search

PyratLabs / ansible-role-k3s

Ansible role for installing k3s as either a standalone server or HA cluster.
BSD 3-Clause "New" or "Revised" License
631 stars 135 forks source link

Issue with step [Ensure k3s binary is downloaded] #99

Closed hechi closed 3 years ago

hechi commented 3 years ago

Summary

Hey @xanmanning first of all, many thanks for your hard work in this project. It helped me a lot and it's super easy to use. Idk why and how but i installed my homelab k3s with your documentation and everything worked well and as expected but now i wanted to add one more node and it fails at Ensure k3s binary is downloaded. It is not allowed to download the k3s into the /usr/local/bin folder. I already checked the permission and compared it to the other nodes but everything looks the same. It looks like the become_user is not propagated properly. I tried a simple download with native ansible in the same folder for the same file and it works. If i can provide more useful input let me know and thx a lot for checking šŸ˜Š 

---
- name: blabla
  hosts: phobos
  become: yes
  become_user: root
  become_method: sudo
  tasks:
    - name: Download file
      get_url:
        url: https://github.com/k3s-io/k3s/releases/download/v1.20.4+k3s1/k3s
        dest: /usr/local/bin/k3s-v1.20.4+k3s1
āžœ  ansible git:(master) āœ— ansible-playbook -i inventory.yml test.yml 

PLAY [blabla] *************************************************************************************************************************************************************************************************************

TASK [Gathering Facts] ****************************************************************************************************************************************************************************************************
ok: [phobos]

TASK [Download file] *********************************************************************************************************************************************************************************
changed: [phobos]

PLAY RECAP ****************************************************************************************************************************************************************************************************************
phobos                     : ok=2    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

Issue Type

Controller Environment and Configuration

# Begin ANSIBLE VERSION
ansible 2.10.6
  config file = None
  configured module search path = ['/Users/<user>/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/local/lib/python3.9/site-packages/ansible
  executable location = /usr/local/bin/ansible
  python version = 3.9.2 (default, Feb 24 2021, 13:26:09) [Clang 12.0.0 (clang-1200.0.32.29)]
# End ANSIBLE VERSION

# Begin ANSIBLE CONFIG

# End ANSIBLE CONFIG

# Begin ANSIBLE ROLES
# /Users/poxy/.ansible/roles
- nickjj.docker, v2.1.0
- ansible-role-unattended-upgrades, (unknown version)
- ansible-nginx-revproxy, (unknown version)
- ansible-role-k3s, (unknown version)
- ansible-role-docker, (unknown version)
- ansible-docker, (unknown version)
- xanmanning.k3s, v2.8.0
# End ANSIBLE ROLES

# Begin PLAY HOSTS
["sedna", "gonggong", "quaoar", "phobos"]
# End PLAY HOSTS

# Begin K3S ROLE CONFIG
## sedna
k3s_control_node: true

## gonggong
k3s_control_node: true

## quaoar
k3s_control_node: true

## phobos
k3s_agent: {"node-label": ["node-role.kubernetes.io/role=storage"]}

# End K3S ROLE CONFIG

# Begin K3S RUNTIME CONFIG
## sedna
## gonggong
## quaoar
## phobos
# End K3S RUNTIME CONFIG

Steps to Reproduce

---
- name: solarsystem8s-masters
  hosts: solarsystem8s
  become: yes
  become_user: root
  become_method: sudo
  vars:
    k3s_become_for_all: true
    k3s_etcd_datastore: true
  roles:
    - role: common
    - role: xanmanning.k3s

Expected Result

k3s is installed in new added node

Actual Result

<192.168.23.10> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="<user>"' -o ConnectTimeout=10 -o ControlPath=/Users/<user>/.ansible/cp/93cb6ecd91 192.168.23.10 '/bin/sh -c '"'"'rm -f -r /home/<user>/.ansible/tmp/ansible-tmp-1615838783.6930292-35355-59903357029747/ > /dev/null 2>&1 && sleep 0'"'"''
<192.168.23.10> (0, b'', b'')
fatal: [phobos]: FAILED! => {
    "changed": false,
    "checksum_dest": null,
    "checksum_src": "2cb7f6676f7eb6aaaa3b1153a72188e06d8bd06e",
    "dest": "/usr/local/bin/k3s-v1.20.4+k3s1",
    "elapsed": 4,
    "invocation": {
        "module_args": {
            "attributes": null,
            "backup": false,
            "checksum": "sha256:1c7b68b0b7d54f21a9c1727545a7db181668115f161a3986bc137261dd817e98",
            "client_cert": null,
            "client_key": null,
            "dest": "/usr/local/bin/k3s-v1.20.4+k3s1",
            "force": false,
            "force_basic_auth": false,
            "group": null,
            "headers": null,
            "http_agent": "ansible-httpget",
            "mode": 493,
            "owner": null,
            "selevel": null,
            "serole": null,
            "setype": null,
            "seuser": null,
            "sha256sum": "",
            "timeout": 10,
            "tmp_dest": null,
            "unsafe_writes": false,
            "url": "https://github.com/k3s-io/k3s/releases/download/v1.20.4+k3s1/k3s",
            "url_password": null,
            "url_username": null,
            "use_proxy": true,
            "validate_certs": true
        }
    },
    "msg": "Destination /usr/local/bin is not writable",
    "src": "/home/<user>/.ansible/tmp/ansible-tmp-1615838783.6930292-35355-59903357029747/tmpg_1bxj01",
    "url": "https://github.com/k3s-io/k3s/releases/download/v1.20.4+k3s1/k3s"
}
xanmanning commented 3 years ago

Hi @hechi

Have you tried k3s_become_for_all: true?

hechi commented 3 years ago

Hey @xanmanning yes i did :) look above at the Steps to Reproduce

hechi commented 3 years ago

Owwww.... if i put it into the inventory for the host then it works šŸ˜² is this intentional? I have it currently in the playbook as vars

all:
  hosts:
    sedna: # k8s-master
      <truncated>
    gonggong: # k8s-agent-0
      <truncated>
    quaoar: # k8s-agent-1
      <truncated>
    phobos: # storage-nfs
      ansible_python_interpreter: /usr/bin/python3
      ansible_user: <user>
      ansible_host: <host ip>
      gateway: <gateway ip>
      k3s_become_for_all: true
      k3s_agent:
        node-label:
          - "node-role.kubernetes.io/role=storage"
xanmanning commented 3 years ago

I'm tempted to ditch it. It's meant to only run tasks as root that need it, however it overrides become: true when the role is run.

hechi commented 3 years ago

Ah good to know šŸ˜Š
thx for helping and again for the amazing work šŸ‘ I love it šŸ˜ƒ

xanmanning commented 3 years ago

My pleasure. Thanks ā˜•šŸ˜Š

altitudems commented 2 years ago

Sorry to reopen this, just wanted to add a note, that I could not get k3s_become_for_all: true to work. Instead I added k3s_become: true as a host var, and that worked.

Thanks for all your work on this @xanmanning