From 7e4a16e16795227975ad5de2341417530ff4a9e2 Mon Sep 17 00:00:00 2001 From: Xan Manning Date: Tue, 16 Feb 2021 15:46:01 +0000 Subject: [PATCH] Pre-documentation work - Restructured when and asserts - Standardise molecule call, add systemd config --- .ansible-lint | 2 +- README.md | 18 +++++++- defaults/main.yml | 21 ++++++++-- molecule/autodeploy/converge.yml | 2 +- molecule/autodeploy/molecule.yml | 2 +- molecule/debug/molecule.yml | 2 +- molecule/default/converge.yml | 2 +- molecule/default/molecule.yml | 2 +- molecule/default/playbook-download.yml | 2 +- molecule/default/playbook-restart-cluster.yml | 2 +- molecule/default/playbook-rootless.yml | 2 +- molecule/default/playbook-standalone.yml | 2 +- molecule/default/playbook-start-cluster.yml | 2 +- molecule/default/playbook-stop-cluster.yml | 2 +- .../default/playbook-uninstall-cluster.yml | 2 +- molecule/docker/converge.yml | 2 +- molecule/docker/molecule.yml | 2 +- molecule/highavailabilitydb/converge.yml | 2 +- molecule/highavailabilitydb/molecule.yml | 2 +- molecule/highavailabilityetcd/converge.yml | 2 +- molecule/highavailabilityetcd/molecule.yml | 2 +- molecule/nodeploy/converge.yml | 2 +- molecule/nodeploy/molecule.yml | 2 +- tasks/build/configure-k3s-cluster.yml | 8 +++- .../docker/redhat/install-prerequisites.yml | 10 +++-- tasks/build/get-systemd-context.yml | 7 ++-- tasks/build/get-version.yml | 9 ++-- tasks/build/install-k3s-directories.yml | 7 ++-- tasks/build/install-k3s-node.yml | 12 +++--- tasks/build/install-k3s.yml | 6 ++- tasks/build/preconfigure-k3s.yml | 41 +++++++++++-------- tasks/operate/start-k3s.yml | 4 +- tasks/operate/stop-k3s.yml | 4 +- tasks/state-installed.yml | 16 +++++--- tasks/state-uninstalled.yml | 5 ++- tasks/teardown/drain-and-remove-nodes.yml | 23 ++++++----- tasks/teardown/uninstall-k3s.yml | 10 +++-- .../configuration/control-node-count.yml | 31 +++++++------- .../configuration/experimental-variables.yml | 13 +++--- .../configuration/unsupported-rootless.yml | 5 ++- tasks/validate/configuration/variables.yml | 12 +++--- tasks/validate/environment/local/packages.yml | 4 +- .../validate/environment/remote/packages.yml | 9 ++-- tasks/validate/main.yml | 9 ++-- tasks/validate/pre-flight.yml | 14 ++++--- tasks/validate/state/nodes.yml | 14 ++++--- tasks/validate/state/uninstalled.yml | 12 ++++-- templates/k3s.service.j2 | 12 ++++++ 48 files changed, 241 insertions(+), 137 deletions(-) diff --git a/.ansible-lint b/.ansible-lint index 02a3822..3213376 100644 --- a/.ansible-lint +++ b/.ansible-lint @@ -1,4 +1,4 @@ --- skip_list: - - '106' + - role-name diff --git a/README.md b/README.md index 6265c38..fd3ced3 100644 --- a/README.md +++ b/README.md @@ -71,13 +71,29 @@ consistency. These are generally cluster-level configuration. | `k3s_github_url` | Set the GitHub URL to install k3s from. | https://github.com/k3s-io/k3s | | `k3s_install_dir` | Installation directory for k3s. | `/usr/local/bin` | | `k3s_install_hard_links` | Install using hard links rather than symbolic links. | `false` | -| `k3s_start_on_boot` | Start k3s on boot. | `true` | | `k3s_server_manifests_templates` | A list of Auto-Deploying Manifests Templates. | [] | | `k3s_use_experimental` | Allow the use of experimental features in k3s. | `false` | | `k3s_use_unsupported_config` | Allow the use of unsupported configurations in k3s. | `false` | | `k3s_etcd_datastore` | Enable etcd embedded datastore (read notes below). | `false` | | `k3s_debug` | Enable debug logging on the k3s service. | `false` | +### K3S Service Configuration + +The below variables change how and when the systemd service unit file for K3S +is run. Use this with caution, please refer to the [systemd documentation](https://www.freedesktop.org/software/systemd/man/systemd.unit.html#%5BUnit%5D%20Section%20Options) +for more information. + +| Variable | Description | Default Value | +|------------------------|----------------------------------------------------------------|---------------| +| `k3s_start_on_boot` | Start k3s on boot. | `true` | +| `k3s_service_requires` | List of required systemd units to k3s service unit. | [] | +| `k3s_service_wants` | List of "wanted" systemd unit to k3s (weaker than "requires"). | []\* | +| `k3s_service_before` | Start k3s before a defined list of systemd units. | [] | +| `k3s_service_after` | Start k3s after a defined list of systemd units. | []\* | + +\* The systemd unit template **always** specifies `network-online.target` for +`wants` and `after`. + ### Group/Host Variables Below are variables that are set against individual or groups of play hosts. diff --git a/defaults/main.yml b/defaults/main.yml index 0e55fb1..b599ee8 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -35,9 +35,6 @@ k3s_install_dir: /usr/local/bin # Install using hard links rather than symbolic links k3s_install_hard_links: false -# Start k3s on system boot -k3s_start_on_boot: true - # A list of templates used for preconfigure the cluster. k3s_server_manifests_templates: [] @@ -50,6 +47,24 @@ k3s_use_unsupported_config: false # Enable etcd embedded datastore k3s_etcd_datastore: false +## +# Systemd config +## + +# Start k3s on system boot +k3s_start_on_boot: true + +# List of required systemd units to k3s service unit. +k3s_service_requires: [] + +# List of "wanted" systemd unit to k3s (weaker than "requires"). +k3s_service_wants: [] + +# Start k3s before a defined list of systemd units. +k3s_service_before: [] + +# Start k3s after a defined list of systemd units. +k3s_service_after: [] ## # Server Configuration diff --git a/molecule/autodeploy/converge.yml b/molecule/autodeploy/converge.yml index 1616ee2..3418dd0 100644 --- a/molecule/autodeploy/converge.yml +++ b/molecule/autodeploy/converge.yml @@ -13,4 +13,4 @@ k3s_server_manifests_templates: - "molecule/autodeploy/templates/00-ns-monitoring.yml.j2" roles: - - role: xanmanning.k3s + - role: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') | basename }}" diff --git a/molecule/autodeploy/molecule.yml b/molecule/autodeploy/molecule.yml index a80cf69..ecd9981 100644 --- a/molecule/autodeploy/molecule.yml +++ b/molecule/autodeploy/molecule.yml @@ -7,7 +7,7 @@ driver: lint: | set -e yamllint -s . - ansible-lint + ansible-lint --exclude molecule/ platforms: - name: node1 image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos8}-ansible:latest" diff --git a/molecule/debug/molecule.yml b/molecule/debug/molecule.yml index a80cf69..ecd9981 100644 --- a/molecule/debug/molecule.yml +++ b/molecule/debug/molecule.yml @@ -7,7 +7,7 @@ driver: lint: | set -e yamllint -s . - ansible-lint + ansible-lint --exclude molecule/ platforms: - name: node1 image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos8}-ansible:latest" diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml index aa6404d..3bf3a36 100644 --- a/molecule/default/converge.yml +++ b/molecule/default/converge.yml @@ -6,4 +6,4 @@ molecule_is_test: true k3s_install_hard_links: true roles: - - role: xanmanning.k3s + - role: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') | basename }}" diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index a80cf69..ecd9981 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -7,7 +7,7 @@ driver: lint: | set -e yamllint -s . - ansible-lint + ansible-lint --exclude molecule/ platforms: - name: node1 image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos8}-ansible:latest" diff --git a/molecule/default/playbook-download.yml b/molecule/default/playbook-download.yml index cba09e5..4635022 100644 --- a/molecule/default/playbook-download.yml +++ b/molecule/default/playbook-download.yml @@ -6,4 +6,4 @@ molecule_is_test: true k3s_state: downloaded roles: - - role: xanmanning.k3s + - role: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') | basename }}" diff --git a/molecule/default/playbook-restart-cluster.yml b/molecule/default/playbook-restart-cluster.yml index 45e9a84..33d06e8 100644 --- a/molecule/default/playbook-restart-cluster.yml +++ b/molecule/default/playbook-restart-cluster.yml @@ -6,4 +6,4 @@ molecule_is_test: true k3s_state: restarted roles: - - role: xanmanning.k3s + - role: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') | basename }}" diff --git a/molecule/default/playbook-rootless.yml b/molecule/default/playbook-rootless.yml index b5f1cf4..5c0af5b 100644 --- a/molecule/default/playbook-rootless.yml +++ b/molecule/default/playbook-rootless.yml @@ -12,4 +12,4 @@ rootless: true k3s_install_dir: "/home/{{ ansible_user_id }}/bin" roles: - - role: xanmanning.k3s + - role: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') | basename }}" diff --git a/molecule/default/playbook-standalone.yml b/molecule/default/playbook-standalone.yml index a7ed01f..86938ed 100644 --- a/molecule/default/playbook-standalone.yml +++ b/molecule/default/playbook-standalone.yml @@ -6,4 +6,4 @@ molecule_is_test: true k3s_build_cluster: false roles: - - role: xanmanning.k3s + - role: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') | basename }}" diff --git a/molecule/default/playbook-start-cluster.yml b/molecule/default/playbook-start-cluster.yml index 4640ade..3c31263 100644 --- a/molecule/default/playbook-start-cluster.yml +++ b/molecule/default/playbook-start-cluster.yml @@ -6,4 +6,4 @@ molecule_is_test: true k3s_state: started roles: - - role: xanmanning.k3s + - role: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') | basename }}" diff --git a/molecule/default/playbook-stop-cluster.yml b/molecule/default/playbook-stop-cluster.yml index 01656f0..e736c12 100644 --- a/molecule/default/playbook-stop-cluster.yml +++ b/molecule/default/playbook-stop-cluster.yml @@ -6,4 +6,4 @@ molecule_is_test: true k3s_state: stopped roles: - - role: xanmanning.k3s + - role: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') | basename }}" diff --git a/molecule/default/playbook-uninstall-cluster.yml b/molecule/default/playbook-uninstall-cluster.yml index db30483..c84ec57 100644 --- a/molecule/default/playbook-uninstall-cluster.yml +++ b/molecule/default/playbook-uninstall-cluster.yml @@ -6,4 +6,4 @@ molecule_is_test: true k3s_state: uninstalled roles: - - role: xanmanning.k3s + - role: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') | basename }}" diff --git a/molecule/docker/converge.yml b/molecule/docker/converge.yml index 529f932..917ecbb 100644 --- a/molecule/docker/converge.yml +++ b/molecule/docker/converge.yml @@ -10,4 +10,4 @@ k3s_agent: docker: true roles: - - role: xanmanning.k3s + - role: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') | basename }}" diff --git a/molecule/docker/molecule.yml b/molecule/docker/molecule.yml index 85427b3..0262e2f 100644 --- a/molecule/docker/molecule.yml +++ b/molecule/docker/molecule.yml @@ -7,7 +7,7 @@ driver: lint: | set -e yamllint -s . - ansible-lint + ansible-lint --exclude molecule/ platforms: - name: node1 image: "${MOLECULE_DISTRO:-geerlingguy/docker-ubuntu2004-ansible:latest}" diff --git a/molecule/highavailabilitydb/converge.yml b/molecule/highavailabilitydb/converge.yml index 3cc7ff8..45fa9ce 100644 --- a/molecule/highavailabilitydb/converge.yml +++ b/molecule/highavailabilitydb/converge.yml @@ -14,4 +14,4 @@ k3s_control_node: true when: inventory_hostname in ['node2', 'node3'] roles: - - role: xanmanning.k3s + - role: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') | basename }}" diff --git a/molecule/highavailabilitydb/molecule.yml b/molecule/highavailabilitydb/molecule.yml index 7c16a30..d388fca 100644 --- a/molecule/highavailabilitydb/molecule.yml +++ b/molecule/highavailabilitydb/molecule.yml @@ -7,7 +7,7 @@ driver: lint: | set -e yamllint -s . - ansible-lint + ansible-lint --exclude molecule/ platforms: - name: node1 image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos8}-ansible:latest" diff --git a/molecule/highavailabilityetcd/converge.yml b/molecule/highavailabilityetcd/converge.yml index 8a6d5b2..ce2f302 100644 --- a/molecule/highavailabilityetcd/converge.yml +++ b/molecule/highavailabilityetcd/converge.yml @@ -14,4 +14,4 @@ ansible.builtin.set_fact: k3s_control_node: true roles: - - role: xanmanning.k3s + - role: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') | basename }}" diff --git a/molecule/highavailabilityetcd/molecule.yml b/molecule/highavailabilityetcd/molecule.yml index 7d51c00..1c59702 100644 --- a/molecule/highavailabilityetcd/molecule.yml +++ b/molecule/highavailabilityetcd/molecule.yml @@ -7,7 +7,7 @@ driver: lint: | set -e yamllint -s . - ansible-lint + ansible-lint --exclude molecule/ platforms: - name: node1 image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos8}-ansible:latest" diff --git a/molecule/nodeploy/converge.yml b/molecule/nodeploy/converge.yml index 954e451..831fec7 100644 --- a/molecule/nodeploy/converge.yml +++ b/molecule/nodeploy/converge.yml @@ -7,4 +7,4 @@ k3s_server: "{{ lookup('file', 'k3s_server.yml') | from_yaml }}" k3s_agent: "{{ lookup('file', 'k3s_agent.yml') | from_yaml }}" roles: - - role: xanmanning.k3s + - role: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') | basename }}" diff --git a/molecule/nodeploy/molecule.yml b/molecule/nodeploy/molecule.yml index a80cf69..ecd9981 100644 --- a/molecule/nodeploy/molecule.yml +++ b/molecule/nodeploy/molecule.yml @@ -7,7 +7,7 @@ driver: lint: | set -e yamllint -s . - ansible-lint + ansible-lint --exclude molecule/ platforms: - name: node1 image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos8}-ansible:latest" diff --git a/tasks/build/configure-k3s-cluster.yml b/tasks/build/configure-k3s-cluster.yml index a4f2023..fa9b995 100644 --- a/tasks/build/configure-k3s-cluster.yml +++ b/tasks/build/configure-k3s-cluster.yml @@ -5,7 +5,9 @@ path: "{{ k3s_runtime_config['data-dir'] | default(k3s_data_dir) }}/server/token" register: k3s_slurped_cluster_token delegate_to: "{{ k3s_control_delegate }}" - when: k3s_control_token is not defined and not ansible_check_mode + when: + - k3s_control_token is not defined + - not ansible_check_mode become: "{{ k3s_become_for_kubectl | ternary(true, false, k3s_become_for_all) }}" - name: Ensure cluster token is formatted correctly for use in templates @@ -66,7 +68,9 @@ until: ensure_secondary_controllers_started is succeeded retries: "{{ ansible_play_hosts_all | length }}" delay: 5 - when: k3s_control_node and not k3s_primary_control_node + when: + - k3s_control_node + - not k3s_primary_control_node become: "{{ k3s_become_for_systemd | ternary(true, false, k3s_become_for_all) }}" - import_tasks: ../validate/state/control-plane.yml diff --git a/tasks/build/docker/redhat/install-prerequisites.yml b/tasks/build/docker/redhat/install-prerequisites.yml index b38c092..a266d0a 100644 --- a/tasks/build/docker/redhat/install-prerequisites.yml +++ b/tasks/build/docker/redhat/install-prerequisites.yml @@ -40,14 +40,16 @@ enabled: true gpgcheck: true state: present - when: ansible_distribution | lower not in ['amazon'] - and k3s_redhat_repo_check.status == 200 + when: + - ansible_distribution | lower not in ['amazon'] + - k3s_redhat_repo_check.status == 200 become: "{{ k3s_become_for_package_install | ternary(true, false, k3s_become_for_all) }}" - name: Ensure Docker repository is installed and configured from file ansible.builtin.command: yum-config-manager --add-repo=https://download.docker.com/linux/centos/docker-ce.repo args: creates: /etc/yum.repos.d/docker-ce.repo - when: ansible_distribution | lower not in ['amazon'] - and k3s_redhat_repo_check.status != 200 + when: + - ansible_distribution | lower not in ['amazon'] + - k3s_redhat_repo_check.status != 200 become: "{{ k3s_become_for_package_install | ternary(true, false, k3s_become_for_all) }}" diff --git a/tasks/build/get-systemd-context.yml b/tasks/build/get-systemd-context.yml index f3b6930..5d4c435 100644 --- a/tasks/build/get-systemd-context.yml +++ b/tasks/build/get-systemd-context.yml @@ -4,6 +4,7 @@ ansible.builtin.set_fact: k3s_systemd_context: user k3s_systemd_unit_dir: "{{ ansible_user_dir }}/.config/systemd/user" - when: k3s_runtime_config is defined - and "rootless" in k3s_runtime_config - and k3s_runtime_config.rootless + when: + - k3s_runtime_config is defined + - k3s_runtime_config.rootless is defined + - k3s_runtime_config.rootless diff --git a/tasks/build/get-version.yml b/tasks/build/get-version.yml index b04caf0..30dcd53 100644 --- a/tasks/build/get-version.yml +++ b/tasks/build/get-version.yml @@ -4,7 +4,9 @@ ansible.builtin.set_fact: k3s_release_version: "{{ k3s_release_channel }}" check_mode: false - when: k3s_release_version is defined and not k3s_release_version + when: + - k3s_release_version is defined + - not k3s_release_version - name: Ensure the default release channel is set ansible.builtin.set_fact: @@ -24,5 +26,6 @@ k3s_release_version: "{{ item.latest }}" loop: "{{ k3s_latest_release.json.data }}" check_mode: false - when: item.name == k3s_release_channel - and item.type == "channel" + when: + - item.name == k3s_release_channel + - item.type == "channel" diff --git a/tasks/build/install-k3s-directories.yml b/tasks/build/install-k3s-directories.yml index e821270..d2ed757 100644 --- a/tasks/build/install-k3s-directories.yml +++ b/tasks/build/install-k3s-directories.yml @@ -6,6 +6,7 @@ state: directory mode: "{{ directory.mode | default(0755) }}" become: "{{ k3s_become_for_directory_creation | ternary(true, false, k3s_become_for_all) }}" - when: directory.path is defined - and directory.path | length > 0 - and directory.path != omit + when: + - directory.path is defined + - directory.path | length > 0 + - directory.path != omit diff --git a/tasks/build/install-k3s-node.yml b/tasks/build/install-k3s-node.yml index 068085c..a303c2e 100644 --- a/tasks/build/install-k3s-node.yml +++ b/tasks/build/install-k3s-node.yml @@ -43,9 +43,9 @@ dest: "/usr/local/bin/k3s-killall.sh" mode: 0700 become: "{{ k3s_become_for_usr_local_bin | ternary(true, false, k3s_become_for_all) }}" - when: k3s_runtime_config is defined - and ("rootless" not in k3s_runtime_config - or not k3s_runtime_config.rootless) + when: + - k3s_runtime_config is defined + - ("rootless" not in k3s_runtime_config or not k3s_runtime_config.rootless) - name: Ensure k3s uninstall script is present ansible.builtin.template: @@ -53,6 +53,6 @@ dest: "/usr/local/bin/k3s-uninstall.sh" mode: 0700 become: "{{ k3s_become_for_usr_local_bin | ternary(true, false, k3s_become_for_all) }}" - when: k3s_runtime_config is defined - and ("rootless" not in k3s_runtime_config - or not k3s_runtime_config.rootless) + when: + - k3s_runtime_config is defined + - ("rootless" not in k3s_runtime_config or not k3s_runtime_config.rootless) diff --git a/tasks/build/install-k3s.yml b/tasks/build/install-k3s.yml index 7c90e1f..7cd0fab 100644 --- a/tasks/build/install-k3s.yml +++ b/tasks/build/install-k3s.yml @@ -6,8 +6,10 @@ loop_var: directory - include_tasks: install-k3s-node.yml - when: ((k3s_control_node and k3s_controller_list | length == 1) - or (k3s_primary_control_node and k3s_controller_list | length > 1)) and not ansible_check_mode + when: + - ((k3s_control_node and k3s_controller_list | length == 1) + or (k3s_primary_control_node and k3s_controller_list | length > 1)) + - not ansible_check_mode - meta: flush_handlers diff --git a/tasks/build/preconfigure-k3s.yml b/tasks/build/preconfigure-k3s.yml index f51a265..2d3556a 100644 --- a/tasks/build/preconfigure-k3s.yml +++ b/tasks/build/preconfigure-k3s.yml @@ -3,8 +3,9 @@ - name: Ensure k3s_build_cluster is false if running against a single node. ansible.builtin.set_fact: k3s_build_cluster: false - when: ansible_play_hosts_all | length < 2 - and k3s_control_node_address is not defined + when: + - ansible_play_hosts_all | length < 2 + - k3s_control_node_address is not defined - name: Ensure k3s control node fact is set ansible.builtin.set_fact: @@ -24,8 +25,9 @@ - name: Ensure a count of control nodes is generated ansible.builtin.set_fact: k3s_controller_list: "{{ k3s_controller_list + [ item ] }}" - when: hostvars[item].k3s_control_node is defined - and hostvars[item].k3s_control_node + when: + - hostvars[item].k3s_control_node is defined + - hostvars[item].k3s_control_node loop: "{{ ansible_play_hosts_all }}" - name: Ensure a k3s control node is defined if none are found in ansible_play_hosts_all @@ -39,20 +41,25 @@ - name: Ensure a count of control nodes is generated ansible.builtin.set_fact: k3s_controller_list: "{{ k3s_controller_list + [ item ] }}" - when: hostvars[item].k3s_control_node is defined - and hostvars[item].k3s_control_node + when: + - hostvars[item].k3s_control_node is defined + - hostvars[item].k3s_control_node loop: "{{ ansible_play_hosts_all }}" - when: k3s_controller_list | length < 1 - and k3s_build_cluster is defined and k3s_build_cluster + when: + - k3s_controller_list | length < 1 + - k3s_build_cluster is defined + - k3s_build_cluster - name: Ensure a primary k3s control node is defined if multiple are found in ansible_play_hosts_all ansible.builtin.set_fact: k3s_primary_control_node: true - when: k3s_controller_list is defined - and k3s_controller_list | length > 1 - and inventory_hostname == k3s_controller_list[0] - and k3s_build_cluster is defined and k3s_build_cluster + when: + - k3s_controller_list is defined + - k3s_controller_list | length > 1 + - inventory_hostname == k3s_controller_list[0] + - k3s_build_cluster is defined + - k3s_build_cluster - name: Ensure ansible_host is mapped to inventory_hostname ansible.builtin.lineinfile: @@ -98,11 +105,13 @@ - name: Ensure k3s_runtime_config is set for control plane ansible.builtin.set_fact: k3s_runtime_config: "{{ (k3s_server | default({})) | combine((k3s_agent | default({}))) }}" - when: (k3s_server is defined or k3s_agent is defined) - and (k3s_control_node is defined and k3s_control_node) + when: + - (k3s_server is defined or k3s_agent is defined) + - (k3s_control_node is defined and k3s_control_node) - name: Ensure k3s_runtime_config is set for agents ansible.builtin.set_fact: k3s_runtime_config: "{{ (k3s_agent | default({})) }}" - when: k3s_agent is defined - and (k3s_control_node is not defined or not k3s_control_node) + when: + - k3s_agent is defined + - (k3s_control_node is not defined or not k3s_control_node) diff --git a/tasks/operate/start-k3s.yml b/tasks/operate/start-k3s.yml index 9f56c0f..f393d5b 100644 --- a/tasks/operate/start-k3s.yml +++ b/tasks/operate/start-k3s.yml @@ -14,5 +14,7 @@ state: started enabled: "{{ k3s_start_on_boot }}" scope: user - when: k3s_non_root is defined and k3s_non_root + when: + - k3s_non_root is defined + - k3s_non_root become: "{{ k3s_become_for_systemd | ternary(true, false, k3s_become_for_all) }}" diff --git a/tasks/operate/stop-k3s.yml b/tasks/operate/stop-k3s.yml index de76ff1..d1c97d9 100644 --- a/tasks/operate/stop-k3s.yml +++ b/tasks/operate/stop-k3s.yml @@ -14,5 +14,7 @@ state: stopped enabled: "{{ k3s_start_on_boot }}" scope: user - when: k3s_non_root is defined and k3s_non_root + when: + - k3s_non_root is defined + - k3s_non_root become: "{{ k3s_become_for_systemd | ternary(true, false, k3s_become_for_all) }}" diff --git a/tasks/state-installed.yml b/tasks/state-installed.yml index 9c6bffa..9c4f821 100644 --- a/tasks/state-installed.yml +++ b/tasks/state-installed.yml @@ -25,19 +25,23 @@ - include_tasks: build/docker/{{ ansible_distribution | replace(" ", "-") | lower }}/install.yml when: ansible_distribution | replace(" ", "-") | lower in ['amazon', 'suse', 'opensuse-leap', 'archlinux'] - when: ('docker' in k3s_runtime_config and k3s_runtime_config.docker) - and ('rootless' not in k3s_runtime_config or not k3s_runtime_config.rootless) + when: + - ('docker' in k3s_runtime_config and k3s_runtime_config.docker) + - ('rootless' not in k3s_runtime_config or not k3s_runtime_config.rootless) - meta: flush_handlers - import_tasks: build/download-k3s.yml - import_tasks: build/preconfigure-k3s-auto-deploying-manifests.yml - when: k3s_control_node - and k3s_server_manifests_templates | length > 0 + when: + - k3s_control_node + - k3s_server_manifests_templates | length > 0 - import_tasks: build/install-k3s.yml - import_tasks: build/configure-k3s-cluster.yml - when: k3s_build_cluster is defined and k3s_build_cluster - and k3s_control_node_address is defined + when: + - k3s_build_cluster is defined + - k3s_build_cluster + - k3s_control_node_address is defined diff --git a/tasks/state-uninstalled.yml b/tasks/state-uninstalled.yml index 6ac4bc6..d96315f 100644 --- a/tasks/state-uninstalled.yml +++ b/tasks/state-uninstalled.yml @@ -17,8 +17,9 @@ - include_tasks: teardown/docker/{{ ansible_os_family | lower }}/uninstall-prerequisites.yml - when: ('docker' in k3s_runtime_config and k3s_runtime_config.docker) - and ('rootless' not in k3s_runtime_config or not k3s_runtime_config.rootless) + when: + - ('docker' in k3s_runtime_config and k3s_runtime_config.docker) + - ('rootless' not in k3s_runtime_config or not k3s_runtime_config.rootless) - import_tasks: validate/state/uninstalled.yml when: not k3s_skip_validation diff --git a/tasks/teardown/drain-and-remove-nodes.yml b/tasks/teardown/drain-and-remove-nodes.yml index c4162e9..2f92255 100644 --- a/tasks/teardown/drain-and-remove-nodes.yml +++ b/tasks/teardown/drain-and-remove-nodes.yml @@ -22,9 +22,10 @@ ansible.builtin.command: "{{ k3s_install_dir }}/kubectl drain {{ item }} --ignore-daemonsets --delete-local-data" delegate_to: "{{ k3s_control_delegate }}" run_once: true - when: item in kubectl_get_nodes_result.stdout - and hostvars[item].k3s_state is defined - and hostvars[item].k3s_state == 'uninstalled' + when: + - item in kubectl_get_nodes_result.stdout + - hostvars[item].k3s_state is defined + - hostvars[item].k3s_state == 'uninstalled' loop: "{{ ansible_play_hosts_all }}" become: "{{ k3s_become_for_kubectl | ternary(true, false, k3s_become_for_all) }}" @@ -32,13 +33,15 @@ ansible.builtin.command: "{{ k3s_install_dir }}/kubectl delete node {{ item }}" delegate_to: "{{ k3s_control_delegate }}" run_once: true - when: item in kubectl_get_nodes_result.stdout - and hostvars[item].k3s_state is defined - and hostvars[item].k3s_state == 'uninstalled' + when: + - item in kubectl_get_nodes_result.stdout + - hostvars[item].k3s_state is defined + - hostvars[item].k3s_state == 'uninstalled' loop: "{{ ansible_play_hosts_all }}" become: "{{ k3s_become_for_kubectl | ternary(true, false, k3s_become_for_all) }}" - when: k3s_check_kubectl.stat.exists is defined - and k3s_check_kubectl.stat.exists - and k3s_control_delegate is defined - and not ansible_check_mode + when: + - k3s_check_kubectl.stat.exists is defined + - k3s_check_kubectl.stat.exists + - k3s_control_delegate is defined + - not ansible_check_mode diff --git a/tasks/teardown/uninstall-k3s.yml b/tasks/teardown/uninstall-k3s.yml index 0ac68e8..b4bdeb2 100644 --- a/tasks/teardown/uninstall-k3s.yml +++ b/tasks/teardown/uninstall-k3s.yml @@ -40,11 +40,13 @@ - kubectl - crictl - ctr - when: k3s_install_hard_links - and not ansible_check_mode + when: + - k3s_install_hard_links + - not ansible_check_mode become: "{{ k3s_become_for_uninstall | ternary(true, false, k3s_become_for_all) }}" - name: Clean up Docker ansible.builtin.command: docker system prune -a --force - when: ("docker" in k3s_runtime_config and k3s_runtime_config.docker) - and check_k3s_docker_path.rc == 0 + when: + - ("docker" in k3s_runtime_config and k3s_runtime_config.docker) + - check_k3s_docker_path.rc == 0 diff --git a/tasks/validate/configuration/control-node-count.yml b/tasks/validate/configuration/control-node-count.yml index 7851bea..8eaf18f 100644 --- a/tasks/validate/configuration/control-node-count.yml +++ b/tasks/validate/configuration/control-node-count.yml @@ -4,33 +4,36 @@ ansible.builtin.assert: that: - (k3s_controller_list | length == 1) - and ("datastore-endpoint" not in k3s_runtime_config or not k3s_runtime_config['datastore-endpoint']) - and (k3s_etcd_datastore is not defined or not k3s_etcd_datastore) + - ("datastore-endpoint" not in k3s_runtime_config or not k3s_runtime_config['datastore-endpoint']) + - (k3s_etcd_datastore is not defined or not k3s_etcd_datastore) success_msg: "Control plane configuration is valid." fail_msg: "Control plane configuration is invalid. Please see notes about k3s_control_node and HA in README.md." - when: k3s_controller_list | length == 1 - and not k3s_use_unsupported_config - and k3s_control_node + when: + - k3s_controller_list | length == 1 + - not k3s_use_unsupported_config + - k3s_control_node - name: Check the conditions when multiple controllers are defined ansible.builtin.assert: that: - (k3s_controller_list | length >= 2) - and (("datastore-endpoint" in k3s_runtime_config and k3s_runtime_config['datastore-endpoint']) - or (k3s_etcd_datastore is defined and k3s_etcd_datastore)) + - (("datastore-endpoint" in k3s_runtime_config and k3s_runtime_config['datastore-endpoint']) + or (k3s_etcd_datastore is defined and k3s_etcd_datastore)) success_msg: "Control plane configuration is valid." fail_msg: "Control plane configuration is invalid. Please see notes about k3s_control_node and HA in README.md." - when: k3s_controller_list | length >= 2 - and k3s_control_node + when: + - k3s_controller_list | length >= 2 + - k3s_control_node - name: Check the conditions when embedded etcd is defined ansible.builtin.assert: that: - (k3s_controller_list | length >= 3) - and (((k3s_controller_list | length) % 2) == 1) + - (((k3s_controller_list | length) % 2) == 1) success_msg: "Control plane configuration is valid." fail_msg: "Etcd should have a minimum of 3 defined members and the number of members should be odd. Please see notes about HA in README.md" - when: k3s_etcd_datastore is defined - and k3s_etcd_datastore - and not k3s_use_unsupported_config - and k3s_control_node + when: + - k3s_etcd_datastore is defined + - k3s_etcd_datastore + - not k3s_use_unsupported_config + - k3s_control_node diff --git a/tasks/validate/configuration/experimental-variables.yml b/tasks/validate/configuration/experimental-variables.yml index 0fd15ce..15f731c 100644 --- a/tasks/validate/configuration/experimental-variables.yml +++ b/tasks/validate/configuration/experimental-variables.yml @@ -8,8 +8,10 @@ fail_msg: >- Experimental variable k3s_etcd_datastore has been configured. If you want to use this ensure you set k3s_use_experimental, - when: k3s_etcd_datastore is defined and k3s_etcd_datastore - and (k3s_release_version | replace('v', '')) is version_compare("1.19.5", '<') + when: + - k3s_etcd_datastore is defined + - k3s_etcd_datastore + - (k3s_release_version | replace('v', '')) is version_compare("1.19.5", '<') - name: Check if any experimental variables are configure and if they are enabled with k3s_use_experimental ansible.builtin.assert: @@ -23,6 +25,7 @@ Documentation: {{ item.documentation }} {% endif %} loop: "{{ k3s_experimental_config }}" - when: (item.setting in k3s_runtime_config and k3s_runtime_config[item.setting]) - and ((item.until is not defined) or - (item.until is defined and (k3s_release_version | replace('v', '')) is version_compare(item.until, '<'))) + when: + - (item.setting in k3s_runtime_config and k3s_runtime_config[item.setting]) + - ((item.until is not defined) or + (item.until is defined and (k3s_release_version | replace('v', '')) is version_compare(item.until, '<'))) diff --git a/tasks/validate/configuration/unsupported-rootless.yml b/tasks/validate/configuration/unsupported-rootless.yml index 55081db..d947243 100644 --- a/tasks/validate/configuration/unsupported-rootless.yml +++ b/tasks/validate/configuration/unsupported-rootless.yml @@ -57,5 +57,6 @@ - ansible_env['XDG_RUNTIME_DIR'] is defined - k3s_check_newuidmap_installed.rc == 0 success_msg: All kernel parameters passed - fail_msg: Kernel parameters are not set correctly, please check - https://github.com/rootless-containers/rootlesskit + fail_msg: >- + Kernel parameters are not set correctly, please check + https://github.com/rootless-containers/rootlesskit diff --git a/tasks/validate/configuration/variables.yml b/tasks/validate/configuration/variables.yml index a537289..3230c70 100644 --- a/tasks/validate/configuration/variables.yml +++ b/tasks/validate/configuration/variables.yml @@ -33,9 +33,10 @@ Documentation: {{ item.documentation }} {% endif %} loop: "{{ k3s_deprecated_config }}" - when: (item.when is not defined - or (item.when is defined and (k3s_release_version | replace('v', '')) is version_compare(item.when, '>='))) - and not k3s_use_unsupported_config + when: + - (item.when is not defined + or (item.when is defined and (k3s_release_version | replace('v', '')) is version_compare(item.when, '>='))) + - not k3s_use_unsupported_config - name: Check configuration in k3s_server and k3s_agent against release version ansible.builtin.assert: @@ -49,5 +50,6 @@ Documentation: {{ item.documentation }} {% endif %} loop: "{{ k3s_config_version_check }}" - when: k3s_config_version_check is defined - and item.setting in k3s_runtime_config + when: + - k3s_config_version_check is defined + - item.setting in k3s_runtime_config diff --git a/tasks/validate/environment/local/packages.yml b/tasks/validate/environment/local/packages.yml index ae16ed6..7a24af3 100644 --- a/tasks/validate/environment/local/packages.yml +++ b/tasks/validate/environment/local/packages.yml @@ -4,7 +4,9 @@ ansible.builtin.assert: that: - ansible_version.string is version_compare(k3s_ansible_min_version, '>=') - fail_msg: "Ansible v{{ ansible_version.string }} is not supported by this role. Please install >= v{{ k3s_ansible_min_version }}" + fail_msg: >- + Ansible v{{ ansible_version.string }} is not supported by this role. + Please install >= v{{ k3s_ansible_min_version }} success_msg: "Ansible v{{ ansible_version.string }} is supported." become: false delegate_to: localhost diff --git a/tasks/validate/environment/remote/packages.yml b/tasks/validate/environment/remote/packages.yml index a1e159a..2fb9b12 100644 --- a/tasks/validate/environment/remote/packages.yml +++ b/tasks/validate/environment/remote/packages.yml @@ -16,7 +16,8 @@ {% if package.documentation is defined %} Documentation: {{ package.documentation }} {% endif %} - when: (package.until is not defined - or k3s_release_version is version_compare(package.until, '>=')) - and (package.from is not defined - or k3s_release_version is version_compare(package.from, '>=')) + when: + - (package.until is not defined + or k3s_release_version is version_compare(package.until, '>=')) + - (package.from is not defined + or k3s_release_version is version_compare(package.from, '>=')) diff --git a/tasks/validate/main.yml b/tasks/validate/main.yml index 018e227..6a40f5d 100644 --- a/tasks/validate/main.yml +++ b/tasks/validate/main.yml @@ -5,8 +5,11 @@ - import_tasks: configuration/experimental-variables.yml - import_tasks: configuration/unsupported-rootless.yml - when: ("rootless" in k3s_runtime_config) - and k3s_runtime_config.rootless + when: + - k3s_runtime_config.rootless is defined + - k3s_runtime_config.rootless - import_tasks: configuration/control-node-count.yml - when: k3s_build_cluster is defined and k3s_build_cluster + when: + - k3s_build_cluster is defined + - k3s_build_cluster diff --git a/tasks/validate/pre-flight.yml b/tasks/validate/pre-flight.yml index 7477096..2387ceb 100644 --- a/tasks/validate/pre-flight.yml +++ b/tasks/validate/pre-flight.yml @@ -9,15 +9,19 @@ when: k3s_state is defined - import_tasks: environment/local/packages.yml - when: not k3s_skip_validation - and not k3s_skip_env_checks + when: + - not k3s_skip_validation + - not k3s_skip_env_checks - include_tasks: environment/remote/packages.yml loop: "{{ k3s_check_packages }}" loop_control: loop_var: package - when: not k3s_skip_validation - and not k3s_skip_env_checks + when: + - k3s_skip_validation + - not k3s_skip_env_checks - include_tasks: environment/local/issue-data.yml - when: pyratlabs_issue_controller_dump is defined and pyratlabs_issue_controller_dump + when: + - pyratlabs_issue_controller_dump is defined + - pyratlabs_issue_controller_dump diff --git a/tasks/validate/state/nodes.yml b/tasks/validate/state/nodes.yml index 565cee4..6351d8e 100644 --- a/tasks/validate/state/nodes.yml +++ b/tasks/validate/state/nodes.yml @@ -6,12 +6,14 @@ failed_when: kubectl_get_nodes_result.stdout.find("was refused") != -1 or kubectl_get_nodes_result.stdout.find("ServiceUnavailable") != -1 register: kubectl_get_nodes_result - until: kubectl_get_nodes_result.rc == 0 - and kubectl_get_nodes_result.stdout.find("NotReady") == -1 + until: + - kubectl_get_nodes_result.rc == 0 + - kubectl_get_nodes_result.stdout.find("NotReady") == -1 retries: 30 delay: 20 - when: k3s_control_node - and ("flannel-backend" not in k3s_runtime_config - or k3s_runtime_config["flannel-backend"] != "none") - and not ansible_check_mode + when: + - k3s_control_node + - ("flannel-backend" not in k3s_runtime_config + or k3s_runtime_config["flannel-backend"] != "none") + - not ansible_check_mode become: "{{ k3s_become_for_kubectl | ternary(true, false, k3s_become_for_all) }}" diff --git a/tasks/validate/state/uninstalled.yml b/tasks/validate/state/uninstalled.yml index f3b53bd..4480838 100644 --- a/tasks/validate/state/uninstalled.yml +++ b/tasks/validate/state/uninstalled.yml @@ -16,12 +16,16 @@ ignore_errors: true changed_when: false register: check_k3s_docker_process - when: ("docker" in k3s_runtime_config and k3s_runtime_config.docker) + when: + - k3s_runtime_config.docker is defined + - k3s_runtime_config.docker - name: Fail if docker is still running ansible.builtin.fail: msg: docker is still running, uninstall script failed. Please investigate. - when: ("docker" in k3s_runtime_config and k3s_runtime_config.docker) + when: + - k3s_runtime_config.docker is defined + - k3s_runtime_config.docker - name: Fail if k3s binaries have not been removed ansible.builtin.stat: @@ -41,7 +45,7 @@ - name: Fail if k3s-killall.sh script still exists ansible.builtin.fail: - msg: k3s-killall.sh is still running, uninstall script failed. Please investigate. + msg: k3s-killall.sh still exists, uninstall script failed. Please investigate. when: check_k3s_killall.stat.exists - name: Check k3s-uninstall.sh is removed @@ -51,5 +55,5 @@ - name: Fail if k3s-uninstall.sh script still exists ansible.builtin.fail: - msg: k3s-uninstall.sh is still running, uninstall script failed. Please investigate. + msg: k3s-uninstall.sh is still exists, uninstall script failed. Please investigate. when: check_k3s_uninstall.stat.exists diff --git a/templates/k3s.service.j2 b/templates/k3s.service.j2 index 4ce4af6..be9b553 100644 --- a/templates/k3s.service.j2 +++ b/templates/k3s.service.j2 @@ -1,8 +1,20 @@ [Unit] Description=Lightweight Kubernetes Documentation=https://k3s.io +{% for requires_unit in k3s_service_requires %} +Requires={{ requires_unit }} +{% endfor %} Wants=network-online.target +{% for wants_unit in k3s_service_wants %} +Wants={{ wants_unit }} +{% endfor %} +{% for before_unit in k3s_service_before %} +Before={{ before_unit }} +{% endfor %} After=network-online.target +{% for after_unit in k3s_service_after %} +After={{ after_unit }} +{% endfor %} [Service] Type={{ 'notify' if k3s_control_node else 'exec' }}