diff --git a/roles/kubernetes/preinstall/defaults/main.yml b/roles/kubernetes/preinstall/defaults/main.yml index f6d93f187..de870f90f 100644 --- a/roles/kubernetes/preinstall/defaults/main.yml +++ b/roles/kubernetes/preinstall/defaults/main.yml @@ -104,7 +104,7 @@ redhat_os_family_extensions: - "UniontechOS" # Sets DNSStubListener=no, useful if you get "0.0.0.0:53: bind: address already in use" -systemd_resolved_disable_stub_listener: "{{ ansible_os_family in ['Flatcar', 'Flatcar Container Linux by Kinvolk'] }}" +systemd_resolved_disable_stub_listener: "{{ ansible_facts['os_family'] in ['Flatcar', 'Flatcar Container Linux by Kinvolk'] }}" # Used to disable File Access Policy Daemon service. # If service is enabled, the CNI plugin installation will fail diff --git a/roles/kubernetes/preinstall/handlers/main.yml b/roles/kubernetes/preinstall/handlers/main.yml index cf05200e3..e51064a23 100644 --- a/roles/kubernetes/preinstall/handlers/main.yml +++ b/roles/kubernetes/preinstall/handlers/main.yml @@ -1,7 +1,7 @@ --- - name: Preinstall | apply resolvconf cloud-init command: /usr/bin/coreos-cloudinit --from-file {{ resolveconf_cloud_init_conf }} - when: ansible_os_family in ["Flatcar", "Flatcar Container Linux by Kinvolk"] + when: ansible_facts['os_family'] in ["Flatcar", "Flatcar Container Linux by Kinvolk"] listen: Preinstall | propagate resolvconf to k8s components - name: Preinstall | reload NetworkManager diff --git a/roles/kubernetes/preinstall/tasks/0020-set_facts.yml b/roles/kubernetes/preinstall/tasks/0020-set_facts.yml index 9213f6bce..4e3be18b8 100644 --- a/roles/kubernetes/preinstall/tasks/0020-set_facts.yml +++ b/roles/kubernetes/preinstall/tasks/0020-set_facts.yml @@ -1,9 +1,12 @@ --- -- name: Set os_family fact for other redhat-based operating systems +- name: Normalize ansible_facts for redhat-family extensions set_fact: - ansible_os_family: "RedHat" - ansible_distribution_major_version: "8" - when: ansible_distribution in redhat_os_family_extensions + ansible_facts: >- + {{ ansible_facts | combine({ + 'os_family': 'RedHat', + 'distribution_major_version': '8' + }) }} + when: ansible_facts['distribution'] in redhat_os_family_extensions tags: - facts @@ -86,12 +89,12 @@ {%- if resolvconf | bool -%}/etc/resolvconf/resolv.conf.d/base{%- endif -%} head: >- {%- if resolvconf | bool -%}/etc/resolvconf/resolv.conf.d/head{%- endif -%} - when: not ansible_os_family in ["Flatcar", "Flatcar Container Linux by Kinvolk"] and not is_fedora_coreos + when: ansible_facts['os_family'] not in ["Flatcar", "Flatcar Container Linux by Kinvolk"] and not is_fedora_coreos - name: Target temporary resolvconf cloud init file (Flatcar Container Linux by Kinvolk / Fedora CoreOS) set_fact: resolvconffile: /tmp/resolveconf_cloud_init_conf - when: ansible_os_family in ["Flatcar", "Flatcar Container Linux by Kinvolk"] or is_fedora_coreos + when: ansible_facts['os_family'] in ["Flatcar", "Flatcar Container Linux by Kinvolk"] or is_fedora_coreos - name: Check if /etc/dhclient.conf exists stat: @@ -122,12 +125,12 @@ - name: Target dhclient hook file for Red Hat family set_fact: dhclienthookfile: /etc/dhcp/dhclient.d/zdnsupdate.sh - when: ansible_os_family == "RedHat" + when: ansible_facts['os_family'] == "RedHat" - name: Target dhclient hook file for Debian family set_fact: dhclienthookfile: /etc/dhcp/dhclient-exit-hooks.d/zdnsupdate - when: ansible_os_family == "Debian" + when: ansible_facts['os_family'] == "Debian" - name: Set etcd vars if using kubeadm mode set_fact: diff --git a/roles/kubernetes/preinstall/tasks/0040-verify-settings.yml b/roles/kubernetes/preinstall/tasks/0040-verify-settings.yml index bdfb69e83..1395087c1 100644 --- a/roles/kubernetes/preinstall/tasks/0040-verify-settings.yml +++ b/roles/kubernetes/preinstall/tasks/0040-verify-settings.yml @@ -15,25 +15,25 @@ - not ignore_assert_errors - name: Stop if non systemd OS type assert: - that: ansible_service_mgr == "systemd" + that: ansible_facts['service_mgr'] == "systemd" when: not ignore_assert_errors - name: Stop if the os does not support assert: - that: (allow_unsupported_distribution_setup | default(false)) or ansible_distribution in supported_os_distributions - msg: "{{ ansible_distribution }} is not a known OS" + that: (allow_unsupported_distribution_setup | default(false)) or ansible_facts['distribution'] in supported_os_distributions + msg: "{{ ansible_facts['distribution'] }} is not a known OS" when: not ignore_assert_errors - name: Stop if memory is too small for control plane nodes assert: - that: ansible_memtotal_mb >= minimal_master_memory_mb + that: ansible_facts['memtotal_mb'] >= minimal_master_memory_mb when: - not ignore_assert_errors - ('kube_control_plane' in group_names) - name: Stop if memory is too small for nodes assert: - that: ansible_memtotal_mb >= minimal_node_memory_mb + that: ansible_facts['memtotal_mb'] >= minimal_node_memory_mb when: - not ignore_assert_errors - ('kube_node' in group_names) @@ -47,8 +47,8 @@ - name: Stop if ip var does not match local ips assert: - that: (ip in ansible_all_ipv4_addresses) or (ip in ansible_all_ipv6_addresses) - msg: "IPv4: '{{ ansible_all_ipv4_addresses }}' and IPv6: '{{ ansible_all_ipv6_addresses }}' do not contain '{{ ip }}'" + that: (ip in ansible_facts['all_ipv4_addresses']) or (ip in ansible_facts['all_ipv6_addresses']) + msg: "IPv4: '{{ ansible_facts['all_ipv4_addresses'] }}' and IPv6: '{{ ansible_facts['all_ipv6_addresses'] }}' do not contain '{{ ip }}'" when: - not ignore_assert_errors - ip is defined @@ -63,14 +63,14 @@ - name: Stop if kernel version is too low for cilium assert: - that: ansible_kernel.split('-')[0] is version('4.9.17', '>=') + that: ansible_facts['kernel'].split('-')[0] is version('4.9.17', '>=') when: - kube_network_plugin == 'cilium' or cilium_deploy_additionally - not ignore_assert_errors - name: Stop if kernel version is too low for nftables assert: - that: ansible_kernel.split('-')[0] is version('5.13', '>=') + that: ansible_facts['kernel'].split('-')[0] is version('5.13', '>=') when: - kube_proxy_mode == 'nftables' - not kube_proxy_remove @@ -93,6 +93,6 @@ - name: Stop if download_localhost is enabled for Flatcar Container Linux assert: - that: ansible_os_family not in ["Flatcar", "Flatcar Container Linux by Kinvolk"] + that: ansible_facts['os_family'] not in ["Flatcar", "Flatcar Container Linux by Kinvolk"] msg: "download_run_once not supported for Flatcar Container Linux" when: download_run_once or download_force_cache diff --git a/roles/kubernetes/preinstall/tasks/0060-resolvconf.yml b/roles/kubernetes/preinstall/tasks/0060-resolvconf.yml index 017d34d24..3107764ae 100644 --- a/roles/kubernetes/preinstall/tasks/0060-resolvconf.yml +++ b/roles/kubernetes/preinstall/tasks/0060-resolvconf.yml @@ -1,7 +1,7 @@ --- - name: Create temporary resolveconf cloud init file command: cp -f /etc/resolv.conf "{{ resolvconffile }}" - when: ansible_os_family in ["Flatcar", "Flatcar Container Linux by Kinvolk"] + when: ansible_facts['os_family'] in ["Flatcar", "Flatcar Container Linux by Kinvolk"] - name: Add domain/search/nameservers/options to resolv.conf blockinfile: @@ -45,7 +45,7 @@ - name: Get temporary resolveconf cloud init file content command: cat {{ resolvconffile }} register: cloud_config - when: ansible_os_family in ["Flatcar", "Flatcar Container Linux by Kinvolk"] + when: ansible_facts['os_family'] in ["Flatcar", "Flatcar Container Linux by Kinvolk"] - name: Persist resolvconf cloud init file template: @@ -54,4 +54,4 @@ owner: root mode: "0644" notify: Preinstall | propagate resolvconf to k8s components - when: ansible_os_family in ["Flatcar", "Flatcar Container Linux by Kinvolk"] + when: ansible_facts['os_family'] in ["Flatcar", "Flatcar Container Linux by Kinvolk"] diff --git a/roles/kubernetes/preinstall/tasks/0080-system-configurations.yml b/roles/kubernetes/preinstall/tasks/0080-system-configurations.yml index c4a291699..0830ef4c4 100644 --- a/roles/kubernetes/preinstall/tasks/0080-system-configurations.yml +++ b/roles/kubernetes/preinstall/tasks/0080-system-configurations.yml @@ -7,8 +7,8 @@ get_checksum: false get_mime: false when: - - ansible_os_family == "RedHat" - - "'Amazon' not in ansible_distribution" + - ansible_facts['os_family'] == "RedHat" + - "'Amazon' not in ansible_facts['distribution']" register: slc - name: Set selinux policy @@ -16,8 +16,8 @@ policy: targeted state: "{{ preinstall_selinux_state }}" when: - - ansible_os_family == "RedHat" - - "'Amazon' not in ansible_distribution" + - ansible_facts['os_family'] == "RedHat" + - "'Amazon' not in ansible_facts['distribution']" - slc.stat.exists tags: - bootstrap_os @@ -32,7 +32,7 @@ mode: "0644" when: - disable_ipv6_dns - - not ansible_os_family in ["Flatcar", "Flatcar Container Linux by Kinvolk"] + - ansible_facts['os_family'] not in ["Flatcar", "Flatcar Container Linux by Kinvolk"] tags: - bootstrap_os diff --git a/roles/kubernetes/preinstall/tasks/0081-ntp-configurations.yml b/roles/kubernetes/preinstall/tasks/0081-ntp-configurations.yml index 5a781bc49..b93a2d47a 100644 --- a/roles/kubernetes/preinstall/tasks/0081-ntp-configurations.yml +++ b/roles/kubernetes/preinstall/tasks/0081-ntp-configurations.yml @@ -15,7 +15,7 @@ /etc/ntp.conf {%- elif ntp_package == "ntpsec" -%} /etc/ntpsec/ntp.conf - {%- elif ansible_os_family in ['RedHat', 'Suse'] -%} + {%- elif ansible_facts['os_family'] in ['RedHat', 'Suse'] -%} /etc/chrony.conf {%- else -%} /etc/chrony/chrony.conf @@ -24,7 +24,7 @@ ntp_service_name: >- {% if ntp_package == "chrony" -%} chronyd - {%- elif ansible_os_family in ["Flatcar", "Flatcar Container Linux by Kinvolk", "RedHat", "Suse"] -%} + {%- elif ansible_facts['os_family'] in ["Flatcar", "Flatcar Container Linux by Kinvolk", "RedHat", "Suse"] -%} ntpd {%- else -%} ntp @@ -72,14 +72,14 @@ when: - ntp_timezone - not is_fedora_coreos - - not ansible_os_family in ["Flatcar", "Flatcar Container Linux by Kinvolk"] + - ansible_facts['os_family'] not in ["Flatcar", "Flatcar Container Linux by Kinvolk"] - name: Gather selinux facts ansible.builtin.setup: gather_subset: selinux when: - ntp_timezone - - ansible_os_family == "RedHat" + - ansible_facts['os_family'] == "RedHat" - name: Put SELinux in permissive mode, logging actions that would be blocked. ansible.posix.selinux: @@ -87,7 +87,7 @@ state: permissive when: - ntp_timezone - - ansible_os_family == "RedHat" + - ansible_facts['os_family'] == "RedHat" - ansible_facts.selinux.status == 'enabled' - ansible_facts.selinux.mode == 'enforcing' @@ -103,5 +103,5 @@ state: "{{ preinstall_selinux_state }}" when: - ntp_timezone - - ansible_os_family == "RedHat" + - ansible_facts['os_family'] == "RedHat" - ansible_facts.selinux.status == 'enabled' diff --git a/roles/kubernetes/preinstall/tasks/0100-dhclient-hooks.yml b/roles/kubernetes/preinstall/tasks/0100-dhclient-hooks.yml index 7daa87816..7076389e5 100644 --- a/roles/kubernetes/preinstall/tasks/0100-dhclient-hooks.yml +++ b/roles/kubernetes/preinstall/tasks/0100-dhclient-hooks.yml @@ -26,7 +26,7 @@ owner: root mode: "0755" notify: Preinstall | propagate resolvconf to k8s components - when: ansible_os_family not in [ "RedHat", "Suse" ] + when: ansible_facts['os_family'] not in [ "RedHat", "Suse" ] - name: Configure dhclient hooks for resolv.conf (RH-only) template: @@ -35,4 +35,4 @@ owner: root mode: "0755" notify: Preinstall | propagate resolvconf to k8s components - when: ansible_os_family == "RedHat" + when: ansible_facts['os_family'] == "RedHat" diff --git a/roles/kubernetes/preinstall/tasks/main.yml b/roles/kubernetes/preinstall/tasks/main.yml index 3553d8e5f..c4372d542 100644 --- a/roles/kubernetes/preinstall/tasks/main.yml +++ b/roles/kubernetes/preinstall/tasks/main.yml @@ -83,7 +83,7 @@ - dns_mode != 'none' - resolvconf_mode == 'host_resolvconf' - dhclientconffile is defined - - not ansible_os_family in ["Flatcar", "Flatcar Container Linux by Kinvolk"] + - ansible_facts['os_family'] not in ["Flatcar", "Flatcar Container Linux by Kinvolk"] tags: - bootstrap_os - resolvconf @@ -94,7 +94,7 @@ - dns_mode != 'none' - resolvconf_mode != 'host_resolvconf' - dhclientconffile is defined - - not ansible_os_family in ["Flatcar", "Flatcar Container Linux by Kinvolk"] + - ansible_facts['os_family'] not in ["Flatcar", "Flatcar Container Linux by Kinvolk"] tags: - bootstrap_os - resolvconf