diff --git a/README.md b/README.md index 8e3c855c..c3a56925 100644 --- a/README.md +++ b/README.md @@ -26,6 +26,7 @@ Master and nodes must have passwordless SSH access First create a new directory based on the `sample` directory within the `inventory` directory: ```bash +pip install -r requirements.txt cp -R inventory/sample inventory/my-cluster ``` @@ -43,6 +44,10 @@ master node ``` +If multiple hosts are in the master group, the playbook will automatically setup k3s in HA mode with etcd. +https://rancher.com/docs/k3s/latest/en/installation/ha-embedded/ +This requires at least k3s version 1.19.1 + If needed, you can also edit `inventory/my-cluster/group_vars/all.yml` to match your environment. Start provisioning of the cluster using the following command: diff --git a/requirements.txt b/requirements.txt new file mode 100644 index 00000000..45c1e038 --- /dev/null +++ b/requirements.txt @@ -0,0 +1 @@ +jmespath diff --git a/roles/k3s/master/defaults/main.yml b/roles/k3s/master/defaults/main.yml new file mode 100644 index 00000000..df81d38c --- /dev/null +++ b/roles/k3s/master/defaults/main.yml @@ -0,0 +1,11 @@ +--- +ansible_user: root +server_init_args: >- + {% if groups['master'] | length > 1 %} + {% if ansible_host == groups['master'][0] %} + --cluster-init + {% else %} + --server https://{{ groups['master'][0] }}:6443 + {% endif %} + {% endif %} + {{ extra_server_args | default('') }} diff --git a/roles/k3s/master/tasks/main.yml b/roles/k3s/master/tasks/main.yml index 006aa9b8..24781f92 100644 --- a/roles/k3s/master/tasks/main.yml +++ b/roles/k3s/master/tasks/main.yml @@ -1,4 +1,40 @@ --- +- name: Clean previous runs of k3s-init + systemd: + name: k3s-init + state: stopped + failed_when: false + +- name: Clean previous runs of k3s-init + command: systemctl reset-failed k3s-init + failed_when: false + changed_when: false + args: + warn: false # The ansible systemd module does not support reset-failed + +- name: Init cluster inside the transient k3s-init service + command: + cmd: "systemd-run -p RestartSec=2 -p Restart=on-failure -E K3S_TOKEN={{ lookup('password') }} -u k3s-init k3s server {{ server_init_args }}" + creates: /var/lib/rancher/k3s/server + args: + warn: false # The ansible systemd module does not support transient units + +- name: Verification + block: + - name: Verify that all nodes actually joined + command: k3s kubectl get --raw /api/v1/nodes/ + register: nodes + until: nodes.rc == 0 and + ((nodes.stdout | from_json)['items'] | json_query('[*].metadata.labels."node-role.kubernetes.io/master"') | count) == (groups['master'] | length) + retries: 20 + delay: 10 + changed_when: false + always: + - name: Kill the temporary service used for initialization + systemd: + name: k3s-init + state: stopped + failed_when: false - name: Copy K3s service file register: k3s_service diff --git a/roles/reset/tasks/main.yml b/roles/reset/tasks/main.yml index a8447724..732b4bc5 100644 --- a/roles/reset/tasks/main.yml +++ b/roles/reset/tasks/main.yml @@ -8,6 +8,7 @@ with_items: - k3s - k3s-node + - k3s-init - name: pkill -9 -f "k3s/data/[^/]+/bin/containerd-shim-runc" register: pkill_containerd_shim_runc @@ -30,12 +31,12 @@ name: "{{ item }}" state: absent with_items: + - /usr/local/bin/k3s - "{{ systemd_dir }}/k3s.service" - "{{ systemd_dir }}/k3s-node.service" - /etc/rancher/k3s - /var/lib/rancher/k3s - /var/lib/kubelet - - /usr/local/bin/k3s - name: daemon_reload systemd: diff --git a/roles/reset/tasks/umount_with_children.yml b/roles/reset/tasks/umount_with_children.yml index 8bba5963..74d6fd14 100644 --- a/roles/reset/tasks/umount_with_children.yml +++ b/roles/reset/tasks/umount_with_children.yml @@ -6,6 +6,7 @@ executable: /bin/bash failed_when: false changed_when: get_mounted_filesystems.stdout | length > 0 + check_mode: false - name: Umount filesystem mount: