|
36 | 36 | name: "{{ (server_group in group_names) | ternary('k3s', 'k3s-agent') }}" |
37 | 37 |
|
38 | 38 | # We only save the token if the user did not provide one, leading to an auto-generated token on first install. |
| 39 | + # If you want the actual token value, you need to use the k3s_upgrade_old_token.stdout |
39 | 40 | - name: Save the existing K3s token if needed |
40 | 41 | when: |
41 | 42 | - token is not defined |
|
44 | 45 | register: k3s_upgrade_old_token |
45 | 46 | changed_when: false |
46 | 47 |
|
| 48 | + - name: Construct Server config |
| 49 | + when: server_group in group_names |
| 50 | + block: |
| 51 | + # Start with an empty config |
| 52 | + - name: Set empty server config |
| 53 | + ansible.builtin.set_fact: |
| 54 | + k3s_server_config: {} |
| 55 | + |
| 56 | + # If token is provided, add it to the config |
| 57 | + - name: Add token to server config |
| 58 | + when: token is defined |
| 59 | + ansible.builtin.set_fact: |
| 60 | + k3s_server_config: "{{ k3s_server_config | combine({'token': token}) }}" |
| 61 | + |
| 62 | + # If token is not defined, use the old token |
| 63 | + - name: Add old token to server config |
| 64 | + when: token is not defined |
| 65 | + ansible.builtin.set_fact: |
| 66 | + k3s_server_config: "{{ k3s_server_config | combine({'token': k3s_upgrade_old_token.stdout}) }}" |
| 67 | + |
| 68 | + - name: Determine if tls-san is already in config or args |
| 69 | + # noqa var-naming[no-role-prefix] |
| 70 | + ansible.builtin.set_fact: |
| 71 | + _api_endpoint_in_config: >- |
| 72 | + {% if server_config_yaml is defined and api_endpoint is defined and server_config_yaml | regex_search('tls-san:.*' + api_endpoint | regex_escape(), ignorecase=True) %} |
| 73 | + true |
| 74 | + {% else %} |
| 75 | + false |
| 76 | + {% endif %} |
| 77 | + _api_endpoint_in_args: >- |
| 78 | + {% if api_endpoint is defined and extra_server_args | regex_search('--tls-san[=\s]+' + api_endpoint | regex_escape(), ignorecase=True) %} |
| 79 | + true |
| 80 | + {% else %} |
| 81 | + false |
| 82 | + {% endif %} |
| 83 | +
|
| 84 | + - name: Add TLS SAN to config if needed |
| 85 | + when: |
| 86 | + - api_endpoint is defined |
| 87 | + - api_endpoint != ansible_hostname |
| 88 | + - not (_api_endpoint_in_config | trim | bool) |
| 89 | + - not (_api_endpoint_in_args | trim | bool) |
| 90 | + ansible.builtin.set_fact: |
| 91 | + k3s_server_config: "{{ k3s_server_config | combine({'tls-san': api_endpoint}) }}" |
| 92 | + |
| 93 | + - name: Add cluster-init to server config for first server in HA-IC setup |
| 94 | + when: |
| 95 | + - (groups[server_group] | length) > 1 |
| 96 | + - inventory_hostname == groups[server_group][0] or ansible_host == groups[server_group][0] |
| 97 | + - not use_external_database |
| 98 | + ansible.builtin.set_fact: |
| 99 | + k3s_server_config: "{{ k3s_server_config | combine({'cluster-init': true}) }}" |
| 100 | + |
| 101 | + # If not the first server in an HA-IC setup, setup the server: URL for joining the cluster |
| 102 | + # server: https://{{ api_endpoint }}:{{ api_port }} |
| 103 | + - name: Add server URL to server config for joining servers in HA-IC setup |
| 104 | + when: (groups[server_group] | length) > 1 and inventory_hostname != groups[server_group][0] and not use_external_database |
| 105 | + ansible.builtin.set_fact: |
| 106 | + k3s_server_config: "{{ k3s_server_config | combine({'server': 'https://' + api_endpoint + ':' + api_port | string}) }}" |
| 107 | + |
| 108 | + # If the user has provided additional server config, merge it with the generated config |
| 109 | + - name: Merge user server config with generated server config |
| 110 | + when: server_config_yaml is defined |
| 111 | + ansible.builtin.set_fact: |
| 112 | + k3s_server_config: "{{ k3s_server_config | combine(server_config_yaml | from_yaml) }}" |
| 113 | + |
| 114 | + - name: Convert server config to YAML and write to file |
| 115 | + when: not ansible_check_mode |
| 116 | + ansible.builtin.copy: |
| 117 | + content: "{{ k3s_server_config | to_nice_yaml }}" |
| 118 | + dest: "/etc/rancher/k3s/config.yaml" |
| 119 | + mode: "0644" |
| 120 | + register: k3s_server_config_result |
| 121 | + |
47 | 122 | - name: Install new K3s Version [server] |
48 | 123 | # For some reason, ansible-lint thinks using enviroment with command is an error |
49 | 124 | # even though its valid https://ansible.readthedocs.io/projects/lint/rules/inline-env-var/#correct-code |
|
64 | 139 |
|
65 | 140 | - name: Get the token from the first server |
66 | 141 | # noqa var-naming[no-role-prefix] |
| 142 | + when: |
| 143 | + - agent_group in group_names |
| 144 | + - token is not defined |
67 | 145 | ansible.builtin.set_fact: |
68 | | - k3s_server_upgrade_old_token: "{{ hostvars[groups[server_group][0]].k3s_upgrade_old_token }}" |
| 146 | + k3s_upgrade_old_server_token: "{{ hostvars[groups[server_group][0]].k3s_upgrade_old_token }}" |
69 | 147 |
|
70 | 148 | - name: Install new K3s Version [agent] |
71 | 149 | # For some reason, ansible-lint thinks using enviroment with command is an error |
|
85 | 163 | INSTALL_K3S_SYSTEMD_DIR: "{{ systemd_dir }}" |
86 | 164 | INSTALL_K3S_VERSION: "{{ k3s_version }}" |
87 | 165 | INSTALL_K3S_EXEC: "agent --server https://{{ api_endpoint }}:{{ api_port }} {{ extra_agent_args }}" |
88 | | - K3S_TOKEN: "{{ token if token is defined else k3s_server_upgrade_old_token.stdout }}" |
| 166 | + K3S_TOKEN: "{{ token if token is defined else k3s_upgrade_old_server_token.stdout }}" |
89 | 167 | # We overrides the extra_install_envs with required keys from _base_envs on purpose |
90 | 168 | _install_envs: "{{ extra_install_envs | default({}) | combine(_base_envs) }}" |
91 | 169 | changed_when: true |
92 | 170 |
|
93 | | - - name: Regenerate K3s service file [server] |
94 | | - when: server_group in group_names |
95 | | - block: |
96 | | - - name: Determine if tls-san is already in config or args |
97 | | - # noqa var-naming[no-role-prefix] |
98 | | - ansible.builtin.set_fact: |
99 | | - _api_endpoint_in_args: >- |
100 | | - {% if api_endpoint is defined and extra_server_args | default('') | regex_search('--tls-san[=\s]+' + api_endpoint | regex_escape(), ignorecase=True) %} |
101 | | - true |
102 | | - {% else %} |
103 | | - false |
104 | | - {% endif %} |
105 | | -
|
106 | | - - name: Add TLS SAN to arguments if needed |
107 | | - when: |
108 | | - - api_endpoint is defined |
109 | | - - api_endpoint != ansible_hostname |
110 | | - - not (_api_endpoint_in_args | trim | bool) |
111 | | - # noqa var-naming[no-role-prefix] |
112 | | - ansible.builtin.set_fact: |
113 | | - opt_tls_san: "--tls-san={{ api_endpoint }}" |
114 | | - |
115 | | - - name: Copy K3s service file [Single/External DB] |
116 | | - when: groups[server_group] | length == 1 or use_external_database | default(false) |
117 | | - ansible.builtin.template: |
118 | | - src: "k3s.service.j2" |
119 | | - dest: "{{ systemd_dir }}/k3s.service" |
120 | | - owner: root |
121 | | - group: root |
122 | | - mode: "0644" |
123 | | - vars: |
124 | | - cluster_init: false |
125 | | - join: false |
126 | | - |
127 | | - - name: Copy K3s service file [HA - first server] |
128 | | - when: |
129 | | - - groups[server_group] | length > 1 |
130 | | - - not use_external_database | default(false) |
131 | | - - inventory_hostname == groups[server_group][0] or ansible_host == groups[server_group][0] |
132 | | - ansible.builtin.template: |
133 | | - src: "k3s.service.j2" |
134 | | - dest: "{{ systemd_dir }}/k3s.service" |
135 | | - owner: root |
136 | | - group: root |
137 | | - mode: "0644" |
138 | | - vars: |
139 | | - cluster_init: true |
140 | | - join: false |
141 | | - |
142 | | - - name: Copy K3s service file [HA - joining server] |
143 | | - when: |
144 | | - - groups[server_group] | length > 1 |
145 | | - - not use_external_database | default(false) |
146 | | - - inventory_hostname != groups[server_group][0] and ansible_host != groups[server_group][0] |
147 | | - ansible.builtin.template: |
148 | | - src: "k3s.service.j2" |
149 | | - dest: "{{ systemd_dir }}/k3s.service" |
150 | | - owner: root |
151 | | - group: root |
152 | | - mode: "0644" |
153 | | - vars: |
154 | | - cluster_init: false |
155 | | - join: true |
156 | | - |
157 | | - - name: Add token to the environment [server] |
158 | | - when: server_group in group_names |
159 | | - no_log: true # avoid logging the server token |
160 | | - ansible.builtin.lineinfile: |
161 | | - path: "{{ systemd_dir }}/k3s.service.env" |
162 | | - regexp: '^K3S_TOKEN=' |
163 | | - line: "K3S_TOKEN={{ token is defined | ternary(token, k3s_upgrade_old_token.stdout) }}" |
| 171 | + - name: Reload systemd daemon |
| 172 | + when: |
| 173 | + - not ansible_check_mode |
| 174 | + - ansible_facts['service_mgr'] == 'systemd' |
| 175 | + ansible.builtin.systemd: |
| 176 | + daemon_reload: true |
164 | 177 |
|
165 | 178 | - name: Restart K3s service [server] |
166 | 179 | when: server_group in group_names |
167 | | - ansible.builtin.systemd: |
| 180 | + ansible.builtin.service: |
168 | 181 | state: restarted |
169 | | - daemon_reload: true |
170 | 182 | name: k3s |
171 | 183 |
|
172 | 184 | - name: Restart K3s service [agent] |
|
0 commit comments