Merge pull request #167 from PyratLabs/multiple-bugfixes-and-features

Multiple bugfixes and features
2024-12-13 14:30:17 +01:00 · 2021-12-20 21:46:53 +00:00 · 2021-12-20 21:46:53 +00:00 · c287bef9cd
commit c287bef9cd
parent 4269e25e6b 59f0a2152e
25 changed files with 116 additions and 47 deletions
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@ -59,6 +59,7 @@ jobs:
      - name: Run Molecule tests
        run: molecule test --scenario-name "${{ matrix.scenario }}"
        # continue-on-error: true
        env:
          PY_COLORS: '1'
          ANSIBLE_FORCE_COLOR: '1'
--- a/README.md
+++ b/README.md
@ -88,17 +88,23 @@ The below variables change how and when the systemd service unit file for K3S
 is run. Use this with caution, please refer to the [systemd documentation](https://www.freedesktop.org/software/systemd/man/systemd.unit.html#%5BUnit%5D%20Section%20Options)
 for more information.
-| Variable               | Description                                                    | Default Value |
+| Variable               | Description                                                          | Default Value |
-|------------------------|----------------------------------------------------------------|---------------|
+|------------------------|----------------------------------------------------------------------|---------------|
-| `k3s_start_on_boot`    | Start k3s on boot.                                             | `true`        |
+| `k3s_start_on_boot`    | Start k3s on boot.                                                   | `true`        |
-| `k3s_service_requires` | List of required systemd units to k3s service unit.            | []            |
+| `k3s_service_requires` | List of required systemd units to k3s service unit.                  | []            |
-| `k3s_service_wants`    | List of "wanted" systemd unit to k3s (weaker than "requires"). | []\*          |
+| `k3s_service_wants`    | List of "wanted" systemd unit to k3s (weaker than "requires").       | []\*          |
-| `k3s_service_before`   | Start k3s before a defined list of systemd units.              | []            |
+| `k3s_service_before`   | Start k3s before a defined list of systemd units.                    | []            |
-| `k3s_service_after`    | Start k3s after a defined list of systemd units.               | []\*          |
+| `k3s_service_after`    | Start k3s after a defined list of systemd units.                     | []\*          |
 | `k3s_service_env_vars` | Dictionary of environment variables to use within systemd unit file. | {}            |
 | `k3s_service_env_file` | Location on host of a environment file to include.                   | `false`\*\*   |
 \* The systemd unit template **always** specifies `network-online.target` for
 `wants` and `after`.
 \*\* The file must already exist on the target host, this role will not create
 nor manage the file. You can manage this file outside of the role with
 pre-tasks in your Ansible playbook.
 ### Group/Host Variables
 Below are variables that are set against individual or groups of play hosts.
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -91,6 +91,17 @@ k3s_service_before: []
 # Start k3s after a defined list of systemd units.
 k3s_service_after: []
 # Dictionary of environment variables to use within systemd unit file
 # Some examples below
 k3s_service_env_vars: {}
 #  PATH: /opt/k3s/bin
 #  GOGC: 10
 # Location on host of a environment file to include. This must already exist on
 # the target as this role will not populate this file.
 k3s_service_env_file: false
 ##
 # Server Configuration
 ##
--- a/molecule/autodeploy/converge.yml
+++ b/molecule/autodeploy/converge.yml
@ -18,5 +18,7 @@
    k3s_server_manifests_urls:
      - url: https://raw.githubusercontent.com/metallb/metallb/v0.9.6/manifests/namespace.yaml
        filename: 05-metallb-namespace.yml
    k3s_service_env_vars:
      GOGC: 10
  roles:
    - role: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') | basename }}"
--- a/molecule/autodeploy/prepare.yml
+++ b/molecule/autodeploy/prepare.yml
@ -3,8 +3,10 @@
  hosts: node*
  become: true
  tasks:
-    - name: Ensure apt cache is updated
+    - name: Ensure apt cache is updated and iptables is installed
      ansible.builtin.apt:
        name: iptables
        state: present
        update_cache: true
      when: ansible_pkg_mgr == 'apt'
--- a/molecule/debug/prepare.yml
+++ b/molecule/debug/prepare.yml
@ -2,7 +2,9 @@
 - name: Prepare
  hosts: all
  tasks:
-    - name: Ensure apt cache is updated
+    - name: Ensure apt cache is updated and iptables is installed
      ansible.builtin.apt:
        name: iptables
        state: present
        update_cache: true
      when: ansible_pkg_mgr == 'apt'
--- a/molecule/default/prepare.yml
+++ b/molecule/default/prepare.yml
@ -2,7 +2,9 @@
 - name: Prepare
  hosts: all
  tasks:
-    - name: Ensure apt cache is updated
+    - name: Ensure apt cache is updated and iptables is installed
      ansible.builtin.apt:
        name: iptables
        state: present
        update_cache: true
      when: ansible_pkg_mgr == 'apt'
--- a/molecule/docker/prepare.yml
+++ b/molecule/docker/prepare.yml
@ -2,7 +2,9 @@
 - name: Prepare
  hosts: all
  tasks:
-    - name: Ensure apt cache is updated
+    - name: Ensure apt cache is updated and iptables is installed
      ansible.builtin.apt:
        name: iptables
        state: present
        update_cache: true
      when: ansible_pkg_mgr == 'apt'
--- a/molecule/highavailabilitydb/converge.yml
+++ b/molecule/highavailabilitydb/converge.yml
@ -10,6 +10,7 @@
      datastore-endpoint: "postgres://postgres:verybadpass@database:5432/postgres?sslmode=disable"
    k3s_agent:
      snapshotter: native
    k3s_service_env_file: /tmp/k3s.env
  pre_tasks:
    - name: Set each node to be a control node
      ansible.builtin.set_fact:
--- a/molecule/highavailabilitydb/prepare.yml
+++ b/molecule/highavailabilitydb/prepare.yml
@ -33,7 +33,16 @@
 - name: Prepare nodes
  hosts: node*
  tasks:
-    - name: Ensure apt cache is updated
+    - name: Ensure apt cache is updated and iptables is installed
      ansible.builtin.apt:
        name: iptables
        state: present
        update_cache: true
      when: ansible_pkg_mgr == 'apt'
    - name: Ensure environment file exists for k3s_service_env_file
      ansible.builtin.lineinfile:
        path: /tmp/k3s.env
        line: "THISHOST={{ ansible_hostname }}"
        mode: 0644
        create: true
--- a/molecule/highavailabilityetcd/prepare.yml
+++ b/molecule/highavailabilityetcd/prepare.yml
@ -33,8 +33,10 @@
 - name: Prepare nodes
  hosts: node*
  tasks:
-    - name: Ensure apt cache is updated
+    - name: Ensure apt cache is updated and iptables is installed
      ansible.builtin.apt:
        name: iptables
        state: present
        update_cache: true
      when: ansible_pkg_mgr == 'apt'
--- a/molecule/nodeploy/prepare.yml
+++ b/molecule/nodeploy/prepare.yml
@ -2,7 +2,9 @@
 - name: Prepare
  hosts: all
  tasks:
-    - name: Ensure apt cache is updated
+    - name: Ensure apt cache is updated and iptables is installed
      ansible.builtin.apt:
        name: iptables
        state: present
        update_cache: true
      when: ansible_pkg_mgr == 'apt'
--- a/tasks/build/docker/debian/install-prerequisites.yml
+++ b/tasks/build/docker/debian/install-prerequisites.yml
@ -6,7 +6,7 @@
      - apt-transport-https
      - ca-certificates
      - curl
-      - "{{ 'gnupg2' if ansible_distribution == 'Debian' else 'gnupg-agent' }}"
+      - "{{ 'gnupg2' if k3s_os_distribution == 'debian' else 'gnupg-agent' }}"
      - software-properties-common
    state: present
  register: ensure_docker_prerequisites_installed
@ -17,13 +17,13 @@
 - name: Ensure Docker APT key is present
  ansible.builtin.apt_key:
-    url: https://download.docker.com/linux/{{ ansible_distribution | lower }}/gpg
+    url: https://download.docker.com/linux/{{ k3s_os_distribution }}/gpg
    state: present
  become: "{{ k3s_become_for_package_install | ternary(true, false, k3s_become_for_all) }}"
 - name: Ensure Docker repository is installed and configured
  ansible.builtin.apt_repository:
    filename: docker-ce
-    repo: "deb https://download.docker.com/linux/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} stable"
+    repo: "deb https://download.docker.com/linux/{{ k3s_os_distribution }} {{ ansible_distribution_release }} stable"
    update_cache: true
  become: "{{ k3s_become_for_package_install | ternary(true, false, k3s_become_for_all) }}"
--- a/tasks/build/docker/redhat/install-prerequisites.yml
+++ b/tasks/build/docker/redhat/install-prerequisites.yml
@ -26,7 +26,7 @@
 - name: Check to see if Docker repository is available for this distribution
  ansible.builtin.uri:
-    url: "https://download.docker.com/linux/{{ ansible_distribution | lower }}/{{ ansible_distribution_major_version }}"
+    url: "https://download.docker.com/linux/{{ k3s_os_distribution }}/{{ ansible_distribution_major_version }}"
  register: k3s_redhat_repo_check
  failed_when: false
  changed_when: false
@ -35,13 +35,13 @@
  ansible.builtin.yum_repository:
    name: docker-ce
    description: Docker CE Repository
-    baseurl: https://download.docker.com/linux/{{ ansible_distribution | lower }}/{{ ansible_distribution_major_version }}/$basearch/stable
+    baseurl: https://download.docker.com/linux/{{ k3s_os_distribution }}/{{ ansible_distribution_major_version }}/$basearch/stable
-    gpgkey: https://download.docker.com/linux/{{ ansible_distribution | lower }}/gpg
+    gpgkey: https://download.docker.com/linux/{{ k3s_os_distribution }}/gpg
    enabled: true
    gpgcheck: true
    state: present
  when:
-    - ansible_distribution | lower not in ['amazon']
+    - k3s_os_distribution not in ['amazon']
    - k3s_redhat_repo_check.status == 200
  become: "{{ k3s_become_for_package_install | ternary(true, false, k3s_become_for_all) }}"
@ -51,6 +51,6 @@
  args:
    creates: /etc/yum.repos.d/docker-ce.repo
  when:
-    - ansible_distribution | lower not in ['amazon']
+    - k3s_os_distribution not in ['amazon']
    - k3s_redhat_repo_check.status != 200
  become: "{{ k3s_become_for_package_install | ternary(true, false, k3s_become_for_all) }}"
--- a/tasks/build/install-k3s.yml
+++ b/tasks/build/install-k3s.yml
@ -17,6 +17,11 @@
 - include_tasks: install-k3s-node.yml
  when: k3s_build_cluster
 - name: Determine if the systems are already clustered
  ansible.builtin.stat:
    path: "{{ k3s_token_location }}"
  register: k3s_token_cluster_check
 - name: Ensure k3s initial control plane server is started
  ansible.builtin.systemd:
    name: k3s
@ -29,4 +34,5 @@
    - not ansible_check_mode
  when: (k3s_control_node and k3s_controller_list | length == 1)
        or (k3s_primary_control_node and k3s_controller_list | length > 1)
        or k3s_token_cluster_check.stat.exists
  become: "{{ k3s_become_for_systemd | ternary(true, false, k3s_become_for_all) }}"
--- a/tasks/state-installed.yml
+++ b/tasks/state-installed.yml
@ -17,13 +17,13 @@
 - name: Ensure docker installation tasks are run
  block:
-    - include_tasks: build/docker/{{ ansible_os_family | lower }}/install-prerequisites.yml
+    - include_tasks: build/docker/{{ k3s_os_family }}/install-prerequisites.yml
    - import_tasks: build/docker/install.yml
-      when: ansible_distribution | replace(" ", "-") | lower not in ['amazon', 'suse', 'opensuse-leap', 'archlinux']
+      when: k3s_os_distribution not in ['amazon', 'suse', 'opensuse-leap', 'archlinux']
-    - include_tasks: build/docker/{{ ansible_distribution | replace(" ", "-") | lower }}/install.yml
+    - include_tasks: build/docker/{{ k3s_os_distribution }}/install.yml
-      when: ansible_distribution | replace(" ", "-") | lower in ['amazon', 'suse', 'opensuse-leap', 'archlinux']
+      when: k3s_os_distribution in ['amazon', 'suse', 'opensuse-leap', 'archlinux']
  when:
    - ('docker' in k3s_runtime_config and k3s_runtime_config.docker)
--- a/tasks/state-uninstalled.yml
+++ b/tasks/state-uninstalled.yml
@ -10,12 +10,12 @@
  block:
    - import_tasks: teardown/docker/uninstall.yml
-      when: ansible_distribution | replace(" ", "-") | lower not in ['amazon', 'suse', 'opensuse-leap', 'archlinux']
+      when: k3s_os_distribution not in ['amazon', 'suse', 'opensuse-leap', 'archlinux']
-    - include_tasks: teardown/docker/{{ ansible_distribution | replace(" ", "-") | lower }}/uninstall.yml
+    - include_tasks: teardown/docker/{{ k3s_os_distribution }}/uninstall.yml
-      when: ansible_distribution | replace(" ", "-") | lower in ['amazon', 'suse', 'opensuse-leap', 'archlinux']
+      when: k3s_os_distribution in ['amazon', 'suse', 'opensuse-leap', 'archlinux']
-    - include_tasks: teardown/docker/{{ ansible_os_family | lower }}/uninstall-prerequisites.yml
+    - include_tasks: teardown/docker/{{ k3s_os_family }}/uninstall-prerequisites.yml
  when:
    - ('docker' in k3s_runtime_config and k3s_runtime_config.docker)
--- a/tasks/teardown/docker/debian/uninstall-prerequisites.yml
+++ b/tasks/teardown/docker/debian/uninstall-prerequisites.yml
@ -3,13 +3,13 @@
 - name: Ensure Docker repository is uninstalled
  ansible.builtin.apt_repository:
    filename: docker-ce
-    repo: "deb https://download.docker.com/linux/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} stable"
+    repo: "deb https://download.docker.com/linux/{{ k3s_os_distribution }} {{ ansible_distribution_release }} stable"
    update_cache: false
    state: absent
  become: "{{ k3s_become_for_uninstall | ternary(true, false, k3s_become_for_all) }}"
 - name: Ensure Docker APT key is uninstalled
  ansible.builtin.apt_key:
-    url: https://download.docker.com/linux/{{ ansible_distribution | lower }}/gpg
+    url: https://download.docker.com/linux/{{ k3s_os_distribution }}/gpg
    state: absent
  become: "{{ k3s_become_for_uninstall | ternary(true, false, k3s_become_for_all) }}"
--- a/tasks/teardown/docker/redhat/uninstall-prerequisites.yml
+++ b/tasks/teardown/docker/redhat/uninstall-prerequisites.yml
@ -4,10 +4,10 @@
  ansible.builtin.yum_repository:
    name: docker-ce
    description: Docker CE Repository
-    baseurl: https://download.docker.com/linux/{{ ansible_distribution | lower }}/{{ ansible_distribution_major_version }}/$basearch/stable
+    baseurl: https://download.docker.com/linux/{{ k3s_os_distribution }}/{{ ansible_distribution_major_version }}/$basearch/stable
-    gpgkey: https://download.docker.com/linux/{{ ansible_distribution | lower }}/gpg
+    gpgkey: https://download.docker.com/linux/{{ k3s_os_distribution }}/gpg
    enabled: false
    gpgcheck: true
    state: absent
-  when: ansible_distribution | lower not in ['amazon']
+  when: k3s_os_distribution not in ['amazon']
  become: "{{ k3s_become_for_uninstall | ternary(true, false, k3s_become_for_all) }}"
--- a/tasks/validate/configuration/unsupported-rootless.yml
+++ b/tasks/validate/configuration/unsupported-rootless.yml
@ -50,7 +50,7 @@
  ansible.builtin.assert:
    that:
      - k3s_get_unprivileged_userns_clone['content'] | b64decode | int == 1
-      - k3s_get_max_user_namespaces['content'] | b64decode | int >= 28633
+      - ((k3s_get_max_user_namespaces['content'] | b64decode | int >= 28633) or (k3s_os_family != "redhat"))
      - k3s_current_user_subuid != "UserNotFound:0:0"
      - k3s_current_user_subgid != "UserNotFound:0:0"
      - k3s_current_user_subuid.split(':')[2] | int >= 65536
--- a/tasks/validate/environment/remote/packages.yml
+++ b/tasks/validate/environment/remote/packages.yml
@ -18,7 +18,8 @@
      Documentation: {{ package.documentation }}
      {% endif %}
  when:
    - check_k3s_required_package.rc is defined
    - (package.until is not defined
-       or k3s_release_version is version_compare(package.until, '>='))
+       or (k3s_release_version | replace('v', '')) is version_compare(package.until, '>='))
    - (package.from is not defined
-       or k3s_release_version is version_compare(package.from, '>='))
+       or (k3s_release_version | replace('v', '')) is version_compare(package.from, '>='))
--- a/tasks/validate/main.yml
+++ b/tasks/validate/main.yml
@ -1,5 +1,14 @@
 ---
 - include_tasks: environment/remote/packages.yml
  loop: "{{ k3s_check_packages[k3s_os_distribution_version] }}"
  loop_control:
    loop_var: package
  when:
    - not k3s_skip_validation
    - not k3s_skip_env_checks
    - k3s_check_packages[k3s_os_distribution_version] is defined
 - import_tasks: configuration/variables.yml
 - import_tasks: configuration/experimental-variables.yml
--- a/tasks/validate/pre-flight.yml
+++ b/tasks/validate/pre-flight.yml
@ -21,14 +21,6 @@
    - not k3s_skip_validation
    - not k3s_skip_env_checks
 - include_tasks: environment/remote/packages.yml
  loop: "{{ k3s_check_packages }}"
  loop_control:
    loop_var: package
  when:
    - not k3s_skip_validation
    - not k3s_skip_env_checks
 - include_tasks: environment/local/issue-data.yml
  when:
    - pyratlabs_issue_controller_dump is defined
--- a/templates/k3s.service.j2
+++ b/templates/k3s.service.j2
@ -18,6 +18,14 @@ After={{ after_unit }}
 [Service]
 Type={{ 'notify' if k3s_control_node else 'exec' }}
 {% if k3s_service_env_vars is defined and k3s_service_env_vars is iterable %}
 {% for env_var in k3s_service_env_vars %}
 Environent={{ env_var }}={{ k3s_service_env_vars[env_var] }}
 {% endfor %}
 {% endif %}
 {% if k3s_service_env_file is defined and k3s_service_env_file %}
 EnvironmentFile={{ k3s_service_env_file }}
 {% endif %}
 ExecStartPre=-/sbin/modprobe br_netfilter
 ExecStartPre=-/sbin/modprobe overlay
 {% filter regex_replace('\s+', ' ') %}
--- a/vars/main.yml
+++ b/vars/main.yml
@ -88,8 +88,19 @@ k3s_server_manifests_dir: "{{ k3s_data_dir }}/server/manifests"
 # https://github.com/k3s-io/k3s/pull/1691
 k3s_server_pod_manifests_dir: "{{ k3s_data_dir }}/agent/pod-manifests"
 # OS formatted strings
 k3s_os_distribution: "{{ ansible_distribution | replace(' ', '-') | lower }}"
 k3s_os_version: "{{ ansible_distribution_version | replace([' ', '.'], '-') | lower }}"
 k3s_os_distribution_version: "{{ k3s_os_distribution }}-{{ k3s_os_version }}"
 k3s_os_family: "{{ ansible_os_family | replace(' ', '-') | lower }}"
 # Packages that we need to check are installed
-k3s_check_packages: []
+k3s_check_packages:
  debian-11:
    - name: iptables-legacy
      from: 1.19.2
      # until: 1.22.2
      documentation: https://rancher.com/docs/k3s/latest/en/advanced/#enabling-legacy-iptables-on-raspbian-buster
 # - name: dummy
 #   from: 1.19.2
 #   until: 1.21.0