From 29e6acb7e764cc20729aa19b27366b3f28e53ff1 Mon Sep 17 00:00:00 2001 From: Tomasz Kuzemko Date: Sat, 17 Oct 2020 23:55:12 +0200 Subject: [PATCH 1/8] Set service file mode -x Systemd service files should not be executable --- roles/k3s/master/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/k3s/master/tasks/main.yml b/roles/k3s/master/tasks/main.yml index 006aa9b8..614986a7 100644 --- a/roles/k3s/master/tasks/main.yml +++ b/roles/k3s/master/tasks/main.yml @@ -7,7 +7,7 @@ dest: "{{ systemd_dir }}/k3s.service" owner: root group: root - mode: 0755 + mode: 0644 - name: Enable and check K3s service systemd: From d22ad01d507498e8fd78cd19ddd42ad92b0b750c Mon Sep 17 00:00:00 2001 From: Jiayi Hu Date: Tue, 15 Dec 2020 00:24:20 +0100 Subject: [PATCH 2/8] Add Alpine Linux configuration Signed-off-by: Jiayi Hu --- roles/k3s/master/tasks/main.yml | 22 +++++------------ roles/k3s/master/tasks/prereq/Alpine.yml | 30 +++++++++++++++++++++++ roles/k3s/master/tasks/prereq/default.yml | 16 ++++++++++++ roles/k3s/node/tasks/main.yml | 19 ++++---------- roles/k3s/node/tasks/prereq/Alpine.yml | 30 +++++++++++++++++++++++ roles/k3s/node/tasks/prereq/default.yml | 15 ++++++++++++ roles/raspberrypi/handlers/main.yml | 4 +++ roles/raspberrypi/tasks/prereq/Alpine.yml | 29 ++++++++++++++++++++++ 8 files changed, 135 insertions(+), 30 deletions(-) create mode 100644 roles/k3s/master/tasks/prereq/Alpine.yml create mode 100644 roles/k3s/master/tasks/prereq/default.yml create mode 100644 roles/k3s/node/tasks/prereq/Alpine.yml create mode 100644 roles/k3s/node/tasks/prereq/default.yml create mode 100644 roles/raspberrypi/tasks/prereq/Alpine.yml diff --git a/roles/k3s/master/tasks/main.yml b/roles/k3s/master/tasks/main.yml index 006aa9b8..cf3889b7 100644 --- a/roles/k3s/master/tasks/main.yml +++ b/roles/k3s/master/tasks/main.yml @@ -1,20 +1,10 @@ --- -- name: Copy K3s service file - register: k3s_service - template: - src: "k3s.service.j2" - dest: "{{ systemd_dir }}/k3s.service" - owner: root - group: root - mode: 0755 - -- name: Enable and check K3s service - systemd: - name: k3s - daemon_reload: yes - state: restarted - enabled: yes +- name: Create and enable K3s service + include_tasks: "{{ item }}" + with_first_found: + - "prereq/{{ ansible_distribution }}.yml" + - "prereq/default.yml" - name: Wait for node-token wait_for: @@ -61,7 +51,7 @@ - name: Replace https://localhost:6443 by https://master-ip:6443 command: >- - k3s kubectl config set-cluster default + /usr/local/bin/k3s kubectl config set-cluster default --server=https://{{ master_ip }}:6443 --kubeconfig ~{{ ansible_user }}/.kube/config changed_when: true diff --git a/roles/k3s/master/tasks/prereq/Alpine.yml b/roles/k3s/master/tasks/prereq/Alpine.yml new file mode 100644 index 00000000..76b3d73e --- /dev/null +++ b/roles/k3s/master/tasks/prereq/Alpine.yml @@ -0,0 +1,30 @@ +--- +- name: Copy K3s service file + register: k3s_service + copy: + content: | + #!/sbin/openrc-run + + name="k3s server" + command="/usr/local/bin/k3s" + command_args="server {{ extra_server_args | default("") }}" + command_background=true + pidfile="/run/${RC_SVCNAME}.pid" + output_log="/var/log/k3s.log" + error_log="/var/log/k3s.err" + dest: /etc/init.d/k3s + owner: root + group: root + mode: 0755 + +- name: Create K3s service symlink + file: + src: /etc/init.d/k3s + dest: /etc/runlevels/default/k3s + state: link + +- name: Enable and check K3s service + service: + name: k3s + state: restarted + enabled: yes diff --git a/roles/k3s/master/tasks/prereq/default.yml b/roles/k3s/master/tasks/prereq/default.yml new file mode 100644 index 00000000..eca08685 --- /dev/null +++ b/roles/k3s/master/tasks/prereq/default.yml @@ -0,0 +1,16 @@ +--- +- name: Copy K3s service file + register: k3s_service + template: + src: "k3s.service.j2" + dest: "{{ systemd_dir }}/k3s.service" + owner: root + group: root + mode: 0755 + +- name: Enable and check K3s service + systemd: + name: k3s + daemon_reload: yes + state: restarted + enabled: yes diff --git a/roles/k3s/node/tasks/main.yml b/roles/k3s/node/tasks/main.yml index 0ce8e08d..50abd6cb 100644 --- a/roles/k3s/node/tasks/main.yml +++ b/roles/k3s/node/tasks/main.yml @@ -1,16 +1,7 @@ --- -- name: Copy K3s service file - template: - src: "k3s.service.j2" - dest: "{{ systemd_dir }}/k3s-node.service" - owner: root - group: root - mode: 0755 - -- name: Enable and check K3s service - systemd: - name: k3s-node - daemon_reload: yes - state: restarted - enabled: yes +- name: Create and enable K3s service + include_tasks: "{{ item }}" + with_first_found: + - "prereq/{{ ansible_distribution }}.yml" + - "prereq/default.yml" diff --git a/roles/k3s/node/tasks/prereq/Alpine.yml b/roles/k3s/node/tasks/prereq/Alpine.yml new file mode 100644 index 00000000..5c94907a --- /dev/null +++ b/roles/k3s/node/tasks/prereq/Alpine.yml @@ -0,0 +1,30 @@ +--- +- name: Copy K3s service file + register: k3s_service + copy: + content: | + #!/sbin/openrc-run + + name="k3s agent" + command="/usr/local/bin/k3s" + command_args="agent --server https://{{ master_ip }}:6443 --token {{ hostvars[groups['master'][0]]['token'] }} {{ extra_agent_args | default("") }}" + command_background=true + pidfile="/run/${RC_SVCNAME}.pid" + output_log="/var/log/k3s.log" + error_log="/var/log/k3s.err" + dest: /etc/init.d/k3s + owner: root + group: root + mode: 0755 + +- name: Create K3s service symlink + file: + src: /etc/init.d/k3s + dest: /etc/runlevels/default/k3s + state: link + +- name: Enable and check K3s service + service: + name: k3s + state: restarted + enabled: yes diff --git a/roles/k3s/node/tasks/prereq/default.yml b/roles/k3s/node/tasks/prereq/default.yml new file mode 100644 index 00000000..64050cf0 --- /dev/null +++ b/roles/k3s/node/tasks/prereq/default.yml @@ -0,0 +1,15 @@ +--- +- name: Copy K3s service file + template: + src: "k3s.service.j2" + dest: "{{ systemd_dir }}/k3s-node.service" + owner: root + group: root + mode: 0755 + +- name: Enable and check K3s service + systemd: + name: k3s-node + daemon_reload: yes + state: restarted + enabled: yes diff --git a/roles/raspberrypi/handlers/main.yml b/roles/raspberrypi/handlers/main.yml index d25cf908..ddbdadfa 100644 --- a/roles/raspberrypi/handlers/main.yml +++ b/roles/raspberrypi/handlers/main.yml @@ -1,3 +1,7 @@ --- - name: reboot reboot: + +- name: lbu + debug: + msg: If you are diskless on Alpine you should commit changes with 'lbu -u' now and reboot. diff --git a/roles/raspberrypi/tasks/prereq/Alpine.yml b/roles/raspberrypi/tasks/prereq/Alpine.yml new file mode 100644 index 00000000..ae056a29 --- /dev/null +++ b/roles/raspberrypi/tasks/prereq/Alpine.yml @@ -0,0 +1,29 @@ +--- +- name: Add cgroup mount point + lineinfile: + path: /etc/fstab + line: cgroup /sys/fs/cgroup cgroup defaults 0 0 + +- name: Define cgroup mount points + copy: + content: | + mount { + cpuacct = /cgroup/cpuacct; + memory = /cgroup/memory; + devices = /cgroup/devices; + freezer = /cgroup/freezer; + net_cls = /cgroup/net_cls; + blkio = /cgroup/blkio; + cpuset = /cgroup/cpuset; + cpu = /cgroup/cpu; + } + dest: /etc/cgconfig.conf + mode: 0644 + +- name: Enable cgroup via boot commandline if not already enabled + lineinfile: + path: /media/mmcblk0p1/cmdline.txt + backrefs: yes + regexp: '^((?!.*\bcgroup_enable=cpuset cgroup_memory=1 cgroup_enable=memory\b).*)$' + line: '\1 cgroup_enable=cpuset cgroup_memory=1 cgroup_enable=memory' + notify: lbu From ec953544c40fb6bc29677ae8ad91584cfcea7092 Mon Sep 17 00:00:00 2001 From: Jiayi Hu Date: Mon, 28 Dec 2020 15:58:16 +0100 Subject: [PATCH 3/8] Add Alpine reset configuration --- roles/k3s/node/tasks/prereq/Alpine.yml | 4 ++ roles/reset/tasks/main.yml | 47 +++------------------- roles/reset/tasks/prereq/Alpine.yml | 28 +++++++++++++ roles/reset/tasks/prereq/default.yml | 42 +++++++++++++++++++ roles/reset/tasks/umount_with_children.yml | 2 - 5 files changed, 79 insertions(+), 44 deletions(-) create mode 100644 roles/reset/tasks/prereq/Alpine.yml create mode 100644 roles/reset/tasks/prereq/default.yml diff --git a/roles/k3s/node/tasks/prereq/Alpine.yml b/roles/k3s/node/tasks/prereq/Alpine.yml index 5c94907a..3492fbb4 100644 --- a/roles/k3s/node/tasks/prereq/Alpine.yml +++ b/roles/k3s/node/tasks/prereq/Alpine.yml @@ -28,3 +28,7 @@ name: k3s state: restarted enabled: yes + +- name: lbu + debug: + msg: Remember to commit changes with 'lbu ci -d' to store the k3s passwords diff --git a/roles/reset/tasks/main.yml b/roles/reset/tasks/main.yml index a8447724..14556b04 100644 --- a/roles/reset/tasks/main.yml +++ b/roles/reset/tasks/main.yml @@ -1,42 +1,5 @@ ---- -- name: Disable services - systemd: - name: "{{ item }}" - state: stopped - enabled: no - failed_when: false - with_items: - - k3s - - k3s-node - -- name: pkill -9 -f "k3s/data/[^/]+/bin/containerd-shim-runc" - register: pkill_containerd_shim_runc - command: pkill -9 -f "k3s/data/[^/]+/bin/containerd-shim-runc" - changed_when: "pkill_containerd_shim_runc.rc == 0" - failed_when: false - -- name: Umount k3s filesystems - include_tasks: umount_with_children.yml - with_items: - - /run/k3s - - /var/lib/kubelet - - /run/netns - - /var/lib/rancher/k3s - loop_control: - loop_var: mounted_fs - -- name: Remove service files, binaries and data - file: - name: "{{ item }}" - state: absent - with_items: - - "{{ systemd_dir }}/k3s.service" - - "{{ systemd_dir }}/k3s-node.service" - - /etc/rancher/k3s - - /var/lib/rancher/k3s - - /var/lib/kubelet - - /usr/local/bin/k3s - -- name: daemon_reload - systemd: - daemon_reload: yes +- name: Delete every service and binary + include_tasks: "{{ item }}" + with_first_found: + - "prereq/{{ ansible_distribution }}.yml" + - "prereq/default.yml" diff --git a/roles/reset/tasks/prereq/Alpine.yml b/roles/reset/tasks/prereq/Alpine.yml new file mode 100644 index 00000000..76042ce9 --- /dev/null +++ b/roles/reset/tasks/prereq/Alpine.yml @@ -0,0 +1,28 @@ +--- +- name: Disable services + service: + name: k3s + state: stopped + enabled: no + +- name: Umount k3s filesystems + include_tasks: umount_with_children.yml + with_items: + - /run/k3s + - /var/lib/kubelet + - /run/netns + - /var/lib/rancher/k3s + loop_control: + loop_var: mounted_fs + +- name: Remove service files, binaries and data + file: + name: "{{ item }}" + state: absent + with_items: + - /etc/init.d/k3s + - /etc/runlevels/default/k3s + - /etc/rancher/k3s + - /var/lib/rancher/k3s + - /var/lib/kubelet + - /usr/local/bin/k3s diff --git a/roles/reset/tasks/prereq/default.yml b/roles/reset/tasks/prereq/default.yml new file mode 100644 index 00000000..a8447724 --- /dev/null +++ b/roles/reset/tasks/prereq/default.yml @@ -0,0 +1,42 @@ +--- +- name: Disable services + systemd: + name: "{{ item }}" + state: stopped + enabled: no + failed_when: false + with_items: + - k3s + - k3s-node + +- name: pkill -9 -f "k3s/data/[^/]+/bin/containerd-shim-runc" + register: pkill_containerd_shim_runc + command: pkill -9 -f "k3s/data/[^/]+/bin/containerd-shim-runc" + changed_when: "pkill_containerd_shim_runc.rc == 0" + failed_when: false + +- name: Umount k3s filesystems + include_tasks: umount_with_children.yml + with_items: + - /run/k3s + - /var/lib/kubelet + - /run/netns + - /var/lib/rancher/k3s + loop_control: + loop_var: mounted_fs + +- name: Remove service files, binaries and data + file: + name: "{{ item }}" + state: absent + with_items: + - "{{ systemd_dir }}/k3s.service" + - "{{ systemd_dir }}/k3s-node.service" + - /etc/rancher/k3s + - /var/lib/rancher/k3s + - /var/lib/kubelet + - /usr/local/bin/k3s + +- name: daemon_reload + systemd: + daemon_reload: yes diff --git a/roles/reset/tasks/umount_with_children.yml b/roles/reset/tasks/umount_with_children.yml index 8bba5963..2cc24990 100644 --- a/roles/reset/tasks/umount_with_children.yml +++ b/roles/reset/tasks/umount_with_children.yml @@ -2,8 +2,6 @@ - name: Get the list of mounted filesystems shell: set -o pipefail && cat /proc/mounts | awk '{ print $2}' | grep -E "^{{ mounted_fs }}" register: get_mounted_filesystems - args: - executable: /bin/bash failed_when: false changed_when: get_mounted_filesystems.stdout | length > 0 From fe7bdf8cda479ac1e35c9fe5dd09532deb434a2a Mon Sep 17 00:00:00 2001 From: Staf Wagemakers Date: Sun, 24 Jan 2021 10:16:20 +0100 Subject: [PATCH 4/8] Reorganize the filesystem umount order. * Clean /var/lib/kubelet before /var/lib/rancher/k3s. * Umount the filesystem tree in reverse order, to ensure the root is umounted last. Signed-off-by: Staf Wagemakers --- roles/reset/tasks/main.yml | 2 +- roles/reset/tasks/umount_with_children.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/reset/tasks/main.yml b/roles/reset/tasks/main.yml index a8447724..38560c57 100644 --- a/roles/reset/tasks/main.yml +++ b/roles/reset/tasks/main.yml @@ -33,8 +33,8 @@ - "{{ systemd_dir }}/k3s.service" - "{{ systemd_dir }}/k3s-node.service" - /etc/rancher/k3s - - /var/lib/rancher/k3s - /var/lib/kubelet + - /var/lib/rancher/k3s - /usr/local/bin/k3s - name: daemon_reload diff --git a/roles/reset/tasks/umount_with_children.yml b/roles/reset/tasks/umount_with_children.yml index 8bba5963..6e1f4bf0 100644 --- a/roles/reset/tasks/umount_with_children.yml +++ b/roles/reset/tasks/umount_with_children.yml @@ -12,4 +12,4 @@ path: "{{ item }}" state: unmounted with_items: - "{{ get_mounted_filesystems.stdout_lines }}" + "{{ get_mounted_filesystems.stdout_lines | reverse | list }}" From 937f20d9ca6fa1aba159ed6f253cc57d54d3bfdf Mon Sep 17 00:00:00 2001 From: Vincent RABAH Date: Thu, 28 Jan 2021 17:29:51 +0100 Subject: [PATCH 5/8] Revert "Add Alpine Linux configuration" --- roles/k3s/master/tasks/main.yml | 22 +++++++--- roles/k3s/master/tasks/prereq/Alpine.yml | 30 -------------- roles/k3s/master/tasks/prereq/default.yml | 16 -------- roles/k3s/node/tasks/main.yml | 19 ++++++--- roles/k3s/node/tasks/prereq/Alpine.yml | 34 ---------------- roles/k3s/node/tasks/prereq/default.yml | 15 ------- roles/raspberrypi/handlers/main.yml | 4 -- roles/raspberrypi/tasks/prereq/Alpine.yml | 29 ------------- roles/reset/tasks/main.yml | 47 +++++++++++++++++++--- roles/reset/tasks/prereq/Alpine.yml | 28 ------------- roles/reset/tasks/prereq/default.yml | 42 ------------------- roles/reset/tasks/umount_with_children.yml | 2 + 12 files changed, 74 insertions(+), 214 deletions(-) delete mode 100644 roles/k3s/master/tasks/prereq/Alpine.yml delete mode 100644 roles/k3s/master/tasks/prereq/default.yml delete mode 100644 roles/k3s/node/tasks/prereq/Alpine.yml delete mode 100644 roles/k3s/node/tasks/prereq/default.yml delete mode 100644 roles/raspberrypi/tasks/prereq/Alpine.yml delete mode 100644 roles/reset/tasks/prereq/Alpine.yml delete mode 100644 roles/reset/tasks/prereq/default.yml diff --git a/roles/k3s/master/tasks/main.yml b/roles/k3s/master/tasks/main.yml index cf3889b7..006aa9b8 100644 --- a/roles/k3s/master/tasks/main.yml +++ b/roles/k3s/master/tasks/main.yml @@ -1,10 +1,20 @@ --- -- name: Create and enable K3s service - include_tasks: "{{ item }}" - with_first_found: - - "prereq/{{ ansible_distribution }}.yml" - - "prereq/default.yml" +- name: Copy K3s service file + register: k3s_service + template: + src: "k3s.service.j2" + dest: "{{ systemd_dir }}/k3s.service" + owner: root + group: root + mode: 0755 + +- name: Enable and check K3s service + systemd: + name: k3s + daemon_reload: yes + state: restarted + enabled: yes - name: Wait for node-token wait_for: @@ -51,7 +61,7 @@ - name: Replace https://localhost:6443 by https://master-ip:6443 command: >- - /usr/local/bin/k3s kubectl config set-cluster default + k3s kubectl config set-cluster default --server=https://{{ master_ip }}:6443 --kubeconfig ~{{ ansible_user }}/.kube/config changed_when: true diff --git a/roles/k3s/master/tasks/prereq/Alpine.yml b/roles/k3s/master/tasks/prereq/Alpine.yml deleted file mode 100644 index 76b3d73e..00000000 --- a/roles/k3s/master/tasks/prereq/Alpine.yml +++ /dev/null @@ -1,30 +0,0 @@ ---- -- name: Copy K3s service file - register: k3s_service - copy: - content: | - #!/sbin/openrc-run - - name="k3s server" - command="/usr/local/bin/k3s" - command_args="server {{ extra_server_args | default("") }}" - command_background=true - pidfile="/run/${RC_SVCNAME}.pid" - output_log="/var/log/k3s.log" - error_log="/var/log/k3s.err" - dest: /etc/init.d/k3s - owner: root - group: root - mode: 0755 - -- name: Create K3s service symlink - file: - src: /etc/init.d/k3s - dest: /etc/runlevels/default/k3s - state: link - -- name: Enable and check K3s service - service: - name: k3s - state: restarted - enabled: yes diff --git a/roles/k3s/master/tasks/prereq/default.yml b/roles/k3s/master/tasks/prereq/default.yml deleted file mode 100644 index eca08685..00000000 --- a/roles/k3s/master/tasks/prereq/default.yml +++ /dev/null @@ -1,16 +0,0 @@ ---- -- name: Copy K3s service file - register: k3s_service - template: - src: "k3s.service.j2" - dest: "{{ systemd_dir }}/k3s.service" - owner: root - group: root - mode: 0755 - -- name: Enable and check K3s service - systemd: - name: k3s - daemon_reload: yes - state: restarted - enabled: yes diff --git a/roles/k3s/node/tasks/main.yml b/roles/k3s/node/tasks/main.yml index 50abd6cb..0ce8e08d 100644 --- a/roles/k3s/node/tasks/main.yml +++ b/roles/k3s/node/tasks/main.yml @@ -1,7 +1,16 @@ --- -- name: Create and enable K3s service - include_tasks: "{{ item }}" - with_first_found: - - "prereq/{{ ansible_distribution }}.yml" - - "prereq/default.yml" +- name: Copy K3s service file + template: + src: "k3s.service.j2" + dest: "{{ systemd_dir }}/k3s-node.service" + owner: root + group: root + mode: 0755 + +- name: Enable and check K3s service + systemd: + name: k3s-node + daemon_reload: yes + state: restarted + enabled: yes diff --git a/roles/k3s/node/tasks/prereq/Alpine.yml b/roles/k3s/node/tasks/prereq/Alpine.yml deleted file mode 100644 index 3492fbb4..00000000 --- a/roles/k3s/node/tasks/prereq/Alpine.yml +++ /dev/null @@ -1,34 +0,0 @@ ---- -- name: Copy K3s service file - register: k3s_service - copy: - content: | - #!/sbin/openrc-run - - name="k3s agent" - command="/usr/local/bin/k3s" - command_args="agent --server https://{{ master_ip }}:6443 --token {{ hostvars[groups['master'][0]]['token'] }} {{ extra_agent_args | default("") }}" - command_background=true - pidfile="/run/${RC_SVCNAME}.pid" - output_log="/var/log/k3s.log" - error_log="/var/log/k3s.err" - dest: /etc/init.d/k3s - owner: root - group: root - mode: 0755 - -- name: Create K3s service symlink - file: - src: /etc/init.d/k3s - dest: /etc/runlevels/default/k3s - state: link - -- name: Enable and check K3s service - service: - name: k3s - state: restarted - enabled: yes - -- name: lbu - debug: - msg: Remember to commit changes with 'lbu ci -d' to store the k3s passwords diff --git a/roles/k3s/node/tasks/prereq/default.yml b/roles/k3s/node/tasks/prereq/default.yml deleted file mode 100644 index 64050cf0..00000000 --- a/roles/k3s/node/tasks/prereq/default.yml +++ /dev/null @@ -1,15 +0,0 @@ ---- -- name: Copy K3s service file - template: - src: "k3s.service.j2" - dest: "{{ systemd_dir }}/k3s-node.service" - owner: root - group: root - mode: 0755 - -- name: Enable and check K3s service - systemd: - name: k3s-node - daemon_reload: yes - state: restarted - enabled: yes diff --git a/roles/raspberrypi/handlers/main.yml b/roles/raspberrypi/handlers/main.yml index ddbdadfa..d25cf908 100644 --- a/roles/raspberrypi/handlers/main.yml +++ b/roles/raspberrypi/handlers/main.yml @@ -1,7 +1,3 @@ --- - name: reboot reboot: - -- name: lbu - debug: - msg: If you are diskless on Alpine you should commit changes with 'lbu -u' now and reboot. diff --git a/roles/raspberrypi/tasks/prereq/Alpine.yml b/roles/raspberrypi/tasks/prereq/Alpine.yml deleted file mode 100644 index ae056a29..00000000 --- a/roles/raspberrypi/tasks/prereq/Alpine.yml +++ /dev/null @@ -1,29 +0,0 @@ ---- -- name: Add cgroup mount point - lineinfile: - path: /etc/fstab - line: cgroup /sys/fs/cgroup cgroup defaults 0 0 - -- name: Define cgroup mount points - copy: - content: | - mount { - cpuacct = /cgroup/cpuacct; - memory = /cgroup/memory; - devices = /cgroup/devices; - freezer = /cgroup/freezer; - net_cls = /cgroup/net_cls; - blkio = /cgroup/blkio; - cpuset = /cgroup/cpuset; - cpu = /cgroup/cpu; - } - dest: /etc/cgconfig.conf - mode: 0644 - -- name: Enable cgroup via boot commandline if not already enabled - lineinfile: - path: /media/mmcblk0p1/cmdline.txt - backrefs: yes - regexp: '^((?!.*\bcgroup_enable=cpuset cgroup_memory=1 cgroup_enable=memory\b).*)$' - line: '\1 cgroup_enable=cpuset cgroup_memory=1 cgroup_enable=memory' - notify: lbu diff --git a/roles/reset/tasks/main.yml b/roles/reset/tasks/main.yml index 14556b04..a8447724 100644 --- a/roles/reset/tasks/main.yml +++ b/roles/reset/tasks/main.yml @@ -1,5 +1,42 @@ -- name: Delete every service and binary - include_tasks: "{{ item }}" - with_first_found: - - "prereq/{{ ansible_distribution }}.yml" - - "prereq/default.yml" +--- +- name: Disable services + systemd: + name: "{{ item }}" + state: stopped + enabled: no + failed_when: false + with_items: + - k3s + - k3s-node + +- name: pkill -9 -f "k3s/data/[^/]+/bin/containerd-shim-runc" + register: pkill_containerd_shim_runc + command: pkill -9 -f "k3s/data/[^/]+/bin/containerd-shim-runc" + changed_when: "pkill_containerd_shim_runc.rc == 0" + failed_when: false + +- name: Umount k3s filesystems + include_tasks: umount_with_children.yml + with_items: + - /run/k3s + - /var/lib/kubelet + - /run/netns + - /var/lib/rancher/k3s + loop_control: + loop_var: mounted_fs + +- name: Remove service files, binaries and data + file: + name: "{{ item }}" + state: absent + with_items: + - "{{ systemd_dir }}/k3s.service" + - "{{ systemd_dir }}/k3s-node.service" + - /etc/rancher/k3s + - /var/lib/rancher/k3s + - /var/lib/kubelet + - /usr/local/bin/k3s + +- name: daemon_reload + systemd: + daemon_reload: yes diff --git a/roles/reset/tasks/prereq/Alpine.yml b/roles/reset/tasks/prereq/Alpine.yml deleted file mode 100644 index 76042ce9..00000000 --- a/roles/reset/tasks/prereq/Alpine.yml +++ /dev/null @@ -1,28 +0,0 @@ ---- -- name: Disable services - service: - name: k3s - state: stopped - enabled: no - -- name: Umount k3s filesystems - include_tasks: umount_with_children.yml - with_items: - - /run/k3s - - /var/lib/kubelet - - /run/netns - - /var/lib/rancher/k3s - loop_control: - loop_var: mounted_fs - -- name: Remove service files, binaries and data - file: - name: "{{ item }}" - state: absent - with_items: - - /etc/init.d/k3s - - /etc/runlevels/default/k3s - - /etc/rancher/k3s - - /var/lib/rancher/k3s - - /var/lib/kubelet - - /usr/local/bin/k3s diff --git a/roles/reset/tasks/prereq/default.yml b/roles/reset/tasks/prereq/default.yml deleted file mode 100644 index a8447724..00000000 --- a/roles/reset/tasks/prereq/default.yml +++ /dev/null @@ -1,42 +0,0 @@ ---- -- name: Disable services - systemd: - name: "{{ item }}" - state: stopped - enabled: no - failed_when: false - with_items: - - k3s - - k3s-node - -- name: pkill -9 -f "k3s/data/[^/]+/bin/containerd-shim-runc" - register: pkill_containerd_shim_runc - command: pkill -9 -f "k3s/data/[^/]+/bin/containerd-shim-runc" - changed_when: "pkill_containerd_shim_runc.rc == 0" - failed_when: false - -- name: Umount k3s filesystems - include_tasks: umount_with_children.yml - with_items: - - /run/k3s - - /var/lib/kubelet - - /run/netns - - /var/lib/rancher/k3s - loop_control: - loop_var: mounted_fs - -- name: Remove service files, binaries and data - file: - name: "{{ item }}" - state: absent - with_items: - - "{{ systemd_dir }}/k3s.service" - - "{{ systemd_dir }}/k3s-node.service" - - /etc/rancher/k3s - - /var/lib/rancher/k3s - - /var/lib/kubelet - - /usr/local/bin/k3s - -- name: daemon_reload - systemd: - daemon_reload: yes diff --git a/roles/reset/tasks/umount_with_children.yml b/roles/reset/tasks/umount_with_children.yml index 2cc24990..8bba5963 100644 --- a/roles/reset/tasks/umount_with_children.yml +++ b/roles/reset/tasks/umount_with_children.yml @@ -2,6 +2,8 @@ - name: Get the list of mounted filesystems shell: set -o pipefail && cat /proc/mounts | awk '{ print $2}' | grep -E "^{{ mounted_fs }}" register: get_mounted_filesystems + args: + executable: /bin/bash failed_when: false changed_when: get_mounted_filesystems.stdout | length > 0 From 219ed2f49d1cfddcf41751da6e41c007714d736a Mon Sep 17 00:00:00 2001 From: Julien DOCHE Date: Sun, 14 Feb 2021 21:47:02 +0100 Subject: [PATCH 6/8] Fix CI with new ansible 2.10 package Signed-off-by: Julien DOCHE --- .github/workflows/lint.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 991b2c65..86f3c341 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -22,7 +22,7 @@ jobs: python-version: '3.x' - name: Install test dependencies. - run: pip3 install yamllint ansible-lint + run: pip3 install yamllint ansible-lint ansible - name: Run yamllint. run: yamllint . From 54629a46bda44b3d9cf90a5eb54ffc957e1bf157 Mon Sep 17 00:00:00 2001 From: Julien DOCHE Date: Fri, 19 Feb 2021 00:12:51 +0100 Subject: [PATCH 7/8] Change reset deletion order to avoid racecondition If the k3s binary is launched after the deletion of `/var/lib/rancher/k3s`, k3s will automatically create this directory. This change deletes the k3s binary first so that it cannot be called after `/var/lib/rancher/k3s` is deleted Signed-off-by: Julien DOCHE --- roles/reset/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/reset/tasks/main.yml b/roles/reset/tasks/main.yml index 38560c57..728447fb 100644 --- a/roles/reset/tasks/main.yml +++ b/roles/reset/tasks/main.yml @@ -30,12 +30,12 @@ name: "{{ item }}" state: absent with_items: + - /usr/local/bin/k3s - "{{ systemd_dir }}/k3s.service" - "{{ systemd_dir }}/k3s-node.service" - /etc/rancher/k3s - /var/lib/kubelet - /var/lib/rancher/k3s - - /usr/local/bin/k3s - name: daemon_reload systemd: From 88e1a435434ab22998e578a4b2cc079bef9163a4 Mon Sep 17 00:00:00 2001 From: Julien DOCHE Date: Fri, 19 Feb 2021 00:19:50 +0100 Subject: [PATCH 8/8] Make sure the reset role can be run with --check We need to compute what mountpoints would be unmounted even when running with --check Signed-off-by: Julien DOCHE --- roles/reset/tasks/umount_with_children.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/reset/tasks/umount_with_children.yml b/roles/reset/tasks/umount_with_children.yml index 6e1f4bf0..5883b70a 100644 --- a/roles/reset/tasks/umount_with_children.yml +++ b/roles/reset/tasks/umount_with_children.yml @@ -6,6 +6,7 @@ executable: /bin/bash failed_when: false changed_when: get_mounted_filesystems.stdout | length > 0 + check_mode: false - name: Umount filesystem mount: