kubespray/roles/kubernetes/preinstall/tasks/0040-verify-settings.yml

---
- name: Stop if any host not in '--limit' does not have a fact cache
  vars:
    uncached_hosts: "{{ hostvars | dict2items | selectattr('value.ansible_default_ipv6', 'undefined') | selectattr('value.ansible_default_ipv4', 'undefined') | map(attribute='key') }}"
    excluded_hosts: "{{ groups['k8s_cluster'] | difference(query('inventory_hostnames', ansible_limit)) }}"
  assert:
    that: uncached_hosts | intersect(excluded_hosts) == []
    fail_msg: |
      Kubespray does not support '--limit' without a populated facts cache for the excluded hosts.
      Please run the facts.yml playbook first without '--limit'.
      The following excluded hosts are not cached: {{ uncached_hosts | intersect(excluded_hosts) }}      
  run_once: true
  when:
    - ansible_limit is defined
    - not ignore_assert_errors
- name: Stop if non systemd OS type
  assert:
    that: ansible_service_mgr == "systemd"
  when: not ignore_assert_errors

- name: Stop if the os does not support
  assert:
    that: (allow_unsupported_distribution_setup | default(false)) or ansible_distribution in supported_os_distributions
    msg: "{{ ansible_distribution }} is not a known OS"
  when: not ignore_assert_errors

- name: Stop if memory is too small for control plane nodes
  assert:
    that: ansible_memtotal_mb >= minimal_master_memory_mb
  when:
    - not ignore_assert_errors
    - ('kube_control_plane' in group_names)

- name: Stop if memory is too small for nodes
  assert:
    that: ansible_memtotal_mb >= minimal_node_memory_mb
  when:
    - not ignore_assert_errors
    - ('kube_node' in group_names)

# This command will fail if cgroups are not enabled on the node.
# For reference: https://kubernetes.io/docs/concepts/architecture/cgroups/#check-cgroup-version
- name: Stop if cgroups are not enabled on nodes
  command: stat -fc %T /sys/fs/cgroup/
  changed_when: false
  when: not ignore_assert_errors

- name: Stop if ip var does not match local ips
  assert:
    that: (ip in ansible_all_ipv4_addresses) or (ip in ansible_all_ipv6_addresses)
    msg: "IPv4: '{{ ansible_all_ipv4_addresses }}' and IPv6: '{{ ansible_all_ipv6_addresses }}' do not contain '{{ ip }}'"
  when:
    - not ignore_assert_errors
    - ip is defined

- name: Stop if access_ip is not pingable
  command: ping -c1 {{ main_access_ip }}
  when:
    - main_access_ip is defined
    - not ignore_assert_errors
    - ping_access_ip
  changed_when: false

- name: Stop if kernel version is too low for cilium
  assert:
    that: ansible_kernel.split('-')[0] is version('4.9.17', '>=')
  when:
    - kube_network_plugin == 'cilium' or cilium_deploy_additionally
    - not ignore_assert_errors

- name: Stop if kernel version is too low for nftables
  assert:
    that: ansible_kernel.split('-')[0] is version('5.13', '>=')
  when:
    - kube_proxy_mode == 'nftables'
    - not ignore_assert_errors

- name: Stop if bad hostname
  assert:
    that: inventory_hostname is match("[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$")
    msg: "Hostname must consist of lower case alphanumeric characters, '.' or '-', and must start and end with an alphanumeric character"
  when: not ignore_assert_errors

- name: Stop if /etc/resolv.conf has no configured nameservers
  assert:
    that: configured_nameservers | length>0
    fail_msg: "nameserver should not be empty in /etc/resolv.conf"
  when:
    - upstream_dns_servers | length == 0
    - not disable_host_nameservers
    - dns_mode in ['coredns', 'coredns_dual']

- name: Stop if download_localhost is enabled for Flatcar Container Linux
  assert:
    that: ansible_os_family not in ["Flatcar", "Flatcar Container Linux by Kinvolk"]
    msg: "download_run_once not supported for Flatcar Container Linux"
  when: download_run_once or download_force_cache