mirror of
https://github.com/PyratLabs/ansible-role-k3s
synced 2025-01-07 10:10:19 +01:00
Set embedded Etcd as stable, deprecate docker
This commit is contained in:
parent
5d3524d729
commit
34e2af3d47
44 changed files with 124 additions and 104 deletions
16
CHANGELOG.md
16
CHANGELOG.md
|
@ -14,6 +14,22 @@
|
|||
---
|
||||
-->
|
||||
|
||||
## 2020-12-12, v2.2.0
|
||||
|
||||
### Notable changes
|
||||
|
||||
- Use of FQCNs enforced, minimum Ansible version now v2.10
|
||||
- `k3s_etcd_datastore` no longer experimental after K3s version v1.19.5+k3s1
|
||||
- Docker marked as deprecated for K3s > v1.20.0+k3s1
|
||||
|
||||
### Breaking changes
|
||||
|
||||
- Use of FQCNs enforced, minimum Ansible version now v2.10
|
||||
- Use of Docker requires `k3s_use_unsupported_config` to be `true` after
|
||||
v1.20.0+k3s1
|
||||
|
||||
---
|
||||
|
||||
## 2020-12-05, v2.1.1
|
||||
|
||||
### Notable changes
|
||||
|
|
15
README.md
15
README.md
|
@ -86,7 +86,7 @@ consistency. These are generally cluster-level configuration.
|
|||
| `k3s_server_manifests_templates` | A list of Auto-Deploying Manifests Templates. | [] |
|
||||
| `k3s_use_experimental` | Allow the use of experimental features in k3s. | `false` |
|
||||
| `k3s_use_unsupported_config` | Allow the use of unsupported configurations in k3s. | `false` |
|
||||
| `k3s_etcd_datastore` | Enable etcd embedded datastore (EXPERIMENTAL, read notes below). | `false` |
|
||||
| `k3s_etcd_datastore` | Enable etcd embedded datastore (read notes below). | `false` |
|
||||
| `k3s_debug` | Enable debug logging on the k3s service. | `false` |
|
||||
|
||||
### Ansible Controller Configuration Variables
|
||||
|
@ -269,13 +269,12 @@ with a `datastore-endpoint` defined. As this is not a typically supported
|
|||
configuration you will need to set `k3s_use_unsupported_config` to `true`.
|
||||
|
||||
Since K3s v1.19.1 it is possible to use an embedded Etcd as the backend
|
||||
database, and this is done by setting `k3s_etcd_datastore` to true.
|
||||
As this is an experimental feature you will also need to set
|
||||
`k3s_use_experimental` to `true`. The best practice for Etcd is to define at
|
||||
least 3 members to ensure quorum is established. In addition to this, an odd
|
||||
number of members is recommended to ensure a majority in the event of a network
|
||||
partition. If you want to use 2 members or an even number of members,
|
||||
please set `k3s_use_unsupported_config` to `true`.
|
||||
database, and this is done by setting `k3s_etcd_datastore` to `true`.
|
||||
The best practice for Etcd is to define at least 3 members to ensure quorum is
|
||||
established. In addition to this, an odd number of members is recommended to
|
||||
ensure a majority in the event of a network partition. If you want to use 2
|
||||
members or an even number of members, please set `k3s_use_unsupported_config`
|
||||
to `true`.
|
||||
|
||||
## Dependencies
|
||||
|
||||
|
|
|
@ -41,7 +41,7 @@ k3s_use_experimental: false
|
|||
# Allow for unsupported configurations in k3s?
|
||||
k3s_use_unsupported_config: false
|
||||
|
||||
# Enable etcd embedded datastore (EXPERIMENTAL)
|
||||
# Enable etcd embedded datastore
|
||||
k3s_etcd_datastore: false
|
||||
|
||||
|
||||
|
|
|
@ -92,7 +92,7 @@ Here is our playbook for the k3s cluster (`ha_cluster.yml`):
|
|||
vars:
|
||||
k3s_become_for_all: true
|
||||
k3s_etcd_datastore: true
|
||||
k3s_use_experimental: true # Note this is required for k3s v1.19.4+k3s1
|
||||
k3s_use_experimental: true # Note this is required for k3s < v1.19.5+k3s1
|
||||
roles:
|
||||
- xanmanning.k3s
|
||||
```
|
||||
|
|
|
@ -1,13 +1,13 @@
|
|||
---
|
||||
|
||||
- name: reload systemd
|
||||
systemd:
|
||||
ansible.builtin.systemd:
|
||||
daemon_reload: true
|
||||
scope: "{{ k3s_systemd_context }}"
|
||||
become: "{{ k3s_become_for_systemd | ternary(true, false, k3s_become_for_all) }}"
|
||||
|
||||
- name: restart k3s
|
||||
systemd:
|
||||
ansible.builtin.systemd:
|
||||
name: k3s
|
||||
state: restarted
|
||||
scope: "{{ k3s_systemd_context }}"
|
||||
|
@ -17,7 +17,7 @@
|
|||
become: "{{ k3s_become_for_systemd | ternary(true, false, k3s_become_for_all) }}"
|
||||
|
||||
- name: restart docker
|
||||
systemd:
|
||||
ansible.builtin.systemd:
|
||||
name: docker
|
||||
state: restarted
|
||||
enabled: true
|
||||
|
|
|
@ -5,5 +5,5 @@
|
|||
hosts: all
|
||||
tasks:
|
||||
- name: Example assertion
|
||||
assert:
|
||||
ansible.builtin.assert:
|
||||
that: true
|
||||
|
|
|
@ -5,5 +5,5 @@
|
|||
hosts: all
|
||||
tasks:
|
||||
- name: Example assertion
|
||||
assert:
|
||||
ansible.builtin.assert:
|
||||
that: true
|
||||
|
|
|
@ -4,18 +4,18 @@
|
|||
become: true
|
||||
tasks:
|
||||
- name: Ensure a user group exists
|
||||
group:
|
||||
ansible.builtin.group:
|
||||
name: user
|
||||
state: present
|
||||
|
||||
- name: Ensure a normal user exists
|
||||
user:
|
||||
ansible.builtin.user:
|
||||
name: k3suser
|
||||
group: user
|
||||
state: present
|
||||
|
||||
- name: Ensure a normal user has bin directory
|
||||
file:
|
||||
ansible.builtin.file:
|
||||
path: /home/k3suser/bin
|
||||
state: directory
|
||||
owner: k3suser
|
||||
|
|
|
@ -3,6 +3,6 @@
|
|||
hosts: all
|
||||
tasks:
|
||||
- name: Ensure apt cache is updated
|
||||
apt:
|
||||
ansible.builtin.apt:
|
||||
update_cache: true
|
||||
when: ansible_pkg_mgr == 'apt'
|
||||
|
|
|
@ -3,6 +3,6 @@
|
|||
hosts: all
|
||||
tasks:
|
||||
- name: Ensure apt cache is updated
|
||||
apt:
|
||||
ansible.builtin.apt:
|
||||
update_cache: true
|
||||
when: ansible_pkg_mgr == 'apt'
|
||||
|
|
|
@ -3,23 +3,23 @@
|
|||
hosts: loadbalancer
|
||||
tasks:
|
||||
- name: Ensure apt cache is updated
|
||||
apt:
|
||||
ansible.builtin.apt:
|
||||
update_cache: true
|
||||
when: ansible_pkg_mgr == 'apt'
|
||||
|
||||
- name: Ensure HAProxy is installed
|
||||
package:
|
||||
ansible.builtin.package:
|
||||
name: haproxy
|
||||
state: present
|
||||
|
||||
- name: Ensure HAProxy config directory exists
|
||||
file:
|
||||
ansible.builtin.file:
|
||||
path: /usr/local/etc/haproxy
|
||||
state: directory
|
||||
mode: 0755
|
||||
|
||||
- name: Ensure HAProxy is configured
|
||||
template:
|
||||
ansible.builtin.template:
|
||||
src: haproxy-loadbalancer.conf.j2
|
||||
dest: /usr/local/etc/haproxy/haproxy.cfg
|
||||
mode: 0644
|
||||
|
|
|
@ -3,23 +3,23 @@
|
|||
hosts: loadbalancer
|
||||
tasks:
|
||||
- name: Ensure apt cache is updated
|
||||
apt:
|
||||
ansible.builtin.apt:
|
||||
update_cache: true
|
||||
when: ansible_pkg_mgr == 'apt'
|
||||
|
||||
- name: Ensure HAProxy is installed
|
||||
package:
|
||||
ansible.builtin.package:
|
||||
name: haproxy
|
||||
state: present
|
||||
|
||||
- name: Ensure HAProxy config directory exists
|
||||
file:
|
||||
ansible.builtin.file:
|
||||
path: /usr/local/etc/haproxy
|
||||
state: directory
|
||||
mode: 0755
|
||||
|
||||
- name: Ensure HAProxy is configured
|
||||
template:
|
||||
ansible.builtin.template:
|
||||
src: haproxy-loadbalancer.conf.j2
|
||||
dest: /usr/local/etc/haproxy/haproxy.cfg
|
||||
mode: 0644
|
||||
|
|
|
@ -5,5 +5,5 @@
|
|||
hosts: all
|
||||
tasks:
|
||||
- name: Example assertion
|
||||
assert:
|
||||
ansible.builtin.assert:
|
||||
that: true
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
---
|
||||
|
||||
- name: Ensure NODE_TOKEN is captured from control node
|
||||
slurp:
|
||||
ansible.builtin.slurp:
|
||||
path: "{{ k3s_runtime_config['data-dir'] | default ('/var/lib/rancher/k3s') }}/server/node-token"
|
||||
register: k3s_slurped_control_token
|
||||
delegate_to: "{{ k3s_control_delegate }}"
|
||||
|
@ -20,14 +20,14 @@
|
|||
when: k3s_control_token is not defined and ansible_check_mode
|
||||
|
||||
- name: Ensure the cluster NODE_TOKEN file location exists
|
||||
file:
|
||||
ansible.builtin.file:
|
||||
path: "{{ k3s_token_location | dirname }}"
|
||||
state: directory
|
||||
mode: 0755
|
||||
become: "{{ k3s_become_for_systemd | ternary(true, false, k3s_become_for_all) }}"
|
||||
|
||||
- name: Ensure k3s cluster token file is present on workers and secondary control nodes
|
||||
template:
|
||||
ansible.builtin.template:
|
||||
src: cluster-token.j2
|
||||
dest: "{{ k3s_token_location }}"
|
||||
mode: 0600
|
||||
|
@ -38,7 +38,7 @@
|
|||
- restart k3s
|
||||
|
||||
- name: Ensure k3s service unit file is present
|
||||
template:
|
||||
ansible.builtin.template:
|
||||
src: k3s.service.j2
|
||||
dest: "{{ k3s_systemd_unit_dir }}/k3s.service"
|
||||
mode: 0644
|
||||
|
@ -48,7 +48,7 @@
|
|||
- restart k3s
|
||||
|
||||
- name: Ensure k3s config file exists
|
||||
template:
|
||||
ansible.builtin.template:
|
||||
src: config.yaml.j2
|
||||
dest: "{{ k3s_config_file }}"
|
||||
mode: 0644
|
||||
|
@ -58,7 +58,7 @@
|
|||
become: "{{ k3s_become_for_install_dir | ternary(true, false, k3s_become_for_all) }}"
|
||||
|
||||
- name: Ensure secondary controllers are started
|
||||
service:
|
||||
ansible.builtin.systemd:
|
||||
name: k3s
|
||||
state: started
|
||||
enabled: true
|
||||
|
|
|
@ -21,7 +21,7 @@
|
|||
check_mode: false
|
||||
|
||||
- name: Ensure the k3s hashsum is downloaded
|
||||
uri:
|
||||
ansible.builtin.uri:
|
||||
url: "{{ k3s_hash_url }}"
|
||||
return_content: true
|
||||
register: k3s_hash_sum_raw
|
||||
|
@ -37,13 +37,13 @@
|
|||
check_mode: false
|
||||
|
||||
- name: Ensure installation directory exists
|
||||
file:
|
||||
ansible.builtin.file:
|
||||
path: "{{ k3s_install_dir }}"
|
||||
state: directory
|
||||
mode: 0755
|
||||
|
||||
- name: Ensure k3s binary is downloaded
|
||||
get_url:
|
||||
ansible.builtin.get_url:
|
||||
url: "{{ k3s_binary_url }}"
|
||||
dest: "{{ k3s_install_dir }}/k3s-{{ k3s_release_version }}"
|
||||
checksum: "sha256:{{ k3s_hash_sum }}"
|
||||
|
|
|
@ -12,7 +12,7 @@
|
|||
check_mode: false
|
||||
|
||||
- name: Get the latest release version from k3s.io
|
||||
uri:
|
||||
ansible.builtin.uri:
|
||||
url: "{{ k3s_api_releases }}"
|
||||
return_content: true
|
||||
body_format: json
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
---
|
||||
|
||||
- name: Ensure docker is installed using Pacman
|
||||
pacman:
|
||||
community.general.pacman:
|
||||
name: docker
|
||||
state: present
|
||||
register: ensure_docker_prerequisites_installed
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
---
|
||||
|
||||
- name: Ensure docker is installed using Zypper
|
||||
zypper:
|
||||
community.general.zypper:
|
||||
name: docker
|
||||
state: present
|
||||
register: ensure_docker_prerequisites_installed
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
---
|
||||
|
||||
- name: Ensure Docker prerequisites are installed
|
||||
apt:
|
||||
ansible.builtin.apt:
|
||||
name:
|
||||
- apt-transport-https
|
||||
- ca-certificates
|
||||
|
@ -16,13 +16,13 @@
|
|||
become: "{{ k3s_become_for_package_install | ternary(true, false, k3s_become_for_all) }}"
|
||||
|
||||
- name: Ensure Docker APT key is present
|
||||
apt_key:
|
||||
ansible.builtin.apt_key:
|
||||
url: https://download.docker.com/linux/{{ ansible_distribution | lower }}/gpg
|
||||
state: present
|
||||
become: "{{ k3s_become_for_package_install | ternary(true, false, k3s_become_for_all) }}"
|
||||
|
||||
- name: Ensure Docker repository is installed and configured
|
||||
apt_repository:
|
||||
ansible.builtin.apt_repository:
|
||||
filename: docker-ce
|
||||
repo: "deb https://download.docker.com/linux/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} stable"
|
||||
update_cache: true
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
---
|
||||
|
||||
- name: Ensure python-dnf is installed
|
||||
package:
|
||||
ansible.builtin.package:
|
||||
name: "{{ 'python-dnf' if ansible_python_version is version_compare('3.0.0', '<') else 'python3-dnf' }}"
|
||||
state: present
|
||||
register: ensure_python_dnf_installed
|
||||
|
@ -12,7 +12,7 @@
|
|||
when: ansible_pkg_mgr == 'dnf'
|
||||
|
||||
- name: Ensure Docker prerequisites are installed
|
||||
yum:
|
||||
ansible.builtin.yum:
|
||||
name:
|
||||
- yum-utils
|
||||
- device-mapper-persistent-data
|
||||
|
@ -25,14 +25,14 @@
|
|||
become: "{{ k3s_become_for_package_install | ternary(true, false, k3s_become_for_all) }}"
|
||||
|
||||
- name: Check to see if Docker repository is available for this distribution
|
||||
uri:
|
||||
ansible.builtin.uri:
|
||||
url: "https://download.docker.com/linux/{{ ansible_distribution | lower }}/{{ ansible_distribution_major_version }}"
|
||||
register: k3s_redhat_repo_check
|
||||
failed_when: false
|
||||
changed_when: false
|
||||
|
||||
- name: Ensure Docker repository is installed and configured
|
||||
yum_repository:
|
||||
ansible.builtin.yum_repository:
|
||||
name: docker-ce
|
||||
description: Docker CE Repository
|
||||
baseurl: https://download.docker.com/linux/{{ ansible_distribution | lower }}/{{ ansible_distribution_major_version }}/$basearch/stable
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
---
|
||||
|
||||
- name: Ensure docker is installed using Zypper
|
||||
zypper:
|
||||
community.general.zypper:
|
||||
name: docker
|
||||
state: present
|
||||
register: ensure_docker_prerequisites_installed
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
---
|
||||
|
||||
- name: Ensure docker is installed
|
||||
package:
|
||||
ansible.builtin.package:
|
||||
name:
|
||||
- docker-ce
|
||||
- docker-ce-cli
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
---
|
||||
|
||||
- name: Ensure k3s is linked into the installation destination
|
||||
file:
|
||||
ansible.builtin.file:
|
||||
src: "{{ k3s_install_dir }}/k3s-{{ k3s_release_version }}"
|
||||
dest: "{{ k3s_install_dir }}/{{ item }}"
|
||||
state: "{{ 'hard' if k3s_install_hard_links else 'link' }}"
|
||||
|
@ -18,7 +18,7 @@
|
|||
become: "{{ k3s_become_for_install_dir | ternary(true, false, k3s_become_for_all) }}"
|
||||
|
||||
- name: Ensure k3s config file exists
|
||||
template:
|
||||
ansible.builtin.template:
|
||||
src: config.yaml.j2
|
||||
dest: "{{ k3s_config_file }}"
|
||||
mode: 0644
|
||||
|
@ -28,7 +28,7 @@
|
|||
become: "{{ k3s_become_for_install_dir | ternary(true, false, k3s_become_for_all) }}"
|
||||
|
||||
- name: Ensure k3s service unit file is present
|
||||
template:
|
||||
ansible.builtin.template:
|
||||
src: k3s.service.j2
|
||||
dest: "{{ k3s_systemd_unit_dir }}/k3s.service"
|
||||
mode: 0644
|
||||
|
@ -38,7 +38,7 @@
|
|||
become: "{{ k3s_become_for_systemd | ternary(true, false, k3s_become_for_all) }}"
|
||||
|
||||
- name: Ensure k3s killall script is present
|
||||
template:
|
||||
ansible.builtin.template:
|
||||
src: k3s-killall.sh.j2
|
||||
dest: "/usr/local/bin/k3s-killall.sh"
|
||||
mode: 0700
|
||||
|
@ -48,7 +48,7 @@
|
|||
or not k3s_runtime_config.rootless)
|
||||
|
||||
- name: Ensure k3s uninstall script is present
|
||||
template:
|
||||
ansible.builtin.template:
|
||||
src: k3s-uninstall.sh.j2
|
||||
dest: "/usr/local/bin/k3s-uninstall.sh"
|
||||
mode: 0700
|
||||
|
|
|
@ -1,21 +1,21 @@
|
|||
---
|
||||
|
||||
- name: Ensure config directory exists
|
||||
file:
|
||||
ansible.builtin.file:
|
||||
path: "{{ k3s_config_file | dirname }}"
|
||||
state: directory
|
||||
mode: 0755
|
||||
become: "{{ k3s_become_for_install_dir | ternary(true, false, k3s_become_for_all) }}"
|
||||
|
||||
- name: Ensure systemd unit file directory exists
|
||||
file:
|
||||
ansible.builtin.file:
|
||||
path: "{{ k3s_systemd_unit_dir }}"
|
||||
state: directory
|
||||
mode: 0755
|
||||
become: "{{ k3s_become_for_systemd | ternary(true, false, k3s_become_for_all) }}"
|
||||
|
||||
- name: Ensure data directory exists when not using the default
|
||||
file:
|
||||
ansible.builtin.file:
|
||||
path: "{{ k3s_runtime_config['data-dir'] | default('/var/lib/rancher/k3s') }}"
|
||||
state: directory
|
||||
mode: 0755
|
||||
|
@ -34,7 +34,7 @@
|
|||
when: k3s_build_cluster
|
||||
|
||||
- name: Ensure k3s control plane is started
|
||||
systemd:
|
||||
ansible.builtin.systemd:
|
||||
name: k3s
|
||||
state: started
|
||||
enabled: true
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
---
|
||||
|
||||
- name: Ensure that the manifests directory exists
|
||||
file:
|
||||
ansible.builtin.file:
|
||||
state: directory
|
||||
path: "{{ k3s_server_manifests_dir }}"
|
||||
mode: 0755
|
||||
|
@ -9,7 +9,7 @@
|
|||
|
||||
# https://rancher.com/docs/k3s/latest/en/advanced/#auto-deploying-manifests
|
||||
- name: Ensure Auto-Deploying Manifests are copied to controllers
|
||||
template:
|
||||
ansible.builtin.template:
|
||||
src: "{{ item }}"
|
||||
dest: "{{ k3s_server_manifests_dir }}/{{ item | basename | replace('.j2','') }}"
|
||||
mode: 0644
|
||||
|
|
|
@ -41,7 +41,7 @@
|
|||
and k3s_build_cluster is defined and k3s_build_cluster
|
||||
|
||||
- name: Ensure ansible_host is mapped to inventory_hostname
|
||||
lineinfile:
|
||||
ansible.builtin.lineinfile:
|
||||
path: /tmp/inventory.txt
|
||||
line: >-
|
||||
{{ item }}
|
||||
|
|
|
@ -1,14 +1,14 @@
|
|||
---
|
||||
|
||||
- name: Ensure k3s service is started
|
||||
systemd:
|
||||
ansible.builtin.systemd:
|
||||
name: k3s
|
||||
state: started
|
||||
enabled: true
|
||||
when: k3s_non_root is not defined or not k3s_non_root
|
||||
|
||||
- name: Ensure k3s service is started
|
||||
systemd:
|
||||
ansible.builtin.systemd:
|
||||
name: k3s
|
||||
state: started
|
||||
enabled: true
|
||||
|
|
|
@ -1,14 +1,14 @@
|
|||
---
|
||||
|
||||
- name: Ensure k3s service is stopped
|
||||
systemd:
|
||||
ansible.builtin.systemd:
|
||||
name: k3s
|
||||
state: stopped
|
||||
enabled: false
|
||||
when: k3s_non_root is not defined or not k3s_non_root
|
||||
|
||||
- name: Ensure k3s service is started
|
||||
systemd:
|
||||
ansible.builtin.systemd:
|
||||
name: k3s
|
||||
state: stopped
|
||||
enabled: false
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
---
|
||||
|
||||
- name: Check if kubectl exists
|
||||
stat:
|
||||
ansible.builtin.stat:
|
||||
path: "{{ k3s_install_dir }}/kubectl"
|
||||
register: k3s_check_kubectl
|
||||
become: "{{ k3s_become_for_kubectl | ternary(true, false, k3s_become_for_all) }}"
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
---
|
||||
|
||||
- name: Ensure docker is uninstalled using Pacman
|
||||
pacman:
|
||||
community.general.pacman:
|
||||
name: docker
|
||||
state: absent
|
||||
register: ensure_docker_uninstalled
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
---
|
||||
|
||||
- name: Ensure docker is installed using Zypper
|
||||
zypper:
|
||||
community.general.zypper:
|
||||
name: docker
|
||||
state: absent
|
||||
register: ensure_docker_uninstalled
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
---
|
||||
|
||||
- name: Ensure Docker repository is uninstalled
|
||||
apt_repository:
|
||||
ansible.builtin.apt_repository:
|
||||
filename: docker-ce
|
||||
repo: "deb https://download.docker.com/linux/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} stable"
|
||||
update_cache: false
|
||||
|
@ -9,7 +9,7 @@
|
|||
become: "{{ k3s_become_for_uninstall | ternary(true, false, k3s_become_for_all) }}"
|
||||
|
||||
- name: Ensure Docker APT key is uninstalled
|
||||
apt_key:
|
||||
ansible.builtin.apt_key:
|
||||
url: https://download.docker.com/linux/{{ ansible_distribution | lower }}/gpg
|
||||
state: absent
|
||||
become: "{{ k3s_become_for_uninstall | ternary(true, false, k3s_become_for_all) }}"
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
---
|
||||
|
||||
- name: Ensure Docker repository is removed
|
||||
yum_repository:
|
||||
ansible.builtin.yum_repository:
|
||||
name: docker-ce
|
||||
description: Docker CE Repository
|
||||
baseurl: https://download.docker.com/linux/{{ ansible_distribution | lower }}/{{ ansible_distribution_major_version }}/$basearch/stable
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
---
|
||||
|
||||
- name: Ensure docker is uninstalled using Zypper
|
||||
zypper:
|
||||
community.general.zypper:
|
||||
name: docker
|
||||
state: absent
|
||||
register: ensure_docker_uninstalled
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
---
|
||||
|
||||
- name: Ensure docker is uninstalled
|
||||
package:
|
||||
ansible.builtin.package:
|
||||
name:
|
||||
- docker-ce
|
||||
- docker-ce-cli
|
||||
|
|
|
@ -1,12 +1,12 @@
|
|||
---
|
||||
|
||||
- name: Check to see if k3s-killall.sh exits
|
||||
stat:
|
||||
ansible.builtin.stat:
|
||||
path: /usr/local/bin/k3s-killall.sh
|
||||
register: check_k3s_killall_script
|
||||
|
||||
- name: Check to see if k3s-uninstall.sh exits
|
||||
stat:
|
||||
ansible.builtin.stat:
|
||||
path: /usr/local/bin/k3s-uninstall.sh
|
||||
register: check_k3s_uninstall_script
|
||||
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
---
|
||||
|
||||
- name: Check the conditions when a single controller is defined
|
||||
assert:
|
||||
ansible.builtin.assert:
|
||||
that:
|
||||
- (k3s_controller_count | length == 1)
|
||||
and ("datastore-endpoint" not in k3s_runtime_config or not k3s_runtime_config['datastore-endpoint'])
|
||||
|
@ -13,7 +13,7 @@
|
|||
and k3s_control_node
|
||||
|
||||
- name: Check the conditions when multiple controllers are defined
|
||||
assert:
|
||||
ansible.builtin.assert:
|
||||
that:
|
||||
- (k3s_controller_count | length >= 2)
|
||||
and (("datastore-endpoint" in k3s_runtime_config and k3s_runtime_config['datastore-endpoint'])
|
||||
|
@ -24,7 +24,7 @@
|
|||
and k3s_control_node
|
||||
|
||||
- name: Check the conditions when embedded etcd is defined
|
||||
assert:
|
||||
ansible.builtin.assert:
|
||||
that:
|
||||
- (k3s_controller_count | length >= 3)
|
||||
and (((k3s_controller_count | length) % 2) == 1)
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
---
|
||||
|
||||
- name: Check that the control plane to is available to accept connections
|
||||
wait_for:
|
||||
ansible.builtin.wait_for:
|
||||
port: "{{ k3s_runtime_config['https-listen-port'] | default('6443') }}"
|
||||
host: "{{ k3s_runtime_config['bind-address'] | default('127.0.0.1') }}"
|
||||
delay: 5
|
||||
|
|
|
@ -1,16 +1,16 @@
|
|||
---
|
||||
|
||||
- name: Check if any experimental variables are configure and if they are enabled with k3s_use_experimental
|
||||
assert:
|
||||
ansible.builtin.assert:
|
||||
that:
|
||||
- k3s_use_experimental is defined and k3s_use_experimental
|
||||
success_msg: "Experimental variables are defined and enabled."
|
||||
fail_msg: "Experimental variables have been configured. If you want to use them ensure you set k3s_use_experimental"
|
||||
loop: "{{ k3s_experimental_config }}"
|
||||
fail_msg: "Experimental variable k3s_etcd_datastore has been configured. If you want to use this ensure you set k3s_use_experimental"
|
||||
when: k3s_etcd_datastore is defined and k3s_etcd_datastore
|
||||
and (k3s_release_version | replace('v', '')) is version_compare("1.19.5", '<')
|
||||
|
||||
- name: Check if any experimental variables are configure and if they are enabled with k3s_use_experimental
|
||||
assert:
|
||||
ansible.builtin.assert:
|
||||
that:
|
||||
- k3s_use_experimental is defined and k3s_use_experimental
|
||||
success_msg: "Experimental variables are defined and enabled."
|
||||
|
|
|
@ -7,7 +7,7 @@
|
|||
register: check_k3s_process
|
||||
|
||||
- name: Fail if k3s is still running
|
||||
fail:
|
||||
ansible.builtin.fail:
|
||||
msg: k3s is still running, uninstall script failed. Please investigate.
|
||||
when: check_k3s_process.rc == 0
|
||||
|
||||
|
@ -19,12 +19,12 @@
|
|||
when: ("docker" in k3s_runtime_config and k3s_runtime_config.docker)
|
||||
|
||||
- name: Fail if docker is still running
|
||||
fail:
|
||||
ansible.builtin.fail:
|
||||
msg: docker is still running, uninstall script failed. Please investigate.
|
||||
when: ("docker" in k3s_runtime_config and k3s_runtime_config.docker)
|
||||
|
||||
- name: Fail if k3s binaries have not been removed
|
||||
stat:
|
||||
ansible.builtin.stat:
|
||||
path: "{{ k3s_install_dir }}/{{ item }}"
|
||||
register: check_k3s_binaries_removed
|
||||
failed_when: check_k3s_binaries_removed.stat.exists
|
||||
|
@ -35,21 +35,21 @@
|
|||
- ctr
|
||||
|
||||
- name: Check k3s-killall.sh is removed
|
||||
stat:
|
||||
ansible.builtin.stat:
|
||||
path: /usr/local/bin/k3s-killall.sh
|
||||
register: check_k3s_killall
|
||||
|
||||
- name: Fail if k3s-killall.sh script still exists
|
||||
fail:
|
||||
ansible.builtin.fail:
|
||||
msg: k3s-killall.sh is still running, uninstall script failed. Please investigate.
|
||||
when: check_k3s_killall.stat.exists
|
||||
|
||||
- name: Check k3s-uninstall.sh is removed
|
||||
stat:
|
||||
ansible.builtin.stat:
|
||||
path: /usr/local/bin/k3s-uninstall.sh
|
||||
register: check_k3s_uninstall
|
||||
|
||||
- name: Fail if k3s-uninstall.sh script still exists
|
||||
fail:
|
||||
ansible.builtin.fail:
|
||||
msg: k3s-uninstall.sh is still running, uninstall script failed. Please investigate.
|
||||
when: check_k3s_uninstall.stat.exists
|
||||
|
|
|
@ -7,12 +7,12 @@
|
|||
register: k3s_check_newuidmap_installed
|
||||
|
||||
- name: Check if /proc/sys/kernel/unprivileged_userns_clone exists
|
||||
stat:
|
||||
ansible.builtin.stat:
|
||||
path: /proc/sys/kernel/unprivileged_userns_clone
|
||||
register: k3s_check_unprivileged_userns_exists
|
||||
|
||||
- name: Get the value of /proc/sys/kernel/unprivileged_userns_clone
|
||||
slurp:
|
||||
ansible.builtin.slurp:
|
||||
src: /proc/sys/kernel/unprivileged_userns_clone
|
||||
register: k3s_get_unprivileged_userns_clone
|
||||
when: k3s_check_unprivileged_userns_exists.stat.exists
|
||||
|
@ -24,17 +24,17 @@
|
|||
when: not k3s_check_unprivileged_userns_exists.stat.exists
|
||||
|
||||
- name: Get the value of /proc/sys/user/max_user_namespaces
|
||||
slurp:
|
||||
ansible.builtin.slurp:
|
||||
src: /proc/sys/user/max_user_namespaces
|
||||
register: k3s_get_max_user_namespaces
|
||||
|
||||
- name: Get the contents of /etc/subuid
|
||||
slurp:
|
||||
ansible.builtin.slurp:
|
||||
src: /etc/subuid
|
||||
register: k3s_get_subuid
|
||||
|
||||
- name: Get the contents of /etc/subgid
|
||||
slurp:
|
||||
ansible.builtin.slurp:
|
||||
src: /etc/subgid
|
||||
register: k3s_get_subgid
|
||||
|
||||
|
@ -46,7 +46,7 @@
|
|||
| select('search', ansible_user_id) | first | default('UserNotFound:0:0') }}"
|
||||
|
||||
- name: Check user namespaces kernel parameters are adequate
|
||||
assert:
|
||||
ansible.builtin.assert:
|
||||
that:
|
||||
- k3s_get_unprivileged_userns_clone['content'] | b64decode | int == 1
|
||||
- k3s_get_max_user_namespaces['content'] | b64decode | int >= 28633
|
||||
|
|
|
@ -1,14 +1,14 @@
|
|||
---
|
||||
|
||||
- name: "Check that k3s_release_version >= {{ k3s_min_version }}"
|
||||
assert:
|
||||
ansible.builtin.assert:
|
||||
that:
|
||||
- (k3s_release_version | replace('v', '')) is version_compare(k3s_min_version, '>=')
|
||||
success_msg: "{{ k3s_release_version }} is supported by this role."
|
||||
fail_msg: "{{ k3s_release_version }} is not supported by this role, please use xanmanning.k3s v1.x."
|
||||
|
||||
- name: Check configuration in k3s_server and k3s_agent that needs special configuration
|
||||
assert:
|
||||
ansible.builtin.assert:
|
||||
that:
|
||||
- (item.setting not in k3s_runtime_config)
|
||||
success_msg: "{{ item.setting }} not found in server/agent config"
|
||||
|
@ -16,17 +16,18 @@
|
|||
loop: "{{ k3s_config_exclude }}"
|
||||
|
||||
- name: Check configuration in k3s_server and k3s_agent for deprecated configuration
|
||||
assert:
|
||||
ansible.builtin.assert:
|
||||
that:
|
||||
- (item.setting not in k3s_runtime_config)
|
||||
success_msg: "{{ item.setting }} not found in server/agent config"
|
||||
fail_msg: "{{ item.setting }} found in server/agent config. Please set {{ item.correction }} to use this option."
|
||||
loop: "{{ k3s_deprecated_config }}"
|
||||
when: item.when is not defined
|
||||
or (item.when is defined and (k3s_release_version | replace('v', '')) is version_compare(item.when, '>='))
|
||||
when: (item.when is not defined
|
||||
or (item.when is defined and (k3s_release_version | replace('v', '')) is version_compare(item.when, '>=')))
|
||||
and not k3s_use_unsupported_config
|
||||
|
||||
- name: Check configuration in k3s_server and k3s_agent against release version
|
||||
assert:
|
||||
ansible.builtin.assert:
|
||||
that:
|
||||
- (k3s_release_version | replace('v', '')) is version_compare(item.version, '>=')
|
||||
success_msg: "{{ item.setting }} is supported by {{ k3s_release_version }}"
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
---
|
||||
|
||||
- name: Check to see if k3s_state is a supported value
|
||||
assert:
|
||||
ansible.builtin.assert:
|
||||
that:
|
||||
- k3s_state in k3s_valid_states
|
||||
fail_msg: "k3s_state not valid. Check README.md for details."
|
||||
|
|
|
@ -94,6 +94,7 @@ k3s_experimental_config:
|
|||
- setting: agent-token
|
||||
- setting: agent-token-file
|
||||
- setting: cluster-reset
|
||||
until: 1.19.5
|
||||
|
||||
# Config items that should be marked as deprecated
|
||||
k3s_deprecated_config:
|
||||
|
@ -104,3 +105,6 @@ k3s_deprecated_config:
|
|||
correction: token
|
||||
- setting: no-deploy
|
||||
correction: "disable: VALUE"
|
||||
- setting: docker
|
||||
correction: "docker: false"
|
||||
when: 1.20.0
|
||||
|
|
Loading…
Reference in a new issue