* Check for existing k3s install script during airgap deployment
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Update vagrant file to newer OS
Signed-off-by: Derek Nola <derek.nola@suse.com>
---------
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Prevent multiple tokens in k3s.service.env
If site.yml playbook is executed multiple times with different tokens,
they will all accumulate in k3s.service.env. They won't do any harm
because the last one wins, however it is a matter of good housekeeping
to delete the old before inserting a new one.
Signed-off-by: Marko Vukovic <8951449+anon-software@users.noreply.github.com>
* Selectively remove existing token from the environment file
If the existing token in the environment file is the same as the token
used for the playbook run, leave it in the file to avoid false changed
status from the task.
Signed-off-by: Marko Vukovic <8951449+anon-software@users.noreply.github.com>
---------
Signed-off-by: Marko Vukovic <8951449+anon-software@users.noreply.github.com>
* Security exposure related to the token
The installation playbook saves the token into the systemd unit
configuration file /etc/systemd/system/k3s.service. The problem is that
according to K3s' documentation "the server token should be guarded
carefully" (https://docs.k3s.io/cli/token), yet the configuration file
is readable by anybody. A better solution is to save the token into its
corresponding environment file /etc/systemd/system/k3s.service.env which
is readable by the super user only. This is what the standard K3s'
installation script (https://get.k3s.io) does.
Signed-off-by: Marko Vukovic <8951449+anon-software@users.noreply.github.com>
* Restore the server URL into systemd configuration file
There aren't any security implications in keeping it there.
Signed-off-by: Marko Vukovic <8951449+anon-software@users.noreply.github.com>
---------
Signed-off-by: Marko Vukovic <8951449+anon-software@users.noreply.github.com>
* Better cleanup with reset playbook
The install playbook adds some convenience commands into the user's
.bashrc. If K3s is uninstalled, these commands produce errors. Since
they are eaily identifiable, it is trivial to remove them to improve
the user's experience.
Signed-off-by: Marko Vukovic <8951449+anon-software@users.noreply.github.com>
* More flexible cgroup settings
If there are already required cgroup boot parameters present but in a
different order than specified, the script will add them again. It is
better to test for the individual parameter in a loop and selectively
add them as necessary.
Signed-off-by: Marko Vukovic <anonsoftware@gmail.com>
Signed-off-by: Marko Vukovic <anonsoftware@gmail.com>
Signed-off-by: Marko Vukovic <8951449+anon-software@users.noreply.github.com>
* Make agent and server groups configurable
Signed-off-by: Meagan Harris <thewitch@siliconsorceress.com>
* Fix typo in upgrade role
Co-authored-by: Derek Nola <derek.nola@suse.com>
Signed-off-by: Meagan Harris <47128741+simagick@users.noreply.github.com>
---------
Signed-off-by: Meagan Harris <thewitch@siliconsorceress.com>
Signed-off-by: Meagan Harris <47128741+simagick@users.noreply.github.com>
Co-authored-by: Derek Nola <derek.nola@suse.com>
* Implement compatible yamllint, make octals explicit
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Replace yum with dnf, yum is deprecated
Signed-off-by: Derek Nola <derek.nola@suse.com>
---------
Signed-off-by: Derek Nola <derek.nola@suse.com>
- [Agent : Download artefact only if needed](roles/k3s_agent/tasks/main.yml#L13)
- [Server : Download artefact only if needed](roles/k3s_server/tasks/main.yml#L13)
- [Upgrade : Upgrade node only if needed](roles/k3s_upgrade/tasks/main.yml#L14)
Linked issue #264 k3s_server and k3s_agent tasks are not idempotent
Signed-off-by: Loïc Dubard <loic97429@gmail.com>
* Enable skipping bootcmd verification in Raspberry PI
Signed-off-by: Jose Luis Pedrosa <jlpedrosa@gmail.com>
Co-authored-by: Derek Nola <derek.nola@suse.com>
As detailed in https://github.com/k3s-io/k3s-ansible/issues/295, this
commit fixes the issue that if `kubeconfig` is set to anything other
than the defaults value, then:
- `~/.kube/config` is modified.
- No file at `{{ kubeconfig }}` is created.
- Any existing file and `{{ kubeconfig }}` is deleted.
Signed-off-by: Nick To <nick@nickto.net>
* Limited boolean values to true/false;
Signed-off-by: Jon S. Stumpf <jon.stumpf@gmail.com>
* Moved ArchLinux prereq task to be a handler;
Signed-off-by: Jon S. Stumpf <jon.stumpf@gmail.com>
* Standardized task name for adding cgroup support;
Signed-off-by: Jon S. Stumpf <jon.stumpf@gmail.com>
* Have backrefs: follow path:;
Signed-off-by: Jon S. Stumpf <jon.stumpf@gmail.com>
* Addressed ansible-lint errors;
Signed-off-by: Jon S. Stumpf <jon.stumpf@gmail.com>
* Fixed#264, task 7: Copy K3s service file;
Signed-off-by: Jon S. Stumpf <jon.stumpf@gmail.com>
---------
Signed-off-by: Jon S. Stumpf <jon.stumpf@gmail.com>
* make reset work with alt k3s dir and root user
Signed-off-by: gmautner <gilberto.mautner@locaweb.com.br>
Signed-off-by: Gilberto Mautner <gilberto.mautner@locaweb.com.br>
* Added changed_when
Signed-off-by: gmautner <gilberto.mautner@locaweb.com.br>
Signed-off-by: Gilberto Mautner <gilberto.mautner@locaweb.com.br>
* Checks if we removed alt dir contents
Co-authored-by: Derek Nola <derek.nola@suse.com>
Signed-off-by: Gilberto Mautner <gilberto.mautner@locaweb.com.br>
---------
Signed-off-by: gmautner <gilberto.mautner@locaweb.com.br>
Signed-off-by: Gilberto Mautner <gilberto.mautner@locaweb.com.br>
Co-authored-by: Derek Nola <derek.nola@suse.com>
* do not blindly overwrite kube config
Signed-off-by: Roman Ivanov <me@roivanov.com>
* don't need to check if an existing config exists
Co-authored-by: Derek Nola <derek.nola@suse.com>
Signed-off-by: Roman Ivanov <me@roivanov.com>