Signed-off-by: Derek Nola <derek.nola@suse.com>

* Generate token

If a token is not explicitly provided, let the first server generate a
random one. Such a token is saved on the first server and the playbook
can retrieve it from there and store it a a fact. All other servers and
agents can use that token later to join the cluster. It will be saved
into their environment file as usual.

Signed-off-by: Marko Vukovic <8951449+anon-software@users.noreply.github.com>

* Document that token is (mostly) optional now

The token is still required when using Vagrant.

Signed-off-by: Marko Vukovic <8951449+anon-software@users.noreply.github.com>

Signed-off-by: Derek Nola <derek.nola@suse.com>

Signed-off-by: Derek Nola <derek.nola@suse.com>

* Check for existing k3s install script during airgap deployment

Signed-off-by: Derek Nola <derek.nola@suse.com>

* Update vagrant file to newer OS

Signed-off-by: Derek Nola <derek.nola@suse.com>

---------

Signed-off-by: Derek Nola <derek.nola@suse.com>

* Fix failure when not using airgap

Signed-off-by: Derek Nola <derek.nola@suse.com>

* Handle multiple architectures when distributing airgap binary

Signed-off-by: Derek Nola <derek.nola@suse.com>

* yamllint fix

Signed-off-by: Derek Nola <derek.nola@suse.com>

* ansiblelint fix

Signed-off-by: Derek Nola <derek.nola@suse.com>

---------

Signed-off-by: Derek Nola <derek.nola@suse.com>

* Prevent multiple tokens in k3s.service.env

If site.yml playbook is executed multiple times with different tokens,
they will all accumulate in k3s.service.env. They won't do any harm
because the last one wins, however it is a matter of good housekeeping
to delete the old before inserting a new one.

Signed-off-by: Marko Vukovic <8951449+anon-software@users.noreply.github.com>

* Selectively remove existing token from the environment file

If the existing token in the environment file is the same as the token
used for the playbook run, leave it in the file to avoid false changed
status from the task.

Signed-off-by: Marko Vukovic <8951449+anon-software@users.noreply.github.com>

---------

Signed-off-by: Marko Vukovic <8951449+anon-software@users.noreply.github.com>

Signed-off-by: Derek Nola <derek.nola@suse.com>

Signed-off-by: Derek Nola <derek.nola@suse.com>

Signed-off-by: James Otten <jamesotten1@gmail.com>

* Security exposure related to the token

The installation playbook saves the token into the systemd unit
configuration file /etc/systemd/system/k3s.service. The problem is that
according to K3s' documentation "the server token should be guarded
carefully" (https://docs.k3s.io/cli/token), yet the configuration file
is readable by anybody. A better solution is to save the token into its
corresponding environment file /etc/systemd/system/k3s.service.env which
is readable by the super user only. This is what the standard K3s'
installation script (https://get.k3s.io

) does.

Signed-off-by: Marko Vukovic <8951449+anon-software@users.noreply.github.com>

* Restore the server URL into systemd configuration file

There aren't any security implications in keeping it there.

Signed-off-by: Marko Vukovic <8951449+anon-software@users.noreply.github.com>

---------

Signed-off-by: Marko Vukovic <8951449+anon-software@users.noreply.github.com>

* Better cleanup with reset playbook

The install playbook adds some convenience commands into the user's
.bashrc. If K3s is uninstalled, these commands produce errors. Since
they are eaily identifiable, it is trivial to remove them to improve
the user's experience.

Signed-off-by: Marko Vukovic <8951449+anon-software@users.noreply.github.com>

Signed-off-by: tu1h <lihai.tu@daocloud.io>

* More flexible cgroup settings

If there are already required cgroup boot parameters present but in a
different order than specified, the script will add them again. It is
better to test for the individual parameter in a loop and selectively
add them as necessary.

Signed-off-by: Marko Vukovic <anonsoftware@gmail.com>

Signed-off-by: Marko Vukovic <anonsoftware@gmail.com>
Signed-off-by: Marko Vukovic <8951449+anon-software@users.noreply.github.com>

Signed-off-by: Peter Klijn <pjmklijn@gmail.com>

Signed-off-by: Peter Klijn <pjmklijn@gmail.com>

* Add a handler to restart the K3s Server when the service file changes

Signed-off-by: Peter Klijn <pjmklijn@gmail.com>

The extra modules were merged into the normal modules packet as of Kernel 6.8/Ubuntu 24.04

Signed-off-by: haseHH <christian@hase.hamburg>

Signed-off-by: Derek Nola <derek.nola@suse.com>

* POC: Supporting k3s-ansible with external database

Signed-off-by: Peter Klijn <pjmklijn@gmail.com>

* fixed path to playbooks/site.yml

Signed-off-by: Derek Nola <derek.nola@suse.com>

* Update readme with playbooks

Signed-off-by: Derek Nola <derek.nola@suse.com>

---------

Signed-off-by: Derek Nola <derek.nola@suse.com>
Co-authored-by: Ethan Locke <13014836-Zie0@users.noreply.gitlab.com>

Signed-off-by: Derek Nola <derek.nola@suse.com>

Signed-off-by: laszlojau <49835454+laszlojau@users.noreply.github.com>

Signed-off-by: Derek Nola <derek.nola@suse.com>

* Make agent and server groups configurable

Signed-off-by: Meagan Harris <thewitch@siliconsorceress.com>

* Fix typo in upgrade role

Co-authored-by: Derek Nola <derek.nola@suse.com>
Signed-off-by: Meagan Harris <47128741+simagick@users.noreply.github.com>

---------

Signed-off-by: Meagan Harris <thewitch@siliconsorceress.com>
Signed-off-by: Meagan Harris <47128741+simagick@users.noreply.github.com>
Co-authored-by: Derek Nola <derek.nola@suse.com>

* Implement compatible yamllint, make octals explicit

Signed-off-by: Derek Nola <derek.nola@suse.com>

* Replace yum with dnf, yum is deprecated

Signed-off-by: Derek Nola <derek.nola@suse.com>

---------

Signed-off-by: Derek Nola <derek.nola@suse.com>

Signed-off-by: laszlojau <49835454+laszlojau@users.noreply.github.com>

Signed-off-by: Frank Villaro-Dixon <frank@villaro-dixon.eu>

Signed-off-by: Derek Nola <derek.nola@suse.com>

Signed-off-by: laszlojau <49835454+laszlojau@users.noreply.github.com>

* feat add custom registries_config_yaml for private-registry

Signed-off-by: dreamingdeer <dreamingdeer@yandex.ru>
Co-authored-by: dreamingdeer <dreamingdeer@yandex.ru>

* fix keep extension on uploaded file on airgap install
* fix other tasks distribute K3s images

Signed-off-by: dreamingdeer <dreamingdeer@yandex.ru>
Co-authored-by: dreamingdeer <dreamingdeer@yandex.ru>

Signed-off-by: Mykyta Orlov <orlovmyk@gmail.com>

Signed-off-by: Jose Luis Pedrosa <jlpedrosa@gmail.com>

* Added custom context name

Signed-off-by: Vivek Sarin <vivek@sarin.info>
Signed-off-by: Derek Nola <derek.nola@suse.com>
Co-authored-by: Vivek Sarin <vivek@sarin.info>
Co-authored-by: Derek Nola <derek.nola@suse.com>

Signed-off-by: Derek Nola <derek.nola@suse.com>

- [Agent : Download artefact only if needed](roles/k3s_agent/tasks/main.yml#L13)
- [Server : Download artefact only if needed](roles/k3s_server/tasks/main.yml#L13)
- [Upgrade : Upgrade node only if needed](roles/k3s_upgrade/tasks/main.yml#L14)

Linked issue #264 k3s_server and k3s_agent tasks are not idempotent

Signed-off-by: Loïc Dubard <loic97429@gmail.com>

* Enable skipping bootcmd verification in Raspberry PI

Signed-off-by: Jose Luis Pedrosa <jlpedrosa@gmail.com>
Co-authored-by: Derek Nola <derek.nola@suse.com>

Signed-off-by: laszlojau <49835454+laszlojau@users.noreply.github.com>