Merge pull request #103 from PyratLabs/feature-cgroup_checks

Add cgroup checks, add Ansible v2.9.16 support
This commit is contained in:
Xan Manning 2021-04-10 21:13:23 +01:00 committed by GitHub
commit 03b29cb09d
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
20 changed files with 161 additions and 28 deletions

View file

@ -14,6 +14,20 @@
--- ---
--> -->
## 2021-04-10, v2.8.2
### Notable changes
- #105 - Added Ansible v2.9.16 support
- #102 - Pre-check for cgroup status
### Known issues
- As per README.md, you require `ansible` >= 2.9.16
or `ansible-base` >= 2.10.4. See [#105(comment)](https://github.com/PyratLabs/ansible-role-k3s/issues/105#issuecomment-817182233)
---
## 2021-03-22, v2.8.1 ## 2021-03-22, v2.8.1
### Notable changes ### Notable changes

View file

@ -14,7 +14,7 @@ and [CHANGELOG.md](CHANGELOG.md).
The host you're running Ansible from requires the following Python dependencies: The host you're running Ansible from requires the following Python dependencies:
- `ansbile >= 2.9.17` or `ansible-base >= 2.10.4` - `ansbile >= 2.9.16` or `ansible-base >= 2.10.4`
You can install dependencies using the requirements.txt file in this repository: You can install dependencies using the requirements.txt file in this repository:
`pip3 install -r requirements.txt`. `pip3 install -r requirements.txt`.

View file

@ -25,7 +25,8 @@
mode: 0644 mode: 0644
- name: Ensure HAProxy service is started - name: Ensure HAProxy service is started
command: haproxy -D -f /usr/local/etc/haproxy/haproxy.cfg -p /var/run/haproxy.pid ansible.builtin.command:
cmd: haproxy -D -f /usr/local/etc/haproxy/haproxy.cfg -p /var/run/haproxy.pid
args: args:
creates: /var/run/haproxy.pid creates: /var/run/haproxy.pid

View file

@ -25,7 +25,8 @@
mode: 0644 mode: 0644
- name: Ensure HAProxy service is started - name: Ensure HAProxy service is started
command: haproxy -D -f /usr/local/etc/haproxy/haproxy.cfg -p /var/run/haproxy.pid ansible.builtin.command:
cmd: haproxy -D -f /usr/local/etc/haproxy/haproxy.cfg -p /var/run/haproxy.pid
args: args:
creates: /var/run/haproxy.pid creates: /var/run/haproxy.pid

View file

@ -1 +1 @@
ansible>2.9.16,!=2.10.0,!=2.10.1,!=2.10.2,!=2.10.3 ansible>=2.9.16,!=2.10.0,!=2.10.1,!=2.10.2,!=2.10.3

View file

@ -1,7 +1,8 @@
--- ---
- name: Ensure docker is installed using amazon-linux-extras - name: Ensure docker is installed using amazon-linux-extras
ansible.builtin.command: amazon-linux-extras install docker ansible.builtin.command:
cmd: amazon-linux-extras install docker
args: args:
creates: /etc/docker creates: /etc/docker
notify: notify:

View file

@ -46,7 +46,8 @@
become: "{{ k3s_become_for_package_install | ternary(true, false, k3s_become_for_all) }}" become: "{{ k3s_become_for_package_install | ternary(true, false, k3s_become_for_all) }}"
- name: Ensure Docker repository is installed and configured from file - name: Ensure Docker repository is installed and configured from file
ansible.builtin.command: yum-config-manager --add-repo=https://download.docker.com/linux/centos/docker-ce.repo ansible.builtin.command:
cmd: yum-config-manager --add-repo=https://download.docker.com/linux/centos/docker-ce.repo
args: args:
creates: /etc/yum.repos.d/docker-ce.repo creates: /etc/yum.repos.d/docker-ce.repo
when: when:

View file

@ -82,7 +82,8 @@
- name: Delegate an initializing control plane node - name: Delegate an initializing control plane node
block: block:
- name: Lookup control node from file - name: Lookup control node from file
ansible.builtin.command: "grep '{{ 'P_True' if (k3s_controller_list | length > 1) else 'C_True' }}' /tmp/inventory.txt" ansible.builtin.command:
cmd: "grep '{{ 'P_True' if (k3s_controller_list | length > 1) else 'C_True' }}' /tmp/inventory.txt"
changed_when: false changed_when: false
check_mode: false check_mode: false
register: k3s_control_delegate_raw register: k3s_control_delegate_raw

View file

@ -1,7 +1,8 @@
--- ---
- name: Ensure docker is uninstalled using amazon-linux-extras - name: Ensure docker is uninstalled using amazon-linux-extras
ansible.builtin.command: amazon-linux-extras uninstall docker ansible.builtin.command:
cmd: amazon-linux-extras uninstall docker
register: uninstall_docker_from_amazon_linux register: uninstall_docker_from_amazon_linux
changed_when: uninstall_docker_from_amazon_linux.rc == 0 changed_when: uninstall_docker_from_amazon_linux.rc == 0
become: "{{ k3s_become_for_uninstall | ternary(true, false, k3s_become_for_all) }}" become: "{{ k3s_become_for_uninstall | ternary(true, false, k3s_become_for_all) }}"

View file

@ -10,7 +10,8 @@
block: block:
- name: Gather a list of nodes - name: Gather a list of nodes
ansible.builtin.command: "{{ k3s_install_dir }}/kubectl get nodes" ansible.builtin.command:
cmd: "{{ k3s_install_dir }}/kubectl get nodes"
changed_when: false changed_when: false
failed_when: false failed_when: false
delegate_to: "{{ k3s_control_delegate }}" delegate_to: "{{ k3s_control_delegate }}"
@ -19,11 +20,12 @@
become: "{{ k3s_become_for_kubectl | ternary(true, false, k3s_become_for_all) }}" become: "{{ k3s_become_for_kubectl | ternary(true, false, k3s_become_for_all) }}"
- name: Ensure uninstalled nodes are drained - name: Ensure uninstalled nodes are drained
ansible.builtin.command: >- ansible.builtin.command:
{{ k3s_install_dir }}/kubectl drain {{ item }} cmd: >-
--ignore-daemonsets {{ k3s_install_dir }}/kubectl drain {{ item }}
--delete-local-data --ignore-daemonsets
--force --delete-local-data
--force
delegate_to: "{{ k3s_control_delegate }}" delegate_to: "{{ k3s_control_delegate }}"
run_once: true run_once: true
when: when:
@ -34,7 +36,8 @@
become: "{{ k3s_become_for_kubectl | ternary(true, false, k3s_become_for_all) }}" become: "{{ k3s_become_for_kubectl | ternary(true, false, k3s_become_for_all) }}"
- name: Ensure uninstalled nodes are removed - name: Ensure uninstalled nodes are removed
ansible.builtin.command: "{{ k3s_install_dir }}/kubectl delete node {{ item }}" ansible.builtin.command:
cmd: "{{ k3s_install_dir }}/kubectl delete node {{ item }}"
delegate_to: "{{ k3s_control_delegate }}" delegate_to: "{{ k3s_control_delegate }}"
run_once: true run_once: true
when: when:

View file

@ -11,20 +11,23 @@
register: check_k3s_uninstall_script register: check_k3s_uninstall_script
- name: Check to see if docker is present - name: Check to see if docker is present
ansible.builtin.command: which docker ansible.builtin.command:
cmd: which docker
failed_when: false failed_when: false
changed_when: false changed_when: false
register: check_k3s_docker_path register: check_k3s_docker_path
- name: Run k3s-killall.sh - name: Run k3s-killall.sh
ansible.builtin.command: /usr/local/bin/k3s-killall.sh ansible.builtin.command:
cmd: /usr/local/bin/k3s-killall.sh
register: k3s_killall register: k3s_killall
changed_when: k3s_killall.rc == 0 changed_when: k3s_killall.rc == 0
when: check_k3s_killall_script.stat.exists when: check_k3s_killall_script.stat.exists
become: "{{ k3s_become_for_uninstall | ternary(true, false, k3s_become_for_all) }}" become: "{{ k3s_become_for_uninstall | ternary(true, false, k3s_become_for_all) }}"
- name: Run k3s-uninstall.sh - name: Run k3s-uninstall.sh
ansible.builtin.command: /usr/local/bin/k3s-uninstall.sh ansible.builtin.command:
cmd: /usr/local/bin/k3s-uninstall.sh
args: args:
removes: /usr/local/bin/k3s-uninstall.sh removes: /usr/local/bin/k3s-uninstall.sh
register: k3s_uninstall register: k3s_uninstall
@ -46,7 +49,8 @@
become: "{{ k3s_become_for_uninstall | ternary(true, false, k3s_become_for_all) }}" become: "{{ k3s_become_for_uninstall | ternary(true, false, k3s_become_for_all) }}"
- name: Clean up Docker - name: Clean up Docker
ansible.builtin.command: docker system prune -a --force ansible.builtin.command:
cmd: docker system prune -a --force
when: when:
- ("docker" in k3s_runtime_config and k3s_runtime_config.docker) - ("docker" in k3s_runtime_config and k3s_runtime_config.docker)
- check_k3s_docker_path.rc == 0 - check_k3s_docker_path.rc == 0

View file

@ -1,7 +1,8 @@
--- ---
- name: Check if newuidmap is available - name: Check if newuidmap is available
ansible.builtin.command: which newuidmap ansible.builtin.command:
cmd: which newuidmap
failed_when: false failed_when: false
changed_when: false changed_when: false
register: k3s_check_newuidmap_installed register: k3s_check_newuidmap_installed

View file

@ -4,7 +4,8 @@
ansible.builtin.setup: ansible.builtin.setup:
- name: Ensure Ansible version is captured - name: Ensure Ansible version is captured
ansible.builtin.command: ansible --version ansible.builtin.command:
cmd: ansible --version
failed_when: false failed_when: false
changed_when: false changed_when: false
register: check_ansible_version register: check_ansible_version
@ -13,7 +14,8 @@
become: false become: false
- name: Ensure Ansible config is captured - name: Ensure Ansible config is captured
ansible.builtin.command: ansible-config dump --only-changed ansible.builtin.command:
cmd: ansible-config dump --only-changed
failed_when: false failed_when: false
changed_when: false changed_when: false
register: check_ansible_config register: check_ansible_config
@ -22,7 +24,8 @@
become: false become: false
- name: Ensure a list of roles is captured - name: Ensure a list of roles is captured
ansible.builtin.command: ansible-galaxy role list ansible.builtin.command:
cmd: ansible-galaxy role list
failed_when: false failed_when: false
changed_when: false changed_when: false
register: check_ansible_roles register: check_ansible_roles

View file

@ -0,0 +1,16 @@
---
- name: Check if {{ cgroup.name }} cgroup is enabled
ansible.builtin.command:
cmd: 'grep -E "^{{ cgroup.name }}\s+.*\s+1$" /proc/cgroups'
failed_when: false
changed_when: false
register: k3s_check_cgroup_option
- name: Fail if {{ cgroup.name }} cgroup is not enabled
ansible.builtin.assert:
that:
- k3s_check_cgroup_option.rc == 0
fail_msg: |
{{ cgroup.name }} cgroup disabled. {{ cgroup.documentation }}
success_msg: "{{ cgroup.name }} cgroup enabled."

View file

@ -1,7 +1,8 @@
--- ---
- name: Check that {{ package.name }} is installed - name: Check that {{ package.name }} is installed
ansible.builtin.command: "which {{ package.name }}" ansible.builtin.command:
cmd: "which {{ package.name }}"
changed_when: false changed_when: false
failed_when: false failed_when: false
register: check_k3s_required_package register: check_k3s_required_package

View file

@ -13,12 +13,20 @@
- not k3s_skip_validation - not k3s_skip_validation
- not k3s_skip_env_checks - not k3s_skip_env_checks
- include_tasks: environment/remote/cgroups.yml
loop: "{{ k3s_cgroup_subsys }}"
loop_control:
loop_var: cgroup
when:
- not k3s_skip_validation
- not k3s_skip_env_checks
- include_tasks: environment/remote/packages.yml - include_tasks: environment/remote/packages.yml
loop: "{{ k3s_check_packages }}" loop: "{{ k3s_check_packages }}"
loop_control: loop_control:
loop_var: package loop_var: package
when: when:
- k3s_skip_validation - not k3s_skip_validation
- not k3s_skip_env_checks - not k3s_skip_env_checks
- include_tasks: environment/local/issue-data.yml - include_tasks: environment/local/issue-data.yml

View file

@ -1,7 +1,8 @@
--- ---
- name: Check that all nodes to be ready - name: Check that all nodes to be ready
ansible.builtin.command: "{{ k3s_install_dir }}/kubectl get nodes" ansible.builtin.command:
cmd: "{{ k3s_install_dir }}/kubectl get nodes"
changed_when: false changed_when: false
failed_when: kubectl_get_nodes_result.stdout.find("was refused") != -1 or failed_when: kubectl_get_nodes_result.stdout.find("was refused") != -1 or
kubectl_get_nodes_result.stdout.find("ServiceUnavailable") != -1 kubectl_get_nodes_result.stdout.find("ServiceUnavailable") != -1

View file

@ -1,7 +1,8 @@
--- ---
- name: Check that k3s is not running - name: Check that k3s is not running
ansible.builtin.command: pgrep k3s ansible.builtin.command:
cmd: pgrep k3s
failed_when: failed_when:
- check_k3s_process.rc == 0 - check_k3s_process.rc == 0
- not ansible_check_mode - not ansible_check_mode
@ -9,7 +10,8 @@
register: check_k3s_process register: check_k3s_process
- name: Check that docker is not running - name: Check that docker is not running
ansible.builtin.command: pgrep docker ansible.builtin.command:
cmd: pgrep docker
failed_when: failed_when:
- check_k3s_docker_process.rc == 0 - check_k3s_docker_process.rc == 0
- not ansible_check_mode - not ansible_check_mode

64
test_versions.sh Executable file
View file

@ -0,0 +1,64 @@
#!/usr/bin/env bash
set -euo pipefail
ANSIBLE_RELEASE_FEED="$(curl -Ssl https://api.github.com/repos/ansible/ansible/tags?per_page=50)"
TMPDIR="$(mktemp -d /tmp/molecule.XXXXX)"
function ansible_releases {
local RELEASE_LIST_ALL
RELEASE_LIST_ALL="$(echo "${ANSIBLE_RELEASE_FEED}" | grep -E "\"name\": \"v[0-9]+\.[0-9]+\.[0-9]+\"")"
for RELEASE in ${RELEASE_LIST_ALL} ; do
echo "${RELEASE}" | grep -v "name" | sed -E 's/"v([0-9]+\.[0-9]+\.[0-9]+)",/\1/g' || true
done
}
function build_requirements {
local TEST_REQUIREMENTS
local REQUIREMENTS
local ANSIBLE_VERSION
ANSIBLE_VERSION="${1:-true}"
if [ "${ANSIBLE_VERSION}" == "true" ] ; then
echo "Something went wrong!"
exit 1
fi
TEST_REQUIREMENTS=$(<molecule/requirements.txt)
REQUIREMENTS=$(echo "${TEST_REQUIREMENTS}" | grep -v "requirements.txt" || true)
if [[ "${ANSIBLE_VERSION}" =~ "^v2\.10" ]] ; then
echo -e "ansible==${ANSIBLE_VERSION}\nansible-base==${ANSIBLE_VERSION}\n${REQUIREMENTS}"
else
echo -e "ansible==${ANSIBLE_VERSION}\n${REQUIREMENTS}"
fi
}
function make_venv {
local MOLECULE_RESULT
python3 -m venv "${TMPDIR}/${1:-ansible}"
source "${TMPDIR}/${1:-ansible}/bin/activate"
pip3 install -r "${TMPDIR}/version_requirements.txt" || true
MOLECULE_RESULT=$(molecule test | grep -E "CRITICAL|fatal:" || echo ":heavy_check_mark:")
if [ "${MOLECULE_RESULT}" != ":heavy_check_mark:" ] ; then
MOLECULE_RESULT=":x:"
fi
deactivate
echo -n "${MOLECULE_RESULT}" | tee -a /tmp/molecule_tests.md
}
function main {
echo "| Version | Result |" | tee /tmp/molecule_tests.md
echo "| --------- | ------------------ |" | tee -a /tmp/molecule_tests.md
for TEST_ANSIBLE in $(ansible_releases) ; do
echo -n "| ${TEST_ANSIBLE} | " | tee -a /tmp/molecule_tests.md
build_requirements "${TEST_ANSIBLE}" > "${TMPDIR}/version_requirements.txt"
make_venv "${TEST_ANSIBLE}"
echo " |" | tee -a /tmp/molecule_tests.md
done
}
main

View file

@ -143,3 +143,13 @@ k3s_deprecated_config:
- setting: docker - setting: docker
correction: "docker: false" correction: "docker: false"
when: 1.20.0 when: 1.20.0
k3s_cgroup_subsys:
- name: memory
documentation: |
If you are running on a Raspberry Pi, see:
https://rancher.com/docs/k3s/latest/en/advanced/#enabling-cgroups-for-raspbian-buster
- name: cpuset
documentation: |
If you are running Alpine Linux, see:
https://rancher.com/docs/k3s/latest/en/advanced/#additional-preparation-for-alpine-linux-setup