fixed k3s selinux failed update

This commit is contained in:
Karim Naufal 2022-05-04 02:27:24 +02:00
parent 8e194f2b32
commit bbe66ee977
No known key found for this signature in database
GPG Key ID: 9CB4A7C28C139CA5
4 changed files with 40 additions and 4 deletions

View File

@ -1,16 +1,23 @@
locals { locals {
# ssh public key
ssh_public_key = trimspace(file(var.public_key)) ssh_public_key = trimspace(file(var.public_key))
# ssh_private_key is either the contents of var.private_key or null to use a ssh agent. # ssh_private_key is either the contents of var.private_key or null to use a ssh agent.
ssh_private_key = var.private_key == null ? null : trimspace(file(var.private_key)) ssh_private_key = var.private_key == null ? null : trimspace(file(var.private_key))
# ssh_identity is not set if the private key is passed directly, but if ssh agent is used, the public key tells ssh agent which private key to use. # ssh_identity is not set if the private key is passed directly, but if ssh agent is used, the public key tells ssh agent which private key to use.
# For terraforms provisioner.connection.agent_identity, we need the public key as a string. # For terraforms provisioner.connection.agent_identity, we need the public key as a string.
ssh_identity = var.private_key == null ? local.ssh_public_key : null ssh_identity = var.private_key == null ? local.ssh_public_key : null
# ssh_identity_file is used for ssh "-i" flag, its the private key if that is set, or a public key file # ssh_identity_file is used for ssh "-i" flag, its the private key if that is set, or a public key file
# if an ssh agent is used. # if an ssh agent is used.
ssh_identity_file = var.private_key == null ? var.public_key : var.private_key ssh_identity_file = var.private_key == null ? var.public_key : var.private_key
# shared flags for ssh to ignore host keys, to use our ssh identity file for all connections during provisioning. # shared flags for ssh to ignore host keys, to use our ssh identity file for all connections during provisioning.
ssh_args = "-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i ${local.ssh_identity_file}" ssh_args = "-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i ${local.ssh_identity_file}"
# Final list of packages to install
needed_packages = join(" ", concat(["k3s-selinux"], var.packages_to_install))
# the hosts name with its unique suffix attached # the hosts name with its unique suffix attached
name = "${var.name}-${random_string.server.id}" name = "${var.name}-${random_string.server.id}"
} }

View File

@ -65,11 +65,12 @@ resource "hcloud_server" "server" {
EOT EOT
} }
# Install k3s-selinux (compatible version) # Install k3s-selinux (compatible version) and open-iscsi
provisioner "remote-exec" { provisioner "remote-exec" {
inline = [ inline = [<<-EOT
"set -ex", set -ex
"transactional-update shell <<< 'rpm --import https://rpm.rancher.io/public.key;zypper install -y https://github.com/k3s-io/k3s-selinux/releases/download/v0.5.stable.1/k3s-selinux-0.5-1.sle.noarch.rpm'" transactional-update shell <<< "zypper --gpg-auto-import-keys install -y ${local.needed_packages}"
EOT
] ]
} }
@ -84,6 +85,17 @@ resource "hcloud_server" "server" {
done done
EOT EOT
} }
# Enable open-iscsi
provisioner "remote-exec" {
inline = [<<-EOT
set -ex
if [[ $(systemctl list-units --all -t service --full --no-legend "iscsid.service" | sed 's/^\s*//g' | cut -f1 -d' ') == iscsid.service ]]; then
systemctl enable --now iscsid
fi
EOT
]
}
} }
resource "hcloud_server_network" "server" { resource "hcloud_server_network" "server" {

View File

@ -23,6 +23,17 @@ write_files:
REBOOT_METHOD=kured REBOOT_METHOD=kured
path: /etc/transactional-update.conf path: /etc/transactional-update.conf
# Create Rancher repo config
- content: |
[rancher-k3s-common-stable]
name=Rancher K3s Common (stable)
baseurl=https://rpm.rancher.io/k3s/stable/common/microos/noarch
enabled=1
gpgcheck=1
repo_gpgcheck=0
gpgkey=https://rpm.rancher.io/public.key
path: /etc/zypp/repos.d/rancher-k3s-common.repo
# Add ssh authorized keys # Add ssh authorized keys
ssh_authorized_keys: ssh_authorized_keys:
%{ for key in sshAuthorizedKeys ~} %{ for key in sshAuthorizedKeys ~}

View File

@ -62,3 +62,9 @@ variable "server_type" {
description = "The server type" description = "The server type"
type = string type = string
} }
variable "packages_to_install" {
description = "Packages to install"
type = list(string)
default = []
}