From 99f313dfc8ee1628a890fca5bab5572194170c28 Mon Sep 17 00:00:00 2001 From: Marko Vukovic <8951449+anon-software@users.noreply.github.com> Date: Tue, 24 Sep 2024 21:57:43 -0700 Subject: [PATCH] Generate token If a token is not explicitly provided, let the first server generate a random one. Such a token is saved on the first server and the playbook can retrieve it from there and store it a a fact. All other servers and agents can use that token later to join the cluster. It will be saved into their environment file as usual. Signed-off-by: Marko Vukovic <8951449+anon-software@users.noreply.github.com> --- roles/k3s_agent/defaults/main.yml | 1 + roles/k3s_agent/tasks/main.yml | 4 ++++ roles/k3s_server/tasks/main.yml | 26 ++++++++++++++++++++++++-- 3 files changed, 29 insertions(+), 2 deletions(-) diff --git a/roles/k3s_agent/defaults/main.yml b/roles/k3s_agent/defaults/main.yml index cf5acb9f4..c190cc64d 100644 --- a/roles/k3s_agent/defaults/main.yml +++ b/roles/k3s_agent/defaults/main.yml @@ -1,4 +1,5 @@ --- +server_group: server # noqa var-naming[no-role-prefix] k3s_server_location: "/var/lib/rancher/k3s" # noqa var-naming[no-role-prefix] systemd_dir: "/etc/systemd/system" # noqa var-naming[no-role-prefix] api_port: 6443 # noqa var-naming[no-role-prefix] diff --git a/roles/k3s_agent/tasks/main.yml b/roles/k3s_agent/tasks/main.yml index 39df326ac..693cf8091 100644 --- a/roles/k3s_agent/tasks/main.yml +++ b/roles/k3s_agent/tasks/main.yml @@ -35,6 +35,10 @@ INSTALL_K3S_EXEC: "agent" changed_when: true +- name: Get the token from the first server + set_fact: + token: "{{ hostvars[groups[server_group][0]].token }}" + - name: Delete any existing token from the environment if different from the new one ansible.builtin.lineinfile: state: absent diff --git a/roles/k3s_server/tasks/main.yml b/roles/k3s_server/tasks/main.yml index 12131f2af..6f8f2f43a 100644 --- a/roles/k3s_server/tasks/main.yml +++ b/roles/k3s_server/tasks/main.yml @@ -90,14 +90,16 @@ ansible.builtin.lineinfile: state: absent path: "{{ systemd_dir }}/k3s.service.env" - regexp: "^K3S_TOKEN=\\s*(?!{{ token }}\\s*$)" + regexp: "^K3S_TOKEN=\\s*(?!{{ token | default('') }}\\s*$)" - # Add the token to the environment. + # Add the token to the environment if it has been provided. + # Otherwise, let the first server create one on the first run. - name: Add token as an environment variable no_log: true # avoid logging the server token ansible.builtin.lineinfile: path: "{{ systemd_dir }}/k3s.service.env" line: "K3S_TOKEN={{ token }}" + when: token is defined - name: Restart K3s service when: @@ -182,11 +184,31 @@ changed_when: - mv_result.rc == 0 + - name: Get the token if randomly generated + when: token is not defined + block: + - name: Wait for token + wait_for: + path: /var/lib/rancher/k3s/server/token + + - name: Read node-token from master + slurp: + src: /var/lib/rancher/k3s/server/token + register: node_token + + - name: Store Master node-token + set_fact: + token: "{{ node_token.content | b64decode | regex_replace('\n', '') }}" + - name: Start other server if any and verify status when: - (groups[server_group] | length) > 1 - inventory_hostname != groups[server_group][0] block: + - name: Get the token from the first server + set_fact: + token: "{{ hostvars[groups[server_group][0]].token }}" + - name: Delete any existing token from the environment if different from the new one ansible.builtin.lineinfile: state: absent