Moving the k3s service to /tmp changes the file's security context and breaks the service.
I'm happy to log a PR if needed, just let me know which option makes more sense to you:
Keep the service under /etc/systemd/system, just rename it to .disabled (or .backup)
Move the file to /tmp but run restorecon after moving it back to /etc/systemd/system
Details below.
❯ ansible-playbook -i inventory.yml playbook/upgrade.yml
PLAY [Upgrade K3s Servers] ****************************************************************************************************************
TASK [Gathering Facts] ********************************************************************************************************************
Sunday 25 February 2024 16:43:21 +1030 (0:00:00.021) 0:00:00.021 *******
ok: [rhel.lan]
TASK [k3s_upgrade : Save current K3s service] *********************************************************************************************
Sunday 25 February 2024 16:43:27 +1030 (0:00:06.348) 0:00:06.370 *******
changed: [rhel.lan]
TASK [k3s_upgrade : Install new K3s Version] **********************************************************************************************
Sunday 25 February 2024 16:43:31 +1030 (0:00:03.600) 0:00:09.970 *******
changed: [rhel.lan]
TASK [k3s_upgrade : Restore K3s service] **************************************************************************************************
Sunday 25 February 2024 16:43:44 +1030 (0:00:13.108) 0:00:23.079 *******
changed: [rhel.lan]
TASK [k3s_upgrade : Restart K3s service [server]] *****************************************************************************************
Sunday 25 February 2024 16:43:46 +1030 (0:00:02.336) 0:00:25.415 *******
fatal: [rhel.lan]: FAILED! => {"changed": false, "msg": "Could not find the requested service k3s: host"}
PLAY RECAP ********************************************************************************************************************************
rhel.lan : ok=4 changed=3 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
Sunday 25 February 2024 16:43:50 +1030 (0:00:03.484) 0:00:28.900 *******
===============================================================================
k3s_upgrade : Install new K3s Version --------------------------------------------------------------------------------------------- 13.11s
Gathering Facts -------------------------------------------------------------------------------------------------------------------- 6.35s
k3s_upgrade : Save current K3s service --------------------------------------------------------------------------------------------- 3.60s
k3s_upgrade : Restart K3s service [server] ----------------------------------------------------------------------------------------- 3.48s
k3s_upgrade : Restore K3s service -------------------------------------------------------------------------------------------------- 2.34s
[root@rhel ~]# systemctl restart k3s
Failed to restart k3s.service: Unit k3s.service not found.
[root@rhel ~]# journalctl -u k3s.service --since='5 minutes ago'
Feb 25 16:43:44 rhel.lan systemd[1]: k3s.service: Current command vanished from the unit file, execution of the command list won't be resumed.
Feb 25 16:43:50 rhel.lan systemd[1]: k3s.service: Failed to open /etc/systemd/system/k3s.service: Permission denied
[root@rhel ~]# ls -lZ /etc/systemd/system/k3s.service
-rw-r--r--. 1 root root unconfined_u:object_r:user_tmp_t:s0 2787 Feb 25 16:43 /etc/systemd/system/k3s.service
[root@rhel ~]# restorecon /etc/systemd/system/k3s.service
[root@rhel ~]# ls -lZ /etc/systemd/system/k3s.service
-rw-r--r--. 1 root root unconfined_u:object_r:container_unit_file_t:s0 848 Feb 25 16:46 /etc/systemd/system/k3s.service
[root@rhel ~]# systemctl restart k3s
Moving the k3s service to
/tmp
changes the file's security context and breaks the service.I'm happy to log a PR if needed, just let me know which option makes more sense to you:
/etc/systemd/system
, just rename it to.disabled
(or.backup
)/tmp
but runrestorecon
after moving it back to/etc/systemd/system
Details below.