From e90448f40bd9ffebcf5f32d1aff7d6f74660b81d Mon Sep 17 00:00:00 2001 From: Xan Manning Date: Sat, 24 Jul 2021 17:21:31 +0100 Subject: [PATCH 1/2] Updated systemd template to use token when joining a cluster --- defaults/main.yml | 2 +- tasks/build/configure-k3s-cluster.yml | 6 ++---- tasks/build/preconfigure-k3s.yml | 16 ++++++++-------- tasks/teardown/drain-and-remove-nodes.yml | 4 ++-- tasks/validate/environment/local/issue-data.yml | 6 +++--- templates/k3s.service.j2 | 4 +++- 6 files changed, 19 insertions(+), 19 deletions(-) diff --git a/defaults/main.yml b/defaults/main.yml index f205493..887e9cd 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -15,7 +15,7 @@ k3s_release_version: false # Loction of the k3s configuration file k3s_config_file: /etc/rancher/k3s/config.yaml -# When multiple ansible_play_hosts_all are present, attempt to cluster the nodes. +# When multiple ansible_play_hosts are present, attempt to cluster the nodes. # Using false will create multiple standalone nodes. # (default: true) k3s_build_cluster: true diff --git a/tasks/build/configure-k3s-cluster.yml b/tasks/build/configure-k3s-cluster.yml index 5e3ed0f..77e62c2 100644 --- a/tasks/build/configure-k3s-cluster.yml +++ b/tasks/build/configure-k3s-cluster.yml @@ -28,14 +28,12 @@ mode: 0755 become: "{{ k3s_become_for_systemd | ternary(true, false, k3s_become_for_all) }}" -- name: Ensure k3s cluster token file is present on workers and secondary control nodes +- name: Ensure k3s cluster token file is present ansible.builtin.template: src: cluster-token.j2 dest: "{{ k3s_token_location }}" mode: 0600 become: "{{ k3s_become_for_install_dir | ternary(true, false, k3s_become_for_all) }}" - when: (k3s_control_node and not k3s_primary_control_node) - or not k3s_control_node notify: - restart k3s @@ -69,7 +67,7 @@ - ensure_secondary_controllers_started is not succeeded - not ansible_check_mode until: ensure_secondary_controllers_started is succeeded - retries: "{{ ansible_play_hosts_all | length }}" + retries: "{{ ansible_play_hosts | length }}" delay: 5 when: - k3s_control_node diff --git a/tasks/build/preconfigure-k3s.yml b/tasks/build/preconfigure-k3s.yml index 68eaa1a..898e110 100644 --- a/tasks/build/preconfigure-k3s.yml +++ b/tasks/build/preconfigure-k3s.yml @@ -4,7 +4,7 @@ ansible.builtin.set_fact: k3s_build_cluster: false when: - - ansible_play_hosts_all | length < 2 + - ansible_play_hosts | length < 2 - k3s_registration_address is not defined - name: Ensure k3s control node fact is set @@ -22,21 +22,21 @@ k3s_control_plane_port: "{{ k3s_runtime_config['https-listen-port'] | default(6443) }}" delegate_to: k3s_primary_control_node -- name: Ensure a count of control nodes is generated from ansible_play_hosts_all +- name: Ensure a count of control nodes is generated from ansible_play_hosts ansible.builtin.set_fact: k3s_controller_list: "{{ k3s_controller_list + [ item ] }}" when: - hostvars[item].k3s_control_node is defined - hostvars[item].k3s_control_node - loop: "{{ ansible_play_hosts_all }}" + loop: "{{ ansible_play_hosts }}" -- name: Ensure a k3s control node is defined if none are found in ansible_play_hosts_all +- name: Ensure a k3s control node is defined if none are found in ansible_play_hosts block: - name: Set the control host ansible.builtin.set_fact: k3s_control_node: true - when: inventory_hostname == ansible_play_hosts_all[0] + when: inventory_hostname == ansible_play_hosts[0] - name: Ensure a count of control nodes is generated ansible.builtin.set_fact: @@ -44,14 +44,14 @@ when: - hostvars[item].k3s_control_node is defined - hostvars[item].k3s_control_node - loop: "{{ ansible_play_hosts_all }}" + loop: "{{ ansible_play_hosts }}" when: - k3s_controller_list | length < 1 - k3s_build_cluster is defined - k3s_build_cluster -- name: Ensure a primary k3s control node is defined if multiple are found in ansible_play_hosts_all +- name: Ensure a primary k3s control node is defined if multiple are found in ansible_play_hosts ansible.builtin.set_fact: k3s_primary_control_node: true when: @@ -65,7 +65,7 @@ ansible.builtin.blockinfile: path: /tmp/inventory.txt block: | - {% for host in ansible_play_hosts_all %} + {% for host in ansible_play_hosts %} {% filter replace('\n', ' ') %} {{ host }} @@@ diff --git a/tasks/teardown/drain-and-remove-nodes.yml b/tasks/teardown/drain-and-remove-nodes.yml index 8657e5a..874c00e 100644 --- a/tasks/teardown/drain-and-remove-nodes.yml +++ b/tasks/teardown/drain-and-remove-nodes.yml @@ -33,7 +33,7 @@ - item in kubectl_get_nodes_result.stdout - hostvars[item].k3s_state is defined - hostvars[item].k3s_state == 'uninstalled' - loop: "{{ ansible_play_hosts_all }}" + loop: "{{ ansible_play_hosts }}" become: "{{ k3s_become_for_kubectl | ternary(true, false, k3s_become_for_all) }}" - name: Ensure uninstalled nodes are removed @@ -46,7 +46,7 @@ - item in kubectl_get_nodes_result.stdout - hostvars[item].k3s_state is defined - hostvars[item].k3s_state == 'uninstalled' - loop: "{{ ansible_play_hosts_all }}" + loop: "{{ ansible_play_hosts }}" become: "{{ k3s_become_for_kubectl | ternary(true, false, k3s_become_for_all) }}" when: diff --git a/tasks/validate/environment/local/issue-data.yml b/tasks/validate/environment/local/issue-data.yml index fa214b1..7493875 100644 --- a/tasks/validate/environment/local/issue-data.yml +++ b/tasks/validate/environment/local/issue-data.yml @@ -50,11 +50,11 @@ # End ANSIBLE ROLES # Begin PLAY HOSTS - {{ ansible_play_hosts_all | to_json }} + {{ ansible_play_hosts | to_json }} # End PLAY HOSTS # Begin K3S ROLE CONFIG - {% for host in ansible_play_hosts_all %} + {% for host in ansible_play_hosts %} ## {{ host }} {% for config_key in hostvars[host] %} {% if config_key | regex_search('^k3s_') %} @@ -66,7 +66,7 @@ # End K3S ROLE CONFIG # Begin K3S RUNTIME CONFIG - {% for host in ansible_play_hosts_all %} + {% for host in ansible_play_hosts %} ## {{ host }} {% if hostvars[host].k3s_runtime_config is defined %} {{ hostvars[host].k3s_runtime_config }} diff --git a/templates/k3s.service.j2 b/templates/k3s.service.j2 index add8bca..05e4719 100644 --- a/templates/k3s.service.j2 +++ b/templates/k3s.service.j2 @@ -30,11 +30,13 @@ ExecStart={{ k3s_install_dir }}/k3s server {% if (k3s_etcd_datastore is defined and k3s_etcd_datastore) and (k3s_primary_control_node is not defined or not k3s_primary_control_node) and k3s_controller_list | length > 1 %} --server https://{{ k3s_registration_address }}:{{ k3s_control_plane_port | default(6443) | string }} - --token-file {{ k3s_token_location }} {% endif %} {% if k3s_server is defined %} --config {{ k3s_config_file }} {% endif %} + {% if k3s_control_node and not k3s_primary_control_node %} + --token-file {{ k3s_token_location }} + {% endif %} {% else %} agent --server https://{{ k3s_registration_address }}:{{ k3s_control_plane_port | default(6443) | string }} From ba113bcd0574b72152ea169fe33fd6da180c8952 Mon Sep 17 00:00:00 2001 From: Xan Manning Date: Sat, 24 Jul 2021 17:38:45 +0100 Subject: [PATCH 2/2] Fix primary control node delegation --- tasks/build/preconfigure-k3s.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/tasks/build/preconfigure-k3s.yml b/tasks/build/preconfigure-k3s.yml index 898e110..ec25125 100644 --- a/tasks/build/preconfigure-k3s.yml +++ b/tasks/build/preconfigure-k3s.yml @@ -9,12 +9,12 @@ - name: Ensure k3s control node fact is set ansible.builtin.set_fact: - k3s_control_node: "{{ false if k3s_build_cluster else true }}" + k3s_control_node: "{{ not k3s_build_cluster }}" when: k3s_control_node is not defined - name: Ensure k3s primary control node fact is set ansible.builtin.set_fact: - k3s_primary_control_node: "{{ false if k3s_build_cluster else true }}" + k3s_primary_control_node: "{{ not k3s_build_cluster }}" when: k3s_primary_control_node is not defined - name: Ensure k3s control plane port is captured @@ -56,7 +56,6 @@ k3s_primary_control_node: true when: - k3s_controller_list is defined - - k3s_controller_list | length > 1 - inventory_hostname == k3s_controller_list[0] - k3s_build_cluster is defined - k3s_build_cluster