Merge pull request #167 from PyratLabs/multiple-bugfixes-and-features

Multiple bugfixes and features
This commit is contained in:
Xan Manning 2021-12-20 21:46:53 +00:00 committed by GitHub
commit c287bef9cd
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
25 changed files with 116 additions and 47 deletions

View file

@ -59,6 +59,7 @@ jobs:
- name: Run Molecule tests
run: molecule test --scenario-name "${{ matrix.scenario }}"
# continue-on-error: true
env:
PY_COLORS: '1'
ANSIBLE_FORCE_COLOR: '1'

View file

@ -88,17 +88,23 @@ The below variables change how and when the systemd service unit file for K3S
is run. Use this with caution, please refer to the [systemd documentation](https://www.freedesktop.org/software/systemd/man/systemd.unit.html#%5BUnit%5D%20Section%20Options)
for more information.
| Variable | Description | Default Value |
|------------------------|----------------------------------------------------------------|---------------|
| `k3s_start_on_boot` | Start k3s on boot. | `true` |
| `k3s_service_requires` | List of required systemd units to k3s service unit. | [] |
| `k3s_service_wants` | List of "wanted" systemd unit to k3s (weaker than "requires"). | []\* |
| `k3s_service_before` | Start k3s before a defined list of systemd units. | [] |
| `k3s_service_after` | Start k3s after a defined list of systemd units. | []\* |
| Variable | Description | Default Value |
|------------------------|----------------------------------------------------------------------|---------------|
| `k3s_start_on_boot` | Start k3s on boot. | `true` |
| `k3s_service_requires` | List of required systemd units to k3s service unit. | [] |
| `k3s_service_wants` | List of "wanted" systemd unit to k3s (weaker than "requires"). | []\* |
| `k3s_service_before` | Start k3s before a defined list of systemd units. | [] |
| `k3s_service_after` | Start k3s after a defined list of systemd units. | []\* |
| `k3s_service_env_vars` | Dictionary of environment variables to use within systemd unit file. | {} |
| `k3s_service_env_file` | Location on host of a environment file to include. | `false`\*\* |
\* The systemd unit template **always** specifies `network-online.target` for
`wants` and `after`.
\*\* The file must already exist on the target host, this role will not create
nor manage the file. You can manage this file outside of the role with
pre-tasks in your Ansible playbook.
### Group/Host Variables
Below are variables that are set against individual or groups of play hosts.

View file

@ -91,6 +91,17 @@ k3s_service_before: []
# Start k3s after a defined list of systemd units.
k3s_service_after: []
# Dictionary of environment variables to use within systemd unit file
# Some examples below
k3s_service_env_vars: {}
# PATH: /opt/k3s/bin
# GOGC: 10
# Location on host of a environment file to include. This must already exist on
# the target as this role will not populate this file.
k3s_service_env_file: false
##
# Server Configuration
##

View file

@ -18,5 +18,7 @@
k3s_server_manifests_urls:
- url: https://raw.githubusercontent.com/metallb/metallb/v0.9.6/manifests/namespace.yaml
filename: 05-metallb-namespace.yml
k3s_service_env_vars:
GOGC: 10
roles:
- role: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') | basename }}"

View file

@ -3,8 +3,10 @@
hosts: node*
become: true
tasks:
- name: Ensure apt cache is updated
- name: Ensure apt cache is updated and iptables is installed
ansible.builtin.apt:
name: iptables
state: present
update_cache: true
when: ansible_pkg_mgr == 'apt'

View file

@ -2,7 +2,9 @@
- name: Prepare
hosts: all
tasks:
- name: Ensure apt cache is updated
- name: Ensure apt cache is updated and iptables is installed
ansible.builtin.apt:
name: iptables
state: present
update_cache: true
when: ansible_pkg_mgr == 'apt'

View file

@ -2,7 +2,9 @@
- name: Prepare
hosts: all
tasks:
- name: Ensure apt cache is updated
- name: Ensure apt cache is updated and iptables is installed
ansible.builtin.apt:
name: iptables
state: present
update_cache: true
when: ansible_pkg_mgr == 'apt'

View file

@ -2,7 +2,9 @@
- name: Prepare
hosts: all
tasks:
- name: Ensure apt cache is updated
- name: Ensure apt cache is updated and iptables is installed
ansible.builtin.apt:
name: iptables
state: present
update_cache: true
when: ansible_pkg_mgr == 'apt'

View file

@ -10,6 +10,7 @@
datastore-endpoint: "postgres://postgres:verybadpass@database:5432/postgres?sslmode=disable"
k3s_agent:
snapshotter: native
k3s_service_env_file: /tmp/k3s.env
pre_tasks:
- name: Set each node to be a control node
ansible.builtin.set_fact:

View file

@ -33,7 +33,16 @@
- name: Prepare nodes
hosts: node*
tasks:
- name: Ensure apt cache is updated
- name: Ensure apt cache is updated and iptables is installed
ansible.builtin.apt:
name: iptables
state: present
update_cache: true
when: ansible_pkg_mgr == 'apt'
- name: Ensure environment file exists for k3s_service_env_file
ansible.builtin.lineinfile:
path: /tmp/k3s.env
line: "THISHOST={{ ansible_hostname }}"
mode: 0644
create: true

View file

@ -33,8 +33,10 @@
- name: Prepare nodes
hosts: node*
tasks:
- name: Ensure apt cache is updated
- name: Ensure apt cache is updated and iptables is installed
ansible.builtin.apt:
name: iptables
state: present
update_cache: true
when: ansible_pkg_mgr == 'apt'

View file

@ -2,7 +2,9 @@
- name: Prepare
hosts: all
tasks:
- name: Ensure apt cache is updated
- name: Ensure apt cache is updated and iptables is installed
ansible.builtin.apt:
name: iptables
state: present
update_cache: true
when: ansible_pkg_mgr == 'apt'

View file

@ -6,7 +6,7 @@
- apt-transport-https
- ca-certificates
- curl
- "{{ 'gnupg2' if ansible_distribution == 'Debian' else 'gnupg-agent' }}"
- "{{ 'gnupg2' if k3s_os_distribution == 'debian' else 'gnupg-agent' }}"
- software-properties-common
state: present
register: ensure_docker_prerequisites_installed
@ -17,13 +17,13 @@
- name: Ensure Docker APT key is present
ansible.builtin.apt_key:
url: https://download.docker.com/linux/{{ ansible_distribution | lower }}/gpg
url: https://download.docker.com/linux/{{ k3s_os_distribution }}/gpg
state: present
become: "{{ k3s_become_for_package_install | ternary(true, false, k3s_become_for_all) }}"
- name: Ensure Docker repository is installed and configured
ansible.builtin.apt_repository:
filename: docker-ce
repo: "deb https://download.docker.com/linux/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} stable"
repo: "deb https://download.docker.com/linux/{{ k3s_os_distribution }} {{ ansible_distribution_release }} stable"
update_cache: true
become: "{{ k3s_become_for_package_install | ternary(true, false, k3s_become_for_all) }}"

View file

@ -26,7 +26,7 @@
- name: Check to see if Docker repository is available for this distribution
ansible.builtin.uri:
url: "https://download.docker.com/linux/{{ ansible_distribution | lower }}/{{ ansible_distribution_major_version }}"
url: "https://download.docker.com/linux/{{ k3s_os_distribution }}/{{ ansible_distribution_major_version }}"
register: k3s_redhat_repo_check
failed_when: false
changed_when: false
@ -35,13 +35,13 @@
ansible.builtin.yum_repository:
name: docker-ce
description: Docker CE Repository
baseurl: https://download.docker.com/linux/{{ ansible_distribution | lower }}/{{ ansible_distribution_major_version }}/$basearch/stable
gpgkey: https://download.docker.com/linux/{{ ansible_distribution | lower }}/gpg
baseurl: https://download.docker.com/linux/{{ k3s_os_distribution }}/{{ ansible_distribution_major_version }}/$basearch/stable
gpgkey: https://download.docker.com/linux/{{ k3s_os_distribution }}/gpg
enabled: true
gpgcheck: true
state: present
when:
- ansible_distribution | lower not in ['amazon']
- k3s_os_distribution not in ['amazon']
- k3s_redhat_repo_check.status == 200
become: "{{ k3s_become_for_package_install | ternary(true, false, k3s_become_for_all) }}"
@ -51,6 +51,6 @@
args:
creates: /etc/yum.repos.d/docker-ce.repo
when:
- ansible_distribution | lower not in ['amazon']
- k3s_os_distribution not in ['amazon']
- k3s_redhat_repo_check.status != 200
become: "{{ k3s_become_for_package_install | ternary(true, false, k3s_become_for_all) }}"

View file

@ -17,6 +17,11 @@
- include_tasks: install-k3s-node.yml
when: k3s_build_cluster
- name: Determine if the systems are already clustered
ansible.builtin.stat:
path: "{{ k3s_token_location }}"
register: k3s_token_cluster_check
- name: Ensure k3s initial control plane server is started
ansible.builtin.systemd:
name: k3s
@ -29,4 +34,5 @@
- not ansible_check_mode
when: (k3s_control_node and k3s_controller_list | length == 1)
or (k3s_primary_control_node and k3s_controller_list | length > 1)
or k3s_token_cluster_check.stat.exists
become: "{{ k3s_become_for_systemd | ternary(true, false, k3s_become_for_all) }}"

View file

@ -17,13 +17,13 @@
- name: Ensure docker installation tasks are run
block:
- include_tasks: build/docker/{{ ansible_os_family | lower }}/install-prerequisites.yml
- include_tasks: build/docker/{{ k3s_os_family }}/install-prerequisites.yml
- import_tasks: build/docker/install.yml
when: ansible_distribution | replace(" ", "-") | lower not in ['amazon', 'suse', 'opensuse-leap', 'archlinux']
when: k3s_os_distribution not in ['amazon', 'suse', 'opensuse-leap', 'archlinux']
- include_tasks: build/docker/{{ ansible_distribution | replace(" ", "-") | lower }}/install.yml
when: ansible_distribution | replace(" ", "-") | lower in ['amazon', 'suse', 'opensuse-leap', 'archlinux']
- include_tasks: build/docker/{{ k3s_os_distribution }}/install.yml
when: k3s_os_distribution in ['amazon', 'suse', 'opensuse-leap', 'archlinux']
when:
- ('docker' in k3s_runtime_config and k3s_runtime_config.docker)

View file

@ -10,12 +10,12 @@
block:
- import_tasks: teardown/docker/uninstall.yml
when: ansible_distribution | replace(" ", "-") | lower not in ['amazon', 'suse', 'opensuse-leap', 'archlinux']
when: k3s_os_distribution not in ['amazon', 'suse', 'opensuse-leap', 'archlinux']
- include_tasks: teardown/docker/{{ ansible_distribution | replace(" ", "-") | lower }}/uninstall.yml
when: ansible_distribution | replace(" ", "-") | lower in ['amazon', 'suse', 'opensuse-leap', 'archlinux']
- include_tasks: teardown/docker/{{ k3s_os_distribution }}/uninstall.yml
when: k3s_os_distribution in ['amazon', 'suse', 'opensuse-leap', 'archlinux']
- include_tasks: teardown/docker/{{ ansible_os_family | lower }}/uninstall-prerequisites.yml
- include_tasks: teardown/docker/{{ k3s_os_family }}/uninstall-prerequisites.yml
when:
- ('docker' in k3s_runtime_config and k3s_runtime_config.docker)

View file

@ -3,13 +3,13 @@
- name: Ensure Docker repository is uninstalled
ansible.builtin.apt_repository:
filename: docker-ce
repo: "deb https://download.docker.com/linux/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} stable"
repo: "deb https://download.docker.com/linux/{{ k3s_os_distribution }} {{ ansible_distribution_release }} stable"
update_cache: false
state: absent
become: "{{ k3s_become_for_uninstall | ternary(true, false, k3s_become_for_all) }}"
- name: Ensure Docker APT key is uninstalled
ansible.builtin.apt_key:
url: https://download.docker.com/linux/{{ ansible_distribution | lower }}/gpg
url: https://download.docker.com/linux/{{ k3s_os_distribution }}/gpg
state: absent
become: "{{ k3s_become_for_uninstall | ternary(true, false, k3s_become_for_all) }}"

View file

@ -4,10 +4,10 @@
ansible.builtin.yum_repository:
name: docker-ce
description: Docker CE Repository
baseurl: https://download.docker.com/linux/{{ ansible_distribution | lower }}/{{ ansible_distribution_major_version }}/$basearch/stable
gpgkey: https://download.docker.com/linux/{{ ansible_distribution | lower }}/gpg
baseurl: https://download.docker.com/linux/{{ k3s_os_distribution }}/{{ ansible_distribution_major_version }}/$basearch/stable
gpgkey: https://download.docker.com/linux/{{ k3s_os_distribution }}/gpg
enabled: false
gpgcheck: true
state: absent
when: ansible_distribution | lower not in ['amazon']
when: k3s_os_distribution not in ['amazon']
become: "{{ k3s_become_for_uninstall | ternary(true, false, k3s_become_for_all) }}"

View file

@ -50,7 +50,7 @@
ansible.builtin.assert:
that:
- k3s_get_unprivileged_userns_clone['content'] | b64decode | int == 1
- k3s_get_max_user_namespaces['content'] | b64decode | int >= 28633
- ((k3s_get_max_user_namespaces['content'] | b64decode | int >= 28633) or (k3s_os_family != "redhat"))
- k3s_current_user_subuid != "UserNotFound:0:0"
- k3s_current_user_subgid != "UserNotFound:0:0"
- k3s_current_user_subuid.split(':')[2] | int >= 65536

View file

@ -18,7 +18,8 @@
Documentation: {{ package.documentation }}
{% endif %}
when:
- check_k3s_required_package.rc is defined
- (package.until is not defined
or k3s_release_version is version_compare(package.until, '>='))
or (k3s_release_version | replace('v', '')) is version_compare(package.until, '>='))
- (package.from is not defined
or k3s_release_version is version_compare(package.from, '>='))
or (k3s_release_version | replace('v', '')) is version_compare(package.from, '>='))

View file

@ -1,5 +1,14 @@
---
- include_tasks: environment/remote/packages.yml
loop: "{{ k3s_check_packages[k3s_os_distribution_version] }}"
loop_control:
loop_var: package
when:
- not k3s_skip_validation
- not k3s_skip_env_checks
- k3s_check_packages[k3s_os_distribution_version] is defined
- import_tasks: configuration/variables.yml
- import_tasks: configuration/experimental-variables.yml

View file

@ -21,14 +21,6 @@
- not k3s_skip_validation
- not k3s_skip_env_checks
- include_tasks: environment/remote/packages.yml
loop: "{{ k3s_check_packages }}"
loop_control:
loop_var: package
when:
- not k3s_skip_validation
- not k3s_skip_env_checks
- include_tasks: environment/local/issue-data.yml
when:
- pyratlabs_issue_controller_dump is defined

View file

@ -18,6 +18,14 @@ After={{ after_unit }}
[Service]
Type={{ 'notify' if k3s_control_node else 'exec' }}
{% if k3s_service_env_vars is defined and k3s_service_env_vars is iterable %}
{% for env_var in k3s_service_env_vars %}
Environent={{ env_var }}={{ k3s_service_env_vars[env_var] }}
{% endfor %}
{% endif %}
{% if k3s_service_env_file is defined and k3s_service_env_file %}
EnvironmentFile={{ k3s_service_env_file }}
{% endif %}
ExecStartPre=-/sbin/modprobe br_netfilter
ExecStartPre=-/sbin/modprobe overlay
{% filter regex_replace('\s+', ' ') %}

View file

@ -88,8 +88,19 @@ k3s_server_manifests_dir: "{{ k3s_data_dir }}/server/manifests"
# https://github.com/k3s-io/k3s/pull/1691
k3s_server_pod_manifests_dir: "{{ k3s_data_dir }}/agent/pod-manifests"
# OS formatted strings
k3s_os_distribution: "{{ ansible_distribution | replace(' ', '-') | lower }}"
k3s_os_version: "{{ ansible_distribution_version | replace([' ', '.'], '-') | lower }}"
k3s_os_distribution_version: "{{ k3s_os_distribution }}-{{ k3s_os_version }}"
k3s_os_family: "{{ ansible_os_family | replace(' ', '-') | lower }}"
# Packages that we need to check are installed
k3s_check_packages: []
k3s_check_packages:
debian-11:
- name: iptables-legacy
from: 1.19.2
# until: 1.22.2
documentation: https://rancher.com/docs/k3s/latest/en/advanced/#enabling-legacy-iptables-on-raspbian-buster
# - name: dummy
# from: 1.19.2
# until: 1.21.0