You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

241 lines
8.3 KiB

Upgrade ansible (#10190) * project: update all dependencies including ansible Upgrade to ansible 7.x and ansible-core 2.14.x. There seems to be issue with ansible 8/ansible-core 2.15 so we remain on those versions for now. It's quite a big bump already anyway. Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> * tests: install aws galaxy collection Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> * ansible-lint: disable various rules after ansible upgrade Temporarily disable a bunch of linting action following ansible upgrade. Those should be taken care of separately. Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> * project: resolve deprecated-module ansible-lint error Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> * project: resolve no-free-form ansible-lint error Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> * project: resolve schema[meta] ansible-lint error Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> * project: resolve schema[playbook] ansible-lint error Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> * project: resolve schema[tasks] ansible-lint error Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> * project: resolve risky-file-permissions ansible-lint error Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> * project: resolve risky-shell-pipe ansible-lint error Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> * project: remove deprecated warn args Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> * project: use fqcn for non builtin tasks Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> * project: resolve syntax-check[missing-file] for contrib playbook Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> * project: use arithmetic inside jinja to fix ansible 6 upgrade Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> --------- Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>
1 year ago
Upgrade ansible (#10190) * project: update all dependencies including ansible Upgrade to ansible 7.x and ansible-core 2.14.x. There seems to be issue with ansible 8/ansible-core 2.15 so we remain on those versions for now. It's quite a big bump already anyway. Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> * tests: install aws galaxy collection Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> * ansible-lint: disable various rules after ansible upgrade Temporarily disable a bunch of linting action following ansible upgrade. Those should be taken care of separately. Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> * project: resolve deprecated-module ansible-lint error Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> * project: resolve no-free-form ansible-lint error Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> * project: resolve schema[meta] ansible-lint error Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> * project: resolve schema[playbook] ansible-lint error Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> * project: resolve schema[tasks] ansible-lint error Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> * project: resolve risky-file-permissions ansible-lint error Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> * project: resolve risky-shell-pipe ansible-lint error Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> * project: remove deprecated warn args Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> * project: use fqcn for non builtin tasks Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> * project: resolve syntax-check[missing-file] for contrib playbook Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> * project: use arithmetic inside jinja to fix ansible 6 upgrade Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> --------- Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>
1 year ago
Upgrade ansible (#10190) * project: update all dependencies including ansible Upgrade to ansible 7.x and ansible-core 2.14.x. There seems to be issue with ansible 8/ansible-core 2.15 so we remain on those versions for now. It's quite a big bump already anyway. Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> * tests: install aws galaxy collection Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> * ansible-lint: disable various rules after ansible upgrade Temporarily disable a bunch of linting action following ansible upgrade. Those should be taken care of separately. Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> * project: resolve deprecated-module ansible-lint error Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> * project: resolve no-free-form ansible-lint error Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> * project: resolve schema[meta] ansible-lint error Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> * project: resolve schema[playbook] ansible-lint error Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> * project: resolve schema[tasks] ansible-lint error Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> * project: resolve risky-file-permissions ansible-lint error Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> * project: resolve risky-shell-pipe ansible-lint error Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> * project: remove deprecated warn args Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> * project: use fqcn for non builtin tasks Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> * project: resolve syntax-check[missing-file] for contrib playbook Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> * project: use arithmetic inside jinja to fix ansible 6 upgrade Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> --------- Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>
1 year ago
Upgrade ansible (#10190) * project: update all dependencies including ansible Upgrade to ansible 7.x and ansible-core 2.14.x. There seems to be issue with ansible 8/ansible-core 2.15 so we remain on those versions for now. It's quite a big bump already anyway. Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> * tests: install aws galaxy collection Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> * ansible-lint: disable various rules after ansible upgrade Temporarily disable a bunch of linting action following ansible upgrade. Those should be taken care of separately. Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> * project: resolve deprecated-module ansible-lint error Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> * project: resolve no-free-form ansible-lint error Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> * project: resolve schema[meta] ansible-lint error Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> * project: resolve schema[playbook] ansible-lint error Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> * project: resolve schema[tasks] ansible-lint error Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> * project: resolve risky-file-permissions ansible-lint error Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> * project: resolve risky-shell-pipe ansible-lint error Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> * project: remove deprecated warn args Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> * project: use fqcn for non builtin tasks Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> * project: resolve syntax-check[missing-file] for contrib playbook Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> * project: use arithmetic inside jinja to fix ansible 6 upgrade Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> --------- Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>
1 year ago
  1. ---
  2. - name: Testcases for calico
  3. hosts: kube_node
  4. tasks:
  5. - name: Test tunl0 routes
  6. shell: "set -o pipefail && ! /sbin/ip ro | grep '/{{ calico_pool_blocksize }} | default(26) via' | grep -v tunl0"
  7. args:
  8. executable: /bin/bash
  9. when:
  10. - (calico_ipip_mode is defined and calico_ipip_mode != 'Never' or cloud_provider is defined)
  11. - kube_network_plugin | default('calico') == 'calico'
  12. - name: Advanced testcases for network
  13. hosts: k8s_cluster
  14. vars:
  15. agent_report_interval: 10
  16. netcheck_namespace: default
  17. netchecker_port: 31081
  18. tasks:
  19. - name: Force binaries directory for Container Linux by CoreOS and Flatcar
  20. set_fact:
  21. bin_dir: "/opt/bin"
  22. when: ansible_os_family in ["Flatcar", "Flatcar Container Linux by Kinvolk"]
  23. - name: Force binaries directory on other hosts
  24. set_fact:
  25. bin_dir: "/usr/local/bin"
  26. when: not ansible_os_family in ["Flatcar", "Flatcar Container Linux by Kinvolk"]
  27. - import_role: # noqa name[missing]
  28. name: cluster-dump
  29. - name: Wait for netchecker server
  30. shell: "set -o pipefail && {{ bin_dir }}/kubectl get pods -o wide --namespace {{ netcheck_namespace }} | grep ^netchecker-server"
  31. args:
  32. executable: /bin/bash
  33. register: ncs_pod
  34. until: ncs_pod.stdout.find('Running') != -1
  35. retries: 3
  36. delay: 10
  37. when: inventory_hostname == groups['kube_control_plane'][0]
  38. - name: Wait for netchecker agents
  39. shell: "set -o pipefail && {{ bin_dir }}/kubectl get pods -o wide --namespace {{ netcheck_namespace }} | grep '^netchecker-agent-.*Running'"
  40. args:
  41. executable: /bin/bash
  42. register: nca_pod
  43. until: nca_pod.stdout_lines | length >= groups['k8s_cluster'] | intersect(ansible_play_hosts) | length * 2
  44. retries: 3
  45. delay: 10
  46. failed_when: false
  47. when: inventory_hostname == groups['kube_control_plane'][0]
  48. - name: Get netchecker pods
  49. command: "{{ bin_dir }}/kubectl -n {{ netcheck_namespace }} describe pod -l app={{ item }}"
  50. run_once: true
  51. delegate_to: "{{ groups['kube_control_plane'][0] }}"
  52. no_log: false
  53. with_items:
  54. - netchecker-agent
  55. - netchecker-agent-hostnet
  56. when: not nca_pod is success
  57. - debug: # noqa name[missing]
  58. var: nca_pod.stdout_lines
  59. when: inventory_hostname == groups['kube_control_plane'][0]
  60. - name: Get netchecker agents
  61. uri:
  62. url: "http://{{ ansible_default_ipv4.address }}:{{ netchecker_port }}/api/v1/agents/"
  63. return_content: yes
  64. run_once: true
  65. delegate_to: "{{ groups['kube_control_plane'][0] }}"
  66. register: agents
  67. retries: 18
  68. delay: "{{ agent_report_interval }}"
  69. until: agents.content | length > 0 and
  70. agents.content[0] == '{' and
  71. agents.content | from_json | length >= groups['k8s_cluster'] | intersect(ansible_play_hosts) | length * 2
  72. failed_when: false
  73. no_log: false
  74. - name: Check netchecker status
  75. uri:
  76. url: "http://{{ ansible_default_ipv4.address }}:{{ netchecker_port }}/api/v1/connectivity_check"
  77. status_code: 200
  78. return_content: yes
  79. delegate_to: "{{ groups['kube_control_plane'][0] }}"
  80. run_once: true
  81. register: connectivity_check
  82. retries: 3
  83. delay: "{{ agent_report_interval }}"
  84. until: connectivity_check.content | length > 0 and
  85. connectivity_check.content[0] == '{'
  86. no_log: false
  87. failed_when: false
  88. when:
  89. - agents.content != '{}'
  90. - debug: # noqa name[missing]
  91. var: ncs_pod
  92. run_once: true
  93. - name: Get kube-proxy logs
  94. command: "{{ bin_dir }}/kubectl -n kube-system logs -l k8s-app=kube-proxy"
  95. no_log: false
  96. when:
  97. - inventory_hostname == groups['kube_control_plane'][0]
  98. - not connectivity_check is success
  99. - name: Get logs from other apps
  100. command: "{{ bin_dir }}/kubectl -n kube-system logs -l k8s-app={{ item }} --all-containers"
  101. when:
  102. - inventory_hostname == groups['kube_control_plane'][0]
  103. - not connectivity_check is success
  104. no_log: false
  105. with_items:
  106. - kube-router
  107. - flannel
  108. - canal-node
  109. - calico-node
  110. - cilium
  111. - name: Parse agents list
  112. set_fact:
  113. agents_check_result: "{{ agents.content | from_json }}"
  114. delegate_to: "{{ groups['kube_control_plane'][0] }}"
  115. run_once: true
  116. when:
  117. - agents is success
  118. - agents.content is defined
  119. - agents.content[0] == '{'
  120. - debug: # noqa name[missing]
  121. var: agents_check_result
  122. delegate_to: "{{ groups['kube_control_plane'][0] }}"
  123. run_once: true
  124. when:
  125. - agents_check_result is defined
  126. - name: Parse connectivity check
  127. set_fact:
  128. connectivity_check_result: "{{ connectivity_check.content | from_json }}"
  129. delegate_to: "{{ groups['kube_control_plane'][0] }}"
  130. run_once: true
  131. when:
  132. - connectivity_check is success
  133. - connectivity_check.content is defined
  134. - connectivity_check.content[0] == '{'
  135. - debug: # noqa name[missing]
  136. var: connectivity_check_result
  137. delegate_to: "{{ groups['kube_control_plane'][0] }}"
  138. run_once: true
  139. when:
  140. - connectivity_check_result is defined
  141. - name: Check connectivity with all netchecker agents
  142. assert:
  143. that:
  144. - agents_check_result is defined
  145. - connectivity_check_result is defined
  146. - agents_check_result.keys() | length > 0
  147. - not connectivity_check_result.Absent
  148. - not connectivity_check_result.Outdated
  149. msg: "Connectivity check to netchecker agents failed"
  150. delegate_to: "{{ groups['kube_control_plane'][0] }}"
  151. run_once: true
  152. - name: Create macvlan network conf
  153. # We cannot use only shell: below because Ansible will render the text
  154. # with leading spaces, which means the shell will never find the string
  155. # EOF at the beginning of a line. We can avoid Ansible's unhelpful
  156. # heuristics by using the cmd parameter like this:
  157. shell:
  158. cmd: |
  159. set -o pipefail
  160. cat <<EOF | {{ bin_dir }}/kubectl create -f -
  161. apiVersion: "k8s.cni.cncf.io/v1"
  162. kind: NetworkAttachmentDefinition
  163. metadata:
  164. name: macvlan-conf
  165. spec:
  166. config: '{
  167. "cniVersion": "0.4.0",
  168. "type": "macvlan",
  169. "master": "eth0",
  170. "mode": "bridge",
  171. "ipam": {
  172. "type": "host-local",
  173. "subnet": "192.168.1.0/24",
  174. "rangeStart": "192.168.1.200",
  175. "rangeEnd": "192.168.1.216",
  176. "routes": [
  177. { "dst": "0.0.0.0/0" }
  178. ],
  179. "gateway": "192.168.1.1"
  180. }
  181. }'
  182. EOF
  183. executable: /bin/bash
  184. when:
  185. - inventory_hostname == groups['kube_control_plane'][0]
  186. - kube_network_plugin_multus | default(false) | bool
  187. - name: Annotate pod with macvlan network
  188. # We cannot use only shell: below because Ansible will render the text
  189. # with leading spaces, which means the shell will never find the string
  190. # EOF at the beginning of a line. We can avoid Ansible's unhelpful
  191. # heuristics by using the cmd parameter like this:
  192. shell:
  193. cmd: |
  194. set -o pipefail
  195. cat <<EOF | {{ bin_dir }}/kubectl create -f -
  196. apiVersion: v1
  197. kind: Pod
  198. metadata:
  199. name: samplepod
  200. annotations:
  201. k8s.v1.cni.cncf.io/networks: macvlan-conf
  202. spec:
  203. containers:
  204. - name: samplepod
  205. command: ["/bin/bash", "-c", "sleep 2000000000000"]
  206. image: dougbtv/centos-network
  207. EOF
  208. executable: /bin/bash
  209. when:
  210. - inventory_hostname == groups['kube_control_plane'][0]
  211. - kube_network_plugin_multus | default(false) | bool
  212. - name: Check secondary macvlan interface
  213. command: "{{ bin_dir }}/kubectl exec samplepod -- ip addr show dev net1"
  214. register: output
  215. until: output.rc == 0
  216. retries: 90
  217. changed_when: false
  218. when:
  219. - inventory_hostname == groups['kube_control_plane'][0]
  220. - kube_network_plugin_multus | default(false) | bool