libretic/ansible-role-k3s
6
0
Fork 0
mirror of https://github.com/PyratLabs/ansible-role-k3s synced 2024-11-04 21:03:29 +01:00
Code Issues Projects Releases Packages Wiki Activity

WIP(alpine): trying to find a container image that supports openrc

Browse source
This commit is contained in:
Xan Manning 2022-05-03 19:02:02 +01:00
parent f3640e5c9f
commit 910b611058
20 changed files with 246 additions and 66 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
.github/workflows/ci.yml vendored
View file

@ -42,8 +42,10 @@ jobs:
prebuilt: 'true'
- distro: geerlingguy/docker-fedora33-ansible:latest
scenario: autodeploy
- distro: alpine:3.15
- distro: nimmis/alpine:3.14
scenario: highavailabilityetcd
command: "init"
prebuilt: 'false'
- distro: geerlingguy/docker-rockylinux8-ansible:latest
scenario: highavailabilityetcd
prebuilt: 'true'
@ -70,3 +72,4 @@ jobs:
ANSIBLE_FORCE_COLOR: '1'
MOLECULE_DISTRO: ${{ matrix.distro }}
MOLECULE_PREBUILT: ${{ matrix.prebuilt }}
MOLECULE_DOCKER_COMMAND: ${{ matrix.command }}

20
handlers/main.yml
View file

@ -6,7 +6,12 @@
scope: "{{ k3s_systemd_context }}"
become: "{{ k3s_become }}"
- name: restart k3s
- name: reload service
ansible.builtin.set_fact:
k3s_service_reloaded: true
become: "{{ k3s_become }}"
- name: restart k3s systemd
ansible.builtin.systemd:
name: k3s
state: restarted
@ -19,3 +24,16 @@
- k3s_systemd_restart_k3s is not success
- not ansible_check_mode
become: "{{ k3s_become }}"
- name: restart k3s service
ansible.builtin.service:
name: k3s
state: restarted
enabled: "{{ k3s_start_on_boot }}"
retries: 3
delay: 3
register: k3s_service_restart_k3s
failed_when:
- k3s_service_restart_k3s is not success
- not ansible_check_mode
become: "{{ k3s_become }}"

12
molecule/autodeploy/molecule.yml
View file

@ -26,30 +26,30 @@ lint: |
ansible-lint --exclude molecule/
platforms:
- name: node1
image: "${MOLECULE_DISTRO:-ubuntu:focal}"
image: ${MOLECULE_DISTRO:-"geerlingguy/docker-rockylinux8-ansible:latest"}
command: ${MOLECULE_DOCKER_COMMAND:-""}
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:ro
privileged: true
pre_build_image: ${MOLECULE_PREBUILT:-false}
pre_build_image: ${MOLECULE_PREBUILT:-true}
networks:
- name: k3snet
- name: node2
image: "${MOLECULE_DISTRO:-ubuntu:focal}"
image: ${MOLECULE_DISTRO:-"geerlingguy/docker-rockylinux8-ansible:latest"}
command: ${MOLECULE_DOCKER_COMMAND:-""}
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:ro
privileged: true
pre_build_image: ${MOLECULE_PREBUILT:-false}
pre_build_image: ${MOLECULE_PREBUILT:-true}
networks:
- name: k3snet
- name: node3
image: "${MOLECULE_DISTRO:-ubuntu:focal}"
image: ${MOLECULE_DISTRO:-"geerlingguy/docker-rockylinux8-ansible:latest"}
command: ${MOLECULE_DOCKER_COMMAND:-""}
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:ro
privileged: true
pre_build_image: ${MOLECULE_PREBUILT:-false}
pre_build_image: ${MOLECULE_PREBUILT:-true}
networks:
- name: k3snet
provisioner:

12
molecule/debug/molecule.yml
View file

@ -26,30 +26,30 @@ lint: |
ansible-lint --exclude molecule/
platforms:
- name: node1
image: "${MOLECULE_DISTRO:-ubuntu:focal}"
image: ${MOLECULE_DISTRO:-"geerlingguy/docker-rockylinux8-ansible:latest"}
command: ${MOLECULE_DOCKER_COMMAND:-""}
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:ro
privileged: true
pre_build_image: ${MOLECULE_PREBUILT:-false}
pre_build_image: ${MOLECULE_PREBUILT:-true}
networks:
- name: k3snet
- name: node2
image: "${MOLECULE_DISTRO:-ubuntu:focal}"
image: ${MOLECULE_DISTRO:-"geerlingguy/docker-rockylinux8-ansible:latest"}
command: ${MOLECULE_DOCKER_COMMAND:-""}
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:ro
privileged: true
pre_build_image: ${MOLECULE_PREBUILT:-false}
pre_build_image: ${MOLECULE_PREBUILT:-true}
networks:
- name: k3snet
- name: node3
image: "${MOLECULE_DISTRO:-ubuntu:focal}"
image: ${MOLECULE_DISTRO:-"geerlingguy/docker-rockylinux8-ansible:latest"}
command: ${MOLECULE_DOCKER_COMMAND:-""}
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:ro
privileged: true
pre_build_image: ${MOLECULE_PREBUILT:-false}
pre_build_image: ${MOLECULE_PREBUILT:-true}
networks:
- name: k3snet
provisioner:

12
molecule/default/molecule.yml
View file

@ -26,30 +26,30 @@ lint: |
ansible-lint --exclude molecule/
platforms:
- name: node1
image: "${MOLECULE_DISTRO:-ubuntu:focal}"
image: ${MOLECULE_DISTRO:-"geerlingguy/docker-rockylinux8-ansible:latest"}
command: ${MOLECULE_DOCKER_COMMAND:-""}
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:ro
privileged: true
pre_build_image: ${MOLECULE_PREBUILT:-false}
pre_build_image: ${MOLECULE_PREBUILT:-true}
networks:
- name: k3snet
- name: node2
image: "${MOLECULE_DISTRO:-ubuntu:focal}"
image: ${MOLECULE_DISTRO:-"geerlingguy/docker-rockylinux8-ansible:latest"}
command: ${MOLECULE_DOCKER_COMMAND:-""}
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:ro
privileged: true
pre_build_image: ${MOLECULE_PREBUILT:-false}
pre_build_image: ${MOLECULE_PREBUILT:-true}
networks:
- name: k3snet
- name: node3
image: "${MOLECULE_DISTRO:-ubuntu:focal}"
image: ${MOLECULE_DISTRO:-"geerlingguy/docker-rockylinux8-ansible:latest"}
command: ${MOLECULE_DOCKER_COMMAND:-""}
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:ro
privileged: true
pre_build_image: ${MOLECULE_PREBUILT:-false}
pre_build_image: ${MOLECULE_PREBUILT:-true}
networks:
- name: k3snet
provisioner:

12
molecule/highavailabilitydb/molecule.yml
View file

@ -26,30 +26,30 @@ lint: |
ansible-lint --exclude molecule/
platforms:
- name: node1
image: "${MOLECULE_DISTRO:-ubuntu:focal}"
image: ${MOLECULE_DISTRO:-"geerlingguy/docker-rockylinux8-ansible:latest"}
command: ${MOLECULE_DOCKER_COMMAND:-""}
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:ro
privileged: true
pre_build_image: ${MOLECULE_PREBUILT:-false}
pre_build_image: ${MOLECULE_PREBUILT:-true}
networks:
- name: k3snet
- name: node2
image: "${MOLECULE_DISTRO:-ubuntu:focal}"
image: ${MOLECULE_DISTRO:-"geerlingguy/docker-rockylinux8-ansible:latest"}
command: ${MOLECULE_DOCKER_COMMAND:-""}
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:ro
privileged: true
pre_build_image: ${MOLECULE_PREBUILT:-false}
pre_build_image: ${MOLECULE_PREBUILT:-true}
networks:
- name: k3snet
- name: node3
image: "${MOLECULE_DISTRO:-ubuntu:focal}"
image: ${MOLECULE_DISTRO:-"geerlingguy/docker-rockylinux8-ansible:latest"}
command: ${MOLECULE_DOCKER_COMMAND:-""}
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:ro
privileged: true
pre_build_image: ${MOLECULE_PREBUILT:-false}
pre_build_image: ${MOLECULE_PREBUILT:-true}
networks:
- name: k3snet
- name: database

1
molecule/highavailabilityetcd/converge.yml
View file

@ -12,6 +12,7 @@
k3s_agent:
node-ip: "{{ ansible_default_ipv4.address }}"
snapshotter: native
k3s_skip_validation: "{{ k3s_service_handler[ansible_service_mgr] == 'service' }}"
pre_tasks:
- name: Set each node to be a control node
ansible.builtin.set_fact:

12
molecule/highavailabilityetcd/molecule.yml
View file

@ -26,30 +26,30 @@ lint: |
ansible-lint --exclude molecule/
platforms:
- name: node1
image: "${MOLECULE_DISTRO:-ubuntu:focal}"
image: ${MOLECULE_DISTRO:-"geerlingguy/docker-rockylinux8-ansible:latest"}
command: ${MOLECULE_DOCKER_COMMAND:-""}
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:ro
privileged: true
pre_build_image: ${MOLECULE_PREBUILT:-false}
pre_build_image: ${MOLECULE_PREBUILT:-true}
networks:
- name: k3snet
- name: node2
image: "${MOLECULE_DISTRO:-ubuntu:focal}"
image: ${MOLECULE_DISTRO:-"geerlingguy/docker-rockylinux8-ansible:latest"}
command: ${MOLECULE_DOCKER_COMMAND:-""}
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:ro
privileged: true
pre_build_image: ${MOLECULE_PREBUILT:-false}
pre_build_image: ${MOLECULE_PREBUILT:-true}
networks:
- name: k3snet
- name: node3
image: "${MOLECULE_DISTRO:-ubuntu:focal}"
image: ${MOLECULE_DISTRO:-"geerlingguy/docker-rockylinux8-ansible:latest"}
command: ${MOLECULE_DOCKER_COMMAND:-""}
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:ro
privileged: true
pre_build_image: ${MOLECULE_PREBUILT:-false}
pre_build_image: ${MOLECULE_PREBUILT:-true}
networks:
- name: k3snet
- name: loadbalancer

15
molecule/highavailabilityetcd/prepare.yml
View file

@ -1,12 +1,23 @@
---
- name: Prepare Load Balancer
hosts: loadbalancer
- name: Prepare all nodes
hosts: all
tasks:
- name: Ensure apt cache is updated
ansible.builtin.apt:
update_cache: true
when: ansible_pkg_mgr == 'apt'
- name: Ensure sudo is installed
community.general.apk:
name: sudo
state: present
update_cache: true
when: ansible_pkg_mgr == 'apk'
- name: Prepare Load Balancer
hosts: loadbalancer
tasks:
- name: Ensure HAProxy is installed
ansible.builtin.package:
name: haproxy

12
molecule/nodeploy/molecule.yml
View file

@ -26,30 +26,30 @@ lint: |
ansible-lint --exclude molecule/
platforms:
- name: node1
image: "${MOLECULE_DISTRO:-ubuntu:focal}"
image: ${MOLECULE_DISTRO:-"geerlingguy/docker-rockylinux8-ansible:latest"}
command: ${MOLECULE_DOCKER_COMMAND:-""}
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:ro
privileged: true
pre_build_image: ${MOLECULE_PREBUILT:-false}
pre_build_image: ${MOLECULE_PREBUILT:-true}
networks:
- name: k3snet
- name: node2
image: "${MOLECULE_DISTRO:-ubuntu:focal}"
image: ${MOLECULE_DISTRO:-"geerlingguy/docker-rockylinux8-ansible:latest"}
command: ${MOLECULE_DOCKER_COMMAND:-""}
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:ro
privileged: true
pre_build_image: ${MOLECULE_PREBUILT:-false}
pre_build_image: ${MOLECULE_PREBUILT:-true}
networks:
- name: k3snet
- name: node3
image: "${MOLECULE_DISTRO:-ubuntu:focal}"
image: ${MOLECULE_DISTRO:-"geerlingguy/docker-rockylinux8-ansible:latest"}
command: ${MOLECULE_DOCKER_COMMAND:-""}
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:ro
privileged: true
pre_build_image: ${MOLECULE_PREBUILT:-false}
pre_build_image: ${MOLECULE_PREBUILT:-true}
networks:
- name: k3snet
provisioner:

10
tasks/ensure_cluster.yml
View file

@ -38,7 +38,7 @@
mode: 0600
become: "{{ k3s_become }}"
notify:
- restart k3s
- "restart k3s {{ k3s_service_handler[ansible_service_mgr] }}"
- name: Ensure k3s service unit file is present
ansible.builtin.template:
@ -47,8 +47,8 @@
mode: 0644
become: "{{ k3s_become }}"
notify:
- reload systemd
- restart k3s
- "reload {{ k3s_service_handler[ansible_service_mgr] }}"
- "restart k3s {{ k3s_service_handler[ansible_service_mgr] }}"
- name: Ensure k3s config file exists
ansible.builtin.template:
@ -56,8 +56,8 @@
dest: "{{ k3s_config_file }}"
mode: 0644
notify:
- reload systemd
- restart k3s
- "reload {{ k3s_service_handler[ansible_service_mgr] }}"
- "restart k3s {{ k3s_service_handler[ansible_service_mgr] }}"
become: "{{ k3s_become }}"
- name: Ensure secondary controllers are started

4
tasks/ensure_containerd_registries.yml
View file

@ -6,6 +6,6 @@
dest: "{{ k3s_config_dir }}/registries.yaml"
mode: 0600
notify:
- reload systemd
- restart k3s
- "reload {{ k3s_service_handler[ansible_service_mgr] }}"
- "restart k3s {{ k3s_service_handler[ansible_service_mgr] }}"
become: "{{ k3s_become }}"

16
tasks/ensure_control_plane_started_systemd.yml Normal file
View file

@ -0,0 +1,16 @@
---
- name: Ensure k3s initial control plane server is started
ansible.builtin.systemd:
name: k3s
state: started
enabled: "{{ k3s_start_on_boot }}"
scope: "{{ k3s_systemd_context }}"
register: k3s_systemd_start_k3s
failed_when:
- k3s_systemd_start_k3s is not succeeded
- not ansible_check_mode
when: (k3s_control_node and k3s_controller_list | length == 1)
or (k3s_primary_control_node and k3s_controller_list | length > 1)
or k3s_token_cluster_check.stat.exists
become: "{{ k3s_become }}"

15
tasks/ensure_control_plane_started_sysvinit.yml Normal file
View file

@ -0,0 +1,15 @@
---
- name: Ensure k3s initial control plane server is started
ansible.builtin.service:
name: k3s
state: started
enabled: "{{ k3s_start_on_boot }}"
register: k3s_service_start_k3s
failed_when:
- k3s_service_start_k3s is not succeeded
- not ansible_check_mode
when: (k3s_control_node and k3s_controller_list | length == 1)
or (k3s_primary_control_node and k3s_controller_list | length > 1)
or k3s_token_cluster_check.stat.exists
become: "{{ k3s_become }}"

15
tasks/ensure_installed.yml
View file

@ -22,17 +22,4 @@
path: "{{ k3s_token_location }}"
register: k3s_token_cluster_check
- name: Ensure k3s initial control plane server is started
ansible.builtin.systemd:
name: k3s
state: started
enabled: "{{ k3s_start_on_boot }}"
scope: "{{ k3s_systemd_context }}"
register: k3s_systemd_start_k3s
failed_when:
- k3s_systemd_start_k3s is not succeeded
- not ansible_check_mode
when: (k3s_control_node and k3s_controller_list | length == 1)
or (k3s_primary_control_node and k3s_controller_list | length > 1)
or k3s_token_cluster_check.stat.exists
become: "{{ k3s_become }}"
- include_tasks: ensure_control_plane_started_{{ ansible_service_mgr }}.yml

36
tasks/ensure_installed_node.yml
View file

@ -14,7 +14,7 @@
- ctr
when: not ansible_check_mode
notify:
- restart k3s
- "restart k3s {{ k3s_service_handler[ansible_service_mgr] }}"
become: "{{ k3s_become }}"
- name: Ensure k3s config file exists
@ -23,8 +23,8 @@
dest: "{{ k3s_config_file }}"
mode: 0644
notify:
- reload systemd
- restart k3s
- "reload {{ k3s_service_handler[ansible_service_mgr] }}"
- "restart k3s {{ k3s_service_handler[ansible_service_mgr] }}"
become: "{{ k3s_become }}"
- name: Ensure cluster token is present when pre-defined
@ -51,9 +51,35 @@
src: k3s.service.j2
dest: "{{ k3s_systemd_unit_dir }}/k3s.service"
mode: 0644
when:
- k3s_service_handler[ansible_service_mgr] == 'systemd'
notify:
- reload systemd
- restart k3s
- "reload {{ k3s_service_handler[ansible_service_mgr] }}"
- "restart k3s {{ k3s_service_handler[ansible_service_mgr] }}"
become: "{{ k3s_become }}"
- name: Ensure k3s service file is present
ansible.builtin.template:
src: k3s.openrc.j2
dest: "{{ k3s_openrc_service_dir }}/k3s"
mode: 0744
when:
- k3s_service_handler[ansible_service_mgr] == 'service'
notify:
- "reload {{ k3s_service_handler[ansible_service_mgr] }}"
- "restart k3s {{ k3s_service_handler[ansible_service_mgr] }}"
become: "{{ k3s_become }}"
- name: Ensure k3s logrotate file is present
ansible.builtin.template:
src: k3s.logrotate.j2
dest: "{{ k3s_logrotate_dir }}/k3s"
mode: 0640
when:
- k3s_service_handler[ansible_service_mgr] == 'service'
notify:
- "reload {{ k3s_service_handler[ansible_service_mgr] }}"
- "restart k3s {{ k3s_service_handler[ansible_service_mgr] }}"
become: "{{ k3s_become }}"
- name: Ensure k3s killall script is present

33
tasks/pre_checks.yml
View file

@ -38,6 +38,39 @@
- not k3s_skip_validation
- not k3s_skip_env_checks
- name: Check that the target init system is supported by this role
ansible.builtin.assert:
that:
- ansible_service_mgr in k3s_supported_init
fail_msg: >-
{{ ansible_service_mgr }} is not supported by this role.
Supported init systems: {{ k3s_supported_init | join(', ') }}
success_msg: "{{ ansible_service_mgr }} is supported"
when:
- not k3s_skip_validation
- not k3s_skip_env_checks
- name: Determing if {{ ansible_service_mgr }} is actually openrc
ansible.builtin.stat:
path: /sbin/openrc-run
register: k3s_check_openrc_run
when:
- k3s_service_handler[ansible_service_mgr] == 'service'
- not k3s_skip_validation
- not k3s_skip_env_checks
- name: Check that {{ ansible_service_mgr }} is actually openrc
ansible.builtin.assert:
that:
- k3s_check_openrc_run.stat.exists
fail_msg: >-
openrc was not found, cannot install to {{ ansible_service_mgr }}
success_msg: "openrc found"
when:
- k3s_service_handler[ansible_service_mgr] == 'service'
- not k3s_skip_validation
- not k3s_skip_env_checks
- include_tasks: pre_checks_version.yml
when:
- (k3s_release_version is not defined

5
templates/k3s.logrotate.j2 Normal file
View file

@ -0,0 +1,5 @@
/var/log/k3s.log {
missingok
notifempty
copytruncate
}

47
templates/k3s.openrc.j2 Normal file
View file

@ -0,0 +1,47 @@
#!/sbin/openrc-run
depend() {
after network-online
want cgroups
}
start_pre() {
rm -f /tmp/k3s.*
}
supervisor=supervise-daemon
name="k3s"
command="{{ k3s_install_dir }}/k3s"
command_args="{% filter regex_replace('\s+', ' ') %}
{% filter replace('\n', ' ') %}
{% if k3s_debug is defined and k3s_debug %}
--debug
{% endif %}
{% if k3s_control_node %}
server
{% if (k3s_etcd_datastore is defined and k3s_etcd_datastore) and (k3s_primary_control_node is not defined or not k3s_primary_control_node) and k3s_controller_list | length > 1 %}
--server https://{{ k3s_registration_address }}:{{ k3s_control_plane_port | default(6443) | string }}
{% endif %}
{% if k3s_server is defined %}
--config {{ k3s_config_file }}
{% endif %}
{% if k3s_control_node and not k3s_primary_control_node %}
--token-file {{ k3s_token_location }}
{% endif %}
{% else %}
agent
--server https://{{ k3s_registration_address }}:{{ k3s_control_plane_port | default(6443) | string }}
--token-file {{ k3s_token_location }}
{% if k3s_agent is defined %}
--config {{ k3s_config_file }}
{% endif %}
{% endif %} >>/var/log/k3s.log 2>&1"
{% endfilter %}
{% endfilter %}
output_log="/var/log/k3s.log"
error_log="/var/log/k3s.log"
pidfile="/var/run/k3s.pid"
respawn_delay=5
respawn_max=0

18
vars/main.yml
View file

@ -15,6 +15,12 @@ k3s_valid_states:
- uninstalled
- validated
# Supported init systems
k3s_supported_init:
- systemd
- sysvinit # Possibly what openrc identifies as in Ansible?
- openrc
# Map ansible fact gathering architecture to a release name and suffix in github.
k3s_arch_lookup:
amd64:
@ -84,6 +90,18 @@ k3s_systemd_context: system
# management, this should live in /etc/systemd, not /lib/systemd
k3s_systemd_unit_dir: "/etc/systemd/{{ k3s_systemd_context }}"
# Directory for installing openrc service file
k3s_openrc_service_dir: /etc/init.d
# Directory for installing logrotate config
k3s_logrotate_dir: /etc/logrotate.d
# Service handler
k3s_service_handler:
systemd: systemd
sysvinit: service
openrc: service
# Data directory location for k3s
k3s_data_dir: "{{ k3s_runtime_config['data-dir'] | default('/var/lib/rancher/k3s') }}"