Browse Source
preinstall: simplify OS packages selection
preinstall: simplify OS packages selection
Since a2019c1c2
(Add a JSON schema describing the packages install
structure, 2024-04-25), we use a custom structure to select which
packages should be installed on a particular host OS.
This has proven too rigid in practice, and the query is pretty
complicated.
Replace this by simply using an array of jinja conditions for the
packages, which should be easier to understand for everyone and more
flexible.
Also remove the associated schema and validation which are no longer
needed.
pull/11688/head
Max Gautier
2 weeks ago
Failed to extract signature
4 changed files with 60 additions and 193 deletions
Split View
Diff Options
-
80roles/kubernetes/preinstall/files/pkgs-schema.json
-
5roles/kubernetes/preinstall/tasks/0040-verify-settings.yml
-
17roles/kubernetes/preinstall/tasks/0070-system-packages.yml
-
151roles/kubernetes/preinstall/vars/main.yml
@ -1,80 +0,0 @@ |
|||
{ |
|||
"$schema": "https://json-schema.org/draft/2020-12/schema", |
|||
"$id": "https://kubespray.io/internal/os_packages.schema.json", |
|||
"title": "Os packages", |
|||
"description": "Criteria for selecting packages to install on Kubernetes nodes during installation by Kubespray", |
|||
"type": "object", |
|||
"patternProperties": { |
|||
".*": { |
|||
"type": "object", |
|||
"additionalProperties": false, |
|||
"properties": { |
|||
"enabled": { |
|||
"description": "Escape hatch to filter packages. The value is expected to be pre-resolved to a boolean by Jinja", |
|||
"type": "boolean", |
|||
"default": true |
|||
}, |
|||
"groups": { |
|||
"description": "Match if the host is in one of these groups. If not specified match any host.", |
|||
"type": "array", |
|||
"minItems": 1, |
|||
"items":{ |
|||
"type": "string", |
|||
"pattern": "^[0-9A-Za-z_]*$" |
|||
} |
|||
}, |
|||
"os": { |
|||
"type": "object", |
|||
"description": "If not specified match any OS. Otherwise, must match by 'families' or 'distributions' to be included.", |
|||
"additionalProperties": false, |
|||
"minProperties": 1, |
|||
"properties": { |
|||
"families": { |
|||
"description": "Match if ansible_os_family is part of the list.", |
|||
"type": "array", |
|||
"minItems": 1, |
|||
"items": { |
|||
"type": "string" |
|||
} |
|||
}, |
|||
"distributions": { |
|||
"type": "object", |
|||
"description": "Match if ansible_distribution match one of defined keys.", |
|||
"minProperties": 1, |
|||
"patternProperties": { |
|||
".*": { |
|||
"description": "Match if either the value is the empty hash, or one major_versions/versions/releases contains the corresponding variable ('ansible_distrbution_*')", |
|||
"type": "object", |
|||
"additionalProperties": false, |
|||
"properties": { |
|||
"major_versions": { |
|||
"type": "array", |
|||
"minItems": 1, |
|||
"items": { |
|||
"type": "string" |
|||
} |
|||
}, |
|||
"versions": { |
|||
"type": "array", |
|||
"minItems": 1, |
|||
"items": { |
|||
"type": "string" |
|||
} |
|||
}, |
|||
"releases": { |
|||
"type": "array", |
|||
"minItems": 1, |
|||
"items": { |
|||
"type": "string" |
|||
} |
|||
} |
|||
} |
|||
} |
|||
} |
|||
} |
|||
} |
|||
} |
|||
} |
|||
} |
|||
} |
|||
} |
@ -1,103 +1,70 @@ |
|||
--- |
|||
pkgs: |
|||
apparmor: &debian_family_base |
|||
os: |
|||
families: |
|||
- Debian |
|||
apt-transport-https: *debian_family_base |
|||
aufs-tools: &deb_10 |
|||
groups: |
|||
- k8s_cluster |
|||
os: |
|||
distributions: |
|||
Debian: |
|||
major_versions: |
|||
- "10" |
|||
bash-completion: {} |
|||
conntrack: &deb_redhat |
|||
groups: |
|||
- k8s_cluster |
|||
os: |
|||
families: |
|||
- Debian |
|||
- RedHat |
|||
apparmor: |
|||
- "{{ ansible_os_family == 'Debian' }}" |
|||
apt-transport-https: |
|||
- "{{ ansible_os_family == 'Debian' }}" |
|||
aufs-tools: |
|||
- "{{ ansible_os_family == 'Debian' }}" |
|||
- "{{ ansible_distribution_major_version == '10' }}" |
|||
- "{{ 'k8s_cluster' in group_names }}" |
|||
bash-completion: [] |
|||
conntrack: |
|||
- "{{ ansible_os_family in ['Debian', 'RedHat'] }}" |
|||
- "{{ 'k8s_cluster' in group_names }}" |
|||
conntrack-tools: |
|||
groups: |
|||
- k8s_cluster |
|||
os: |
|||
families: |
|||
- Suse |
|||
distributions: |
|||
Amazon: {} |
|||
container-selinux: &redhat_family |
|||
groups: |
|||
- k8s_cluster |
|||
os: |
|||
families: |
|||
- RedHat |
|||
curl: {} |
|||
- "{{ ansible_os_family == 'Suse' or ansible_distribution == 'Amazon' }}" |
|||
- "{{ 'k8s_cluster' in group_names }}" |
|||
container-selinux: |
|||
- "{{ ansible_os_family == 'RedHat' }}" |
|||
- "{{ 'k8s_cluster' in group_names }}" |
|||
curl: [] |
|||
device-mapper: |
|||
groups: |
|||
- k8s_cluster |
|||
os: |
|||
families: |
|||
- Suse |
|||
device-mapper-libs: *redhat_family |
|||
e2fsprogs: {} |
|||
ebtables: {} |
|||
gnupg: &debian |
|||
groups: |
|||
- k8s_cluster |
|||
os: |
|||
distributions: |
|||
Debian: |
|||
major_versions: |
|||
- "11" |
|||
- "12" |
|||
- "{{ ansible_os_family == 'Suse' }}" |
|||
- "{{ 'k8s_cluster' in group_names }}" |
|||
device-mapper-libs: |
|||
- "{{ ansible_os_family == 'RedHat' }}" |
|||
e2fsprogs: [] |
|||
ebtables: [] |
|||
gnupg: |
|||
- "{{ ansible_distribution == 'Debian' }}" |
|||
- "{{ ansible_distribution_major_version in ['11', '12'] }}" |
|||
- "{{ 'k8s_cluster' in group_names }}" |
|||
ipset: |
|||
enabled: "{{ kube_proxy_mode != 'ipvs' }}" |
|||
groups: |
|||
- k8s_cluster |
|||
iptables: *deb_redhat |
|||
- "{{ kube_proxy_mode != 'ipvs' }}" |
|||
- "{{ 'k8s_cluster' in group_names }}" |
|||
iptables: |
|||
- "{{ ansible_os_family in ['Debian', 'RedHat'] }}" |
|||
ipvsadm: |
|||
enabled: "{{ kube_proxy_mode == 'ipvs' }}" |
|||
groups: |
|||
- k8s_cluster |
|||
libseccomp: *redhat_family |
|||
- "{{ kube_proxy_mode == 'ipvs' }}" |
|||
- "{{ 'k8s_cluster' in group_names }}" |
|||
libseccomp: |
|||
- "{{ ansible_os_family == 'RedHat' }}" |
|||
libseccomp2: |
|||
groups: |
|||
- k8s_cluster |
|||
os: |
|||
families: |
|||
- Suse |
|||
- Debian |
|||
- "{{ ansible_os_family in ['Debian', 'Suse'] }}" |
|||
- "{{ 'k8s_cluster' in group_names }}" |
|||
libselinux-python: # TODO: Handle rehat_family + major < 8 |
|||
os: |
|||
distributions: |
|||
Amazon: {} |
|||
- "{{ ansible_distribution == 'Amazon' }}" |
|||
libselinux-python3: |
|||
os: |
|||
distributions: |
|||
Fedora: {} |
|||
- "{{ ansible_distribution == 'Fedora' }}" |
|||
mergerfs: |
|||
os: |
|||
distributions: |
|||
Debian: |
|||
major_versions: |
|||
- "12" |
|||
nss: *redhat_family |
|||
openssl: {} |
|||
python-apt: *deb_10 |
|||
# TODO: not for debian 10 |
|||
python3-apt: *debian_family_base |
|||
- "{{ ansible_distribution == 'Debian' }}" |
|||
- "{{ ansible_distribution_major_version == '12' }}" |
|||
nss: |
|||
- "{{ ansible_os_family == 'RedHat' }}" |
|||
openssl: [] |
|||
python-apt: |
|||
- "{{ ansible_os_family == 'Debian' }}" |
|||
- "{{ ansible_distribution_major_version == '10' }}" |
|||
python3-apt: |
|||
- "{{ ansible_os_family == 'Debian' }}" |
|||
- "{{ ansible_distribution_major_version != '10' }}" |
|||
python3-libselinux: |
|||
os: |
|||
distributions: |
|||
RedHat: {} |
|||
CentOS: {} |
|||
rsync: {} |
|||
socat: {} |
|||
software-properties-common: *debian_family_base |
|||
tar: {} |
|||
unzip: {} |
|||
xfsprogs: {} |
|||
- "{{ ansible_distribution in ['RedHat', 'CentOS'] }}" |
|||
rsync: [] |
|||
socat: [] |
|||
software-properties-common: |
|||
- "{{ ansible_os_family == 'Debian' }}" |
|||
tar: [] |
|||
unzip: [] |
|||
xfsprogs: [] |
Write
Preview
Loading…
Cancel
Save