From 55e095c1c775842e566483874bfed82fc0b4e73c Mon Sep 17 00:00:00 2001
From: Max Gautier <mg@max.gautier.name>
Date: Thu, 19 Dec 2024 14:21:22 +0100
Subject: [PATCH] kubernetes/preinstall: dns vars cleanup

- Move validation from facts to verify-settings
- Move set_fact to vars/
---
 .../preinstall/tasks/0020-set_facts.yml       | 28 ++++---------------
 .../preinstall/tasks/0040-verify-settings.yml |  9 ++++++
 roles/kubernetes/preinstall/vars/main.yml     |  2 ++
 3 files changed, 16 insertions(+), 23 deletions(-)

diff --git a/roles/kubernetes/preinstall/tasks/0020-set_facts.yml b/roles/kubernetes/preinstall/tasks/0020-set_facts.yml
index c8303e61d..9b1f0faeb 100644
--- a/roles/kubernetes/preinstall/tasks/0020-set_facts.yml
+++ b/roles/kubernetes/preinstall/tasks/0020-set_facts.yml
@@ -33,30 +33,12 @@
   failed_when: false
   register: resolvconf_stat
 
+  # Used in vars/
 - name: Fetch resolvconf
-  when: resolvconf_stat.stat.exists is defined and resolvconf_stat.stat.exists
-  block:
-
-    - name: Get content of /etc/resolv.conf
-      slurp:
-        src: /etc/resolv.conf
-      register: resolvconf_slurp
-
-    - name: Get currently configured nameservers
-      set_fact:
-        configured_nameservers: "{{ resolvconf_slurp.content | b64decode | regex_findall('^nameserver\\s*(\\S*)', multiline=True) | ansible.utils.ipaddr }}"
-      when: resolvconf_slurp.content is defined
-
-- name: Stop if /etc/resolv.conf not configured nameservers
-  assert:
-    that: configured_nameservers | length>0
-    fail_msg: "nameserver should not empty in /etc/resolv.conf"
-  when:
-    - not ignore_assert_errors
-    - configured_nameservers is defined
-    - not (upstream_dns_servers is defined and upstream_dns_servers | length > 0)
-    - not (disable_host_nameservers | default(false))
-    - dns_mode in ['coredns', 'coredns_dual']
+  when: resolvconf_stat.stat.exists
+  slurp:
+    src: /etc/resolv.conf
+  register: resolvconf_slurp
 
 - name: NetworkManager | Check if host has NetworkManager
   # noqa command-instead-of-module - Should we use service_facts for this?
diff --git a/roles/kubernetes/preinstall/tasks/0040-verify-settings.yml b/roles/kubernetes/preinstall/tasks/0040-verify-settings.yml
index e911c76cc..23a05bf6e 100644
--- a/roles/kubernetes/preinstall/tasks/0040-verify-settings.yml
+++ b/roles/kubernetes/preinstall/tasks/0040-verify-settings.yml
@@ -220,6 +220,15 @@
   when: dns_mode is defined
   run_once: true
 
+- name: Stop if /etc/resolv.conf has no configured nameservers
+  assert:
+    that: configured_nameservers | length>0
+    fail_msg: "nameserver should not empty in /etc/resolv.conf"
+  when:
+    - upstream_dns_servers | length == 0
+    - not disable_host_nameservers
+    - dns_mode in ['coredns', 'coredns_dual']
+
 - name: Stop if unknown kube proxy mode
   assert:
     that: kube_proxy_mode in ['iptables', 'ipvs']
diff --git a/roles/kubernetes/preinstall/vars/main.yml b/roles/kubernetes/preinstall/vars/main.yml
index 4052cb260..872d2ed1e 100644
--- a/roles/kubernetes/preinstall/vars/main.yml
+++ b/roles/kubernetes/preinstall/vars/main.yml
@@ -90,3 +90,5 @@ dhclient_supersede:
   domain-name-servers: "{{ ([nameservers, cloud_resolver] | flatten | unique) if dns_early else nameserverentries }}"
   domain-name: "{{ [dns_domain] }}"
   domain-search: "{{ default_searchdomains + searchdomains }}"
+configured_nameservers: "{{ (resolvconf_slurp.content | b64decode | regex_findall('^nameserver\\s*(\\S*)', multiline=True) | ansible.utils.ipaddr)
+                            if resolvconf_stat.stat.exists else [] }}"