Merge pull request #103 from PyratLabs/feature-cgroup_checks

Add cgroup checks, add Ansible v2.9.16 support
2024-11-09 23:13:30 +01:00 · 2021-04-10 21:13:23 +01:00 · 2021-04-10 21:13:23 +01:00 · 03b29cb09d
commit 03b29cb09d
parent a3c4d9cfae 265b529bb6
20 changed files with 161 additions and 28 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -14,6 +14,20 @@
 ---
 -->

+## 2021-04-10, v2.8.2
+
+### Notable changes
+
+ - #105 - Added Ansible v2.9.16 support
+ - #102 - Pre-check for cgroup status
+
+### Known issues
+
+ - As per README.md, you require `ansible` >= 2.9.16
+   or `ansible-base` >= 2.10.4. See [#105(comment)](https://github.com/PyratLabs/ansible-role-k3s/issues/105#issuecomment-817182233)
+
+---
+
 ## 2021-03-22, v2.8.1

 ### Notable changes
--- a/README.md
+++ b/README.md
@ -14,7 +14,7 @@ and [CHANGELOG.md](CHANGELOG.md).

 The host you're running Ansible from requires the following Python dependencies:

-  - `ansbile >= 2.9.17` or `ansible-base >= 2.10.4`
+  - `ansbile >= 2.9.16` or `ansible-base >= 2.10.4`

 You can install dependencies using the requirements.txt file in this repository:
 `pip3 install -r requirements.txt`.
--- a/molecule/highavailabilitydb/prepare.yml
+++ b/molecule/highavailabilitydb/prepare.yml
@ -25,7 +25,8 @@
        mode: 0644

    - name: Ensure HAProxy service is started
-      command: haproxy -D -f /usr/local/etc/haproxy/haproxy.cfg -p /var/run/haproxy.pid
+      ansible.builtin.command:
+        cmd: haproxy -D -f /usr/local/etc/haproxy/haproxy.cfg -p /var/run/haproxy.pid
      args:
        creates: /var/run/haproxy.pid

--- a/molecule/highavailabilityetcd/prepare.yml
+++ b/molecule/highavailabilityetcd/prepare.yml
@ -25,7 +25,8 @@
        mode: 0644

    - name: Ensure HAProxy service is started
-      command: haproxy -D -f /usr/local/etc/haproxy/haproxy.cfg -p /var/run/haproxy.pid
+      ansible.builtin.command:
+        cmd: haproxy -D -f /usr/local/etc/haproxy/haproxy.cfg -p /var/run/haproxy.pid
      args:
        creates: /var/run/haproxy.pid

--- a/requirements.txt
+++ b/requirements.txt
@ -1 +1 @@
-ansible>2.9.16,!=2.10.0,!=2.10.1,!=2.10.2,!=2.10.3
+ansible>=2.9.16,!=2.10.0,!=2.10.1,!=2.10.2,!=2.10.3
--- a/tasks/build/docker/amazon/install.yml
+++ b/tasks/build/docker/amazon/install.yml
@ -1,7 +1,8 @@
 ---

 - name: Ensure docker is installed using amazon-linux-extras
-  ansible.builtin.command: amazon-linux-extras install docker
+  ansible.builtin.command:
+    cmd: amazon-linux-extras install docker
  args:
    creates: /etc/docker
  notify:
--- a/tasks/build/docker/redhat/install-prerequisites.yml
+++ b/tasks/build/docker/redhat/install-prerequisites.yml
@ -46,7 +46,8 @@
  become: "{{ k3s_become_for_package_install | ternary(true, false, k3s_become_for_all) }}"

 - name: Ensure Docker repository is installed and configured from file
-  ansible.builtin.command: yum-config-manager --add-repo=https://download.docker.com/linux/centos/docker-ce.repo
+  ansible.builtin.command:
+    cmd: yum-config-manager --add-repo=https://download.docker.com/linux/centos/docker-ce.repo
  args:
    creates: /etc/yum.repos.d/docker-ce.repo
  when:
--- a/tasks/build/preconfigure-k3s.yml
+++ b/tasks/build/preconfigure-k3s.yml
@ -82,7 +82,8 @@
 - name: Delegate an initializing control plane node
  block:
    - name: Lookup control node from file
-      ansible.builtin.command: "grep '{{ 'P_True' if (k3s_controller_list | length > 1) else 'C_True' }}' /tmp/inventory.txt"
+      ansible.builtin.command:
+        cmd: "grep '{{ 'P_True' if (k3s_controller_list | length > 1) else 'C_True' }}' /tmp/inventory.txt"
      changed_when: false
      check_mode: false
      register: k3s_control_delegate_raw
--- a/tasks/teardown/docker/amazon/uninstall.yml
+++ b/tasks/teardown/docker/amazon/uninstall.yml
@ -1,7 +1,8 @@
 ---

 - name: Ensure docker is uninstalled using amazon-linux-extras
-  ansible.builtin.command: amazon-linux-extras uninstall docker
+  ansible.builtin.command:
+    cmd: amazon-linux-extras uninstall docker
  register: uninstall_docker_from_amazon_linux
  changed_when: uninstall_docker_from_amazon_linux.rc == 0
  become: "{{ k3s_become_for_uninstall | ternary(true, false, k3s_become_for_all) }}"
--- a/tasks/teardown/drain-and-remove-nodes.yml
+++ b/tasks/teardown/drain-and-remove-nodes.yml
@ -10,7 +10,8 @@
  block:

    - name: Gather a list of nodes
-      ansible.builtin.command: "{{ k3s_install_dir }}/kubectl get nodes"
+      ansible.builtin.command:
+        cmd: "{{ k3s_install_dir }}/kubectl get nodes"
      changed_when: false
      failed_when: false
      delegate_to: "{{ k3s_control_delegate }}"
@ -19,11 +20,12 @@
      become: "{{ k3s_become_for_kubectl | ternary(true, false, k3s_become_for_all) }}"

    - name: Ensure uninstalled nodes are drained
-      ansible.builtin.command: >-
-        {{ k3s_install_dir }}/kubectl drain {{ item }}
-          --ignore-daemonsets
-          --delete-local-data
-          --force
+      ansible.builtin.command:
+        cmd: >-
+          {{ k3s_install_dir }}/kubectl drain {{ item }}
+            --ignore-daemonsets
+            --delete-local-data
+            --force
      delegate_to: "{{ k3s_control_delegate }}"
      run_once: true
      when:
@ -34,7 +36,8 @@
      become: "{{ k3s_become_for_kubectl | ternary(true, false, k3s_become_for_all) }}"

    - name: Ensure uninstalled nodes are removed
-      ansible.builtin.command: "{{ k3s_install_dir }}/kubectl delete node {{ item }}"
+      ansible.builtin.command:
+        cmd: "{{ k3s_install_dir }}/kubectl delete node {{ item }}"
      delegate_to: "{{ k3s_control_delegate }}"
      run_once: true
      when:
--- a/tasks/teardown/uninstall-k3s.yml
+++ b/tasks/teardown/uninstall-k3s.yml
@ -11,20 +11,23 @@
  register: check_k3s_uninstall_script

 - name: Check to see if docker is present
-  ansible.builtin.command: which docker
+  ansible.builtin.command:
+    cmd: which docker
  failed_when: false
  changed_when: false
  register: check_k3s_docker_path

 - name: Run k3s-killall.sh
-  ansible.builtin.command: /usr/local/bin/k3s-killall.sh
+  ansible.builtin.command:
+    cmd: /usr/local/bin/k3s-killall.sh
  register: k3s_killall
  changed_when: k3s_killall.rc == 0
  when: check_k3s_killall_script.stat.exists
  become: "{{ k3s_become_for_uninstall | ternary(true, false, k3s_become_for_all) }}"

 - name: Run k3s-uninstall.sh
-  ansible.builtin.command: /usr/local/bin/k3s-uninstall.sh
+  ansible.builtin.command:
+    cmd: /usr/local/bin/k3s-uninstall.sh
  args:
    removes: /usr/local/bin/k3s-uninstall.sh
  register: k3s_uninstall
@ -46,7 +49,8 @@
  become: "{{ k3s_become_for_uninstall | ternary(true, false, k3s_become_for_all) }}"

 - name: Clean up Docker
-  ansible.builtin.command: docker system prune -a --force
+  ansible.builtin.command:
+    cmd: docker system prune -a --force
  when:
    - ("docker" in k3s_runtime_config and k3s_runtime_config.docker)
    - check_k3s_docker_path.rc == 0
--- a/tasks/validate/configuration/unsupported-rootless.yml
+++ b/tasks/validate/configuration/unsupported-rootless.yml
@ -1,7 +1,8 @@
 ---

 - name: Check if newuidmap is available
-  ansible.builtin.command: which newuidmap
+  ansible.builtin.command:
+    cmd: which newuidmap
  failed_when: false
  changed_when: false
  register: k3s_check_newuidmap_installed
--- a/tasks/validate/environment/local/issue-data.yml
+++ b/tasks/validate/environment/local/issue-data.yml
@ -4,7 +4,8 @@
  ansible.builtin.setup:

 - name: Ensure Ansible version is captured
-  ansible.builtin.command: ansible --version
+  ansible.builtin.command:
+    cmd: ansible --version
  failed_when: false
  changed_when: false
  register: check_ansible_version
@ -13,7 +14,8 @@
  become: false

 - name: Ensure Ansible config is captured
-  ansible.builtin.command: ansible-config dump --only-changed
+  ansible.builtin.command:
+    cmd: ansible-config dump --only-changed
  failed_when: false
  changed_when: false
  register: check_ansible_config
@ -22,7 +24,8 @@
  become: false

 - name: Ensure a list of roles is captured
-  ansible.builtin.command: ansible-galaxy role list
+  ansible.builtin.command:
+    cmd: ansible-galaxy role list
  failed_when: false
  changed_when: false
  register: check_ansible_roles
--- a/tasks/validate/environment/remote/cgroups.yml
+++ b/tasks/validate/environment/remote/cgroups.yml
@ -0,0 +1,16 @@
+---
+
+- name: Check if {{ cgroup.name }} cgroup is enabled
+  ansible.builtin.command:
+    cmd: 'grep -E "^{{ cgroup.name }}\s+.*\s+1$" /proc/cgroups'
+  failed_when: false
+  changed_when: false
+  register: k3s_check_cgroup_option
+
+- name: Fail if {{ cgroup.name }} cgroup is not enabled
+  ansible.builtin.assert:
+    that:
+      - k3s_check_cgroup_option.rc == 0
+    fail_msg: |
+      {{ cgroup.name }} cgroup disabled. {{ cgroup.documentation }}
+    success_msg: "{{ cgroup.name }} cgroup enabled."
--- a/tasks/validate/environment/remote/packages.yml
+++ b/tasks/validate/environment/remote/packages.yml
@ -1,7 +1,8 @@
 ---

 - name: Check that {{ package.name }} is installed
-  ansible.builtin.command: "which {{ package.name }}"
+  ansible.builtin.command:
+    cmd: "which {{ package.name }}"
  changed_when: false
  failed_when: false
  register: check_k3s_required_package
--- a/tasks/validate/pre-flight.yml
+++ b/tasks/validate/pre-flight.yml
@ -13,12 +13,20 @@
    - not k3s_skip_validation
    - not k3s_skip_env_checks

+- include_tasks: environment/remote/cgroups.yml
+  loop: "{{ k3s_cgroup_subsys }}"
+  loop_control:
+    loop_var: cgroup
+  when:
+    - not k3s_skip_validation
+    - not k3s_skip_env_checks
+
 - include_tasks: environment/remote/packages.yml
  loop: "{{ k3s_check_packages }}"
  loop_control:
    loop_var: package
  when:
-    - k3s_skip_validation
+    - not k3s_skip_validation
    - not k3s_skip_env_checks

 - include_tasks: environment/local/issue-data.yml
--- a/tasks/validate/state/nodes.yml
+++ b/tasks/validate/state/nodes.yml
@ -1,7 +1,8 @@
 ---

 - name: Check that all nodes to be ready
-  ansible.builtin.command: "{{ k3s_install_dir }}/kubectl get nodes"
+  ansible.builtin.command:
+    cmd: "{{ k3s_install_dir }}/kubectl get nodes"
  changed_when: false
  failed_when: kubectl_get_nodes_result.stdout.find("was refused") != -1 or
               kubectl_get_nodes_result.stdout.find("ServiceUnavailable") != -1
--- a/tasks/validate/state/uninstalled.yml
+++ b/tasks/validate/state/uninstalled.yml
@ -1,7 +1,8 @@
 ---

 - name: Check that k3s is not running
-  ansible.builtin.command: pgrep k3s
+  ansible.builtin.command:
+    cmd: pgrep k3s
  failed_when:
    - check_k3s_process.rc == 0
    - not ansible_check_mode
@ -9,7 +10,8 @@
  register: check_k3s_process

 - name: Check that docker is not running
-  ansible.builtin.command: pgrep docker
+  ansible.builtin.command:
+    cmd: pgrep docker
  failed_when:
    - check_k3s_docker_process.rc == 0
    - not ansible_check_mode
--- a/test_versions.sh
+++ b/test_versions.sh
@ -0,0 +1,64 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+ANSIBLE_RELEASE_FEED="$(curl -Ssl https://api.github.com/repos/ansible/ansible/tags?per_page=50)"
+TMPDIR="$(mktemp -d /tmp/molecule.XXXXX)"
+
+function ansible_releases {
+    local RELEASE_LIST_ALL
+
+    RELEASE_LIST_ALL="$(echo "${ANSIBLE_RELEASE_FEED}" | grep -E "\"name\": \"v[0-9]+\.[0-9]+\.[0-9]+\"")"
+
+    for RELEASE in ${RELEASE_LIST_ALL} ; do
+        echo "${RELEASE}" | grep -v "name" | sed -E 's/"v([0-9]+\.[0-9]+\.[0-9]+)",/\1/g' || true
+    done
+}
+
+function build_requirements {
+    local TEST_REQUIREMENTS
+    local REQUIREMENTS
+    local ANSIBLE_VERSION
+
+    ANSIBLE_VERSION="${1:-true}"
+
+    if [ "${ANSIBLE_VERSION}" == "true" ] ; then
+        echo "Something went wrong!"
+        exit 1
+    fi
+
+    TEST_REQUIREMENTS=$(<molecule/requirements.txt)
+    REQUIREMENTS=$(echo "${TEST_REQUIREMENTS}" | grep -v "requirements.txt" || true)
+    if [[ "${ANSIBLE_VERSION}" =~ "^v2\.10" ]] ; then
+        echo -e "ansible==${ANSIBLE_VERSION}\nansible-base==${ANSIBLE_VERSION}\n${REQUIREMENTS}"
+    else
+        echo -e "ansible==${ANSIBLE_VERSION}\n${REQUIREMENTS}"
+    fi
+}
+
+function make_venv {
+    local MOLECULE_RESULT
+
+    python3 -m venv "${TMPDIR}/${1:-ansible}"
+    source "${TMPDIR}/${1:-ansible}/bin/activate"
+    pip3 install -r "${TMPDIR}/version_requirements.txt" || true
+    MOLECULE_RESULT=$(molecule test | grep -E "CRITICAL|fatal:" || echo ":heavy_check_mark:")
+    if [ "${MOLECULE_RESULT}" != ":heavy_check_mark:" ] ; then
+        MOLECULE_RESULT=":x:"
+    fi
+    deactivate
+
+    echo -n "${MOLECULE_RESULT}" | tee -a /tmp/molecule_tests.md
+}
+
+function main {
+    echo "| Version   | Result             |" | tee /tmp/molecule_tests.md
+    echo "| --------- | ------------------ |" | tee -a /tmp/molecule_tests.md
+    for TEST_ANSIBLE in $(ansible_releases) ; do
+        echo -n "| ${TEST_ANSIBLE} | " | tee -a /tmp/molecule_tests.md
+        build_requirements "${TEST_ANSIBLE}" > "${TMPDIR}/version_requirements.txt"
+        make_venv "${TEST_ANSIBLE}"
+        echo " |" | tee -a /tmp/molecule_tests.md
+    done
+}
+
+main
--- a/vars/main.yml
+++ b/vars/main.yml
@ -143,3 +143,13 @@ k3s_deprecated_config:
  - setting: docker
    correction: "docker: false"
    when: 1.20.0
+
+k3s_cgroup_subsys:
+  - name: memory
+    documentation: |
+      If you are running on a Raspberry Pi, see:
+      https://rancher.com/docs/k3s/latest/en/advanced/#enabling-cgroups-for-raspbian-buster
+  - name: cpuset
+    documentation: |
+      If you are running Alpine Linux, see:
+      https://rancher.com/docs/k3s/latest/en/advanced/#additional-preparation-for-alpine-linux-setup