mirror of
https://github.com/PyratLabs/ansible-role-k3s
synced 2024-12-12 14:00:18 +01:00
Merge pull request #167 from PyratLabs/multiple-bugfixes-and-features
Multiple bugfixes and features
This commit is contained in:
commit
c287bef9cd
25 changed files with 116 additions and 47 deletions
1
.github/workflows/ci.yml
vendored
1
.github/workflows/ci.yml
vendored
|
@ -59,6 +59,7 @@ jobs:
|
|||
|
||||
- name: Run Molecule tests
|
||||
run: molecule test --scenario-name "${{ matrix.scenario }}"
|
||||
# continue-on-error: true
|
||||
env:
|
||||
PY_COLORS: '1'
|
||||
ANSIBLE_FORCE_COLOR: '1'
|
||||
|
|
20
README.md
20
README.md
|
@ -88,17 +88,23 @@ The below variables change how and when the systemd service unit file for K3S
|
|||
is run. Use this with caution, please refer to the [systemd documentation](https://www.freedesktop.org/software/systemd/man/systemd.unit.html#%5BUnit%5D%20Section%20Options)
|
||||
for more information.
|
||||
|
||||
| Variable | Description | Default Value |
|
||||
|------------------------|----------------------------------------------------------------|---------------|
|
||||
| `k3s_start_on_boot` | Start k3s on boot. | `true` |
|
||||
| `k3s_service_requires` | List of required systemd units to k3s service unit. | [] |
|
||||
| `k3s_service_wants` | List of "wanted" systemd unit to k3s (weaker than "requires"). | []\* |
|
||||
| `k3s_service_before` | Start k3s before a defined list of systemd units. | [] |
|
||||
| `k3s_service_after` | Start k3s after a defined list of systemd units. | []\* |
|
||||
| Variable | Description | Default Value |
|
||||
|------------------------|----------------------------------------------------------------------|---------------|
|
||||
| `k3s_start_on_boot` | Start k3s on boot. | `true` |
|
||||
| `k3s_service_requires` | List of required systemd units to k3s service unit. | [] |
|
||||
| `k3s_service_wants` | List of "wanted" systemd unit to k3s (weaker than "requires"). | []\* |
|
||||
| `k3s_service_before` | Start k3s before a defined list of systemd units. | [] |
|
||||
| `k3s_service_after` | Start k3s after a defined list of systemd units. | []\* |
|
||||
| `k3s_service_env_vars` | Dictionary of environment variables to use within systemd unit file. | {} |
|
||||
| `k3s_service_env_file` | Location on host of a environment file to include. | `false`\*\* |
|
||||
|
||||
\* The systemd unit template **always** specifies `network-online.target` for
|
||||
`wants` and `after`.
|
||||
|
||||
\*\* The file must already exist on the target host, this role will not create
|
||||
nor manage the file. You can manage this file outside of the role with
|
||||
pre-tasks in your Ansible playbook.
|
||||
|
||||
### Group/Host Variables
|
||||
|
||||
Below are variables that are set against individual or groups of play hosts.
|
||||
|
|
|
@ -91,6 +91,17 @@ k3s_service_before: []
|
|||
# Start k3s after a defined list of systemd units.
|
||||
k3s_service_after: []
|
||||
|
||||
# Dictionary of environment variables to use within systemd unit file
|
||||
# Some examples below
|
||||
k3s_service_env_vars: {}
|
||||
# PATH: /opt/k3s/bin
|
||||
# GOGC: 10
|
||||
|
||||
# Location on host of a environment file to include. This must already exist on
|
||||
# the target as this role will not populate this file.
|
||||
k3s_service_env_file: false
|
||||
|
||||
|
||||
##
|
||||
# Server Configuration
|
||||
##
|
||||
|
|
|
@ -18,5 +18,7 @@
|
|||
k3s_server_manifests_urls:
|
||||
- url: https://raw.githubusercontent.com/metallb/metallb/v0.9.6/manifests/namespace.yaml
|
||||
filename: 05-metallb-namespace.yml
|
||||
k3s_service_env_vars:
|
||||
GOGC: 10
|
||||
roles:
|
||||
- role: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') | basename }}"
|
||||
|
|
|
@ -3,8 +3,10 @@
|
|||
hosts: node*
|
||||
become: true
|
||||
tasks:
|
||||
- name: Ensure apt cache is updated
|
||||
- name: Ensure apt cache is updated and iptables is installed
|
||||
ansible.builtin.apt:
|
||||
name: iptables
|
||||
state: present
|
||||
update_cache: true
|
||||
when: ansible_pkg_mgr == 'apt'
|
||||
|
||||
|
|
|
@ -2,7 +2,9 @@
|
|||
- name: Prepare
|
||||
hosts: all
|
||||
tasks:
|
||||
- name: Ensure apt cache is updated
|
||||
- name: Ensure apt cache is updated and iptables is installed
|
||||
ansible.builtin.apt:
|
||||
name: iptables
|
||||
state: present
|
||||
update_cache: true
|
||||
when: ansible_pkg_mgr == 'apt'
|
||||
|
|
|
@ -2,7 +2,9 @@
|
|||
- name: Prepare
|
||||
hosts: all
|
||||
tasks:
|
||||
- name: Ensure apt cache is updated
|
||||
- name: Ensure apt cache is updated and iptables is installed
|
||||
ansible.builtin.apt:
|
||||
name: iptables
|
||||
state: present
|
||||
update_cache: true
|
||||
when: ansible_pkg_mgr == 'apt'
|
||||
|
|
|
@ -2,7 +2,9 @@
|
|||
- name: Prepare
|
||||
hosts: all
|
||||
tasks:
|
||||
- name: Ensure apt cache is updated
|
||||
- name: Ensure apt cache is updated and iptables is installed
|
||||
ansible.builtin.apt:
|
||||
name: iptables
|
||||
state: present
|
||||
update_cache: true
|
||||
when: ansible_pkg_mgr == 'apt'
|
||||
|
|
|
@ -10,6 +10,7 @@
|
|||
datastore-endpoint: "postgres://postgres:verybadpass@database:5432/postgres?sslmode=disable"
|
||||
k3s_agent:
|
||||
snapshotter: native
|
||||
k3s_service_env_file: /tmp/k3s.env
|
||||
pre_tasks:
|
||||
- name: Set each node to be a control node
|
||||
ansible.builtin.set_fact:
|
||||
|
|
|
@ -33,7 +33,16 @@
|
|||
- name: Prepare nodes
|
||||
hosts: node*
|
||||
tasks:
|
||||
- name: Ensure apt cache is updated
|
||||
- name: Ensure apt cache is updated and iptables is installed
|
||||
ansible.builtin.apt:
|
||||
name: iptables
|
||||
state: present
|
||||
update_cache: true
|
||||
when: ansible_pkg_mgr == 'apt'
|
||||
|
||||
- name: Ensure environment file exists for k3s_service_env_file
|
||||
ansible.builtin.lineinfile:
|
||||
path: /tmp/k3s.env
|
||||
line: "THISHOST={{ ansible_hostname }}"
|
||||
mode: 0644
|
||||
create: true
|
||||
|
|
|
@ -33,8 +33,10 @@
|
|||
- name: Prepare nodes
|
||||
hosts: node*
|
||||
tasks:
|
||||
- name: Ensure apt cache is updated
|
||||
- name: Ensure apt cache is updated and iptables is installed
|
||||
ansible.builtin.apt:
|
||||
name: iptables
|
||||
state: present
|
||||
update_cache: true
|
||||
when: ansible_pkg_mgr == 'apt'
|
||||
|
||||
|
|
|
@ -2,7 +2,9 @@
|
|||
- name: Prepare
|
||||
hosts: all
|
||||
tasks:
|
||||
- name: Ensure apt cache is updated
|
||||
- name: Ensure apt cache is updated and iptables is installed
|
||||
ansible.builtin.apt:
|
||||
name: iptables
|
||||
state: present
|
||||
update_cache: true
|
||||
when: ansible_pkg_mgr == 'apt'
|
||||
|
|
|
@ -6,7 +6,7 @@
|
|||
- apt-transport-https
|
||||
- ca-certificates
|
||||
- curl
|
||||
- "{{ 'gnupg2' if ansible_distribution == 'Debian' else 'gnupg-agent' }}"
|
||||
- "{{ 'gnupg2' if k3s_os_distribution == 'debian' else 'gnupg-agent' }}"
|
||||
- software-properties-common
|
||||
state: present
|
||||
register: ensure_docker_prerequisites_installed
|
||||
|
@ -17,13 +17,13 @@
|
|||
|
||||
- name: Ensure Docker APT key is present
|
||||
ansible.builtin.apt_key:
|
||||
url: https://download.docker.com/linux/{{ ansible_distribution | lower }}/gpg
|
||||
url: https://download.docker.com/linux/{{ k3s_os_distribution }}/gpg
|
||||
state: present
|
||||
become: "{{ k3s_become_for_package_install | ternary(true, false, k3s_become_for_all) }}"
|
||||
|
||||
- name: Ensure Docker repository is installed and configured
|
||||
ansible.builtin.apt_repository:
|
||||
filename: docker-ce
|
||||
repo: "deb https://download.docker.com/linux/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} stable"
|
||||
repo: "deb https://download.docker.com/linux/{{ k3s_os_distribution }} {{ ansible_distribution_release }} stable"
|
||||
update_cache: true
|
||||
become: "{{ k3s_become_for_package_install | ternary(true, false, k3s_become_for_all) }}"
|
||||
|
|
|
@ -26,7 +26,7 @@
|
|||
|
||||
- name: Check to see if Docker repository is available for this distribution
|
||||
ansible.builtin.uri:
|
||||
url: "https://download.docker.com/linux/{{ ansible_distribution | lower }}/{{ ansible_distribution_major_version }}"
|
||||
url: "https://download.docker.com/linux/{{ k3s_os_distribution }}/{{ ansible_distribution_major_version }}"
|
||||
register: k3s_redhat_repo_check
|
||||
failed_when: false
|
||||
changed_when: false
|
||||
|
@ -35,13 +35,13 @@
|
|||
ansible.builtin.yum_repository:
|
||||
name: docker-ce
|
||||
description: Docker CE Repository
|
||||
baseurl: https://download.docker.com/linux/{{ ansible_distribution | lower }}/{{ ansible_distribution_major_version }}/$basearch/stable
|
||||
gpgkey: https://download.docker.com/linux/{{ ansible_distribution | lower }}/gpg
|
||||
baseurl: https://download.docker.com/linux/{{ k3s_os_distribution }}/{{ ansible_distribution_major_version }}/$basearch/stable
|
||||
gpgkey: https://download.docker.com/linux/{{ k3s_os_distribution }}/gpg
|
||||
enabled: true
|
||||
gpgcheck: true
|
||||
state: present
|
||||
when:
|
||||
- ansible_distribution | lower not in ['amazon']
|
||||
- k3s_os_distribution not in ['amazon']
|
||||
- k3s_redhat_repo_check.status == 200
|
||||
become: "{{ k3s_become_for_package_install | ternary(true, false, k3s_become_for_all) }}"
|
||||
|
||||
|
@ -51,6 +51,6 @@
|
|||
args:
|
||||
creates: /etc/yum.repos.d/docker-ce.repo
|
||||
when:
|
||||
- ansible_distribution | lower not in ['amazon']
|
||||
- k3s_os_distribution not in ['amazon']
|
||||
- k3s_redhat_repo_check.status != 200
|
||||
become: "{{ k3s_become_for_package_install | ternary(true, false, k3s_become_for_all) }}"
|
||||
|
|
|
@ -17,6 +17,11 @@
|
|||
- include_tasks: install-k3s-node.yml
|
||||
when: k3s_build_cluster
|
||||
|
||||
- name: Determine if the systems are already clustered
|
||||
ansible.builtin.stat:
|
||||
path: "{{ k3s_token_location }}"
|
||||
register: k3s_token_cluster_check
|
||||
|
||||
- name: Ensure k3s initial control plane server is started
|
||||
ansible.builtin.systemd:
|
||||
name: k3s
|
||||
|
@ -29,4 +34,5 @@
|
|||
- not ansible_check_mode
|
||||
when: (k3s_control_node and k3s_controller_list | length == 1)
|
||||
or (k3s_primary_control_node and k3s_controller_list | length > 1)
|
||||
or k3s_token_cluster_check.stat.exists
|
||||
become: "{{ k3s_become_for_systemd | ternary(true, false, k3s_become_for_all) }}"
|
||||
|
|
|
@ -17,13 +17,13 @@
|
|||
- name: Ensure docker installation tasks are run
|
||||
block:
|
||||
|
||||
- include_tasks: build/docker/{{ ansible_os_family | lower }}/install-prerequisites.yml
|
||||
- include_tasks: build/docker/{{ k3s_os_family }}/install-prerequisites.yml
|
||||
|
||||
- import_tasks: build/docker/install.yml
|
||||
when: ansible_distribution | replace(" ", "-") | lower not in ['amazon', 'suse', 'opensuse-leap', 'archlinux']
|
||||
when: k3s_os_distribution not in ['amazon', 'suse', 'opensuse-leap', 'archlinux']
|
||||
|
||||
- include_tasks: build/docker/{{ ansible_distribution | replace(" ", "-") | lower }}/install.yml
|
||||
when: ansible_distribution | replace(" ", "-") | lower in ['amazon', 'suse', 'opensuse-leap', 'archlinux']
|
||||
- include_tasks: build/docker/{{ k3s_os_distribution }}/install.yml
|
||||
when: k3s_os_distribution in ['amazon', 'suse', 'opensuse-leap', 'archlinux']
|
||||
|
||||
when:
|
||||
- ('docker' in k3s_runtime_config and k3s_runtime_config.docker)
|
||||
|
|
|
@ -10,12 +10,12 @@
|
|||
block:
|
||||
|
||||
- import_tasks: teardown/docker/uninstall.yml
|
||||
when: ansible_distribution | replace(" ", "-") | lower not in ['amazon', 'suse', 'opensuse-leap', 'archlinux']
|
||||
when: k3s_os_distribution not in ['amazon', 'suse', 'opensuse-leap', 'archlinux']
|
||||
|
||||
- include_tasks: teardown/docker/{{ ansible_distribution | replace(" ", "-") | lower }}/uninstall.yml
|
||||
when: ansible_distribution | replace(" ", "-") | lower in ['amazon', 'suse', 'opensuse-leap', 'archlinux']
|
||||
- include_tasks: teardown/docker/{{ k3s_os_distribution }}/uninstall.yml
|
||||
when: k3s_os_distribution in ['amazon', 'suse', 'opensuse-leap', 'archlinux']
|
||||
|
||||
- include_tasks: teardown/docker/{{ ansible_os_family | lower }}/uninstall-prerequisites.yml
|
||||
- include_tasks: teardown/docker/{{ k3s_os_family }}/uninstall-prerequisites.yml
|
||||
|
||||
when:
|
||||
- ('docker' in k3s_runtime_config and k3s_runtime_config.docker)
|
||||
|
|
|
@ -3,13 +3,13 @@
|
|||
- name: Ensure Docker repository is uninstalled
|
||||
ansible.builtin.apt_repository:
|
||||
filename: docker-ce
|
||||
repo: "deb https://download.docker.com/linux/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} stable"
|
||||
repo: "deb https://download.docker.com/linux/{{ k3s_os_distribution }} {{ ansible_distribution_release }} stable"
|
||||
update_cache: false
|
||||
state: absent
|
||||
become: "{{ k3s_become_for_uninstall | ternary(true, false, k3s_become_for_all) }}"
|
||||
|
||||
- name: Ensure Docker APT key is uninstalled
|
||||
ansible.builtin.apt_key:
|
||||
url: https://download.docker.com/linux/{{ ansible_distribution | lower }}/gpg
|
||||
url: https://download.docker.com/linux/{{ k3s_os_distribution }}/gpg
|
||||
state: absent
|
||||
become: "{{ k3s_become_for_uninstall | ternary(true, false, k3s_become_for_all) }}"
|
||||
|
|
|
@ -4,10 +4,10 @@
|
|||
ansible.builtin.yum_repository:
|
||||
name: docker-ce
|
||||
description: Docker CE Repository
|
||||
baseurl: https://download.docker.com/linux/{{ ansible_distribution | lower }}/{{ ansible_distribution_major_version }}/$basearch/stable
|
||||
gpgkey: https://download.docker.com/linux/{{ ansible_distribution | lower }}/gpg
|
||||
baseurl: https://download.docker.com/linux/{{ k3s_os_distribution }}/{{ ansible_distribution_major_version }}/$basearch/stable
|
||||
gpgkey: https://download.docker.com/linux/{{ k3s_os_distribution }}/gpg
|
||||
enabled: false
|
||||
gpgcheck: true
|
||||
state: absent
|
||||
when: ansible_distribution | lower not in ['amazon']
|
||||
when: k3s_os_distribution not in ['amazon']
|
||||
become: "{{ k3s_become_for_uninstall | ternary(true, false, k3s_become_for_all) }}"
|
||||
|
|
|
@ -50,7 +50,7 @@
|
|||
ansible.builtin.assert:
|
||||
that:
|
||||
- k3s_get_unprivileged_userns_clone['content'] | b64decode | int == 1
|
||||
- k3s_get_max_user_namespaces['content'] | b64decode | int >= 28633
|
||||
- ((k3s_get_max_user_namespaces['content'] | b64decode | int >= 28633) or (k3s_os_family != "redhat"))
|
||||
- k3s_current_user_subuid != "UserNotFound:0:0"
|
||||
- k3s_current_user_subgid != "UserNotFound:0:0"
|
||||
- k3s_current_user_subuid.split(':')[2] | int >= 65536
|
||||
|
|
|
@ -18,7 +18,8 @@
|
|||
Documentation: {{ package.documentation }}
|
||||
{% endif %}
|
||||
when:
|
||||
- check_k3s_required_package.rc is defined
|
||||
- (package.until is not defined
|
||||
or k3s_release_version is version_compare(package.until, '>='))
|
||||
or (k3s_release_version | replace('v', '')) is version_compare(package.until, '>='))
|
||||
- (package.from is not defined
|
||||
or k3s_release_version is version_compare(package.from, '>='))
|
||||
or (k3s_release_version | replace('v', '')) is version_compare(package.from, '>='))
|
||||
|
|
|
@ -1,5 +1,14 @@
|
|||
---
|
||||
|
||||
- include_tasks: environment/remote/packages.yml
|
||||
loop: "{{ k3s_check_packages[k3s_os_distribution_version] }}"
|
||||
loop_control:
|
||||
loop_var: package
|
||||
when:
|
||||
- not k3s_skip_validation
|
||||
- not k3s_skip_env_checks
|
||||
- k3s_check_packages[k3s_os_distribution_version] is defined
|
||||
|
||||
- import_tasks: configuration/variables.yml
|
||||
|
||||
- import_tasks: configuration/experimental-variables.yml
|
||||
|
|
|
@ -21,14 +21,6 @@
|
|||
- not k3s_skip_validation
|
||||
- not k3s_skip_env_checks
|
||||
|
||||
- include_tasks: environment/remote/packages.yml
|
||||
loop: "{{ k3s_check_packages }}"
|
||||
loop_control:
|
||||
loop_var: package
|
||||
when:
|
||||
- not k3s_skip_validation
|
||||
- not k3s_skip_env_checks
|
||||
|
||||
- include_tasks: environment/local/issue-data.yml
|
||||
when:
|
||||
- pyratlabs_issue_controller_dump is defined
|
||||
|
|
|
@ -18,6 +18,14 @@ After={{ after_unit }}
|
|||
|
||||
[Service]
|
||||
Type={{ 'notify' if k3s_control_node else 'exec' }}
|
||||
{% if k3s_service_env_vars is defined and k3s_service_env_vars is iterable %}
|
||||
{% for env_var in k3s_service_env_vars %}
|
||||
Environent={{ env_var }}={{ k3s_service_env_vars[env_var] }}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
{% if k3s_service_env_file is defined and k3s_service_env_file %}
|
||||
EnvironmentFile={{ k3s_service_env_file }}
|
||||
{% endif %}
|
||||
ExecStartPre=-/sbin/modprobe br_netfilter
|
||||
ExecStartPre=-/sbin/modprobe overlay
|
||||
{% filter regex_replace('\s+', ' ') %}
|
||||
|
|
|
@ -88,8 +88,19 @@ k3s_server_manifests_dir: "{{ k3s_data_dir }}/server/manifests"
|
|||
# https://github.com/k3s-io/k3s/pull/1691
|
||||
k3s_server_pod_manifests_dir: "{{ k3s_data_dir }}/agent/pod-manifests"
|
||||
|
||||
# OS formatted strings
|
||||
k3s_os_distribution: "{{ ansible_distribution | replace(' ', '-') | lower }}"
|
||||
k3s_os_version: "{{ ansible_distribution_version | replace([' ', '.'], '-') | lower }}"
|
||||
k3s_os_distribution_version: "{{ k3s_os_distribution }}-{{ k3s_os_version }}"
|
||||
k3s_os_family: "{{ ansible_os_family | replace(' ', '-') | lower }}"
|
||||
|
||||
# Packages that we need to check are installed
|
||||
k3s_check_packages: []
|
||||
k3s_check_packages:
|
||||
debian-11:
|
||||
- name: iptables-legacy
|
||||
from: 1.19.2
|
||||
# until: 1.22.2
|
||||
documentation: https://rancher.com/docs/k3s/latest/en/advanced/#enabling-legacy-iptables-on-raspbian-buster
|
||||
# - name: dummy
|
||||
# from: 1.19.2
|
||||
# until: 1.21.0
|
||||
|
|
Loading…
Reference in a new issue