diff --git a/roles/kubernetes/preinstall/files/pkgs-schema.json b/roles/kubernetes/preinstall/files/pkgs-schema.json deleted file mode 100644 index 1fb9e28de..000000000 --- a/roles/kubernetes/preinstall/files/pkgs-schema.json +++ /dev/null @@ -1,80 +0,0 @@ -{ - "$schema": "https://json-schema.org/draft/2020-12/schema", - "$id": "https://kubespray.io/internal/os_packages.schema.json", - "title": "Os packages", - "description": "Criteria for selecting packages to install on Kubernetes nodes during installation by Kubespray", - "type": "object", - "patternProperties": { - ".*": { - "type": "object", - "additionalProperties": false, - "properties": { - "enabled": { - "description": "Escape hatch to filter packages. The value is expected to be pre-resolved to a boolean by Jinja", - "type": "boolean", - "default": true - }, - "groups": { - "description": "Match if the host is in one of these groups. If not specified match any host.", - "type": "array", - "minItems": 1, - "items":{ - "type": "string", - "pattern": "^[0-9A-Za-z_]*$" - } - }, - "os": { - "type": "object", - "description": "If not specified match any OS. Otherwise, must match by 'families' or 'distributions' to be included.", - "additionalProperties": false, - "minProperties": 1, - "properties": { - "families": { - "description": "Match if ansible_os_family is part of the list.", - "type": "array", - "minItems": 1, - "items": { - "type": "string" - } - }, - "distributions": { - "type": "object", - "description": "Match if ansible_distribution match one of defined keys.", - "minProperties": 1, - "patternProperties": { - ".*": { - "description": "Match if either the value is the empty hash, or one major_versions/versions/releases contains the corresponding variable ('ansible_distrbution_*')", - "type": "object", - "additionalProperties": false, - "properties": { - "major_versions": { - "type": "array", - "minItems": 1, - "items": { - "type": "string" - } - }, - "versions": { - "type": "array", - "minItems": 1, - "items": { - "type": "string" - } - }, - "releases": { - "type": "array", - "minItems": 1, - "items": { - "type": "string" - } - } - } - } - } - } - } - } - } - } - } -} diff --git a/roles/kubernetes/preinstall/tasks/0040-verify-settings.yml b/roles/kubernetes/preinstall/tasks/0040-verify-settings.yml index 2e57b1a1c..3ae1c4539 100644 --- a/roles/kubernetes/preinstall/tasks/0040-verify-settings.yml +++ b/roles/kubernetes/preinstall/tasks/0040-verify-settings.yml @@ -338,11 +338,6 @@ - kube_apiserver_enable_admission_plugins is defined - kube_apiserver_enable_admission_plugins | length > 0 -- name: Verify that the packages list structure is valid - ansible.utils.validate: - criteria: "{{ lookup('file', 'pkgs-schema.json') }}" - data: "{{ pkgs }}" - - name: Verify that the packages list is sorted vars: pkgs_lists: "{{ pkgs.keys() | list }}" diff --git a/roles/kubernetes/preinstall/tasks/0070-system-packages.yml b/roles/kubernetes/preinstall/tasks/0070-system-packages.yml index c8b480c84..77f4c8686 100644 --- a/roles/kubernetes/preinstall/tasks/0070-system-packages.yml +++ b/roles/kubernetes/preinstall/tasks/0070-system-packages.yml @@ -60,23 +60,8 @@ - bootstrap-os - name: Install packages requirements - vars: - # The json_query for selecting packages name is split for readability - # see files/pkgs-schema.json for the structure of `pkgs` - # and the matching semantics - full_query: "[? value | (enabled == null || enabled) && ( {{ filters_os }} ) && ( {{ filters_groups }} ) ].key" - filters_groups: "groups | @ == null || [? contains(`{{ group_names }}`, @)]" - filters_os: "os == null || (os | ( {{ filters_family }} ) || ( {{ filters_distro }} ))" - dquote: !unsafe '"' - # necessary to workaround Ansible escaping - filters_distro: "distributions.{{ dquote }}{{ ansible_distribution }}{{ dquote }} | - @ == `{}` || - contains(not_null(major_versions, `[]`), '{{ ansible_distribution_major_version }}') || - contains(not_null(versions, `[]`), '{{ ansible_distribution_version }}') || - contains(not_null(releases, `[]`), '{{ ansible_distribution_release }}')" - filters_family: "families && contains(families, '{{ ansible_os_family }}')" package: - name: "{{ pkgs | dict2items | to_json|from_json | community.general.json_query(full_query) }}" + name: "{{ pkgs | dict2items | selectattr('value', 'ansible.builtin.all') | map(attribute='key') }}" state: present register: pkgs_task_result until: pkgs_task_result is succeeded diff --git a/roles/kubernetes/preinstall/vars/main.yml b/roles/kubernetes/preinstall/vars/main.yml index e788b5db7..699a87de5 100644 --- a/roles/kubernetes/preinstall/vars/main.yml +++ b/roles/kubernetes/preinstall/vars/main.yml @@ -1,103 +1,72 @@ --- pkgs: - apparmor: &debian_family_base - os: - families: - - Debian - apt-transport-https: *debian_family_base - aufs-tools: &deb_10 - groups: - - k8s_cluster - os: - distributions: - Debian: - major_versions: - - "10" - bash-completion: {} - conntrack: &deb_redhat - groups: - - k8s_cluster - os: - families: - - Debian - - RedHat + apparmor: + - "{{ ansible_os_family == 'Debian' }}" + apt-transport-https: + - "{{ ansible_os_family == 'Debian' }}" + aufs-tools: + - "{{ ansible_os_family == 'Debian' }}" + - "{{ ansible_distribution_major_version == '10' }}" + - "{{ 'k8s_cluster' in group_names }}" + bash-completion: [] + conntrack: + - "{{ ansible_os_family in ['Debian', 'RedHat'] }}" + - "{{ ansible_distribution != 'openEuler' }}" + - "{{ 'k8s_cluster' in group_names }}" conntrack-tools: - groups: - - k8s_cluster - os: - families: - - Suse - distributions: - Amazon: {} - container-selinux: &redhat_family - groups: - - k8s_cluster - os: - families: - - RedHat - curl: {} + - "{{ ansible_os_family == 'Suse' or ansible_distribution in ['Amazon', 'openEuler'] }}" + - "{{ 'k8s_cluster' in group_names }}" + container-selinux: + - "{{ ansible_os_family == 'RedHat' }}" + - "{{ 'k8s_cluster' in group_names }}" + curl: [] device-mapper: - groups: - - k8s_cluster - os: - families: - - Suse - device-mapper-libs: *redhat_family - e2fsprogs: {} - ebtables: {} - gnupg: &debian - groups: - - k8s_cluster - os: - distributions: - Debian: - major_versions: - - "11" - - "12" + - "{{ ansible_os_family == 'Suse' or ansible_distribution == 'openEuler' }}" + - "{{ 'k8s_cluster' in group_names }}" + device-mapper-libs: + - "{{ ansible_os_family == 'RedHat' }}" + - "{{ ansible_distribution != 'openEuler' }}" + e2fsprogs: [] + ebtables: [] + gnupg: + - "{{ ansible_distribution == 'Debian' }}" + - "{{ ansible_distribution_major_version in ['11', '12'] }}" + - "{{ 'k8s_cluster' in group_names }}" ipset: - enabled: "{{ kube_proxy_mode != 'ipvs' }}" - groups: - - k8s_cluster - iptables: *deb_redhat + - "{{ kube_proxy_mode != 'ipvs' }}" + - "{{ 'k8s_cluster' in group_names }}" + iptables: + - "{{ ansible_os_family in ['Debian', 'RedHat'] }}" ipvsadm: - enabled: "{{ kube_proxy_mode == 'ipvs' }}" - groups: - - k8s_cluster - libseccomp: *redhat_family + - "{{ kube_proxy_mode == 'ipvs' }}" + - "{{ 'k8s_cluster' in group_names }}" + libseccomp: + - "{{ ansible_os_family == 'RedHat' }}" libseccomp2: - groups: - - k8s_cluster - os: - families: - - Suse - - Debian + - "{{ ansible_os_family in ['Debian', 'Suse'] }}" + - "{{ 'k8s_cluster' in group_names }}" libselinux-python: # TODO: Handle rehat_family + major < 8 - os: - distributions: - Amazon: {} + - "{{ ansible_distribution == 'Amazon' }}" libselinux-python3: - os: - distributions: - Fedora: {} + - "{{ ansible_distribution == 'Fedora' }}" mergerfs: - os: - distributions: - Debian: - major_versions: - - "12" - nss: *redhat_family - openssl: {} - python-apt: *deb_10 - # TODO: not for debian 10 - python3-apt: *debian_family_base + - "{{ ansible_distribution == 'Debian' }}" + - "{{ ansible_distribution_major_version == '12' }}" + nss: + - "{{ ansible_os_family == 'RedHat' }}" + openssl: [] + python-apt: + - "{{ ansible_os_family == 'Debian' }}" + - "{{ ansible_distribution_major_version == '10' }}" + python3-apt: + - "{{ ansible_os_family == 'Debian' }}" + - "{{ ansible_distribution_major_version != '10' }}" python3-libselinux: - os: - distributions: - RedHat: {} - CentOS: {} - rsync: {} - socat: {} - software-properties-common: *debian_family_base - tar: {} - unzip: {} - xfsprogs: {} + - "{{ ansible_distribution in ['RedHat', 'CentOS'] }}" + rsync: [] + socat: [] + software-properties-common: + - "{{ ansible_os_family == 'Debian' }}" + tar: [] + unzip: [] + xfsprogs: []