Tidy up and refactoring of tasks
- `k3s_config_dir` derived from `k3s_config_file`, reused throughout the role to allow for easy removal of "Rancher" references #73. - `k3s_token_location` has moved to be in `k3s_config_dir`. - Tasks for creating directories now looped to caputure configuration from `k3s_server` and `k3s_agent` and ensure directories exist before k3s starts, see #75. - Server token collected directly from token file, not symlinked file (node-token). - `k3s_runtime_config` defined in `vars/` for validation and overwritten in tasks for control plane and workers. - Removed unused references to GitHub API.
This commit is contained in:
parent
ef6c579336
commit
e48e368162
27
CHANGELOG.md
27
CHANGELOG.md
|
@ -14,6 +14,33 @@
|
|||
---
|
||||
-->
|
||||
|
||||
## DATE, v2.4.0
|
||||
|
||||
### Notable changes
|
||||
|
||||
- `k3s_config_dir` derived from `k3s_config_file`, reused throughout the role
|
||||
to allow for easy removal of "Rancher" references #73.
|
||||
- `k3s_token_location` has moved to be in `k3s_config_dir`.
|
||||
- Tasks for creating directories now looped to caputure configuration from
|
||||
`k3s_server` and `k3s_agent` and ensure directories exist before k3s
|
||||
starts, see #75.
|
||||
- Server token collected directly from token file, not symlinked file
|
||||
(node-token).
|
||||
- `k3s_runtime_config` defined in `vars/` for validation and overwritten in
|
||||
tasks for control plane and workers.
|
||||
- Removed unused references to GitHub API.
|
||||
|
||||
### Breaking changes
|
||||
|
||||
- `k3s_token_location` has moved to be in `k3s_config_dir` so re-running the
|
||||
role will create a duplicate file here.
|
||||
|
||||
### Known issues
|
||||
|
||||
### Contributors
|
||||
|
||||
---
|
||||
|
||||
## 2020-12-19, v2.3.0
|
||||
|
||||
### Notable changes
|
||||
|
|
21
README.md
21
README.md
|
@ -154,17 +154,16 @@ configuration.
|
|||
The below variables are used to change the way the role executes in Ansible,
|
||||
particularly with regards to privilege escalation.
|
||||
|
||||
| Variable | Description | Default Value |
|
||||
|----------------------------------|---------------------------------------------------------------------|---------------|
|
||||
| `k3s_become_for_all` | Escalate user privileges for all tasks. Overrides all of the below. | `false` |
|
||||
| `k3s_become_for_systemd` | Escalate user privileges for systemd tasks. | NULL |
|
||||
| `k3s_become_for_install_dir` | Escalate user privileges for creating installation directories. | NULL |
|
||||
| `k3s_become_for_manifests_dir` | Escalate user privileges for creating manifests directory. | NULL |
|
||||
| `k3s_become_for_usr_local_bin` | Escalate user privileges for writing to `/usr/local/bin`. | NULL |
|
||||
| `k3s_become_for_data_dir` | Escalate user privileges for creating data directory. | NULL |
|
||||
| `k3s_become_for_package_install` | Escalate user privileges for installing k3s. | NULL |
|
||||
| `k3s_become_for_kubectl` | Escalate user privileges for running `kubectl`. | NULL |
|
||||
| `k3s_become_for_uninstall` | Escalate user privileges for uninstalling k3s. | NULL |
|
||||
| Variable | Description | Default Value |
|
||||
|-------------------------------------|---------------------------------------------------------------------|---------------|
|
||||
| `k3s_become_for_all` | Escalate user privileges for all tasks. Overrides all of the below. | `false` |
|
||||
| `k3s_become_for_systemd` | Escalate user privileges for systemd tasks. | NULL |
|
||||
| `k3s_become_for_install_dir` | Escalate user privileges for creating installation directories. | NULL |
|
||||
| `k3s_become_for_directory_creation` | Escalate user privileges for creating application directories. | NULL |
|
||||
| `k3s_become_for_usr_local_bin` | Escalate user privileges for writing to `/usr/local/bin`. | NULL |
|
||||
| `k3s_become_for_package_install` | Escalate user privileges for installing k3s. | NULL |
|
||||
| `k3s_become_for_kubectl` | Escalate user privileges for running `kubectl`. | NULL |
|
||||
| `k3s_become_for_uninstall` | Escalate user privileges for uninstalling k3s. | NULL |
|
||||
|
||||
#### Important note about `k3s_release_version`
|
||||
|
||||
|
|
|
@ -71,9 +71,8 @@ k3s_agent: {}
|
|||
k3s_become_for_all: false
|
||||
k3s_become_for_systemd: null
|
||||
k3s_become_for_install_dir: null
|
||||
k3s_become_for_manifests_dir: null
|
||||
k3s_become_for_directory_creation: null
|
||||
k3s_become_for_usr_local_bin: null
|
||||
k3s_become_for_data_dir: null
|
||||
k3s_become_for_package_install: null
|
||||
k3s_become_for_kubectl: null
|
||||
k3s_become_for_uninstall: null
|
||||
|
|
|
@ -5,6 +5,11 @@
|
|||
vars:
|
||||
molecule_is_test: true
|
||||
k3s_build_cluster: false
|
||||
k3s_install_dir: /opt/k3s/bin
|
||||
k3s_config_file: /opt/k3s/etc/k3s.yaml
|
||||
k3s_server:
|
||||
data-dir: /var/lib/k3s-io
|
||||
default-local-storage-path: /var/lib/k3s-io/local-storage
|
||||
k3s_server_manifests_templates:
|
||||
- "molecule/autodeploy/templates/00-ns-monitoring.yml.j2"
|
||||
roles:
|
||||
|
|
|
@ -1,25 +1,25 @@
|
|||
---
|
||||
|
||||
- name: Ensure NODE_TOKEN is captured from control node
|
||||
- name: Ensure cluster token is captured from control node
|
||||
ansible.builtin.slurp:
|
||||
path: "{{ k3s_runtime_config['data-dir'] | default(k3s_data_dir) }}/server/node-token"
|
||||
register: k3s_slurped_control_token
|
||||
path: "{{ k3s_runtime_config['data-dir'] | default(k3s_data_dir) }}/server/token"
|
||||
register: k3s_slurped_cluster_token
|
||||
delegate_to: "{{ k3s_control_delegate }}"
|
||||
when: k3s_control_token is not defined and not ansible_check_mode
|
||||
become: "{{ k3s_become_for_kubectl | ternary(true, false, k3s_become_for_all) }}"
|
||||
|
||||
- name: Ensure NODE_TOKEN is formatted correctly for use in templates
|
||||
- name: Ensure cluster token is formatted correctly for use in templates
|
||||
set_fact:
|
||||
k3s_control_token: "{{ k3s_slurped_control_token.content | b64decode }}"
|
||||
k3s_control_token: "{{ k3s_slurped_cluster_token.content | b64decode }}"
|
||||
when: k3s_control_token is not defined and not ansible_check_mode
|
||||
|
||||
- name: Ensure dummy NODE_TOKEN is defined for ansible_check_mode
|
||||
- name: Ensure dumme cluster token is defined for ansible_check_mode
|
||||
set_fact:
|
||||
k3s_control_token: "{{ k3s_control_delegate | to_uuid }}"
|
||||
check_mode: false
|
||||
when: k3s_control_token is not defined and ansible_check_mode
|
||||
|
||||
- name: Ensure the cluster NODE_TOKEN file location exists
|
||||
- name: Ensure the clustee cluster token file location exists
|
||||
ansible.builtin.file:
|
||||
path: "{{ k3s_token_location | dirname }}"
|
||||
state: directory
|
||||
|
|
|
@ -0,0 +1,10 @@
|
|||
---
|
||||
|
||||
- name: Ensure {{ directory.name }} exists
|
||||
ansible.builtin.file:
|
||||
path: "{{ directory.path }}"
|
||||
state: directory
|
||||
mode: "{{ directory.mode | default(0755) }}"
|
||||
become: "{{ k3s_become_for_directory_creation | ternary(true, false, k3s_become_for_all) }}"
|
||||
when: directory.path is defined
|
||||
and directory.path != omit
|
|
@ -1,28 +1,9 @@
|
|||
---
|
||||
|
||||
- name: Ensure config directory exists
|
||||
ansible.builtin.file:
|
||||
path: "{{ k3s_config_file | dirname }}"
|
||||
state: directory
|
||||
mode: 0755
|
||||
become: "{{ k3s_become_for_install_dir | ternary(true, false, k3s_become_for_all) }}"
|
||||
|
||||
- name: Ensure systemd unit file directory exists
|
||||
ansible.builtin.file:
|
||||
path: "{{ k3s_systemd_unit_dir }}"
|
||||
state: directory
|
||||
mode: 0755
|
||||
become: "{{ k3s_become_for_systemd | ternary(true, false, k3s_become_for_all) }}"
|
||||
|
||||
- name: Ensure data directory exists when not using the default
|
||||
ansible.builtin.file:
|
||||
path: "{{ k3s_runtime_config['data-dir'] | default(k3s_data_dir) }}"
|
||||
state: directory
|
||||
mode: 0755
|
||||
become: "{{ k3s_become_for_data_dir | ternary(true, false, k3s_become_for_all) }}"
|
||||
when: k3s_runtime_config is defined
|
||||
and "data-dir" in k3s_runtime_config
|
||||
and k3s_runtime_config['data-dir'] != k3s_data_dir
|
||||
- include_tasks: install-k3s-directories.yml
|
||||
loop: "{{ k3s_ensure_directories_exist }}"
|
||||
loop_control:
|
||||
loop_var: directory
|
||||
|
||||
- include_tasks: install-k3s-node.yml
|
||||
when: ((k3s_control_node and k3s_controller_count | length == 1)
|
||||
|
|
|
@ -6,7 +6,7 @@
|
|||
path: "{{ k3s_server_manifests_dir }}"
|
||||
mode: 0755
|
||||
when: k3s_server_manifests_templates | length > 0
|
||||
become: "{{ k3s_become_for_manifests_dir | ternary(true, false, k3s_become_for_all) }}"
|
||||
become: "{{ k3s_become_for_directory_creation | ternary(true, false, k3s_become_for_all) }}"
|
||||
|
||||
# https://rancher.com/docs/k3s/latest/en/advanced/#auto-deploying-manifests
|
||||
- name: Ensure Auto-Deploying Manifests are copied to controllers
|
||||
|
@ -15,4 +15,4 @@
|
|||
dest: "{{ k3s_server_manifests_dir }}/{{ item | basename | replace('.j2','') }}"
|
||||
mode: 0644
|
||||
loop: "{{ k3s_server_manifests_templates }}"
|
||||
become: "{{ k3s_become_for_manifests_dir | ternary(true, false, k3s_become_for_all) }}"
|
||||
become: "{{ k3s_become_for_directory_creation | ternary(true, false, k3s_become_for_all) }}"
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
---
|
||||
|
||||
- name: Check if any experimental variables are configure and if they are enabled with k3s_use_experimental
|
||||
- name: Check if embedded etcd datastore is enabled and marked as experimental
|
||||
ansible.builtin.assert:
|
||||
that:
|
||||
- k3s_use_experimental is defined and k3s_use_experimental
|
||||
|
|
|
@ -1,5 +0,0 @@
|
|||
---
|
||||
|
||||
- name: Ensure k3s_runtime_config is set for validation
|
||||
set_fact:
|
||||
k3s_runtime_config: "{{ (k3s_server | default({})) | combine (k3s_agent | default({})) }}"
|
|
@ -8,8 +8,6 @@
|
|||
success_msg: "k3s_state is valid."
|
||||
when: k3s_state is defined
|
||||
|
||||
- import_tasks: generate-check-config.yml
|
||||
|
||||
- import_tasks: check-environment.yml
|
||||
when: not k3s_skip_validation
|
||||
|
||||
|
|
|
@ -37,7 +37,7 @@ for bin in {{ k3s_install_dir }}/k3s*; do
|
|||
fi
|
||||
done
|
||||
|
||||
rm -rf {{ k3s_config_file | dirname }}
|
||||
rm -rf {{ k3s_config_dir }}
|
||||
rm -rf /run/k3s
|
||||
rm -rf /run/flannel
|
||||
rm -rf {{ k3s_runtime_config['data-dir'] | default(k3s_data_dir) }}
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
---
|
||||
|
||||
# Minimum supported version
|
||||
# Minimum supported versions
|
||||
k3s_min_version: 1.19.3
|
||||
|
||||
# Valid states for this role
|
||||
|
@ -43,15 +43,14 @@ k3s_arch_lookup:
|
|||
# Always default to stable channel, this will change with k3s_release_version
|
||||
k3s_release_channel: stable
|
||||
|
||||
# Create the API address for the k3s_github_url that has been specified
|
||||
k3s_github_api: "{{ k3s_github_url | replace('github.com', 'api.github.com') }}"
|
||||
# Create the latest release API link for github. Possibly deprecated with k3s.io updates API
|
||||
k3s_github_api_releases: "{{ k3s_github_api | replace('.com', '.com/repos') }}/releases/latest"
|
||||
# K3s updates API
|
||||
k3s_api_releases: https://update.k3s.io/v1-release/channels
|
||||
# Download location for releases
|
||||
k3s_github_download_url: "{{ k3s_github_url }}/releases/download"
|
||||
|
||||
# Generate a runtime config dictionary for validation
|
||||
k3s_runtime_config: "{{ (k3s_server | default({})) | combine (k3s_agent | default({})) }}"
|
||||
|
||||
# Empty array for counting the number of control plane nodes
|
||||
k3s_controller_count: []
|
||||
|
||||
|
@ -62,16 +61,30 @@ k3s_systemd_context: system
|
|||
# management, this should live in /etc/systemd, not /lib/systemd
|
||||
k3s_systemd_unit_dir: "/etc/systemd/{{ k3s_systemd_context }}"
|
||||
|
||||
# Directory for gathering the k3s token for clustering. I don't see this changing.
|
||||
k3s_token_location: "/etc/rancher/cluster-token"
|
||||
|
||||
# Data directory location for k3s
|
||||
k3s_data_dir: /var/lib/rancher/k3s
|
||||
k3s_data_dir: "{{ k3s_runtime_config['data-dir'] | default('/var/lib/rancher/k3s') }}"
|
||||
|
||||
# Config directroy location for k3s
|
||||
k3s_config_dir: "{{ k3s_config_file | dirname }}"
|
||||
|
||||
# Directory for gathering the k3s token for clustering. I don't see this changing.
|
||||
k3s_token_location: "{{ k3s_config_dir }}/cluster-token"
|
||||
|
||||
# Path for additional Kubernetes Manifests
|
||||
# https://rancher.com/docs/k3s/latest/en/advanced/#auto-deploying-manifests
|
||||
k3s_server_manifests_dir: "{{ k3s_data_dir }}/server/manifests"
|
||||
|
||||
# Directories that we need to ensure exist
|
||||
k3s_ensure_directories_exist:
|
||||
- name: Config directory
|
||||
path: "{{ k3s_config_dir }}"
|
||||
- name: Systemd unit file directory
|
||||
path: "{{ k3s_systemd_unit_dir }}"
|
||||
- name: Data directory
|
||||
path: "{{ k3s_data_dir }}"
|
||||
- name: Default local storage path
|
||||
path: "{{ k3s_runtime_config['default-local-storage-path'] | default(omit) }}"
|
||||
|
||||
# Config items that should not appear in k3s_server or k3s_agent
|
||||
k3s_config_exclude:
|
||||
- setting: server
|
||||
|
|
Loading…
Reference in New Issue