fix(become): only one variable neeed for become

CHANGELOG.md

@@ -14,6 +14,26 @@
 ---
 -->
 
+## 2022-01-02, v3.0.0
+
+### Notable changes
+
+  - feat: Flattened task filesystem
+  - feat: Moved some tasks into `vars/` as templated variables
+  - feat: Airgap installation method added #165
+
+### Breaking changes
+
+  - Minimum `python` version on targets is 3.6
+  - `k3s_become_for_all` renamed to `k3s_become`
+  - `k3s_become_for_*` removed.
+
+### Contributors
+
+  - [crutonjohn](https://github.com/crutonjohn)
+
+---
+
 ## 2021-12-23, v2.12.1
 
 ### Notable changes

README.md

@@ -1,10 +1,17 @@
-# Ansible Role: k3s (v2.x)
+# Ansible Role: k3s (v3.x)
 
 Ansible role for installing [K3S](https://k3s.io/) ("Lightweight
 Kubernetes") as either a standalone server or cluster.
 
 [![CI](https://github.com/PyratLabs/ansible-role-k3s/workflows/CI/badge.svg?event=push)](https://github.com/PyratLabs/ansible-role-k3s/actions?query=workflow%3ACI)
 
+## Help Wanted!
+
+Hi! :wave: [@xanmanning](https://github.com/xanmanning) is looking for a new
+maintainer to work on this Ansible role. This is because I don't have as much
+free time any more and I no longer write Ansible regularly as part of my day
+job. If you're interested, get in touch.
+
 ## Release notes
 
 Please see [Releases](https://github.com/PyratLabs/ansible-role-k3s/releases)
@@ -14,6 +21,7 @@ and [CHANGELOG.md](CHANGELOG.md).
 
 The host you're running Ansible from requires the following Python dependencies:
 
+  - `python >= 3.6.0`
   - `ansible >= 2.9.16` or `ansible-base >= 2.10.4`
 
 You can install dependencies using the requirements.txt file in this repository:
@@ -24,8 +32,7 @@ This role has been tested against the following Linux Distributions:
   - Amazon Linux 2
   - Archlinux
   - CentOS 8
-  - CentOS 7
-  - Debian 10
+  - Debian 11
   - Fedora 31
   - Fedora 32
   - Fedora 33
@@ -33,7 +40,7 @@ This role has been tested against the following Linux Distributions:
   - RockyLinux 8
   - Ubuntu 20.04 LTS
 
-:warning: The v2 releases of this role only supports `k3s >= v1.19`, for
+:warning: The v3 releases of this role only supports `k3s >= v1.19`, for
 `k3s < v1.19` please consider updating or use the v1.x releases of this role.
 
 Before upgrading, see [CHANGELOG](CHANGELOG.md) for notifications of breaking
@@ -180,18 +187,11 @@ configuration.
 The below variables are used to change the way the role executes in Ansible,
 particularly with regards to privilege escalation.
 
-| Variable                            | Description                                                         | Default Value |
-|-------------------------------------|---------------------------------------------------------------------|---------------|
-| `k3s_skip_validation`               | Skip all tasks that validate configuration.                         | `false`       |
-| `k3s_skip_env_checks`               | Skip all tasks that check environment configuration.                | `false`       |
-| `k3s_become_for_all`                | Escalate user privileges for all tasks. Overrides all of the below. | `false`       |
-| `k3s_become_for_systemd`            | Escalate user privileges for systemd tasks.                         | NULL          |
-| `k3s_become_for_install_dir`        | Escalate user privileges for creating installation directories.     | NULL          |
-| `k3s_become_for_directory_creation` | Escalate user privileges for creating application directories.      | NULL          |
-| `k3s_become_for_usr_local_bin`      | Escalate user privileges for writing to `/usr/local/bin`.           | NULL          |
-| `k3s_become_for_package_install`    | Escalate user privileges for installing k3s.                        | NULL          |
-| `k3s_become_for_kubectl`            | Escalate user privileges for running `kubectl`.                     | NULL          |
-| `k3s_become_for_uninstall`          | Escalate user privileges for uninstalling k3s.                      | NULL          |
+| Variable              | Description                                                    | Default Value |
+|-----------------------|----------------------------------------------------------------|---------------|
+| `k3s_skip_validation` | Skip all tasks that validate configuration.                    | `false`       |
+| `k3s_skip_env_checks` | Skip all tasks that check environment configuration.           | `false`       |
+| `k3s_become`          | Escalate user privileges for tasks that need root permissions. | `false`       |
 
 #### Important note about `k3s_release_version`
 

defaults/main.yml

@@ -127,15 +127,8 @@ k3s_agent: {}
 # Ansible Controller configuration
 ##
 
-# Use become privileges for
-k3s_become_for_all: false
-k3s_become_for_systemd: null
-k3s_become_for_install_dir: null
-k3s_become_for_directory_creation: null
-k3s_become_for_usr_local_bin: null
-k3s_become_for_package_install: null
-k3s_become_for_kubectl: null
-k3s_become_for_uninstall: null
+# Use become privileges?
+k3s_become: false
 
 # Private registry configuration.
 # Rancher k3s documentation: https://rancher.com/docs/k3s/latest/en/installation/private-registry/

handlers/main.yml

@@ -4,7 +4,7 @@
   ansible.builtin.systemd:
     daemon_reload: true
     scope: "{{ k3s_systemd_context }}"
-  become: "{{ k3s_become_for_systemd | ternary(true, false, k3s_become_for_all) }}"
+  become: "{{ k3s_become }}"
 
 - name: restart k3s
   ansible.builtin.systemd:
@@ -18,4 +18,4 @@
   failed_when:
     - k3s_systemd_restart_k3s is not success
     - not ansible_check_mode
-  become: "{{ k3s_become_for_systemd | ternary(true, false, k3s_become_for_all) }}"
+  become: "{{ k3s_become }}"

tasks/ensure_cluster.yml

@@ -8,7 +8,7 @@
   when:
     - k3s_control_token is not defined
     - not ansible_check_mode
-  become: "{{ k3s_become_for_kubectl | ternary(true, false, k3s_become_for_all) }}"
+  become: "{{ k3s_become }}"
 
 - name: Ensure cluster token is formatted correctly for use in templates
   ansible.builtin.set_fact:
@@ -26,14 +26,14 @@
     path: "{{ k3s_token_location | dirname }}"
     state: directory
     mode: 0755
-  become: "{{ k3s_become_for_systemd | ternary(true, false, k3s_become_for_all) }}"
+  become: "{{ k3s_become }}"
 
 - name: Ensure k3s cluster token file is present
   ansible.builtin.template:
     src: cluster-token.j2
     dest: "{{ k3s_token_location }}"
     mode: 0600
-  become: "{{ k3s_become_for_install_dir | ternary(true, false, k3s_become_for_all) }}"
+  become: "{{ k3s_become }}"
   notify:
     - restart k3s
 
@@ -42,7 +42,7 @@
     src: k3s.service.j2
     dest: "{{ k3s_systemd_unit_dir }}/k3s.service"
     mode: 0644
-  become: "{{ k3s_become_for_systemd | ternary(true, false, k3s_become_for_all) }}"
+  become: "{{ k3s_become }}"
   notify:
     - reload systemd
     - restart k3s
@@ -55,7 +55,7 @@
   notify:
     - reload systemd
     - restart k3s
-  become: "{{ k3s_become_for_install_dir | ternary(true, false, k3s_become_for_all) }}"
+  become: "{{ k3s_become }}"
 
 - name: Ensure secondary controllers are started
   ansible.builtin.systemd:
@@ -72,7 +72,7 @@
   when:
     - k3s_control_node
     - not k3s_primary_control_node
-  become: "{{ k3s_become_for_systemd | ternary(true, false, k3s_become_for_all) }}"
+  become: "{{ k3s_become }}"
 
 - import_tasks: post_checks_control_plane.yml
   when: not k3s_skip_validation

tasks/ensure_containerd_registries.yml

@@ -8,4 +8,4 @@
   notify:
     - reload systemd
     - restart k3s
-  become: "{{ k3s_become_for_install_dir | ternary(true, false, k3s_become_for_all) }}"
+  become: "{{ k3s_become }}"

tasks/ensure_directories.yml

@@ -5,7 +5,7 @@
     path: "{{ directory.path }}"
     state: directory
     mode: "{{ directory.mode | default(755) }}"
-  become: "{{ k3s_become_for_directory_creation | ternary(true, false, k3s_become_for_all) }}"
+  become: "{{ k3s_become }}"
   when:
     - directory.path is defined
     - directory.path | length > 0

tasks/ensure_downloads.yml

@@ -48,4 +48,4 @@
     dest: "{{ k3s_install_dir }}/k3s-{{ k3s_release_version }}"
     checksum: "sha256:{{ k3s_hash_sum }}"
     mode: 0755
-  become: "{{ k3s_become_for_install_dir | ternary(true, false, k3s_become_for_all)  }}"
+  become: "{{ k3s_become }}"

tasks/ensure_drain_and_remove_nodes.yml

@@ -4,7 +4,7 @@
   ansible.builtin.stat:
     path: "{{ k3s_install_dir }}/kubectl"
   register: k3s_check_kubectl
-  become: "{{ k3s_become_for_kubectl | ternary(true, false, k3s_become_for_all) }}"
+  become: "{{ k3s_become }}"
 
 - name: Clean up nodes that are in an uninstalled state
   block:
@@ -17,7 +17,7 @@
       delegate_to: "{{ k3s_control_delegate }}"
       run_once: true
       register: kubectl_get_nodes_result
-      become: "{{ k3s_become_for_kubectl | ternary(true, false, k3s_become_for_all) }}"
+      become: "{{ k3s_become }}"
 
     - name: Ensure uninstalled nodes are drained
       ansible.builtin.command:
@@ -34,7 +34,7 @@
         - hostvars[item].k3s_state is defined
         - hostvars[item].k3s_state == 'uninstalled'
       loop: "{{ ansible_play_hosts }}"
-      become: "{{ k3s_become_for_kubectl | ternary(true, false, k3s_become_for_all) }}"
+      become: "{{ k3s_become }}"
 
     - name: Ensure uninstalled nodes are removed
       ansible.builtin.command:
@@ -47,7 +47,7 @@
         - hostvars[item].k3s_state is defined
         - hostvars[item].k3s_state == 'uninstalled'
       loop: "{{ ansible_play_hosts }}"
-      become: "{{ k3s_become_for_kubectl | ternary(true, false, k3s_become_for_all) }}"
+      become: "{{ k3s_become }}"
 
   when:
     - k3s_check_kubectl.stat.exists is defined

tasks/ensure_installed.yml

@@ -35,4 +35,4 @@
   when: (k3s_control_node and k3s_controller_list | length == 1)
         or (k3s_primary_control_node and k3s_controller_list | length > 1)
         or k3s_token_cluster_check.stat.exists
-  become: "{{ k3s_become_for_systemd | ternary(true, false, k3s_become_for_all) }}"
+  become: "{{ k3s_become }}"

tasks/ensure_installed_node.yml

@@ -15,7 +15,7 @@
   when: not ansible_check_mode
   notify:
     - restart k3s
-  become: "{{ k3s_become_for_install_dir | ternary(true, false, k3s_become_for_all) }}"
+  become: "{{ k3s_become }}"
 
 - name: Ensure k3s config file exists
   ansible.builtin.template:
@@ -25,7 +25,7 @@
   notify:
     - reload systemd
     - restart k3s
-  become: "{{ k3s_become_for_install_dir | ternary(true, false, k3s_become_for_all) }}"
+  become: "{{ k3s_become }}"
 
 - name: Ensure k3s service unit file is present
   ansible.builtin.template:
@@ -35,14 +35,14 @@
   notify:
     - reload systemd
     - restart k3s
-  become: "{{ k3s_become_for_systemd | ternary(true, false, k3s_become_for_all) }}"
+  become: "{{ k3s_become }}"
 
 - name: Ensure k3s killall script is present
   ansible.builtin.template:
     src: k3s-killall.sh.j2
     dest: "/usr/local/bin/k3s-killall.sh"
     mode: 0700
-  become: "{{ k3s_become_for_usr_local_bin | ternary(true, false, k3s_become_for_all) }}"
+  become: "{{ k3s_become }}"
   when:
     - k3s_runtime_config is defined
     - ("rootless" not in k3s_runtime_config or not k3s_runtime_config.rootless)
@@ -52,7 +52,7 @@
     src: k3s-uninstall.sh.j2
     dest: "/usr/local/bin/k3s-uninstall.sh"
     mode: 0700
-  become: "{{ k3s_become_for_usr_local_bin | ternary(true, false, k3s_become_for_all) }}"
+  become: "{{ k3s_become }}"
   when:
     - k3s_runtime_config is defined
     - ("rootless" not in k3s_runtime_config or not k3s_runtime_config.rootless)

tasks/ensure_k3s_auto_deploy.yml

@@ -8,7 +8,7 @@
   when: >-
     k3s_server_manifests_templates | length > 0
     or k3s_server_manifests_urls | length > 0
-  become: "{{ k3s_become_for_directory_creation | ternary(true, false, k3s_become_for_all) }}"
+  become: "{{ k3s_become }}"
 
 - name: Ensure that the pod-manifests directory exists
   ansible.builtin.file:
@@ -18,7 +18,7 @@
   when: >-
     k3s_server_pod_manifests_templates | length > 0
     or k3s_server_pod_manifests_urls | length > 0
-  become: "{{ k3s_become_for_directory_creation | ternary(true, false, k3s_become_for_all) }}"
+  become: "{{ k3s_become }}"
 
 # https://rancher.com/docs/k3s/latest/en/advanced/#auto-deploying-manifests
 - name: Ensure auto-deploying manifests are copied to the primary controller
@@ -27,7 +27,7 @@
     dest: "{{ k3s_server_manifests_dir }}/{{ item | basename | replace('.j2','') }}"
     mode: 0644
   loop: "{{ k3s_server_manifests_templates }}"
-  become: "{{ k3s_become_for_directory_creation | ternary(true, false, k3s_become_for_all) }}"
+  become: "{{ k3s_become }}"
   when:
     - k3s_server_manifests_templates | length > 0
 
@@ -37,7 +37,7 @@
     dest: "{{ k3s_server_manifests_dir }}/{{ item.filename }}"
     mode: 0644
   loop: "{{ k3s_server_manifests_urls }}"
-  become: "{{ k3s_become_for_directory_creation | ternary(true, false, k3s_become_for_all) }}"
+  become: "{{ k3s_become }}"
   when:
     - not ansible_check_mode
     - k3s_server_manifests_urls | length > 0
@@ -49,7 +49,7 @@
     dest: "{{ k3s_server_pod_manifests_dir }}/{{ item | basename | replace('.j2','') }}"
     mode: 0644
   loop: "{{ k3s_server_pod_manifests_templates }}"
-  become: "{{ k3s_become_for_directory_creation | ternary(true, false, k3s_become_for_all) }}"
+  become: "{{ k3s_become }}"
 
 # https://rancher.com/docs/k3s/latest/en/advanced/#auto-deploying-manifests
 - name: Ensure auto-deploying manifests are downloaded to the primary controller
@@ -58,5 +58,5 @@
     dest: "{{ k3s_server_pod_manifests_dir }}/{{ item.filename }}"
     mode: 0644
   loop: "{{ k3s_server_pod_manifests_urls }}"
-  become: "{{ k3s_become_for_directory_creation | ternary(true, false, k3s_become_for_all) }}"
+  become: "{{ k3s_become }}"
   when: not ansible_check_mode

tasks/ensure_k3s_config_files.yml

@@ -8,7 +8,7 @@
   when: >-
     k3s_server_config_yaml_d_files | length > 0
     or k3s_agent_config_yaml_d_files | length > 0
-  become: "{{ k3s_become_for_directory_creation | ternary(true, false, k3s_become_for_all) }}"
+  become: "{{ k3s_become }}"
 
 # https://github.com/k3s-io/k3s/pull/3162
 - name: Ensure configuration files are copied to controllers
@@ -17,7 +17,7 @@
     dest: "{{ k3s_config_yaml_d_dir }}/{{ item | basename | replace('.j2','') }}"
     mode: 0644
   loop: "{{ k3s_server_config_yaml_d_files }}"
-  become: "{{ k3s_become_for_directory_creation | ternary(true, false, k3s_become_for_all) }}"
+  become: "{{ k3s_become }}"
   when: k3s_control_node
 
 # https://github.com/k3s-io/k3s/pull/3162
@@ -27,5 +27,5 @@
     dest: "{{ k3s_config_yaml_d_dir }}/{{ item | basename | replace('.j2','') }}"
     mode: 0644
   loop: "{{ k3s_agent_config_yaml_d_files }}"
-  become: "{{ k3s_become_for_directory_creation | ternary(true, false, k3s_become_for_all) }}"
+  become: "{{ k3s_become }}"
   when: not k3s_control_node

tasks/ensure_started.yml

@@ -6,7 +6,7 @@
     state: started
     enabled: "{{ k3s_start_on_boot }}"
   when: k3s_non_root is not defined or not k3s_non_root
-  become: "{{ k3s_become_for_systemd | ternary(true, false, k3s_become_for_all) }}"
+  become: "{{ k3s_become }}"
 
 - name: Ensure k3s service is started
   ansible.builtin.systemd:
@@ -17,4 +17,4 @@
   when:
     - k3s_non_root is defined
     - k3s_non_root
-  become: "{{ k3s_become_for_systemd | ternary(true, false, k3s_become_for_all) }}"
+  become: "{{ k3s_become }}"

tasks/ensure_stopped.yml

@@ -6,7 +6,7 @@
     state: stopped
     enabled: "{{ k3s_start_on_boot }}"
   when: k3s_non_root is not defined or not k3s_non_root
-  become: "{{ k3s_become_for_systemd | ternary(true, false, k3s_become_for_all) }}"
+  become: "{{ k3s_become }}"
 
 - name: Ensure k3s service is started
   ansible.builtin.systemd:
@@ -17,4 +17,4 @@
   when:
     - k3s_non_root is defined
     - k3s_non_root
-  become: "{{ k3s_become_for_systemd | ternary(true, false, k3s_become_for_all) }}"
+  become: "{{ k3s_become }}"

tasks/ensure_uninstalled.yml

@@ -16,7 +16,7 @@
   register: k3s_killall
   changed_when: k3s_killall.rc == 0
   when: check_k3s_killall_script.stat.exists
-  become: "{{ k3s_become_for_uninstall | ternary(true, false, k3s_become_for_all) }}"
+  become: "{{ k3s_become }}"
 
 - name: Run k3s-uninstall.sh
   ansible.builtin.command:
@@ -26,7 +26,7 @@
   register: k3s_uninstall
   changed_when: k3s_uninstall.rc == 0
   when: check_k3s_uninstall_script.stat.exists
-  become: "{{ k3s_become_for_uninstall | ternary(true, false, k3s_become_for_all) }}"
+  become: "{{ k3s_become }}"
 
 - name: Ensure hard links are removed
   ansible.builtin.file:
@@ -39,4 +39,4 @@
   when:
     - k3s_install_hard_links
     - not ansible_check_mode
-  become: "{{ k3s_become_for_uninstall | ternary(true, false, k3s_become_for_all) }}"
+  become: "{{ k3s_become }}"

tasks/ensure_uploads.yml

@@ -12,4 +12,4 @@
     # TODO: allow airgap to bypass version post-fix
     dest: "{{ k3s_install_dir }}/k3s-{{ k3s_release_version }}"
     mode: 0755
-  become: "{{ k3s_become_for_install_dir | ternary(true, false, k3s_become_for_all)  }}"
+  become: "{{ k3s_become }}"

tasks/post_checks_nodes.yml

@@ -17,4 +17,4 @@
     - ("flannel-backend" not in k3s_runtime_config
        or k3s_runtime_config["flannel-backend"] != "none")
     - not ansible_check_mode
-  become: "{{ k3s_become_for_kubectl | ternary(true, false, k3s_become_for_all) }}"
+  become: "{{ k3s_become }}"

tasks/pre_checks.yml

@@ -81,6 +81,8 @@
     - k3s_runtime_config.rootless
     - not k3s_skip_validation
 
+- import_tasks: ensure_pre_configuration.yml
+
 - import_tasks: pre_checks_control_node_count.yml
   when:
     - k3s_build_cluster is defined

tasks/pre_checks_cluster.yml

@@ -16,4 +16,4 @@
   failed_when:
     - not k3s_check_cluster_token.stat.exists
     - not ansible_check_mode
-  become: "{{ k3s_become_for_kubectl | ternary(true, false, k3s_become_for_all) }}"
+  become: "{{ k3s_become }}"

tasks/state_installed.yml

@@ -1,7 +1,5 @@
 ---
 
-- import_tasks: ensure_pre_configuration.yml
-
 - import_tasks: ensure_drain_and_remove_nodes.yml
 
 - import_tasks: determine_systemd_context.yml

test_versions.sh

@@ -1,64 +0,0 @@
-#!/usr/bin/env bash
-set -euo pipefail
-
-ANSIBLE_RELEASE_FEED="$(curl -Ssl https://api.github.com/repos/ansible/ansible/tags?per_page=50)"
-TMPDIR="$(mktemp -d /tmp/molecule.XXXXX)"
-
-function ansible_releases {
-    local RELEASE_LIST_ALL
-
-    RELEASE_LIST_ALL="$(echo "${ANSIBLE_RELEASE_FEED}" | grep -E "\"name\": \"v[0-9]+\.[0-9]+\.[0-9]+\"")"
-
-    for RELEASE in ${RELEASE_LIST_ALL} ; do
-        echo "${RELEASE}" | grep -v "name" | sed -E 's/"v([0-9]+\.[0-9]+\.[0-9]+)",/\1/g' || true
-    done
-}
-
-function build_requirements {
-    local TEST_REQUIREMENTS
-    local REQUIREMENTS
-    local ANSIBLE_VERSION
-
-    ANSIBLE_VERSION="${1:-true}"
-
-    if [ "${ANSIBLE_VERSION}" == "true" ] ; then
-        echo "Something went wrong!"
-        exit 1
-    fi
-
-    TEST_REQUIREMENTS=$(<molecule/requirements.txt)
-    REQUIREMENTS=$(echo "${TEST_REQUIREMENTS}" | grep -v "requirements.txt" || true)
-    if [[ "${ANSIBLE_VERSION}" =~ "^v2\.10" ]] ; then
-        echo -e "ansible==${ANSIBLE_VERSION}\nansible-base==${ANSIBLE_VERSION}\n${REQUIREMENTS}"
-    else
-        echo -e "ansible==${ANSIBLE_VERSION}\n${REQUIREMENTS}"
-    fi
-}
-
-function make_venv {
-    local MOLECULE_RESULT
-
-    python3 -m venv "${TMPDIR}/${1:-ansible}"
-    source "${TMPDIR}/${1:-ansible}/bin/activate"
-    pip3 install -r "${TMPDIR}/version_requirements.txt" || true
-    MOLECULE_RESULT=$(molecule test | grep -E "CRITICAL|fatal:" || echo ":heavy_check_mark:")
-    if [ "${MOLECULE_RESULT}" != ":heavy_check_mark:" ] ; then
-        MOLECULE_RESULT=":x:"
-    fi
-    deactivate
-
-    echo -n "${MOLECULE_RESULT}" | tee -a /tmp/molecule_tests.md
-}
-
-function main {
-    echo "| Version   | Result             |" | tee /tmp/molecule_tests.md
-    echo "| --------- | ------------------ |" | tee -a /tmp/molecule_tests.md
-    for TEST_ANSIBLE in $(ansible_releases) ; do
-        echo -n "| ${TEST_ANSIBLE} | " | tee -a /tmp/molecule_tests.md
-        build_requirements "${TEST_ANSIBLE}" > "${TMPDIR}/version_requirements.txt"
-        make_venv "${TEST_ANSIBLE}"
-        echo " |" | tee -a /tmp/molecule_tests.md
-    done
-}
-
-main