mirror of
https://github.com/PyratLabs/ansible-role-k3s
synced 2025-01-07 10:10:19 +01:00
Merge pull request #103 from PyratLabs/feature-cgroup_checks
Add cgroup checks, add Ansible v2.9.16 support
This commit is contained in:
commit
03b29cb09d
20 changed files with 161 additions and 28 deletions
14
CHANGELOG.md
14
CHANGELOG.md
|
@ -14,6 +14,20 @@
|
||||||
---
|
---
|
||||||
-->
|
-->
|
||||||
|
|
||||||
|
## 2021-04-10, v2.8.2
|
||||||
|
|
||||||
|
### Notable changes
|
||||||
|
|
||||||
|
- #105 - Added Ansible v2.9.16 support
|
||||||
|
- #102 - Pre-check for cgroup status
|
||||||
|
|
||||||
|
### Known issues
|
||||||
|
|
||||||
|
- As per README.md, you require `ansible` >= 2.9.16
|
||||||
|
or `ansible-base` >= 2.10.4. See [#105(comment)](https://github.com/PyratLabs/ansible-role-k3s/issues/105#issuecomment-817182233)
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
## 2021-03-22, v2.8.1
|
## 2021-03-22, v2.8.1
|
||||||
|
|
||||||
### Notable changes
|
### Notable changes
|
||||||
|
|
|
@ -14,7 +14,7 @@ and [CHANGELOG.md](CHANGELOG.md).
|
||||||
|
|
||||||
The host you're running Ansible from requires the following Python dependencies:
|
The host you're running Ansible from requires the following Python dependencies:
|
||||||
|
|
||||||
- `ansbile >= 2.9.17` or `ansible-base >= 2.10.4`
|
- `ansbile >= 2.9.16` or `ansible-base >= 2.10.4`
|
||||||
|
|
||||||
You can install dependencies using the requirements.txt file in this repository:
|
You can install dependencies using the requirements.txt file in this repository:
|
||||||
`pip3 install -r requirements.txt`.
|
`pip3 install -r requirements.txt`.
|
||||||
|
|
|
@ -25,7 +25,8 @@
|
||||||
mode: 0644
|
mode: 0644
|
||||||
|
|
||||||
- name: Ensure HAProxy service is started
|
- name: Ensure HAProxy service is started
|
||||||
command: haproxy -D -f /usr/local/etc/haproxy/haproxy.cfg -p /var/run/haproxy.pid
|
ansible.builtin.command:
|
||||||
|
cmd: haproxy -D -f /usr/local/etc/haproxy/haproxy.cfg -p /var/run/haproxy.pid
|
||||||
args:
|
args:
|
||||||
creates: /var/run/haproxy.pid
|
creates: /var/run/haproxy.pid
|
||||||
|
|
||||||
|
|
|
@ -25,7 +25,8 @@
|
||||||
mode: 0644
|
mode: 0644
|
||||||
|
|
||||||
- name: Ensure HAProxy service is started
|
- name: Ensure HAProxy service is started
|
||||||
command: haproxy -D -f /usr/local/etc/haproxy/haproxy.cfg -p /var/run/haproxy.pid
|
ansible.builtin.command:
|
||||||
|
cmd: haproxy -D -f /usr/local/etc/haproxy/haproxy.cfg -p /var/run/haproxy.pid
|
||||||
args:
|
args:
|
||||||
creates: /var/run/haproxy.pid
|
creates: /var/run/haproxy.pid
|
||||||
|
|
||||||
|
|
|
@ -1 +1 @@
|
||||||
ansible>2.9.16,!=2.10.0,!=2.10.1,!=2.10.2,!=2.10.3
|
ansible>=2.9.16,!=2.10.0,!=2.10.1,!=2.10.2,!=2.10.3
|
||||||
|
|
|
@ -1,7 +1,8 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- name: Ensure docker is installed using amazon-linux-extras
|
- name: Ensure docker is installed using amazon-linux-extras
|
||||||
ansible.builtin.command: amazon-linux-extras install docker
|
ansible.builtin.command:
|
||||||
|
cmd: amazon-linux-extras install docker
|
||||||
args:
|
args:
|
||||||
creates: /etc/docker
|
creates: /etc/docker
|
||||||
notify:
|
notify:
|
||||||
|
|
|
@ -46,7 +46,8 @@
|
||||||
become: "{{ k3s_become_for_package_install | ternary(true, false, k3s_become_for_all) }}"
|
become: "{{ k3s_become_for_package_install | ternary(true, false, k3s_become_for_all) }}"
|
||||||
|
|
||||||
- name: Ensure Docker repository is installed and configured from file
|
- name: Ensure Docker repository is installed and configured from file
|
||||||
ansible.builtin.command: yum-config-manager --add-repo=https://download.docker.com/linux/centos/docker-ce.repo
|
ansible.builtin.command:
|
||||||
|
cmd: yum-config-manager --add-repo=https://download.docker.com/linux/centos/docker-ce.repo
|
||||||
args:
|
args:
|
||||||
creates: /etc/yum.repos.d/docker-ce.repo
|
creates: /etc/yum.repos.d/docker-ce.repo
|
||||||
when:
|
when:
|
||||||
|
|
|
@ -82,7 +82,8 @@
|
||||||
- name: Delegate an initializing control plane node
|
- name: Delegate an initializing control plane node
|
||||||
block:
|
block:
|
||||||
- name: Lookup control node from file
|
- name: Lookup control node from file
|
||||||
ansible.builtin.command: "grep '{{ 'P_True' if (k3s_controller_list | length > 1) else 'C_True' }}' /tmp/inventory.txt"
|
ansible.builtin.command:
|
||||||
|
cmd: "grep '{{ 'P_True' if (k3s_controller_list | length > 1) else 'C_True' }}' /tmp/inventory.txt"
|
||||||
changed_when: false
|
changed_when: false
|
||||||
check_mode: false
|
check_mode: false
|
||||||
register: k3s_control_delegate_raw
|
register: k3s_control_delegate_raw
|
||||||
|
|
|
@ -1,7 +1,8 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- name: Ensure docker is uninstalled using amazon-linux-extras
|
- name: Ensure docker is uninstalled using amazon-linux-extras
|
||||||
ansible.builtin.command: amazon-linux-extras uninstall docker
|
ansible.builtin.command:
|
||||||
|
cmd: amazon-linux-extras uninstall docker
|
||||||
register: uninstall_docker_from_amazon_linux
|
register: uninstall_docker_from_amazon_linux
|
||||||
changed_when: uninstall_docker_from_amazon_linux.rc == 0
|
changed_when: uninstall_docker_from_amazon_linux.rc == 0
|
||||||
become: "{{ k3s_become_for_uninstall | ternary(true, false, k3s_become_for_all) }}"
|
become: "{{ k3s_become_for_uninstall | ternary(true, false, k3s_become_for_all) }}"
|
||||||
|
|
|
@ -10,7 +10,8 @@
|
||||||
block:
|
block:
|
||||||
|
|
||||||
- name: Gather a list of nodes
|
- name: Gather a list of nodes
|
||||||
ansible.builtin.command: "{{ k3s_install_dir }}/kubectl get nodes"
|
ansible.builtin.command:
|
||||||
|
cmd: "{{ k3s_install_dir }}/kubectl get nodes"
|
||||||
changed_when: false
|
changed_when: false
|
||||||
failed_when: false
|
failed_when: false
|
||||||
delegate_to: "{{ k3s_control_delegate }}"
|
delegate_to: "{{ k3s_control_delegate }}"
|
||||||
|
@ -19,11 +20,12 @@
|
||||||
become: "{{ k3s_become_for_kubectl | ternary(true, false, k3s_become_for_all) }}"
|
become: "{{ k3s_become_for_kubectl | ternary(true, false, k3s_become_for_all) }}"
|
||||||
|
|
||||||
- name: Ensure uninstalled nodes are drained
|
- name: Ensure uninstalled nodes are drained
|
||||||
ansible.builtin.command: >-
|
ansible.builtin.command:
|
||||||
{{ k3s_install_dir }}/kubectl drain {{ item }}
|
cmd: >-
|
||||||
--ignore-daemonsets
|
{{ k3s_install_dir }}/kubectl drain {{ item }}
|
||||||
--delete-local-data
|
--ignore-daemonsets
|
||||||
--force
|
--delete-local-data
|
||||||
|
--force
|
||||||
delegate_to: "{{ k3s_control_delegate }}"
|
delegate_to: "{{ k3s_control_delegate }}"
|
||||||
run_once: true
|
run_once: true
|
||||||
when:
|
when:
|
||||||
|
@ -34,7 +36,8 @@
|
||||||
become: "{{ k3s_become_for_kubectl | ternary(true, false, k3s_become_for_all) }}"
|
become: "{{ k3s_become_for_kubectl | ternary(true, false, k3s_become_for_all) }}"
|
||||||
|
|
||||||
- name: Ensure uninstalled nodes are removed
|
- name: Ensure uninstalled nodes are removed
|
||||||
ansible.builtin.command: "{{ k3s_install_dir }}/kubectl delete node {{ item }}"
|
ansible.builtin.command:
|
||||||
|
cmd: "{{ k3s_install_dir }}/kubectl delete node {{ item }}"
|
||||||
delegate_to: "{{ k3s_control_delegate }}"
|
delegate_to: "{{ k3s_control_delegate }}"
|
||||||
run_once: true
|
run_once: true
|
||||||
when:
|
when:
|
||||||
|
|
|
@ -11,20 +11,23 @@
|
||||||
register: check_k3s_uninstall_script
|
register: check_k3s_uninstall_script
|
||||||
|
|
||||||
- name: Check to see if docker is present
|
- name: Check to see if docker is present
|
||||||
ansible.builtin.command: which docker
|
ansible.builtin.command:
|
||||||
|
cmd: which docker
|
||||||
failed_when: false
|
failed_when: false
|
||||||
changed_when: false
|
changed_when: false
|
||||||
register: check_k3s_docker_path
|
register: check_k3s_docker_path
|
||||||
|
|
||||||
- name: Run k3s-killall.sh
|
- name: Run k3s-killall.sh
|
||||||
ansible.builtin.command: /usr/local/bin/k3s-killall.sh
|
ansible.builtin.command:
|
||||||
|
cmd: /usr/local/bin/k3s-killall.sh
|
||||||
register: k3s_killall
|
register: k3s_killall
|
||||||
changed_when: k3s_killall.rc == 0
|
changed_when: k3s_killall.rc == 0
|
||||||
when: check_k3s_killall_script.stat.exists
|
when: check_k3s_killall_script.stat.exists
|
||||||
become: "{{ k3s_become_for_uninstall | ternary(true, false, k3s_become_for_all) }}"
|
become: "{{ k3s_become_for_uninstall | ternary(true, false, k3s_become_for_all) }}"
|
||||||
|
|
||||||
- name: Run k3s-uninstall.sh
|
- name: Run k3s-uninstall.sh
|
||||||
ansible.builtin.command: /usr/local/bin/k3s-uninstall.sh
|
ansible.builtin.command:
|
||||||
|
cmd: /usr/local/bin/k3s-uninstall.sh
|
||||||
args:
|
args:
|
||||||
removes: /usr/local/bin/k3s-uninstall.sh
|
removes: /usr/local/bin/k3s-uninstall.sh
|
||||||
register: k3s_uninstall
|
register: k3s_uninstall
|
||||||
|
@ -46,7 +49,8 @@
|
||||||
become: "{{ k3s_become_for_uninstall | ternary(true, false, k3s_become_for_all) }}"
|
become: "{{ k3s_become_for_uninstall | ternary(true, false, k3s_become_for_all) }}"
|
||||||
|
|
||||||
- name: Clean up Docker
|
- name: Clean up Docker
|
||||||
ansible.builtin.command: docker system prune -a --force
|
ansible.builtin.command:
|
||||||
|
cmd: docker system prune -a --force
|
||||||
when:
|
when:
|
||||||
- ("docker" in k3s_runtime_config and k3s_runtime_config.docker)
|
- ("docker" in k3s_runtime_config and k3s_runtime_config.docker)
|
||||||
- check_k3s_docker_path.rc == 0
|
- check_k3s_docker_path.rc == 0
|
||||||
|
|
|
@ -1,7 +1,8 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- name: Check if newuidmap is available
|
- name: Check if newuidmap is available
|
||||||
ansible.builtin.command: which newuidmap
|
ansible.builtin.command:
|
||||||
|
cmd: which newuidmap
|
||||||
failed_when: false
|
failed_when: false
|
||||||
changed_when: false
|
changed_when: false
|
||||||
register: k3s_check_newuidmap_installed
|
register: k3s_check_newuidmap_installed
|
||||||
|
|
|
@ -4,7 +4,8 @@
|
||||||
ansible.builtin.setup:
|
ansible.builtin.setup:
|
||||||
|
|
||||||
- name: Ensure Ansible version is captured
|
- name: Ensure Ansible version is captured
|
||||||
ansible.builtin.command: ansible --version
|
ansible.builtin.command:
|
||||||
|
cmd: ansible --version
|
||||||
failed_when: false
|
failed_when: false
|
||||||
changed_when: false
|
changed_when: false
|
||||||
register: check_ansible_version
|
register: check_ansible_version
|
||||||
|
@ -13,7 +14,8 @@
|
||||||
become: false
|
become: false
|
||||||
|
|
||||||
- name: Ensure Ansible config is captured
|
- name: Ensure Ansible config is captured
|
||||||
ansible.builtin.command: ansible-config dump --only-changed
|
ansible.builtin.command:
|
||||||
|
cmd: ansible-config dump --only-changed
|
||||||
failed_when: false
|
failed_when: false
|
||||||
changed_when: false
|
changed_when: false
|
||||||
register: check_ansible_config
|
register: check_ansible_config
|
||||||
|
@ -22,7 +24,8 @@
|
||||||
become: false
|
become: false
|
||||||
|
|
||||||
- name: Ensure a list of roles is captured
|
- name: Ensure a list of roles is captured
|
||||||
ansible.builtin.command: ansible-galaxy role list
|
ansible.builtin.command:
|
||||||
|
cmd: ansible-galaxy role list
|
||||||
failed_when: false
|
failed_when: false
|
||||||
changed_when: false
|
changed_when: false
|
||||||
register: check_ansible_roles
|
register: check_ansible_roles
|
||||||
|
|
16
tasks/validate/environment/remote/cgroups.yml
Normal file
16
tasks/validate/environment/remote/cgroups.yml
Normal file
|
@ -0,0 +1,16 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
- name: Check if {{ cgroup.name }} cgroup is enabled
|
||||||
|
ansible.builtin.command:
|
||||||
|
cmd: 'grep -E "^{{ cgroup.name }}\s+.*\s+1$" /proc/cgroups'
|
||||||
|
failed_when: false
|
||||||
|
changed_when: false
|
||||||
|
register: k3s_check_cgroup_option
|
||||||
|
|
||||||
|
- name: Fail if {{ cgroup.name }} cgroup is not enabled
|
||||||
|
ansible.builtin.assert:
|
||||||
|
that:
|
||||||
|
- k3s_check_cgroup_option.rc == 0
|
||||||
|
fail_msg: |
|
||||||
|
{{ cgroup.name }} cgroup disabled. {{ cgroup.documentation }}
|
||||||
|
success_msg: "{{ cgroup.name }} cgroup enabled."
|
|
@ -1,7 +1,8 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- name: Check that {{ package.name }} is installed
|
- name: Check that {{ package.name }} is installed
|
||||||
ansible.builtin.command: "which {{ package.name }}"
|
ansible.builtin.command:
|
||||||
|
cmd: "which {{ package.name }}"
|
||||||
changed_when: false
|
changed_when: false
|
||||||
failed_when: false
|
failed_when: false
|
||||||
register: check_k3s_required_package
|
register: check_k3s_required_package
|
||||||
|
|
|
@ -13,12 +13,20 @@
|
||||||
- not k3s_skip_validation
|
- not k3s_skip_validation
|
||||||
- not k3s_skip_env_checks
|
- not k3s_skip_env_checks
|
||||||
|
|
||||||
|
- include_tasks: environment/remote/cgroups.yml
|
||||||
|
loop: "{{ k3s_cgroup_subsys }}"
|
||||||
|
loop_control:
|
||||||
|
loop_var: cgroup
|
||||||
|
when:
|
||||||
|
- not k3s_skip_validation
|
||||||
|
- not k3s_skip_env_checks
|
||||||
|
|
||||||
- include_tasks: environment/remote/packages.yml
|
- include_tasks: environment/remote/packages.yml
|
||||||
loop: "{{ k3s_check_packages }}"
|
loop: "{{ k3s_check_packages }}"
|
||||||
loop_control:
|
loop_control:
|
||||||
loop_var: package
|
loop_var: package
|
||||||
when:
|
when:
|
||||||
- k3s_skip_validation
|
- not k3s_skip_validation
|
||||||
- not k3s_skip_env_checks
|
- not k3s_skip_env_checks
|
||||||
|
|
||||||
- include_tasks: environment/local/issue-data.yml
|
- include_tasks: environment/local/issue-data.yml
|
||||||
|
|
|
@ -1,7 +1,8 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- name: Check that all nodes to be ready
|
- name: Check that all nodes to be ready
|
||||||
ansible.builtin.command: "{{ k3s_install_dir }}/kubectl get nodes"
|
ansible.builtin.command:
|
||||||
|
cmd: "{{ k3s_install_dir }}/kubectl get nodes"
|
||||||
changed_when: false
|
changed_when: false
|
||||||
failed_when: kubectl_get_nodes_result.stdout.find("was refused") != -1 or
|
failed_when: kubectl_get_nodes_result.stdout.find("was refused") != -1 or
|
||||||
kubectl_get_nodes_result.stdout.find("ServiceUnavailable") != -1
|
kubectl_get_nodes_result.stdout.find("ServiceUnavailable") != -1
|
||||||
|
|
|
@ -1,7 +1,8 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- name: Check that k3s is not running
|
- name: Check that k3s is not running
|
||||||
ansible.builtin.command: pgrep k3s
|
ansible.builtin.command:
|
||||||
|
cmd: pgrep k3s
|
||||||
failed_when:
|
failed_when:
|
||||||
- check_k3s_process.rc == 0
|
- check_k3s_process.rc == 0
|
||||||
- not ansible_check_mode
|
- not ansible_check_mode
|
||||||
|
@ -9,7 +10,8 @@
|
||||||
register: check_k3s_process
|
register: check_k3s_process
|
||||||
|
|
||||||
- name: Check that docker is not running
|
- name: Check that docker is not running
|
||||||
ansible.builtin.command: pgrep docker
|
ansible.builtin.command:
|
||||||
|
cmd: pgrep docker
|
||||||
failed_when:
|
failed_when:
|
||||||
- check_k3s_docker_process.rc == 0
|
- check_k3s_docker_process.rc == 0
|
||||||
- not ansible_check_mode
|
- not ansible_check_mode
|
||||||
|
|
64
test_versions.sh
Executable file
64
test_versions.sh
Executable file
|
@ -0,0 +1,64 @@
|
||||||
|
#!/usr/bin/env bash
|
||||||
|
set -euo pipefail
|
||||||
|
|
||||||
|
ANSIBLE_RELEASE_FEED="$(curl -Ssl https://api.github.com/repos/ansible/ansible/tags?per_page=50)"
|
||||||
|
TMPDIR="$(mktemp -d /tmp/molecule.XXXXX)"
|
||||||
|
|
||||||
|
function ansible_releases {
|
||||||
|
local RELEASE_LIST_ALL
|
||||||
|
|
||||||
|
RELEASE_LIST_ALL="$(echo "${ANSIBLE_RELEASE_FEED}" | grep -E "\"name\": \"v[0-9]+\.[0-9]+\.[0-9]+\"")"
|
||||||
|
|
||||||
|
for RELEASE in ${RELEASE_LIST_ALL} ; do
|
||||||
|
echo "${RELEASE}" | grep -v "name" | sed -E 's/"v([0-9]+\.[0-9]+\.[0-9]+)",/\1/g' || true
|
||||||
|
done
|
||||||
|
}
|
||||||
|
|
||||||
|
function build_requirements {
|
||||||
|
local TEST_REQUIREMENTS
|
||||||
|
local REQUIREMENTS
|
||||||
|
local ANSIBLE_VERSION
|
||||||
|
|
||||||
|
ANSIBLE_VERSION="${1:-true}"
|
||||||
|
|
||||||
|
if [ "${ANSIBLE_VERSION}" == "true" ] ; then
|
||||||
|
echo "Something went wrong!"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
TEST_REQUIREMENTS=$(<molecule/requirements.txt)
|
||||||
|
REQUIREMENTS=$(echo "${TEST_REQUIREMENTS}" | grep -v "requirements.txt" || true)
|
||||||
|
if [[ "${ANSIBLE_VERSION}" =~ "^v2\.10" ]] ; then
|
||||||
|
echo -e "ansible==${ANSIBLE_VERSION}\nansible-base==${ANSIBLE_VERSION}\n${REQUIREMENTS}"
|
||||||
|
else
|
||||||
|
echo -e "ansible==${ANSIBLE_VERSION}\n${REQUIREMENTS}"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
function make_venv {
|
||||||
|
local MOLECULE_RESULT
|
||||||
|
|
||||||
|
python3 -m venv "${TMPDIR}/${1:-ansible}"
|
||||||
|
source "${TMPDIR}/${1:-ansible}/bin/activate"
|
||||||
|
pip3 install -r "${TMPDIR}/version_requirements.txt" || true
|
||||||
|
MOLECULE_RESULT=$(molecule test | grep -E "CRITICAL|fatal:" || echo ":heavy_check_mark:")
|
||||||
|
if [ "${MOLECULE_RESULT}" != ":heavy_check_mark:" ] ; then
|
||||||
|
MOLECULE_RESULT=":x:"
|
||||||
|
fi
|
||||||
|
deactivate
|
||||||
|
|
||||||
|
echo -n "${MOLECULE_RESULT}" | tee -a /tmp/molecule_tests.md
|
||||||
|
}
|
||||||
|
|
||||||
|
function main {
|
||||||
|
echo "| Version | Result |" | tee /tmp/molecule_tests.md
|
||||||
|
echo "| --------- | ------------------ |" | tee -a /tmp/molecule_tests.md
|
||||||
|
for TEST_ANSIBLE in $(ansible_releases) ; do
|
||||||
|
echo -n "| ${TEST_ANSIBLE} | " | tee -a /tmp/molecule_tests.md
|
||||||
|
build_requirements "${TEST_ANSIBLE}" > "${TMPDIR}/version_requirements.txt"
|
||||||
|
make_venv "${TEST_ANSIBLE}"
|
||||||
|
echo " |" | tee -a /tmp/molecule_tests.md
|
||||||
|
done
|
||||||
|
}
|
||||||
|
|
||||||
|
main
|
|
@ -143,3 +143,13 @@ k3s_deprecated_config:
|
||||||
- setting: docker
|
- setting: docker
|
||||||
correction: "docker: false"
|
correction: "docker: false"
|
||||||
when: 1.20.0
|
when: 1.20.0
|
||||||
|
|
||||||
|
k3s_cgroup_subsys:
|
||||||
|
- name: memory
|
||||||
|
documentation: |
|
||||||
|
If you are running on a Raspberry Pi, see:
|
||||||
|
https://rancher.com/docs/k3s/latest/en/advanced/#enabling-cgroups-for-raspbian-buster
|
||||||
|
- name: cpuset
|
||||||
|
documentation: |
|
||||||
|
If you are running Alpine Linux, see:
|
||||||
|
https://rancher.com/docs/k3s/latest/en/advanced/#additional-preparation-for-alpine-linux-setup
|
||||||
|
|
Loading…
Reference in a new issue