From be3e72e17342b06c06e978d4b6839c350a2348bb Mon Sep 17 00:00:00 2001 From: Simon Leiner Date: Mon, 30 Jan 2023 04:20:25 +0100 Subject: [PATCH] Do not rely on ansible_user (#214) * Apply "become" on roles instead of plays This leads to facts being gathered for the "regular" login user, instead of root. * Do not rely on ansible_user Instead of reading ansible_user (which may or may not be defined), this patch lets the roles rely on Ansible facts [1]. [1]: https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_vars_facts.html --- reboot.yml | 2 +- reset.yml | 4 +++- roles/k3s/master/defaults/main.yml | 1 - roles/k3s/master/tasks/main.yml | 10 +++++----- roles/k3s/post/tasks/metallb.yml | 4 ++-- site.yml | 10 ++++++---- 6 files changed, 17 insertions(+), 14 deletions(-) diff --git a/reboot.yml b/reboot.yml index 38911b8c..a9706655 100644 --- a/reboot.yml +++ b/reboot.yml @@ -2,8 +2,8 @@ - name: Reboot k3s_cluster hosts: k3s_cluster gather_facts: yes - become: yes tasks: - name: Reboot the nodes (and Wait upto 5 mins max) + become: true reboot: reboot_timeout: 300 diff --git a/reset.yml b/reset.yml index da267314..18846bb9 100644 --- a/reset.yml +++ b/reset.yml @@ -2,12 +2,14 @@ - hosts: k3s_cluster gather_facts: yes - become: yes roles: - role: reset + become: true - role: raspberrypi + become: true vars: {state: absent} post_tasks: - name: Reboot and wait for node to come back up + become: true reboot: reboot_timeout: 3600 diff --git a/roles/k3s/master/defaults/main.yml b/roles/k3s/master/defaults/main.yml index dd03dd10..24e4a6a9 100644 --- a/roles/k3s/master/defaults/main.yml +++ b/roles/k3s/master/defaults/main.yml @@ -1,5 +1,4 @@ --- -ansible_user: root server_init_args: >- {% if groups['master'] | length > 1 %} {% if ansible_hostname == hostvars[groups['master'][0]]['ansible_hostname'] %} diff --git a/roles/k3s/master/tasks/main.yml b/roles/k3s/master/tasks/main.yml index 053ff7b7..76b910c3 100644 --- a/roles/k3s/master/tasks/main.yml +++ b/roles/k3s/master/tasks/main.yml @@ -97,24 +97,24 @@ - name: Create directory .kube file: - path: ~{{ ansible_user }}/.kube + path: "{{ ansible_user_dir }}/.kube" state: directory - owner: "{{ ansible_user }}" + owner: "{{ ansible_user_id }}" mode: "u=rwx,g=rx,o=" - name: Copy config file to user home directory copy: src: /etc/rancher/k3s/k3s.yaml - dest: ~{{ ansible_user }}/.kube/config + dest: "{{ ansible_user_dir }}/.kube/config" remote_src: yes - owner: "{{ ansible_user }}" + owner: "{{ ansible_user_id }}" mode: "u=rw,g=,o=" - name: Configure kubectl cluster to {{ endpoint_url }} command: >- k3s kubectl config set-cluster default --server={{ endpoint_url }} - --kubeconfig ~{{ ansible_user }}/.kube/config + --kubeconfig {{ ansible_user_dir }}/.kube/config changed_when: true vars: endpoint_url: >- diff --git a/roles/k3s/post/tasks/metallb.yml b/roles/k3s/post/tasks/metallb.yml index 2bbab5a9..df3455b1 100644 --- a/roles/k3s/post/tasks/metallb.yml +++ b/roles/k3s/post/tasks/metallb.yml @@ -3,7 +3,7 @@ file: path: /tmp/k3s state: directory - owner: "{{ ansible_user }}" + owner: "{{ ansible_user_id }}" mode: 0755 with_items: "{{ groups['master'] }}" run_once: true @@ -12,7 +12,7 @@ template: src: "metallb.crs.j2" dest: "/tmp/k3s/metallb-crs.yaml" - owner: "{{ ansible_user }}" + owner: "{{ ansible_user_id }}" mode: 0755 with_items: "{{ groups['master'] }}" run_once: true diff --git a/site.yml b/site.yml index f8401297..35f81df2 100644 --- a/site.yml +++ b/site.yml @@ -2,23 +2,25 @@ - hosts: k3s_cluster gather_facts: yes - become: yes roles: - role: prereq + become: true - role: download + become: true - role: raspberrypi + become: true - hosts: master - become: yes roles: - role: k3s/master + become: true - hosts: node - become: yes roles: - role: k3s/node + become: true - hosts: master - become: yes roles: - role: k3s/post + become: true