abril/roles/k3s_server/tasks/main.yml

---

- name: Stop k3s-init
  systemd:
    name: k3s-init
    state: stopped
  failed_when: false

- name: Clean previous runs of k3s-init  # noqa command-instead-of-module
  # The systemd module does not support "reset-failed", so we need to resort to command.
  command: systemctl reset-failed k3s-init
  failed_when: false
  changed_when: false

- name: Deploy vip manifest
  include_tasks: vip.yml

- name: Deploy metallb manifest
  include_tasks: metallb.yml

- name: Init cluster inside the transient k3s-init service
  command:
    cmd: "systemd-run -p RestartSec=2 \
                      -p Restart=on-failure \
                      --unit=k3s-init \
                      k3s server {{ server_init_args }}"
    creates: "{{ systemd_dir }}/k3s.service"

- name: Verification
  when: not ansible_check_mode
  block:
    - name: Verify that all nodes actually joined (check k3s-init.service if this fails)
      command:
        cmd: k3s kubectl get nodes -l "node-role.kubernetes.io/master=true" -o=jsonpath="{.items[*].metadata.name}"
      register: nodes
      until: nodes.rc == 0 and (nodes.stdout.split() | length) == (groups['master'] | length)
      retries: "{{ retry_count | default(20) }}"
      delay: 10
      changed_when: false
  always:
    - name: Save logs of k3s-init.service
      include_tasks: fetch_k3s_init_logs.yml
      when: log_destination
      vars:
        log_destination: >-
          {{ lookup('ansible.builtin.env', 'ANSIBLE_K3S_LOG_DIR', default=False) }}          
    - name: Kill the temporary service used for initialization
      systemd:
        name: k3s-init
        state: stopped
      failed_when: false

- name: Copy K3s service file
  register: k3s_service
  template:
    src: "k3s.service.j2"
    dest: "{{ systemd_dir }}/k3s.service"
    owner: root
    group: root
    mode: 0644

- name: Enable and check K3s service
  systemd:
    name: k3s
    daemon_reload: yes
    state: restarted
    enabled: yes

- name: Wait for node-token
  wait_for:
    path: /var/lib/rancher/k3s/server/node-token

- name: Register node-token file access mode
  stat:
    path: /var/lib/rancher/k3s/server
  register: p

- name: Change file access node-token
  file:
    path: /var/lib/rancher/k3s/server
    mode: "g+rx,o+rx"

- name: Read node-token from master
  slurp:
    src: /var/lib/rancher/k3s/server/node-token
  register: node_token

- name: Store Master node-token
  set_fact:
    token: "{{ node_token.content | b64decode | regex_replace('\n', '') }}"

- name: Restore node-token file access
  file:
    path: /var/lib/rancher/k3s/server
    mode: "{{ p.stat.mode }}"

- name: Create directory .kube
  file:
    path: "{{ ansible_user_dir }}/.kube"
    state: directory
    owner: "{{ ansible_user_id }}"
    mode: "u=rwx,g=rx,o="

- name: Copy config file to user home directory
  copy:
    src: /etc/rancher/k3s/k3s.yaml
    dest: "{{ ansible_user_dir }}/.kube/config"
    remote_src: yes
    owner: "{{ ansible_user_id }}"
    mode: "u=rw,g=,o="

- name: Configure kubectl cluster to {{ endpoint_url }}
  command: >-
    k3s kubectl config set-cluster default
      --server={{ endpoint_url }}
      --kubeconfig {{ ansible_user_dir }}/.kube/config    
  changed_when: true
  vars:
    endpoint_url: >-
      https://{{ apiserver_endpoint | ansible.utils.ipwrap }}:6443      
  # Deactivated linter rules:
  #   - jinja[invalid]: As of version 6.6.0, ansible-lint complains that the input to ipwrap
  #                     would be undefined. This will not be the case during playbook execution.
  # noqa jinja[invalid]

- name: Create kubectl symlink
  file:
    src: /usr/local/bin/k3s
    dest: /usr/local/bin/kubectl
    state: link

- name: Create crictl symlink
  file:
    src: /usr/local/bin/k3s
    dest: /usr/local/bin/crictl
    state: link

- name: Get contents of manifests folder
  find:
    paths: /var/lib/rancher/k3s/server/manifests
    file_type: file
  register: k3s_server_manifests

- name: Get sub dirs of manifests folder
  find:
    paths: /var/lib/rancher/k3s/server/manifests
    file_type: directory
  register: k3s_server_manifests_directories

- name: Remove manifests and folders that are only needed for bootstrapping cluster so k3s doesn't auto apply on start
  file:
    path: "{{ item.path }}"
    state: absent
  with_items:
    - "{{ k3s_server_manifests.files }}"
    - "{{ k3s_server_manifests_directories.files }}"
  loop_control:
    label: "{{ item.path }}"