Drop support for CentOS, test Rocky and Debian in CI (techno-tim#92)

* Test CentOS 7 in CI * Drop support for CentOS, test on Rocky and Debian * Fix reset playbook for Rocky Linux * Fix typo * Disable firewalld during testing Co-authored-by: Techno Tim <[email protected]>
sethbrasile · Sep 24, 2022 · d5b37ac · d5b37ac
1 parent 5225493
commit d5b37ac
Show file tree

Hide file tree

Showing 18 changed files with 150 additions and 45 deletions.
diff --git a/.github/download-boxes.sh b/.github/download-boxes.sh
@@ -0,0 +1,34 @@
+#!/bin/bash
+
+# download-boxes.sh
+# Check all molecule.yml files for required Vagrant boxes and download the ones that are not
+# already present on the system.
+
+set -euo pipefail
+
+GIT_ROOT=$(git rev-parse --show-toplevel)
+PROVIDER=virtualbox
+
+# Read all boxes for all platforms from the "molecule.yml" files
+all_boxes=$(cat "${GIT_ROOT}"/molecule/*/molecule.yml |
+ yq -r '.platforms[].box' | # Read the "box" property of each node under "platforms"
+ grep --invert-match --regexp=--- | # Filter out file separators
+ sort |
+ uniq)
+
+# Read the boxes that are currently present on the system (for the current provider)
+present_boxes=$(vagrant box list |
+ grep "${PROVIDER}" | # Filter by boxes available for the current provider
+ awk '{print $1;}' | # The box name is the first word in each line
+ sort |
+ uniq)
+
+# The boxes that we need to download are the ones present in $all_boxes, but not $present_boxes.
+download_boxes=$(comm -2 -3 <(echo "${all_boxes}") <(echo "${present_boxes}"))
+
+# Actually download the necessary boxes
+if [ -n "${download_boxes}" ]; then
+ echo "${download_boxes}" | while IFS= read -r box; do
+ vagrant box add --provider "${PROVIDER}" "${box}"
+ done
+fi
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -43,6 +43,12 @@ jobs:
  restore-keys: |
  vagrant-boxes
 
+ - name: Download Vagrant boxes for all scenarios
+ # To save some cache space, all scenarios share the same cache key.
+ # On the other hand, this means that the cache contents should be
+ # the same across all scenarios. This step ensures that.
+ run: ./.github/download-boxes.sh
+
  - name: Set up Python ${{ env.PYTHON_VERSION }}
  uses: actions/setup-python@v2
  with:

diff --git a/README.md b/README.md
@@ -16,9 +16,9 @@ If you want more context on how this works, see:
 
 Build a Kubernetes cluster using Ansible with k3s. The goal is easily install a HA Kubernetes cluster on machines running:
 
-- [X] Debian
-- [X] Ubuntu
-- [X] CentOS
+- [x] Debian (tested on version 11)
+- [x] Ubuntu (tested on version 22.04)
+- [x] Rocky (tested on version 9)
 
 on processor architecture:
 

diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml
@@ -3,43 +3,52 @@ dependency:
  name: galaxy
 driver:
  name: vagrant
-platforms:
+.platform_presets:
  - &control
- name: control1
- box: generic/ubuntu2204
  memory: 2048
  cpus: 2
+ groups:
+ - k3s_cluster
+ - master
+ - &node
+ memory: 2048
+ cpus: 2
+ groups:
+ - k3s_cluster
+ - node
+ - &debian
+ box: generic/debian11
+ - &rocky
+ box: generic/rocky9
+ - &ubuntu
+ box: generic/ubuntu2204
  config_options:
  # We currently can not use public-key based authentication on Ubuntu 22.04,
  # see: https://github.com/chef/bento/issues/1405
  ssh.username: "vagrant"
  ssh.password: "vagrant"
- groups:
-  - k3s_cluster
-  - master
+platforms:
+ - <<: [*control, *ubuntu]
+ name: control1
  interfaces:
  - network_name: private_network
  ip: 192.168.30.38
- - <<: *control
+ - <<: [*control, *debian]
  name: control2
  interfaces:
  - network_name: private_network
  ip: 192.168.30.39
- - <<: *control
+ - <<: [*control, *rocky]
  name: control3
  interfaces:
  - network_name: private_network
  ip: 192.168.30.40
- - &node
- <<: *control
+ - <<: [*node, *ubuntu]
  name: node1
- groups:
- - k3s_cluster
- - node
  interfaces:
  - network_name: private_network
  ip: 192.168.30.41
- - <<: *node
+ - <<: [*node, *rocky]
  name: node2
  interfaces:
  - network_name: private_network

diff --git a/molecule/default/prepare.yml b/molecule/default/prepare.yml
@@ -0,0 +1,22 @@
+---
+- name: Apply overrides
+ ansible.builtin.import_playbook: >-
+ {{ lookup("ansible.builtin.env", "MOLECULE_SCENARIO_DIRECTORY") }}/overrides.yml
+
+- name: Network setup
+ hosts: all
+ tasks:
+ - name: Disable firewalld
+ when: ansible_distribution == "Rocky"
+ # Rocky Linux comes with firewalld enabled. It blocks some of the network
+ # connections needed for our k3s cluster. For our test setup, we just disable
+ # it since the VM host's firewall is still active for connections to and from
+ # the Internet.
+ # When building your own cluster, please DO NOT blindly copy this. Instead,
+ # please create a custom firewall configuration that fits your network design
+ # and security needs.
+ ansible.builtin.systemd:
+ name: firewalld
+ enabled: no
+ state: stopped
+ become: true
diff --git a/molecule/ipv6/molecule.yml b/molecule/ipv6/molecule.yml
@@ -3,28 +3,34 @@ dependency:
  name: galaxy
 driver:
  name: vagrant
-platforms:
+.platform_presets:
  - &control
- name: control1
- box: generic/ubuntu2204
  memory: 2048
  cpus: 2
+ groups:
+ - k3s_cluster
+ - master
+ - &node
+ memory: 2048
+ cpus: 2
+ groups:
+ - k3s_cluster
+ - node
+ - &ubuntu
+ box: generic/ubuntu2204
  config_options:
  # We currently can not use public-key based authentication on Ubuntu 22.04,
  # see: https://github.com/chef/bento/issues/1405
  ssh.username: "vagrant"
  ssh.password: "vagrant"
- groups:
-  - k3s_cluster
-  - master
+platforms:
+ - <<: [*control, *ubuntu]
+ name: control1
  interfaces:
  - network_name: private_network
  ip: fdad:bad:ba55::de:11
- - <<: *control
+ - <<: [*node, *ubuntu]
  name: node1
- groups:
- - k3s_cluster
- - node
  interfaces:
  - network_name: private_network
  ip: fdad:bad:ba55::de:21

diff --git a/reset.yml b/reset.yml
@@ -4,4 +4,10 @@
  gather_facts: yes
  become: yes
  roles:
+ - role: raspberrypi
+ vars: {state: absent}
  - role: reset
+ post_tasks:
+ - name: Reboot and wait for node to come back up
+ reboot:
+ reboot_timeout: 3600
diff --git a/roles/raspberrypi/defaults/main.yml b/roles/raspberrypi/defaults/main.yml
@@ -0,0 +1,6 @@
+---
+# Indicates whether the k3s prerequisites for Raspberry Pi should be set up
+# Possible values:
+# - present
+# - absent
+state: present
diff --git a/roles/raspberrypi/tasks/main.yml b/roles/raspberrypi/tasks/main.yml
@@ -47,13 +47,20 @@
  - raspberry_pi|default(false)
  - ansible_facts.lsb.description|default("") is match("Debian.*bullseye")
 
-- name: execute OS related tasks on the Raspberry Pi
+- name: execute OS related {{ action }} tasks on the Raspberry Pi
  include_tasks: "{{ item }}"
  with_first_found:
- - "prereq/{{ detected_distribution }}-{{ detected_distribution_major_version }}.yml"
- - "prereq/{{ detected_distribution }}.yml"
- - "prereq/{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml"
- - "prereq/{{ ansible_distribution }}.yml"
- - "prereq/default.yml"
+ - "{{ action }}/{{ detected_distribution }}-{{ detected_distribution_major_version }}.yml"
+ - "{{ action }}/{{ detected_distribution }}.yml"
+ - "{{ action }}/{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml"
+ - "{{ action }}/{{ ansible_distribution }}.yml"
+ - "{{ action }}/default.yml"
+ vars:
+ action: >-
+ {% if state == "present" -%}
+ setup
+ {%- else -%}
+ teardown
+ {%- endif %}
  when:
  - raspberry_pi|default(false)
diff --git a/roles/raspberrypi/tasks/prereq/Raspbian.yml → roles/raspberrypi/tasks/setup/Raspbian.yml b/roles/raspberrypi/tasks/prereq/Raspbian.yml → roles/raspberrypi/tasks/setup/Raspbian.yml
diff --git a/roles/raspberrypi/tasks/prereq/CentOS.yml → roles/raspberrypi/tasks/setup/Rocky.yml b/roles/raspberrypi/tasks/prereq/CentOS.yml → roles/raspberrypi/tasks/setup/Rocky.yml
@@ -1,5 +1,5 @@
 ---
-- name: Enable cgroup via boot commandline if not already enabled for Centos
+- name: Enable cgroup via boot commandline if not already enabled for Rocky
  lineinfile:
  path: /boot/cmdline.txt
  backrefs: yes

diff --git a/roles/raspberrypi/tasks/prereq/Ubuntu.yml → roles/raspberrypi/tasks/setup/Ubuntu.yml b/roles/raspberrypi/tasks/prereq/Ubuntu.yml → roles/raspberrypi/tasks/setup/Ubuntu.yml
@@ -6,8 +6,16 @@
  regexp: '^((?!.*\bcgroup_enable=cpuset cgroup_memory=1 cgroup_enable=memory\b).*)$'
  line: '\1 cgroup_enable=cpuset cgroup_memory=1 cgroup_enable=memory'
  notify: reboot
- when: not ansible_check_mode
 
 - name: Install linux-modules-extra-raspi
- apt: name=linux-modules-extra-raspi state=present
- when: (raspberry_pi) and (not ansible_check_mode)
+ apt:
+ name: linux-modules-extra-raspi
+ state: present
+
+- name: Teardown
+ when: state == "absent"
+ block:
+ - name: Remove linux-modules-extra-raspi
+ apt:
+ name: linux-modules-extra-raspi
+ state: absent
diff --git a/roles/raspberrypi/tasks/prereq/default.yml → roles/raspberrypi/tasks/setup/default.yml b/roles/raspberrypi/tasks/prereq/default.yml → roles/raspberrypi/tasks/setup/default.yml
diff --git a/roles/raspberrypi/tasks/teardown/Raspbian.yml b/roles/raspberrypi/tasks/teardown/Raspbian.yml
@@ -0,0 +1 @@
+---
diff --git a/roles/raspberrypi/tasks/teardown/Rocky.yml b/roles/raspberrypi/tasks/teardown/Rocky.yml
@@ -0,0 +1 @@
+---
diff --git a/roles/raspberrypi/tasks/teardown/Ubuntu.yml b/roles/raspberrypi/tasks/teardown/Ubuntu.yml
@@ -0,0 +1,5 @@
+---
+- name: Remove linux-modules-extra-raspi
+ apt:
+ name: linux-modules-extra-raspi
+ state: absent
diff --git a/roles/raspberrypi/tasks/teardown/default.yml b/roles/raspberrypi/tasks/teardown/default.yml
@@ -0,0 +1 @@
+---
diff --git a/roles/reset/tasks/main.yml b/roles/reset/tasks/main.yml
@@ -50,14 +50,7 @@
  systemd:
  daemon_reload: yes
 
-- name: Remove linux-modules-extra-raspi
- apt: name=linux-modules-extra-raspi state=absent
-
-- name: Remove tmp director used for manifests
+- name: Remove tmp directory used for manifests
  file:
  path: /tmp/k3s
  state: absent
-
-- name: Reboot and wait for node to come back up
- reboot:
- reboot_timeout: 3600