variables to activate become for some steps

This commit is contained in:
SimonHeimberg 2020-04-22 16:42:45 +02:00
parent bcb81e7c7d
commit acedb08a1f
5 changed files with 18 additions and 0 deletions

View file

@ -79,6 +79,10 @@ consistency.
| `k3s_datastore_cafile` | Define the database TLS CA file. | _NULL_ |
| `k3s_datastore_certfile` | Define the database TLS Cert file. | _NULL_ |
| `k3s_datastore_keyfile` | Define the database TLS Key file. | _NULL_ |
| `k3s_become_for_all` | Enable become for all (where value for `k3s_become_for_*` is _NULL_ | `false` |
| `k3s_become_for_systemd` | Enable become for systemd | _NULL_ |
| `k3s_become_for_install_dir` | Enable become for writing to `k3s_install_dir` | _NULL_ |
| `k3s_become_for_usr_local_bin` | Enable become for writing to /usr/local/bin/ | _NULL_ |
| `k3s_dqlite_datastore` | Use DQLite as the database backend for HA. (EXPERIMENTAL) | `false` |
| `k3s_secrets_encryption` | Use secrets encryption at rest. (EXPERIMENTAL) | `false` |

View file

@ -98,3 +98,9 @@ k3s_default_local_storage_path: false
# Use secret encryption at rest (EXPERIMENTAL)
k3s_secrets_encryption: false
# with become privileges for
k3s_become_for_all: false
k3s_become_for_systemd: null
k3s_become_for_install_dir: null
k3s_become_for_usr_local_bin: null

View file

@ -4,6 +4,7 @@
systemd:
daemon_reload: true
scope: "{{ k3s_systemd_context }}"
become: "{{ k3s_become_for_systemd | ternary(true, false, k3s_become_for_all) }}"
- name: restart k3s
systemd:
@ -11,6 +12,7 @@
state: restarted
scope: "{{ k3s_systemd_context }}"
enabled: true
become: "{{ k3s_become_for_systemd | ternary(true, false, k3s_become_for_all) }}"
- name: restart docker
systemd:

View file

@ -35,3 +35,4 @@
dest: "{{ k3s_install_dir }}/k3s-{{ k3s_release_version }}"
checksum: "sha256:{{ k3s_hash_sum }}"
mode: 0755
become: "{{ k3s_become_for_install_dir | ternary(true, false, k3s_become_for_all) }}"

View file

@ -16,6 +16,7 @@
or (k3s_primary_control_node and k3s_controller_count | length > 1)
notify:
- reload systemd
become: "{{ k3s_become_for_systemd | ternary(true, false, k3s_become_for_all) }}"
- meta: flush_handlers
@ -24,12 +25,14 @@
src: k3s-killall.sh.j2
dest: "/usr/local/bin/k3s-killall.sh"
mode: 0700
become: "{{ k3s_become_for_usr_local_bin | ternary(true, false, k3s_become_for_all) }}"
- name: Ensure k3s uninstall script is present on all nodes
template:
src: k3s-uninstall.sh.j2
dest: "/usr/local/bin/k3s-uninstall.sh"
mode: 0700
become: "{{ k3s_become_for_usr_local_bin | ternary(true, false, k3s_become_for_all) }}"
- name: Ensure k3s is symlinked into the installation destinations
file:
@ -43,6 +46,7 @@
- kubectl
- crictl
- ctr
become: "{{ k3s_become_for_install_dir | ternary(true, false, k3s_become_for_all) }}"
- name: Ensure k3s control plane is started
systemd:
@ -52,3 +56,4 @@
scope: "{{ k3s_systemd_context }}"
when: (k3s_control_node and k3s_controller_count | length == 1)
or (k3s_primary_control_node and k3s_controller_count | length > 1)
become: "{{ k3s_become_for_systemd | ternary(true, false, k3s_become_for_all) }}"