* install.sh: test if BIN_DIR is readonly, else use /opt
On flatcar /usr is a readonly partition, while /opt is allowed for
writing.
Signed-off-by: Vincent Batts <vbatts@kinvolk.io>
* install.sh: only warn on Flatcar about selinux
This check is a bit more explicit, but only warn about finding the rpm
installed policy when on Flatcar Container Linux
Signed-off-by: Vincent Batts <vbatts@kinvolk.io>
* Update install.sh
Co-authored-by: Brad Davidson <brad@oatmail.org>
Signed-off-by: Vincent Batts <vbatts@kinvolk.io>
Co-authored-by: Brad Davidson <brad@oatmail.org>
It's a bad practice to install packages via rpm directly. It's better to install all packages with Yum/Dnf. It's also possible to install packages directly via an URL, which is the purpose of this PR.
Wants= is required to actually set the dependency on network-online.service
After= is required or k3s.service will be started at the same time as network-online.service
In network environments with slow DHCP, both are required to ensure valid network configuration for k3s
Signed-off-by: Adam Farden <adam@farden.cz>
Adds the line `After=network-online.target` to the k3s systemd service
file. This applies the fix mentioned in
[this GH comment](https://github.com/rancher/k3s/issues/1626#issuecomment-642253812)
which I can confirm makes k3s networking survive reboot in Raspbian
Buster.
[It appears, in some docs I found](https://www.digitalocean.com/community/tutorials/understanding-systemd-units-and-unit-files)
that this is a recommended and usual way of specifying that we need the
target to be _completed_ before starting k3s. Using just the `Wants=`
directive doesn't work for this task, you have to add both directives
at once to do this. Quote:
> `Wants=`: This directive is similar to `Requires=`, but less strict.
> `Systemd` will attempt to start any units listed here when this unit
> is activated. If these units are not found or fail to start, the
> current unit will continue to function. This is the recommended way to
> configure most dependency relationships. **Again, this implies a
> parallel activation unless modified by other directives**
> [...]
> `After=`: The units listed in this directive will be started before
> starting the current unit. This does not imply a dependency
> relationship and **one must be established through the above
> directives if this is required.**
- _(Emphasis mine)_
Signed-off-by: Matthew Clive <arcticlight@arcticlight.me>
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
This allows us to fail quickly if we're handed a schemeless or plain
HTTP URI, rather than having the agent barf when the systemd unit
starts. For an operator, this makes for a cleaner error up front and
clear messaging for how to fix the situation.
Signed-off-by: Josh McSavaney <mcsaucy@csh.rit.edu>
When for some reason, k3s crashes, and can't startup again, e.g. when
the data backend is not available (dqlite crashed, database server is
offline, ...), on openrc systems, supervise-daemon will try to restart
it, as per supervise-daemon(8):
respawn-max:
Sets the maximum number of times a daemon will be respawned during
a respawn period. If a daemon dies more than this number of times
during a respawn period, will give up trying to respawn it and exit.
The default is 10, and 0 means unlimited.
Setting respawn-max to 0, makes sure a k3s process on openrc systems will
keep trying to come online, even if the database backend is offline for a
longer period of time.
This aligns the openrc service configuration with the systemd
configuration, which has
Restart=always
RestartSec=5s
The option --no-deploy was deprecated by
0374c4f63d
and is now replaced in the install.sh documentation by --disable
Signed-off-by: omichaelis <38879457+oliviermichaelis@users.noreply.github.com>
When k3s is installed on an OS with default high ulimits, performance
issues can be observed. This was discovered on CoreOS where the default
value is 1073741816. Symptoms include very slow file operations such
as installing a Rook/Ceph cluster will take ~6 hours instead of ~10 minutes.
A google search for 'container LimitNOFILE' will show that most major
projects set this already, including the (unused) containerd systemd unit
found in this repository at /vendor/github.com/containerd/containerd/containerd.service
k3OS is not affected becuasse the default there is already 1048576.
See description in coreos/fedora-coreos-tracker#329
Move command with line continuations to bottom of service file to
prevent including systemd directives.
Changes After network-online to Wants network-online for air-gap.
If the install errors out on semanage not found, a file not found is
thrown as a 'file not found' for error. Updating to 'fatal' resolves
this as the script then exits as intended and throws an 'error'.
Where no variable expansion is done, " is replaced with '.
Copying content of one variable to another variable never needs quotes.
Some calls to echo and fatal need no quotes at all, but have been left
with ' to make it easier to see where the string begins and ends.
The fatal function now also sends output to stderr.
Change-Id: I2504707e5c550bc498e7663cedf58c224cd0a15b
Signed-off-by: Joakim Roubert <joakimr@axis.com>
Reportedly, some systems don't have curl but wget. With this patch,
install.sh will use wget instead of curl if the latter is not available
on the target system.
Change-Id: I0bc78feec6d8e1dbf7fbef7c2e10833b79bdbbdc
Signed-off-by: Joakim Roubert <joakimr@axis.com>
For integer comparison, it is recommended to use '-eq' instead of the
broader comparison '='. From the manual:
n1 -eq n2 True if the integers n1 and n2 are algebraically equal.
s1 = s2 True if the strings s1 and s2 are identical.
Change-Id: I3a92c3944a19e7a618438a9e3e304d9de5d9874f
Signed-off-by: Joakim Roubert <joakimr@axis.com>
The install.sh script currently uses a mix of the legacy backquote
syntax and the recommended contemporary $() syntax. This patch brings
consistency by replacing the occurrences of the legacy backquote ones
with the $() syntax.
Change-Id: I018f3250175064dcb22ef86a0240b2c804153641
Signed-off-by: Joakim Roubert <joakimr@axis.com>
If install.sh relies on awk, install.sh malfunctions when run on a
device with a limited environment where awk is not available. This patch
replaces the use of awk with built-in shell script functionality.
Change-Id: I071d9f565ff7ef38445a6dd0ea9692b903721601
Signed-off-by: Joakim Roubert <joakimr@axis.com>
Cert generation may cause slow startup times for some systems such as
the Raspberry Pi, set the systemd service TimeoutStartSec to Infinity to
avoid startup timeouts.