fix(cluster-token): cluster tokens can now be specified without breaking configurations where cluster tokens are auto-generated

molecule/autodeploy/converge.yml

@@ -6,6 +6,7 @@
     molecule_is_test: true
     k3s_release_version: latest
     k3s_build_cluster: false
+    k3s_control_token: 55ba04e5-e17d-4535-9170-3e4245453f4d
     k3s_install_dir: /opt/k3s/bin
     k3s_config_file: /opt/k3s/etc/k3s.yaml
     k3s_server:

molecule/highavailabilitydb/converge.yml

@@ -6,6 +6,7 @@
   vars:
     molecule_is_test: true
     k3s_registration_address: loadbalancer
+    k3s_control_token: 55ba04e5-e17d-4535-9170-3e4245453f4d
     k3s_server:
       datastore-endpoint: "postgres://postgres:verybadpass@database:5432/postgres?sslmode=disable"
     k3s_agent:

tasks/ensure_cluster.yml

@@ -12,14 +12,17 @@
 
 - name: Ensure cluster token is formatted correctly for use in templates
   ansible.builtin.set_fact:
-    k3s_control_token: "{{ k3s_slurped_cluster_token.content | b64decode }}"
+    k3s_control_token_content: "{{ k3s_control_token | default(k3s_slurped_cluster_token.content | b64decode) }}"
-  when: k3s_control_token is not defined and not ansible_check_mode
+  when:
+    - k3s_control_token is not defined
+    - not ansible_check_mode
 
 - name: Ensure dummy cluster token is defined for ansible_check_mode
   ansible.builtin.set_fact:
-    k3s_control_token: "{{ k3s_control_delegate | to_uuid }}"
+    k3s_control_token_content: "{{ k3s_control_delegate | to_uuid }}"
   check_mode: false
-  when: k3s_control_token is not defined and ansible_check_mode
+  when:
+    - ansible_check_mode
 
 - name: Ensure the cluster token file location exists
   ansible.builtin.file:

tasks/ensure_installed_node.yml

@@ -27,6 +27,25 @@
     - restart k3s
   become: "{{ k3s_become }}"
 
+- name: Ensure cluster token is present when pre-defined
+  block:
+    - name: Ensure the cluster token file location exists
+      ansible.builtin.file:
+        path: "{{ k3s_token_location | dirname }}"
+        state: directory
+        mode: 0755
+      become: "{{ k3s_become }}"
+
+    - name: Ensure k3s cluster token file is present
+      ansible.builtin.template:
+        src: cluster-token.j2
+        dest: "{{ k3s_token_location }}"
+        mode: 0600
+      become: "{{ k3s_become }}"
+      notify:
+        - restart k3s
+  when: k3s_control_token is defined
+
 - name: Ensure k3s service unit file is present
   ansible.builtin.template:
     src: k3s.service.j2

templates/cluster-token.j2

@@ -1 +1 @@
-{{ k3s_control_token }}
+{{ k3s_control_token_content | default(k3s_control_token | default(k3s_control_delegate | to_uuid)) }}

templates/k3s.service.j2

@@ -42,7 +42,7 @@ ExecStart={{ k3s_install_dir }}/k3s
     {% if k3s_server is defined %}
         --config {{ k3s_config_file }}
     {% endif %}
-    {% if k3s_token_location %}
+    {% if not k3s_primary_control_node or k3s_control_token is defined %}
         --token-file {{ k3s_token_location }}
     {% endif %}
 {% else %}