richard
/
kubespray
mirror of https://github.com/kubernetes-sigs/kubespray.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

change ignore_errors: to when: in assert tasks (#5716)

pull/5751/head
Sergey 4 years ago
committed by GitHub
parent
221b429c24
commit
9f3ed7d855
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 41 additions and 31 deletions
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 72
      roles/kubernetes/preinstall/tasks/0020-verify-settings.yml

72
roles/kubernetes/preinstall/tasks/0020-verify-settings.yml
View File

@ -7,38 +7,40 @@
- kube-node - kube-node
- etcd - etcd
run_once: true run_once: true
ignore_errors: "{{ ignore_assert_errors }}"
when: not ignore_assert_errors
- name: Stop if non systemd OS type - name: Stop if non systemd OS type
assert: assert:
that: ansible_service_mgr == "systemd" that: ansible_service_mgr == "systemd"
ignore_errors: "{{ ignore_assert_errors }}"
when: not ignore_assert_errors
- name: Stop if unknown OS - name: Stop if unknown OS
assert: assert:
that: ansible_os_family in ['RedHat', 'CentOS', 'Fedora', 'Ubuntu', 'Debian', 'CoreOS', 'Coreos', 'Container Linux by CoreOS', 'Flatcar', 'Flatcar Container Linux by Kinvolk', 'Suse', 'ClearLinux', 'OracleLinux'] that: ansible_os_family in ['RedHat', 'CentOS', 'Fedora', 'Ubuntu', 'Debian', 'CoreOS', 'Coreos', 'Container Linux by CoreOS', 'Flatcar', 'Flatcar Container Linux by Kinvolk', 'Suse', 'ClearLinux', 'OracleLinux']
msg: "{{ ansible_os_family }} is not a known OS" msg: "{{ ansible_os_family }} is not a known OS"
ignore_errors: "{{ ignore_assert_errors }}"
when: not ignore_assert_errors
- name: Stop if unknown network plugin - name: Stop if unknown network plugin
assert: assert:
that: kube_network_plugin in ['calico', 'canal', 'flannel', 'weave', 'cloud', 'cilium', 'cni', 'contiv', 'kube-ovn', 'kube-router', 'macvlan'] that: kube_network_plugin in ['calico', 'canal', 'flannel', 'weave', 'cloud', 'cilium', 'cni', 'contiv', 'kube-ovn', 'kube-router', 'macvlan']
msg: "{{ kube_network_plugin }} is not supported" msg: "{{ kube_network_plugin }} is not supported"
when: kube_network_plugin is defined
ignore_errors: "{{ ignore_assert_errors }}"
when:
- kube_network_plugin is defined
- not ignore_assert_errors
- name: Stop if incompatible network plugin and cloudprovider - name: Stop if incompatible network plugin and cloudprovider
assert: assert:
that: kube_network_plugin != 'calico' that: kube_network_plugin != 'calico'
msg: "Azure and Calico are not compatible. See https://github.com/projectcalico/calicoctl/issues/949 for details." msg: "Azure and Calico are not compatible. See https://github.com/projectcalico/calicoctl/issues/949 for details."
when: cloud_provider is defined and cloud_provider == 'azure'
ignore_errors: "{{ ignore_assert_errors }}"
when:
- cloud_provider is defined and cloud_provider == 'azure'
- not ignore_assert_errors
- name: Stop if unsupported version of Kubernetes - name: Stop if unsupported version of Kubernetes
assert: assert:
that: kube_version is version(kube_version_min_required, '>=') that: kube_version is version(kube_version_min_required, '>=')
msg: "The current release of Kubespray only support newer version of Kubernetes than {{ kube_version_min_required }} - You are trying to apply {{ kube_version }}" msg: "The current release of Kubespray only support newer version of Kubernetes than {{ kube_version_min_required }} - You are trying to apply {{ kube_version }}"
ignore_errors: "{{ ignore_assert_errors }}"
when: not ignore_assert_errors
# simplify this items-list when https://github.com/ansible/ansible/issues/15753 is resolved # simplify this items-list when https://github.com/ansible/ansible/issues/15753 is resolved
- name: "Stop if known booleans are set as strings (Use JSON format on CLI: -e \"{'key': true }\")" - name: "Stop if known booleans are set as strings (Use JSON format on CLI: -e \"{'key': true }\")"
@ -52,25 +54,28 @@
- { name: download_always_pull, value: "{{ download_always_pull }}" } - { name: download_always_pull, value: "{{ download_always_pull }}" }
- { name: helm_enabled, value: "{{ helm_enabled }}" } - { name: helm_enabled, value: "{{ helm_enabled }}" }
- { name: openstack_lbaas_enabled, value: "{{ openstack_lbaas_enabled }}" } - { name: openstack_lbaas_enabled, value: "{{ openstack_lbaas_enabled }}" }
ignore_errors: "{{ ignore_assert_errors }}"
when: not ignore_assert_errors
- name: Stop if even number of etcd hosts - name: Stop if even number of etcd hosts
assert: assert:
that: groups.etcd|length is not divisibleby 2 that: groups.etcd|length is not divisibleby 2
ignore_errors: "{{ ignore_assert_errors }}"
when: inventory_hostname in groups['etcd']
when:
- not ignore_assert_errors
- inventory_hostname in groups['etcd']
- name: Stop if memory is too small for masters - name: Stop if memory is too small for masters
assert: assert:
that: ansible_memtotal_mb >= minimal_master_memory_mb that: ansible_memtotal_mb >= minimal_master_memory_mb
ignore_errors: "{{ ignore_assert_errors }}"
when: inventory_hostname in groups['kube-master']
when:
- not ignore_assert_errors
- inventory_hostname in groups['kube-master']
- name: Stop if memory is too small for nodes - name: Stop if memory is too small for nodes
assert: assert:
that: ansible_memtotal_mb >= minimal_node_memory_mb that: ansible_memtotal_mb >= minimal_node_memory_mb
ignore_errors: "{{ ignore_assert_errors }}"
when: inventory_hostname in groups['kube-node']
when:
- not ignore_assert_errors
- inventory_hostname in groups['kube-node']
# This assertion will fail on the safe side: One can indeed schedule more pods # This assertion will fail on the safe side: One can indeed schedule more pods
# on a node than the CIDR-range has space for when additional pods use the host # on a node than the CIDR-range has space for when additional pods use the host
@ -81,8 +86,8 @@
assert: assert:
that: "{{ (kubelet_max_pods | default(110)) | int <= (2 ** (32 - kube_network_node_prefix | int)) - 2 }}" that: "{{ (kubelet_max_pods | default(110)) | int <= (2 ** (32 - kube_network_node_prefix | int)) - 2 }}"
msg: "Do not schedule more pods on a node than inet addresses are available." msg: "Do not schedule more pods on a node than inet addresses are available."
ignore_errors: "{{ ignore_assert_errors }}"
when: when:
- not ignore_assert_errors
- inventory_hostname in groups['k8s-cluster'] - inventory_hostname in groups['k8s-cluster']
- kube_network_node_prefix is defined - kube_network_node_prefix is defined
- kube_network_plugin != 'calico' - kube_network_plugin != 'calico'
@ -90,43 +95,49 @@
- name: Stop if ip var does not match local ips - name: Stop if ip var does not match local ips
assert: assert:
that: ip in ansible_all_ipv4_addresses that: ip in ansible_all_ipv4_addresses
ignore_errors: "{{ ignore_assert_errors }}"
when: ip is defined
when:
- not ignore_assert_errors
- ip is defined
- name: Stop if access_ip is not pingable - name: Stop if access_ip is not pingable
command: ping -c1 {{ access_ip }} command: ping -c1 {{ access_ip }}
when: access_ip is defined
ignore_errors: "{{ ignore_assert_errors }}"
when:
- access_ip is defined
- not ignore_assert_errors
- name: Stop if RBAC is not enabled when dashboard is enabled - name: Stop if RBAC is not enabled when dashboard is enabled
assert: assert:
that: rbac_enabled that: rbac_enabled
when: dashboard_enabled
ignore_errors: "{{ ignore_assert_errors }}"
when:
- dashboard_enabled
- not ignore_assert_errors
- name: Stop if RBAC is not enabled when OCI cloud controller is enabled - name: Stop if RBAC is not enabled when OCI cloud controller is enabled
assert: assert:
that: rbac_enabled that: rbac_enabled
when: cloud_provider is defined and cloud_provider == "oci"
ignore_errors: "{{ ignore_assert_errors }}"
when:
- cloud_provider is defined and cloud_provider == "oci"
- not ignore_assert_errors
- name: Stop if RBAC and anonymous-auth are not enabled when insecure port is disabled - name: Stop if RBAC and anonymous-auth are not enabled when insecure port is disabled
assert: assert:
that: rbac_enabled and kube_api_anonymous_auth that: rbac_enabled and kube_api_anonymous_auth
when: kube_apiserver_insecure_port == 0 and inventory_hostname in groups['kube-master']
ignore_errors: "{{ ignore_assert_errors }}"
when:
- kube_apiserver_insecure_port == 0 and inventory_hostname in groups['kube-master']
- not ignore_assert_errors
- name: Stop if kernel version is too low - name: Stop if kernel version is too low
assert: assert:
that: ansible_kernel.split('-')[0] is version('4.8', '>=') that: ansible_kernel.split('-')[0] is version('4.8', '>=')
when: kube_network_plugin == 'cilium'
ignore_errors: "{{ ignore_assert_errors }}"
when:
- kube_network_plugin == 'cilium'
- not ignore_assert_errors
- name: Stop if bad hostname - name: Stop if bad hostname
assert: assert:
that: inventory_hostname is match("[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$") that: inventory_hostname is match("[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$")
msg: "Hostname must consist of lower case alphanumeric characters, '.' or '-', and must start and end with an alphanumeric character" msg: "Hostname must consist of lower case alphanumeric characters, '.' or '-', and must start and end with an alphanumeric character"
ignore_errors: "{{ ignore_assert_errors }}"
when: not ignore_assert_errors
- name: check cloud_provider value - name: check cloud_provider value
assert: assert:
@ -134,8 +145,7 @@
msg: "If set the 'cloud_provider' var must be set either to 'generic', 'gce', 'aws', 'azure', 'openstack', 'vsphere', or external" msg: "If set the 'cloud_provider' var must be set either to 'generic', 'gce', 'aws', 'azure', 'openstack', 'vsphere', or external"
when: when:
- cloud_provider is defined - cloud_provider is defined
ignore_errors: "{{ ignore_assert_errors }}"
- not ignore_assert_errors
tags: tags:
- cloud-provider - cloud-provider
- facts - facts

Write Preview
Loading…
Cancel
Save