Merge pull request #165 from crutonjohn/feat/air-gap

Feature: Air Gap Installation
2024-11-09 15:03:31 +01:00 · 2022-01-02 20:38:59 +00:00 · 2022-01-02 20:38:59 +00:00 · 3be75a8296
commit 3be75a8296
parent a4cbc4d68d b9b2a8e054
7 changed files with 44 additions and 4 deletions
--- a/README.md
+++ b/README.md
@ -63,6 +63,7 @@ consistency. These are generally cluster-level configuration.
 |--------------------------------------|--------------------------------------------------------------------------------------------|--------------------------------|
 | `k3s_state`                          | State of k3s: installed, started, stopped, downloaded, uninstalled, validated.             | installed                      |
 | `k3s_release_version`                | Use a specific version of k3s, eg. `v0.2.0`. Specify `false` for stable.                   | `false`                        |
+| `k3s_airgap`                         | Boolean to enable air-gapped installations                                                 | `false`                        |
 | `k3s_config_file`                    | Location of the k3s configuration file.                                                    | `/etc/rancher/k3s/config.yaml` |
 | `k3s_build_cluster`                  | When multiple play hosts are available, attempt to cluster. Read notes below.              | `true`                         |
 | `k3s_registration_address`           | Fixed registration address for nodes. IP or FQDN.                                          | NULL                           |
@ -324,6 +325,10 @@ k3s_server_pod_manifests_urls:

 ```

+#### Important note about `k3s_airgap`
+
+When deploying k3s in an air gapped environment you should provide the `k3s` binary in `./files/`. The binary will not be downloaded from Github and will subsequently not be verified using the provided sha256 sum, nor able to verify the version that you are running. All risks and burdens associated are assumed by the user in this scenario.
+
 ## Dependencies

 No dependencies on other roles.
--- a/tasks/build/airgap-k3s.yml
+++ b/tasks/build/airgap-k3s.yml
@ -0,0 +1,15 @@
+---
+
+- name: Ensure installation directory exists
+  ansible.builtin.file:
+    path: "{{ k3s_install_dir }}"
+    state: directory
+    mode: 0755
+
+- name: Copy local k3s binary to target host
+  ansible.builtin.copy:
+    src: k3s
+    # TODO: allow airgap to bypass version post-fix
+    dest: "{{ k3s_install_dir }}/k3s-{{ k3s_release_version }}"
+    mode: 0755
+  become: "{{ k3s_become_for_install_dir | ternary(true, false, k3s_become_for_all)  }}"
--- a/tasks/build/get-version.yml
+++ b/tasks/build/get-version.yml
@ -1,5 +1,6 @@
 ---

+# TODO: Prevent or circumvent versioning when k3s_airgap
 - name: Ensure k3s_release_version is set to default if false
  ansible.builtin.set_fact:
    k3s_release_version: "{{ k3s_release_channel }}"
--- a/tasks/state-downloaded.yml
+++ b/tasks/state-downloaded.yml
@ -1,6 +1,12 @@
 ---

 - import_tasks: build/get-version.yml
-  when: k3s_release_version is not defined or not k3s_release_version
+  when:
+    - k3s_release_version is not defined or not k3s_release_version
+    - not k3s_airgap

 - import_tasks: build/download-k3s.yml
+  when: not k3s_airgap
+
+- import_tasks: build/airgap-k3s.yml
+  when: k3s_airgap
--- a/tasks/state-installed.yml
+++ b/tasks/state-installed.yml
@ -5,9 +5,11 @@
 - import_tasks: teardown/drain-and-remove-nodes.yml

 - import_tasks: build/get-version.yml
-  when: k3s_release_version is not defined
-        or not k3s_release_version
-        or k3s_release_version is not regex('\\+k3s[1-9]$')
+  when:
+    - k3s_release_version is not defined
+      or not k3s_release_version
+      or k3s_release_version is not regex('\\+k3s[1-9]$')
+    - not k3s_airgap

 - import_tasks: validate/main.yml
  when: not k3s_skip_validation
@ -33,6 +35,12 @@
  meta: flush_handlers

 - import_tasks: build/download-k3s.yml
+  when:
+    - not k3s_airgap
+
+- import_tasks: build/airgap-k3s.yml
+  when:
+    - k3s_airgap

 - import_tasks: build/preconfigure-k3s-auto-deploying-manifests.yml
  when:
--- a/tasks/validate/configuration/variables.yml
+++ b/tasks/validate/configuration/variables.yml
@ -6,6 +6,7 @@
      - (k3s_release_version | replace('v', '')) is version_compare(k3s_min_version, '>=')
    success_msg: "{{ k3s_release_version }} is supported by this role."
    fail_msg: "{{ k3s_release_version }} is not supported by this role, please use xanmanning.k3s v1.x."
+  when: not k3s_airgap

 - name: Check configuration in k3s_server and k3s_agent that needs alternate configuration
  ansible.builtin.assert:
@ -34,6 +35,7 @@
      {% endif %}
  loop: "{{ k3s_deprecated_config }}"
  when:
+    - not k3s_airgap
    - (item.when is not defined
       or (item.when is defined and (k3s_release_version | replace('v', '')) is version_compare(item.when, '>=')))
    - not k3s_use_unsupported_config
--- a/vars/main.yml
+++ b/vars/main.yml
@ -55,6 +55,9 @@ k3s_api_releases: "{{ k3s_api_url }}/v1-release/channels"
 # Download location for releases
 k3s_github_download_url: "{{ k3s_github_url }}/releases/download"

+# Install K3s in Air Gapped scenarios
+k3s_airgap: false
+
 # Generate a runtime config dictionary for validation
 k3s_runtime_config: "{{ (k3s_server | default({})) | combine (k3s_agent | default({})) }}"