Prevent multiple tokens in k3s.service.env (#364)

* Prevent multiple tokens in k3s.service.env If site.yml playbook is executed multiple times with different tokens, they will all accumulate in k3s.service.env. They won't do any harm because the last one wins, however it is a matter of good housekeeping to delete the old before inserting a new one. Signed-off-by: Marko Vukovic <[email protected]> * Selectively remove existing token from the environment file If the existing token in the environment file is the same as the token used for the playbook run, leave it in the file to avoid false changed status from the task. Signed-off-by: Marko Vukovic <[email protected]> --------- Signed-off-by: Marko Vukovic <[email protected]>
k3s-io · Oct 7, 2024 · 040d378 · 040d378
1 parent 19f99f7
commit 040d378
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 0 deletions.
diff --git a/roles/k3s_agent/tasks/main.yml b/roles/k3s_agent/tasks/main.yml
@@ -35,6 +35,12 @@
         INSTALL_K3S_EXEC: "agent"
       changed_when: true
 
+- name: Delete any existing token from the environment if different from the new one
+  ansible.builtin.lineinfile:
+    state: absent
+    path: "{{ systemd_dir }}/k3s-agent.service.env"
+    regexp: "^K3S_TOKEN=\\s*(?!{{ token }}\\s*$)"
+
 - name: Add the token for joining the cluster to the environment
   no_log: true # avoid logging the server token
   ansible.builtin.lineinfile:

diff --git a/roles/k3s_server/tasks/main.yml b/roles/k3s_server/tasks/main.yml
@@ -86,6 +86,12 @@
         line: "{{ item }}"
       with_items: "{{ extra_service_envs }}"
 
+    - name: Delete any existing token from the environment if different from the new one
+      ansible.builtin.lineinfile:
+        state: absent
+        path: "{{ systemd_dir }}/k3s.service.env"
+        regexp: "^K3S_TOKEN=\\s*(?!{{ token }}\\s*$)"
+
     # Add the token to the environment.
     - name: Add token as an environment variable
       no_log: true # avoid logging the server token
@@ -181,6 +187,12 @@
     - (groups[server_group] | length) > 1
     - inventory_hostname != groups[server_group][0]
   block:
+    - name: Delete any existing token from the environment if different from the new one
+      ansible.builtin.lineinfile:
+        state: absent
+        path: "{{ systemd_dir }}/k3s.service.env"
+        regexp: "^K3S_TOKEN=\\s*(?!{{ token }}\\s*$)"
+
     - name: Add the token for joining the cluster to the environment
       no_log: true # avoid logging the server token
       ansible.builtin.lineinfile: