From af32ca77cfa5129ea9aaec1030798b737cfc99a5 Mon Sep 17 00:00:00 2001 From: Jayson Grace Date: Wed, 27 Dec 2023 09:00:56 -0700 Subject: [PATCH 1/2] Enhance k3s_agent role to support conditional snapshotter for PXE-booted systems. **Added:** - PXE Boot Check - Introduced tasks to check if the system is PXE-booted by analyzing `/proc/cmdline` in `roles/k3s_agent/tasks/main.yml`. - Conditional Snapshotter in Template - Added logic in `k3s.service.j2` template to conditionally set `--snapshotter native` for PXE-booted systems. **Changed:** - `k3s.service.j2` Template Update - Modified the `ExecStart` line to include a conditional check for `is_pxe_booted` fact, dynamically setting the `--snapshotter` option for NFS-mounted systems. - `main.yml` Task Modification - Added tasks to set `is_pxe_booted` fact based on the presence of `root=/dev/nfs` in the system's boot command line. This update allows k3s agents on PXE-booted systems to use the native snapshotter when running on NFS, addressing compatibility issues with OverlayFS. --- roles/k3s_agent/tasks/main.yml | 9 +++++++++ roles/k3s_agent/templates/k3s.service.j2 | 9 ++++++--- 2 files changed, 15 insertions(+), 3 deletions(-) diff --git a/roles/k3s_agent/tasks/main.yml b/roles/k3s_agent/tasks/main.yml index 395c1ac..ab2559a 100644 --- a/roles/k3s_agent/tasks/main.yml +++ b/roles/k3s_agent/tasks/main.yml @@ -1,4 +1,13 @@ --- +- name: Check if system is PXE-booted + command: cat /proc/cmdline + register: boot_cmdline + changed_when: false + +- name: Set fact for PXE-booted system + set_fact: + is_pxe_booted: "{{ 'root=/dev/nfs' in boot_cmdline.stdout }}" + when: boot_cmdline is defined - name: Deploy K3s http_proxy conf include_tasks: http_proxy.yml diff --git a/roles/k3s_agent/templates/k3s.service.j2 b/roles/k3s_agent/templates/k3s.service.j2 index 3be92e3..dac88de 100644 --- a/roles/k3s_agent/templates/k3s.service.j2 +++ b/roles/k3s_agent/templates/k3s.service.j2 @@ -7,11 +7,14 @@ After=network-online.target Type=notify ExecStartPre=-/sbin/modprobe br_netfilter ExecStartPre=-/sbin/modprobe overlay -ExecStart=/usr/local/bin/k3s agent --server https://{{ apiserver_endpoint | ansible.utils.ipwrap }}:6443 --token {{ hostvars[groups[group_name_master | default('master')][0]]['token'] | default(k3s_token) }} {{ extra_agent_args | default("") }} +# Conditional snapshotter based on PXE boot status +ExecStart=/usr/local/bin/k3s agent \ + --server https://{{ apiserver_endpoint | ansible.utils.ipwrap }}:6443 \ + {% if is_pxe_booted | default(false) %}--snapshotter native \ + {% endif %}--token {{ hostvars[groups[group_name_master | default('master')][0]]['token'] | default(k3s_token) }} \ + {{ extra_agent_args | default("") }} KillMode=process Delegate=yes -# Having non-zero Limit*s causes performance problems due to accounting overhead -# in the kernel. We recommend using cgroups to do container-local accounting. LimitNOFILE=1048576 LimitNPROC=infinity LimitCORE=infinity From 2a7599f6a54c3682a7090ba31e8d1e40229876ad Mon Sep 17 00:00:00 2001 From: Jayson Grace Date: Wed, 27 Dec 2023 21:48:30 -0700 Subject: [PATCH 2/2] Enhance k3s_agent role with idiomatic Ansible practices for better maintainability. **Added:** - Structured HTTP Proxy Configuration Block - Added a structured block in `http_proxy.yml` for managing HTTP proxy settings, aligning with Ansible's recommended practices. This includes creating directories and deploying configuration files in a clear, modular fashion. - Conditional Execution for Proxy Setup - Implemented conditional execution for the proxy setup in `http_proxy.yml`, utilizing `proxy_env` to adhere to Ansible's best practices for conditional tasks. - Improved PXE-Boot System Check Block - Introduced a more structured approach in `main.yml` for checking PXE-booted systems, enhancing readability and maintainability. **Changed:** - Adopted Ansible Builtin Modules - Transitioned existing tasks to use `ansible.builtin` modules, ensuring compatibility and future-proofing the role. - Refined Task Grouping - Reorganized tasks into logical blocks, improving the overall structure and readability, and showcasing Ansible's capabilities for efficient task management. - Updated K3s Service Configuration - Modified the K3s service configuration task in `main.yml` for a more streamlined approach using Ansible's template module, reflecting community-driven best practices. **Removed:** - Streamlined Task Definitions - Optimized task definitions to reduce redundancy, focusing on clarity and adherence to the evolving Ansible community standards. --- roles/k3s_agent/tasks/http_proxy.yml | 33 +++++++++++------------ roles/k3s_agent/tasks/main.yml | 39 +++++++++++++++------------- 2 files changed, 38 insertions(+), 34 deletions(-) diff --git a/roles/k3s_agent/tasks/http_proxy.yml b/roles/k3s_agent/tasks/http_proxy.yml index f0a68f6..0b5a58c 100644 --- a/roles/k3s_agent/tasks/http_proxy.yml +++ b/roles/k3s_agent/tasks/http_proxy.yml @@ -1,18 +1,19 @@ --- +- name: Manage K3s HTTP Proxy Configuration + when: proxy_env is defined + block: + - name: Create k3s.service.d directory + ansible.builtin.file: + path: '{{ systemd_dir }}/k3s.service.d' + owner: root + group: root + state: directory + mode: '0755' -- name: Create k3s.service.d directory - file: - path: '{{ systemd_dir }}/k3s.service.d' - state: directory - owner: root - group: root - mode: '0755' - - -- name: Copy K3s http_proxy conf file - template: - src: "http_proxy.conf.j2" - dest: "{{ systemd_dir }}/k3s.service.d/http_proxy.conf" - owner: root - group: root - mode: '0755' + - name: Deploy the K3s http_proxy configuration file + ansible.builtin.template: + src: "http_proxy.conf.j2" + dest: "{{ systemd_dir }}/k3s.service.d/http_proxy.conf" + owner: root + group: root + mode: '0755' diff --git a/roles/k3s_agent/tasks/main.yml b/roles/k3s_agent/tasks/main.yml index ab2559a..3c81625 100644 --- a/roles/k3s_agent/tasks/main.yml +++ b/roles/k3s_agent/tasks/main.yml @@ -1,29 +1,32 @@ --- -- name: Check if system is PXE-booted - command: cat /proc/cmdline - register: boot_cmdline - changed_when: false +- name: Check for PXE-booted system + block: + - name: Check if system is PXE-booted + ansible.builtin.command: + cmd: cat /proc/cmdline + register: boot_cmdline + changed_when: false + check_mode: false -- name: Set fact for PXE-booted system - set_fact: - is_pxe_booted: "{{ 'root=/dev/nfs' in boot_cmdline.stdout }}" - when: boot_cmdline is defined + - name: Set fact for PXE-booted system + ansible.builtin.set_fact: + is_pxe_booted: "{{ 'root=/dev/nfs' in boot_cmdline.stdout }}" + when: boot_cmdline.stdout is defined -- name: Deploy K3s http_proxy conf - include_tasks: http_proxy.yml - when: proxy_env is defined + - name: Include http_proxy configuration tasks + ansible.builtin.include_tasks: http_proxy.yml -- name: Copy K3s service file - template: +- name: Configure the k3s service + ansible.builtin.template: src: "k3s.service.j2" dest: "{{ systemd_dir }}/k3s-node.service" owner: root group: root - mode: 0755 + mode: '0755' -- name: Enable and check K3s service - systemd: +- name: Manage k3s service + ansible.builtin.systemd: name: k3s-node - daemon_reload: yes + daemon_reload: true state: restarted - enabled: yes + enabled: true