From c16e7cf740e7975428cebe8e3e676e18dec41993 Mon Sep 17 00:00:00 2001
From: Tuan-Dat Tran <tuan-dat.tran@tudattr.dev>
Date: Tue, 21 Apr 2026 23:30:57 +0200
Subject: [PATCH] fix(k3s_server): use inventory_hostname for primary detection
 and delegate token fetch

Primary server detection previously used ansible_default_ipv4.address compared against
k3s_primary_server_ip, which breaks with --limit since facts are only gathered for the
targeted hosts, causing the variable to resolve to the wrong IP.

- Replace IP comparisons with `inventory_hostname == groups['k3s_server'] | first`
  in main.yaml (primary install, secondary install, kubeconfig tasks)
- Delegate the node-token slurp to the primary server unconditionally so
  pull_token.yaml works correctly when run against any single node with --limit

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 roles/k3s_server/tasks/main.yaml       |  6 +++---
 roles/k3s_server/tasks/pull_token.yaml | 14 +++++++-------
 2 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/roles/k3s_server/tasks/main.yaml b/roles/k3s_server/tasks/main.yaml
index 75dc3d6..a41c9a3 100644
--- a/roles/k3s_server/tasks/main.yaml
+++ b/roles/k3s_server/tasks/main.yaml
@@ -15,15 +15,15 @@
 
 - name: Install primary k3s server
   include_tasks: primary_installation.yaml
-  when: ansible_default_ipv4.address == k3s_primary_server_ip
+  when: inventory_hostname == groups['k3s_server'] | first
 
 - name: Get token from primary k3s server
   include_tasks: pull_token.yaml
 
 - name: Install seconary k3s servers
   include_tasks: secondary_installation.yaml
-  when: ansible_default_ipv4.address != k3s_primary_server_ip
+  when: inventory_hostname != groups['k3s_server'] | first
 
 - name: Set kubeconfig on localhost
   include_tasks: create_kubeconfig.yaml
-  when: ansible_default_ipv4.address == k3s_primary_server_ip
+  when: inventory_hostname == groups['k3s_server'] | first
diff --git a/roles/k3s_server/tasks/pull_token.yaml b/roles/k3s_server/tasks/pull_token.yaml
index f2b7a05..fab1629 100644
--- a/roles/k3s_server/tasks/pull_token.yaml
+++ b/roles/k3s_server/tasks/pull_token.yaml
@@ -1,15 +1,15 @@
-- name: Get K3s token from the first server
-  when: ansible_default_ipv4.address == k3s_primary_server_ip
+- name: Get K3s token from the primary server
   ansible.builtin.slurp:
     src: /var/lib/rancher/k3s/server/node-token
-  register: k3s_token
+  register: k3s_token_raw
+  delegate_to: "{{ groups['k3s_server'] | first }}"
+  run_once: true
   become: true
 
-- name: Set fact on k3s_primary_server_ip
+- name: Set k3s_token fact
   ansible.builtin.set_fact:
-    k3s_token: "{{ k3s_token['content'] | b64decode | trim }}"
-  when:
-    - ansible_default_ipv4.address == k3s_primary_server_ip
+    k3s_token: "{{ k3s_token_raw['content'] | b64decode | trim }}"
+  run_once: true
 
 - name: Write K3s token to local file for encryption
   ansible.builtin.copy: