From cc8ba00de2f34619af7e09de1ac4db9b3cdb400f Mon Sep 17 00:00:00 2001
From: Xan Manning <xan.manning@gmail.com>
Date: Sun, 19 Dec 2021 21:41:59 +0000
Subject: [PATCH] feat(validate): package check for iptables on debian

---
 molecule/autodeploy/prepare.yml                | 4 +++-
 molecule/debug/prepare.yml                     | 4 +++-
 molecule/default/prepare.yml                   | 4 +++-
 molecule/docker/prepare.yml                    | 4 +++-
 molecule/highavailabilitydb/prepare.yml        | 4 +++-
 molecule/highavailabilityetcd/prepare.yml      | 4 +++-
 molecule/nodeploy/prepare.yml                  | 4 +++-
 tasks/validate/environment/remote/packages.yml | 5 +++--
 tasks/validate/main.yml                        | 9 +++++++++
 tasks/validate/pre-flight.yml                  | 8 --------
 vars/main.yml                                  | 7 ++++++-
 11 files changed, 39 insertions(+), 18 deletions(-)

diff --git a/molecule/autodeploy/prepare.yml b/molecule/autodeploy/prepare.yml
index e7c3acb..01d84eb 100644
--- a/molecule/autodeploy/prepare.yml
+++ b/molecule/autodeploy/prepare.yml
@@ -3,8 +3,10 @@
   hosts: node*
   become: true
   tasks:
-    - name: Ensure apt cache is updated
+    - name: Ensure apt cache is updated and iptables is installed
       ansible.builtin.apt:
+        name: iptables
+        state: present
         update_cache: true
       when: ansible_pkg_mgr == 'apt'
 
diff --git a/molecule/debug/prepare.yml b/molecule/debug/prepare.yml
index 2a1a341..5ae730a 100644
--- a/molecule/debug/prepare.yml
+++ b/molecule/debug/prepare.yml
@@ -2,7 +2,9 @@
 - name: Prepare
   hosts: all
   tasks:
-    - name: Ensure apt cache is updated
+    - name: Ensure apt cache is updated and iptables is installed
       ansible.builtin.apt:
+        name: iptables
+        state: present
         update_cache: true
       when: ansible_pkg_mgr == 'apt'
diff --git a/molecule/default/prepare.yml b/molecule/default/prepare.yml
index 2a1a341..5ae730a 100644
--- a/molecule/default/prepare.yml
+++ b/molecule/default/prepare.yml
@@ -2,7 +2,9 @@
 - name: Prepare
   hosts: all
   tasks:
-    - name: Ensure apt cache is updated
+    - name: Ensure apt cache is updated and iptables is installed
       ansible.builtin.apt:
+        name: iptables
+        state: present
         update_cache: true
       when: ansible_pkg_mgr == 'apt'
diff --git a/molecule/docker/prepare.yml b/molecule/docker/prepare.yml
index 2a1a341..5ae730a 100644
--- a/molecule/docker/prepare.yml
+++ b/molecule/docker/prepare.yml
@@ -2,7 +2,9 @@
 - name: Prepare
   hosts: all
   tasks:
-    - name: Ensure apt cache is updated
+    - name: Ensure apt cache is updated and iptables is installed
       ansible.builtin.apt:
+        name: iptables
+        state: present
         update_cache: true
       when: ansible_pkg_mgr == 'apt'
diff --git a/molecule/highavailabilitydb/prepare.yml b/molecule/highavailabilitydb/prepare.yml
index d05f0db..d9f5501 100644
--- a/molecule/highavailabilitydb/prepare.yml
+++ b/molecule/highavailabilitydb/prepare.yml
@@ -33,8 +33,10 @@
 - name: Prepare nodes
   hosts: node*
   tasks:
-    - name: Ensure apt cache is updated
+    - name: Ensure apt cache is updated and iptables is installed
       ansible.builtin.apt:
+        name: iptables
+        state: present
         update_cache: true
       when: ansible_pkg_mgr == 'apt'
 
diff --git a/molecule/highavailabilityetcd/prepare.yml b/molecule/highavailabilityetcd/prepare.yml
index a1e6720..b350194 100644
--- a/molecule/highavailabilityetcd/prepare.yml
+++ b/molecule/highavailabilityetcd/prepare.yml
@@ -33,8 +33,10 @@
 - name: Prepare nodes
   hosts: node*
   tasks:
-    - name: Ensure apt cache is updated
+    - name: Ensure apt cache is updated and iptables is installed
       ansible.builtin.apt:
+        name: iptables
+        state: present
         update_cache: true
       when: ansible_pkg_mgr == 'apt'
 
diff --git a/molecule/nodeploy/prepare.yml b/molecule/nodeploy/prepare.yml
index 2a1a341..5ae730a 100644
--- a/molecule/nodeploy/prepare.yml
+++ b/molecule/nodeploy/prepare.yml
@@ -2,7 +2,9 @@
 - name: Prepare
   hosts: all
   tasks:
-    - name: Ensure apt cache is updated
+    - name: Ensure apt cache is updated and iptables is installed
       ansible.builtin.apt:
+        name: iptables
+        state: present
         update_cache: true
       when: ansible_pkg_mgr == 'apt'
diff --git a/tasks/validate/environment/remote/packages.yml b/tasks/validate/environment/remote/packages.yml
index 036bfc5..99913f3 100644
--- a/tasks/validate/environment/remote/packages.yml
+++ b/tasks/validate/environment/remote/packages.yml
@@ -18,7 +18,8 @@
       Documentation: {{ package.documentation }}
       {% endif %}
   when:
+    - check_k3s_required_package.rc is defined
     - (package.until is not defined
-       or k3s_release_version is version_compare(package.until, '>='))
+       or (k3s_release_version | replace('v', '')) is version_compare(package.until, '>='))
     - (package.from is not defined
-       or k3s_release_version is version_compare(package.from, '>='))
+       or (k3s_release_version | replace('v', '')) is version_compare(package.from, '>='))
diff --git a/tasks/validate/main.yml b/tasks/validate/main.yml
index 6a40f5d..b6bfc9f 100644
--- a/tasks/validate/main.yml
+++ b/tasks/validate/main.yml
@@ -1,5 +1,14 @@
 ---
 
+- include_tasks: environment/remote/packages.yml
+  loop: "{{ k3s_check_packages[ansible_distribution | replace(' ', '-') | lower] }}"
+  loop_control:
+    loop_var: package
+  when:
+    - not k3s_skip_validation
+    - not k3s_skip_env_checks
+    - k3s_check_packages[ansible_distribution | replace(' ', '-') | lower] is defined
+
 - import_tasks: configuration/variables.yml
 
 - import_tasks: configuration/experimental-variables.yml
diff --git a/tasks/validate/pre-flight.yml b/tasks/validate/pre-flight.yml
index cdad466..4d3ac2a 100644
--- a/tasks/validate/pre-flight.yml
+++ b/tasks/validate/pre-flight.yml
@@ -21,14 +21,6 @@
     - not k3s_skip_validation
     - not k3s_skip_env_checks
 
-- include_tasks: environment/remote/packages.yml
-  loop: "{{ k3s_check_packages }}"
-  loop_control:
-    loop_var: package
-  when:
-    - not k3s_skip_validation
-    - not k3s_skip_env_checks
-
 - include_tasks: environment/local/issue-data.yml
   when:
     - pyratlabs_issue_controller_dump is defined
diff --git a/vars/main.yml b/vars/main.yml
index f0bfbcf..2b4e28e 100644
--- a/vars/main.yml
+++ b/vars/main.yml
@@ -92,7 +92,12 @@ k3s_server_manifests_dir: "{{ k3s_data_dir }}/server/manifests"
 k3s_server_pod_manifests_dir: "{{ k3s_data_dir }}/agent/pod-manifests"
 
 # Packages that we need to check are installed
-k3s_check_packages: []
+k3s_check_packages:
+  debian:
+    - name: iptables
+      from: 1.19.2
+      until: 1.22.2
+      documentation: https://rancher.com/docs/k3s/latest/en/advanced/#enabling-legacy-iptables-on-raspbian-buster
 # - name: dummy
 #   from: 1.19.2
 #   until: 1.21.0