--- - name: Get k3s installed version ansible.builtin.command: k3s --version register: k3s_version_output changed_when: false ignore_errors: true - name: Set k3s installed version when: not ansible_check_mode and k3s_version_output.rc == 0 ansible.builtin.set_fact: installed_k3s_version: "{{ k3s_version_output.stdout_lines[0].split(' ')[2] }}" # If airgapped, all K3s artifacts are already on the node. # We should be downloading and installing the newer version only if we are in one of the following cases : # - we couldn't get k3s installed version in the first task of this role # - the installed version of K3s on the nodes is older than the requested version in ansible vars - name: Download artifact only if needed when: not ansible_check_mode and airgap_dir is undefined and ( k3s_version_output.rc != 0 or installed_k3s_version is version(k3s_version, '<') ) block: - name: Download K3s install script ansible.builtin.get_url: url: https://get.k3s.io/ timeout: 120 dest: /usr/local/bin/k3s-install.sh owner: root group: root mode: "0755" - name: Download K3s binary # For some reason, ansible-lint thinks using enviroment with command is an error # even though its valid https://ansible.readthedocs.io/projects/lint/rules/inline-env-var/#correct-code ansible.builtin.command: # noqa inline-env-var cmd: /usr/local/bin/k3s-install.sh # Ensures that extra_install_envs are combined with required env vars environment: >- {{ extra_install_envs | combine({ "INSTALL_K3S_SKIP_START": "true", "INSTALL_K3S_SYSTEMD_DIR": systemd_dir, "INSTALL_K3S_VERSION": k3s_version, "INSTALL_K3S_EXEC": "agent" }) }} changed_when: true - name: Compute final agent arguments ansible.builtin.set_fact: _api_endpoint_in_agent_config: >- {% if agent_config_yaml is defined and api_endpoint is defined and agent_config_yaml | regex_search('tls-san:.*' + api_endpoint | regex_escape(), ignorecase=True) %} true {% else %} false {% endif %} _api_endpoint_in_agent_args: >- {% if api_endpoint is defined and extra_agent_args | regex_search('--tls-san[=\s]+' + api_endpoint | regex_escape(), ignorecase=True) %} true {% else %} false {% endif %} - name: Add TLS SAN to agent arguments if needed ansible.builtin.set_fact: opt_tls_san: >- {% if api_endpoint is defined and api_endpoint != ansible_hostname and _api_endpoint_in_agent_config | bool == false and _api_endpoint_in_agent_args | bool == false %} --tls-san={{ api_endpoint }} {% endif %} - name: Setup optional config file when: agent_config_yaml is defined block: - name: Make config directory ansible.builtin.file: path: "/etc/rancher/k3s" mode: "0755" state: directory - name: Copy config values ansible.builtin.copy: content: "{{ agent_config_yaml }}" dest: "/etc/rancher/k3s/config.yaml" mode: "0644" register: _agent_config_result - name: Get the token from the first server ansible.builtin.set_fact: token: "{{ hostvars[groups[server_group][0]].token }}" - name: Add service environment variables when: extra_service_envs is defined ansible.builtin.lineinfile: path: "{{ systemd_dir }}/k3s-agent.service.env" line: "{{ item }}" with_items: "{{ extra_service_envs }}" - name: Delete any existing token from the environment if different from the new one ansible.builtin.lineinfile: state: absent path: "{{ systemd_dir }}/k3s-agent.service.env" regexp: "^K3S_TOKEN=\\s*(?!{{ token }}\\s*$)" - name: Add the token for joining the cluster to the environment no_log: true # avoid logging the server token ansible.builtin.lineinfile: path: "{{ systemd_dir }}/k3s-agent.service.env" line: "{{ item }}" with_items: - "K3S_TOKEN={{ token }}" - name: Copy K3s service file register: k3s_agent_service ansible.builtin.template: src: "k3s-agent.service.j2" dest: "{{ systemd_dir }}/k3s-agent.service" owner: root group: root mode: "u=rw,g=r,o=r" - name: Enable and check K3s service ansible.builtin.systemd: name: k3s-agent daemon_reload: "{{ true if k3s_agent_service.changed else false }}" state: "{{ 'restarted' if (k3s_agent_service.changed or _agent_config_result.changed) else 'started' }}" enabled: true