Verify valid settings before deploy (#1705)

Also fix yaml lint issues

Fixes #1703

roles/kubernetes/preinstall/defaults/main.yml

@@ -1,6 +1,9 @@
 ---
 run_gitinfos: false
 
+# Set to true to allow pre-checks to fail and continue deployment
+ignore_assert_errors: false
+
 epel_rpm_download_url: "https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm"
 
 common_required_pkgs:

roles/kubernetes/preinstall/tasks/main.yml

@@ -1,6 +1,6 @@
 ---
-- include: pre-upgrade.yml
-  tags: [upgrade, bootstrap-os]
+- include: verify-settings.yml
+  tags: asserts
 
 - name: Force binaries directory for Container Linux by CoreOS
   set_fact:

roles/kubernetes/preinstall/tasks/pre-upgrade.yml

@@ -1,6 +0,0 @@
----
-- name: Stop if non systemd OS type
-  assert:
-    that: ansible_service_mgr == "systemd"
-  tags:
-    - asserts

roles/kubernetes/preinstall/tasks/verify-settings.yml

@@ -0,0 +1,71 @@
+---
+- name: Stop if ansible version is too low
+  assert:
+    that:
+      - ansible_version.full|version_compare('2.3.0.0', '>=')
+  run_once: yes
+
+- name: Stop if non systemd OS type
+  assert:
+    that: ansible_service_mgr == "systemd"
+  ignore_errors: "{{ ignore_assert_errors }}"
+
+- name: Stop if unknown OS
+  assert:
+    that: ansible_distribution in ['RedHat', 'CentOS', 'Fedora', 'Ubuntu', 'Debian', 'CoreOS', 'Container Linux by CoreOS']
+  ignore_errors: "{{ ignore_assert_errors }}"
+
+- name: Stop if unknown network plugin
+  assert:
+    that: network_plugin in ['calico', 'canal', 'flannel', 'weave', 'cloud']
+  when: network_plugin is defined
+  ignore_errors: "{{ ignore_assert_errors }}"
+
+- name: Stop if incompatible network plugin and cloudprovider
+  assert:
+    that: network_plugin != calico
+  when: cloud_provider is defined and cloud_provider == 'azure'
+  ignore_errors: "{{ ignore_assert_errors }}"
+
+- name: "Stop if known booleans are set as strings (Use JSON format on CLI: -e \"{'key': true }\")"
+  assert:
+    that: item|type_debug == 'bool'
+  run_once: yes
+  with_items:
+    - kubeadm_enabled
+    - download_run_once
+    - deploy_netchecker
+    - download_always_pull
+    - efk_enabled
+    - helm_enabled
+    - openstack_lbaas_Enabled
+    - rbac_enabled
+  ignore_errors: "{{ ignore_assert_errors }}"
+
+- name: Stop if even number of etcd hosts
+  assert:
+    that: groups.etcd|length is not divisibleby 2
+  ignore_errors: "{{ ignore_assert_errors }}"
+
+- name: Stop if memory is too small for masters
+  assert:
+    that: ansible_memtotal_mb >= 1500
+  ignore_errors: "{{ ignore_assert_errors }}"
+  when: inventory_hostname in groups['kube-master']
+
+- name: Stop if memory is too small for nodes
+  assert:
+    that: ansible_memtotal_mb >= 1024
+  ignore_errors: "{{ ignore_assert_errors }}"
+  when: inventory_hostname in groups['kube-node']
+
+- name: Stop if ip var does not match local ips
+  assert:
+    that: ip in ansible_all_ipv4_addresses
+  ignore_errors: "{{ ignore_assert_errors }}"
+  when: ip is defined
+
+- name: Stop if access_ip is not pingable
+  command: ping -c1 {{ access_ip }}
+  when: access_ip is defined
+  ignore_errors: "{{ ignore_assert_errors }}"