fixed k3s selinux failed update
This commit is contained in:
parent
8e194f2b32
commit
bbe66ee977
@ -1,16 +1,23 @@
|
|||||||
locals {
|
locals {
|
||||||
|
# ssh public key
|
||||||
ssh_public_key = trimspace(file(var.public_key))
|
ssh_public_key = trimspace(file(var.public_key))
|
||||||
# ssh_private_key is either the contents of var.private_key or null to use a ssh agent.
|
# ssh_private_key is either the contents of var.private_key or null to use a ssh agent.
|
||||||
ssh_private_key = var.private_key == null ? null : trimspace(file(var.private_key))
|
ssh_private_key = var.private_key == null ? null : trimspace(file(var.private_key))
|
||||||
|
|
||||||
# ssh_identity is not set if the private key is passed directly, but if ssh agent is used, the public key tells ssh agent which private key to use.
|
# ssh_identity is not set if the private key is passed directly, but if ssh agent is used, the public key tells ssh agent which private key to use.
|
||||||
# For terraforms provisioner.connection.agent_identity, we need the public key as a string.
|
# For terraforms provisioner.connection.agent_identity, we need the public key as a string.
|
||||||
ssh_identity = var.private_key == null ? local.ssh_public_key : null
|
ssh_identity = var.private_key == null ? local.ssh_public_key : null
|
||||||
|
|
||||||
# ssh_identity_file is used for ssh "-i" flag, its the private key if that is set, or a public key file
|
# ssh_identity_file is used for ssh "-i" flag, its the private key if that is set, or a public key file
|
||||||
# if an ssh agent is used.
|
# if an ssh agent is used.
|
||||||
ssh_identity_file = var.private_key == null ? var.public_key : var.private_key
|
ssh_identity_file = var.private_key == null ? var.public_key : var.private_key
|
||||||
|
|
||||||
# shared flags for ssh to ignore host keys, to use our ssh identity file for all connections during provisioning.
|
# shared flags for ssh to ignore host keys, to use our ssh identity file for all connections during provisioning.
|
||||||
ssh_args = "-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i ${local.ssh_identity_file}"
|
ssh_args = "-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i ${local.ssh_identity_file}"
|
||||||
|
|
||||||
|
# Final list of packages to install
|
||||||
|
needed_packages = join(" ", concat(["k3s-selinux"], var.packages_to_install))
|
||||||
|
|
||||||
# the hosts name with its unique suffix attached
|
# the hosts name with its unique suffix attached
|
||||||
name = "${var.name}-${random_string.server.id}"
|
name = "${var.name}-${random_string.server.id}"
|
||||||
}
|
}
|
||||||
|
@ -65,11 +65,12 @@ resource "hcloud_server" "server" {
|
|||||||
EOT
|
EOT
|
||||||
}
|
}
|
||||||
|
|
||||||
# Install k3s-selinux (compatible version)
|
# Install k3s-selinux (compatible version) and open-iscsi
|
||||||
provisioner "remote-exec" {
|
provisioner "remote-exec" {
|
||||||
inline = [
|
inline = [<<-EOT
|
||||||
"set -ex",
|
set -ex
|
||||||
"transactional-update shell <<< 'rpm --import https://rpm.rancher.io/public.key;zypper install -y https://github.com/k3s-io/k3s-selinux/releases/download/v0.5.stable.1/k3s-selinux-0.5-1.sle.noarch.rpm'"
|
transactional-update shell <<< "zypper --gpg-auto-import-keys install -y ${local.needed_packages}"
|
||||||
|
EOT
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -84,6 +85,17 @@ resource "hcloud_server" "server" {
|
|||||||
done
|
done
|
||||||
EOT
|
EOT
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# Enable open-iscsi
|
||||||
|
provisioner "remote-exec" {
|
||||||
|
inline = [<<-EOT
|
||||||
|
set -ex
|
||||||
|
if [[ $(systemctl list-units --all -t service --full --no-legend "iscsid.service" | sed 's/^\s*//g' | cut -f1 -d' ') == iscsid.service ]]; then
|
||||||
|
systemctl enable --now iscsid
|
||||||
|
fi
|
||||||
|
EOT
|
||||||
|
]
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "hcloud_server_network" "server" {
|
resource "hcloud_server_network" "server" {
|
||||||
|
@ -23,6 +23,17 @@ write_files:
|
|||||||
REBOOT_METHOD=kured
|
REBOOT_METHOD=kured
|
||||||
path: /etc/transactional-update.conf
|
path: /etc/transactional-update.conf
|
||||||
|
|
||||||
|
# Create Rancher repo config
|
||||||
|
- content: |
|
||||||
|
[rancher-k3s-common-stable]
|
||||||
|
name=Rancher K3s Common (stable)
|
||||||
|
baseurl=https://rpm.rancher.io/k3s/stable/common/microos/noarch
|
||||||
|
enabled=1
|
||||||
|
gpgcheck=1
|
||||||
|
repo_gpgcheck=0
|
||||||
|
gpgkey=https://rpm.rancher.io/public.key
|
||||||
|
path: /etc/zypp/repos.d/rancher-k3s-common.repo
|
||||||
|
|
||||||
# Add ssh authorized keys
|
# Add ssh authorized keys
|
||||||
ssh_authorized_keys:
|
ssh_authorized_keys:
|
||||||
%{ for key in sshAuthorizedKeys ~}
|
%{ for key in sshAuthorizedKeys ~}
|
||||||
|
@ -62,3 +62,9 @@ variable "server_type" {
|
|||||||
description = "The server type"
|
description = "The server type"
|
||||||
type = string
|
type = string
|
||||||
}
|
}
|
||||||
|
|
||||||
|
variable "packages_to_install" {
|
||||||
|
description = "Packages to install"
|
||||||
|
type = list(string)
|
||||||
|
default = []
|
||||||
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user