You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

200 lines
6.4 KiB

  1. ---
  2. - hosts: kube-node
  3. tasks:
  4. - name: Test tunl0 routes
  5. shell: "! /sbin/ip ro | grep '/26 via' | grep -v tunl0"
  6. when:
  7. - (ipip|default(false) or cloud_provider is defined)
  8. - kube_network_plugin == 'calico'
  9. - hosts: k8s-cluster
  10. vars:
  11. agent_report_interval: 10
  12. netcheck_namespace: default
  13. netchecker_port: 31081
  14. tasks:
  15. - name: Force binaries directory for Container Linux by CoreOS
  16. set_fact:
  17. bin_dir: "/opt/bin"
  18. when: ansible_os_family in ["CoreOS", "Container Linux by CoreOS"]
  19. - set_fact:
  20. bin_dir: "/usr/local/bin"
  21. when: not ansible_os_family in ["CoreOS", "Container Linux by CoreOS"]
  22. - name: Wait for netchecker server
  23. shell: "{{ bin_dir }}/kubectl get pods --namespace {{netcheck_namespace}} | grep ^netchecker-server"
  24. delegate_to: "{{groups['kube-master'][0]}}"
  25. run_once: true
  26. register: ncs_pod
  27. until: ncs_pod.stdout.find('Running') != -1
  28. retries: 3
  29. delay: 10
  30. - name: Wait for netchecker agents
  31. shell: "{{ bin_dir }}/kubectl get pods --namespace {{netcheck_namespace}} | grep '^netchecker-agent-.*Running'"
  32. run_once: true
  33. delegate_to: "{{groups['kube-master'][0]}}"
  34. register: nca_pod
  35. until: nca_pod.stdout_lines|length >= groups['k8s-cluster']|intersect(ansible_play_hosts)|length * 2
  36. retries: 3
  37. delay: 10
  38. failed_when: false
  39. - command: "{{ bin_dir }}/kubectl -n {{netcheck_namespace}} describe pod -l app={{ item }}"
  40. run_once: true
  41. delegate_to: "{{groups['kube-master'][0]}}"
  42. no_log: false
  43. with_items:
  44. - netchecker-agent
  45. - netchecker-agent-hostnet
  46. when: not nca_pod is success
  47. - debug: var=nca_pod.stdout_lines
  48. failed_when: not nca_pod is success
  49. run_once: true
  50. - name: Get netchecker agents
  51. uri: url=http://{{ ansible_default_ipv4.address }}:{{netchecker_port}}/api/v1/agents/ return_content=yes
  52. run_once: true
  53. delegate_to: "{{groups['kube-master'][0]}}"
  54. register: agents
  55. retries: 18
  56. delay: "{{ agent_report_interval }}"
  57. until: agents.content|length > 0 and
  58. agents.content[0] == '{' and
  59. agents.content|from_json|length >= groups['k8s-cluster']|intersect(ansible_play_hosts)|length * 2
  60. failed_when: false
  61. no_log: true
  62. - debug: var=agents.content|from_json
  63. failed_when: not agents is success and not agents.content=='{}'
  64. run_once: true
  65. when:
  66. - agents.content is defined
  67. - agents.content != ''
  68. - agents.content[0] == '{'
  69. - name: Check netchecker status
  70. uri: url=http://{{ ansible_default_ipv4.address }}:{{netchecker_port}}/api/v1/connectivity_check status_code=200 return_content=yes
  71. delegate_to: "{{groups['kube-master'][0]}}"
  72. run_once: true
  73. register: result
  74. retries: 3
  75. delay: "{{ agent_report_interval }}"
  76. until: result.content|length > 0 and
  77. result.content[0] == '{'
  78. no_log: true
  79. failed_when: false
  80. when:
  81. - agents.content != '{}'
  82. - debug: var=ncs_pod
  83. run_once: true
  84. when: not result is success
  85. - command: "{{ bin_dir }}/kubectl -n kube-system logs -l k8s-app=kube-proxy"
  86. run_once: true
  87. when: not result is success
  88. delegate_to: "{{groups['kube-master'][0]}}"
  89. no_log: false
  90. - command: "{{ bin_dir }}/kubectl -n kube-system logs -l k8s-app={{item}} --all-containers"
  91. run_once: true
  92. when: not result is success
  93. delegate_to: "{{groups['kube-master'][0]}}"
  94. no_log: false
  95. with_items:
  96. - kube-router
  97. - flannel
  98. - contiv-ovs
  99. - contiv-netplugin
  100. - contiv-netmaster
  101. - canal-node
  102. - calico-node
  103. - cilium
  104. - debug: var=result.content|from_json
  105. failed_when: not result is success
  106. run_once: true
  107. when:
  108. - not agents.content == '{}'
  109. - result.content != ''
  110. - result.content[0] == '{'
  111. - debug: var=result
  112. failed_when: not result is success
  113. run_once: true
  114. when:
  115. - not agents.content == '{}'
  116. - debug: msg="Cannot get reports from agents, consider as PASSING"
  117. run_once: true
  118. when:
  119. - agents.content == '{}'
  120. - name: Create macvlan network conf
  121. # We cannot use only shell: below because Ansible will render the text
  122. # with leading spaces, which means the shell will never find the string
  123. # EOF at the beginning of a line. We can avoid Ansible's unhelpful
  124. # heuristics by using the cmd parameter like this:
  125. shell:
  126. cmd: |
  127. cat <<EOF | {{ bin_dir }}/kubectl create -f -
  128. apiVersion: "k8s.cni.cncf.io/v1"
  129. kind: NetworkAttachmentDefinition
  130. metadata:
  131. name: macvlan-conf
  132. spec:
  133. config: '{
  134. "cniVersion": "0.3.0",
  135. "type": "macvlan",
  136. "master": "eth0",
  137. "mode": "bridge",
  138. "ipam": {
  139. "type": "host-local",
  140. "subnet": "192.168.1.0/24",
  141. "rangeStart": "192.168.1.200",
  142. "rangeEnd": "192.168.1.216",
  143. "routes": [
  144. { "dst": "0.0.0.0/0" }
  145. ],
  146. "gateway": "192.168.1.1"
  147. }
  148. }'
  149. EOF
  150. when:
  151. - kube_network_plugin_multus|default(false)
  152. - name: Annotate pod with macvlan network
  153. # We cannot use only shell: below because Ansible will render the text
  154. # with leading spaces, which means the shell will never find the string
  155. # EOF at the beginning of a line. We can avoid Ansible's unhelpful
  156. # heuristics by using the cmd parameter like this:
  157. shell:
  158. cmd: |
  159. cat <<EOF | {{ bin_dir }}/kubectl create -f -
  160. apiVersion: v1
  161. kind: Pod
  162. metadata:
  163. name: samplepod
  164. annotations:
  165. k8s.v1.cni.cncf.io/networks: macvlan-conf
  166. spec:
  167. containers:
  168. - name: samplepod
  169. command: ["/bin/bash", "-c", "sleep 2000000000000"]
  170. image: dougbtv/centos-network
  171. EOF
  172. when:
  173. - kube_network_plugin_multus|default(false)
  174. - name: Check secondary macvlan interface
  175. shell: "{{ bin_dir }}/kubectl exec samplepod -- ip addr show dev net1"
  176. register: output
  177. until: output.rc == 0
  178. retries: 90
  179. changed_when: false
  180. when:
  181. - kube_network_plugin_multus|default(false)