mirrors/k3s-ansible
1
0
Fork 1
mirror of https://github.com/k3s-io/k3s-ansible.git synced 2025-12-25 00:12:37 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix linting to bring back 'production' status for all non-server k3s roles

Browse Source 
Signed-off-by: Derek Nola <derek.nola@suse.com>
This commit is contained in:
Derek Nola
2025-09-15 12:09:45 -07:00
parent d397c5c3dd
commit b77e0049c8
5 changed files with 63 additions and 64 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
roles/airgap/tasks/main.yml
View File

@@ -13,13 +13,13 @@
delegate_to: localhost delegate_to: localhost
ansible.builtin.stat: ansible.builtin.stat:
path: "{{ airgap_dir + '/k3s-install.sh' }}" path: "{{ airgap_dir + '/k3s-install.sh' }}"
register: host_install_script register: airgap_host_install_script
- name: Download k3s install script - name: Download k3s install script
become: false become: false
delegate_to: localhost delegate_to: localhost
# Workaround for https://github.com/ansible/ansible/issues/64016 # Workaround for https://github.com/ansible/ansible/issues/64016
when: not host_install_script.stat.exists when: not airgap_host_install_script.stat.exists
ansible.builtin.get_url: ansible.builtin.get_url:
url: https://get.k3s.io/ url: https://get.k3s.io/
timeout: 120 timeout: 120
@@ -34,11 +34,11 @@
group: root group: root
mode: "0755" mode: "0755"
- name: Determine architecture and set k3s_arch - name: Determine architecture and set airgap_k3s_arch
ansible.builtin.set_fact: ansible.builtin.set_fact:
k3s_arch: "{{ 'arm64' if ansible_architecture == 'aarch64' else 'arm' if ansible_architecture == 'armv7l' else 'amd64' }}" airgap_k3s_arch: "{{ 'arm64' if ansible_architecture == 'aarch64' else 'arm' if ansible_architecture == 'armv7l' else 'amd64' }}"
- name: Distribute K3s binary {{ k3s_arch }} - name: Distribute K3s binary {{ airgap_k3s_arch }}
ansible.builtin.copy: ansible.builtin.copy:
src: "{{ item }}" src: "{{ item }}"
dest: /usr/local/bin/k3s dest: /usr/local/bin/k3s
@@ -47,7 +47,7 @@
mode: "0755" mode: "0755"
with_first_found: with_first_found:
- files: - files:
- "{{ airgap_dir }}/k3s-{{ k3s_arch }}" - "{{ airgap_dir }}/k3s-{{ airgap_k3s_arch }}"
- "{{ airgap_dir }}/k3s" - "{{ airgap_dir }}/k3s"
# with_first_found always runs, even inside the when block # with_first_found always runs, even inside the when block
# so we need to skip it if the file is not found # so we need to skip it if the file is not found
@@ -62,15 +62,15 @@
mode: "0755" mode: "0755"
with_fileglob: with_fileglob:
- "{{ airgap_dir }}/k3s-selinux*.rpm" - "{{ airgap_dir }}/k3s-selinux*.rpm"
register: selinux_copy register: airgap_selinux_copy
ignore_errors: true ignore_errors: true
- name: Install K3s SELinux RPM - name: Install K3s SELinux RPM
when: when:
- ansible_os_family == 'RedHat' - ansible_os_family == 'RedHat'
- selinux_copy.skipped is false - airgap_selinux_copy.skipped is false
ansible.builtin.dnf: ansible.builtin.dnf:
name: "{{ selinux_copy.results[0].dest }}" name: "{{ airgap_selinux_copy.results[0].dest }}"
state: present state: present
disable_gpg_check: true disable_gpg_check: true
disablerepo: "*" disablerepo: "*"

10
roles/k3s_agent/tasks/main.yml
View File

@@ -1,21 +1,21 @@
--- ---
- name: Get k3s installed version - name: Get k3s installed version
ansible.builtin.command: k3s --version ansible.builtin.command: k3s --version
register: k3s_version_output register: k3s_agent_version_output
changed_when: false changed_when: false
ignore_errors: true ignore_errors: true
- name: Set k3s installed version - name: Set k3s installed version
when: not ansible_check_mode and k3s_version_output.rc == 0 when: not ansible_check_mode and k3s_agent_version_output.rc == 0
ansible.builtin.set_fact: ansible.builtin.set_fact:
installed_k3s_version: "{{ k3s_version_output.stdout_lines[0].split(' ')[2] }}" k3s_agent_installed_version: "{{ k3s_agent_version_output.stdout_lines[0].split(' ')[2] }}"
# If airgapped, all K3s artifacts are already on the node. # If airgapped, all K3s artifacts are already on the node.
# We should be downloading and installing the newer version only if we are in one of the following cases : # We should be downloading and installing the newer version only if we are in one of the following cases :
# - we couldn't get k3s installed version in the first task of this role # - we couldn't get k3s installed version in the first task of this role
# - the installed version of K3s on the nodes is older than the requested version in ansible vars # - the installed version of K3s on the nodes is older than the requested version in ansible vars
- name: Download artifact only if needed - name: Download artifact only if needed
when: not ansible_check_mode and airgap_dir is undefined and ( k3s_version_output.rc != 0 or installed_k3s_version is version(k3s_version, '<') ) when: not ansible_check_mode and airgap_dir is undefined and ( k3s_agent_version_output.rc != 0 or k3s_agent_installed_version is version(k3s_version, '<') )
block: block:
- name: Download K3s install script - name: Download K3s install script
ansible.builtin.get_url: ansible.builtin.get_url:
@@ -50,6 +50,7 @@
mode: "0755" mode: "0755"
state: directory state: directory
- name: Copy config values - name: Copy config values
# noqa var-naming[no-role-prefix]
ansible.builtin.copy: ansible.builtin.copy:
content: "{{ agent_config_yaml }}" content: "{{ agent_config_yaml }}"
dest: "/etc/rancher/k3s/config.yaml" dest: "/etc/rancher/k3s/config.yaml"
@@ -57,6 +58,7 @@
register: _agent_config_result register: _agent_config_result
- name: Get the token from the first server - name: Get the token from the first server
# noqa var-naming[no-role-prefix]
ansible.builtin.set_fact: ansible.builtin.set_fact:
token: "{{ hostvars[groups[server_group][0]].token }}" token: "{{ hostvars[groups[server_group][0]].token }}"

7
roles/k3s_upgrade/tasks/main.yml
View File

@@ -3,21 +3,22 @@
# local control-plane instead of the remote host. Shell supports wildcards. # local control-plane instead of the remote host. Shell supports wildcards.
- name: Get k3s installed version - name: Get k3s installed version
ansible.builtin.command: k3s --version ansible.builtin.command: k3s --version
register: k3s_version_output register: k3s_upgrade_version_output
changed_when: false changed_when: false
check_mode: false check_mode: false
- name: Set k3s installed version - name: Set k3s installed version
ansible.builtin.set_fact: ansible.builtin.set_fact:
installed_k3s_version: "{{ k3s_version_output.stdout_lines[0].split(' ')[2] }}" k3s_upgrade_current_version: "{{ k3s_upgrade_version_output.stdout_lines[0].split(' ')[2] }}"
check_mode: false check_mode: false
# We should be downloading and installing the newer version only if we are in the following case : # We should be downloading and installing the newer version only if we are in the following case :
# - the installed version of K3s on the nodes is older than the requested version in ansible vars # - the installed version of K3s on the nodes is older than the requested version in ansible vars
- name: Update node only if needed - name: Update node only if needed
when: installed_k3s_version is version(k3s_version, '<') when: k3s_upgrade_current_version is version(k3s_version, '<')
block: block:
- name: Find K3s service files - name: Find K3s service files
# noqa var-naming[no-role-prefix]
ansible.builtin.find: ansible.builtin.find:
paths: "{{ systemd_dir }}" paths: "{{ systemd_dir }}"
patterns: "k3s*.service" patterns: "k3s*.service"

22
roles/prereq/tasks/main.yml
View File

@@ -44,11 +44,11 @@
ansible.builtin.command: ansible.builtin.command:
cmd: ufw status cmd: ufw status
changed_when: false changed_when: false
register: ufw_status register: prereq_ufw_status
- name: If ufw enabled, open api port - name: If ufw enabled, open api port
when: when:
- "'Status: active' in ufw_status['stdout']" - "'Status: active' in prereq_ufw_status['stdout']"
community.general.ufw: community.general.ufw:
rule: allow rule: allow
port: "{{ api_port }}" port: "{{ api_port }}"
@@ -56,7 +56,7 @@
- name: If ufw enabled, open etcd ports - name: If ufw enabled, open etcd ports
when: when:
- "'Status: active' in ufw_status['stdout']" - "'Status: active' in prereq_ufw_status['stdout']"
- groups[server_group] | length > 1 - groups[server_group] | length > 1
community.general.ufw: community.general.ufw:
rule: allow rule: allow
@@ -65,7 +65,7 @@
- name: If ufw enabled, allow default CIDRs - name: If ufw enabled, allow default CIDRs
when: when:
- "'Status: active' in ufw_status['stdout']" - "'Status: active' in prereq_ufw_status['stdout']"
community.general.ufw: community.general.ufw:
rule: allow rule: allow
src: '{{ item }}' src: '{{ item }}'
@@ -162,19 +162,19 @@
- name: Check for Apparmor existence - name: Check for Apparmor existence
ansible.builtin.stat: ansible.builtin.stat:
path: /sys/module/apparmor/parameters/enabled path: /sys/module/apparmor/parameters/enabled
register: apparmor_enabled register: prereq_apparmor_enabled
- name: Check if Apparmor is enabled - name: Check if Apparmor is enabled
when: apparmor_enabled.stat.exists when: prereq_apparmor_enabled.stat.exists
ansible.builtin.command: cat /sys/module/apparmor/parameters/enabled ansible.builtin.command: cat /sys/module/apparmor/parameters/enabled
register: apparmor_status register: prereq_apparmor_status
changed_when: false changed_when: false
- name: Install Apparmor Parser [Suse] - name: Install Apparmor Parser [Suse]
when: when:
- ansible_os_family == 'Suse' - ansible_os_family == 'Suse'
- apparmor_status is defined - prereq_apparmor_status is defined
- apparmor_status.stdout == "Y" - prereq_apparmor_status.stdout == "Y"
ansible.builtin.package: ansible.builtin.package:
name: apparmor-parser name: apparmor-parser
state: present state: present
@@ -183,8 +183,8 @@
when: when:
- ansible_distribution == 'Debian' - ansible_distribution == 'Debian'
- ansible_facts['distribution_major_version'] == "11" - ansible_facts['distribution_major_version'] == "11"
- apparmor_status is defined - prereq_apparmor_status is defined
- apparmor_status.stdout == "Y" - prereq_apparmor_status.stdout == "Y"
ansible.builtin.package: ansible.builtin.package:
name: apparmor name: apparmor
state: present state: present

36
roles/raspberrypi/tasks/main.yml
View File

@@ -1,52 +1,48 @@
--- ---
- name: Test for raspberry pi /proc/cpuinfo - name: Test for raspberry pi /proc/cpuinfo
ansible.builtin.command: grep -E "Raspberry Pi|BCM2708|BCM2709|BCM2835|BCM2836" /proc/cpuinfo ansible.builtin.command: grep -E "Raspberry Pi|BCM2708|BCM2709|BCM2835|BCM2836" /proc/cpuinfo
register: grep_cpuinfo_raspberrypi register: raspberrypi_grep_cpuinfo
failed_when: false failed_when: false
changed_when: false changed_when: false
- name: Test for raspberry pi /proc/device-tree/model - name: Test for raspberry pi /proc/device-tree/model
ansible.builtin.command: grep -E "Raspberry Pi" /proc/device-tree/model ansible.builtin.command: grep -E "Raspberry Pi" /proc/device-tree/model
register: grep_device_tree_model_raspberrypi register: raspberrypi_grep_device_tree_model
failed_when: false failed_when: false
changed_when: false changed_when: false
- name: Set raspberry_pi fact to true - name: Run Raspberry Pi-specific tasks
ansible.builtin.set_fact:
raspberry_pi: true
when: when:
grep_cpuinfo_raspberrypi.rc == 0 or grep_device_tree_model_raspberrypi.rc == 0 - raspberrypi_grep_cpuinfo.rc == 0 or raspberrypi_grep_device_tree_model.rc == 0
block:
- name: Set detected_distribution to Raspbian - name: Set detected_distribution to Raspbian
# noqa var-naming[no-role-prefix]
ansible.builtin.set_fact: ansible.builtin.set_fact:
detected_distribution: Raspbian detected_distribution: Raspbian
when: > when: >
raspberry_pi|default(false) and ansible_facts.lsb.id|default("") == "Raspbian" or
( ansible_facts.lsb.id|default("") == "Raspbian" or ansible_facts.lsb.description|default("") is match("[Rr]aspbian.*")
ansible_facts.lsb.description|default("") is match("[Rr]aspbian.*") )
- name: Set detected_distribution to Debian - name: Set detected_distribution to Debian
# noqa var-naming[no-role-prefix]
ansible.builtin.set_fact: ansible.builtin.set_fact:
detected_distribution: Debian detected_distribution: Debian
when: > when: >
raspberry_pi|default(false) and ansible_facts.lsb.id|default("") == "Debian" or
( ansible_facts.lsb.id|default("") == "Debian" or ansible_facts.lsb.description|default("") is match("Debian")
ansible_facts.lsb.description|default("") is match("Debian") )
- name: Set detected_distribution to ArchLinux (ARM64) - name: Set detected_distribution to ArchLinux (ARM64)
# noqa var-naming[no-role-prefix]
ansible.builtin.set_fact: ansible.builtin.set_fact:
detected_distribution: Archlinux detected_distribution: Archlinux
when: when:
- ansible_facts.architecture is search("aarch64") - ansible_facts.architecture is search("aarch64")
- raspberry_pi|default(false)
- ansible_facts.os_family is match("Archlinux") - ansible_facts.os_family is match("Archlinux")
- name: Execute OS related tasks on the Raspberry Pi - name: Execute OS related tasks on the Raspberry Pi
ansible.builtin.include_tasks: "{{ item }}" ansible.builtin.include_tasks: "{{ item }}"
with_first_found: with_first_found:
- "prereq/{{ detected_distribution }}.yml" - "prereq/{{ detected_distribution }}.yml"
- "prereq/{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml" - "prereq/{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml"
- "prereq/{{ ansible_distribution }}.yml" - "prereq/{{ ansible_distribution }}.yml"
- "prereq/default.yml" - "prereq/default.yml"
when:
- raspberry_pi|default(false)