Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix #169 -- add systemd env options #174

Closed
wants to merge 1 commit into from
Closed
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 7 additions & 0 deletions inventory/sample/group_vars/rke2_agents.yml
Original file line number Diff line number Diff line change
@@ -8,3 +8,10 @@ rke2_config: {}
# See https://docs.rke2.io/install/containerd_registry_configuration/
# Add a registry configuration file by specifying the file path on the control host
# registry_config_file_path: "{{ playbook_dir }}/sample_files/registries.yaml"

# See https://docs.rke2.io/advanced#configuring-an-http-proxy
# Add proxy information for the systemd environment
# systemd-extra-env:

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
# systemd-extra-env:
# systemd_extra_env:

# #- HTTP_PROXY=http://your-proxy.example.com:8888
# #- HTTPS_PROXY=http://your-proxy.example.com:8888
# #- NO_PROXY=127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16
7 changes: 7 additions & 0 deletions inventory/sample/group_vars/rke2_servers.yml
Original file line number Diff line number Diff line change
@@ -45,3 +45,10 @@ rke2_config: {}
# See https://docs.rke2.io/helm/#automatically-deploying-manifests-and-helm-charts
# Add manifest files by specifying the directory path on the control host
# manifest_config_file_path: "{{ playbook_dir }}/sample_files/manifest/"

# See https://docs.rke2.io/advanced#configuring-an-http-proxy
# Add proxy information for the systemd environment
# systemd-extra-env:

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
# systemd-extra-env:
# systemd_extra_env:

# #- HTTP_PROXY=http://your-proxy.example.com:8888
# #- HTTPS_PROXY=http://your-proxy.example.com:8888
# #- NO_PROXY=127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16
2 changes: 2 additions & 0 deletions roles/rke2_common/defaults/main.yml
Original file line number Diff line number Diff line change
@@ -21,3 +21,5 @@ rke2_versioned_yum_repo:
enabled: yes

rke2_config: {}

systemd_extra_env: {}
21 changes: 21 additions & 0 deletions roles/rke2_common/tasks/add-systemd-env.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
---
- name: Systemd env file
become: true
when: (systemd_extra_env is defined) and (systemd_extra_env|length > 0)
block:

- name: Add the systemd env file
ansible.builtin.blockinfile:
path: /etc/default/rke2-{{ caller_role_name }}

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
path: /etc/default/rke2-{{ caller_role_name }}
path: /etc/default/rke2-{{ rke2_common_caller_role_name }}

marker: "#{mark} ANSIBLE MANAGED FILE"
create: true
mode: '640'
owner: root
group: root
block: |
{% for item in systemd_extra_env %}
{{ item }}
{% endfor %}
- name: Reload the systemd daemon

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe is it better to use handlers ?

ansible.builtin.systemd:
daemon_reload: true
4 changes: 4 additions & 0 deletions roles/rke2_common/tasks/main.yml
Original file line number Diff line number Diff line change
@@ -70,6 +70,10 @@
ansible.builtin.include_tasks: add-registry-config.yml
when: registry_config_file_path | length > 0

- name: Include task file add-systemd-env.yml
ansible.builtin.include_tasks: add-systemd-env.yml
when: systemd_extra_env | length > 0

- name: Run CIS-Hardening Tasks
ansible.builtin.include_role:
name: rke2_common