fixed k3s selinux failed update

2022-05-04 02:27:24 +02:00 · 2022-05-04 02:27:24 +02:00 · bbe66ee977
commit bbe66ee977
parent 8e194f2b32
4 changed files with 40 additions and 4 deletions
--- a/modules/host/locals.tf
+++ b/modules/host/locals.tf
@ -1,16 +1,23 @@
 locals {
+  # ssh public key
  ssh_public_key = trimspace(file(var.public_key))
  # ssh_private_key is either the contents of var.private_key or null to use a ssh agent.
  ssh_private_key = var.private_key == null ? null : trimspace(file(var.private_key))
+
  # ssh_identity is not set if the private key is passed directly, but if ssh agent is used, the public key tells ssh agent which private key to use.
  # For terraforms provisioner.connection.agent_identity, we need the public key as a string.
  ssh_identity = var.private_key == null ? local.ssh_public_key : null
+
  # ssh_identity_file is used for ssh "-i" flag, its the private key if that is set, or a public key file
  # if an ssh agent is used.
  ssh_identity_file = var.private_key == null ? var.public_key : var.private_key
+
  # shared flags for ssh to ignore host keys, to use our ssh identity file for all connections during provisioning.
  ssh_args = "-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i ${local.ssh_identity_file}"

+  # Final list of packages to install
+  needed_packages = join(" ", concat(["k3s-selinux"], var.packages_to_install))
+
  # the hosts name with its unique suffix attached
  name = "${var.name}-${random_string.server.id}"
 }
--- a/modules/host/main.tf
+++ b/modules/host/main.tf
@ -65,11 +65,12 @@ resource "hcloud_server" "server" {
    EOT
  }

-  # Install k3s-selinux (compatible version)
+  # Install k3s-selinux (compatible version) and open-iscsi
  provisioner "remote-exec" {
-    inline = [
-      "set -ex",
-      "transactional-update shell <<< 'rpm --import https://rpm.rancher.io/public.key;zypper install -y https://github.com/k3s-io/k3s-selinux/releases/download/v0.5.stable.1/k3s-selinux-0.5-1.sle.noarch.rpm'"
+    inline = [<<-EOT
+      set -ex
+      transactional-update shell <<< "zypper --gpg-auto-import-keys install -y ${local.needed_packages}"
+      EOT
    ]
  }

@ -84,6 +85,17 @@ resource "hcloud_server" "server" {
      done
    EOT
  }
+
+  # Enable open-iscsi
+  provisioner "remote-exec" {
+    inline = [<<-EOT
+      set -ex
+      if [[ $(systemctl list-units --all -t service --full --no-legend "iscsid.service" | sed 's/^\s*//g' | cut -f1 -d' ') == iscsid.service ]]; then
+        systemctl enable --now iscsid
+      fi
+      EOT
+    ]
+  }
 }

 resource "hcloud_server_network" "server" {
--- a/modules/host/templates/userdata.yaml.tpl
+++ b/modules/host/templates/userdata.yaml.tpl
@ -23,6 +23,17 @@ write_files:
    REBOOT_METHOD=kured
  path: /etc/transactional-update.conf

+# Create Rancher repo config
+- content: |
+    [rancher-k3s-common-stable]
+    name=Rancher K3s Common (stable)
+    baseurl=https://rpm.rancher.io/k3s/stable/common/microos/noarch
+    enabled=1
+    gpgcheck=1
+    repo_gpgcheck=0
+    gpgkey=https://rpm.rancher.io/public.key
+  path: /etc/zypp/repos.d/rancher-k3s-common.repo
+
 # Add ssh authorized keys
 ssh_authorized_keys:
 %{ for key in sshAuthorizedKeys ~}
--- a/modules/host/variables.tf
+++ b/modules/host/variables.tf
@ -62,3 +62,9 @@ variable "server_type" {
  description = "The server type"
  type        = string
 }
+
+variable "packages_to_install" {
+  description = "Packages to install"
+  type        = list(string)
+  default     = []
+}