From 4ed559944262d039e9c5b114b2d6b844f243eb0c Mon Sep 17 00:00:00 2001
From: Julien DOCHE <julien.doche@gmail.com>
Date: Mon, 29 Mar 2021 22:32:38 +0200
Subject: [PATCH] Fix k3s_token default value

Signed-off-by: Julien DOCHE <julien.doche@gmail.com>
---
 inventory/sample/group_vars/all.yml     | 3 ++-
 roles/k3s/master/defaults/main.yml      | 1 +
 roles/k3s/master/tasks/main.yml         | 1 -
 roles/k3s/node/templates/k3s.service.j2 | 2 +-
 4 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/inventory/sample/group_vars/all.yml b/inventory/sample/group_vars/all.yml
index 3944fce..7d99d60 100644
--- a/inventory/sample/group_vars/all.yml
+++ b/inventory/sample/group_vars/all.yml
@@ -7,9 +7,10 @@ systemd_dir: /etc/systemd/system
 # apiserver endpoint to all masters here. This default value is only suitable
 # for a non-HA setup, if used in a HA setup, it will not protect you if the
 # first node fails.
+# Also you should define k3s_token so that masters can talk together securely
 
 apiserver_endpoint: "{{ hostvars[groups['master'][0]]['ansible_host'] | default(groups['master'][0]) }}"
+# k3s_token: "mysupersecuretoken"
 
 extra_server_args: ""
 extra_agent_args: ""
-k3s_token: ""
diff --git a/roles/k3s/master/defaults/main.yml b/roles/k3s/master/defaults/main.yml
index 8447237..596c9cb 100644
--- a/roles/k3s/master/defaults/main.yml
+++ b/roles/k3s/master/defaults/main.yml
@@ -7,5 +7,6 @@ server_init_args: >-
     {% else %}
       --server https://{{ hostvars[groups['master'][0]]['ansible_host'] | default(groups['master'][0]) }}:6443
     {% endif %}
+    --token {{ k3s_token }}
   {% endif %}
   {{ extra_server_args | default('') }}
diff --git a/roles/k3s/master/tasks/main.yml b/roles/k3s/master/tasks/main.yml
index 45e6d1d..704c62b 100644
--- a/roles/k3s/master/tasks/main.yml
+++ b/roles/k3s/master/tasks/main.yml
@@ -16,7 +16,6 @@
   command:
     cmd: "systemd-run -p RestartSec=2 \
                       -p Restart=on-failure \
-                      -E K3S_TOKEN={{ k3s_token }} \
                       --unit=k3s-init \
                       k3s server {{ server_init_args }}"
     creates: "{{ systemd_dir }}/k3s.service"
diff --git a/roles/k3s/node/templates/k3s.service.j2 b/roles/k3s/node/templates/k3s.service.j2
index f385467..01baa64 100644
--- a/roles/k3s/node/templates/k3s.service.j2
+++ b/roles/k3s/node/templates/k3s.service.j2
@@ -7,7 +7,7 @@ After=network-online.target
 Type=notify
 ExecStartPre=-/sbin/modprobe br_netfilter
 ExecStartPre=-/sbin/modprobe overlay
-ExecStart=/usr/local/bin/k3s agent --server https://{{ apiserver_endpoint }}:6443 --token {{ k3s_token }} {{ extra_agent_args | default("") }}
+ExecStart=/usr/local/bin/k3s agent --server https://{{ apiserver_endpoint }}:6443 --token {{ hostvars[groups['master'][0]]['token'] | default(k3s_token) }} {{ extra_agent_args | default("") }}
 KillMode=process
 Delegate=yes
 # Having non-zero Limit*s causes performance problems due to accounting overhead
-- 
GitLab