libretic/ansible-role-k3s
6
0
Fork 0
mirror of https://github.com/PyratLabs/ansible-role-k3s synced 2024-09-19 16:41:32 +02:00
Code Issues Projects Releases Packages Wiki Activity

Set embedded Etcd as stable, deprecate docker

Browse source
This commit is contained in:
Xan Manning 2020-12-12 14:27:59 +00:00
parent 5d3524d729
commit 34e2af3d47
44 changed files with 124 additions and 104 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
CHANGELOG.md
View file

@ -14,6 +14,22 @@
---
-->
## 2020-12-12, v2.2.0
### Notable changes
- Use of FQCNs enforced, minimum Ansible version now v2.10
- `k3s_etcd_datastore` no longer experimental after K3s version v1.19.5+k3s1
- Docker marked as deprecated for K3s > v1.20.0+k3s1
### Breaking changes
- Use of FQCNs enforced, minimum Ansible version now v2.10
- Use of Docker requires `k3s_use_unsupported_config` to be `true` after
v1.20.0+k3s1
---
## 2020-12-05, v2.1.1
### Notable changes

15
README.md
View file

@ -86,7 +86,7 @@ consistency. These are generally cluster-level configuration.
| `k3s_server_manifests_templates` | A list of Auto-Deploying Manifests Templates. | [] |
| `k3s_use_experimental` | Allow the use of experimental features in k3s. | `false` |
| `k3s_use_unsupported_config` | Allow the use of unsupported configurations in k3s. | `false` |
| `k3s_etcd_datastore` | Enable etcd embedded datastore (EXPERIMENTAL, read notes below). | `false` |
| `k3s_etcd_datastore` | Enable etcd embedded datastore (read notes below). | `false` |
| `k3s_debug` | Enable debug logging on the k3s service. | `false` |
### Ansible Controller Configuration Variables
@ -269,13 +269,12 @@ with a `datastore-endpoint` defined. As this is not a typically supported
configuration you will need to set `k3s_use_unsupported_config` to `true`.
Since K3s v1.19.1 it is possible to use an embedded Etcd as the backend
database, and this is done by setting `k3s_etcd_datastore` to true.
As this is an experimental feature you will also need to set
`k3s_use_experimental` to `true`. The best practice for Etcd is to define at
least 3 members to ensure quorum is established. In addition to this, an odd
number of members is recommended to ensure a majority in the event of a network
partition. If you want to use 2 members or an even number of members,
please set `k3s_use_unsupported_config` to `true`.
database, and this is done by setting `k3s_etcd_datastore` to `true`.
The best practice for Etcd is to define at least 3 members to ensure quorum is
established. In addition to this, an odd number of members is recommended to
ensure a majority in the event of a network partition. If you want to use 2
members or an even number of members, please set `k3s_use_unsupported_config`
to `true`.
## Dependencies

2
defaults/main.yml
View file

@ -41,7 +41,7 @@ k3s_use_experimental: false
# Allow for unsupported configurations in k3s?
k3s_use_unsupported_config: false
# Enable etcd embedded datastore (EXPERIMENTAL)
# Enable etcd embedded datastore
k3s_etcd_datastore: false

2
documentation/quickstart-ha-cluster.md
View file

@ -92,7 +92,7 @@ Here is our playbook for the k3s cluster (`ha_cluster.yml`):
vars:
k3s_become_for_all: true
k3s_etcd_datastore: true
k3s_use_experimental: true # Note this is required for k3s v1.19.4+k3s1
k3s_use_experimental: true # Note this is required for k3s < v1.19.5+k3s1
roles:
- xanmanning.k3s
```

6
handlers/main.yml
View file

@ -1,13 +1,13 @@
---
- name: reload systemd
systemd:
ansible.builtin.systemd:
daemon_reload: true
scope: "{{ k3s_systemd_context }}"
become: "{{ k3s_become_for_systemd | ternary(true, false, k3s_become_for_all) }}"
- name: restart k3s
systemd:
ansible.builtin.systemd:
name: k3s
state: restarted
scope: "{{ k3s_systemd_context }}"
@ -17,7 +17,7 @@
become: "{{ k3s_become_for_systemd | ternary(true, false, k3s_become_for_all) }}"
- name: restart docker
systemd:
ansible.builtin.systemd:
name: docker
state: restarted
enabled: true

2
molecule/autodeploy/verify.yml
View file

@ -5,5 +5,5 @@
hosts: all
tasks:
- name: Example assertion
assert:
ansible.builtin.assert:
that: true

2
molecule/debug/verify.yml
View file

@ -5,5 +5,5 @@
hosts: all
tasks:
- name: Example assertion
assert:
ansible.builtin.assert:
that: true

6
molecule/default/prepare-rootless.yml
View file

@ -4,18 +4,18 @@
become: true
tasks:
- name: Ensure a user group exists
group:
ansible.builtin.group:
name: user
state: present
- name: Ensure a normal user exists
user:
ansible.builtin.user:
name: k3suser
group: user
state: present
- name: Ensure a normal user has bin directory
file:
ansible.builtin.file:
path: /home/k3suser/bin
state: directory
owner: k3suser

2
molecule/default/prepare.yml
View file

@ -3,6 +3,6 @@
hosts: all
tasks:
- name: Ensure apt cache is updated
apt:
ansible.builtin.apt:
update_cache: true
when: ansible_pkg_mgr == 'apt'

2
molecule/docker/prepare.yml
View file

@ -3,6 +3,6 @@
hosts: all
tasks:
- name: Ensure apt cache is updated
apt:
ansible.builtin.apt:
update_cache: true
when: ansible_pkg_mgr == 'apt'

8
molecule/highavailabilitydb/prepare.yml
View file

@ -3,23 +3,23 @@
hosts: loadbalancer
tasks:
- name: Ensure apt cache is updated
apt:
ansible.builtin.apt:
update_cache: true
when: ansible_pkg_mgr == 'apt'
- name: Ensure HAProxy is installed
package:
ansible.builtin.package:
name: haproxy
state: present
- name: Ensure HAProxy config directory exists
file:
ansible.builtin.file:
path: /usr/local/etc/haproxy
state: directory
mode: 0755
- name: Ensure HAProxy is configured
template:
ansible.builtin.template:
src: haproxy-loadbalancer.conf.j2
dest: /usr/local/etc/haproxy/haproxy.cfg
mode: 0644

8
molecule/highavailabilityetcd/prepare.yml
View file

@ -3,23 +3,23 @@
hosts: loadbalancer
tasks:
- name: Ensure apt cache is updated
apt:
ansible.builtin.apt:
update_cache: true
when: ansible_pkg_mgr == 'apt'
- name: Ensure HAProxy is installed
package:
ansible.builtin.package:
name: haproxy
state: present
- name: Ensure HAProxy config directory exists
file:
ansible.builtin.file:
path: /usr/local/etc/haproxy
state: directory
mode: 0755
- name: Ensure HAProxy is configured
template:
ansible.builtin.template:
src: haproxy-loadbalancer.conf.j2
dest: /usr/local/etc/haproxy/haproxy.cfg
mode: 0644

2
molecule/nodeploy/verify.yml
View file

@ -5,5 +5,5 @@
hosts: all
tasks:
- name: Example assertion
assert:
ansible.builtin.assert:
that: true

12
tasks/build/configure-k3s-cluster.yml
View file

@ -1,7 +1,7 @@
---
- name: Ensure NODE_TOKEN is captured from control node
slurp:
ansible.builtin.slurp:
path: "{{ k3s_runtime_config['data-dir'] | default ('/var/lib/rancher/k3s') }}/server/node-token"
register: k3s_slurped_control_token
delegate_to: "{{ k3s_control_delegate }}"
@ -20,14 +20,14 @@
when: k3s_control_token is not defined and ansible_check_mode
- name: Ensure the cluster NODE_TOKEN file location exists
file:
ansible.builtin.file:
path: "{{ k3s_token_location | dirname }}"
state: directory
mode: 0755
become: "{{ k3s_become_for_systemd | ternary(true, false, k3s_become_for_all) }}"
- name: Ensure k3s cluster token file is present on workers and secondary control nodes
template:
ansible.builtin.template:
src: cluster-token.j2
dest: "{{ k3s_token_location }}"
mode: 0600
@ -38,7 +38,7 @@
- restart k3s
- name: Ensure k3s service unit file is present
template:
ansible.builtin.template:
src: k3s.service.j2
dest: "{{ k3s_systemd_unit_dir }}/k3s.service"
mode: 0644
@ -48,7 +48,7 @@
- restart k3s
- name: Ensure k3s config file exists
template:
ansible.builtin.template:
src: config.yaml.j2
dest: "{{ k3s_config_file }}"
mode: 0644
@ -58,7 +58,7 @@
become: "{{ k3s_become_for_install_dir | ternary(true, false, k3s_become_for_all) }}"
- name: Ensure secondary controllers are started
service:
ansible.builtin.systemd:
name: k3s
state: started
enabled: true

6
tasks/build/download-k3s.yml
View file

@ -21,7 +21,7 @@
check_mode: false
- name: Ensure the k3s hashsum is downloaded
uri:
ansible.builtin.uri:
url: "{{ k3s_hash_url }}"
return_content: true
register: k3s_hash_sum_raw
@ -37,13 +37,13 @@
check_mode: false
- name: Ensure installation directory exists
file:
ansible.builtin.file:
path: "{{ k3s_install_dir }}"
state: directory
mode: 0755
- name: Ensure k3s binary is downloaded
get_url:
ansible.builtin.get_url:
url: "{{ k3s_binary_url }}"
dest: "{{ k3s_install_dir }}/k3s-{{ k3s_release_version }}"
checksum: "sha256:{{ k3s_hash_sum }}"

2
tasks/build/get-version.yml
View file

@ -12,7 +12,7 @@
check_mode: false
- name: Get the latest release version from k3s.io
uri:
ansible.builtin.uri:
url: "{{ k3s_api_releases }}"
return_content: true
body_format: json

2
tasks/build/install-docker-archlinux.yml
View file

@ -1,7 +1,7 @@
---
- name: Ensure docker is installed using Pacman
pacman:
community.general.pacman:
name: docker
state: present
register: ensure_docker_prerequisites_installed

2
tasks/build/install-docker-opensuse-leap.yml
View file

@ -1,7 +1,7 @@
---
- name: Ensure docker is installed using Zypper
zypper:
community.general.zypper:
name: docker
state: present
register: ensure_docker_prerequisites_installed

6
tasks/build/install-docker-prerequisites-debian.yml
View file

@ -1,7 +1,7 @@
---
- name: Ensure Docker prerequisites are installed
apt:
ansible.builtin.apt:
name:
- apt-transport-https
- ca-certificates
@ -16,13 +16,13 @@
become: "{{ k3s_become_for_package_install | ternary(true, false, k3s_become_for_all) }}"
- name: Ensure Docker APT key is present
apt_key:
ansible.builtin.apt_key:
url: https://download.docker.com/linux/{{ ansible_distribution | lower }}/gpg
state: present
become: "{{ k3s_become_for_package_install | ternary(true, false, k3s_become_for_all) }}"
- name: Ensure Docker repository is installed and configured
apt_repository:
ansible.builtin.apt_repository:
filename: docker-ce
repo: "deb https://download.docker.com/linux/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} stable"
update_cache: true

8
tasks/build/install-docker-prerequisites-redhat.yml
View file

@ -1,7 +1,7 @@
---
- name: Ensure python-dnf is installed
package:
ansible.builtin.package:
name: "{{ 'python-dnf' if ansible_python_version is version_compare('3.0.0', '<') else 'python3-dnf' }}"
state: present
register: ensure_python_dnf_installed
@ -12,7 +12,7 @@
when: ansible_pkg_mgr == 'dnf'
- name: Ensure Docker prerequisites are installed
yum:
ansible.builtin.yum:
name:
- yum-utils
- device-mapper-persistent-data
@ -25,14 +25,14 @@
become: "{{ k3s_become_for_package_install | ternary(true, false, k3s_become_for_all) }}"
- name: Check to see if Docker repository is available for this distribution
uri:
ansible.builtin.uri:
url: "https://download.docker.com/linux/{{ ansible_distribution | lower }}/{{ ansible_distribution_major_version }}"
register: k3s_redhat_repo_check
failed_when: false
changed_when: false
- name: Ensure Docker repository is installed and configured
yum_repository:
ansible.builtin.yum_repository:
name: docker-ce
description: Docker CE Repository
baseurl: https://download.docker.com/linux/{{ ansible_distribution | lower }}/{{ ansible_distribution_major_version }}/$basearch/stable

2
tasks/build/install-docker-suse.yml
View file

@ -1,7 +1,7 @@
---
- name: Ensure docker is installed using Zypper
zypper:
community.general.zypper:
name: docker
state: present
register: ensure_docker_prerequisites_installed

2
tasks/build/install-docker.yml
View file

@ -1,7 +1,7 @@
---
- name: Ensure docker is installed
package:
ansible.builtin.package:
name:
- docker-ce
- docker-ce-cli

10
tasks/build/install-k3s-node.yml
View file

@ -1,7 +1,7 @@
---
- name: Ensure k3s is linked into the installation destination
file:
ansible.builtin.file:
src: "{{ k3s_install_dir }}/k3s-{{ k3s_release_version }}"
dest: "{{ k3s_install_dir }}/{{ item }}"
state: "{{ 'hard' if k3s_install_hard_links else 'link' }}"
@ -18,7 +18,7 @@
become: "{{ k3s_become_for_install_dir | ternary(true, false, k3s_become_for_all) }}"
- name: Ensure k3s config file exists
template:
ansible.builtin.template:
src: config.yaml.j2
dest: "{{ k3s_config_file }}"
mode: 0644
@ -28,7 +28,7 @@
become: "{{ k3s_become_for_install_dir | ternary(true, false, k3s_become_for_all) }}"
- name: Ensure k3s service unit file is present
template:
ansible.builtin.template:
src: k3s.service.j2
dest: "{{ k3s_systemd_unit_dir }}/k3s.service"
mode: 0644
@ -38,7 +38,7 @@
become: "{{ k3s_become_for_systemd | ternary(true, false, k3s_become_for_all) }}"
- name: Ensure k3s killall script is present
template:
ansible.builtin.template:
src: k3s-killall.sh.j2
dest: "/usr/local/bin/k3s-killall.sh"
mode: 0700
@ -48,7 +48,7 @@
or not k3s_runtime_config.rootless)
- name: Ensure k3s uninstall script is present
template:
ansible.builtin.template:
src: k3s-uninstall.sh.j2
dest: "/usr/local/bin/k3s-uninstall.sh"
mode: 0700

8
tasks/build/install-k3s.yml
View file

@ -1,21 +1,21 @@
---
- name: Ensure config directory exists
file:
ansible.builtin.file:
path: "{{ k3s_config_file | dirname }}"
state: directory
mode: 0755
become: "{{ k3s_become_for_install_dir | ternary(true, false, k3s_become_for_all) }}"
- name: Ensure systemd unit file directory exists
file:
ansible.builtin.file:
path: "{{ k3s_systemd_unit_dir }}"
state: directory
mode: 0755
become: "{{ k3s_become_for_systemd | ternary(true, false, k3s_become_for_all) }}"
- name: Ensure data directory exists when not using the default
file:
ansible.builtin.file:
path: "{{ k3s_runtime_config['data-dir'] | default('/var/lib/rancher/k3s') }}"
state: directory
mode: 0755
@ -34,7 +34,7 @@
when: k3s_build_cluster
- name: Ensure k3s control plane is started
systemd:
ansible.builtin.systemd:
name: k3s
state: started
enabled: true

4
tasks/build/preconfigure-k3s-auto-deploying-manifests.yml
View file

@ -1,7 +1,7 @@
---
- name: Ensure that the manifests directory exists
file:
ansible.builtin.file:
state: directory
path: "{{ k3s_server_manifests_dir }}"
mode: 0755
@ -9,7 +9,7 @@
# https://rancher.com/docs/k3s/latest/en/advanced/#auto-deploying-manifests
- name: Ensure Auto-Deploying Manifests are copied to controllers
template:
ansible.builtin.template:
src: "{{ item }}"
dest: "{{ k3s_server_manifests_dir }}/{{ item | basename | replace('.j2','') }}"
mode: 0644

2
tasks/build/preconfigure-k3s.yml
View file

@ -41,7 +41,7 @@
and k3s_build_cluster is defined and k3s_build_cluster
- name: Ensure ansible_host is mapped to inventory_hostname
lineinfile:
ansible.builtin.lineinfile:
path: /tmp/inventory.txt
line: >-
{{ item }}

4
tasks/operate/start-k3s.yml
View file

@ -1,14 +1,14 @@
---
- name: Ensure k3s service is started
systemd:
ansible.builtin.systemd:
name: k3s
state: started
enabled: true
when: k3s_non_root is not defined or not k3s_non_root
- name: Ensure k3s service is started
systemd:
ansible.builtin.systemd:
name: k3s
state: started
enabled: true

4
tasks/operate/stop-k3s.yml
View file

@ -1,14 +1,14 @@
---
- name: Ensure k3s service is stopped
systemd:
ansible.builtin.systemd:
name: k3s
state: stopped
enabled: false
when: k3s_non_root is not defined or not k3s_non_root
- name: Ensure k3s service is started
systemd:
ansible.builtin.systemd:
name: k3s
state: stopped
enabled: false

2
tasks/teardown/drain-and-remove-nodes.yml
View file

@ -1,7 +1,7 @@
---
- name: Check if kubectl exists
stat:
ansible.builtin.stat:
path: "{{ k3s_install_dir }}/kubectl"
register: k3s_check_kubectl
become: "{{ k3s_become_for_kubectl | ternary(true, false, k3s_become_for_all) }}"

2
tasks/teardown/uninstall-docker-archlinux.yml
View file

@ -1,7 +1,7 @@
---
- name: Ensure docker is uninstalled using Pacman
pacman:
community.general.pacman:
name: docker
state: absent
register: ensure_docker_uninstalled

2
tasks/teardown/uninstall-docker-opensuse-leap.yml
View file

@ -1,7 +1,7 @@
---
- name: Ensure docker is installed using Zypper
zypper:
community.general.zypper:
name: docker
state: absent
register: ensure_docker_uninstalled

4
tasks/teardown/uninstall-docker-prerequisites-debian.yml
View file

@ -1,7 +1,7 @@
---
- name: Ensure Docker repository is uninstalled
apt_repository:
ansible.builtin.apt_repository:
filename: docker-ce
repo: "deb https://download.docker.com/linux/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} stable"
update_cache: false
@ -9,7 +9,7 @@
become: "{{ k3s_become_for_uninstall | ternary(true, false, k3s_become_for_all) }}"
- name: Ensure Docker APT key is uninstalled
apt_key:
ansible.builtin.apt_key:
url: https://download.docker.com/linux/{{ ansible_distribution | lower }}/gpg
state: absent
become: "{{ k3s_become_for_uninstall | ternary(true, false, k3s_become_for_all) }}"

2
tasks/teardown/uninstall-docker-prerequisites-redhat.yml
View file

@ -1,7 +1,7 @@
---
- name: Ensure Docker repository is removed
yum_repository:
ansible.builtin.yum_repository:
name: docker-ce
description: Docker CE Repository
baseurl: https://download.docker.com/linux/{{ ansible_distribution | lower }}/{{ ansible_distribution_major_version }}/$basearch/stable

2
tasks/teardown/uninstall-docker-suse.yml
View file

@ -1,7 +1,7 @@
---
- name: Ensure docker is uninstalled using Zypper
zypper:
community.general.zypper:
name: docker
state: absent
register: ensure_docker_uninstalled

2
tasks/teardown/uninstall-docker.yml
View file

@ -1,7 +1,7 @@
---
- name: Ensure docker is uninstalled
package:
ansible.builtin.package:
name:
- docker-ce
- docker-ce-cli

4
tasks/teardown/uninstall-k3s.yml
View file

@ -1,12 +1,12 @@
---
- name: Check to see if k3s-killall.sh exits
stat:
ansible.builtin.stat:
path: /usr/local/bin/k3s-killall.sh
register: check_k3s_killall_script
- name: Check to see if k3s-uninstall.sh exits
stat:
ansible.builtin.stat:
path: /usr/local/bin/k3s-uninstall.sh
register: check_k3s_uninstall_script

6
tasks/validate/check-control-count.yml
View file

@ -1,7 +1,7 @@
---
- name: Check the conditions when a single controller is defined
assert:
ansible.builtin.assert:
that:
- (k3s_controller_count | length == 1)
and ("datastore-endpoint" not in k3s_runtime_config or not k3s_runtime_config['datastore-endpoint'])
@ -13,7 +13,7 @@
and k3s_control_node
- name: Check the conditions when multiple controllers are defined
assert:
ansible.builtin.assert:
that:
- (k3s_controller_count | length >= 2)
and (("datastore-endpoint" in k3s_runtime_config and k3s_runtime_config['datastore-endpoint'])
@ -24,7 +24,7 @@
and k3s_control_node
- name: Check the conditions when embedded etcd is defined
assert:
ansible.builtin.assert:
that:
- (k3s_controller_count | length >= 3)
and (((k3s_controller_count | length) % 2) == 1)

2
tasks/validate/check-control-plane.yml
View file

@ -1,7 +1,7 @@
---
- name: Check that the control plane to is available to accept connections
wait_for:
ansible.builtin.wait_for:
port: "{{ k3s_runtime_config['https-listen-port'] | default('6443') }}"
host: "{{ k3s_runtime_config['bind-address'] | default('127.0.0.1') }}"
delay: 5

8
tasks/validate/check-experimental-variables.yml
View file

@ -1,16 +1,16 @@
---
- name: Check if any experimental variables are configure and if they are enabled with k3s_use_experimental
assert:
ansible.builtin.assert:
that:
- k3s_use_experimental is defined and k3s_use_experimental
success_msg: "Experimental variables are defined and enabled."
fail_msg: "Experimental variables have been configured. If you want to use them ensure you set k3s_use_experimental"
loop: "{{ k3s_experimental_config }}"
fail_msg: "Experimental variable k3s_etcd_datastore has been configured. If you want to use this ensure you set k3s_use_experimental"
when: k3s_etcd_datastore is defined and k3s_etcd_datastore
and (k3s_release_version | replace('v', '')) is version_compare("1.19.5", '<')
- name: Check if any experimental variables are configure and if they are enabled with k3s_use_experimental
assert:
ansible.builtin.assert:
that:
- k3s_use_experimental is defined and k3s_use_experimental
success_msg: "Experimental variables are defined and enabled."

14
tasks/validate/check-uninstalled.yml
View file

@ -7,7 +7,7 @@
register: check_k3s_process
- name: Fail if k3s is still running
fail:
ansible.builtin.fail:
msg: k3s is still running, uninstall script failed. Please investigate.
when: check_k3s_process.rc == 0
@ -19,12 +19,12 @@
when: ("docker" in k3s_runtime_config and k3s_runtime_config.docker)
- name: Fail if docker is still running
fail:
ansible.builtin.fail:
msg: docker is still running, uninstall script failed. Please investigate.
when: ("docker" in k3s_runtime_config and k3s_runtime_config.docker)
- name: Fail if k3s binaries have not been removed
stat:
ansible.builtin.stat:
path: "{{ k3s_install_dir }}/{{ item }}"
register: check_k3s_binaries_removed
failed_when: check_k3s_binaries_removed.stat.exists
@ -35,21 +35,21 @@
- ctr
- name: Check k3s-killall.sh is removed
stat:
ansible.builtin.stat:
path: /usr/local/bin/k3s-killall.sh
register: check_k3s_killall
- name: Fail if k3s-killall.sh script still exists
fail:
ansible.builtin.fail:
msg: k3s-killall.sh is still running, uninstall script failed. Please investigate.
when: check_k3s_killall.stat.exists
- name: Check k3s-uninstall.sh is removed
stat:
ansible.builtin.stat:
path: /usr/local/bin/k3s-uninstall.sh
register: check_k3s_uninstall
- name: Fail if k3s-uninstall.sh script still exists
fail:
ansible.builtin.fail:
msg: k3s-uninstall.sh is still running, uninstall script failed. Please investigate.
when: check_k3s_uninstall.stat.exists

12
tasks/validate/check-unsupported-rootless.yml
View file

@ -7,12 +7,12 @@
register: k3s_check_newuidmap_installed
- name: Check if /proc/sys/kernel/unprivileged_userns_clone exists
stat:
ansible.builtin.stat:
path: /proc/sys/kernel/unprivileged_userns_clone
register: k3s_check_unprivileged_userns_exists
- name: Get the value of /proc/sys/kernel/unprivileged_userns_clone
slurp:
ansible.builtin.slurp:
src: /proc/sys/kernel/unprivileged_userns_clone
register: k3s_get_unprivileged_userns_clone
when: k3s_check_unprivileged_userns_exists.stat.exists
@ -24,17 +24,17 @@
when: not k3s_check_unprivileged_userns_exists.stat.exists
- name: Get the value of /proc/sys/user/max_user_namespaces
slurp:
ansible.builtin.slurp:
src: /proc/sys/user/max_user_namespaces
register: k3s_get_max_user_namespaces
- name: Get the contents of /etc/subuid
slurp:
ansible.builtin.slurp:
src: /etc/subuid
register: k3s_get_subuid
- name: Get the contents of /etc/subgid
slurp:
ansible.builtin.slurp:
src: /etc/subgid
register: k3s_get_subgid
@ -46,7 +46,7 @@
| select('search', ansible_user_id) | first | default('UserNotFound:0:0') }}"
- name: Check user namespaces kernel parameters are adequate
assert:
ansible.builtin.assert:
that:
- k3s_get_unprivileged_userns_clone['content'] | b64decode | int == 1
- k3s_get_max_user_namespaces['content'] | b64decode | int >= 28633

13
tasks/validate/check-variables.yml
View file

@ -1,14 +1,14 @@
---
- name: "Check that k3s_release_version >= {{ k3s_min_version }}"
assert:
ansible.builtin.assert:
that:
- (k3s_release_version | replace('v', '')) is version_compare(k3s_min_version, '>=')
success_msg: "{{ k3s_release_version }} is supported by this role."
fail_msg: "{{ k3s_release_version }} is not supported by this role, please use xanmanning.k3s v1.x."
- name: Check configuration in k3s_server and k3s_agent that needs special configuration
assert:
ansible.builtin.assert:
that:
- (item.setting not in k3s_runtime_config)
success_msg: "{{ item.setting }} not found in server/agent config"
@ -16,17 +16,18 @@
loop: "{{ k3s_config_exclude }}"
- name: Check configuration in k3s_server and k3s_agent for deprecated configuration
assert:
ansible.builtin.assert:
that:
- (item.setting not in k3s_runtime_config)
success_msg: "{{ item.setting }} not found in server/agent config"
fail_msg: "{{ item.setting }} found in server/agent config. Please set {{ item.correction }} to use this option."
loop: "{{ k3s_deprecated_config }}"
when: item.when is not defined
or (item.when is defined and (k3s_release_version | replace('v', '')) is version_compare(item.when, '>='))
when: (item.when is not defined
or (item.when is defined and (k3s_release_version | replace('v', '')) is version_compare(item.when, '>=')))
and not k3s_use_unsupported_config
- name: Check configuration in k3s_server and k3s_agent against release version
assert:
ansible.builtin.assert:
that:
- (k3s_release_version | replace('v', '')) is version_compare(item.version, '>=')
success_msg: "{{ item.setting }} is supported by {{ k3s_release_version }}"

2
tasks/validate/pre-flight.yml
View file

@ -1,7 +1,7 @@
---
- name: Check to see if k3s_state is a supported value
assert:
ansible.builtin.assert:
that:
- k3s_state in k3s_valid_states
fail_msg: "k3s_state not valid. Check README.md for details."

4
vars/main.yml
View file

@ -94,6 +94,7 @@ k3s_experimental_config:
- setting: agent-token
- setting: agent-token-file
- setting: cluster-reset
until: 1.19.5
# Config items that should be marked as deprecated
k3s_deprecated_config:
@ -104,3 +105,6 @@ k3s_deprecated_config:
correction: token
- setting: no-deploy
correction: "disable: VALUE"
- setting: docker
correction: "docker: false"
when: 1.20.0