diff --git a/agents.tf b/agents.tf index da4c4f5..e129650 100644 --- a/agents.tf +++ b/agents.tf @@ -59,6 +59,19 @@ resource "null_resource" "agents" { inline = local.install_k3s_agent } + # Issue a reboot command and wait for MicroOS to reboot and be ready + # so that the new snapshot with k3s-selinux kicks in + provisioner "local-exec" { + command = <<-EOT + ssh ${local.ssh_args} root@${module.agents[each.key].ipv4_address} '(sleep 2; reboot)&'; sleep 3 + until ssh ${local.ssh_args} -o ConnectTimeout=2 root@${module.agents[each.key].ipv4_address} true 2> /dev/null + do + echo "Waiting for MicroOS to reboot and become available..." + sleep 3 + done + EOT + } + # Start the k3s agent and wait for it to have started provisioner "remote-exec" { inline = [ diff --git a/control_planes.tf b/control_planes.tf index 7c31d4b..1ecd24f 100644 --- a/control_planes.tf +++ b/control_planes.tf @@ -65,6 +65,19 @@ resource "null_resource" "control_planes" { inline = local.install_k3s_server } + # Issue a reboot command and wait for MicroOS to reboot and be ready, + # so that the new snapshot with k3s-selinux kicks in, only if k3s has never been initialized on the node + provisioner "local-exec" { + command = <<-EOT + ssh ${local.ssh_args} root@${module.control_planes[count.index].ipv4_address} '[[ ! -f /etc/rancher/k3s/k3s.yaml ]] && (sleep 2; reboot)&'; sleep 3 + until ssh ${local.ssh_args} -o ConnectTimeout=2 root@${module.control_planes[count.index].ipv4_address} true 2> /dev/null + do + echo "Waiting for MicroOS to reboot and become available..." + sleep 3 + done + EOT + } + # Start the k3s server and wait for it to have started correctly provisioner "remote-exec" { inline = [ diff --git a/init.tf b/init.tf index 7f7e021..81eb32b 100644 --- a/init.tf +++ b/init.tf @@ -30,7 +30,20 @@ resource "null_resource" "first_control_plane" { inline = local.install_k3s_server } - # Upon reboot verify that the k3s server is starts, and wait for k3s to be ready to receive commands + # so that the new snapshot with k3s-selinux kicks in + # Issue a reboot command and wait for MicroOS to reboot and be ready + provisioner "local-exec" { + command = <<-EOT + ssh ${local.ssh_args} root@${module.control_planes[0].ipv4_address} '(sleep 2; reboot)&'; sleep 3 + until ssh ${local.ssh_args} -o ConnectTimeout=2 root@${module.control_planes[0].ipv4_address} true 2> /dev/null + do + echo "Waiting for MicroOS to reboot and become available..." + sleep 3 + done + EOT + } + + # Upon reboot verify start k3s and wait for it to be ready to receive commands provisioner "remote-exec" { inline = [ "systemctl start k3s", diff --git a/kustomize/kured.yaml b/kustomize/kured.yaml index b4abdea..3425a49 100644 --- a/kustomize/kured.yaml +++ b/kustomize/kured.yaml @@ -18,4 +18,4 @@ spec: command: - /usr/bin/kured - --reboot-command=/usr/bin/systemctl reboot - - --reboot-sentinel=/var/run/reboot-needed + - --reboot-sentinel=/var/run/reboot-needed \ No newline at end of file diff --git a/locals.tf b/locals.tf index 61a8fff..7acb380 100644 --- a/locals.tf +++ b/locals.tf @@ -145,10 +145,8 @@ locals { "[ -e /etc/rancher/k3s/k3s.yaml ] && exit 0", ] - k3s_selinux_apply = ["chcon -u system_u -r object_r -t container_runtime_exec_t /usr/local/bin/k3s"] - - install_k3s_server = concat(local.common_commands_install_k3s, ["curl -sfL https://get.k3s.io | INSTALL_K3S_SKIP_START=true INSTALL_K3S_SKIP_SELINUX_RPM=true INSTALL_K3S_CHANNEL=${var.initial_k3s_channel} INSTALL_K3S_EXEC=server sh -"], local.k3s_selinux_apply) - install_k3s_agent = concat(local.common_commands_install_k3s, ["curl -sfL https://get.k3s.io | INSTALL_K3S_SKIP_START=true INSTALL_K3S_SKIP_SELINUX_RPM=true INSTALL_K3S_CHANNEL=${var.initial_k3s_channel} INSTALL_K3S_EXEC=agent sh -"], local.k3s_selinux_apply) + install_k3s_server = concat(local.common_commands_install_k3s, ["curl -sfL https://get.k3s.io | INSTALL_K3S_SKIP_START=true INSTALL_K3S_CHANNEL=${var.initial_k3s_channel} INSTALL_K3S_EXEC=server sh -"]) + install_k3s_agent = concat(local.common_commands_install_k3s, ["curl -sfL https://get.k3s.io | INSTALL_K3S_SKIP_START=true INSTALL_K3S_CHANNEL=${var.initial_k3s_channel} INSTALL_K3S_EXEC=agent sh -"]) agent_nodepools = merge([ for nodepool_name, nodepool_obj in var.agent_nodepools : { diff --git a/modules/host/main.tf b/modules/host/main.tf index 6f17ec9..b8c4d17 100644 --- a/modules/host/main.tf +++ b/modules/host/main.tf @@ -35,41 +35,15 @@ resource "hcloud_server" "server" { "set -ex", "apt-get update", "apt-get install -y aria2", - "aria2c --follow-metalink=mem https://download.opensuse.org/tumbleweed/appliances/openSUSE-MicroOS.x86_64-OpenStack-Cloud.qcow2.meta4", + "aria2c --follow-metalink=mem https://download.opensuse.org/tumbleweed/appliances/openSUSE-MicroOS.x86_64-k3s-OpenStack-Cloud.qcow2.meta4", "qemu-img convert -p -f qcow2 -O host_device $(ls -a | grep -ie '^opensuse.*microos.*qcow2$') /dev/sda", ] } - # Issue a reboot command - provisioner "local-exec" { - command = "ssh ${local.ssh_args} root@${self.ipv4_address} '(sleep 2; reboot)&'; sleep 3" - } - # Wait for MicroOS to reboot and be ready - provisioner "local-exec" { - command = <<-EOT - until ssh ${local.ssh_args} -o ConnectTimeout=2 root@${self.ipv4_address} true 2> /dev/null - do - echo "Waiting for MicroOS to reboot and become available..." - sleep 3 - done - EOT - } - - # We've rebooted into MicroOS, now we install the k3s-selinux RPM - provisioner "remote-exec" { - inline = [ - "set -ex", - "transactional-update pkg install -y k3s-selinux" - ] - } - - # Issue a reboot command - provisioner "local-exec" { - command = "ssh ${local.ssh_args} root@${self.ipv4_address} '(sleep 2; reboot)&'; sleep 3" - } - # Wait for MicroOS to reboot and be ready + # Issue a reboot command and wait for MicroOS to reboot and be ready provisioner "local-exec" { command = <<-EOT + ssh ${local.ssh_args} root@${self.ipv4_address} '(sleep 2; reboot)&'; sleep 3 until ssh ${local.ssh_args} -o ConnectTimeout=2 root@${self.ipv4_address} true 2> /dev/null do echo "Waiting for MicroOS to reboot and become available..."