fixed k3s selinux failed update

modules/host/locals.tf

@@ -1,16 +1,23 @@
 locals {
+  # ssh public key
   ssh_public_key = trimspace(file(var.public_key))
   # ssh_private_key is either the contents of var.private_key or null to use a ssh agent.
   ssh_private_key = var.private_key == null ? null : trimspace(file(var.private_key))
+
   # ssh_identity is not set if the private key is passed directly, but if ssh agent is used, the public key tells ssh agent which private key to use.
   # For terraforms provisioner.connection.agent_identity, we need the public key as a string.
   ssh_identity = var.private_key == null ? local.ssh_public_key : null
+
   # ssh_identity_file is used for ssh "-i" flag, its the private key if that is set, or a public key file
   # if an ssh agent is used.
   ssh_identity_file = var.private_key == null ? var.public_key : var.private_key
+
   # shared flags for ssh to ignore host keys, to use our ssh identity file for all connections during provisioning.
   ssh_args = "-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i ${local.ssh_identity_file}"
 
+  # Final list of packages to install
+  needed_packages = join(" ", concat(["k3s-selinux"], var.packages_to_install))
+
   # the hosts name with its unique suffix attached
   name = "${var.name}-${random_string.server.id}"
 }

modules/host/main.tf

@@ -65,11 +65,12 @@ resource "hcloud_server" "server" {
     EOT
   }
 
-  # Install k3s-selinux (compatible version)
+  # Install k3s-selinux (compatible version) and open-iscsi
   provisioner "remote-exec" {
-    inline = [
+    inline = [<<-EOT
-      "set -ex",
+      set -ex
-      "transactional-update shell <<< 'rpm --import https://rpm.rancher.io/public.key;zypper install -y https://github.com/k3s-io/k3s-selinux/releases/download/v0.5.stable.1/k3s-selinux-0.5-1.sle.noarch.rpm'"
+      transactional-update shell <<< "zypper --gpg-auto-import-keys install -y ${local.needed_packages}"
+      EOT
     ]
   }
 
@@ -84,6 +85,17 @@ resource "hcloud_server" "server" {
       done
     EOT
   }
+
+  # Enable open-iscsi
+  provisioner "remote-exec" {
+    inline = [<<-EOT
+      set -ex
+      if [[ $(systemctl list-units --all -t service --full --no-legend "iscsid.service" | sed 's/^\s*//g' | cut -f1 -d' ') == iscsid.service ]]; then
+        systemctl enable --now iscsid
+      fi
+      EOT
+    ]
+  }
 }
 
 resource "hcloud_server_network" "server" {

modules/host/templates/userdata.yaml.tpl

@@ -23,6 +23,17 @@ write_files:
     REBOOT_METHOD=kured
   path: /etc/transactional-update.conf
 
+# Create Rancher repo config
+- content: |
+    [rancher-k3s-common-stable]
+    name=Rancher K3s Common (stable)
+    baseurl=https://rpm.rancher.io/k3s/stable/common/microos/noarch
+    enabled=1
+    gpgcheck=1
+    repo_gpgcheck=0
+    gpgkey=https://rpm.rancher.io/public.key
+  path: /etc/zypp/repos.d/rancher-k3s-common.repo
+
 # Add ssh authorized keys
 ssh_authorized_keys:
 %{ for key in sshAuthorizedKeys ~}

modules/host/variables.tf

@@ -62,3 +62,9 @@ variable "server_type" {
   description = "The server type"
   type        = string
 }
+
+variable "packages_to_install" {
+  description = "Packages to install"
+  type        = list(string)
+  default     = []
+}