install_dir | ternary(true, false, k3s_become_for_all) }}"
|
become: "{{ k3s_become_for_install_dir | ternary(true, false, k3s_become_for_all) }}"
|
||||||
|
|
||||||
- name: Ensure k3s service unit file is present
|
- name: Ensure k3s service unit file is present
|
||||||
template:
|
ansible.builtin.template:
|
||||||
src: k3s.service.j2
|
src: k3s.service.j2
|
||||||
dest: "{{ k3s_systemd_unit_dir }}/k3s.service"
|
dest: "{{ k3s_systemd_unit_dir }}/k3s.service"
|
||||||
mode: 0644
|
mode: 0644
|
||||||
|
@ -38,7 +38,7 @@
|
||||||
become: "{{ k3s_become_for_systemd | ternary(true, false, k3s_become_for_all) }}"
|
become: "{{ k3s_become_for_systemd | ternary(true, false, k3s_become_for_all) }}"
|
||||||
|
|
||||||
- name: Ensure k3s killall script is present
|
- name: Ensure k3s killall script is present
|
||||||
template:
|
ansible.builtin.template:
|
||||||
src: k3s-killall.sh.j2
|
src: k3s-killall.sh.j2
|
||||||
dest: "/usr/local/bin/k3s-killall.sh"
|
dest: "/usr/local/bin/k3s-killall.sh"
|
||||||
mode: 0700
|
mode: 0700
|
||||||
|
@ -48,7 +48,7 @@
|
||||||
or not k3s_runtime_config.rootless)
|
or not k3s_runtime_config.rootless)
|
||||||
|
|
||||||
- name: Ensure k3s uninstall script is present
|
- name: Ensure k3s uninstall script is present
|
||||||
template:
|
ansible.builtin.template:
|
||||||
src: k3s-uninstall.sh.j2
|
src: k3s-uninstall.sh.j2
|
||||||
dest: "/usr/local/bin/k3s-uninstall.sh"
|
dest: "/usr/local/bin/k3s-uninstall.sh"
|
||||||
mode: 0700
|
mode: 0700
|
||||||
|
|
|
@ -1,21 +1,21 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- name: Ensure config directory exists
|
- name: Ensure config directory exists
|
||||||
file:
|
ansible.builtin.file:
|
||||||
path: "{{ k3s_config_file | dirname }}"
|
path: "{{ k3s_config_file | dirname }}"
|
||||||
state: directory
|
state: directory
|
||||||
mode: 0755
|
mode: 0755
|
||||||
become: "{{ k3s_become_for_install_dir | ternary(true, false, k3s_become_for_all) }}"
|
become: "{{ k3s_become_for_install_dir | ternary(true, false, k3s_become_for_all) }}"
|
||||||
|
|
||||||
- name: Ensure systemd unit file directory exists
|
- name: Ensure systemd unit file directory exists
|
||||||
file:
|
ansible.builtin.file:
|
||||||
path: "{{ k3s_systemd_unit_dir }}"
|
path: "{{ k3s_systemd_unit_dir }}"
|
||||||
state: directory
|
state: directory
|
||||||
mode: 0755
|
mode: 0755
|
||||||
become: "{{ k3s_become_for_systemd | ternary(true, false, k3s_become_for_all) }}"
|
become: "{{ k3s_become_for_systemd | ternary(true, false, k3s_become_for_all) }}"
|
||||||
|
|
||||||
- name: Ensure data directory exists when not using the default
|
- name: Ensure data directory exists when not using the default
|
||||||
file:
|
ansible.builtin.file:
|
||||||
path: "{{ k3s_runtime_config['data-dir'] | default('/var/lib/rancher/k3s') }}"
|
path: "{{ k3s_runtime_config['data-dir'] | default('/var/lib/rancher/k3s') }}"
|
||||||
state: directory
|
state: directory
|
||||||
mode: 0755
|
mode: 0755
|
||||||
|
@ -34,7 +34,7 @@
|
||||||
when: k3s_build_cluster
|
when: k3s_build_cluster
|
||||||
|
|
||||||
- name: Ensure k3s control plane is started
|
- name: Ensure k3s control plane is started
|
||||||
systemd:
|
ansible.builtin.systemd:
|
||||||
name: k3s
|
name: k3s
|
||||||
state: started
|
state: started
|
||||||
enabled: true
|
enabled: true
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- name: Ensure that the manifests directory exists
|
- name: Ensure that the manifests directory exists
|
||||||
file:
|
ansible.builtin.file:
|
||||||
state: directory
|
state: directory
|
||||||
path: "{{ k3s_server_manifests_dir }}"
|
path: "{{ k3s_server_manifests_dir }}"
|
||||||
mode: 0755
|
mode: 0755
|
||||||
|
@ -9,7 +9,7 @@
|
||||||
|
|
||||||
# https://rancher.com/docs/k3s/latest/en/advanced/#auto-deploying-manifests
|
# https://rancher.com/docs/k3s/latest/en/advanced/#auto-deploying-manifests
|
||||||
- name: Ensure Auto-Deploying Manifests are copied to controllers
|
- name: Ensure Auto-Deploying Manifests are copied to controllers
|
||||||
template:
|
ansible.builtin.template:
|
||||||
src: "{{ item }}"
|
src: "{{ item }}"
|
||||||
dest: "{{ k3s_server_manifests_dir }}/{{ item | basename | replace('.j2','') }}"
|
dest: "{{ k3s_server_manifests_dir }}/{{ item | basename | replace('.j2','') }}"
|
||||||
mode: 0644
|
mode: 0644
|
||||||
|
|
|
@ -41,7 +41,7 @@
|
||||||
and k3s_build_cluster is defined and k3s_build_cluster
|
and k3s_build_cluster is defined and k3s_build_cluster
|
||||||
|
|
||||||
- name: Ensure ansible_host is mapped to inventory_hostname
|
- name: Ensure ansible_host is mapped to inventory_hostname
|
||||||
lineinfile:
|
ansible.builtin.lineinfile:
|
||||||
path: /tmp/inventory.txt
|
path: /tmp/inventory.txt
|
||||||
line: >-
|
line: >-
|
||||||
{{ item }}
|
{{ item }}
|
||||||
|
|
|
@ -1,14 +1,14 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- name: Ensure k3s service is started
|
- name: Ensure k3s service is started
|
||||||
systemd:
|
ansible.builtin.systemd:
|
||||||
name: k3s
|
name: k3s
|
||||||
state: started
|
state: started
|
||||||
enabled: true
|
enabled: true
|
||||||
when: k3s_non_root is not defined or not k3s_non_root
|
when: k3s_non_root is not defined or not k3s_non_root
|
||||||
|
|
||||||
- name: Ensure k3s service is started
|
- name: Ensure k3s service is started
|
||||||
systemd:
|
ansible.builtin.systemd:
|
||||||
name: k3s
|
name: k3s
|
||||||
state: started
|
state: started
|
||||||
enabled: true
|
enabled: true
|
||||||
|
|
|
@ -1,14 +1,14 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- name: Ensure k3s service is stopped
|
- name: Ensure k3s service is stopped
|
||||||
systemd:
|
ansible.builtin.systemd:
|
||||||
name: k3s
|
name: k3s
|
||||||
state: stopped
|
state: stopped
|
||||||
enabled: false
|
enabled: false
|
||||||
when: k3s_non_root is not defined or not k3s_non_root
|
when: k3s_non_root is not defined or not k3s_non_root
|
||||||
|
|
||||||
- name: Ensure k3s service is started
|
- name: Ensure k3s service is started
|
||||||
systemd:
|
ansible.builtin.systemd:
|
||||||
name: k3s
|
name: k3s
|
||||||
state: stopped
|
state: stopped
|
||||||
enabled: false
|
enabled: false
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- name: Check if kubectl exists
|
- name: Check if kubectl exists
|
||||||
stat:
|
ansible.builtin.stat:
|
||||||
path: "{{ k3s_install_dir }}/kubectl"
|
path: "{{ k3s_install_dir }}/kubectl"
|
||||||
register: k3s_check_kubectl
|
register: k3s_check_kubectl
|
||||||
become: "{{ k3s_become_for_kubectl | ternary(true, false, k3s_become_for_all) }}"
|
become: "{{ k3s_become_for_kubectl | ternary(true, false, k3s_become_for_all) }}"
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- name: Ensure docker is uninstalled using Pacman
|
- name: Ensure docker is uninstalled using Pacman
|
||||||
pacman:
|
community.general.pacman:
|
||||||
name: docker
|
name: docker
|
||||||
state: absent
|
state: absent
|
||||||
register: ensure_docker_uninstalled
|
register: ensure_docker_uninstalled
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- name: Ensure docker is installed using Zypper
|
- name: Ensure docker is installed using Zypper
|
||||||
zypper:
|
community.general.zypper:
|
||||||
name: docker
|
name: docker
|
||||||
state: absent
|
state: absent
|
||||||
register: ensure_docker_uninstalled
|
register: ensure_docker_uninstalled
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- name: Ensure Docker repository is uninstalled
|
- name: Ensure Docker repository is uninstalled
|
||||||
apt_repository:
|
ansible.builtin.apt_repository:
|
||||||
filename: docker-ce
|
filename: docker-ce
|
||||||
repo: "deb https://download.docker.com/linux/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} stable"
|
repo: "deb https://download.docker.com/linux/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} stable"
|
||||||
update_cache: false
|
update_cache: false
|
||||||
|
@ -9,7 +9,7 @@
|
||||||
become: "{{ k3s_become_for_uninstall | ternary(true, false, k3s_become_for_all) }}"
|
become: "{{ k3s_become_for_uninstall | ternary(true, false, k3s_become_for_all) }}"
|
||||||
|
|
||||||
- name: Ensure Docker APT key is uninstalled
|
- name: Ensure Docker APT key is uninstalled
|
||||||
apt_key:
|
ansible.builtin.apt_key:
|
||||||
url: https://download.docker.com/linux/{{ ansible_distribution | lower }}/gpg
|
url: https://download.docker.com/linux/{{ ansible_distribution | lower }}/gpg
|
||||||
state: absent
|
state: absent
|
||||||
become: "{{ k3s_become_for_uninstall | ternary(true, false, k3s_become_for_all) }}"
|
become: "{{ k3s_become_for_uninstall | ternary(true, false, k3s_become_for_all) }}"
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- name: Ensure Docker repository is removed
|
- name: Ensure Docker repository is removed
|
||||||
yum_repository:
|
ansible.builtin.yum_repository:
|
||||||
name: docker-ce
|
name: docker-ce
|
||||||
description: Docker CE Repository
|
description: Docker CE Repository
|
||||||
baseurl: https://download.docker.com/linux/{{ ansible_distribution | lower }}/{{ ansible_distribution_major_version }}/$basearch/stable
|
baseurl: https://download.docker.com/linux/{{ ansible_distribution | lower }}/{{ ansible_distribution_major_version }}/$basearch/stable
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- name: Ensure docker is uninstalled using Zypper
|
- name: Ensure docker is uninstalled using Zypper
|
||||||
zypper:
|
community.general.zypper:
|
||||||
name: docker
|
name: docker
|
||||||
state: absent
|
state: absent
|
||||||
register: ensure_docker_uninstalled
|
register: ensure_docker_uninstalled
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- name: Ensure docker is uninstalled
|
- name: Ensure docker is uninstalled
|
||||||
package:
|
ansible.builtin.package:
|
||||||
name:
|
name:
|
||||||
- docker-ce
|
- docker-ce
|
||||||
- docker-ce-cli
|
- docker-ce-cli
|
||||||
|
|
|
@ -1,12 +1,12 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- name: Check to see if k3s-killall.sh exits
|
- name: Check to see if k3s-killall.sh exits
|
||||||
stat:
|
ansible.builtin.stat:
|
||||||
path: /usr/local/bin/k3s-killall.sh
|
path: /usr/local/bin/k3s-killall.sh
|
||||||
register: check_k3s_killall_script
|
register: check_k3s_killall_script
|
||||||
|
|
||||||
- name: Check to see if k3s-uninstall.sh exits
|
- name: Check to see if k3s-uninstall.sh exits
|
||||||
stat:
|
ansible.builtin.stat:
|
||||||
path: /usr/local/bin/k3s-uninstall.sh
|
path: /usr/local/bin/k3s-uninstall.sh
|
||||||
register: check_k3s_uninstall_script
|
register: check_k3s_uninstall_script
|
||||||
|
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- name: Check the conditions when a single controller is defined
|
- name: Check the conditions when a single controller is defined
|
||||||
assert:
|
ansible.builtin.assert:
|
||||||
that:
|
that:
|
||||||
- (k3s_controller_count | length == 1)
|
- (k3s_controller_count | length == 1)
|
||||||
and ("datastore-endpoint" not in k3s_runtime_config or not k3s_runtime_config['datastore-endpoint'])
|
and ("datastore-endpoint" not in k3s_runtime_config or not k3s_runtime_config['datastore-endpoint'])
|
||||||
|
@ -13,7 +13,7 @@
|
||||||
and k3s_control_node
|
and k3s_control_node
|
||||||
|
|
||||||
- name: Check the conditions when multiple controllers are defined
|
- name: Check the conditions when multiple controllers are defined
|
||||||
assert:
|
ansible.builtin.assert:
|
||||||
that:
|
that:
|
||||||
- (k3s_controller_count | length >= 2)
|
- (k3s_controller_count | length >= 2)
|
||||||
and (("datastore-endpoint" in k3s_runtime_config and k3s_runtime_config['datastore-endpoint'])
|
and (("datastore-endpoint" in k3s_runtime_config and k3s_runtime_config['datastore-endpoint'])
|
||||||
|
@ -24,7 +24,7 @@
|
||||||
and k3s_control_node
|
and k3s_control_node
|
||||||
|
|
||||||
- name: Check the conditions when embedded etcd is defined
|
- name: Check the conditions when embedded etcd is defined
|
||||||
assert:
|
ansible.builtin.assert:
|
||||||
that:
|
that:
|
||||||
- (k3s_controller_count | length >= 3)
|
- (k3s_controller_count | length >= 3)
|
||||||
and (((k3s_controller_count | length) % 2) == 1)
|
and (((k3s_controller_count | length) % 2) == 1)
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- name: Check that the control plane to is available to accept connections
|
- name: Check that the control plane to is available to accept connections
|
||||||
wait_for:
|
ansible.builtin.wait_for:
|
||||||
port: "{{ k3s_runtime_config['https-listen-port'] | default('6443') }}"
|
port: "{{ k3s_runtime_config['https-listen-port'] | default('6443') }}"
|
||||||
host: "{{ k3s_runtime_config['bind-address'] | default('127.0.0.1') }}"
|
host: "{{ k3s_runtime_config['bind-address'] | default('127.0.0.1') }}"
|
||||||
delay: 5
|
delay: 5
|
||||||
|
|
|
@ -1,16 +1,16 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- name: Check if any experimental variables are configure and if they are enabled with k3s_use_experimental
|
- name: Check if any experimental variables are configure and if they are enabled with k3s_use_experimental
|
||||||
assert:
|
ansible.builtin.assert:
|
||||||
that:
|
that:
|
||||||
- k3s_use_experimental is defined and k3s_use_experimental
|
- k3s_use_experimental is defined and k3s_use_experimental
|
||||||
success_msg: "Experimental variables are defined and enabled."
|
success_msg: "Experimental variables are defined and enabled."
|
||||||
fail_msg: "Experimental variables have been configured. If you want to use them ensure you set k3s_use_experimental"
|
fail_msg: "Experimental variable k3s_etcd_datastore has been configured. If you want to use this ensure you set k3s_use_experimental"
|
||||||
loop: "{{ k3s_experimental_config }}"
|
|
||||||
when: k3s_etcd_datastore is defined and k3s_etcd_datastore
|
when: k3s_etcd_datastore is defined and k3s_etcd_datastore
|
||||||
|
and (k3s_release_version | replace('v', '')) is version_compare("1.19.5", '<')
|
||||||
|
|
||||||
- name: Check if any experimental variables are configure and if they are enabled with k3s_use_experimental
|
- name: Check if any experimental variables are configure and if they are enabled with k3s_use_experimental
|
||||||
assert:
|
ansible.builtin.assert:
|
||||||
that:
|
that:
|
||||||
- k3s_use_experimental is defined and k3s_use_experimental
|
- k3s_use_experimental is defined and k3s_use_experimental
|
||||||
success_msg: "Experimental variables are defined and enabled."
|
success_msg: "Experimental variables are defined and enabled."
|
||||||
|
|
|
@ -7,7 +7,7 @@
|
||||||
register: check_k3s_process
|
register: check_k3s_process
|
||||||
|
|
||||||
- name: Fail if k3s is still running
|
- name: Fail if k3s is still running
|
||||||
fail:
|
ansible.builtin.fail:
|
||||||
msg: k3s is still running, uninstall script failed. Please investigate.
|
msg: k3s is still running, uninstall script failed. Please investigate.
|
||||||
when: check_k3s_process.rc == 0
|
when: check_k3s_process.rc == 0
|
||||||
|
|
||||||
|
@ -19,12 +19,12 @@
|
||||||
when: ("docker" in k3s_runtime_config and k3s_runtime_config.docker)
|
when: ("docker" in k3s_runtime_config and k3s_runtime_config.docker)
|
||||||
|
|
||||||
- name: Fail if docker is still running
|
- name: Fail if docker is still running
|
||||||
fail:
|
ansible.builtin.fail:
|
||||||
msg: docker is still running, uninstall script failed. Please investigate.
|
msg: docker is still running, uninstall script failed. Please investigate.
|
||||||
when: ("docker" in k3s_runtime_config and k3s_runtime_config.docker)
|
when: ("docker" in k3s_runtime_config and k3s_runtime_config.docker)
|
||||||
|
|
||||||
- name: Fail if k3s binaries have not been removed
|
- name: Fail if k3s binaries have not been removed
|
||||||
stat:
|
ansible.builtin.stat:
|
||||||
path: "{{ k3s_install_dir }}/{{ item }}"
|
path: "{{ k3s_install_dir }}/{{ item }}"
|
||||||
register: check_k3s_binaries_removed
|
register: check_k3s_binaries_removed
|
||||||
failed_when: check_k3s_binaries_removed.stat.exists
|
failed_when: check_k3s_binaries_removed.stat.exists
|
||||||
|
@ -35,21 +35,21 @@
|
||||||
- ctr
|
- ctr
|
||||||
|
|
||||||
- name: Check k3s-killall.sh is removed
|
- name: Check k3s-killall.sh is removed
|
||||||
stat:
|
ansible.builtin.stat:
|
||||||
path: /usr/local/bin/k3s-killall.sh
|
path: /usr/local/bin/k3s-killall.sh
|
||||||
register: check_k3s_killall
|
register: check_k3s_killall
|
||||||
|
|
||||||
- name: Fail if k3s-killall.sh script still exists
|
- name: Fail if k3s-killall.sh script still exists
|
||||||
fail:
|
ansible.builtin.fail:
|
||||||
msg: k3s-killall.sh is still running, uninstall script failed. Please investigate.
|
msg: k3s-killall.sh is still running, uninstall script failed. Please investigate.
|
||||||
when: check_k3s_killall.stat.exists
|
when: check_k3s_killall.stat.exists
|
||||||
|
|
||||||
- name: Check k3s-uninstall.sh is removed
|
- name: Check k3s-uninstall.sh is removed
|
||||||
stat:
|
ansible.builtin.stat:
|
||||||
path: /usr/local/bin/k3s-uninstall.sh
|
path: /usr/local/bin/k3s-uninstall.sh
|
||||||
register: check_k3s_uninstall
|
register: check_k3s_uninstall
|
||||||
|
|
||||||
- name: Fail if k3s-uninstall.sh script still exists
|
- name: Fail if k3s-uninstall.sh script still exists
|
||||||
fail:
|
ansible.builtin.fail:
|
||||||
msg: k3s-uninstall.sh is still running, uninstall script failed. Please investigate.
|
msg: k3s-uninstall.sh is still running, uninstall script failed. Please investigate.
|
||||||
when: check_k3s_uninstall.stat.exists
|
when: check_k3s_uninstall.stat.exists
|
||||||
|
|
|
@ -7,12 +7,12 @@
|
||||||
register: k3s_check_newuidmap_installed
|
register: k3s_check_newuidmap_installed
|
||||||
|
|
||||||
- name: Check if /proc/sys/kernel/unprivileged_userns_clone exists
|
- name: Check if /proc/sys/kernel/unprivileged_userns_clone exists
|
||||||
stat:
|
ansible.builtin.stat:
|
||||||
path: /proc/sys/kernel/unprivileged_userns_clone
|
path: /proc/sys/kernel/unprivileged_userns_clone
|
||||||
register: k3s_check_unprivileged_userns_exists
|
register: k3s_check_unprivileged_userns_exists
|
||||||
|
|
||||||
- name: Get the value of /proc/sys/kernel/unprivileged_userns_clone
|
- name: Get the value of /proc/sys/kernel/unprivileged_userns_clone
|
||||||
slurp:
|
ansible.builtin.slurp:
|
||||||
src: /proc/sys/kernel/unprivileged_userns_clone
|
src: /proc/sys/kernel/unprivileged_userns_clone
|
||||||
register: k3s_get_unprivileged_userns_clone
|
register: k3s_get_unprivileged_userns_clone
|
||||||
when: k3s_check_unprivileged_userns_exists.stat.exists
|
when: k3s_check_unprivileged_userns_exists.stat.exists
|
||||||
|
@ -24,17 +24,17 @@
|
||||||
when: not k3s_check_unprivileged_userns_exists.stat.exists
|
when: not k3s_check_unprivileged_userns_exists.stat.exists
|
||||||
|
|
||||||
- name: Get the value of /proc/sys/user/max_user_namespaces
|
- name: Get the value of /proc/sys/user/max_user_namespaces
|
||||||
slurp:
|
ansible.builtin.slurp:
|
||||||
src: /proc/sys/user/max_user_namespaces
|
src: /proc/sys/user/max_user_namespaces
|
||||||
register: k3s_get_max_user_namespaces
|
register: k3s_get_max_user_namespaces
|
||||||
|
|
||||||
- name: Get the contents of /etc/subuid
|
- name: Get the contents of /etc/subuid
|
||||||
slurp:
|
ansible.builtin.slurp:
|
||||||
src: /etc/subuid
|
src: /etc/subuid
|
||||||
register: k3s_get_subuid
|
register: k3s_get_subuid
|
||||||
|
|
||||||
- name: Get the contents of /etc/subgid
|
- name: Get the contents of /etc/subgid
|
||||||
slurp:
|
ansible.builtin.slurp:
|
||||||
src: /etc/subgid
|
src: /etc/subgid
|
||||||
register: k3s_get_subgid
|
register: k3s_get_subgid
|
||||||
|
|
||||||
|
@ -46,7 +46,7 @@
|
||||||
| select('search', ansible_user_id) | first | default('UserNotFound:0:0') }}"
|
| select('search', ansible_user_id) | first | default('UserNotFound:0:0') }}"
|
||||||
|
|
||||||
- name: Check user namespaces kernel parameters are adequate
|
- name: Check user namespaces kernel parameters are adequate
|
||||||
assert:
|
ansible.builtin.assert:
|
||||||
that:
|
that:
|
||||||
- k3s_get_unprivileged_userns_clone['content'] | b64decode | int == 1
|
- k3s_get_unprivileged_userns_clone['content'] | b64decode | int == 1
|
||||||
- k3s_get_max_user_namespaces['content'] | b64decode | int >= 28633
|
- k3s_get_max_user_namespaces['content'] | b64decode | int >= 28633
|
||||||
|
|
|
@ -1,14 +1,14 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- name: "Check that k3s_release_version >= {{ k3s_min_version }}"
|
- name: "Check that k3s_release_version >= {{ k3s_min_version }}"
|
||||||
assert:
|
ansible.builtin.assert:
|
||||||
that:
|
that:
|
||||||
- (k3s_release_version | replace('v', '')) is version_compare(k3s_min_version, '>=')
|
- (k3s_release_version | replace('v', '')) is version_compare(k3s_min_version, '>=')
|
||||||
success_msg: "{{ k3s_release_version }} is supported by this role."
|
success_msg: "{{ k3s_release_version }} is supported by this role."
|
||||||
fail_msg: "{{ k3s_release_version }} is not supported by this role, please use xanmanning.k3s v1.x."
|
fail_msg: "{{ k3s_release_version }} is not supported by this role, please use xanmanning.k3s v1.x."
|
||||||
|
|
||||||
- name: Check configuration in k3s_server and k3s_agent that needs special configuration
|
- name: Check configuration in k3s_server and k3s_agent that needs special configuration
|
||||||
assert:
|
ansible.builtin.assert:
|
||||||
that:
|
that:
|
||||||
- (item.setting not in k3s_runtime_config)
|
- (item.setting not in k3s_runtime_config)
|
||||||
success_msg: "{{ item.setting }} not found in server/agent config"
|
success_msg: "{{ item.setting }} not found in server/agent config"
|
||||||
|
@ -16,17 +16,18 @@
|
||||||
loop: "{{ k3s_config_exclude }}"
|
loop: "{{ k3s_config_exclude }}"
|
||||||
|
|
||||||
- name: Check configuration in k3s_server and k3s_agent for deprecated configuration
|
- name: Check configuration in k3s_server and k3s_agent for deprecated configuration
|
||||||
assert:
|
ansible.builtin.assert:
|
||||||
that:
|
that:
|
||||||
- (item.setting not in k3s_runtime_config)
|
- (item.setting not in k3s_runtime_config)
|
||||||
success_msg: "{{ item.setting }} not found in server/agent config"
|
success_msg: "{{ item.setting }} not found in server/agent config"
|
||||||
fail_msg: "{{ item.setting }} found in server/agent config. Please set {{ item.correction }} to use this option."
|
fail_msg: "{{ item.setting }} found in server/agent config. Please set {{ item.correction }} to use this option."
|
||||||
loop: "{{ k3s_deprecated_config }}"
|
loop: "{{ k3s_deprecated_config }}"
|
||||||
when: item.when is not defined
|
when: (item.when is not defined
|
||||||
or (item.when is defined and (k3s_release_version | replace('v', '')) is version_compare(item.when, '>='))
|
or (item.when is defined and (k3s_release_version | replace('v', '')) is version_compare(item.when, '>=')))
|
||||||
|
and not k3s_use_unsupported_config
|
||||||
|
|
||||||
- name: Check configuration in k3s_server and k3s_agent against release version
|
- name: Check configuration in k3s_server and k3s_agent against release version
|
||||||
assert:
|
ansible.builtin.assert:
|
||||||
that:
|
that:
|
||||||
- (k3s_release_version | replace('v', '')) is version_compare(item.version, '>=')
|
- (k3s_release_version | replace('v', '')) is version_compare(item.version, '>=')
|
||||||
success_msg: "{{ item.setting }} is supported by {{ k3s_release_version }}"
|
success_msg: "{{ item.setting }} is supported by {{ k3s_release_version }}"
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- name: Check to see if k3s_state is a supported value
|
- name: Check to see if k3s_state is a supported value
|
||||||
assert:
|
ansible.builtin.assert:
|
||||||
that:
|
that:
|
||||||
- k3s_state in k3s_valid_states
|
- k3s_state in k3s_valid_states
|
||||||
fail_msg: "k3s_state not valid. Check README.md for details."
|
fail_msg: "k3s_state not valid. Check README.md for details."
|
||||||
|
|
|
@ -94,6 +94,7 @@ k3s_experimental_config:
|
||||||
- setting: agent-token
|
- setting: agent-token
|
||||||
- setting: agent-token-file
|
- setting: agent-token-file
|
||||||
- setting: cluster-reset
|
- setting: cluster-reset
|
||||||
|
until: 1.19.5
|
||||||
|
|
||||||
# Config items that should be marked as deprecated
|
# Config items that should be marked as deprecated
|
||||||
k3s_deprecated_config:
|
k3s_deprecated_config:
|
||||||
|
@ -104,3 +105,6 @@ k3s_deprecated_config:
|
||||||
correction: token
|
correction: token
|
||||||
- setting: no-deploy
|
- setting: no-deploy
|
||||||
correction: "disable: VALUE"
|
correction: "disable: VALUE"
|
||||||
|
- setting: docker
|
||||||
|
correction: "docker: false"
|
||||||
|
when: 1.20.0
|
||||||
|
|
Loading…
Reference in a new issue