Support HA mode with embedded DB

This enables initializing a cluster in HA mode with an embedded DB. https://rancher.com/docs/k3s/latest/en/installation/ha-embedded/ When multiple masters are specified in the master group, k3s-ansible will add the necessary flags during the initialization phase. (i.e. --cluster-init and --server) For the embedded HA mode to work the k3s version must be >= v1.19.1 Signed-off-by: Julien DOCHE <[email protected]>
k3s-io · Dec 12, 2020 · 50ee597 · 50ee597
1 parent 721c348
commit 50ee597
Show file tree

Hide file tree

Showing 6 changed files with 56 additions and 1 deletion.
diff --git a/README.md b/README.md
@@ -26,6 +26,7 @@ Master and nodes must have passwordless SSH access
 First create a new directory based on the `sample` directory within the `inventory` directory:
 
 ```bash
+pip install -r requirements.txt
 cp -R inventory/sample inventory/my-cluster
 ```
 
@@ -43,6 +44,10 @@ master
 node
 ```
 
+If multiple hosts are in the master group, the playbook will automatically setup k3s in HA mode with etcd.
+https://rancher.com/docs/k3s/latest/en/installation/ha-embedded/
+This requires at least k3s version 1.19.1
+
 If needed, you can also edit `inventory/my-cluster/group_vars/all.yml` to match your environment.
 
 Start provisioning of the cluster using the following command:

diff --git a/requirements.txt b/requirements.txt
@@ -0,0 +1 @@
+jmespath
diff --git a/roles/k3s/master/defaults/main.yml b/roles/k3s/master/defaults/main.yml
@@ -0,0 +1,11 @@
+---
+ansible_user: root
+server_init_args: >-
+  {% if groups['master'] | length > 1 %}
+    {% if ansible_host == groups['master'][0] %}
+      --cluster-init
+    {% else %}
+      --server https://{{ groups['master'][0] }}:6443
+    {% endif %}
+  {% endif %}
+  {{ extra_server_args | default('') }}
diff --git a/roles/k3s/master/tasks/main.yml b/roles/k3s/master/tasks/main.yml
@@ -1,4 +1,40 @@
 ---
+- name: Clean previous runs of k3s-init
+  systemd:
+    name: k3s-init
+    state: stopped
+  failed_when: false
+
+- name: Clean previous runs of k3s-init
+  command: systemctl reset-failed k3s-init
+  failed_when: false
+  changed_when: false
+  args:
+    warn: false  # The ansible systemd module does not support reset-failed
+
+- name: Init cluster inside the transient k3s-init service
+  command:
+    cmd: "systemd-run -p RestartSec=2 -p Restart=on-failure -E K3S_TOKEN={{ lookup('password') }} -u k3s-init k3s server {{ server_init_args }}"
+    creates: /var/lib/rancher/k3s/server
+  args:
+    warn: false  # The ansible systemd module does not support transient units
+
+- name: Verification
+  block:
+    - name: Verify that all nodes actually joined
+      command: k3s kubectl get --raw /api/v1/nodes/
+      register: nodes
+      until: nodes.rc == 0 and
+        ((nodes.stdout | from_json)['items'] | json_query('[*].metadata.labels."node-role.kubernetes.io/master"') | count) == (groups['master'] | length)
+      retries: 20
+      delay: 10
+      changed_when: false
+  always:
+    - name: Kill the temporary service used for initialization
+      systemd:
+        name: k3s-init
+        state: stopped
+      failed_when: false
 
 - name: Copy K3s service file
   register: k3s_service

diff --git a/roles/reset/tasks/main.yml b/roles/reset/tasks/main.yml
@@ -8,6 +8,7 @@
   with_items:
     - k3s
     - k3s-node
+    - k3s-init
 
 - name: pkill -9 -f "k3s/data/[^/]+/bin/containerd-shim-runc"
   register: pkill_containerd_shim_runc
@@ -30,12 +31,12 @@
     name: "{{ item }}"
     state: absent
   with_items:
+    - /usr/local/bin/k3s
     - "{{ systemd_dir }}/k3s.service"
     - "{{ systemd_dir }}/k3s-node.service"
     - /etc/rancher/k3s
     - /var/lib/rancher/k3s
     - /var/lib/kubelet
-    - /usr/local/bin/k3s
 
 - name: daemon_reload
   systemd:

diff --git a/roles/reset/tasks/umount_with_children.yml b/roles/reset/tasks/umount_with_children.yml
@@ -6,6 +6,7 @@
     executable: /bin/bash
   failed_when: false
   changed_when: get_mounted_filesystems.stdout | length > 0
+  check_mode: false
 
 - name: Umount filesystem
   mount: