From c5c8f293ae88fc969c3e075d02b1155abf5aa39f Mon Sep 17 00:00:00 2001 From: dunglm <38011421+DungT9x@users.noreply.github.com> Date: Wed, 14 Dec 2022 11:32:29 +0700 Subject: [PATCH 01/21] Remove taints "CriticalAddonsOnly=true:NoExecute" --- tasks/first_server.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tasks/first_server.yml b/tasks/first_server.yml index 0d03908..a9041db 100644 --- a/tasks/first_server.yml +++ b/tasks/first_server.yml @@ -10,7 +10,7 @@ - name: Set server taints ansible.builtin.set_fact: - combined_node_taints: "{{ node_taints + [ 'CriticalAddonsOnly=true:NoExecute' ] }}" + combined_node_taints: "{{ node_taints }}" when: rke2_server_taint and rke2_type == 'server' - name: Set agent taints From bb91a1c2150a89beba156d47afb19b7db47c4387 Mon Sep 17 00:00:00 2001 From: dunglm <38011421+DungT9x@users.noreply.github.com> Date: Wed, 14 Dec 2022 11:32:59 +0700 Subject: [PATCH 02/21] Remove option taint "CriticalAddonsOnly=true:NoExecute" --- tasks/remaining_nodes.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tasks/remaining_nodes.yml b/tasks/remaining_nodes.yml index 5ab5e2c..49f995b 100644 --- a/tasks/remaining_nodes.yml +++ b/tasks/remaining_nodes.yml @@ -10,7 +10,7 @@ - name: Set server taints set_fact: - combined_node_taints: "{{ node_taints + [ 'CriticalAddonsOnly=true:NoExecute' ] }}" + combined_node_taints: "{{ node_taints }}" when: rke2_server_taint and rke2_type == 'server' - name: Set agent taints From fd959792e42061d66f535a51fcfa51b222cebb59 Mon Sep 17 00:00:00 2001 From: Michal Muransky Date: Thu, 29 Dec 2022 16:18:25 +0100 Subject: [PATCH 03/21] Improve Molecule tests --- molecule/cluster/converge.yml | 6 +- molecule/cluster/molecule.yml | 14 +-- molecule/default/converge.yml | 4 +- molecule/default/molecule.yml | 7 +- molecule/ha_cluster/converge.yml | 5 +- molecule/ha_cluster/molecule.yml | 20 ++-- molecule/ha_cluster_kubevip/converge.yml | 19 ++++ molecule/ha_cluster_kubevip/molecule.yml | 113 +++++++++++++++++++++++ molecule/ha_cluster_kubevip/prepare.yml | 12 +++ molecule/ha_cluster_kubevip/verify.yml | 22 +++++ 10 files changed, 199 insertions(+), 23 deletions(-) create mode 100644 molecule/ha_cluster_kubevip/converge.yml create mode 100644 molecule/ha_cluster_kubevip/molecule.yml create mode 100644 molecule/ha_cluster_kubevip/prepare.yml create mode 100644 molecule/ha_cluster_kubevip/verify.yml diff --git a/molecule/cluster/converge.yml b/molecule/cluster/converge.yml index fc6dbf6..a303c4f 100644 --- a/molecule/cluster/converge.yml +++ b/molecule/cluster/converge.yml @@ -3,7 +3,9 @@ hosts: all become: yes vars: - rke2_version: v1.20.7+rke2r2 + rke2_version: v1.20.15+rke2r1 rke2_snapshooter: native + rke2_server_node_taints: + - 'CriticalAddonsOnly=true:NoExecute' roles: - - role: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') | basename }}" + - role: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') | basename }}" diff --git a/molecule/cluster/molecule.yml b/molecule/cluster/molecule.yml index fa68694..223cde7 100644 --- a/molecule/cluster/molecule.yml +++ b/molecule/cluster/molecule.yml @@ -9,24 +9,26 @@ lint: | ansible-lint --exclude molecule/ platforms: - name: node1 - image: "geerlingguy/docker-${image:-ubuntu2004}-ansible:${tag:-latest}" + image: "geerlingguy/docker-${image:-ubuntu2204}-ansible:${tag:-latest}" command: ${MOLECULE_DOCKER_COMMAND:-""} volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro + - "/sys/fs/cgroup:/sys/fs/cgroup:${MOLECULE_DOCKER_VOLUMES:-ro}" # Use "ro" for cgroup v1 and "rw" for cgroup v2 + cgroups_mode: ${MOLECULE_DOCKER_CGROUPS_MODE:-"private"} # Use "private" for cgroup v1 and "host" for cgroup v2 privileged: true - pre_build_image: ${MOLECULE_PREBUILT:-true} + pre_build_image: true networks: - name: rke2net groups: - masters - k8s_cluster - name: node2 - image: "geerlingguy/docker-${image:-ubuntu2004}-ansible:${tag:-latest}" + image: "geerlingguy/docker-${image:-ubuntu2204}-ansible:${tag:-latest}" command: ${MOLECULE_DOCKER_COMMAND:-""} volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro + - "/sys/fs/cgroup:/sys/fs/cgroup:${MOLECULE_DOCKER_VOLUMES:-ro}" # Use "ro" for cgroup v1 and "rw" for cgroup v2 + cgroups_mode: ${MOLECULE_DOCKER_CGROUPS_MODE:-"private"} # Use "private" for cgroup v1 and "host" for cgroup v2 privileged: true - pre_build_image: ${MOLECULE_PREBUILT:-true} + pre_build_image: true networks: - name: rke2net groups: diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml index fc6dbf6..3a60c99 100644 --- a/molecule/default/converge.yml +++ b/molecule/default/converge.yml @@ -3,7 +3,7 @@ hosts: all become: yes vars: - rke2_version: v1.20.7+rke2r2 + rke2_version: v1.20.15+rke2r1 rke2_snapshooter: native roles: - - role: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') | basename }}" + - role: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') | basename }}" diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index 622fed1..0d85039 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -9,12 +9,13 @@ lint: | ansible-lint --exclude molecule/ platforms: - name: node1 - image: "geerlingguy/docker-${image:-rockylinux8}-ansible:${tag:-latest}" + image: "geerlingguy/docker-${image:-ubuntu2204}-ansible:${tag:-latest}" command: ${MOLECULE_DOCKER_COMMAND:-""} volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro + - "/sys/fs/cgroup:/sys/fs/cgroup:${MOLECULE_DOCKER_VOLUMES:-ro}" # Use "ro" for cgroup v1 and "rw" for cgroup v2 + cgroups_mode: ${MOLECULE_DOCKER_CGROUPS_MODE:-"private"} # Use "private" for cgroup v1 and "host" for cgroup v2 privileged: true - pre_build_image: ${MOLECULE_PREBUILT:-true} + pre_build_image: true networks: - name: rke2net groups: diff --git a/molecule/ha_cluster/converge.yml b/molecule/ha_cluster/converge.yml index f00ca62..f5d16bf 100644 --- a/molecule/ha_cluster/converge.yml +++ b/molecule/ha_cluster/converge.yml @@ -6,8 +6,9 @@ rke2_version: v1.25.3+rke2r1 rke2_cis_profile: cis-1.23 rke2_ha_mode: true - rke2_server_taint: true rke2_api_ip: 192.168.123.100 rke2_snapshooter: native + rke2_server_node_taints: + - 'CriticalAddonsOnly=true:NoExecute' roles: - - role: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') | basename }}" + - role: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') | basename }}" diff --git a/molecule/ha_cluster/molecule.yml b/molecule/ha_cluster/molecule.yml index 42dd294..38c9783 100644 --- a/molecule/ha_cluster/molecule.yml +++ b/molecule/ha_cluster/molecule.yml @@ -12,9 +12,10 @@ platforms: image: "geerlingguy/docker-${image:-ubuntu2004}-ansible:${tag:-latest}" command: ${MOLECULE_DOCKER_COMMAND:-""} volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro + - "/sys/fs/cgroup:/sys/fs/cgroup:${MOLECULE_DOCKER_VOLUMES:-ro}" # Use "ro" for cgroup v1 and "rw" for cgroup v2 + cgroups_mode: ${MOLECULE_DOCKER_CGROUPS_MODE:-"private"} # Use "private" for cgroup v1 and "host" for cgroup v2 privileged: true - pre_build_image: ${MOLECULE_PREBUILT:-true} + pre_build_image: true networks: - name: rke2net groups: @@ -24,9 +25,10 @@ platforms: image: "geerlingguy/docker-${image:-ubuntu2004}-ansible:${tag:-latest}" command: ${MOLECULE_DOCKER_COMMAND:-""} volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro + - "/sys/fs/cgroup:/sys/fs/cgroup:${MOLECULE_DOCKER_VOLUMES:-ro}" # Use "ro" for cgroup v1 and "rw" for cgroup v2 + cgroups_mode: ${MOLECULE_DOCKER_CGROUPS_MODE:-"private"} # Use "private" for cgroup v1 and "host" for cgroup v2 privileged: true - pre_build_image: ${MOLECULE_PREBUILT:-true} + pre_build_image: true networks: - name: rke2net groups: @@ -36,9 +38,10 @@ platforms: image: "geerlingguy/docker-${image:-ubuntu2004}-ansible:${tag:-latest}" command: ${MOLECULE_DOCKER_COMMAND:-""} volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro + - "/sys/fs/cgroup:/sys/fs/cgroup:${MOLECULE_DOCKER_VOLUMES:-ro}" # Use "ro" for cgroup v1 and "rw" for cgroup v2 + cgroups_mode: ${MOLECULE_DOCKER_CGROUPS_MODE:-"private"} # Use "private" for cgroup v1 and "host" for cgroup v2 privileged: true - pre_build_image: ${MOLECULE_PREBUILT:-true} + pre_build_image: true networks: - name: rke2net groups: @@ -48,9 +51,10 @@ platforms: image: "geerlingguy/docker-${image:-ubuntu2004}-ansible:${tag:-latest}" command: ${MOLECULE_DOCKER_COMMAND:-""} volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro + - "/sys/fs/cgroup:/sys/fs/cgroup:${MOLECULE_DOCKER_VOLUMES:-ro}" # Use "ro" for cgroup v1 and "rw" for cgroup v2 + cgroups_mode: ${MOLECULE_DOCKER_CGROUPS_MODE:-"private"} # Use "private" for cgroup v1 and "host" for cgroup v2 privileged: true - pre_build_image: ${MOLECULE_PREBUILT:-true} + pre_build_image: true networks: - name: rke2net groups: diff --git a/molecule/ha_cluster_kubevip/converge.yml b/molecule/ha_cluster_kubevip/converge.yml new file mode 100644 index 0000000..f19dc12 --- /dev/null +++ b/molecule/ha_cluster_kubevip/converge.yml @@ -0,0 +1,19 @@ +--- +- name: Converge + hosts: all + become: yes + vars: + rke2_server_taint: true + rke2_cni: calico + rke2_api_ip: 192.168.121.100 + rke2_version: v1.25.3+rke2r1 + # rke2_cis_profile: cis-1.23 + rke2_ha_mode_keepalived: false + rke2_ha_mode: true + rke2_ha_mode_kubevip: true + rke2_kubevip_cloud_provider_enable: true + rke2_kubevip_svc_enable: true + rke2_loadbalancer_ip_range: 192.168.121.1-192.168.121.50 + # rke2_interface: eth1 + roles: + - role: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') | basename }}" diff --git a/molecule/ha_cluster_kubevip/molecule.yml b/molecule/ha_cluster_kubevip/molecule.yml new file mode 100644 index 0000000..fdc63f8 --- /dev/null +++ b/molecule/ha_cluster_kubevip/molecule.yml @@ -0,0 +1,113 @@ +--- +dependency: + name: galaxy +driver: + name: vagrant + provider: + name: libvirt + provision: yes +lint: | + yamllint -f colored -s . + ansible-lint --exclude=molecule/ --exclude=.github/ + +platforms: + - name: instance-1 + management: + network_name: private_network + network_address: 192.168.123.0/24 + # interfaces: + # - network_name: private_network + # ip: 192.168.123.11 + # config_options: + # ssh.keep_alive: yes + # ssh.remote_user: 'vagrant' + box: generic/ubuntu2004 + box_version: 4.2 + memory: 2048 + cpus: 1 + provider_options: + # using session with network leads to troubles + qemu_use_session: false + groups: + - masters + - k8s_cluster + - name: instance-2 + # interfaces: + # - network_name: private_network + # ip: 192.168.123.12 + # config_options: + # ssh.keep_alive: yes + # ssh.remote_user: 'vagrant' + box: generic/ubuntu2004 + box_version: 4.2 + memory: 2048 + cpus: 1 + provider_options: + # using session with network leads to troubles + qemu_use_session: false + groups: + - masters + - k8s_cluster + - name: instance-3 + # interfaces: + # - network_name: private_network + # ip: 192.168.123.13 + # config_options: + # ssh.keep_alive: yes + # ssh.remote_user: 'vagrant' + box: generic/ubuntu2004 + box_version: 4.2 + memory: 2048 + cpus: 1 + provider_options: + # using session with network leads to troubles + qemu_use_session: false + groups: + - masters + - k8s_cluster + - name: instance-4 + # interfaces: + # - network_name: private_network + # ip: 192.168.123.14 + # config_options: + # ssh.keep_alive: yes + # ssh.remote_user: 'vagrant' + box: generic/ubuntu2004 + box_version: 4.2 + memory: 2048 + cpus: 1 + provider_options: + # using session with network leads to troubles + qemu_use_session: false + groups: + - workers + - k8s_cluster +provisioner: + name: ansible + inventory: + group_vars: + masters: + rke2_type: server + k8s_node_label: + - controlplane=true + workers: + rke2_type: agent + k8s_node_label: + - worker=true + +verifier: + name: ansible +scenario: + name: ha_cluster_kubevip + test_sequence: + - lint + - destroy + - syntax + - dependency + - create + - prepare + - converge + # - idempotence + - verify + - cleanup + - destroy diff --git a/molecule/ha_cluster_kubevip/prepare.yml b/molecule/ha_cluster_kubevip/prepare.yml new file mode 100644 index 0000000..4b3ffb0 --- /dev/null +++ b/molecule/ha_cluster_kubevip/prepare.yml @@ -0,0 +1,12 @@ +--- +- name: Prepare + hosts: node* + become: true + tasks: + - name: Install packages + ansible.builtin.package: + update_cache: true + name: "{{ item }}" + loop: + - wget + - curl diff --git a/molecule/ha_cluster_kubevip/verify.yml b/molecule/ha_cluster_kubevip/verify.yml new file mode 100644 index 0000000..e1a6ed5 --- /dev/null +++ b/molecule/ha_cluster_kubevip/verify.yml @@ -0,0 +1,22 @@ +--- + +- name: Verify + hosts: node1 + gather_facts: false + vars: + rke2_data_path: /var/lib/rancher/rke2 + tasks: + - name: Verify RKE2 + shell: | + set -e + set -o pipefail + {{ rke2_data_path }}/bin/kubectl --kubeconfig /etc/rancher/rke2/rke2.yaml get nodes | grep " Ready" | wc -l + args: + executable: /bin/bash + register: nodes + + - name: Check Nodes + assert: + that: + - groups.all | length == nodes.stdout | int + quiet: true From cc5892bbf84f53c3edcdb568868864a710411353 Mon Sep 17 00:00:00 2001 From: Michal Muransky Date: Thu, 29 Dec 2022 16:21:21 +0100 Subject: [PATCH 04/21] Rework taints --- tasks/first_server.yml | 11 +++-------- tasks/remaining_nodes.yml | 12 ++++++------ 2 files changed, 9 insertions(+), 14 deletions(-) diff --git a/tasks/first_server.yml b/tasks/first_server.yml index a9041db..91df39e 100644 --- a/tasks/first_server.yml +++ b/tasks/first_server.yml @@ -10,13 +10,8 @@ - name: Set server taints ansible.builtin.set_fact: - combined_node_taints: "{{ node_taints }}" - when: rke2_server_taint and rke2_type == 'server' - -- name: Set agent taints - ansible.builtin.set_fact: - combined_node_taints: "{{ node_taints }}" - when: rke2_type == 'agent' or not rke2_server_taint + combined_node_taints: "{{ rke2_server_node_taints }}" + when: rke2_type == 'server' - name: Copy rke2 config ansible.builtin.template: @@ -37,6 +32,7 @@ when: rke2_custom_registry_mirrors.0.endpoint | length > 0 - name: Restore etcd + when: rke2_etcd_snapshot_file and ( "rke2-server.service" is not in ansible_facts.services ) block: - name: Create the RKE2 etcd snapshot dir ansible.builtin.file: @@ -56,7 +52,6 @@ --cluster-reset \ --cluster-reset-restore-path="{{ rke2_etcd_snapshot_destination_dir }}/{{ rke2_etcd_snapshot_file }}" \ --token {{ rke2_token }} - when: rke2_etcd_snapshot_file and ( "rke2-server.service" is not in ansible_facts.services ) - name: Start RKE2 service on the first server ansible.builtin.systemd: diff --git a/tasks/remaining_nodes.yml b/tasks/remaining_nodes.yml index 49f995b..93686cc 100644 --- a/tasks/remaining_nodes.yml +++ b/tasks/remaining_nodes.yml @@ -9,14 +9,14 @@ mode: 0755 - name: Set server taints - set_fact: - combined_node_taints: "{{ node_taints }}" - when: rke2_server_taint and rke2_type == 'server' + ansible.builtin.set_fact: + combined_node_taints: "{{ rke2_server_node_taints }}" + when: rke2_type == 'server' - name: Set agent taints - set_fact: - combined_node_taints: "{{ node_taints }}" - when: rke2_type == 'agent' or not rke2_server_taint + ansible.builtin.set_fact: + combined_node_taints: "{{ rke2_agent_node_taints }}" + when: rke2_type == 'agent' - name: Copy RKE2 config ansible.builtin.template: From 58e8e15ce00345affdc91c1c8bb1e4de6b8214a8 Mon Sep 17 00:00:00 2001 From: Michal Muransky Date: Thu, 29 Dec 2022 16:40:10 +0100 Subject: [PATCH 05/21] Rework taints --- defaults/main.yml | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/defaults/main.yml b/defaults/main.yml index a8f6a7b..5bd6943 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,7 +1,4 @@ --- -# Default nodetaints -node_taints: [] - # The node type - server or agent rke2_type: server @@ -42,8 +39,12 @@ rke2_additional_sans: [] # API Server destination port rke2_apiserver_dest_port: 6443 -# If false, server node(s) will be schedulable and thus your workloads can get launched on them -rke2_server_taint: false +# Server nodes taints +rke2_server_node_taints: [] + # - 'CriticalAddonsOnly=true:NoExecute' + +# Agent nodes taints +rke2_agent_node_taints: [] # Pre-shared secret token that other server or agent nodes will register with when connecting to the cluster rke2_token: defaultSecret12345 From 3fb103122d91994742ddf8f4445ca6c968695149 Mon Sep 17 00:00:00 2001 From: Michal Muransky Date: Thu, 29 Dec 2022 16:46:21 +0100 Subject: [PATCH 06/21] Update README --- README.md | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index 27e6588..8373349 100644 --- a/README.md +++ b/README.md @@ -39,9 +39,6 @@ This is a copy of `defaults/main.yml` ```yaml --- -# Default nodetaints -node_taints: [] - # The node type - server or agent rke2_type: server @@ -82,8 +79,12 @@ rke2_additional_sans: [] # API Server destination port rke2_apiserver_dest_port: 6443 -# If false, server node(s) will be schedulable and thus your workloads can get launched on them -rke2_server_taint: false +# Server nodes taints +rke2_server_node_taints: [] + # - 'CriticalAddonsOnly=true:NoExecute' + +# Agent nodes taints +rke2_agent_node_taints: [] # Pre-shared secret token that other server or agent nodes will register with when connecting to the cluster rke2_token: defaultSecret12345 @@ -308,7 +309,7 @@ This playbook will deploy RKE2 to a cluster with one server(master) and several ``` -This playbook will deploy RKE2 to a cluster with HA server(master) control-plane and several agent(worker) nodes. The server(master) nodes will be tainted so the workload will be distributed only on worker/agent nodes. The role will install also keepalived on the control-plane nodes and setup VIP address where the Kubernetes API will be reachable. it will also download the Kubernetes config file to the local machine. +This playbook will deploy RKE2 to a cluster with HA server(master) control-plane and several agent(worker) nodes. The server(master) nodes will be tainted so the workload will be distributed only on worker(agent) nodes. The role will install also keepalived on the control-plane nodes and setup VIP address where the Kubernetes API will be reachable. it will also download the Kubernetes config file to the local machine. ```yaml - name: Deploy RKE2 @@ -316,9 +317,10 @@ This playbook will deploy RKE2 to a cluster with HA server(master) control-plane become: yes vars: rke2_ha_mode: true - rke2_server_taint: true rke2_api_ip : 192.168.123.100 rke2_download_kubeconf: true + rke2_server_node_taints: + - 'CriticalAddonsOnly=true:NoExecute' roles: - role: lablabs.rke2 @@ -332,7 +334,6 @@ If the playbook starts to hang at the `Start RKE2 service on the rest of the nod Please check the required *Inbound Rules for RKE2 Server Nodes* at the following link: . - ## License MIT From ee2d8bc04278977b585480804d72734f40540601 Mon Sep 17 00:00:00 2001 From: Michal Muransky Date: Thu, 29 Dec 2022 16:47:04 +0100 Subject: [PATCH 07/21] Ansible linting --- handlers/main.yml | 4 ++-- tasks/cis.yml | 2 +- tasks/first_server.yml | 2 ++ tasks/keepalived.yml | 12 ++++++------ tasks/main.yml | 2 +- tasks/remaining_nodes.yml | 6 +++--- tasks/rke2.yml | 10 +++++----- tasks/summary.yml | 5 +++-- 8 files changed, 23 insertions(+), 20 deletions(-) diff --git a/handlers/main.yml b/handlers/main.yml index d226c57..2ed95ad 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -1,11 +1,11 @@ --- -- name: restart keepalived +- name: Restart keepalived ansible.builtin.service: name: keepalived state: restarted -- name: restart systemd-sysctl +- name: Restart systemd-sysctl ansible.builtin.service: state: restarted name: systemd-sysctl diff --git a/tasks/cis.yml b/tasks/cis.yml index c0e02bc..6779e1a 100644 --- a/tasks/cis.yml +++ b/tasks/cis.yml @@ -19,7 +19,7 @@ dest: /etc/sysctl.d/60-rke2-cis.conf mode: 0600 remote_src: true - notify: restart systemd-sysctl + notify: Restart systemd-sysctl - name: Flush handlers ansible.builtin.meta: flush_handlers diff --git a/tasks/first_server.yml b/tasks/first_server.yml index 91df39e..e745877 100644 --- a/tasks/first_server.yml +++ b/tasks/first_server.yml @@ -52,6 +52,8 @@ --cluster-reset \ --cluster-reset-restore-path="{{ rke2_etcd_snapshot_destination_dir }}/{{ rke2_etcd_snapshot_file }}" \ --token {{ rke2_token }} + register: task_output # <- Registers the command output. + changed_when: task_output.rc != 0 # <- Uses the return code to define when the task has changed. - name: Start RKE2 service on the first server ansible.builtin.systemd: diff --git a/tasks/keepalived.yml b/tasks/keepalived.yml index 8f5dafe..d37effb 100644 --- a/tasks/keepalived.yml +++ b/tasks/keepalived.yml @@ -30,7 +30,7 @@ group: root mode: 0755 when: ansible_facts['os_family'] == "Debian" - notify: restart keepalived + notify: Restart keepalived - name: Create Kubernetes API health check script for RedHat OS famliy ansible.builtin.template: @@ -40,7 +40,7 @@ group: root mode: 0755 when: ansible_facts['os_family'] == "RedHat" - notify: restart keepalived + notify: Restart keepalived - name: Create RKE2 Server health check script for Debian OS family ansible.builtin.template: @@ -50,7 +50,7 @@ group: root mode: 0755 when: ansible_facts['os_family'] == "Debian" - notify: restart keepalived + notify: Restart keepalived - name: Create RKE2 Server health check script for RedHat OS family ansible.builtin.template: @@ -60,7 +60,7 @@ group: root mode: 0755 when: ansible_facts['os_family'] == "RedHat" - notify: restart keepalived + notify: Restart keepalived - name: Create keepalived config file ansible.builtin.template: @@ -69,14 +69,14 @@ owner: root group: root mode: 0644 - notify: restart keepalived + notify: Restart keepalived - name: Enable keepalived and make sure it is not masked ansible.builtin.systemd: name: keepalived enabled: yes masked: no - notify: restart keepalived + notify: Restart keepalived - name: Flush handlers ansible.builtin.meta: flush_handlers diff --git a/tasks/main.yml b/tasks/main.yml index 878dadd..22e4a0d 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -27,7 +27,7 @@ - inventory_hostname == groups[rke2_servers_group_name].0 - active_server is not defined -- name: copy kube-vip manifests to the masternode +- name: Copy kube-vip manifests to the masternode ansible.builtin.include_tasks: kubevip.yml when: - inventory_hostname == groups[rke2_servers_group_name].0 diff --git a/tasks/remaining_nodes.yml b/tasks/remaining_nodes.yml index 93686cc..2d56cad 100644 --- a/tasks/remaining_nodes.yml +++ b/tasks/remaining_nodes.yml @@ -54,12 +54,12 @@ enabled: false masked: true with_items: - - "{{ ([ 'agent', 'server' ] | reject('match', rke2_type) | list) }}" + - "{{ (['agent', 'server'] | reject('match', rke2_type) | list) }}" - name: Wait for remaining nodes to be ready ansible.builtin.shell: | - set -o pipefail - {{ rke2_data_path }}/bin/kubectl --kubeconfig /etc/rancher/rke2/rke2.yaml get nodes | grep " Ready" | wc -l + set -o pipefail + {{ rke2_data_path }}/bin/kubectl --kubeconfig /etc/rancher/rke2/rke2.yaml get nodes | grep " Ready" | wc -l args: executable: /bin/bash changed_when: false diff --git a/tasks/rke2.yml b/tasks/rke2.yml index caa9016..0d6b210 100644 --- a/tasks/rke2.yml +++ b/tasks/rke2.yml @@ -23,6 +23,7 @@ when: rke2_airgap_mode - name: Download RKE2 checksum and artifacts + when: rke2_airgap_mode and rke2_airgap_implementation == 'download' block: - name: Download sha256 checksum file ansible.builtin.get_url: @@ -38,8 +39,7 @@ mode: 0644 checksum: "sha256:{{ rke2_artifact_url }}/{{ rke2_version }}/sha256sum-{{ rke2_architecture }}.txt" timeout: 30 - with_items: "{{ rke2_artifact | reject('search','sha256sum') | list }}" - when: rke2_airgap_mode and rke2_airgap_implementation == 'download' + with_items: "{{ rke2_artifact | reject('search', 'sha256sum') | list }}" - name: Copy local RKE2 artifacts ansible.builtin.copy: @@ -51,6 +51,7 @@ when: rke2_airgap_mode and rke2_airgap_implementation == 'copy' - name: Airgap mode - additional images tarballs + when: rke2_airgap_mode and ( rke2_airgap_copy_additional_tarballs | length > 0 ) block: - name: Create additional images tarballs folder ansible.builtin.file: @@ -64,7 +65,6 @@ mode: 0644 force: yes with_items: "{{ rke2_airgap_copy_additional_tarballs }}" - when: rke2_airgap_mode and ( rke2_airgap_copy_additional_tarballs | length > 0 ) - name: Populate service facts ansible.builtin.service_facts: @@ -75,8 +75,8 @@ register: usr_local - name: Set RKE2 bin path - set_fact: - rke2_bin_path: "{{ '/usr/local/bin/rke2' if usr_local.stat.writeable == True else ' /opt/rke2/bin/rke2' }}" + ansible.builtin.set_fact: + rke2_bin_path: "{{ '/usr/local/bin/rke2' if usr_local.stat.writeable == True else ' /opt/rke2/bin/rke2' }}" - name: Check RKE2 version ansible.builtin.shell: | diff --git a/tasks/summary.yml b/tasks/summary.yml index 71e55f9..f11194b 100644 --- a/tasks/summary.yml +++ b/tasks/summary.yml @@ -20,7 +20,9 @@ when: - rke2_download_kubeconf | bool -- block: +- name: Summary + when: inventory_hostname == groups[rke2_servers_group_name].0 + block: - name: Prepare summary ansible.builtin.shell: | set -e @@ -36,4 +38,3 @@ ansible.builtin.debug: var: nodes_summary.stdout_lines run_once: true - when: inventory_hostname == groups[rke2_servers_group_name].0 From 8a4e8c1253a73d6bfb64c4bd6bb0f8daddcb2e74 Mon Sep 17 00:00:00 2001 From: Michal Muransky Date: Thu, 29 Dec 2022 17:16:44 +0100 Subject: [PATCH 08/21] Increase gha max-parallel matrix --- .github/workflows/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index a3c5724..027c91a 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -22,7 +22,7 @@ jobs: runs-on: ubuntu-20.04 strategy: fail-fast: false - max-parallel: 1 + max-parallel: 3 matrix: config: - image: "rockylinux8" From 1b459720e47478fe55e111f9e3f6d889c4c21c6e Mon Sep 17 00:00:00 2001 From: Michal Muransky Date: Thu, 29 Dec 2022 17:57:29 +0100 Subject: [PATCH 09/21] Bump gha versions --- .github/workflows/main.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 027c91a..7bdc16e 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -22,7 +22,7 @@ jobs: runs-on: ubuntu-20.04 strategy: fail-fast: false - max-parallel: 3 + max-parallel: 1 matrix: config: - image: "rockylinux8" @@ -33,11 +33,11 @@ jobs: tag: "latest" steps: - name: checkout - uses: actions/checkout@v2 + uses: actions/checkout@v3 with: path: "${{ github.repository }}" - name: Molecule for Ansible - uses: robertdebock/molecule-action@2.7.2 + uses: robertdebock/molecule-action@4.0.9 with: image: ${{ matrix.config.image }} tag: ${{ matrix.config.tag }} @@ -55,11 +55,11 @@ jobs: tag: "latest" steps: - name: checkout - uses: actions/checkout@v2 + uses: actions/checkout@v3 with: path: "${{ github.repository }}" - name: Molecule for Ansible - uses: robertdebock/molecule-action@2.7.2 + uses: robertdebock/molecule-action@4.0.9 with: image: ${{ matrix.config.image }} tag: ${{ matrix.config.tag }} From e997eb1da9d6ea002bceab9ca87fd403677136e7 Mon Sep 17 00:00:00 2001 From: Michal Muransky Date: Thu, 29 Dec 2022 18:00:37 +0100 Subject: [PATCH 10/21] Bump checkout versions --- .github/workflows/lint.yml | 2 +- .github/workflows/main.yml | 2 +- .github/workflows/pre-commit.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index eb336ad..d4331c3 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -12,7 +12,7 @@ jobs: fail-fast: true steps: - name: checkout - uses: actions/checkout@v2 + uses: actions/checkout@v3 with: path: "${{ github.repository }}" - name: Molecule for Ansible - lint diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 7bdc16e..606cb9a 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -22,7 +22,7 @@ jobs: runs-on: ubuntu-20.04 strategy: fail-fast: false - max-parallel: 1 + max-parallel: 3 matrix: config: - image: "rockylinux8" diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml index 37782c6..0ee4b11 100644 --- a/.github/workflows/pre-commit.yml +++ b/.github/workflows/pre-commit.yml @@ -9,7 +9,7 @@ jobs: pre-commit: runs-on: ubuntu-20.04 steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 - uses: actions/setup-python@v2 - name: Run pre-commit From e487175e1f6769997c0347e4dae402587278c22e Mon Sep 17 00:00:00 2001 From: Michal Muransky Date: Thu, 29 Dec 2022 18:36:39 +0100 Subject: [PATCH 11/21] Rename test gha workflows --- .github/workflows/main.yml | 50 +++++++++++++++++++------------------- 1 file changed, 25 insertions(+), 25 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 606cb9a..899d4a1 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -17,33 +17,33 @@ on: workflow_dispatch: jobs: - standalone: - name: Test RKE2 Ansible Role - standalone - runs-on: ubuntu-20.04 - strategy: - fail-fast: false - max-parallel: 3 - matrix: - config: - - image: "rockylinux8" - tag: "latest" - - image: "ubuntu2004" - tag: "latest" - - image: "ubuntu2204" - tag: "latest" - steps: - - name: checkout - uses: actions/checkout@v3 - with: - path: "${{ github.repository }}" - - name: Molecule for Ansible - uses: robertdebock/molecule-action@4.0.9 - with: - image: ${{ matrix.config.image }} - tag: ${{ matrix.config.tag }} + # standalone: + # name: Single node setup + # runs-on: ubuntu-20.04 + # strategy: + # fail-fast: false + # max-parallel: 3 + # matrix: + # config: + # - image: "rockylinux8" + # tag: "latest" + # - image: "ubuntu2004" + # tag: "latest" + # - image: "ubuntu2204" + # tag: "latest" + # steps: + # - name: checkout + # uses: actions/checkout@v3 + # with: + # path: "${{ github.repository }}" + # - name: Molecule for Ansible + # uses: robertdebock/molecule-action@4.0.9 + # with: + # image: ${{ matrix.config.image }} + # tag: ${{ matrix.config.tag }} cluster: - name: Test RKE2 Ansible Role - cluster + name: Cluster setup runs-on: ubuntu-20.04 needs: standalone strategy: From bc4aebb7cd543070aa8aa58192be0e991cd86c7f Mon Sep 17 00:00:00 2001 From: Michal Muransky Date: Thu, 29 Dec 2022 18:41:37 +0100 Subject: [PATCH 12/21] Rename test gha workflows --- .github/workflows/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 899d4a1..2064613 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -45,7 +45,7 @@ jobs: cluster: name: Cluster setup runs-on: ubuntu-20.04 - needs: standalone + # needs: standalone strategy: fail-fast: false max-parallel: 1 From 2702cc4d0b8c4501d656fb0ead09000d4df01047 Mon Sep 17 00:00:00 2001 From: Michal Muransky Date: Thu, 29 Dec 2022 18:56:36 +0100 Subject: [PATCH 13/21] Rename test gha workflows --- .github/workflows/main.yml | 52 +++++++++++++++++++------------------- 1 file changed, 26 insertions(+), 26 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 2064613..07cc4e6 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -17,41 +17,41 @@ on: workflow_dispatch: jobs: - # standalone: - # name: Single node setup - # runs-on: ubuntu-20.04 - # strategy: - # fail-fast: false - # max-parallel: 3 - # matrix: - # config: - # - image: "rockylinux8" - # tag: "latest" - # - image: "ubuntu2004" - # tag: "latest" - # - image: "ubuntu2204" - # tag: "latest" - # steps: - # - name: checkout - # uses: actions/checkout@v3 - # with: - # path: "${{ github.repository }}" - # - name: Molecule for Ansible - # uses: robertdebock/molecule-action@4.0.9 - # with: - # image: ${{ matrix.config.image }} - # tag: ${{ matrix.config.tag }} + standalone: + name: Single node setup + runs-on: ubuntu-20.04 + strategy: + fail-fast: false + max-parallel: 3 + matrix: + config: + - image: "rockylinux8" + tag: "latest" + # - image: "ubuntu2004" + # tag: "latest" + - image: "ubuntu2204" + tag: "latest" + steps: + - name: checkout + uses: actions/checkout@v3 + with: + path: "${{ github.repository }}" + - name: Molecule for Ansible + uses: robertdebock/molecule-action@4.0.9 + with: + image: ${{ matrix.config.image }} + tag: ${{ matrix.config.tag }} cluster: name: Cluster setup runs-on: ubuntu-20.04 - # needs: standalone + needs: standalone strategy: fail-fast: false max-parallel: 1 matrix: config: - - image: "ubuntu2004" + - image: "ubuntu2204" tag: "latest" steps: - name: checkout From d31815efc32b14295e027ee82f2ddd93832848f2 Mon Sep 17 00:00:00 2001 From: Michal Muransky Date: Thu, 29 Dec 2022 19:27:04 +0100 Subject: [PATCH 14/21] Fix git safe directories issue when in containers --- .github/workflows/main.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 07cc4e6..bdbd891 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -32,6 +32,9 @@ jobs: - image: "ubuntu2204" tag: "latest" steps: + - name: Fix Git safe directories issue when in containers + # https://github.com/actions/checkout/issues/760 + run: git config --global --add safe.directory /__w/ansible-role-rke2/ansible-role-rke2 - name: checkout uses: actions/checkout@v3 with: @@ -54,6 +57,9 @@ jobs: - image: "ubuntu2204" tag: "latest" steps: + - name: Fix Git safe directories issue when in containers + # https://github.com/actions/checkout/issues/760 + run: git config --global --add safe.directory /__w/ansible-role-rke2/ansible-role-rke2 - name: checkout uses: actions/checkout@v3 with: From e676efe84b1b0892903a8fc6e7413bc6860fad26 Mon Sep 17 00:00:00 2001 From: Michal Muransky Date: Thu, 29 Dec 2022 20:35:33 +0100 Subject: [PATCH 15/21] Rework CI --- .github/workflows/main.yml | 67 +++++++++++++++++++++----------------- 1 file changed, 38 insertions(+), 29 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index bdbd891..a01a6f8 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -21,52 +21,61 @@ jobs: name: Single node setup runs-on: ubuntu-20.04 strategy: - fail-fast: false - max-parallel: 3 matrix: - config: - - image: "rockylinux8" - tag: "latest" - # - image: "ubuntu2004" - # tag: "latest" - - image: "ubuntu2204" - tag: "latest" + - image: "rockylinux8" + tag: "latest" + # - image: "ubuntu2004" + # tag: "latest" + - image: "ubuntu2204" + tag: "latest" steps: - - name: Fix Git safe directories issue when in containers - # https://github.com/actions/checkout/issues/760 - run: git config --global --add safe.directory /__w/ansible-role-rke2/ansible-role-rke2 - name: checkout uses: actions/checkout@v3 with: path: "${{ github.repository }}" - - name: Molecule for Ansible - uses: robertdebock/molecule-action@4.0.9 + + - name: Set up Python 3 + uses: actions/setup-python@v2 with: - image: ${{ matrix.config.image }} - tag: ${{ matrix.config.tag }} + python-version: '3.x' + + - name: Install test dependencies + run: pip3 install ansible molecule[docker]==4.0.3 docker + + - name: Run Molecule tests + run: molecule test + env: + PY_COLORS: '1' + ANSIBLE_FORCE_COLOR: '1' + image: ${{ matrix.image }} + tag: ${{ matrix.tag }} cluster: name: Cluster setup runs-on: ubuntu-20.04 needs: standalone strategy: - fail-fast: false - max-parallel: 1 matrix: - config: - - image: "ubuntu2204" - tag: "latest" + - image: "ubuntu2204" + tag: "latest" steps: - - name: Fix Git safe directories issue when in containers - # https://github.com/actions/checkout/issues/760 - run: git config --global --add safe.directory /__w/ansible-role-rke2/ansible-role-rke2 - name: checkout uses: actions/checkout@v3 with: path: "${{ github.repository }}" - - name: Molecule for Ansible - uses: robertdebock/molecule-action@4.0.9 + + - name: Set up Python 3 + uses: actions/setup-python@v2 with: - image: ${{ matrix.config.image }} - tag: ${{ matrix.config.tag }} - scenario: cluster + python-version: '3.x' + + - name: Install test dependencies + run: pip3 install ansible molecule[docker] docker + + - name: Run Molecule tests + run: molecule test + env: + PY_COLORS: '1' + ANSIBLE_FORCE_COLOR: '1' + image: ${{ matrix.image }} + tag: ${{ matrix.tag }} From a9a7a58108ab764c6311f594ddd324745ef5af95 Mon Sep 17 00:00:00 2001 From: Michal Muransky Date: Thu, 29 Dec 2022 20:40:36 +0100 Subject: [PATCH 16/21] Rework CI --- .github/workflows/main.yml | 26 ++++++++++++++------------ 1 file changed, 14 insertions(+), 12 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index a01a6f8..87a45c8 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -22,12 +22,13 @@ jobs: runs-on: ubuntu-20.04 strategy: matrix: - - image: "rockylinux8" - tag: "latest" - # - image: "ubuntu2004" - # tag: "latest" - - image: "ubuntu2204" - tag: "latest" + config: + - image: "rockylinux8" + tag: "latest" + # - image: "ubuntu2004" + # tag: "latest" + - image: "ubuntu2204" + tag: "latest" steps: - name: checkout uses: actions/checkout@v3 @@ -47,8 +48,8 @@ jobs: env: PY_COLORS: '1' ANSIBLE_FORCE_COLOR: '1' - image: ${{ matrix.image }} - tag: ${{ matrix.tag }} + image: ${{ matrix.config.image }} + tag: ${{ matrix.config.tag }} cluster: name: Cluster setup @@ -56,8 +57,9 @@ jobs: needs: standalone strategy: matrix: - - image: "ubuntu2204" - tag: "latest" + config: + - image: "ubuntu2204" + tag: "latest" steps: - name: checkout uses: actions/checkout@v3 @@ -77,5 +79,5 @@ jobs: env: PY_COLORS: '1' ANSIBLE_FORCE_COLOR: '1' - image: ${{ matrix.image }} - tag: ${{ matrix.tag }} + image: ${{ matrix.config.image }} + tag: ${{ matrix.config.tag }} From 39ea4cd078d40ccaf85393a9e3393c0a13203ab1 Mon Sep 17 00:00:00 2001 From: Michal Muransky Date: Thu, 29 Dec 2022 21:41:25 +0100 Subject: [PATCH 17/21] Rework CI --- .github/workflows/main.yml | 22 +++-- molecule/cluster/molecule.yml | 4 +- molecule/default/molecule.yml | 2 +- molecule/ha_cluster/molecule.yml | 8 +- molecule/ha_cluster_kubevip/converge.yml | 19 ---- molecule/ha_cluster_kubevip/molecule.yml | 113 ----------------------- molecule/ha_cluster_kubevip/prepare.yml | 12 --- molecule/ha_cluster_kubevip/verify.yml | 22 ----- 8 files changed, 19 insertions(+), 183 deletions(-) delete mode 100644 molecule/ha_cluster_kubevip/converge.yml delete mode 100644 molecule/ha_cluster_kubevip/molecule.yml delete mode 100644 molecule/ha_cluster_kubevip/prepare.yml delete mode 100644 molecule/ha_cluster_kubevip/verify.yml diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 87a45c8..605def1 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -33,23 +33,24 @@ jobs: - name: checkout uses: actions/checkout@v3 with: - path: "${{ github.repository }}" + path: 'lablabs.rke2' - name: Set up Python 3 - uses: actions/setup-python@v2 + uses: actions/setup-python@v4 with: python-version: '3.x' - name: Install test dependencies - run: pip3 install ansible molecule[docker]==4.0.3 docker + run: pip3 install ansible ansible-lint docker molecule[docker] yamllint - name: Run Molecule tests run: molecule test + working-directory: ./lablabs.rke2 env: PY_COLORS: '1' ANSIBLE_FORCE_COLOR: '1' - image: ${{ matrix.config.image }} - tag: ${{ matrix.config.tag }} + MOLECULE_IMAGE: ${{ matrix.config.image }} + MOLECULE_TAG: ${{ matrix.config.tag }} cluster: name: Cluster setup @@ -64,20 +65,21 @@ jobs: - name: checkout uses: actions/checkout@v3 with: - path: "${{ github.repository }}" + path: 'lablabs.rke2' - name: Set up Python 3 - uses: actions/setup-python@v2 + uses: actions/setup-python@v4 with: python-version: '3.x' - name: Install test dependencies - run: pip3 install ansible molecule[docker] docker + run: pip3 install ansible ansible-lint docker molecule[docker] yamllint - name: Run Molecule tests run: molecule test + working-directory: ./lablabs.rke2 env: PY_COLORS: '1' ANSIBLE_FORCE_COLOR: '1' - image: ${{ matrix.config.image }} - tag: ${{ matrix.config.tag }} + MOLECULE_IMAGE: ${{ matrix.config.image }} + MOLECULE_TAG: ${{ matrix.config.tag }} diff --git a/molecule/cluster/molecule.yml b/molecule/cluster/molecule.yml index 223cde7..21de637 100644 --- a/molecule/cluster/molecule.yml +++ b/molecule/cluster/molecule.yml @@ -9,7 +9,7 @@ lint: | ansible-lint --exclude molecule/ platforms: - name: node1 - image: "geerlingguy/docker-${image:-ubuntu2204}-ansible:${tag:-latest}" + image: "geerlingguy/docker-${MOLECULE_IMAGE:-ubuntu2204}-ansible:${MOLECULE_TAG:-latest}" command: ${MOLECULE_DOCKER_COMMAND:-""} volumes: - "/sys/fs/cgroup:/sys/fs/cgroup:${MOLECULE_DOCKER_VOLUMES:-ro}" # Use "ro" for cgroup v1 and "rw" for cgroup v2 @@ -22,7 +22,7 @@ platforms: - masters - k8s_cluster - name: node2 - image: "geerlingguy/docker-${image:-ubuntu2204}-ansible:${tag:-latest}" + image: "geerlingguy/docker-${MOLECULE_IMAGE:-ubuntu2204}-ansible:${MOLECULE_TAG:-latest}" command: ${MOLECULE_DOCKER_COMMAND:-""} volumes: - "/sys/fs/cgroup:/sys/fs/cgroup:${MOLECULE_DOCKER_VOLUMES:-ro}" # Use "ro" for cgroup v1 and "rw" for cgroup v2 diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index 0d85039..c75e5e9 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -9,7 +9,7 @@ lint: | ansible-lint --exclude molecule/ platforms: - name: node1 - image: "geerlingguy/docker-${image:-ubuntu2204}-ansible:${tag:-latest}" + image: "geerlingguy/docker-${MOLECULE_IMAGE:-ubuntu2204}-ansible:${MOLECULE_TAG:-latest}" command: ${MOLECULE_DOCKER_COMMAND:-""} volumes: - "/sys/fs/cgroup:/sys/fs/cgroup:${MOLECULE_DOCKER_VOLUMES:-ro}" # Use "ro" for cgroup v1 and "rw" for cgroup v2 diff --git a/molecule/ha_cluster/molecule.yml b/molecule/ha_cluster/molecule.yml index 38c9783..9b533f0 100644 --- a/molecule/ha_cluster/molecule.yml +++ b/molecule/ha_cluster/molecule.yml @@ -9,7 +9,7 @@ lint: | ansible-lint --exclude molecule/ platforms: - name: node1 - image: "geerlingguy/docker-${image:-ubuntu2004}-ansible:${tag:-latest}" + image: "geerlingguy/docker-${MOLECULE_IMAGE:-ubuntu2204}-ansible:${MOLECULE_TAG:-latest}" command: ${MOLECULE_DOCKER_COMMAND:-""} volumes: - "/sys/fs/cgroup:/sys/fs/cgroup:${MOLECULE_DOCKER_VOLUMES:-ro}" # Use "ro" for cgroup v1 and "rw" for cgroup v2 @@ -22,7 +22,7 @@ platforms: - masters - k8s_cluster - name: node2 - image: "geerlingguy/docker-${image:-ubuntu2004}-ansible:${tag:-latest}" + image: "geerlingguy/docker-${MOLECULE_IMAGE:-ubuntu2204}-ansible:${MOLECULE_TAG:-latest}" command: ${MOLECULE_DOCKER_COMMAND:-""} volumes: - "/sys/fs/cgroup:/sys/fs/cgroup:${MOLECULE_DOCKER_VOLUMES:-ro}" # Use "ro" for cgroup v1 and "rw" for cgroup v2 @@ -35,7 +35,7 @@ platforms: - masters - k8s_cluster - name: node3 - image: "geerlingguy/docker-${image:-ubuntu2004}-ansible:${tag:-latest}" + image: "geerlingguy/docker-${MOLECULE_IMAGE:-ubuntu2204}-ansible:${MOLECULE_TAG:-latest}" command: ${MOLECULE_DOCKER_COMMAND:-""} volumes: - "/sys/fs/cgroup:/sys/fs/cgroup:${MOLECULE_DOCKER_VOLUMES:-ro}" # Use "ro" for cgroup v1 and "rw" for cgroup v2 @@ -48,7 +48,7 @@ platforms: - masters - k8s_cluster - name: node4 - image: "geerlingguy/docker-${image:-ubuntu2004}-ansible:${tag:-latest}" + image: "geerlingguy/docker-${MOLECULE_IMAGE:-ubuntu2204}-ansible:${MOLECULE_TAG:-latest}" command: ${MOLECULE_DOCKER_COMMAND:-""} volumes: - "/sys/fs/cgroup:/sys/fs/cgroup:${MOLECULE_DOCKER_VOLUMES:-ro}" # Use "ro" for cgroup v1 and "rw" for cgroup v2 diff --git a/molecule/ha_cluster_kubevip/converge.yml b/molecule/ha_cluster_kubevip/converge.yml deleted file mode 100644 index f19dc12..0000000 --- a/molecule/ha_cluster_kubevip/converge.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- -- name: Converge - hosts: all - become: yes - vars: - rke2_server_taint: true - rke2_cni: calico - rke2_api_ip: 192.168.121.100 - rke2_version: v1.25.3+rke2r1 - # rke2_cis_profile: cis-1.23 - rke2_ha_mode_keepalived: false - rke2_ha_mode: true - rke2_ha_mode_kubevip: true - rke2_kubevip_cloud_provider_enable: true - rke2_kubevip_svc_enable: true - rke2_loadbalancer_ip_range: 192.168.121.1-192.168.121.50 - # rke2_interface: eth1 - roles: - - role: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') | basename }}" diff --git a/molecule/ha_cluster_kubevip/molecule.yml b/molecule/ha_cluster_kubevip/molecule.yml deleted file mode 100644 index fdc63f8..0000000 --- a/molecule/ha_cluster_kubevip/molecule.yml +++ /dev/null @@ -1,113 +0,0 @@ ---- -dependency: - name: galaxy -driver: - name: vagrant - provider: - name: libvirt - provision: yes -lint: | - yamllint -f colored -s . - ansible-lint --exclude=molecule/ --exclude=.github/ - -platforms: - - name: instance-1 - management: - network_name: private_network - network_address: 192.168.123.0/24 - # interfaces: - # - network_name: private_network - # ip: 192.168.123.11 - # config_options: - # ssh.keep_alive: yes - # ssh.remote_user: 'vagrant' - box: generic/ubuntu2004 - box_version: 4.2 - memory: 2048 - cpus: 1 - provider_options: - # using session with network leads to troubles - qemu_use_session: false - groups: - - masters - - k8s_cluster - - name: instance-2 - # interfaces: - # - network_name: private_network - # ip: 192.168.123.12 - # config_options: - # ssh.keep_alive: yes - # ssh.remote_user: 'vagrant' - box: generic/ubuntu2004 - box_version: 4.2 - memory: 2048 - cpus: 1 - provider_options: - # using session with network leads to troubles - qemu_use_session: false - groups: - - masters - - k8s_cluster - - name: instance-3 - # interfaces: - # - network_name: private_network - # ip: 192.168.123.13 - # config_options: - # ssh.keep_alive: yes - # ssh.remote_user: 'vagrant' - box: generic/ubuntu2004 - box_version: 4.2 - memory: 2048 - cpus: 1 - provider_options: - # using session with network leads to troubles - qemu_use_session: false - groups: - - masters - - k8s_cluster - - name: instance-4 - # interfaces: - # - network_name: private_network - # ip: 192.168.123.14 - # config_options: - # ssh.keep_alive: yes - # ssh.remote_user: 'vagrant' - box: generic/ubuntu2004 - box_version: 4.2 - memory: 2048 - cpus: 1 - provider_options: - # using session with network leads to troubles - qemu_use_session: false - groups: - - workers - - k8s_cluster -provisioner: - name: ansible - inventory: - group_vars: - masters: - rke2_type: server - k8s_node_label: - - controlplane=true - workers: - rke2_type: agent - k8s_node_label: - - worker=true - -verifier: - name: ansible -scenario: - name: ha_cluster_kubevip - test_sequence: - - lint - - destroy - - syntax - - dependency - - create - - prepare - - converge - # - idempotence - - verify - - cleanup - - destroy diff --git a/molecule/ha_cluster_kubevip/prepare.yml b/molecule/ha_cluster_kubevip/prepare.yml deleted file mode 100644 index 4b3ffb0..0000000 --- a/molecule/ha_cluster_kubevip/prepare.yml +++ /dev/null @@ -1,12 +0,0 @@ ---- -- name: Prepare - hosts: node* - become: true - tasks: - - name: Install packages - ansible.builtin.package: - update_cache: true - name: "{{ item }}" - loop: - - wget - - curl diff --git a/molecule/ha_cluster_kubevip/verify.yml b/molecule/ha_cluster_kubevip/verify.yml deleted file mode 100644 index e1a6ed5..0000000 --- a/molecule/ha_cluster_kubevip/verify.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- - -- name: Verify - hosts: node1 - gather_facts: false - vars: - rke2_data_path: /var/lib/rancher/rke2 - tasks: - - name: Verify RKE2 - shell: | - set -e - set -o pipefail - {{ rke2_data_path }}/bin/kubectl --kubeconfig /etc/rancher/rke2/rke2.yaml get nodes | grep " Ready" | wc -l - args: - executable: /bin/bash - register: nodes - - - name: Check Nodes - assert: - that: - - groups.all | length == nodes.stdout | int - quiet: true From 5d9735f867afbf8be0c723bdd9e5fd999a1178c7 Mon Sep 17 00:00:00 2001 From: Michal Muransky Date: Thu, 29 Dec 2022 21:51:20 +0100 Subject: [PATCH 18/21] Rework CI --- .github/workflows/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 605def1..1704421 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -25,8 +25,8 @@ jobs: config: - image: "rockylinux8" tag: "latest" - # - image: "ubuntu2004" - # tag: "latest" + - image: "ubuntu2004" + tag: "latest" - image: "ubuntu2204" tag: "latest" steps: From 916e7de1210ac6a01ca15546ff0300eed2bc3339 Mon Sep 17 00:00:00 2001 From: Michal Muransky Date: Thu, 29 Dec 2022 22:03:48 +0100 Subject: [PATCH 19/21] Rework CI --- .github/workflows/main.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 1704421..5e146b4 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -25,10 +25,13 @@ jobs: config: - image: "rockylinux8" tag: "latest" + cgroup_mode: "private" - image: "ubuntu2004" tag: "latest" + cgroup_mode: "host" - image: "ubuntu2204" tag: "latest" + cgroup_mode: "private" steps: - name: checkout uses: actions/checkout@v3 @@ -51,6 +54,7 @@ jobs: ANSIBLE_FORCE_COLOR: '1' MOLECULE_IMAGE: ${{ matrix.config.image }} MOLECULE_TAG: ${{ matrix.config.tag }} + MOLECULE_DOCKER_CGROUPS_MODE: ${{ matrix.config.cgroup_mode }} cluster: name: Cluster setup @@ -61,6 +65,7 @@ jobs: config: - image: "ubuntu2204" tag: "latest" + cgroup_mode: "private" steps: - name: checkout uses: actions/checkout@v3 @@ -83,3 +88,4 @@ jobs: ANSIBLE_FORCE_COLOR: '1' MOLECULE_IMAGE: ${{ matrix.config.image }} MOLECULE_TAG: ${{ matrix.config.tag }} + MOLECULE_DOCKER_CGROUPS_MODE: ${{ matrix.config.cgroup_mode }} From 3a859bc879281b7a73d8bee61ae6714c09d9eb79 Mon Sep 17 00:00:00 2001 From: Michal Muransky Date: Thu, 29 Dec 2022 22:11:39 +0100 Subject: [PATCH 20/21] Do not run Ubuntu 20 test --- .github/workflows/main.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 5e146b4..db33135 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -26,9 +26,9 @@ jobs: - image: "rockylinux8" tag: "latest" cgroup_mode: "private" - - image: "ubuntu2004" - tag: "latest" - cgroup_mode: "host" + # - image: "ubuntu2004" + # tag: "latest" + # cgroup_mode: "private" - image: "ubuntu2204" tag: "latest" cgroup_mode: "private" From 3a46637e86aa78ff75d26f66516037327d393ecf Mon Sep 17 00:00:00 2001 From: Michal Muransky Date: Thu, 29 Dec 2022 22:13:01 +0100 Subject: [PATCH 21/21] Rename workflow file --- .github/workflows/{main.yml => ci.yml} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename .github/workflows/{main.yml => ci.yml} (100%) diff --git a/.github/workflows/main.yml b/.github/workflows/ci.yml similarity index 100% rename from .github/workflows/main.yml rename to .github/workflows/ci.yml