fixed k3s selinux failed update
This commit is contained in:
parent
8e194f2b32
commit
bbe66ee977
@ -1,16 +1,23 @@
|
||||
locals {
|
||||
# ssh public key
|
||||
ssh_public_key = trimspace(file(var.public_key))
|
||||
# ssh_private_key is either the contents of var.private_key or null to use a ssh agent.
|
||||
ssh_private_key = var.private_key == null ? null : trimspace(file(var.private_key))
|
||||
|
||||
# ssh_identity is not set if the private key is passed directly, but if ssh agent is used, the public key tells ssh agent which private key to use.
|
||||
# For terraforms provisioner.connection.agent_identity, we need the public key as a string.
|
||||
ssh_identity = var.private_key == null ? local.ssh_public_key : null
|
||||
|
||||
# ssh_identity_file is used for ssh "-i" flag, its the private key if that is set, or a public key file
|
||||
# if an ssh agent is used.
|
||||
ssh_identity_file = var.private_key == null ? var.public_key : var.private_key
|
||||
|
||||
# shared flags for ssh to ignore host keys, to use our ssh identity file for all connections during provisioning.
|
||||
ssh_args = "-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i ${local.ssh_identity_file}"
|
||||
|
||||
# Final list of packages to install
|
||||
needed_packages = join(" ", concat(["k3s-selinux"], var.packages_to_install))
|
||||
|
||||
# the hosts name with its unique suffix attached
|
||||
name = "${var.name}-${random_string.server.id}"
|
||||
}
|
||||
|
@ -65,11 +65,12 @@ resource "hcloud_server" "server" {
|
||||
EOT
|
||||
}
|
||||
|
||||
# Install k3s-selinux (compatible version)
|
||||
# Install k3s-selinux (compatible version) and open-iscsi
|
||||
provisioner "remote-exec" {
|
||||
inline = [
|
||||
"set -ex",
|
||||
"transactional-update shell <<< 'rpm --import https://rpm.rancher.io/public.key;zypper install -y https://github.com/k3s-io/k3s-selinux/releases/download/v0.5.stable.1/k3s-selinux-0.5-1.sle.noarch.rpm'"
|
||||
inline = [<<-EOT
|
||||
set -ex
|
||||
transactional-update shell <<< "zypper --gpg-auto-import-keys install -y ${local.needed_packages}"
|
||||
EOT
|
||||
]
|
||||
}
|
||||
|
||||
@ -84,6 +85,17 @@ resource "hcloud_server" "server" {
|
||||
done
|
||||
EOT
|
||||
}
|
||||
|
||||
# Enable open-iscsi
|
||||
provisioner "remote-exec" {
|
||||
inline = [<<-EOT
|
||||
set -ex
|
||||
if [[ $(systemctl list-units --all -t service --full --no-legend "iscsid.service" | sed 's/^\s*//g' | cut -f1 -d' ') == iscsid.service ]]; then
|
||||
systemctl enable --now iscsid
|
||||
fi
|
||||
EOT
|
||||
]
|
||||
}
|
||||
}
|
||||
|
||||
resource "hcloud_server_network" "server" {
|
||||
|
@ -23,6 +23,17 @@ write_files:
|
||||
REBOOT_METHOD=kured
|
||||
path: /etc/transactional-update.conf
|
||||
|
||||
# Create Rancher repo config
|
||||
- content: |
|
||||
[rancher-k3s-common-stable]
|
||||
name=Rancher K3s Common (stable)
|
||||
baseurl=https://rpm.rancher.io/k3s/stable/common/microos/noarch
|
||||
enabled=1
|
||||
gpgcheck=1
|
||||
repo_gpgcheck=0
|
||||
gpgkey=https://rpm.rancher.io/public.key
|
||||
path: /etc/zypp/repos.d/rancher-k3s-common.repo
|
||||
|
||||
# Add ssh authorized keys
|
||||
ssh_authorized_keys:
|
||||
%{ for key in sshAuthorizedKeys ~}
|
||||
|
@ -62,3 +62,9 @@ variable "server_type" {
|
||||
description = "The server type"
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "packages_to_install" {
|
||||
description = "Packages to install"
|
||||
type = list(string)
|
||||
default = []
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user