From d5b37acd8acaa307c3480e9dba35a9e5410086ce Mon Sep 17 00:00:00 2001 From: Simon Leiner Date: Sat, 24 Sep 2022 07:10:55 +0200 Subject: [PATCH] Drop support for CentOS, test Rocky and Debian in CI (#92) * Test CentOS 7 in CI * Drop support for CentOS, test on Rocky and Debian * Fix reset playbook for Rocky Linux * Fix typo * Disable firewalld during testing Co-authored-by: Techno Tim --- .github/download-boxes.sh | 34 +++++++++++++++++ .github/workflows/test.yml | 6 +++ README.md | 6 +-- molecule/default/molecule.yml | 37 ++++++++++++------- molecule/default/prepare.yml | 22 +++++++++++ molecule/ipv6/molecule.yml | 26 ++++++++----- reset.yml | 6 +++ roles/raspberrypi/defaults/main.yml | 6 +++ roles/raspberrypi/tasks/main.yml | 19 +++++++--- .../tasks/{prereq => setup}/Raspbian.yml | 0 .../{prereq/CentOS.yml => setup/Rocky.yml} | 2 +- .../tasks/{prereq => setup}/Ubuntu.yml | 14 +++++-- .../tasks/{prereq => setup}/default.yml | 0 roles/raspberrypi/tasks/teardown/Raspbian.yml | 1 + roles/raspberrypi/tasks/teardown/Rocky.yml | 1 + roles/raspberrypi/tasks/teardown/Ubuntu.yml | 5 +++ roles/raspberrypi/tasks/teardown/default.yml | 1 + roles/reset/tasks/main.yml | 9 +---- 18 files changed, 150 insertions(+), 45 deletions(-) create mode 100755 .github/download-boxes.sh create mode 100644 molecule/default/prepare.yml create mode 100644 roles/raspberrypi/defaults/main.yml rename roles/raspberrypi/tasks/{prereq => setup}/Raspbian.yml (100%) rename roles/raspberrypi/tasks/{prereq/CentOS.yml => setup/Rocky.yml} (96%) rename roles/raspberrypi/tasks/{prereq => setup}/Ubuntu.yml (62%) rename roles/raspberrypi/tasks/{prereq => setup}/default.yml (100%) create mode 100644 roles/raspberrypi/tasks/teardown/Raspbian.yml create mode 100644 roles/raspberrypi/tasks/teardown/Rocky.yml create mode 100644 roles/raspberrypi/tasks/teardown/Ubuntu.yml create mode 100644 roles/raspberrypi/tasks/teardown/default.yml diff --git a/.github/download-boxes.sh b/.github/download-boxes.sh new file mode 100755 index 0000000..fb5bf8e --- /dev/null +++ b/.github/download-boxes.sh @@ -0,0 +1,34 @@ +#!/bin/bash + +# download-boxes.sh +# Check all molecule.yml files for required Vagrant boxes and download the ones that are not +# already present on the system. + +set -euo pipefail + +GIT_ROOT=$(git rev-parse --show-toplevel) +PROVIDER=virtualbox + +# Read all boxes for all platforms from the "molecule.yml" files +all_boxes=$(cat "${GIT_ROOT}"/molecule/*/molecule.yml | + yq -r '.platforms[].box' | # Read the "box" property of each node under "platforms" + grep --invert-match --regexp=--- | # Filter out file separators + sort | + uniq) + +# Read the boxes that are currently present on the system (for the current provider) +present_boxes=$(vagrant box list | + grep "${PROVIDER}" | # Filter by boxes available for the current provider + awk '{print $1;}' | # The box name is the first word in each line + sort | + uniq) + +# The boxes that we need to download are the ones present in $all_boxes, but not $present_boxes. +download_boxes=$(comm -2 -3 <(echo "${all_boxes}") <(echo "${present_boxes}")) + +# Actually download the necessary boxes +if [ -n "${download_boxes}" ]; then + echo "${download_boxes}" | while IFS= read -r box; do + vagrant box add --provider "${PROVIDER}" "${box}" + done +fi diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 19d958c..f24a7ef 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -43,6 +43,12 @@ jobs: restore-keys: | vagrant-boxes + - name: Download Vagrant boxes for all scenarios + # To save some cache space, all scenarios share the same cache key. + # On the other hand, this means that the cache contents should be + # the same across all scenarios. This step ensures that. + run: ./.github/download-boxes.sh + - name: Set up Python ${{ env.PYTHON_VERSION }} uses: actions/setup-python@v2 with: diff --git a/README.md b/README.md index 1a954fa..922e527 100644 --- a/README.md +++ b/README.md @@ -16,9 +16,9 @@ If you want more context on how this works, see: Build a Kubernetes cluster using Ansible with k3s. The goal is easily install a HA Kubernetes cluster on machines running: -- [X] Debian -- [X] Ubuntu -- [X] CentOS +- [x] Debian (tested on version 11) +- [x] Ubuntu (tested on version 22.04) +- [x] Rocky (tested on version 9) on processor architecture: diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index afb3678..ddb6410 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -3,43 +3,52 @@ dependency: name: galaxy driver: name: vagrant -platforms: +.platform_presets: - &control - name: control1 - box: generic/ubuntu2204 memory: 2048 cpus: 2 + groups: + - k3s_cluster + - master + - &node + memory: 2048 + cpus: 2 + groups: + - k3s_cluster + - node + - &debian + box: generic/debian11 + - &rocky + box: generic/rocky9 + - &ubuntu + box: generic/ubuntu2204 config_options: # We currently can not use public-key based authentication on Ubuntu 22.04, # see: https://github.com/chef/bento/issues/1405 ssh.username: "vagrant" ssh.password: "vagrant" - groups: - - k3s_cluster - - master +platforms: + - <<: [*control, *ubuntu] + name: control1 interfaces: - network_name: private_network ip: 192.168.30.38 - - <<: *control + - <<: [*control, *debian] name: control2 interfaces: - network_name: private_network ip: 192.168.30.39 - - <<: *control + - <<: [*control, *rocky] name: control3 interfaces: - network_name: private_network ip: 192.168.30.40 - - &node - <<: *control + - <<: [*node, *ubuntu] name: node1 - groups: - - k3s_cluster - - node interfaces: - network_name: private_network ip: 192.168.30.41 - - <<: *node + - <<: [*node, *rocky] name: node2 interfaces: - network_name: private_network diff --git a/molecule/default/prepare.yml b/molecule/default/prepare.yml new file mode 100644 index 0000000..17da4dd --- /dev/null +++ b/molecule/default/prepare.yml @@ -0,0 +1,22 @@ +--- +- name: Apply overrides + ansible.builtin.import_playbook: >- + {{ lookup("ansible.builtin.env", "MOLECULE_SCENARIO_DIRECTORY") }}/overrides.yml + +- name: Network setup + hosts: all + tasks: + - name: Disable firewalld + when: ansible_distribution == "Rocky" + # Rocky Linux comes with firewalld enabled. It blocks some of the network + # connections needed for our k3s cluster. For our test setup, we just disable + # it since the VM host's firewall is still active for connections to and from + # the Internet. + # When building your own cluster, please DO NOT blindly copy this. Instead, + # please create a custom firewall configuration that fits your network design + # and security needs. + ansible.builtin.systemd: + name: firewalld + enabled: no + state: stopped + become: true diff --git a/molecule/ipv6/molecule.yml b/molecule/ipv6/molecule.yml index 760f944..e1be705 100644 --- a/molecule/ipv6/molecule.yml +++ b/molecule/ipv6/molecule.yml @@ -3,28 +3,34 @@ dependency: name: galaxy driver: name: vagrant -platforms: +.platform_presets: - &control - name: control1 - box: generic/ubuntu2204 memory: 2048 cpus: 2 + groups: + - k3s_cluster + - master + - &node + memory: 2048 + cpus: 2 + groups: + - k3s_cluster + - node + - &ubuntu + box: generic/ubuntu2204 config_options: # We currently can not use public-key based authentication on Ubuntu 22.04, # see: https://github.com/chef/bento/issues/1405 ssh.username: "vagrant" ssh.password: "vagrant" - groups: - - k3s_cluster - - master +platforms: + - <<: [*control, *ubuntu] + name: control1 interfaces: - network_name: private_network ip: fdad:bad:ba55::de:11 - - <<: *control + - <<: [*node, *ubuntu] name: node1 - groups: - - k3s_cluster - - node interfaces: - network_name: private_network ip: fdad:bad:ba55::de:21 diff --git a/reset.yml b/reset.yml index 77577fd..23e8cf9 100644 --- a/reset.yml +++ b/reset.yml @@ -4,4 +4,10 @@ gather_facts: yes become: yes roles: + - role: raspberrypi + vars: {state: absent} - role: reset + post_tasks: + - name: Reboot and wait for node to come back up + reboot: + reboot_timeout: 3600 diff --git a/roles/raspberrypi/defaults/main.yml b/roles/raspberrypi/defaults/main.yml new file mode 100644 index 0000000..124fb90 --- /dev/null +++ b/roles/raspberrypi/defaults/main.yml @@ -0,0 +1,6 @@ +--- +# Indicates whether the k3s prerequisites for Raspberry Pi should be set up +# Possible values: +# - present +# - absent +state: present diff --git a/roles/raspberrypi/tasks/main.yml b/roles/raspberrypi/tasks/main.yml index 0e17964..0b81c86 100644 --- a/roles/raspberrypi/tasks/main.yml +++ b/roles/raspberrypi/tasks/main.yml @@ -47,13 +47,20 @@ - raspberry_pi|default(false) - ansible_facts.lsb.description|default("") is match("Debian.*bullseye") -- name: execute OS related tasks on the Raspberry Pi +- name: execute OS related {{ action }} tasks on the Raspberry Pi include_tasks: "{{ item }}" with_first_found: - - "prereq/{{ detected_distribution }}-{{ detected_distribution_major_version }}.yml" - - "prereq/{{ detected_distribution }}.yml" - - "prereq/{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml" - - "prereq/{{ ansible_distribution }}.yml" - - "prereq/default.yml" + - "{{ action }}/{{ detected_distribution }}-{{ detected_distribution_major_version }}.yml" + - "{{ action }}/{{ detected_distribution }}.yml" + - "{{ action }}/{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml" + - "{{ action }}/{{ ansible_distribution }}.yml" + - "{{ action }}/default.yml" + vars: + action: >- + {% if state == "present" -%} + setup + {%- else -%} + teardown + {%- endif %} when: - raspberry_pi|default(false) diff --git a/roles/raspberrypi/tasks/prereq/Raspbian.yml b/roles/raspberrypi/tasks/setup/Raspbian.yml similarity index 100% rename from roles/raspberrypi/tasks/prereq/Raspbian.yml rename to roles/raspberrypi/tasks/setup/Raspbian.yml diff --git a/roles/raspberrypi/tasks/prereq/CentOS.yml b/roles/raspberrypi/tasks/setup/Rocky.yml similarity index 96% rename from roles/raspberrypi/tasks/prereq/CentOS.yml rename to roles/raspberrypi/tasks/setup/Rocky.yml index f12bbf8..b037b1d 100644 --- a/roles/raspberrypi/tasks/prereq/CentOS.yml +++ b/roles/raspberrypi/tasks/setup/Rocky.yml @@ -1,5 +1,5 @@ --- -- name: Enable cgroup via boot commandline if not already enabled for Centos +- name: Enable cgroup via boot commandline if not already enabled for Rocky lineinfile: path: /boot/cmdline.txt backrefs: yes diff --git a/roles/raspberrypi/tasks/prereq/Ubuntu.yml b/roles/raspberrypi/tasks/setup/Ubuntu.yml similarity index 62% rename from roles/raspberrypi/tasks/prereq/Ubuntu.yml rename to roles/raspberrypi/tasks/setup/Ubuntu.yml index 8b580ae..8158f31 100644 --- a/roles/raspberrypi/tasks/prereq/Ubuntu.yml +++ b/roles/raspberrypi/tasks/setup/Ubuntu.yml @@ -6,8 +6,16 @@ regexp: '^((?!.*\bcgroup_enable=cpuset cgroup_memory=1 cgroup_enable=memory\b).*)$' line: '\1 cgroup_enable=cpuset cgroup_memory=1 cgroup_enable=memory' notify: reboot - when: not ansible_check_mode - name: Install linux-modules-extra-raspi - apt: name=linux-modules-extra-raspi state=present - when: (raspberry_pi) and (not ansible_check_mode) + apt: + name: linux-modules-extra-raspi + state: present + +- name: Teardown + when: state == "absent" + block: + - name: Remove linux-modules-extra-raspi + apt: + name: linux-modules-extra-raspi + state: absent diff --git a/roles/raspberrypi/tasks/prereq/default.yml b/roles/raspberrypi/tasks/setup/default.yml similarity index 100% rename from roles/raspberrypi/tasks/prereq/default.yml rename to roles/raspberrypi/tasks/setup/default.yml diff --git a/roles/raspberrypi/tasks/teardown/Raspbian.yml b/roles/raspberrypi/tasks/teardown/Raspbian.yml new file mode 100644 index 0000000..ed97d53 --- /dev/null +++ b/roles/raspberrypi/tasks/teardown/Raspbian.yml @@ -0,0 +1 @@ +--- diff --git a/roles/raspberrypi/tasks/teardown/Rocky.yml b/roles/raspberrypi/tasks/teardown/Rocky.yml new file mode 100644 index 0000000..ed97d53 --- /dev/null +++ b/roles/raspberrypi/tasks/teardown/Rocky.yml @@ -0,0 +1 @@ +--- diff --git a/roles/raspberrypi/tasks/teardown/Ubuntu.yml b/roles/raspberrypi/tasks/teardown/Ubuntu.yml new file mode 100644 index 0000000..e9e30e4 --- /dev/null +++ b/roles/raspberrypi/tasks/teardown/Ubuntu.yml @@ -0,0 +1,5 @@ +--- +- name: Remove linux-modules-extra-raspi + apt: + name: linux-modules-extra-raspi + state: absent diff --git a/roles/raspberrypi/tasks/teardown/default.yml b/roles/raspberrypi/tasks/teardown/default.yml new file mode 100644 index 0000000..ed97d53 --- /dev/null +++ b/roles/raspberrypi/tasks/teardown/default.yml @@ -0,0 +1 @@ +--- diff --git a/roles/reset/tasks/main.yml b/roles/reset/tasks/main.yml index ae0388c..537839d 100644 --- a/roles/reset/tasks/main.yml +++ b/roles/reset/tasks/main.yml @@ -50,14 +50,7 @@ systemd: daemon_reload: yes -- name: Remove linux-modules-extra-raspi - apt: name=linux-modules-extra-raspi state=absent - -- name: Remove tmp director used for manifests +- name: Remove tmp directory used for manifests file: path: /tmp/k3s state: absent - -- name: Reboot and wait for node to come back up - reboot: - reboot_timeout: 3600