mirrors/k3s-ansible
1
0
Fork 1
mirror of https://github.com/k3s-io/k3s-ansible.git synced 2026-03-10 12:12:12 +01:00
Code Issues Packages Projects Releases Wiki Activity

Support openrc systems on agent nodes, added openrc test matrix (#489)

Browse Source 
Signed-off-by: Derek Nola <derek.nola@suse.com>
This commit is contained in:
Derek Nola
2026-01-20 09:29:40 -08:00
committed by GitHub
parent 67ca2bfd1c
commit f6491bb524
3 changed files with 76 additions and 56 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
.github/workflows/integration.yml vendored
View File

@@ -10,10 +10,19 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
strategy: strategy:
matrix: matrix:
container_os: [debian12] service_mgr: [systemd, openrc]
# K3s requires privileged containers to run inside Docker and access to cgrougs. # K3s requires privileged containers to run inside Docker and access to cgrougs.
steps: steps:
- name: Set container OS based on service manager
id: set-container
run: |
if [ "${{ matrix.service_mgr }}" == "systemd" ]; then
echo "container_os=geerlingguy/docker-debian12-ansible" >> $GITHUB_ENV
else
echo "container_os=jrei/openrc-alpine" >> $GITHUB_ENV
fi
- name: Checkout codebase - name: Checkout codebase
uses: actions/checkout@v6 uses: actions/checkout@v6
@@ -42,7 +51,7 @@ jobs:
--volume=/lib/modules:/lib/modules:ro \ --volume=/lib/modules:/lib/modules:ro \
--cgroupns=host \ --cgroupns=host \
--network=k3s-ansible \ --network=k3s-ansible \
geerlingguy/docker-${{ matrix.container_os }}-ansible:latest geerlingguy/docker-debian12-ansible:latest
# Start the Agent node # Start the Agent node
docker run -d --name agent-node \ docker run -d --name agent-node \
@@ -51,20 +60,28 @@ jobs:
--volume=/lib/modules:/lib/modules:ro \ --volume=/lib/modules:/lib/modules:ro \
--cgroupns=host \ --cgroupns=host \
--network=k3s-ansible \ --network=k3s-ansible \
geerlingguy/docker-${{ matrix.container_os }}-ansible:latest ${{ env.container_os }}:latest
- name: Setup openrc Image
if: matrix.service_mgr == 'openrc'
run: docker exec agent-node apk add curl python3
- name: Run Playbook - name: Run Playbook
env: env:
ANSIBLE_FORCE_COLOR: '1' ANSIBLE_FORCE_COLOR: '1'
run: ansible-playbook playbooks/site.yml -i tests/basic.yml run: ansible-playbook playbooks/site.yml -i tests/basic.yml
- name: Verify K3s is running on Server - name: Verify K3s is running on Server
run: docker exec server-node k3s kubectl get nodes | grep Ready run: docker exec server-node k3s kubectl get nodes | grep Ready
- name: Verify K3s is running on Agent - name: Verify K3s is running on Agent (systemd)
if: matrix.service_mgr == 'systemd'
run: docker exec agent-node systemctl status k3s-agent | grep running run: docker exec agent-node systemctl status k3s-agent | grep running
- name: Verify K3s is running on Agent (openrc)
if: matrix.service_mgr == 'openrc'
run: docker exec agent-node rc-service k3s-agent status | grep started
- name: Modify the k3s_version in inventory for upgrade - name: Modify the k3s_version in inventory for upgrade
run: | run: |
sed -i 's/k3s_version: v1.33.4+k3s1/k3s_version: v1.34.1+k3s1/' tests/basic.yml sed -i 's/k3s_version: v1.33.4+k3s1/k3s_version: v1.34.1+k3s1/' tests/basic.yml

52
roles/k3s_agent/tasks/main.yml
View File

@@ -26,19 +26,19 @@
group: root group: root
mode: "0755" mode: "0755"
- name: Download K3s binary - name: Download K3s and install binary
# For some reason, ansible-lint thinks using enviroment with command is an error # noqa var-naming[no-role-prefix]
# even though its valid https://ansible.readthedocs.io/projects/lint/rules/inline-env-var/#correct-code ansible.builtin.command:
ansible.builtin.command: # noqa inline-env-var
cmd: /usr/local/bin/k3s-install.sh cmd: /usr/local/bin/k3s-install.sh
# Ensures that extra_install_envs are combined with required env vars environment: "{{ _install_envs }}"
environment: >- vars:
{{ extra_install_envs | combine({ _base_envs:
"INSTALL_K3S_SKIP_START": "true", INSTALL_K3S_SKIP_START: "true"
"INSTALL_K3S_SYSTEMD_DIR": systemd_dir, INSTALL_K3S_SYSTEMD_DIR: "{{ systemd_dir }}"
"INSTALL_K3S_VERSION": k3s_version, INSTALL_K3S_VERSION: "{{ k3s_version }}"
"INSTALL_K3S_EXEC": "agent" INSTALL_K3S_EXEC: "agent --server https://{{ api_endpoint }}:{{ api_port }} {{ extra_agent_args }}"
}) }} # We overrides the extra_install_envs with required keys from _base_envs on purpose
_install_envs: "{{ extra_install_envs | default({}) | combine(_base_envs) }}"
changed_when: true changed_when: true
- name: Setup optional config file - name: Setup optional config file
@@ -62,41 +62,33 @@
ansible.builtin.set_fact: ansible.builtin.set_fact:
token: "{{ hostvars[groups[server_group][0]].token }}" token: "{{ hostvars[groups[server_group][0]].token }}"
- name: Set k3s agent environment file based on init system
ansible.builtin.set_fact:
k3s_agent_env_file: "{{ (ansible_facts['service_mgr'] == 'systemd') | ternary(systemd_dir ~ '/k3s-agent.service.env', '/etc/rancher/k3s/k3s-agent.env') }}"
- name: Add service environment variables - name: Add service environment variables
when: extra_service_envs is defined when: extra_service_envs is defined
ansible.builtin.lineinfile: ansible.builtin.lineinfile:
path: "{{ systemd_dir }}/k3s-agent.service.env" path: "{{ k3s_agent_env_file }}"
line: "{{ item }}" line: "{{ item }}"
loop: "{{ extra_service_envs }}" loop: "{{ extra_service_envs }}"
- name: Delete any existing token from the environment if different from the new one - name: Delete any existing token from the environment if different from the new one
ansible.builtin.lineinfile: ansible.builtin.lineinfile:
state: absent state: absent
path: "{{ systemd_dir }}/k3s-agent.service.env" path: "{{ k3s_agent_env_file }}"
regexp: "^K3S_TOKEN=\\s*(?!{{ token | regex_escape }}\\s*$)" regexp: "^K3S_TOKEN=\\s*(?!{{ token | regex_escape }}\\s*$)"
- name: Add the token for joining the cluster to the environment - name: Add the token for joining the cluster to the environment
no_log: true # avoid logging the server token no_log: true # avoid logging the server token
ansible.builtin.lineinfile: ansible.builtin.lineinfile:
path: "{{ systemd_dir }}/k3s-agent.service.env" path: "{{ k3s_agent_env_file }}"
line: "{{ item }}" line: "{{ item }}"
loop: loop:
- "K3S_TOKEN={{ token }}" - "K3S_TOKEN={{ token }}"
- name: Modify ExecStart in k3s-agent.service to include API endpoint and extra args - name: Enable and start K3s agent
register: k3s_agent_service ansible.builtin.service:
ansible.builtin.replace:
path: "{{ systemd_dir }}/k3s-agent.service"
regexp: '^ExecStart=\/usr\/local\/bin\/k3s \\\n\s*agent.*(?:\n(?:[\t\s].*|$))*'
replace: |
ExecStart=/usr/local/bin/k3s \
agent \
--server https://{{ api_endpoint }}:{{ api_port }} \
{{ extra_agent_args }}
- name: Enable and check K3s agent service
ansible.builtin.systemd:
name: k3s-agent name: k3s-agent
daemon_reload: "{{ true if k3s_agent_service.changed else false }}" state: "{{ 'restarted' if _agent_config_result.changed else 'started' }}"
state: "{{ 'restarted' if (k3s_agent_service.changed or _agent_config_result.changed) else 'started' }}"
enabled: true enabled: true

53
roles/k3s_upgrade/tasks/main.yml
View File

@@ -31,7 +31,7 @@
# INSTALL_K3S_SKIP_START does work on upgrades, because the service is already installed and started. # INSTALL_K3S_SKIP_START does work on upgrades, because the service is already installed and started.
- name: Stop K3s service - name: Stop K3s service
when: k3s_upgrade_current_version is version(k3s_version, '<') when: k3s_upgrade_current_version is version(k3s_version, '<')
ansible.builtin.systemd: ansible.builtin.service:
state: stopped state: stopped
name: "{{ (server_group in group_names) | ternary('k3s', 'k3s-agent') }}" name: "{{ (server_group in group_names) | ternary('k3s', 'k3s-agent') }}"
@@ -44,11 +44,13 @@
register: k3s_upgrade_old_token register: k3s_upgrade_old_token
changed_when: false changed_when: false
- name: Install new K3s Version - name: Install new K3s Version [server]
# For some reason, ansible-lint thinks using enviroment with command is an error # For some reason, ansible-lint thinks using enviroment with command is an error
# even though its valid https://ansible.readthedocs.io/projects/lint/rules/inline-env-var/#correct-code # even though its valid https://ansible.readthedocs.io/projects/lint/rules/inline-env-var/#correct-code
# Skip if only reconfiguring (no version change needed) # Skip if only reconfiguring (no version change needed)
when: k3s_upgrade_current_version is version(k3s_version, '<') when:
- k3s_upgrade_current_version is version(k3s_version, '<')
- server_group in group_names
ansible.builtin.command: # noqa inline-env-var ansible.builtin.command: # noqa inline-env-var
cmd: /usr/local/bin/k3s-install.sh cmd: /usr/local/bin/k3s-install.sh
environment: >- environment: >-
@@ -56,11 +58,33 @@
| combine({ | combine({
"INSTALL_K3S_SKIP_START": "true", "INSTALL_K3S_SKIP_START": "true",
"INSTALL_K3S_VERSION": k3s_version, "INSTALL_K3S_VERSION": k3s_version,
"INSTALL_K3S_EXEC": ( "agent" if agent_group in group_names else "server" )
}) })
| combine(airgap_dir is defined and {"INSTALL_K3S_SKIP_DOWNLOAD": "true"} or {}) }} | combine(airgap_dir is defined and {"INSTALL_K3S_SKIP_DOWNLOAD": "true"} or {}) }}
changed_when: true changed_when: true
- name: Install new K3s Version [agent]
# For some reason, ansible-lint thinks using enviroment with command is an error
# even though its valid https://ansible.readthedocs.io/projects/lint/rules/inline-env-var/#correct-code
# Unlike server, we always run the install command, because we are using it to reconfigure the ENV and Args passed to k3s-agent.
# Instead we just skip the download/replace if airgapped or no version change is needed.
when:
- agent_group in group_names
# noqa var-naming[no-role-prefix]
ansible.builtin.command:
cmd: /usr/local/bin/k3s-install.sh
environment: "{{ _install_envs }}"
vars:
_base_envs:
INSTALL_K3S_SKIP_DOWNLOAD: "{{ (airgap_dir is defined or k3s_upgrade_current_version == k3s_version) | ternary('true', 'false') }}"
INSTALL_K3S_SKIP_START: "true"
INSTALL_K3S_SYSTEMD_DIR: "{{ systemd_dir }}"
INSTALL_K3S_VERSION: "{{ k3s_version }}"
INSTALL_K3S_EXEC: "agent --server https://{{ api_endpoint }}:{{ api_port }} {{ extra_agent_args }}"
K3S_TOKEN: "{{ token if token is defined else k3s_upgrade_old_token.stdout }}"
# We overrides the extra_install_envs with required keys from _base_envs on purpose
_install_envs: "{{ extra_install_envs | default({}) | combine(_base_envs) }}"
changed_when: true
- name: Regenerate K3s service file [server] - name: Regenerate K3s service file [server]
when: server_group in group_names when: server_group in group_names
block: block:
@@ -125,23 +149,11 @@
cluster_init: false cluster_init: false
join: true join: true
- name: Regenerate K3s service file [agent] - name: Add token to the environment [server]
when: when: server_group in group_names
- agent_group in group_names
- api_endpoint is defined
ansible.builtin.replace:
path: "{{ systemd_dir }}/k3s-agent.service"
regexp: '^ExecStart=\/usr\/local\/bin\/k3s \\\n\s*agent.*(?:\n(?:[\t\s].*|$))*'
replace: |
ExecStart=/usr/local/bin/k3s \
agent \
--server https://{{ api_endpoint }}:{{ api_port }} \
{{ extra_agent_args | default('') }}
- name: Add token to the environment
no_log: true # avoid logging the server token no_log: true # avoid logging the server token
ansible.builtin.lineinfile: ansible.builtin.lineinfile:
path: "{{ systemd_dir }}/{{ (agent_group in group_names) | ternary('k3s-agent.service.env', 'k3s.service.env') }}" path: "{{ systemd_dir }}/k3s.service.env"
regexp: '^K3S_TOKEN=' regexp: '^K3S_TOKEN='
line: "K3S_TOKEN={{ token is defined | ternary(token, k3s_upgrade_old_token.stdout) }}" line: "K3S_TOKEN={{ token is defined | ternary(token, k3s_upgrade_old_token.stdout) }}"
@@ -154,7 +166,6 @@
- name: Restart K3s service [agent] - name: Restart K3s service [agent]
when: agent_group in group_names when: agent_group in group_names
ansible.builtin.systemd: ansible.builtin.service:
state: restarted state: restarted
daemon_reload: true
name: k3s-agent name: k3s-agent