Remove service template from k3s_upgrade role (#519)

        name: "{{ (server_group in group_names) | ternary('k3s', 'k3s-agent') }}"

    # We only save the token if the user did not provide one, leading to an auto-generated token on first install.

    # If you want the actual token value, you need to use the k3s_upgrade_old_token.stdout

    - name: Save the existing K3s token if needed

      when:

        - token is not defined

      register: k3s_upgrade_old_token

      changed_when: false

    - name: Construct Server config

      when: server_group in group_names

      block:

        # Start with an empty config

        - name: Set empty server config

          ansible.builtin.set_fact:

            k3s_server_config: {}

        # If token is provided, add it to the config

        - name: Add token to server config

          when: token is defined

          ansible.builtin.set_fact:

            k3s_server_config: "{{ k3s_server_config | combine({'token': token}) }}"

        # If token is not defined, use the old token

        - name: Add old token to server config

          when: token is not defined

          ansible.builtin.set_fact:

            k3s_server_config: "{{ k3s_server_config | combine({'token': k3s_upgrade_old_token.stdout}) }}"

        - name: Determine if tls-san is already in config or args

          # noqa var-naming[no-role-prefix]

          ansible.builtin.set_fact:

            _api_endpoint_in_config: >-

              {% if server_config_yaml is defined and api_endpoint is defined and server_config_yaml | regex_search('tls-san:.*' + api_endpoint | regex_escape(), ignorecase=True) %}

              true

              {% else %}

              false

              {% endif %}

            _api_endpoint_in_args: >-

              {% if api_endpoint is defined and extra_server_args | regex_search('--tls-san[=\s]+' + api_endpoint | regex_escape(), ignorecase=True) %}

              true

              {% else %}

              false

              {% endif %}

        - name: Add TLS SAN to config if needed

          when:

            - api_endpoint is defined

            - api_endpoint != ansible_hostname

            - not (_api_endpoint_in_config | trim | bool)

            - not (_api_endpoint_in_args | trim | bool)

          ansible.builtin.set_fact:

            k3s_server_config: "{{ k3s_server_config | combine({'tls-san': api_endpoint}) }}"

        - name: Add cluster-init to server config for first server in HA-IC setup

          when:

            - (groups[server_group] | length) > 1

            - inventory_hostname == groups[server_group][0] or ansible_host == groups[server_group][0]

            - not use_external_database

          ansible.builtin.set_fact:

            k3s_server_config: "{{ k3s_server_config | combine({'cluster-init': true}) }}"

        # If not the first server in an HA-IC setup, setup the server: URL for joining the cluster

        # server: https://{{ api_endpoint }}:{{ api_port }}

        - name: Add server URL to server config for joining servers in HA-IC setup

          when: (groups[server_group] | length) > 1 and inventory_hostname != groups[server_group][0] and not use_external_database

          ansible.builtin.set_fact:

            k3s_server_config: "{{ k3s_server_config | combine({'server': 'https://' + api_endpoint + ':' + api_port | string}) }}"

        # If the user has provided additional server config, merge it with the generated config

        - name: Merge user server config with generated server config

          when: server_config_yaml is defined

          ansible.builtin.set_fact:

            k3s_server_config: "{{ k3s_server_config | combine(server_config_yaml | from_yaml) }}"

        - name: Convert server config to YAML and write to file

          when: not ansible_check_mode

          ansible.builtin.copy:

            content: "{{ k3s_server_config | to_nice_yaml }}"

            dest: "/etc/rancher/k3s/config.yaml"

            mode: "0644"

          register: k3s_server_config_result

    - name: Install new K3s Version [server]

      # For some reason, ansible-lint thinks using enviroment with command is an error

      # even though its valid https://ansible.readthedocs.io/projects/lint/rules/inline-env-var/#correct-code

    - name: Get the token from the first server

      # noqa var-naming[no-role-prefix]

      when:

        - agent_group in group_names

        - token is not defined

      ansible.builtin.set_fact:

        k3s_server_upgrade_old_token: "{{ hostvars[groups[server_group][0]].k3s_upgrade_old_token }}"

        k3s_upgrade_old_server_token: "{{ hostvars[groups[server_group][0]].k3s_upgrade_old_token }}"

    - name: Install new K3s Version [agent]

      # For some reason, ansible-lint thinks using enviroment with command is an error

          INSTALL_K3S_SYSTEMD_DIR: "{{ systemd_dir }}"

          INSTALL_K3S_VERSION: "{{ k3s_version }}"

          INSTALL_K3S_EXEC: "agent --server https://{{ api_endpoint }}:{{ api_port }} {{ extra_agent_args }}"

          K3S_TOKEN: "{{ token if token is defined else k3s_server_upgrade_old_token.stdout }}"

          K3S_TOKEN: "{{ token if token is defined else k3s_upgrade_old_server_token.stdout }}"

        # We overrides the extra_install_envs with required keys from _base_envs on purpose

        _install_envs: "{{ extra_install_envs | default({}) | combine(_base_envs) }}"

      changed_when: true

    - name: Regenerate K3s service file [server]

      when: server_group in group_names

      block:

        - name: Determine if tls-san is already in config or args

          # noqa var-naming[no-role-prefix]

          ansible.builtin.set_fact:

            _api_endpoint_in_args: >-

              {% if api_endpoint is defined and extra_server_args | default('') | regex_search('--tls-san[=\s]+' + api_endpoint | regex_escape(), ignorecase=True) %}

              true

              {% else %}

              false

              {% endif %}

        - name: Add TLS SAN to arguments if needed

    - name: Reload systemd daemon

      when:

            - api_endpoint is defined

            - api_endpoint != ansible_hostname

            - not (_api_endpoint_in_args | trim | bool)

          # noqa var-naming[no-role-prefix]

          ansible.builtin.set_fact:

            opt_tls_san: "--tls-san={{ api_endpoint }}"

        - name: Copy K3s service file [Single/External DB]

          when: groups[server_group] | length == 1 or use_external_database | default(false)

          ansible.builtin.template:

            src: "k3s.service.j2"

            dest: "{{ systemd_dir }}/k3s.service"

            owner: root

            group: root

            mode: "0644"

          vars:

            cluster_init: false

            join: false

        - name: Copy K3s service file [HA - first server]

          when:

            - groups[server_group] | length > 1

            - not use_external_database | default(false)

            - inventory_hostname == groups[server_group][0] or ansible_host == groups[server_group][0]

          ansible.builtin.template:

            src: "k3s.service.j2"

            dest: "{{ systemd_dir }}/k3s.service"

            owner: root

            group: root

            mode: "0644"

          vars:

            cluster_init: true

            join: false

        - name: Copy K3s service file [HA - joining server]

          when:

            - groups[server_group] | length > 1

            - not use_external_database | default(false)

            - inventory_hostname != groups[server_group][0] and ansible_host != groups[server_group][0]

          ansible.builtin.template:

            src: "k3s.service.j2"

            dest: "{{ systemd_dir }}/k3s.service"

            owner: root

            group: root

            mode: "0644"

          vars:

            cluster_init: false

            join: true

    - name: Add token to the environment [server]

      when: server_group in group_names

      no_log: true # avoid logging the server token

      ansible.builtin.lineinfile:

        path: "{{ systemd_dir }}/k3s.service.env"

        regexp: '^K3S_TOKEN='

        line: "K3S_TOKEN={{ token is defined | ternary(token, k3s_upgrade_old_token.stdout) }}"

        - not ansible_check_mode

        - ansible_facts['service_mgr'] == 'systemd'

      ansible.builtin.systemd:

        daemon_reload: true

    - name: Restart K3s service [server]

      when: server_group in group_names

      ansible.builtin.systemd:

      ansible.builtin.service:

        state: restarted

        daemon_reload: true

        name: k3s

    - name: Restart K3s service [agent]

[Unit]

Description=Lightweight Kubernetes

Documentation=https://k3s.io

Wants=network-online.target

After=network-online.target

[Install]

WantedBy=multi-user.target

[Service]

Type=notify

EnvironmentFile=-/etc/default/%N

EnvironmentFile=-/etc/sysconfig/%N

EnvironmentFile=-/etc/systemd/system/k3s.service.env

KillMode=process

Delegate=yes

# Having non-zero Limit*s causes performance problems due to accounting overhead

# in the kernel. We recommend using cgroups to do container-local accounting.

LimitNOFILE=1048576

LimitNPROC=infinity

LimitCORE=infinity

TasksMax=infinity

TimeoutStartSec=0

Restart=always

RestartSec=5s

ExecStartPre=-/sbin/modprobe br_netfilter

ExecStartPre=-/sbin/modprobe overlay

ExecStart=/usr/local/bin/k3s server --data-dir {{ k3s_server_location }} {% if cluster_init == true %}--cluster-init {% endif %} \

    {% if join == true %}--server https://{{ api_endpoint }}:{{ api_port }} {% endif %} \

    {{ opt_tls_san | default('') }} \

    {{ extra_server_args }}