Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

allowing changes to data-dir #255

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
allowing changes to data-dir
Adam Leiner committed Aug 2, 2024
commit e3087305290eb9dd25487ec780d875bfafca23f0
2 changes: 1 addition & 1 deletion roles/cluster_manifest/tasks/main.yml
Original file line number Diff line number Diff line change
@@ -3,7 +3,7 @@
- name: Add cluster manifest addons files
ansible.builtin.copy:
src: "{{ cluster_manifest_config_file_path }}"
dest: "/var/lib/rancher/rke2/server/manifests/"
dest: "{{ rke2_data_dir }}/server/manifests/"
mode: '0640'
owner: root
group: root
2 changes: 1 addition & 1 deletion roles/rke2_common/tasks/add-manifest-addons.yml
Original file line number Diff line number Diff line change
@@ -3,7 +3,7 @@
- name: Add manifest addons files
ansible.builtin.copy:
src: "{{ manifest_config_file_path }}"
dest: "/var/lib/rancher/rke2/server/manifests/"
dest: "{{ rke2_data_dir }}/server/manifests/"
mode: '0640'
owner: root
group: root
8 changes: 4 additions & 4 deletions roles/rke2_common/tasks/images_tarball_install.yml
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
---
- name: "Check for images tar.gz in {{ playbook_dir }}/tarball_install/rke2-images.linux-amd64.tar.gz" # noqa name[template] yaml[line-length]

Check warning on line 2 in roles/rke2_common/tasks/images_tarball_install.yml

GitHub Actions / Lint for push

2:121 [line-length] line too long (143 > 120 characters)

Check warning on line 2 in roles/rke2_common/tasks/images_tarball_install.yml

GitHub Actions / Lint for PR

2:121 [line-length] line too long (143 > 120 characters)

Check warning on line 2 in roles/rke2_common/tasks/images_tarball_install.yml

GitHub Actions / Lint for PR

2:121 [line-length] line too long (143 > 120 characters)
ansible.builtin.stat:
path: "{{ playbook_dir }}/tarball_install/rke2-images.linux-amd64.tar.gz"
get_checksum: false
@@ -7,7 +7,7 @@
delegate_to: 127.0.0.1
become: false

- name: "Check for images tar.zst in {{ playbook_dir }}/tarball_install/rke2-images.linux-amd64.tar.zst" # noqa name[template] yaml[line-length]

Check warning on line 10 in roles/rke2_common/tasks/images_tarball_install.yml

GitHub Actions / Lint for push

10:121 [line-length] line too long (145 > 120 characters)

Check warning on line 10 in roles/rke2_common/tasks/images_tarball_install.yml

GitHub Actions / Lint for PR

10:121 [line-length] line too long (145 > 120 characters)

Check warning on line 10 in roles/rke2_common/tasks/images_tarball_install.yml

GitHub Actions / Lint for PR

10:121 [line-length] line too long (145 > 120 characters)
ansible.builtin.stat:
path: "{{ playbook_dir }}/tarball_install/rke2-images.linux-amd64.tar.zst"
get_checksum: false
@@ -17,14 +17,14 @@

- name: Create images directory
ansible.builtin.file:
path: /var/lib/rancher/rke2/agent/images
path: "{{ rke2_data_dir }}/agent/images"
state: directory
mode: '0644'

- name: Download images tar files url
ansible.builtin.get_url:
url: "{{ item }}"
dest: "/var/lib/rancher/rke2/agent/images"
dest: "{{ rke2_data_dir }}/agent/images"
mode: "0644"
when:
- rke2_images_urls != []
@@ -33,13 +33,13 @@
- name: Add images tar.gz to needed directory if provided
ansible.builtin.copy:
src: "{{ playbook_dir }}/tarball_install/rke2-images.linux-amd64.tar.gz"
dest: /var/lib/rancher/rke2/agent/images/
dest: "{{ rke2_data_dir }}/agent/images/"
mode: '0644'
when: got_images_gz.stat.exists

- name: Add images tar.zst to needed directory if provided
ansible.builtin.copy:
src: "{{ playbook_dir }}/tarball_install/rke2-images.linux-amd64.tar.zst"
dest: /var/lib/rancher/rke2/agent/images/
dest: "{{ rke2_data_dir }}/agent/images/"
mode: '0644'
when: got_images_zst.stat.exists
14 changes: 14 additions & 0 deletions roles/rke2_common/tasks/main.yml
Original file line number Diff line number Diff line change
@@ -7,6 +7,20 @@
ansible.builtin.package_facts:
manager: auto

- name: Set data-dir from rke2_config var
ansible.builtin.set_fact:
rke2_data_dir: "{{ rke2_config['data-dir'] }}"
when: rke2_config['data-dir'] is defined

- name: Set data-dir var
ansible.builtin.set_fact:
rke2_data_dir: '/var/lib/rancher/rke2'
when: rke2_data_dir is not defined

- name: debug

Check failure on line 20 in roles/rke2_common/tasks/main.yml

GitHub Actions / Lint for push

fqcn[action-core]

Use FQCN for builtin module actions (debug).

Check failure on line 20 in roles/rke2_common/tasks/main.yml

GitHub Actions / Lint for push

name[casing]

All names should start with an uppercase letter.

Check failure on line 20 in roles/rke2_common/tasks/main.yml

GitHub Actions / Lint for PR

fqcn[action-core]

Use FQCN for builtin module actions (debug).

Check failure on line 20 in roles/rke2_common/tasks/main.yml

GitHub Actions / Lint for PR

name[casing]

All names should start with an uppercase letter.

Check failure on line 20 in roles/rke2_common/tasks/main.yml

GitHub Actions / Lint for PR

fqcn[action-core]

Use FQCN for builtin module actions (debug).

Check failure on line 20 in roles/rke2_common/tasks/main.yml

GitHub Actions / Lint for PR

name[casing]

All names should start with an uppercase letter.
debug:
msg: "data-dir is {{ rke2_data_dir }}"

- name: Has rke2 been installed already
ansible.builtin.include_tasks: previous_install.yml

6 changes: 3 additions & 3 deletions roles/rke2_server/tasks/first_server.yml
Original file line number Diff line number Diff line change
@@ -38,7 +38,7 @@

- name: Wait for node to show Ready status
ansible.builtin.command: >-
/var/lib/rancher/rke2/bin/kubectl --kubeconfig /etc/rancher/rke2/rke2.yaml
{{ rke2_data_dir }}/bin/kubectl --kubeconfig /etc/rancher/rke2/rke2.yaml
--server https://127.0.0.1:6443 get no {{ kubelet_hostname_override_parameter[0] }}
-o jsonpath='{.status.conditions[?(@.type=="Ready")].status}'
register: status_result
@@ -51,11 +51,11 @@
block:
- name: Wait for node-token
ansible.builtin.wait_for:
path: /var/lib/rancher/rke2/server/node-token
path: "{{ rke2_data_dir }}/server/node-token"

- name: Read node-token from master
ansible.builtin.slurp:
src: /var/lib/rancher/rke2/server/node-token
src: "{{ rke2_data_dir }}/server/node-token"
register: node_token

- name: Store Master node-token
2 changes: 1 addition & 1 deletion roles/rke2_server/tasks/other_servers.yml
Original file line number Diff line number Diff line change
@@ -61,7 +61,7 @@

- name: Wait for node to show Ready status
ansible.builtin.command: >-
/var/lib/rancher/rke2/bin/kubectl --kubeconfig /etc/rancher/rke2/rke2.yaml
{{ rke2_data_dir }}/bin/kubectl --kubeconfig /etc/rancher/rke2/rke2.yaml
--server https://127.0.0.1:6443 get no {{ kubelet_hostname_override_parameter[0] }}
-o jsonpath='{.status.conditions[?(@.type=="Ready")].status}'
register: status_result
8 changes: 4 additions & 4 deletions roles/rke2_server/tasks/utilities.yml
Original file line number Diff line number Diff line change
@@ -1,14 +1,14 @@
---

- name: Add /var/lib/rancher/rke2/bin to PATH
- name: Add rke2/bin to PATH
ansible.builtin.lineinfile:
dest: "/root/.bashrc"
line: 'PATH=$PATH:/var/lib/rancher/rke2/bin'
line: "PATH=$PATH:{{ rke2_data_dir }}/bin"
insertafter: EOF

- name: Symlink crictl config to /etc/crictl.yaml
ansible.builtin.file:
src: "/var/lib/rancher/rke2/agent/etc/crictl.yaml"
src: "{{ rke2_data_dir }}/agent/etc/crictl.yaml"
dest: "/etc/crictl.yaml"
state: link

@@ -20,6 +20,6 @@

- name: Symlink kubectl config to /root/.kube/config
ansible.builtin.file:
src: "/var/lib/rancher/rke2/server/cred/admin.kubeconfig"
src: "{{ rke2_data_dir }}/server/cred/admin.kubeconfig"
dest: "/root/.kube/config"
state: link

Unchanged files with check annotations Beta

---
namespace: rancherfederal
name: rke2_ansible
version: 0.0.2

Check failure on line 4 in galaxy.yml

GitHub Actions / Lint for push

galaxy[version-incorrect]

collection version should be greater than or equal to 1.0.0

Check failure on line 4 in galaxy.yml

GitHub Actions / Lint for PR

galaxy[version-incorrect]

collection version should be greater than or equal to 1.0.0

Check failure on line 4 in galaxy.yml

GitHub Actions / Lint for PR

galaxy[version-incorrect]

collection version should be greater than or equal to 1.0.0
readme: README.md
authors:
- Rancher Government <carbide@ranchergovernment.com>
rke2_config:
node-label:
- serverGroupLabel=true
# profile: cis-1.6

Check warning on line 22 in inventory/sample/hosts.yml

GitHub Actions / Lint for push

yaml[comments-indentation]

Comment not indented like content

Check warning on line 22 in inventory/sample/hosts.yml

GitHub Actions / Lint for push

22:11 [comments-indentation] comment not indented like content

Check warning on line 22 in inventory/sample/hosts.yml

GitHub Actions / Lint for PR

yaml[comments-indentation]

Comment not indented like content

Check warning on line 22 in inventory/sample/hosts.yml

GitHub Actions / Lint for PR

22:11 [comments-indentation] comment not indented like content

Check warning on line 22 in inventory/sample/hosts.yml

GitHub Actions / Lint for PR

yaml[comments-indentation]

Comment not indented like content

Check warning on line 22 in inventory/sample/hosts.yml

GitHub Actions / Lint for PR

22:11 [comments-indentation] comment not indented like content
# kube-controller-manager-arg:
# - "tls-min-version=VersionTLS12"
# - "tls-cipher-suites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"

Check warning on line 25 in inventory/sample/hosts.yml

GitHub Actions / Lint for push

25:121 [line-length] line too long (265 > 120 characters)

Check warning on line 25 in inventory/sample/hosts.yml

GitHub Actions / Lint for PR

25:121 [line-length] line too long (265 > 120 characters)

Check warning on line 25 in inventory/sample/hosts.yml

GitHub Actions / Lint for PR

25:121 [line-length] line too long (265 > 120 characters)
# kube-scheduler-arg:
# - "tls-min-version=VersionTLS12"
# - "tls-cipher-suites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"

Check warning on line 28 in inventory/sample/hosts.yml

GitHub Actions / Lint for push

28:121 [line-length] line too long (265 > 120 characters)

Check warning on line 28 in inventory/sample/hosts.yml

GitHub Actions / Lint for PR

28:121 [line-length] line too long (265 > 120 characters)

Check warning on line 28 in inventory/sample/hosts.yml

GitHub Actions / Lint for PR

28:121 [line-length] line too long (265 > 120 characters)
# kube-apiserver-arg:
# - "tls-min-version=VersionTLS12"
# - "tls-cipher-suites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"

Check warning on line 31 in inventory/sample/hosts.yml

GitHub Actions / Lint for push

31:121 [line-length] line too long (265 > 120 characters)

Check warning on line 31 in inventory/sample/hosts.yml

GitHub Actions / Lint for PR

31:121 [line-length] line too long (265 > 120 characters)

Check warning on line 31 in inventory/sample/hosts.yml

GitHub Actions / Lint for PR

31:121 [line-length] line too long (265 > 120 characters)
# - "enable-admission-plugins=ValidatingAdmissionWebhook,NodeRestriction,PodSecurityPolicy"
# - "request-timeout=300s"
# # Enable only when auditing is enabled, blocks API when audit fails
server0.example.com:
node_labels:
- server0Label=true
# node_ip: "10.10.10.10"

Check warning on line 63 in inventory/sample/hosts.yml

GitHub Actions / Lint for push

yaml[comments-indentation]

Comment not indented like content

Check warning on line 63 in inventory/sample/hosts.yml

GitHub Actions / Lint for push

63:11 [comments-indentation] comment not indented like content

Check warning on line 63 in inventory/sample/hosts.yml

GitHub Actions / Lint for PR

yaml[comments-indentation]

Comment not indented like content

Check warning on line 63 in inventory/sample/hosts.yml

GitHub Actions / Lint for PR

63:11 [comments-indentation] comment not indented like content

Check warning on line 63 in inventory/sample/hosts.yml

GitHub Actions / Lint for PR

yaml[comments-indentation]

Comment not indented like content

Check warning on line 63 in inventory/sample/hosts.yml

GitHub Actions / Lint for PR

63:11 [comments-indentation] comment not indented like content
# node_name: "server0.example.com"
# bind_address: "10.10.10.10"
# advertise_address: "10.10.10.10"
---
kubernetes_api_server_host: "{{ hostvars[groups['rke2_servers'][0]].inventory_hostname }}"

Check warning on line 2 in roles/rke2_agent/defaults/main.yml

GitHub Actions / Lint for push

var-naming[no-role-prefix]

Variables names from within roles should use rke2_agent_ as a prefix. (vars: kubernetes_api_server_host)

Check warning on line 2 in roles/rke2_agent/defaults/main.yml

GitHub Actions / Lint for PR

var-naming[no-role-prefix]

Variables names from within roles should use rke2_agent_ as a prefix. (vars: kubernetes_api_server_host)

Check warning on line 2 in roles/rke2_agent/defaults/main.yml

GitHub Actions / Lint for PR

var-naming[no-role-prefix]

Variables names from within roles should use rke2_agent_ as a prefix. (vars: kubernetes_api_server_host)
---
tmp_sha1: 55ca6286e3e4f4fba5d0448333fa99fc5a404a73

Check warning on line 2 in roles/rke2_agent/vars/main.yml

GitHub Actions / Lint for push

var-naming[no-role-prefix]

Variables names from within roles should use rke2_agent_ as a prefix. (vars: tmp_sha1)

Check warning on line 2 in roles/rke2_agent/vars/main.yml

GitHub Actions / Lint for PR

var-naming[no-role-prefix]

Variables names from within roles should use rke2_agent_ as a prefix. (vars: tmp_sha1)

Check warning on line 2 in roles/rke2_agent/vars/main.yml

GitHub Actions / Lint for PR

var-naming[no-role-prefix]

Variables names from within roles should use rke2_agent_ as a prefix. (vars: tmp_sha1)
---
tarball_dir: "/usr/local"

Check warning on line 2 in roles/rke2_common/defaults/main.yml

GitHub Actions / Lint for push

var-naming[no-role-prefix]

Variables names from within roles should use rke2_common_ as a prefix. (vars: tarball_dir)

Check warning on line 2 in roles/rke2_common/defaults/main.yml

GitHub Actions / Lint for PR

var-naming[no-role-prefix]

Variables names from within roles should use rke2_common_ as a prefix. (vars: tarball_dir)

Check warning on line 2 in roles/rke2_common/defaults/main.yml

GitHub Actions / Lint for PR

var-naming[no-role-prefix]

Variables names from within roles should use rke2_common_ as a prefix. (vars: tarball_dir)
rke2_tarball_url: ""

Check warning on line 3 in roles/rke2_common/defaults/main.yml

GitHub Actions / Lint for push

var-naming[no-role-prefix]

Variables names from within roles should use rke2_common_ as a prefix. (vars: rke2_tarball_url)

Check warning on line 3 in roles/rke2_common/defaults/main.yml

GitHub Actions / Lint for PR

var-naming[no-role-prefix]

Variables names from within roles should use rke2_common_ as a prefix. (vars: rke2_tarball_url)

Check warning on line 3 in roles/rke2_common/defaults/main.yml

GitHub Actions / Lint for PR

var-naming[no-role-prefix]

Variables names from within roles should use rke2_common_ as a prefix. (vars: rke2_tarball_url)
rke2_images_urls: []

Check warning on line 4 in roles/rke2_common/defaults/main.yml

GitHub Actions / Lint for push

var-naming[no-role-prefix]

Variables names from within roles should use rke2_common_ as a prefix. (vars: rke2_images_urls)

Check warning on line 4 in roles/rke2_common/defaults/main.yml

GitHub Actions / Lint for PR

var-naming[no-role-prefix]

Variables names from within roles should use rke2_common_ as a prefix. (vars: rke2_images_urls)

Check warning on line 4 in roles/rke2_common/defaults/main.yml

GitHub Actions / Lint for PR

var-naming[no-role-prefix]

Variables names from within roles should use rke2_common_ as a prefix. (vars: rke2_images_urls)
rke2_channel: stable

Check warning on line 5 in roles/rke2_common/defaults/main.yml

GitHub Actions / Lint for push

var-naming[no-role-prefix]

Variables names from within roles should use rke2_common_ as a prefix. (vars: rke2_channel)

Check warning on line 5 in roles/rke2_common/defaults/main.yml

GitHub Actions / Lint for PR

var-naming[no-role-prefix]

Variables names from within roles should use rke2_common_ as a prefix. (vars: rke2_channel)

Check warning on line 5 in roles/rke2_common/defaults/main.yml

GitHub Actions / Lint for PR

var-naming[no-role-prefix]

Variables names from within roles should use rke2_common_ as a prefix. (vars: rke2_channel)
audit_policy_config_file_path: ""

Check warning on line 6 in roles/rke2_common/defaults/main.yml

GitHub Actions / Lint for push

var-naming[no-role-prefix]

Variables names from within roles should use rke2_common_ as a prefix. (vars: audit_policy_config_file_path)

Check warning on line 6 in roles/rke2_common/defaults/main.yml

GitHub Actions / Lint for PR

var-naming[no-role-prefix]

Variables names from within roles should use rke2_common_ as a prefix. (vars: audit_policy_config_file_path)

Check warning on line 6 in roles/rke2_common/defaults/main.yml

GitHub Actions / Lint for PR

var-naming[no-role-prefix]

Variables names from within roles should use rke2_common_ as a prefix. (vars: audit_policy_config_file_path)
registry_config_file_path: ""

Check warning on line 7 in roles/rke2_common/defaults/main.yml

GitHub Actions / Lint for push

var-naming[no-role-prefix]

Variables names from within roles should use rke2_common_ as a prefix. (vars: registry_config_file_path)

Check warning on line 7 in roles/rke2_common/defaults/main.yml

GitHub Actions / Lint for PR

var-naming[no-role-prefix]

Variables names from within roles should use rke2_common_ as a prefix. (vars: registry_config_file_path)

Check warning on line 7 in roles/rke2_common/defaults/main.yml

GitHub Actions / Lint for PR

var-naming[no-role-prefix]

Variables names from within roles should use rke2_common_ as a prefix. (vars: registry_config_file_path)
pod_security_admission_config_file_path: ""
add_iptables_rules: false
rke2_common_yum_repo:
ansible_facts['distribution_major_version'] == "8" or
ansible_facts['distribution_major_version'] == "9"
- name: YUM-Based | Install rke2-server

Check failure on line 33 in roles/rke2_common/tasks/rpm_install.yml

GitHub Actions / Lint for push

fqcn[action-core]

Use FQCN for builtin module actions (ansible.builtin.yum).

Check failure on line 33 in roles/rke2_common/tasks/rpm_install.yml

GitHub Actions / Lint for PR

fqcn[action-core]

Use FQCN for builtin module actions (ansible.builtin.yum).

Check failure on line 33 in roles/rke2_common/tasks/rpm_install.yml

GitHub Actions / Lint for PR

fqcn[action-core]

Use FQCN for builtin module actions (ansible.builtin.yum).
ansible.builtin.yum:
name: "rke2-server-{{ rke2_version_rpm }}"
state: latest # noqa package-latest
until: result is succeeded
delay: 30
- name: YUM-Based | Install rke2-agent

Check failure on line 46 in roles/rke2_common/tasks/rpm_install.yml

GitHub Actions / Lint for push

fqcn[action-core]

Use FQCN for builtin module actions (ansible.builtin.yum).

Check failure on line 46 in roles/rke2_common/tasks/rpm_install.yml

GitHub Actions / Lint for PR

fqcn[action-core]

Use FQCN for builtin module actions (ansible.builtin.yum).

Check failure on line 46 in roles/rke2_common/tasks/rpm_install.yml

GitHub Actions / Lint for PR

fqcn[action-core]

Use FQCN for builtin module actions (ansible.builtin.yum).
ansible.builtin.yum:
name: "rke2-agent-{{ rke2_version_rpm }}"
state: latest # noqa package-latest