fix(rootless): attempt to resolve rootless issues in debian #161

tasks/build/docker/debian/install-prerequisites.yml

@@ -6,7 +6,7 @@
       - apt-transport-https
       - ca-certificates
       - curl
-      - "{{ 'gnupg2' if ansible_distribution == 'Debian' else 'gnupg-agent' }}"
+      - "{{ 'gnupg2' if k3s_os_distribution == 'debian' else 'gnupg-agent' }}"
       - software-properties-common
     state: present
   register: ensure_docker_prerequisites_installed
@@ -17,13 +17,13 @@
 
 - name: Ensure Docker APT key is present
   ansible.builtin.apt_key:
-    url: https://download.docker.com/linux/{{ ansible_distribution | lower }}/gpg
+    url: https://download.docker.com/linux/{{ k3s_os_distribution }}/gpg
     state: present
   become: "{{ k3s_become_for_package_install | ternary(true, false, k3s_become_for_all) }}"
 
 - name: Ensure Docker repository is installed and configured
   ansible.builtin.apt_repository:
     filename: docker-ce
-    repo: "deb https://download.docker.com/linux/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} stable"
+    repo: "deb https://download.docker.com/linux/{{ k3s_os_distribution }} {{ ansible_distribution_release }} stable"
     update_cache: true
   become: "{{ k3s_become_for_package_install | ternary(true, false, k3s_become_for_all) }}"

tasks/build/docker/redhat/install-prerequisites.yml

@@ -26,7 +26,7 @@
 
 - name: Check to see if Docker repository is available for this distribution
   ansible.builtin.uri:
-    url: "https://download.docker.com/linux/{{ ansible_distribution | lower }}/{{ ansible_distribution_major_version }}"
+    url: "https://download.docker.com/linux/{{ k3s_os_distribution }}/{{ ansible_distribution_major_version }}"
   register: k3s_redhat_repo_check
   failed_when: false
   changed_when: false
@@ -35,13 +35,13 @@
   ansible.builtin.yum_repository:
     name: docker-ce
     description: Docker CE Repository
-    baseurl: https://download.docker.com/linux/{{ ansible_distribution | lower }}/{{ ansible_distribution_major_version }}/$basearch/stable
-    gpgkey: https://download.docker.com/linux/{{ ansible_distribution | lower }}/gpg
+    baseurl: https://download.docker.com/linux/{{ k3s_os_distribution }}/{{ ansible_distribution_major_version }}/$basearch/stable
+    gpgkey: https://download.docker.com/linux/{{ k3s_os_distribution }}/gpg
     enabled: true
     gpgcheck: true
     state: present
   when:
-    - ansible_distribution | lower not in ['amazon']
+    - k3s_os_distribution not in ['amazon']
     - k3s_redhat_repo_check.status == 200
   become: "{{ k3s_become_for_package_install | ternary(true, false, k3s_become_for_all) }}"
 
@@ -51,6 +51,6 @@
   args:
     creates: /etc/yum.repos.d/docker-ce.repo
   when:
-    - ansible_distribution | lower not in ['amazon']
+    - k3s_os_distribution not in ['amazon']
     - k3s_redhat_repo_check.status != 200
   become: "{{ k3s_become_for_package_install | ternary(true, false, k3s_become_for_all) }}"

tasks/state-installed.yml

@@ -19,13 +19,13 @@
 - name: Ensure docker installation tasks are run
   block:
 
-    - include_tasks: build/docker/{{ ansible_os_family | lower }}/install-prerequisites.yml
+    - include_tasks: build/docker/{{ k3s_os_family }}/install-prerequisites.yml
 
     - import_tasks: build/docker/install.yml
-      when: ansible_distribution | replace(" ", "-") | lower not in ['amazon', 'suse', 'opensuse-leap', 'archlinux']
+      when: k3s_os_distribution not in ['amazon', 'suse', 'opensuse-leap', 'archlinux']
 
-    - include_tasks: build/docker/{{ ansible_distribution | replace(" ", "-") | lower }}/install.yml
-      when: ansible_distribution | replace(" ", "-") | lower in ['amazon', 'suse', 'opensuse-leap', 'archlinux']
+    - include_tasks: build/docker/{{ k3s_os_distribution }}/install.yml
+      when: k3s_os_distribution in ['amazon', 'suse', 'opensuse-leap', 'archlinux']
 
   when:
     - ('docker' in k3s_runtime_config and k3s_runtime_config.docker)

tasks/state-uninstalled.yml

@@ -10,12 +10,12 @@
   block:
 
     - import_tasks: teardown/docker/uninstall.yml
-      when: ansible_distribution | replace(" ", "-") | lower not in ['amazon', 'suse', 'opensuse-leap', 'archlinux']
+      when: k3s_os_distribution not in ['amazon', 'suse', 'opensuse-leap', 'archlinux']
 
-    - include_tasks: teardown/docker/{{ ansible_distribution | replace(" ", "-") | lower }}/uninstall.yml
-      when: ansible_distribution | replace(" ", "-") | lower in ['amazon', 'suse', 'opensuse-leap', 'archlinux']
+    - include_tasks: teardown/docker/{{ k3s_os_distribution }}/uninstall.yml
+      when: k3s_os_distribution in ['amazon', 'suse', 'opensuse-leap', 'archlinux']
 
-    - include_tasks: teardown/docker/{{ ansible_os_family | lower }}/uninstall-prerequisites.yml
+    - include_tasks: teardown/docker/{{ k3s_os_family }}/uninstall-prerequisites.yml
 
   when:
     - ('docker' in k3s_runtime_config and k3s_runtime_config.docker)

tasks/teardown/docker/debian/uninstall-prerequisites.yml

@@ -3,13 +3,13 @@
 - name: Ensure Docker repository is uninstalled
   ansible.builtin.apt_repository:
     filename: docker-ce
-    repo: "deb https://download.docker.com/linux/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} stable"
+    repo: "deb https://download.docker.com/linux/{{ k3s_os_distribution }} {{ ansible_distribution_release }} stable"
     update_cache: false
     state: absent
   become: "{{ k3s_become_for_uninstall | ternary(true, false, k3s_become_for_all) }}"
 
 - name: Ensure Docker APT key is uninstalled
   ansible.builtin.apt_key:
-    url: https://download.docker.com/linux/{{ ansible_distribution | lower }}/gpg
+    url: https://download.docker.com/linux/{{ k3s_os_distribution }}/gpg
     state: absent
   become: "{{ k3s_become_for_uninstall | ternary(true, false, k3s_become_for_all) }}"

tasks/teardown/docker/redhat/uninstall-prerequisites.yml

@@ -4,10 +4,10 @@
   ansible.builtin.yum_repository:
     name: docker-ce
     description: Docker CE Repository
-    baseurl: https://download.docker.com/linux/{{ ansible_distribution | lower }}/{{ ansible_distribution_major_version }}/$basearch/stable
-    gpgkey: https://download.docker.com/linux/{{ ansible_distribution | lower }}/gpg
+    baseurl: https://download.docker.com/linux/{{ k3s_os_distribution }}/{{ ansible_distribution_major_version }}/$basearch/stable
+    gpgkey: https://download.docker.com/linux/{{ k3s_os_distribution }}/gpg
     enabled: false
     gpgcheck: true
     state: absent
-  when: ansible_distribution | lower not in ['amazon']
+  when: k3s_os_distribution not in ['amazon']
   become: "{{ k3s_become_for_uninstall | ternary(true, false, k3s_become_for_all) }}"

tasks/validate/configuration/unsupported-rootless.yml

@@ -50,7 +50,7 @@
   ansible.builtin.assert:
     that:
       - k3s_get_unprivileged_userns_clone['content'] | b64decode | int == 1
-      - k3s_get_max_user_namespaces['content'] | b64decode | int >= 28633
+      - ((k3s_get_max_user_namespaces['content'] | b64decode | int >= 28633) or (k3s_os_family != "redhat"))
       - k3s_current_user_subuid != "UserNotFound:0:0"
       - k3s_current_user_subgid != "UserNotFound:0:0"
       - k3s_current_user_subuid.split(':')[2] | int >= 65536

vars/main.yml

@@ -95,6 +95,7 @@ k3s_server_pod_manifests_dir: "{{ k3s_data_dir }}/agent/pod-manifests"
 k3s_os_distribution: "{{ ansible_distribution | replace(' ', '-') | lower }}"
 k3s_os_version: "{{ ansible_distribution_version | replace([' ', '.'], '-') | lower }}"
 k3s_os_distribution_version: "{{ k3s_os_distribution }}-{{ k3s_os_version }}"
+k3s_os_family: "{{ ansible_os_family | replace(' ', '-') | lower }}"
 
 # Packages that we need to check are installed
 k3s_check_packages: