From c63d984301cd7c7bea0198551f25979d1695f386 Mon Sep 17 00:00:00 2001 From: Xan Manning Date: Sat, 17 Oct 2020 16:31:04 +0100 Subject: [PATCH 01/12] Refactoring tests for Molecule v3. --- .ansible-lint | 2 + .travis.yml | 22 +++----- .yamllint | 22 +++++++- .../converge.yml} | 5 +- molecule/autodeploy/molecule.yml | 44 ++++++++++++++++ molecule/autodeploy/verify.yml | 9 ++++ .../default/{playbook.yml => converge.yml} | 0 molecule/default/molecule.yml | 7 ++- molecule/default/playbook-docker.yml | 9 ---- .../converge.yml} | 0 molecule/docker/molecule.yml | 44 ++++++++++++++++ molecule/docker/prepare.yml | 8 +++ .../playbook-auto-deploying-manifests.yml | 17 ------ molecule/highavailability/playbook-dqlite.yml | 18 ------- .../Dockerfile.j2 | 0 .../INSTALL.rst | 0 .../converge.yml} | 0 .../haproxy-loadbalancer.conf.j2 | 0 .../molecule.yml | 5 +- .../prepare.yml | 0 .../templates/00-ns-monitoring.yml.j2 | 0 .../tests/test_default.py | 0 .../tests/test_default.pyc | Bin .../converge.yml} | 0 .../haproxy-loadbalancer.conf.j2 | 13 +++++ molecule/highavailabilityetcd/molecule.yml | 49 ++++++++++++++++++ molecule/highavailabilityetcd/prepare.yml | 30 +++++++++++ .../converge.yml} | 0 molecule/nodeploy/molecule.yml | 44 ++++++++++++++++ molecule/nodeploy/verify.yml | 9 ++++ molecule/requirements.txt | 6 +++ requirements.txt | 1 + 32 files changed, 295 insertions(+), 69 deletions(-) rename molecule/{default/playbook-auto-deploying-manifests.yml => autodeploy/converge.yml} (55%) create mode 100644 molecule/autodeploy/molecule.yml create mode 100644 molecule/autodeploy/verify.yml rename molecule/default/{playbook.yml => converge.yml} (100%) delete mode 100644 molecule/default/playbook-docker.yml rename molecule/{default/playbook-docker-altport-wireguard.yml => docker/converge.yml} (100%) create mode 100644 molecule/docker/molecule.yml create mode 100644 molecule/docker/prepare.yml delete mode 100644 molecule/highavailability/playbook-auto-deploying-manifests.yml delete mode 100644 molecule/highavailability/playbook-dqlite.yml rename molecule/{highavailability => highavailabilitydb}/Dockerfile.j2 (100%) rename molecule/{highavailability => highavailabilitydb}/INSTALL.rst (100%) rename molecule/{highavailability/playbook.yml => highavailabilitydb/converge.yml} (100%) rename molecule/{highavailability => highavailabilitydb}/haproxy-loadbalancer.conf.j2 (100%) rename molecule/{highavailability => highavailabilitydb}/molecule.yml (91%) rename molecule/{highavailability => highavailabilitydb}/prepare.yml (100%) rename molecule/{highavailability => highavailabilitydb}/templates/00-ns-monitoring.yml.j2 (100%) rename molecule/{highavailability => highavailabilitydb}/tests/test_default.py (100%) rename molecule/{highavailability => highavailabilitydb}/tests/test_default.pyc (100%) rename molecule/{highavailability/playbook-etcd.yml => highavailabilityetcd/converge.yml} (100%) create mode 100644 molecule/highavailabilityetcd/haproxy-loadbalancer.conf.j2 create mode 100644 molecule/highavailabilityetcd/molecule.yml create mode 100644 molecule/highavailabilityetcd/prepare.yml rename molecule/{default/playbook-no-deploy.yml => nodeploy/converge.yml} (100%) create mode 100644 molecule/nodeploy/molecule.yml create mode 100644 molecule/nodeploy/verify.yml create mode 100644 molecule/requirements.txt create mode 100644 requirements.txt diff --git a/.ansible-lint b/.ansible-lint index 327f909..02a3822 100644 --- a/.ansible-lint +++ b/.ansible-lint @@ -1,2 +1,4 @@ +--- + skip_list: - '106' diff --git a/.travis.yml b/.travis.yml index ab2f26d..e9e9f35 100644 --- a/.travis.yml +++ b/.travis.yml @@ -16,37 +16,31 @@ env: # Test installing docker - MOLECULE_DISTRO: geerlingguy/docker-centos7-ansible:latest - MOLECULE_PLAYBOOK: playbook-docker.yml + MOLECULE_SCENARIO: docker - MOLECULE_DISTRO: geerlingguy/docker-ubuntu1804-ansible:latest - MOLECULE_PLAYBOOK: playbook-docker.yml + MOLECULE_SCENARIO: docker - MOLECULE_DISTRO: geerlingguy/docker-amazonlinux2-ansible:latest - MOLECULE_PLAYBOOK: playbook-docker.yml - - # Test using alternate port and using wireguard as the flannel backend - - MOLECULE_DISTRO: geerlingguy/docker-centos7-ansible:latest - MOLECULE_PLAYBOOK: playbook-docker-altport-wireguard.yml + MOLECULE_SCENARIO: docker # Test disabling all deployments - MOLECULE_DISTRO: geerlingguy/docker-fedora31-ansible:latest - MOLECULE_PLAYBOOK: playbook-no-deploy.yml + MOLECULE_SCENARIO: nodeploy # Test multiple masters in control plane with PostgreSQL - MOLECULE_DISTRO: geerlingguy/docker-fedora29-ansible:latest - MOLECULE_SCENARIO: highavailability + MOLECULE_SCENARIO: highavailabilitydb # Test multiple masters with auto deploying manifests - MOLECULE_DISTRO: geerlingguy/docker-fedora30-ansible:latest - MOLECULE_SCENARIO: highavailability - MOLECULE_PLAYBOOK: playbook-auto-deploying-manifests.yml + MOLECULE_SCENARIO: autodeploy # Test multiple masters in control plane with Etcd - MOLECULE_DISTRO: geerlingguy/docker-centos8-ansible:latest - MOLECULE_SCENARIO: highavailability - MOLECULE_PLAYBOOK: playbook-etcd.yml + MOLECULE_SCENARIO: highavailabilityetcd install: # Install test dependencies. - - pip install molecule[docker] docker jmespath ansible-lint + - pip install -r molecule/requirements.txt before_script: # Use actual Ansible Galaxy role name for the project directory. diff --git a/.yamllint b/.yamllint index 60ffbc3..8827676 100644 --- a/.yamllint +++ b/.yamllint @@ -1,5 +1,5 @@ --- - +# Based on ansible-lint config extends: default rules: @@ -9,5 +9,25 @@ rules: brackets: max-spaces-inside: 1 level: error + colons: + max-spaces-after: -1 + level: error + commas: + max-spaces-after: -1 + level: error + comments: disable + comments-indentation: disable + document-start: disable + empty-lines: + max: 3 + level: error + hyphens: + level: error + indentation: disable + key-duplicates: enable line-length: disable + new-line-at-end-of-file: disable + new-lines: + type: unix + trailing-spaces: disable truthy: disable diff --git a/molecule/default/playbook-auto-deploying-manifests.yml b/molecule/autodeploy/converge.yml similarity index 55% rename from molecule/default/playbook-auto-deploying-manifests.yml rename to molecule/autodeploy/converge.yml index 72b26be..105d48b 100644 --- a/molecule/default/playbook-auto-deploying-manifests.yml +++ b/molecule/autodeploy/converge.yml @@ -1,10 +1,11 @@ --- - name: Converge - hosts: all + hosts: node* become: true vars: molecule_is_test: true + k3s_build_cluster: false k3s_server_manifests_templates: - - "molecule/default/templates/00-ns-monitoring.yml.j2" + - "molecule/highavailability/templates/00-ns-monitoring.yml.j2" roles: - role: xanmanning.k3s diff --git a/molecule/autodeploy/molecule.yml b/molecule/autodeploy/molecule.yml new file mode 100644 index 0000000..af6a516 --- /dev/null +++ b/molecule/autodeploy/molecule.yml @@ -0,0 +1,44 @@ +--- + +dependency: + name: galaxy +driver: + name: docker +lint: | + set -e + yamllint -s . + ansible-lint +platforms: + - name: node1 + image: "${MOLECULE_DISTRO:-geerlingguy/docker-centos8-ansible:latest}" + command: ${MOLECULE_DOCKER_COMMAND:-""} + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:ro + privileged: true + pre_build_image: ${MOLECULE_PREBUILT:-true} + networks: + - name: k3snet + - name: node2 + image: "${MOLECULE_DISTRO:-geerlingguy/docker-centos8-ansible:latest}" + command: ${MOLECULE_DOCKER_COMMAND:-""} + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:ro + privileged: true + pre_build_image: ${MOLECULE_PREBUILT:-true} + networks: + - name: k3snet + - name: node3 + image: "${MOLECULE_DISTRO:-geerlingguy/docker-centos8-ansible:latest}" + command: ${MOLECULE_DOCKER_COMMAND:-""} + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:ro + privileged: true + pre_build_image: ${MOLECULE_PREBUILT:-true} + networks: + - name: k3snet +provisioner: + name: ansible + options: + verbose: true +verifier: + name: ansible diff --git a/molecule/autodeploy/verify.yml b/molecule/autodeploy/verify.yml new file mode 100644 index 0000000..a82dd6f --- /dev/null +++ b/molecule/autodeploy/verify.yml @@ -0,0 +1,9 @@ +--- +# This is an example playbook to execute Ansible tests. + +- name: Verify + hosts: all + tasks: + - name: Example assertion + assert: + that: true diff --git a/molecule/default/playbook.yml b/molecule/default/converge.yml similarity index 100% rename from molecule/default/playbook.yml rename to molecule/default/converge.yml diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index de61737..af6a516 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -6,7 +6,7 @@ driver: name: docker lint: | set -e - yamllint . + yamllint -s . ansible-lint platforms: - name: node1 @@ -40,6 +40,5 @@ provisioner: name: ansible options: verbose: true - playbooks: - prepare: ${MOLECULE_PREPARE_PLAYBOOK:-prepare.yml} - converge: ${MOLECULE_PLAYBOOK:-playbook.yml} +verifier: + name: ansible diff --git a/molecule/default/playbook-docker.yml b/molecule/default/playbook-docker.yml deleted file mode 100644 index a780b33..0000000 --- a/molecule/default/playbook-docker.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -- name: Converge - hosts: all - become: true - vars: - molecule_is_test: true - k3s_use_docker: true - roles: - - role: xanmanning.k3s diff --git a/molecule/default/playbook-docker-altport-wireguard.yml b/molecule/docker/converge.yml similarity index 100% rename from molecule/default/playbook-docker-altport-wireguard.yml rename to molecule/docker/converge.yml diff --git a/molecule/docker/molecule.yml b/molecule/docker/molecule.yml new file mode 100644 index 0000000..af6a516 --- /dev/null +++ b/molecule/docker/molecule.yml @@ -0,0 +1,44 @@ +--- + +dependency: + name: galaxy +driver: + name: docker +lint: | + set -e + yamllint -s . + ansible-lint +platforms: + - name: node1 + image: "${MOLECULE_DISTRO:-geerlingguy/docker-centos8-ansible:latest}" + command: ${MOLECULE_DOCKER_COMMAND:-""} + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:ro + privileged: true + pre_build_image: ${MOLECULE_PREBUILT:-true} + networks: + - name: k3snet + - name: node2 + image: "${MOLECULE_DISTRO:-geerlingguy/docker-centos8-ansible:latest}" + command: ${MOLECULE_DOCKER_COMMAND:-""} + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:ro + privileged: true + pre_build_image: ${MOLECULE_PREBUILT:-true} + networks: + - name: k3snet + - name: node3 + image: "${MOLECULE_DISTRO:-geerlingguy/docker-centos8-ansible:latest}" + command: ${MOLECULE_DOCKER_COMMAND:-""} + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:ro + privileged: true + pre_build_image: ${MOLECULE_PREBUILT:-true} + networks: + - name: k3snet +provisioner: + name: ansible + options: + verbose: true +verifier: + name: ansible diff --git a/molecule/docker/prepare.yml b/molecule/docker/prepare.yml new file mode 100644 index 0000000..7ad302a --- /dev/null +++ b/molecule/docker/prepare.yml @@ -0,0 +1,8 @@ +--- +- name: Prepare + hosts: all + tasks: + - name: Ensure apt cache is updated + apt: + update_cache: true + when: ansible_pkg_mgr == 'apt' diff --git a/molecule/highavailability/playbook-auto-deploying-manifests.yml b/molecule/highavailability/playbook-auto-deploying-manifests.yml deleted file mode 100644 index 055d3d2..0000000 --- a/molecule/highavailability/playbook-auto-deploying-manifests.yml +++ /dev/null @@ -1,17 +0,0 @@ ---- -- name: Converge - hosts: node* - become: true - vars: - molecule_is_test: true - k3s_control_node_address: loadbalancer - k3s_datastore_endpoint: "postgres://postgres:verybadpass@database:5432/postgres?sslmode=disable" - k3s_server_manifests_templates: - - "molecule/highavailability/templates/00-ns-monitoring.yml.j2" - pre_tasks: - - name: Set each node to be a control node - set_fact: - k3s_control_node: true - when: inventory_hostname in ['node2', 'node3'] - roles: - - role: xanmanning.k3s diff --git a/molecule/highavailability/playbook-dqlite.yml b/molecule/highavailability/playbook-dqlite.yml deleted file mode 100644 index 9116912..0000000 --- a/molecule/highavailability/playbook-dqlite.yml +++ /dev/null @@ -1,18 +0,0 @@ ---- -- name: Converge - hosts: node* - become: true - vars: - molecule_is_test: true - k3s_release_version: v1.18 - k3s_dqlite_datastore: true - k3s_secrets_encryption: true - k3s_use_experimental: true - k3s_use_unsupported_config: true - pre_tasks: - - name: Set each node to be a control node - set_fact: - k3s_control_node: true - when: inventory_hostname in ['node2', 'node3'] - roles: - - role: xanmanning.k3s diff --git a/molecule/highavailability/Dockerfile.j2 b/molecule/highavailabilitydb/Dockerfile.j2 similarity index 100% rename from molecule/highavailability/Dockerfile.j2 rename to molecule/highavailabilitydb/Dockerfile.j2 diff --git a/molecule/highavailability/INSTALL.rst b/molecule/highavailabilitydb/INSTALL.rst similarity index 100% rename from molecule/highavailability/INSTALL.rst rename to molecule/highavailabilitydb/INSTALL.rst diff --git a/molecule/highavailability/playbook.yml b/molecule/highavailabilitydb/converge.yml similarity index 100% rename from molecule/highavailability/playbook.yml rename to molecule/highavailabilitydb/converge.yml diff --git a/molecule/highavailability/haproxy-loadbalancer.conf.j2 b/molecule/highavailabilitydb/haproxy-loadbalancer.conf.j2 similarity index 100% rename from molecule/highavailability/haproxy-loadbalancer.conf.j2 rename to molecule/highavailabilitydb/haproxy-loadbalancer.conf.j2 diff --git a/molecule/highavailability/molecule.yml b/molecule/highavailabilitydb/molecule.yml similarity index 91% rename from molecule/highavailability/molecule.yml rename to molecule/highavailabilitydb/molecule.yml index 9b147d7..7028ac9 100644 --- a/molecule/highavailability/molecule.yml +++ b/molecule/highavailabilitydb/molecule.yml @@ -6,7 +6,7 @@ driver: name: docker lint: | set -e - yamllint . + yamllint -s . ansible-lint platforms: - name: node1 @@ -55,6 +55,3 @@ provisioner: name: ansible options: verbose: true - playbooks: - prepare: ${MOLECULE_PREPARE_PLAYBOOK:-prepare.yml} - converge: ${MOLECULE_PLAYBOOK:-playbook.yml} diff --git a/molecule/highavailability/prepare.yml b/molecule/highavailabilitydb/prepare.yml similarity index 100% rename from molecule/highavailability/prepare.yml rename to molecule/highavailabilitydb/prepare.yml diff --git a/molecule/highavailability/templates/00-ns-monitoring.yml.j2 b/molecule/highavailabilitydb/templates/00-ns-monitoring.yml.j2 similarity index 100% rename from molecule/highavailability/templates/00-ns-monitoring.yml.j2 rename to molecule/highavailabilitydb/templates/00-ns-monitoring.yml.j2 diff --git a/molecule/highavailability/tests/test_default.py b/molecule/highavailabilitydb/tests/test_default.py similarity index 100% rename from molecule/highavailability/tests/test_default.py rename to molecule/highavailabilitydb/tests/test_default.py diff --git a/molecule/highavailability/tests/test_default.pyc b/molecule/highavailabilitydb/tests/test_default.pyc similarity index 100% rename from molecule/highavailability/tests/test_default.pyc rename to molecule/highavailabilitydb/tests/test_default.pyc diff --git a/molecule/highavailability/playbook-etcd.yml b/molecule/highavailabilityetcd/converge.yml similarity index 100% rename from molecule/highavailability/playbook-etcd.yml rename to molecule/highavailabilityetcd/converge.yml diff --git a/molecule/highavailabilityetcd/haproxy-loadbalancer.conf.j2 b/molecule/highavailabilityetcd/haproxy-loadbalancer.conf.j2 new file mode 100644 index 0000000..78fe9d3 --- /dev/null +++ b/molecule/highavailabilityetcd/haproxy-loadbalancer.conf.j2 @@ -0,0 +1,13 @@ +frontend loadbalancer + bind *:6443 + mode tcp + default_backend control_nodes + timeout client 1m + +backend control_nodes + mode tcp + balance roundrobin + server node2 node2:6443 + server node3 node3:6443 + timeout connect 30s + timeout server 30m diff --git a/molecule/highavailabilityetcd/molecule.yml b/molecule/highavailabilityetcd/molecule.yml new file mode 100644 index 0000000..2a32b15 --- /dev/null +++ b/molecule/highavailabilityetcd/molecule.yml @@ -0,0 +1,49 @@ +--- + +dependency: + name: galaxy +driver: + name: docker +lint: | + set -e + yamllint -s . + ansible-lint +platforms: + - name: node1 + image: "${MOLECULE_DISTRO:-geerlingguy/docker-centos8-ansible:latest}" + command: ${MOLECULE_DOCKER_COMMAND:-""} + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:ro + privileged: true + pre_build_image: ${MOLECULE_PREBUILT:-true} + networks: + - name: k3snet + - name: node2 + image: "${MOLECULE_DISTRO:-geerlingguy/docker-centos8-ansible:latest}" + command: ${MOLECULE_DOCKER_COMMAND:-""} + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:ro + privileged: true + pre_build_image: ${MOLECULE_PREBUILT:-true} + networks: + - name: k3snet + - name: node3 + image: "${MOLECULE_DISTRO:-geerlingguy/docker-centos8-ansible:latest}" + command: ${MOLECULE_DOCKER_COMMAND:-""} + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:ro + privileged: true + pre_build_image: ${MOLECULE_PREBUILT:-true} + networks: + - name: k3snet + - name: loadbalancer + image: geerlingguy/docker-centos8-ansible:latest + pre_build_image: true + ports: + - "6443:6443" + networks: + - name: k3snet +provisioner: + name: ansible + options: + verbose: true diff --git a/molecule/highavailabilityetcd/prepare.yml b/molecule/highavailabilityetcd/prepare.yml new file mode 100644 index 0000000..86d8f25 --- /dev/null +++ b/molecule/highavailabilityetcd/prepare.yml @@ -0,0 +1,30 @@ +--- +- name: Prepare + hosts: loadbalancer + tasks: + - name: Ensure apt cache is updated + apt: + update_cache: true + when: ansible_pkg_mgr == 'apt' + + - name: Ensure HAProxy is installed + package: + name: haproxy + state: present + + - name: Ensure HAProxy config directory exists + file: + path: /usr/local/etc/haproxy + state: directory + mode: 0755 + + - name: Ensure HAProxy is configured + template: + src: haproxy-loadbalancer.conf.j2 + dest: /usr/local/etc/haproxy/haproxy.cfg + mode: 0644 + + - name: Ensure HAProxy service is started + command: haproxy -D -f /usr/local/etc/haproxy/haproxy.cfg -p /var/run/haproxy.pid + args: + creates: /var/run/haproxy.pid diff --git a/molecule/default/playbook-no-deploy.yml b/molecule/nodeploy/converge.yml similarity index 100% rename from molecule/default/playbook-no-deploy.yml rename to molecule/nodeploy/converge.yml diff --git a/molecule/nodeploy/molecule.yml b/molecule/nodeploy/molecule.yml new file mode 100644 index 0000000..af6a516 --- /dev/null +++ b/molecule/nodeploy/molecule.yml @@ -0,0 +1,44 @@ +--- + +dependency: + name: galaxy +driver: + name: docker +lint: | + set -e + yamllint -s . + ansible-lint +platforms: + - name: node1 + image: "${MOLECULE_DISTRO:-geerlingguy/docker-centos8-ansible:latest}" + command: ${MOLECULE_DOCKER_COMMAND:-""} + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:ro + privileged: true + pre_build_image: ${MOLECULE_PREBUILT:-true} + networks: + - name: k3snet + - name: node2 + image: "${MOLECULE_DISTRO:-geerlingguy/docker-centos8-ansible:latest}" + command: ${MOLECULE_DOCKER_COMMAND:-""} + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:ro + privileged: true + pre_build_image: ${MOLECULE_PREBUILT:-true} + networks: + - name: k3snet + - name: node3 + image: "${MOLECULE_DISTRO:-geerlingguy/docker-centos8-ansible:latest}" + command: ${MOLECULE_DOCKER_COMMAND:-""} + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:ro + privileged: true + pre_build_image: ${MOLECULE_PREBUILT:-true} + networks: + - name: k3snet +provisioner: + name: ansible + options: + verbose: true +verifier: + name: ansible diff --git a/molecule/nodeploy/verify.yml b/molecule/nodeploy/verify.yml new file mode 100644 index 0000000..a82dd6f --- /dev/null +++ b/molecule/nodeploy/verify.yml @@ -0,0 +1,9 @@ +--- +# This is an example playbook to execute Ansible tests. + +- name: Verify + hosts: all + tasks: + - name: Example assertion + assert: + that: true diff --git a/molecule/requirements.txt b/molecule/requirements.txt new file mode 100644 index 0000000..980f8ac --- /dev/null +++ b/molecule/requirements.txt @@ -0,0 +1,6 @@ +-r ../requirements.txt + +molecule[docker]>=3.1.2 +docker>=4.3.1 +yamllint>=1.25.0 +ansible-lint>=4.3.5 diff --git a/requirements.txt b/requirements.txt new file mode 100644 index 0000000..e3e64e5 --- /dev/null +++ b/requirements.txt @@ -0,0 +1 @@ +jmespath>=0.10.0 From 45a41f895b663d4d1244f21c0d701a6e947a8d9d Mon Sep 17 00:00:00 2001 From: Xan Manning Date: Sat, 17 Oct 2020 18:26:30 +0100 Subject: [PATCH 02/12] Restructure for validation checks --- .travis.yml | 1 + README.md | 2 +- defaults/main.yml | 4 +-- molecule/autodeploy/converge.yml | 2 +- .../templates/00-ns-monitoring.yml.j2 | 0 molecule/docker/converge.yml | 1 - molecule/docker/molecule.yml | 6 ++--- .../templates/00-ns-monitoring.yml.j2 | 4 --- tasks/build/configure-k3s-cluster.yml | 23 +++-------------- tasks/main.yml | 12 ++++----- tasks/state-validated.yml | 7 ++++++ tasks/validate/check-cluster-nodes-ready.yml | 14 +++++++++++ tasks/validate/check-control-plane.yml | 10 ++++++++ tasks/validate/post-install.yml | 4 +++ vars/main.yml | 25 +++++++++++++++++++ 15 files changed, 78 insertions(+), 37 deletions(-) rename molecule/{default => autodeploy}/templates/00-ns-monitoring.yml.j2 (100%) delete mode 100644 molecule/highavailabilitydb/templates/00-ns-monitoring.yml.j2 create mode 100644 tasks/state-validated.yml create mode 100644 tasks/validate/check-cluster-nodes-ready.yml create mode 100644 tasks/validate/check-control-plane.yml create mode 100644 tasks/validate/post-install.yml diff --git a/.travis.yml b/.travis.yml index e9e9f35..a8faab0 100644 --- a/.travis.yml +++ b/.travis.yml @@ -13,6 +13,7 @@ env: - MOLECULE_SCENARIO: default matrix: - MOLECULE_DISTRO: geerlingguy/docker-debian10-ansible:latest + - MOLECULE_DISTRO: geerlingguy/docker-ubuntu2004-ansible:latest # Test installing docker - MOLECULE_DISTRO: geerlingguy/docker-centos7-ansible:latest diff --git a/README.md b/README.md index 1c353ba..b6c2e31 100644 --- a/README.md +++ b/README.md @@ -47,7 +47,7 @@ consistency. | Variable | Description | Default Value | |------------------------------------------|-------------------------------------------------------------------------------------|--------------------------------------------| -| `k3s_cluster_state` | State of cluster: installed, started, stopped, restarted, downloaded, uninstalled. | installed | +| `k3s_state` | State of k3s: installed, started, stopped, restarted, downloaded, uninstalled, validated. | installed | | `k3s_release_version` | Use a specific version of k3s, eg. `v0.2.0`. Specify `false` for stable. | `false` | | `k3s_build_cluster` | When multiple `play_hosts` are available, attempt to cluster. Read notes below. | `true` | | `k3s_github_url` | Set the GitHub URL to install k3s from. | https://github.com/rancher/k3s | diff --git a/defaults/main.yml b/defaults/main.yml index 640696a..0029749 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,8 +1,8 @@ --- -# k3s cluster state, options: installed, started, stopped, restarted +# k3s state, options: installed, started, stopped, restarted, validated # (default: installed) -k3s_cluster_state: installed +k3s_state: installed # Use a specific k3s version, if set to "false" we will get the latest # k3s_release_version: v0.1.0 diff --git a/molecule/autodeploy/converge.yml b/molecule/autodeploy/converge.yml index 105d48b..a03f036 100644 --- a/molecule/autodeploy/converge.yml +++ b/molecule/autodeploy/converge.yml @@ -6,6 +6,6 @@ molecule_is_test: true k3s_build_cluster: false k3s_server_manifests_templates: - - "molecule/highavailability/templates/00-ns-monitoring.yml.j2" + - "molecule/autodeploy/templates/00-ns-monitoring.yml.j2" roles: - role: xanmanning.k3s diff --git a/molecule/default/templates/00-ns-monitoring.yml.j2 b/molecule/autodeploy/templates/00-ns-monitoring.yml.j2 similarity index 100% rename from molecule/default/templates/00-ns-monitoring.yml.j2 rename to molecule/autodeploy/templates/00-ns-monitoring.yml.j2 diff --git a/molecule/docker/converge.yml b/molecule/docker/converge.yml index a88a3c4..3700ddc 100644 --- a/molecule/docker/converge.yml +++ b/molecule/docker/converge.yml @@ -6,7 +6,6 @@ molecule_is_test: true k3s_use_docker: true k3s_https_port: 26443 - k3s_flannel_backend: wireguard k3s_cluster_domain: examplecluster.local roles: - role: xanmanning.k3s diff --git a/molecule/docker/molecule.yml b/molecule/docker/molecule.yml index af6a516..85427b3 100644 --- a/molecule/docker/molecule.yml +++ b/molecule/docker/molecule.yml @@ -10,7 +10,7 @@ lint: | ansible-lint platforms: - name: node1 - image: "${MOLECULE_DISTRO:-geerlingguy/docker-centos8-ansible:latest}" + image: "${MOLECULE_DISTRO:-geerlingguy/docker-ubuntu2004-ansible:latest}" command: ${MOLECULE_DOCKER_COMMAND:-""} volumes: - /sys/fs/cgroup:/sys/fs/cgroup:ro @@ -19,7 +19,7 @@ platforms: networks: - name: k3snet - name: node2 - image: "${MOLECULE_DISTRO:-geerlingguy/docker-centos8-ansible:latest}" + image: "${MOLECULE_DISTRO:-geerlingguy/docker-ubuntu2004-ansible:latest}" command: ${MOLECULE_DOCKER_COMMAND:-""} volumes: - /sys/fs/cgroup:/sys/fs/cgroup:ro @@ -28,7 +28,7 @@ platforms: networks: - name: k3snet - name: node3 - image: "${MOLECULE_DISTRO:-geerlingguy/docker-centos8-ansible:latest}" + image: "${MOLECULE_DISTRO:-geerlingguy/docker-ubuntu2004-ansible:latest}" command: ${MOLECULE_DOCKER_COMMAND:-""} volumes: - /sys/fs/cgroup:/sys/fs/cgroup:ro diff --git a/molecule/highavailabilitydb/templates/00-ns-monitoring.yml.j2 b/molecule/highavailabilitydb/templates/00-ns-monitoring.yml.j2 deleted file mode 100644 index d325236..0000000 --- a/molecule/highavailabilitydb/templates/00-ns-monitoring.yml.j2 +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: monitoring diff --git a/tasks/build/configure-k3s-cluster.yml b/tasks/build/configure-k3s-cluster.yml index dfa0019..175a69c 100644 --- a/tasks/build/configure-k3s-cluster.yml +++ b/tasks/build/configure-k3s-cluster.yml @@ -59,25 +59,10 @@ when: k3s_control_node and not k3s_primary_control_node become: "{{ k3s_become_for_systemd | ternary(true, false, k3s_become_for_all) }}" -- name: Wait for control plane to be ready to accept connections - wait_for: - port: "{{ k3s_https_port }}" - host: "{{ k3s_bind_address | default('127.0.0.1') }}" - delay: 5 - sleep: 5 - timeout: 300 - when: k3s_control_node +- import_tasks: ../validate/check-control-plane.yml + when: not k3s_skip_validation - meta: flush_handlers -- name: Wait for all nodes to be ready - command: "{{ k3s_install_dir }}/kubectl get nodes" - changed_when: false - failed_when: false - register: kubectl_get_nodes_result - until: kubectl_get_nodes_result.rc == 0 - and kubectl_get_nodes_result.stdout.find("NotReady") == -1 - retries: 30 - delay: 20 - when: k3s_control_node and not k3s_no_flannel and not ansible_check_mode - become: "{{ k3s_become_for_kubectl | ternary(true, false, k3s_become_for_all) }}" +- import_tasks: ../validate/check-cluster-nodes-ready.yml + when: not k3s_skip_validation diff --git a/tasks/main.yml b/tasks/main.yml index 10646b3..6ea8c4e 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,11 +1,11 @@ --- -- name: Check to see if k3s_cluster_state is a supported value +- name: Check to see if k3s_state is a supported value assert: that: - - k3s_cluster_state in ['installed', 'started', 'stopped', 'restarted', 'downloaded', 'uninstalled'] - fail_msg: "k3s_cluster_state not valid. Check README.md for details." - success_msg: "k3s_cluster_state is valid." - when: k3s_cluster_state is defined + - k3s_state in k3s_valid_states + fail_msg: "k3s_state not valid. Check README.md for details." + success_msg: "k3s_state is valid." + when: k3s_state is defined -- include_tasks: state-{{ (k3s_cluster_state | lower) | default('installed') }}.yml +- include_tasks: state-{{ (k3s_state | lower) | default('installed') }}.yml diff --git a/tasks/state-validated.yml b/tasks/state-validated.yml new file mode 100644 index 0000000..9cfe1d1 --- /dev/null +++ b/tasks/state-validated.yml @@ -0,0 +1,7 @@ +--- + +- import_tasks: validate/check-environment.yml + +- import_tasks: validate/main.yml + +- import_tasks: validate/post-install.yml diff --git a/tasks/validate/check-cluster-nodes-ready.yml b/tasks/validate/check-cluster-nodes-ready.yml new file mode 100644 index 0000000..5c81fd2 --- /dev/null +++ b/tasks/validate/check-cluster-nodes-ready.yml @@ -0,0 +1,14 @@ +--- + +- name: Check that all nodes to be ready + command: "{{ k3s_install_dir }}/kubectl get nodes" + changed_when: false + failed_when: kubectl_get_nodes_result.stdout.find("was refused") != -1 or + kubectl_get_nodes_result.stdout.find("ServiceUnavailable") != -1 + register: kubectl_get_nodes_result + until: kubectl_get_nodes_result.rc == 0 + and kubectl_get_nodes_result.stdout.find("NotReady") == -1 + retries: 30 + delay: 20 + when: k3s_control_node and not k3s_no_flannel and not ansible_check_mode + become: "{{ k3s_become_for_kubectl | ternary(true, false, k3s_become_for_all) }}" diff --git a/tasks/validate/check-control-plane.yml b/tasks/validate/check-control-plane.yml new file mode 100644 index 0000000..14e3260 --- /dev/null +++ b/tasks/validate/check-control-plane.yml @@ -0,0 +1,10 @@ +--- + +- name: Check that the control plane to is available to accept connections + wait_for: + port: "{{ k3s_https_port }}" + host: "{{ k3s_bind_address | default('127.0.0.1') }}" + delay: 5 + sleep: 5 + timeout: 300 + when: k3s_control_node diff --git a/tasks/validate/post-install.yml b/tasks/validate/post-install.yml new file mode 100644 index 0000000..728e247 --- /dev/null +++ b/tasks/validate/post-install.yml @@ -0,0 +1,4 @@ +--- + +- import_tasks: check-control-plane.yml +- import_tasks: check-clustr-nodes-ready.yml diff --git a/vars/main.yml b/vars/main.yml index df57d16..8da9a4e 100644 --- a/vars/main.yml +++ b/vars/main.yml @@ -1,5 +1,16 @@ --- +# Valid states for this role +k3s_valid_states: + - installed + - started + - stopped + - restarted + - downloaded + - uninstalled + - validated + +# Map ansible fact gathering architecture to a release name and suffix in github. k3s_arch_lookup: amd64: arch: amd64 @@ -26,13 +37,27 @@ k3s_arch_lookup: arch: arm suffix: "-armhf" +# Always default to stable channel, this will change with k3s_release_version k3s_release_channel: stable + +# Create the API address for the k3s_github_url that has been specified k3s_github_api: "{{ k3s_github_url | replace('github.com', 'api.github.com') }}" +# Create the latest release API link for github. Possibly deprecated with k3s.io updates API k3s_github_api_releases: "{{ k3s_github_api | replace('.com', '.com/repos') }}/releases/latest" +# K3s updates API k3s_api_releases: https://update.k3s.io/v1-release/channels +# Download location for releases k3s_github_download_url: "{{ k3s_github_url }}/releases/download" + +# Empty array for counting the number of control plane nodes k3s_controller_count: [] +# Default to the "system" systemd context, this will be "user" when running rootless k3s_systemd_context: system + +# Directory for systemd unit files to be installed. As this role doesn't use package +# management, this should live in /etc/systemd, not /lib/systemd k3s_systemd_unit_directory: "/etc/systemd/{{ k3s_systemd_context }}" + +# Directory for gathering the k3s token for clustering. I don't see this changing. k3s_token_location: "/etc/rancher" From a93403d312a6fc34b87f3058d78e654e6414e950 Mon Sep 17 00:00:00 2001 From: Xan Manning Date: Sun, 18 Oct 2020 17:41:00 +0100 Subject: [PATCH 03/12] Restructuring for config file based deployment --- defaults/main.yml | 111 ++++++++++------------------------------------ vars/main.yml | 4 ++ 2 files changed, 27 insertions(+), 88 deletions(-) diff --git a/defaults/main.yml b/defaults/main.yml index 0029749..6e5c136 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,5 +1,9 @@ --- +## +# Global/Cluster Configuration +## + # k3s state, options: installed, started, stopped, restarted, validated # (default: installed) k3s_state: installed @@ -8,6 +12,9 @@ k3s_state: installed # k3s_release_version: v0.1.0 k3s_release_version: false +# Loction of the k3s configuration file +k3s_config_file: /etc/rancher/k3s/config.yaml + # When multiple play_hosts are present, attempt to cluster the nodes. # Using false will create multiple standalone nodes. # (default: true) @@ -25,10 +32,6 @@ k3s_install_dir: /usr/local/bin # Install using hard links rather than symbolic links k3s_install_hard_links: false -# Path for additional Kubernetes Manifests -# https://rancher.com/docs/k3s/latest/en/advanced/#auto-deploying-manifests -k3s_server_manifests_dir: /var/lib/rancher/k3s/server/manifests - # A list of templates used for preconfigure the cluster. k3s_server_manifests_templates: [] @@ -38,97 +41,29 @@ k3s_use_experimental: false # Allow for unsupported configurations in k3s? k3s_use_unsupported_config: false -# Use a database or etcd cluster to enable HA. Examples below: -# MySQL: -# k3s_datastore_endpoint "mysql://username:password@tcp(hostname:3306)/database-name" -# PostgreSQL: -# k3s_datastore_endpoint: "postgres://username:password@hostname:port/database-name" -# Etcd: -# k3s_datastore_endpoint: "https://etcd-host-1:2379,https://etcd-host-2:2379,https://etcd-host-3:2379" -k3s_datastore_endpoint: false -# If using a database endpoint for HA, you can optionally set the CA file, -# Cert file and Key file for connecting to the database using TLS. -# -# These need to already be present on the play hosts. -# -# k3s_datastore_cafile: /path/to/ca.crt -# k3s_datastore_certfile: /path/to/cert.crt -# k3s_datastore_keyfile: /path/to/key.pem +## +# Server Configuration +## -# Use embedded Etcd for HA Datastore? (EXPERIMENTAL) -k3s_etcd_datastore: false +# k3s_server: +# listen-port: 6443 -# Disable Etcd snapshots -k3s_etcd_disable_snapshots: false -# Etcd snapshot cron schedule. Example below is every 12 hours. -# k3s_etcd_snapshot_schedule_cron: "* */12 * * *" +## +# Agent Configuration +## -# Etcd snapshot retention -# k3s_etcd_snapshot_retention: 5 +# k3s_agent: +# node-label: +# - "foo=bar" +# - "bish=bosh" -# Etcd snapshot directory -# k3s_etcd_snapshot_directory: /server/db/snapshots +## +# Ansible Controller configuration +## -# HTTPS Listening port -k3s_https_port: 6443 - -# Ensure Docker is installed on nodes -k3s_use_docker: false - -# Disable flannel, you will need to install your own CNI driver. -k3s_no_flannel: false - -# Flannel backend ('none', 'vxlan', 'ipsec', or 'wireguard') -# k3s_flannel_backend: vxlan - -# Disable CoreDNS, you will need to install your own DNS provider. -k3s_no_coredns: false - -# Cluster IP for CoreDNS service. Should be in your service-cidr range. -# Use `false` to use default -k3s_cluster_dns: false - -# Cluster Domain (default: "cluster.local") -# k3s_cluster_domain: cluster.local - -# Disable Traefik -k3s_no_traefik: false - -# Disable Service Load Balancer, you will need to install your own -# load balancer, such as MetalLB. Must be disabled if using your own -# load balancer service. -k3s_no_servicelb: false - -# Do not use local storage -k3s_no_local_storage: false - -# Do not deploy metrics server -k3s_no_metrics_server: false - -# Disable default k3s scheduler -k3s_disable_scheduler: false - -# Disable k3s cloud controller -k3s_disable_cloud_controller: false - -# Disable k3s network policy controller -k3s_disable_network_policy: false - -# Disable k3s default kube proxy. -k3s_disable_kube_proxy: false - -# Default local storage path for local provisioner storage class, if set to "false" we will use the default -k3s_default_local_storage_path: false - -# Use secret encryption at rest (EXPERIMENTAL) -k3s_secrets_encryption: false - -# Enable SELinux in containerd (EXPERIMENTAL) -k3s_enable_selinux: false - -# with become privileges for +# Use become privileges for k3s_become_for_all: false k3s_become_for_systemd: null k3s_become_for_install_dir: null diff --git a/vars/main.yml b/vars/main.yml index 8da9a4e..6392384 100644 --- a/vars/main.yml +++ b/vars/main.yml @@ -61,3 +61,7 @@ k3s_systemd_unit_directory: "/etc/systemd/{{ k3s_systemd_context }}" # Directory for gathering the k3s token for clustering. I don't see this changing. k3s_token_location: "/etc/rancher" + +# Path for additional Kubernetes Manifests +# https://rancher.com/docs/k3s/latest/en/advanced/#auto-deploying-manifests +k3s_server_manifests_dir: /var/lib/rancher/k3s/server/manifests From 9b800d9fba3eff1a286a3a7c5639cd6543989d84 Mon Sep 17 00:00:00 2001 From: Xan Manning Date: Mon, 19 Oct 2020 20:26:12 +0100 Subject: [PATCH 04/12] moving to file-based config --- defaults/main.yml | 6 + molecule/docker/converge.yml | 7 +- tasks/build/configure-k3s-cluster.yml | 12 +- tasks/build/install-k3s.yml | 21 ++ tasks/main.yml | 8 +- tasks/state-installed.yml | 3 - tasks/state-validated.yml | 2 +- tasks/validate/check-cluster-nodes-ready.yml | 4 +- .../validate/check-experimental-variables.yml | 22 +-- tasks/validate/post-install.yml | 2 +- tasks/validate/pre-flight.yml | 12 ++ templates/config.yaml.j2 | 11 ++ templates/k3s.service.j2 | 185 +----------------- 13 files changed, 83 insertions(+), 212 deletions(-) create mode 100644 tasks/validate/pre-flight.yml create mode 100644 templates/config.yaml.j2 diff --git a/defaults/main.yml b/defaults/main.yml index 6e5c136..d596b24 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -32,6 +32,9 @@ k3s_install_dir: /usr/local/bin # Install using hard links rather than symbolic links k3s_install_hard_links: false +# Use Docker rather than containerd +k3s_use_docker: false + # A list of templates used for preconfigure the cluster. k3s_server_manifests_templates: [] @@ -49,6 +52,7 @@ k3s_use_unsupported_config: false # k3s_server: # listen-port: 6443 +k3s_server: null ## # Agent Configuration @@ -59,6 +63,8 @@ k3s_use_unsupported_config: false # - "foo=bar" # - "bish=bosh" +k3s_agent: null + ## # Ansible Controller configuration ## diff --git a/molecule/docker/converge.yml b/molecule/docker/converge.yml index 3700ddc..be09ada 100644 --- a/molecule/docker/converge.yml +++ b/molecule/docker/converge.yml @@ -4,8 +4,11 @@ become: true vars: molecule_is_test: true + k3s_release_version: latest k3s_use_docker: true - k3s_https_port: 26443 - k3s_cluster_domain: examplecluster.local + k3s_skip_validation: true + k3s_server: + https-listen-port: 26443 + cluster-domain: examplecluster.local roles: - role: xanmanning.k3s diff --git a/tasks/build/configure-k3s-cluster.yml b/tasks/build/configure-k3s-cluster.yml index 175a69c..c5aa581 100644 --- a/tasks/build/configure-k3s-cluster.yml +++ b/tasks/build/configure-k3s-cluster.yml @@ -31,7 +31,7 @@ src: cluster-token.j2 dest: "{{ k3s_token_location }}/cluster-token" mode: 0600 - become: "{{ k3s_become_for_systemd | ternary(true, false, k3s_become_for_all) }}" + become: "{{ k3s_become_for_install_dir | ternary(true, false, k3s_become_for_all) }}" when: (k3s_control_node and not k3s_primary_control_node) or not k3s_control_node notify: @@ -47,6 +47,16 @@ - reload systemd - restart k3s +- name: Ensure k3s config file exists on control plane + template: + src: config.yaml.j2 + dest: "{{ k3s_config_file }}" + mode: 0644 + notify: + - reload systemd + - restart k3s + become: "{{ k3s_become_for_install_dir | ternary(true, false, k3s_become_for_all) }}" + - name: Ensure secondary masters are started service: name: k3s diff --git a/tasks/build/install-k3s.yml b/tasks/build/install-k3s.yml index 4f9f990..b129729 100644 --- a/tasks/build/install-k3s.yml +++ b/tasks/build/install-k3s.yml @@ -18,11 +18,32 @@ - restart k3s become: "{{ k3s_become_for_install_dir | ternary(true, false, k3s_become_for_all) }}" +- name: Ensure config directory exists + file: + path: "{{ k3s_config_file | dirname }}" + state: directory + mode: 0755 + recurse: true + become: "{{ k3s_become_for_install_dir | ternary(true, false, k3s_become_for_all) }}" + - name: Ensure systemd unit file directory exists file: path: "{{ k3s_systemd_unit_directory }}" state: directory mode: 0755 + become: "{{ k3s_become_for_systemd | ternary(true, false, k3s_become_for_all) }}" + +- name: Ensure k3s config file exists on control plane + template: + src: config.yaml.j2 + dest: "{{ k3s_config_file }}" + mode: 0644 + when: (k3s_control_node and k3s_controller_count | length == 1) + or (k3s_primary_control_node and k3s_controller_count | length > 1) + notify: + - reload systemd + - restart k3s + become: "{{ k3s_become_for_install_dir | ternary(true, false, k3s_become_for_all) }}" - name: Ensure k3s service unit file is present on control plane template: diff --git a/tasks/main.yml b/tasks/main.yml index 6ea8c4e..bcefc18 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,11 +1,5 @@ --- -- name: Check to see if k3s_state is a supported value - assert: - that: - - k3s_state in k3s_valid_states - fail_msg: "k3s_state not valid. Check README.md for details." - success_msg: "k3s_state is valid." - when: k3s_state is defined +- import_tasks: validate/pre-flight.yml - include_tasks: state-{{ (k3s_state | lower) | default('installed') }}.yml diff --git a/tasks/state-installed.yml b/tasks/state-installed.yml index a51174a..b6ea95a 100644 --- a/tasks/state-installed.yml +++ b/tasks/state-installed.yml @@ -1,8 +1,5 @@ --- -- import_tasks: validate/check-environment.yml - when: not k3s_skip_validation - - import_tasks: build/preconfigure-k3s.yml - import_tasks: teardown/drain-and-remove-nodes.yml diff --git a/tasks/state-validated.yml b/tasks/state-validated.yml index 9cfe1d1..a94e0b3 100644 --- a/tasks/state-validated.yml +++ b/tasks/state-validated.yml @@ -1,6 +1,6 @@ --- -- import_tasks: validate/check-environment.yml +- import_tasks: validate/pre-flight.yml - import_tasks: validate/main.yml diff --git a/tasks/validate/check-cluster-nodes-ready.yml b/tasks/validate/check-cluster-nodes-ready.yml index 5c81fd2..478998e 100644 --- a/tasks/validate/check-cluster-nodes-ready.yml +++ b/tasks/validate/check-cluster-nodes-ready.yml @@ -10,5 +10,7 @@ and kubectl_get_nodes_result.stdout.find("NotReady") == -1 retries: 30 delay: 20 - when: k3s_control_node and not k3s_no_flannel and not ansible_check_mode + when: k3s_control_node + and (k3s_server.disable is defined and 'flannel' not in k3s_server.disable) + and not ansible_check_mode become: "{{ k3s_become_for_kubectl | ternary(true, false, k3s_become_for_all) }}" diff --git a/tasks/validate/check-experimental-variables.yml b/tasks/validate/check-experimental-variables.yml index 8e2dab6..f3a6818 100644 --- a/tasks/validate/check-experimental-variables.yml +++ b/tasks/validate/check-experimental-variables.yml @@ -6,19 +6,9 @@ - k3s_use_experimental is defined and k3s_use_experimental success_msg: "Experimental variables are defined and enabled." fail_msg: "Experimental variables have been configured. If you want to use them ensure you set k3s_use_experimental" - when: (k3s_non_root is defined and k3s_non_root) - or (k3s_dqlite_datastore is defined and k3s_dqlite_datastore) - or (k3s_etcd_datastore is defined and k3s_etcd_datastore) - or (k3s_secrets_encryption is defined and k3s_secrets_encryption) - or (k3s_enable_selinux is defined and k3s_enable_selinux) - -- name: Check if experimental dqlite is being used and k3s_use_unsupported_config is configured - assert: - that: - - k3s_use_unsupported_config is defined and k3s_use_unsupported_config - success_msg: "Unsupported use of dqlite backend is enabled." - fail_msg: | - Embedded DQLite is no longer supported and there is no upgrade path to use Etcd! - If you're sure you want to use it set k3s_use_unsupported_config. This will break in v1.19! - when: k3s_use_experimental - and (k3s_dqlite_datastore is defined and k3s_dqlite_datastore) + when: (k3s_server.rootless is defined and k3s_server.rootless) + or (k3s_agent.rootless is defined and k3s_agent.rootless) + or (k3s_server.etcd-datastore is defined and k3s_server.etcd-datastore) + or (k3s_server.secrets-encryption is defined and k3s_server.secrets-encryption) + or (k3s_agent.secrets-encryption is defined and k3s_agent.secrets-encryption) + or (k3s_server.selinux is defined and k3s_server.selinux) diff --git a/tasks/validate/post-install.yml b/tasks/validate/post-install.yml index 728e247..86393ac 100644 --- a/tasks/validate/post-install.yml +++ b/tasks/validate/post-install.yml @@ -1,4 +1,4 @@ --- - import_tasks: check-control-plane.yml -- import_tasks: check-clustr-nodes-ready.yml +- import_tasks: check-cluster-nodes-ready.yml diff --git a/tasks/validate/pre-flight.yml b/tasks/validate/pre-flight.yml new file mode 100644 index 0000000..4039c1a --- /dev/null +++ b/tasks/validate/pre-flight.yml @@ -0,0 +1,12 @@ +--- + +- name: Check to see if k3s_state is a supported value + assert: + that: + - k3s_state in k3s_valid_states + fail_msg: "k3s_state not valid. Check README.md for details." + success_msg: "k3s_state is valid." + when: k3s_state is defined + +- import_tasks: check-environment.yml + when: not k3s_skip_validation diff --git a/templates/config.yaml.j2 b/templates/config.yaml.j2 new file mode 100644 index 0000000..a766899 --- /dev/null +++ b/templates/config.yaml.j2 @@ -0,0 +1,11 @@ +--- + +{% if k3s_control_node %} +{% if k3s_server is defined and k3s_server != None %} +{{ k3s_server | to_nice_yaml(indent=2) }} +{% endif %} +{% else %} +{% if k3s_agent is defined and k3s_agent != None %} +{{ k3s_agent | to_nice_yaml(indent=2) }} +{% endif %} +{% endif %} diff --git a/templates/k3s.service.j2 b/templates/k3s.service.j2 index 4d86782..e8455cf 100644 --- a/templates/k3s.service.j2 +++ b/templates/k3s.service.j2 @@ -16,192 +16,17 @@ ExecStart={{ k3s_install_dir }}/k3s {% endif %} {% if k3s_control_node %} server - {% if k3s_bind_address is defined %} - --bind-address {{ k3s_bind_address }} - {% endif %} - {% if k3s_non_root is defined and k3s_non_root %} - --rootless - {% endif %} - {% if k3s_https_port != 6443 %} - --https-listen-port {{ k3s_https_port }} - {% endif %} - {% if k3s_disable_scheduler %} - --disable-scheduler - {% endif %} - {% if k3s_disable_cloud_controller %} - --disable-cloud-controller - {% endif %} - {% if k3s_disable_network_policy %} - --disable-network-policy - {% endif %} - {% if k3s_disable_kube_proxy %} - --disable-kube-proxy - {% endif %} - {% if k3s_no_flannel %} - {% if (k3s_release_version | replace('v', '')) is version_compare('1.0.0', '>=') %} - --flannel-backend none - {% else %} - --no-flannel - {% endif %} - {% endif %} - {% if k3s_cluster_cidr is defined %} - --cluster-cidr {{ k3s_cluster_cidr }} - {% endif %} - {% if k3s_service_cidr is defined %} - --service-cidr {{ k3s_service_cidr }} - {% endif %} - {% if k3s_flannel_backend is defined and not k3s_no_flannel %} - --flannel-backend {{ k3s_flannel_backend }} - {% endif %} - {% if k3s_private_registry is defined and k3s_private_registry %} - --private-registry {{ k3s_private_registry }} - {% endif %} - {{ ' --disable coredns' if k3s_no_coredns else '' }}{{ ' --disable servicelb' if k3s_no_servicelb else '' }}{{ ' --disable traefik' if k3s_no_traefik else '' }}{{ ' --disable local-storage' if k3s_no_local_storage else '' }}{{ ' --disable metrics-server' if k3s_no_metrics_server else '' }} - {% if not k3s_no_local_storage and k3s_default_local_storage_path is defined and k3s_default_local_storage_path %} - --default-local-storage-path {{ k3s_default_local_storage_path }} - {% endif %} - {% if k3s_cluster_dns is defined and k3s_cluster_dns %} - --cluster-dns {{ k3s_cluster_dns }} - {% endif %} - {% if k3s_cluster_domain is defined and k3s_cluster_domain != "cluster.local" %} - --cluster-domain {{ k3s_cluster_domain }} - {% endif %} - {% if k3s_datastore_endpoint is defined and k3s_datastore_endpoint %} - --datastore-endpoint "{{ k3s_datastore_endpoint }}" - {% if k3s_datastore_cafile is defined and k3s_datastore_cafile %} - --datastore-cafile {{ k3s_datastore_cafile }} - {% endif %} - {% if k3s_datastore_certfile is defined and k3s_datastore_certfile %} - --datastore-certfile {{ k3s_datastore_certfile }} - {% endif %} - {% if k3s_datastore_keyfile is defined and k3s_datastore_keyfile %} - --datastore-keyfile {{ k3s_datastore_keyfile }} - {% endif %} - {% endif %} - {% if (k3s_dqlite_datastore is defined and k3s_dqlite_datastore) or (k3s_etcd_datastore is defined and k3s_etcd_datastore) %} - {% if k3s_primary_control_node is defined and k3s_primary_control_node %} - --cluster-init - {% else %} - --server https://{{ k3s_control_node_address }}:{{ k3s_https_port }} - --token-file {{ k3s_token_location }}/cluster-token - {% endif %} - {% if k3s_etcd_disable_snapshots %} - --etcd-disable-snapshots - {% else %} - {% if k3s_etcd_snapshot_schedule_cron is defined %} - --etcd-snapshot-schedule-cron "{{ k3s_etcd_snapshot_schedule_cron }}" - {% endif %} - {% if k3s_etcd_snapshot_retention is defined %} - --etcd-snapshot-retention {{ k3s_etcd_snapshot_retention }} - {% endif %} - {% if k3s_etcd_snapshot_directory is defined %} - --etcd-snapshot-dir {{ k3s_etcd_snapshot_directory }} - {% endif %} - {% endif %} - {% endif %} - {% if k3s_secrets_encryption is defined and k3s_secrets_encryption %} - --secrets-encryption - {% endif %} - {% if k3s_kube_apiserver_args is defined and k3s_kube_apiserver_args is iterable %} - {% for arg in k3s_kube_apiserver_args %} - {% for key, value in arg.items() %} - --kube-apiserver-arg {{ key }}={{ value }} - {% endfor %} - {% endfor %} - {% endif %} - {% if k3s_kube_scheduler_args is defined and k3s_kube_scheduler_args is iterable %} - {% for arg in k3s_kube_scheduler_args %} - {% for key, value in arg.items() %} - --kube-scheduler-arg {{ key }}={{ value }} - {% endfor %} - {% endfor %} - {% endif %} - {% if k3s_kube_controller_manager_args is defined and k3s_kube_controller_manager_args is iterable %} - {% for arg in k3s_kube_controller_manager_args %} - {% for key, value in arg.items() %} - --kube-controller-manager-arg {{ key }}={{ value }} - {% endfor %} - {% endfor %} - {% endif %} - {% if k3s_kube_cloud_controller_manager_args is defined and k3s_kube_cloud_controller_manager_args is iterable %} - {% for arg in k3s_kube_cloud_controller_manager_args %} - {% for key, value in arg.items() %} - --kube-cloud-controller-manager-arg {{ key }}={{ value }} - {% endfor %} - {% endfor %} + {% if k3s_server is defined %} + --config {{ k3s_config_file }} {% endif %} {% else %} agent - --server https://{{ k3s_control_node_address }}:{{ k3s_https_port }} + --server https://{{ k3s_control_node_address }}:{{ k3s_server['https-listen-port'] | default(6443) }} --token-file {{ k3s_token_location }}/cluster-token -{% endif %} -{% if k3s_enable_selinux %} - --selinux -{% endif %} -{% if k3s_resolv_conf is defined and k3s_resolv_conf %} - --resolv-conf {{ k3s_resolv_conf }} -{% endif %} -{% if k3s_tls_san is defined and k3s_tls_san is iterable %} - {% for san in k3s_tls_san %} - --tls-san {{ san }} - {% endfor %} -{% else %} - {% if k3s_tls_san is defined and k3s_tls_san %} - --tls-san {{ k3s_tls_san }} + {% if k3s_agent is defined %} + --config {{ k3s_config_file }} {% endif %} {% endif %} -{% if k3s_node_data_dir is defined %} - --data-dir {{ k3s_node_data_dir }} -{% endif %} -{% if k3s_use_docker %} - --docker -{% endif %} -{% if k3s_flannel_interface is defined and not k3s_no_flannel %} - --flannel-iface {{ k3s_flannel_interface }} -{% endif %} -{% if k3s_node_name is defined %} - --node-name {{ k3s_node_name }} -{% endif %} -{% if k3s_node_id is defined %} - --with-node-id {{ k3s_node_id }} -{% endif %} -{% if k3s_node_ip_address is defined %} - --node-ip {{ k3s_node_ip_address }} -{% endif %} -{% if k3s_node_external_address is defined %} - --node-external-ip {{ k3s_node_external_address }} -{% endif %} -{% if k3s_write_kubeconfig_mode is defined %} - --write-kubeconfig-mode {{ k3s_write_kubeconfig_mode }} -{% endif %} -{% if k3s_node_labels is defined and k3s_node_labels is iterable %} - {% for label in k3s_node_labels %} - {% for key, value in label.items() %} - --node-label {{ key }}={{ value }} - {% endfor %} - {% endfor %} -{% endif %} -{% if k3s_node_taints is defined and k3s_node_taints is iterable %} - {% for taint in k3s_node_taints %} - {% for key, value in taint.items() %} - --node-taint {{ key }}={{ value }} - {% endfor %} - {% endfor %} -{% endif %} -{% if k3s_kubelet_args is defined and k3s_kubelet_args is iterable %} - {% for arg in k3s_kubelet_args %} - {% for key, value in arg.items() %} - --kubelet-arg {{ key }}={{ value }} - {% endfor %} - {% endfor %} -{% endif %} -{% if k3s_kube_proxy_args is defined and k3s_kube_proxy_args is iterable %} - {% for arg in k3s_kube_proxy_args %} - {% for key, value in arg.items() %} - --kube-proxy-arg {{ key }}={{ value }} - {% endfor %} - {% endfor %} -{% endif %} {% endfilter %} {% endfilter %} From 292c726b071457dfbf547165a15044cafb8799c1 Mon Sep 17 00:00:00 2001 From: Xan Manning Date: Wed, 21 Oct 2020 17:22:41 +0100 Subject: [PATCH 05/12] Split out repeating tasks --- tasks/build/install-k3s-node.yml | 52 ++++++++++++++++++++++ tasks/build/install-k3s.yml | 75 ++------------------------------ 2 files changed, 56 insertions(+), 71 deletions(-) create mode 100644 tasks/build/install-k3s-node.yml diff --git a/tasks/build/install-k3s-node.yml b/tasks/build/install-k3s-node.yml new file mode 100644 index 0000000..0b190a0 --- /dev/null +++ b/tasks/build/install-k3s-node.yml @@ -0,0 +1,52 @@ +--- + +- name: Ensure k3s is linked into the installation destination + file: + src: "{{ k3s_install_dir }}/k3s-{{ k3s_release_version }}" + dest: "{{ k3s_install_dir }}/{{ item }}" + state: "{{ 'hard' if k3s_install_hard_links else 'link' }}" + force: "{{ k3s_install_hard_links }}" + mode: 0755 + loop: + - k3s + - kubectl + - crictl + - ctr + when: not ansible_check_mode + notify: + - restart k3s + become: "{{ k3s_become_for_install_dir | ternary(true, false, k3s_become_for_all) }}" + +- name: Ensure k3s config file exists + template: + src: config.yaml.j2 + dest: "{{ k3s_config_file }}" + mode: 0644 + notify: + - reload systemd + - restart k3s + become: "{{ k3s_become_for_install_dir | ternary(true, false, k3s_become_for_all) }}" + +- name: Ensure k3s service unit file is present + template: + src: k3s.service.j2 + dest: "{{ k3s_systemd_unit_directory }}/k3s.service" + mode: 0644 + notify: + - reload systemd + - restart k3s + become: "{{ k3s_become_for_systemd | ternary(true, false, k3s_become_for_all) }}" + +- name: Ensure k3s killall script is present on all nodes + template: + src: k3s-killall.sh.j2 + dest: "/usr/local/bin/k3s-killall.sh" + mode: 0700 + become: "{{ k3s_become_for_usr_local_bin | ternary(true, false, k3s_become_for_all) }}" + +- name: Ensure k3s uninstall script is present on all nodes + template: + src: k3s-uninstall.sh.j2 + dest: "/usr/local/bin/k3s-uninstall.sh" + mode: 0700 + become: "{{ k3s_become_for_usr_local_bin | ternary(true, false, k3s_become_for_all) }}" diff --git a/tasks/build/install-k3s.yml b/tasks/build/install-k3s.yml index b129729..2c49646 100644 --- a/tasks/build/install-k3s.yml +++ b/tasks/build/install-k3s.yml @@ -1,23 +1,5 @@ --- -- name: Ensure k3s is linked into the installation destination on the contol plane - file: - src: "{{ k3s_install_dir }}/k3s-{{ k3s_release_version }}" - dest: "{{ k3s_install_dir }}/{{ item }}" - state: "{{ 'hard' if k3s_install_hard_links else 'link' }}" - force: "{{ k3s_install_hard_links }}" - mode: 0755 - loop: - - k3s - - kubectl - - crictl - - ctr - when: ((k3s_control_node and k3s_controller_count | length == 1) - or (k3s_primary_control_node and k3s_controller_count | length > 1)) and not ansible_check_mode - notify: - - restart k3s - become: "{{ k3s_become_for_install_dir | ternary(true, false, k3s_become_for_all) }}" - - name: Ensure config directory exists file: path: "{{ k3s_config_file | dirname }}" @@ -33,62 +15,13 @@ mode: 0755 become: "{{ k3s_become_for_systemd | ternary(true, false, k3s_become_for_all) }}" -- name: Ensure k3s config file exists on control plane - template: - src: config.yaml.j2 - dest: "{{ k3s_config_file }}" - mode: 0644 - when: (k3s_control_node and k3s_controller_count | length == 1) - or (k3s_primary_control_node and k3s_controller_count | length > 1) - notify: - - reload systemd - - restart k3s - become: "{{ k3s_become_for_install_dir | ternary(true, false, k3s_become_for_all) }}" - -- name: Ensure k3s service unit file is present on control plane - template: - src: k3s.service.j2 - dest: "{{ k3s_systemd_unit_directory }}/k3s.service" - mode: 0644 - when: (k3s_control_node and k3s_controller_count | length == 1) - or (k3s_primary_control_node and k3s_controller_count | length > 1) - notify: - - reload systemd - - restart k3s - become: "{{ k3s_become_for_systemd | ternary(true, false, k3s_become_for_all) }}" +- include_tasks: install-k3s-node.yml + when: ((k3s_control_node and k3s_controller_count | length == 1) + or (k3s_primary_control_node and k3s_controller_count | length > 1)) and not ansible_check_mode - meta: flush_handlers -- name: Ensure k3s killall script is present on all nodes - template: - src: k3s-killall.sh.j2 - dest: "/usr/local/bin/k3s-killall.sh" - mode: 0700 - become: "{{ k3s_become_for_usr_local_bin | ternary(true, false, k3s_become_for_all) }}" - -- name: Ensure k3s uninstall script is present on all nodes - template: - src: k3s-uninstall.sh.j2 - dest: "/usr/local/bin/k3s-uninstall.sh" - mode: 0700 - become: "{{ k3s_become_for_usr_local_bin | ternary(true, false, k3s_become_for_all) }}" - -- name: Ensure k3s is linked into the installation destinations across all nodes - file: - src: "{{ k3s_install_dir }}/k3s-{{ k3s_release_version }}" - dest: "{{ k3s_install_dir }}/{{ item }}" - state: "{{ 'hard' if k3s_install_hard_links else 'link' }}" - force: "{{ k3s_install_hard_links }}" - mode: 0755 - notify: - - restart k3s - loop: - - k3s - - kubectl - - crictl - - ctr - when: not ansible_check_mode - become: "{{ k3s_become_for_install_dir | ternary(true, false, k3s_become_for_all) }}" +- include_tasks: install-k3s-node.yml - name: Ensure k3s control plane is started systemd: From 57b9a2a0be174d86f6cc753a653df4df07ca0f5f Mon Sep 17 00:00:00 2001 From: Xan Manning Date: Thu, 22 Oct 2020 19:26:15 +0100 Subject: [PATCH 06/12] Moved to file based config, pre-FQCN, pre-update to documentation --- defaults/main.yml | 5 +- molecule/default/converge.yml | 1 - .../default/playbook-uninstall-cluster.yml | 3 +- molecule/docker/converge.yml | 5 +- molecule/highavailabilitydb/converge.yml | 3 +- molecule/highavailabilityetcd/converge.yml | 7 +- tasks/build/configure-k3s-cluster.yml | 2 +- tasks/build/install-k3s-node.yml | 4 +- tasks/build/install-k3s.yml | 1 - tasks/build/preconfigure-k3s.yml | 10 + tasks/state-installed.yml | 22 +- tasks/state-restarted.yml | 1 + tasks/state-uninstalled.yml | 22 +- tasks/teardown/uninstall-k3s.yml | 3 +- tasks/validate/check-cluster-nodes-ready.yml | 3 +- tasks/validate/check-control-plane.yml | 4 +- .../validate/check-experimental-variables.yml | 10 +- tasks/validate/check-master-count.yml | 14 +- tasks/validate/check-uninstalled.yml | 4 +- tasks/validate/check-variables.yml | 289 +----------------- tasks/validate/generate-check-config.yml | 5 + tasks/validate/main.yml | 7 +- tasks/validate/post-install.yml | 1 + tasks/validate/pre-flight.yml | 2 + templates/config.yaml.j2 | 10 +- templates/k3s-killall.sh.j2 | 2 +- templates/k3s-uninstall.sh.j2 | 2 +- templates/k3s.service.j2 | 2 +- vagrant/Vagrantfile | 96 ------ vagrant/ansible.cfg | 4 - vagrant/inventory.yml | 33 -- vagrant/test-single-node.yml | 5 - vagrant/test.yml | 5 - 33 files changed, 89 insertions(+), 498 deletions(-) create mode 100644 tasks/validate/generate-check-config.yml delete mode 100644 vagrant/Vagrantfile delete mode 100644 vagrant/ansible.cfg delete mode 100644 vagrant/inventory.yml delete mode 100644 vagrant/test-single-node.yml delete mode 100644 vagrant/test.yml diff --git a/defaults/main.yml b/defaults/main.yml index d596b24..f83c65e 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -9,7 +9,7 @@ k3s_state: installed # Use a specific k3s version, if set to "false" we will get the latest -# k3s_release_version: v0.1.0 +# k3s_release_version: v1.19.3 k3s_release_version: false # Loction of the k3s configuration file @@ -32,9 +32,6 @@ k3s_install_dir: /usr/local/bin # Install using hard links rather than symbolic links k3s_install_hard_links: false -# Use Docker rather than containerd -k3s_use_docker: false - # A list of templates used for preconfigure the cluster. k3s_server_manifests_templates: [] diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml index c3454bd..aa6404d 100644 --- a/molecule/default/converge.yml +++ b/molecule/default/converge.yml @@ -4,7 +4,6 @@ become: true vars: molecule_is_test: true - k3s_release_version: v1.18.6+k3s1 k3s_install_hard_links: true roles: - role: xanmanning.k3s diff --git a/molecule/default/playbook-uninstall-cluster.yml b/molecule/default/playbook-uninstall-cluster.yml index 0e42556..2ec1426 100644 --- a/molecule/default/playbook-uninstall-cluster.yml +++ b/molecule/default/playbook-uninstall-cluster.yml @@ -5,6 +5,7 @@ vars: molecule_is_test: true k3s_cluster_state: uninstalled - k3s_use_docker: true + k3s_agent: + docker: true roles: - role: xanmanning.k3s diff --git a/molecule/docker/converge.yml b/molecule/docker/converge.yml index be09ada..529f932 100644 --- a/molecule/docker/converge.yml +++ b/molecule/docker/converge.yml @@ -4,11 +4,10 @@ become: true vars: molecule_is_test: true - k3s_release_version: latest - k3s_use_docker: true - k3s_skip_validation: true k3s_server: https-listen-port: 26443 cluster-domain: examplecluster.local + k3s_agent: + docker: true roles: - role: xanmanning.k3s diff --git a/molecule/highavailabilitydb/converge.yml b/molecule/highavailabilitydb/converge.yml index fcc3562..8bf8aa1 100644 --- a/molecule/highavailabilitydb/converge.yml +++ b/molecule/highavailabilitydb/converge.yml @@ -5,7 +5,8 @@ vars: molecule_is_test: true k3s_control_node_address: loadbalancer - k3s_datastore_endpoint: "postgres://postgres:verybadpass@database:5432/postgres?sslmode=disable" + k3s_server: + datastore-endpoint: "postgres://postgres:verybadpass@database:5432/postgres?sslmode=disable" pre_tasks: - name: Set each node to be a control node set_fact: diff --git a/molecule/highavailabilityetcd/converge.yml b/molecule/highavailabilityetcd/converge.yml index 3b63df2..0b947cc 100644 --- a/molecule/highavailabilityetcd/converge.yml +++ b/molecule/highavailabilityetcd/converge.yml @@ -4,10 +4,11 @@ become: true vars: molecule_is_test: true - k3s_release_version: v1.19 - k3s_etcd_datastore: true - k3s_secrets_encryption: true + k3s_release_version: latest k3s_use_experimental: true + k3s_server: + cluster-init: true + secrets-encryption: true pre_tasks: - name: Set each node to be a control node set_fact: diff --git a/tasks/build/configure-k3s-cluster.yml b/tasks/build/configure-k3s-cluster.yml index 2131b11..8db5008 100644 --- a/tasks/build/configure-k3s-cluster.yml +++ b/tasks/build/configure-k3s-cluster.yml @@ -47,7 +47,7 @@ - reload systemd - restart k3s -- name: Ensure k3s config file exists on control plane +- name: Ensure k3s config file exists template: src: config.yaml.j2 dest: "{{ k3s_config_file }}" diff --git a/tasks/build/install-k3s-node.yml b/tasks/build/install-k3s-node.yml index 0b190a0..ef0c390 100644 --- a/tasks/build/install-k3s-node.yml +++ b/tasks/build/install-k3s-node.yml @@ -37,14 +37,14 @@ - restart k3s become: "{{ k3s_become_for_systemd | ternary(true, false, k3s_become_for_all) }}" -- name: Ensure k3s killall script is present on all nodes +- name: Ensure k3s killall script is present template: src: k3s-killall.sh.j2 dest: "/usr/local/bin/k3s-killall.sh" mode: 0700 become: "{{ k3s_become_for_usr_local_bin | ternary(true, false, k3s_become_for_all) }}" -- name: Ensure k3s uninstall script is present on all nodes +- name: Ensure k3s uninstall script is present template: src: k3s-uninstall.sh.j2 dest: "/usr/local/bin/k3s-uninstall.sh" diff --git a/tasks/build/install-k3s.yml b/tasks/build/install-k3s.yml index 2c49646..1fc5ff0 100644 --- a/tasks/build/install-k3s.yml +++ b/tasks/build/install-k3s.yml @@ -5,7 +5,6 @@ path: "{{ k3s_config_file | dirname }}" state: directory mode: 0755 - recurse: true become: "{{ k3s_become_for_install_dir | ternary(true, false, k3s_become_for_all) }}" - name: Ensure systemd unit file directory exists diff --git a/tasks/build/preconfigure-k3s.yml b/tasks/build/preconfigure-k3s.yml index 053dc4b..5a640d0 100644 --- a/tasks/build/preconfigure-k3s.yml +++ b/tasks/build/preconfigure-k3s.yml @@ -74,3 +74,13 @@ when: k3s_control_node_address is not defined or k3s_control_delegate is not defined + +- name: Ensure k3s_runtime_config is set for control plane + set_fact: + k3s_runtime_config: "{{ (k3s_server | default('None')) | combine (k3s_agent | default('None')) }}" + when: k3s_control_node is defined and k3s_control_node + +- name: Ensure k3s_runtime_config is set for agents + set_fact: + k3s_runtime_config: "{{ k3s_agent | default('None') }}" + when: k3s_control_node is not defined or not k3s_control_node diff --git a/tasks/state-installed.yml b/tasks/state-installed.yml index b6ea95a..66a3ad6 100644 --- a/tasks/state-installed.yml +++ b/tasks/state-installed.yml @@ -14,19 +14,19 @@ - import_tasks: build/get-systemd-context.yml -- include_tasks: build/install-docker-prerequisites-{{ ansible_os_family | lower }}.yml - when: k3s_use_docker - and (k3s_non_root is not defined or not k3s_non_root) +- name: Ensure docker installation tasks are run + block: -- import_tasks: build/install-docker.yml - when: k3s_use_docker - and ansible_distribution | replace(" ", "-") | lower not in ['amazon', 'suse', 'opensuse-leap'] - and (k3s_non_root is not defined or not k3s_non_root) + - include_tasks: build/install-docker-prerequisites-{{ ansible_os_family | lower }}.yml -- include_tasks: build/install-docker-{{ ansible_distribution | replace(" ", "-") | lower }}.yml - when: k3s_use_docker - and ansible_distribution | replace(" ", "-") | lower in ['amazon', 'suse', 'opensuse-leap'] - and (k3s_non_root is not defined or not k3s_non_root) + - import_tasks: build/install-docker.yml + when: ansible_distribution | replace(" ", "-") | lower not in ['amazon', 'suse', 'opensuse-leap'] + + - include_tasks: build/install-docker-{{ ansible_distribution | replace(" ", "-") | lower }}.yml + when: ansible_distribution | replace(" ", "-") | lower in ['amazon', 'suse', 'opensuse-leap'] + + when: ('docker' in k3s_runtime_config and k3s_runtime_config.docker) + and ('rootless' not in k3s_runtime_config or not k3s_runtime_config.rootless) - import_tasks: build/download-k3s.yml diff --git a/tasks/state-restarted.yml b/tasks/state-restarted.yml index aaa5d76..85186a8 100644 --- a/tasks/state-restarted.yml +++ b/tasks/state-restarted.yml @@ -1,4 +1,5 @@ --- - import_tasks: operate/stop-k3s.yml + - import_tasks: operate/start-k3s.yml diff --git a/tasks/state-uninstalled.yml b/tasks/state-uninstalled.yml index b7d962c..9a94026 100644 --- a/tasks/state-uninstalled.yml +++ b/tasks/state-uninstalled.yml @@ -6,19 +6,19 @@ - import_tasks: teardown/uninstall-k3s.yml -- import_tasks: teardown/uninstall-docker.yml - when: k3s_use_docker - and ansible_distribution | replace(" ", "-") | lower not in ['amazon', 'suse', 'opensuse-leap'] - and (k3s_non_root is not defined or not k3s_non_root) +- name: Ensure docker uninstall tasks are run + block: -- include_tasks: teardown/uninstall-docker-{{ ansible_distribution | replace(" ", "-") | lower }}.yml - when: k3s_use_docker - and ansible_distribution | replace(" ", "-") | lower in ['amazon', 'suse', 'opensuse-leap'] - and (k3s_non_root is not defined or not k3s_non_root) + - import_tasks: teardown/uninstall-docker.yml + when: ansible_distribution | replace(" ", "-") | lower not in ['amazon', 'suse', 'opensuse-leap'] -- include_tasks: teardown/uninstall-docker-prerequisites-{{ ansible_os_family | lower }}.yml - when: k3s_use_docker - and (k3s_non_root is not defined or not k3s_non_root) + - include_tasks: teardown/uninstall-docker-{{ ansible_distribution | replace(" ", "-") | lower }}.yml + when: ansible_distribution | replace(" ", "-") | lower in ['amazon', 'suse', 'opensuse-leap'] + + - include_tasks: teardown/uninstall-docker-prerequisites-{{ ansible_os_family | lower }}.yml + + when: ('docker' in k3s_runtime_config and k3s_runtime_config.docker) + and ('rootless' not in k3s_runtime_config or not k3s_runtime_config.rootless) - import_tasks: validate/check-uninstalled.yml when: not k3s_skip_validation diff --git a/tasks/teardown/uninstall-k3s.yml b/tasks/teardown/uninstall-k3s.yml index e9c5217..4064bee 100644 --- a/tasks/teardown/uninstall-k3s.yml +++ b/tasks/teardown/uninstall-k3s.yml @@ -34,4 +34,5 @@ - name: Clean up Docker command: docker system prune -a --force - when: k3s_use_docker and check_k3s_docker_path.rc == 0 + when: ("docker" in k3s_runtime_config and k3s_runtime_config.docker) + and check_k3s_docker_path.rc == 0 diff --git a/tasks/validate/check-cluster-nodes-ready.yml b/tasks/validate/check-cluster-nodes-ready.yml index 478998e..c9c49fe 100644 --- a/tasks/validate/check-cluster-nodes-ready.yml +++ b/tasks/validate/check-cluster-nodes-ready.yml @@ -11,6 +11,7 @@ retries: 30 delay: 20 when: k3s_control_node - and (k3s_server.disable is defined and 'flannel' not in k3s_server.disable) + and (("disable" not in k3s_runtime_config) + or ("disable" in k3s_runtime_config and "flannel" not in k3s_runtime_config.disable)) and not ansible_check_mode become: "{{ k3s_become_for_kubectl | ternary(true, false, k3s_become_for_all) }}" diff --git a/tasks/validate/check-control-plane.yml b/tasks/validate/check-control-plane.yml index 14e3260..fa69258 100644 --- a/tasks/validate/check-control-plane.yml +++ b/tasks/validate/check-control-plane.yml @@ -2,8 +2,8 @@ - name: Check that the control plane to is available to accept connections wait_for: - port: "{{ k3s_https_port }}" - host: "{{ k3s_bind_address | default('127.0.0.1') }}" + port: "{{ k3s_runtime_config['https-listen-port'] | default('6443') }}" + host: "{{ k3s_runtime_config['bind-address'] | default('127.0.0.1') }}" delay: 5 sleep: 5 timeout: 300 diff --git a/tasks/validate/check-experimental-variables.yml b/tasks/validate/check-experimental-variables.yml index f3a6818..84f7f46 100644 --- a/tasks/validate/check-experimental-variables.yml +++ b/tasks/validate/check-experimental-variables.yml @@ -6,9 +6,7 @@ - k3s_use_experimental is defined and k3s_use_experimental success_msg: "Experimental variables are defined and enabled." fail_msg: "Experimental variables have been configured. If you want to use them ensure you set k3s_use_experimental" - when: (k3s_server.rootless is defined and k3s_server.rootless) - or (k3s_agent.rootless is defined and k3s_agent.rootless) - or (k3s_server.etcd-datastore is defined and k3s_server.etcd-datastore) - or (k3s_server.secrets-encryption is defined and k3s_server.secrets-encryption) - or (k3s_agent.secrets-encryption is defined and k3s_agent.secrets-encryption) - or (k3s_server.selinux is defined and k3s_server.selinux) + when: ("rootless" in k3s_runtime_config and k3s_runtime_config.rootless) + or ("etcd-datastore" in k3s_runtime_config and k3s_runtime_config.etcd-datastore) + or ("secrets-encryption" in k3s_runtime_config and k3s_runtime_config.secrets-encryption) + or ("selinux" in k3s_runtime_config and k3s_runtime_config.selinux) diff --git a/tasks/validate/check-master-count.yml b/tasks/validate/check-master-count.yml index b80d165..2bb0775 100644 --- a/tasks/validate/check-master-count.yml +++ b/tasks/validate/check-master-count.yml @@ -4,9 +4,8 @@ assert: that: - (k3s_controller_count | length == 1) - and (k3s_datastore_endpoint is not defined or not k3s_datastore_endpoint) - and (k3s_dqlite_datastore is not defined or not k3s_dqlite_datastore) - and (k3s_etcd_datastore is not defined or not k3s_etcd_datastore) + and ("datastore-endpoint" not in k3s_runtime_config or not k3s_runtime_config.datastore-endpoint) + and ("cluster-init" not in k3s_runtime_config or not k3s_runtime_config.cluster-init) success_msg: "Control plane configuration is valid." fail_msg: "Control plane configuration is invalid. Please see notes about k3s_control_node and HA in README.md." when: k3s_controller_count | length == 1 @@ -16,9 +15,8 @@ assert: that: - (k3s_controller_count | length >= 2) - and ((k3s_datastore_endpoint is defined and k3s_datastore_endpoint) - or (k3s_dqlite_datastore is defined and k3s_dqlite_datastore) - or (k3s_etcd_datastore is defined and k3s_etcd_datastore)) + and (("datastore-endpoint" in k3s_runtime_config and k3s_runtime_config.datastore-endpoint) + or ("cluster-init" in k3s_runtime_config and k3s_runtime_config.cluster-init)) success_msg: "Control plane configuration is valid." fail_msg: "Control plane configuration is invalid. Please see notes about k3s_control_node and HA in README.md." when: k3s_controller_count | length >= 2 @@ -30,4 +28,6 @@ and (((k3s_controller_count | length) % 2) == 1) success_msg: "Control plane configuration is valid." fail_msg: "Etcd should have a minimum of 3 defined members and the number of members should be odd. Please see notes about HA in README.md" - when: k3s_etcd_datastore and not k3s_use_unsupported_config + when: ("cluster-init" in k3s_runtime_config) + and k3s_runtime_config.cluster-init + and not k3s_use_unsupported_config diff --git a/tasks/validate/check-uninstalled.yml b/tasks/validate/check-uninstalled.yml index f5c3e0a..d1c33ba 100644 --- a/tasks/validate/check-uninstalled.yml +++ b/tasks/validate/check-uninstalled.yml @@ -16,12 +16,12 @@ ignore_errors: true changed_when: false register: check_k3s_docker_process - when: k3s_use_docker is defined and k3s_use_docker + when: ("docker" in k3s_runtime_config and k3s_runtime_config.docker) - name: Fail if docker is still running fail: msg: docker is still running, uninstall script failed. Please investigate. - when: k3s_use_docker is defined and k3s_use_docker and check_k3s_docker_process.rc == 0 + when: ("docker" in k3s_runtime_config and k3s_runtime_config.docker) - name: Fail if k3s binaries have not been removed stat: diff --git a/tasks/validate/check-variables.yml b/tasks/validate/check-variables.yml index 4bad3cc..0a1eaf9 100644 --- a/tasks/validate/check-variables.yml +++ b/tasks/validate/check-variables.yml @@ -1,288 +1,11 @@ --- -- name: Check k3s_no_flannel against k3s version +- name: Check that k3s_release_version >= 1.19.0 assert: that: - - (k3s_release_version | replace('v', '')) is version_compare('0.2.0', '>=') - success_msg: "--no-flannel is supported in {{ k3s_release_version }}" - fail_msg: "--no-flannel is not supported in {{ k3s_release_version }}" - when: k3s_no_flannel is defined and k3s_no_flannel + - (k3s_release_version | replace('v', '')) is version_compare('1.19.0', '>=') + success_msg: "{{ k3s_release_version }} is supported by this role." + fail_msg: "{{ k3s_release_version }} is not supported by this role, please use xanmanning.k3s v1.x." -- name: Check k3s_service_cidr against k3s version - assert: - that: - - (k3s_release_version | replace('v', '')) is version_compare('0.2.0', '>=') - success_msg: "--service-cidr is supported in {{ k3s_release_version }}" - fail_msg: "--service-cidr is not supported in {{ k3s_release_version }}" - when: k3s_service_cidr is defined - -- name: Check k3s_cluster_dns against k3s version - assert: - that: - - (k3s_release_version | replace('v', '')) is version_compare('0.2.0', '>=') - success_msg: "--cluster-dns is supported in {{ k3s_release_version }}" - fail_msg: "--cluster-dns is not supported in {{ k3s_release_version }}" - when: k3s_cluster_dns is defined and k3s_cluster_dns - -- name: Check k3s_use_docker against k3s version - assert: - that: - - (k3s_release_version | replace('v', '')) is version_compare('0.2.0', '>=') - success_msg: "--docker is supported in {{ k3s_release_version }}" - fail_msg: "--docker is not supported in {{ k3s_release_version }}" - when: k3s_use_docker is defined and k3s_use_docker - -- name: Check k3s_no_traefik against k3s version - assert: - that: - - (k3s_release_version | replace('v', '')) is version_compare('0.2.0', '>=') - success_msg: "--no-deploy traefik is supported in {{ k3s_release_version }}" - fail_msg: "--no-deploy traefik is not supported in {{ k3s_release_version }}" - when: k3s_no_traefik is defined and k3s_no_traefik - -- name: Check k3s_non_root against k3s version - assert: - that: - - (k3s_release_version | replace('v', '')) is version_compare('0.4.0', '>=') - - ansible_user_id != "root" - - play_hosts | length == 1 - success_msg: "k3s_non_root is supported in {{ k3s_release_version }}" - fail_msg: "k3s_non_root only works in >= v0.4.0, on a single node and must not be installed as root." - when: k3s_non_root is defined and k3s_non_root - -- name: Check k3s_resolv_conf against k3s version - assert: - that: - - (k3s_release_version | replace('v', '')) is version_compare('0.3.0', '>=') - success_msg: "--resolv-conf is supported in {{ k3s_release_version }}" - fail_msg: "--resolv-conf is not supported in {{ k3s_release_version }}" - when: k3s_resolv_conf is defined and k3s_resolv_conf - -- name: Check k3s_tls_san against k3s version - assert: - that: - - (k3s_release_version | replace('v', '')) is version_compare('0.3.0', '>=') - success_msg: "--tls-san is supported in {{ k3s_release_version }}" - fail_msg: "--tls-san is not supported in {{ k3s_release_version }}" - when: k3s_tls_san is defined and k3s_tls_san - -- name: Check k3s_flannel_interface against k3s version - assert: - that: - - (k3s_release_version | replace('v', '')) is version_compare('0.4.0', '>=') - success_msg: "--flannel-iface is supported in {{ k3s_release_version }}" - fail_msg: "--flannel-iface is not supported in {{ k3s_release_version }}" - when: k3s_flannel_interface is defined and k3s_flannel_interface - -- name: Check k3s_cluster_domain against k3s version - assert: - that: - - (k3s_release_version | replace('v', '')) is version_compare('0.4.0', '>=') - success_msg: "--cluster-domain is supported in {{ k3s_release_version }}" - fail_msg: "--cluster-domain is not supported in {{ k3s_release_version }}" - when: k3s_cluster_domain is defined and k3s_cluster_domain - -- name: Check k3s_bind_address against k3s version - assert: - that: - - (k3s_release_version | replace('v', '')) is version_compare('0.4.0', '>=') - success_msg: "--bind-address is supported in {{ k3s_release_version }}" - fail_msg: "--bind-address is not supported in {{ k3s_release_version }}" - when: k3s_bind_address is defined and k3s_bind_address - -- name: Check k3s_bind_address against k3s version - assert: - that: - - (k3s_release_version | replace('v', '')) is version_compare('0.5.0', '>=') - success_msg: "Auto deploy manifests is supported in {{ k3s_release_version }}" - fail_msg: | - Auto deploy manifests supported is limited in {{ k3s_release_version }}. - To disable this message ensure k3s_use_experimental is set to true. - when: k3s_server_manifests_templates is defined - and k3s_server_manifests_templates | length > 0 - and (k3s_use_experimental is not defined or not k3s_use_experimental) - -- name: Check k3s_node_labels against k3s version - assert: - that: - - (k3s_release_version | replace('v', '')) is version_compare('0.6.0', '>=') - success_msg: "Node Labels supported in {{ k3s_release_version }}" - fail_msg: "Node Labels are not supported in {{ k3s_release_version }}" - when: k3s_node_labels is defined and k3s_node_labels - -- name: Check k3s_node_taints against k3s version - assert: - that: - - (k3s_release_version | replace('v', '')) is version_compare('0.6.0', '>=') - success_msg: "Node Taints supported in {{ k3s_release_version }}" - fail_msg: "Node Taints are not supported in {{ k3s_release_version }}" - when: k3s_node_taints is defined and k3s_node_taints - -- name: Check k3s_kubelet_args against k3s version - assert: - that: - - (k3s_release_version | replace('v', '')) is version_compare('0.4.0', '>=') - success_msg: "Kubelet args supported in {{ k3s_release_version }}" - fail_msg: "Kubelet args are not supported in {{ k3s_release_version }}" - when: k3s_kubelet_args is defined and k3s_kubelet_args | length > 0 - -- name: Check k3s_kube_proxy_args against k3s version - assert: - that: - - (k3s_release_version | replace('v', '')) is version_compare('0.4.0', '>=') - success_msg: "Kube proxy args supported in {{ k3s_release_version }}" - fail_msg: "Kube proxy args are not supported in {{ k3s_release_version }}" - when: k3s_kube_proxy_args is defined and k3s_kube_proxy_args | length > 0 - -- name: Check k3s_kube_apiserver_args against k3s version - assert: - that: - - (k3s_release_version | replace('v', '')) is version_compare('0.4.0', '>=') - success_msg: "Kube API Server supported in {{ k3s_release_version }}" - fail_msg: "Kube API Server args are not supported in {{ k3s_release_version }}" - when: k3s_kube_apiserver_args is defined and k3s_kube_apiserver_args | length > 0 - -- name: Check k3s_kube_scheduler_args against k3s version - assert: - that: - - (k3s_release_version | replace('v', '')) is version_compare('0.4.0', '>=') - success_msg: "Kube Scheduler supported in {{ k3s_release_version }}" - fail_msg: "Kube Scheduler args are not supported in {{ k3s_release_version }}" - when: k3s_kube_scheduler_args is defined and k3s_kube_scheduler_args | length > 0 - -- name: Check k3s_kube_controller_manager_args against k3s version - assert: - that: - - (k3s_release_version | replace('v', '')) is version_compare('0.4.0', '>=') - success_msg: "Kube Controller Manager supported in {{ k3s_release_version }}" - fail_msg: "Kube Controller Manager args are not supported in {{ k3s_release_version }}" - when: k3s_kube_controller_manager_args is defined and k3s_kube_controller_manager_args | length > 0 - -- name: Check k3s_kube_cloud_controller_manager_args against k3s version - assert: - that: - - (k3s_release_version | replace('v', '')) is version_compare('1.0.0', '>=') - success_msg: "Kube Cloud Controller Manager supported in {{ k3s_release_version }}" - fail_msg: "Kube Cloud Controller Manager args are not supported in {{ k3s_release_version }}" - when: k3s_kube_cloud_controller_manager_args is defined and k3s_kube_cloud_controller_manager_args | length > 0 - -- name: Check k3s_flannel_backend against k3s version - assert: - that: - - (k3s_release_version | replace('v', '')) is version_compare('0.10.0', '>=') - success_msg: "Alternate flannel backends supported in {{ k3s_release_version }}" - fail_msg: "Alternate flannel backends are not supported in {{ k3s_release_version }}" - when: k3s_flannel_backend is defined and k3s_flannel_backend - -- name: Check k3s_flannel_backend 'host-gw' configuration against k3s version - assert: - that: - - (k3s_release_version | replace('v', '')) is version_compare('1.17.2', '>=') - success_msg: "host-gw flannel backend supported in {{ k3s_release_version }}" - fail_msg: "host-gw flannel backend is not supported in {{ k3s_release_version }}" - when: k3s_flannel_backend is defined and k3s_flannel_backend == 'host-gw' - -- name: Check k3s_disable_network_policy against k3s version - assert: - that: - - (k3s_release_version | replace('v', '')) is version_compare('0.10.0', '>=') - success_msg: "--disable-network-policy supported in {{ k3s_release_version }}" - fail_msg: "--disable-network-policy not supported in {{ k3s_release_version }}" - when: k3s_disable_network_policy is defined and k3s_disable_network_policy - -- name: Check k3s_private_registry against k3s version - assert: - that: - - (k3s_release_version | replace('v', '')) is version_compare('0.10.0', '>=') - success_msg: "--private-registry supported in {{ k3s_release_version }}" - fail_msg: "--private-registry not supported in {{ k3s_release_version }}" - when: k3s_private_registry is defined and k3s_private_registry - -- name: Check k3s_disable_cloud_controller against k3s version - assert: - that: - - (k3s_release_version | replace('v', '')) is version_compare('1.0.0', '>=') - success_msg: "--disable-cloud-controller supported in {{ k3s_release_version }}" - fail_msg: "--disable-cloud-controller not supported in {{ k3s_release_version }}" - when: k3s_disable_cloud_controller is defined and k3s_disable_cloud_controller - -- name: Check k3s_disable_scheduler against k3s version - assert: - that: - - (k3s_release_version | replace('v', '')) is version_compare('1.0.0', '>=') - success_msg: "--disable-scheduler supported in {{ k3s_release_version }}" - fail_msg: "--disable-scheduler not supported in {{ k3s_release_version }}" - when: k3s_disable_scheduler is defined and k3s_disable_scheduler - -- name: Check k3s_datastore_endpoint against k3s version - assert: - that: - - (k3s_release_version | replace('v', '')) is version_compare('1.0.0', '>=') - success_msg: "--datastore-endpoint supported in {{ k3s_release_version }}" - fail_msg: "--datastore-endpoint not supported in {{ k3s_release_version }}" - when: k3s_datastore_endpoint is defined and k3s_datastore_endpoint - -- name: Check k3s_dqlite_datastore against k3s version - assert: - that: - - (k3s_release_version | replace('v', '')) is version_compare('1.0.0', '>=') - - (k3s_release_version | replace('v', '')) is version_compare('1.19.0', '<') - success_msg: "--cluster-init (dqlite) supported in {{ k3s_release_version }}" - fail_msg: "--cluster-init (dqlite) not supported in {{ k3s_release_version }}" - when: k3s_dqlite_datastore is defined and k3s_dqlite_datastore - -- name: Check k3s_etcd_datastore against k3s version - assert: - that: - - (k3s_release_version | replace('v', '')) is version_compare('1.19.1', '>=') - success_msg: "--cluster-init (etcd) supported in {{ k3s_release_version }}" - fail_msg: "--cluster-init (etcd) not supported in {{ k3s_release_version }}" - when: k3s_etcd_datastore is defined and k3s_etcd_datastore - -- name: Check k3s_datastore_cafile against k3s version - assert: - that: - - (k3s_release_version | replace('v', '')) is version_compare('1.0.0', '>=') - success_msg: "--datastore-endpoint supported in {{ k3s_release_version }}" - fail_msg: "--datastore-endpoint not supported in {{ k3s_release_version }}" - when: k3s_datastore_cafile is defined and k3s_datastore_cafile - -- name: Check k3s_datastore_certfile against k3s version - assert: - that: - - (k3s_release_version | replace('v', '')) is version_compare('1.0.0', '>=') - success_msg: "--datastore-endpoint supported in {{ k3s_release_version }}" - fail_msg: "--datastore-endpoint not supported in {{ k3s_release_version }}" - when: k3s_datastore_certfile is defined and k3s_datastore_certfile - -- name: Check k3s_datastore_keyfile against k3s version - assert: - that: - - (k3s_release_version | replace('v', '')) is version_compare('1.0.0', '>=') - success_msg: "--datastore-endpoint supported in {{ k3s_release_version }}" - fail_msg: "--datastore-endpoint not supported in {{ k3s_release_version }}" - when: k3s_datastore_keyfile is defined and k3s_datastore_keyfile - -- name: Check k3s_default_local_storage_path against k3s version - assert: - that: - - (k3s_release_version | replace('v', '')) is version_compare('1.0.0', '>=') - success_msg: "Local storage path supported in {{ k3s_release_version }}" - fail_msg: "Local storage path are not supported in {{ k3s_release_version }}" - when: k3s_default_local_storage_path is defined and k3s_default_local_storage_path - -- name: Check k3s_secrets_encryption against k3s version - assert: - that: - - (k3s_release_version | replace('v', '')) is version_compare('1.17.4', '>=') - success_msg: "Secrets encryption at rest supported in {{ k3s_release_version }}" - fail_msg: "Secrets encryption at rest is not supported in {{ k3s_release_version }}" - when: k3s_secrets_encryption is defined and k3s_secrets_encryption - -- name: Check k3s_enable_selinux against k3s version - assert: - that: - - (k3s_release_version | replace('v', '')) is version_compare('1.17.4', '>=') - success_msg: "SELinux supported in {{ k3s_release_version }}" - fail_msg: "SELinux is not supported in {{ k3s_release_version }}" - when: k3s_enable_selinux is defined and k3s_enable_selinux +# Due to the v2 role now only supporting k3s v1.19+ - this file is intentionlly +# blank until new configuration options are added. diff --git a/tasks/validate/generate-check-config.yml b/tasks/validate/generate-check-config.yml new file mode 100644 index 0000000..3eb9dad --- /dev/null +++ b/tasks/validate/generate-check-config.yml @@ -0,0 +1,5 @@ +--- + +- name: Ensure k3s_runtime_config is set for validation + set_fact: + k3s_runtime_config: "{{ (k3s_server | default('None')) | combine (k3s_agent | default('None')) }}" diff --git a/tasks/validate/main.yml b/tasks/validate/main.yml index 3de3cf5..071371e 100644 --- a/tasks/validate/main.yml +++ b/tasks/validate/main.yml @@ -1,10 +1,13 @@ --- - import_tasks: check-variables.yml + - import_tasks: check-experimental-variables.yml + - import_tasks: check-unsupported-rootless.yml - when: k3s_non_root is defined - and k3s_non_root + when: ("rootless" in k3s_runtime_config) + and k3s_runtime_config.rootless and k3s_use_unsupported_config + - import_tasks: check-master-count.yml when: k3s_build_cluster is defined and k3s_build_cluster diff --git a/tasks/validate/post-install.yml b/tasks/validate/post-install.yml index 86393ac..dc6aefb 100644 --- a/tasks/validate/post-install.yml +++ b/tasks/validate/post-install.yml @@ -1,4 +1,5 @@ --- - import_tasks: check-control-plane.yml + - import_tasks: check-cluster-nodes-ready.yml diff --git a/tasks/validate/pre-flight.yml b/tasks/validate/pre-flight.yml index 4039c1a..a1495d8 100644 --- a/tasks/validate/pre-flight.yml +++ b/tasks/validate/pre-flight.yml @@ -8,5 +8,7 @@ success_msg: "k3s_state is valid." when: k3s_state is defined +- import_tasks: generate-check-config.yml + - import_tasks: check-environment.yml when: not k3s_skip_validation diff --git a/templates/config.yaml.j2 b/templates/config.yaml.j2 index a766899..24dc17c 100644 --- a/templates/config.yaml.j2 +++ b/templates/config.yaml.j2 @@ -1,11 +1,3 @@ --- -{% if k3s_control_node %} -{% if k3s_server is defined and k3s_server != None %} -{{ k3s_server | to_nice_yaml(indent=2) }} -{% endif %} -{% else %} -{% if k3s_agent is defined and k3s_agent != None %} -{{ k3s_agent | to_nice_yaml(indent=2) }} -{% endif %} -{% endif %} +{{ k3s_runtime_config | to_nice_yaml(indent=2) }} diff --git a/templates/k3s-killall.sh.j2 b/templates/k3s-killall.sh.j2 index 0a1f0e2..98c67a4 100644 --- a/templates/k3s-killall.sh.j2 +++ b/templates/k3s-killall.sh.j2 @@ -62,7 +62,7 @@ do_unmount() { } do_unmount '/run/k3s' -do_unmount '{{ k3s_node_data_dir | default('/var/lib/rancher/k3s') }}' +do_unmount '{{ k3s_runtime_config['data-dir'] | default('/var/lib/rancher/k3s') }}' do_unmount '/var/lib/kubelet/pods' do_unmount '/run/netns/cni-' diff --git a/templates/k3s-uninstall.sh.j2 b/templates/k3s-uninstall.sh.j2 index b660ec1..e85c64b 100644 --- a/templates/k3s-uninstall.sh.j2 +++ b/templates/k3s-uninstall.sh.j2 @@ -55,7 +55,7 @@ for bin in {{ k3s_install_dir }}/k3s*; do done [ -d /etc/rancher/k3s ] && rm -rf /etc/rancher/k3s -[ -d {{ k3s_node_data_dir | default('/var/lib/rancher/k3s') }} ] && rm -rf {{ k3s_node_data_dir | default('/var/lib/rancher/k3s') }} +[ -d {{ k3s_runtime_config['data-dir'] | default('/var/lib/rancher/k3s') }} ] && rm -rf {{ k3s_runtime_config['data-dir'] | default('/var/lib/rancher/k3s') }} [ -d /var/lib/kubelet ] && rm -rf /var/lib/kubelet [ -f /usr/local/bin/k3s-killall.sh ] && rm -f /usr/local/bin/k3s-killall.sh diff --git a/templates/k3s.service.j2 b/templates/k3s.service.j2 index e8455cf..bc3b435 100644 --- a/templates/k3s.service.j2 +++ b/templates/k3s.service.j2 @@ -21,7 +21,7 @@ ExecStart={{ k3s_install_dir }}/k3s {% endif %} {% else %} agent - --server https://{{ k3s_control_node_address }}:{{ k3s_server['https-listen-port'] | default(6443) }} + --server https://{{ k3s_control_node_address }}:{{ k3s_runtime_config['https-listen-port'] | default(6443) }} --token-file {{ k3s_token_location }}/cluster-token {% if k3s_agent is defined %} --config {{ k3s_config_file }} diff --git a/vagrant/Vagrantfile b/vagrant/Vagrantfile deleted file mode 100644 index c3adc2b..0000000 --- a/vagrant/Vagrantfile +++ /dev/null @@ -1,96 +0,0 @@ -# -*- mode: ruby -*- -# vi: set ft=ruby : - -$centos_provision = <