Skip to content
Snippets Groups Projects
Unverified Commit 8ff4ad2d authored by Max Gautier's avatar Max Gautier
Browse files

preinstall: simplify OS packages selection 

Since a2019c1c (Add a JSON schema describing the packages install
structure, 2024-04-25), we use a custom structure to select which
packages should be installed on a particular host OS.

This has proven too rigid in practice, and the query is pretty
complicated.

Replace this by simply using an array of jinja conditions for the
packages, which should be easier to understand for everyone and more
flexible.

Also remove the associated schema and validation which are no longer
needed.
parent d0f1d520
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
roles/kubernetes/preinstall/files/pkgs-schema.json deleted 100644 → 0
+ 0
80
View file @ d0f1d520
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "https://kubespray.io/internal/os_packages.schema.json",
"title": "Os packages",
"description": "Criteria for selecting packages to install on Kubernetes nodes during installation by Kubespray",
"type": "object",
"patternProperties": {
".*": {
"type": "object",
"additionalProperties": false,
"properties": {
"enabled": {
"description": "Escape hatch to filter packages. The value is expected to be pre-resolved to a boolean by Jinja",
"type": "boolean",
"default": true
},
"groups": {
"description": "Match if the host is in one of these groups. If not specified match any host.",
"type": "array",
"minItems": 1,
"items":{
"type": "string",
"pattern": "^[0-9A-Za-z_]*$"
}
},
"os": {
"type": "object",
"description": "If not specified match any OS. Otherwise, must match by 'families' or 'distributions' to be included.",
"additionalProperties": false,
"minProperties": 1,
"properties": {
"families": {
"description": "Match if ansible_os_family is part of the list.",
"type": "array",
"minItems": 1,
"items": {
"type": "string"
}
},
"distributions": {
"type": "object",
"description": "Match if ansible_distribution match one of defined keys.",
"minProperties": 1,
"patternProperties": {
".*": {
"description": "Match if either the value is the empty hash, or one major_versions/versions/releases contains the corresponding variable ('ansible_distrbution_*')",
"type": "object",
"additionalProperties": false,
"properties": {
"major_versions": {
"type": "array",
"minItems": 1,
"items": {
"type": "string"
}
},
"versions": {
"type": "array",
"minItems": 1,
"items": {
"type": "string"
}
},
"releases": {
"type": "array",
"minItems": 1,
"items": {
"type": "string"
}
}
}
}
}
}
}
}
}
}
}
}
roles/kubernetes/preinstall/tasks/0040-verify-settings.yml
+ 0
5
View file @ 8ff4ad2d
......@@ -321,11 +321,6 @@
- kube_apiserver_enable_admission_plugins is defined
- kube_apiserver_enable_admission_plugins | length > 0
- name: Verify that the packages list structure is valid
ansible.utils.validate:
criteria: "{{ lookup('file', 'pkgs-schema.json') }}"
data: "{{ pkgs }}"
- name: Verify that the packages list is sorted
vars:
pkgs_lists: "{{ pkgs.keys() | list }}"
......
roles/kubernetes/preinstall/tasks/0070-system-packages.yml
+ 1
16
View file @ 8ff4ad2d
......@@ -60,23 +60,8 @@
- bootstrap-os
- name: Install packages requirements
vars:
# The json_query for selecting packages name is split for readability
# see files/pkgs-schema.json for the structure of `pkgs`
# and the matching semantics
full_query: "[? value | (enabled == null || enabled) && ( {{ filters_os }} ) && ( {{ filters_groups }} ) ].key"
filters_groups: "groups | @ == null || [? contains(`{{ group_names }}`, @)]"
filters_os: "os == null || (os | ( {{ filters_family }} ) || ( {{ filters_distro }} ))"
dquote: !unsafe '"'
# necessary to workaround Ansible escaping
filters_distro: "distributions.{{ dquote }}{{ ansible_distribution }}{{ dquote }} |
@ == `{}` ||
contains(not_null(major_versions, `[]`), '{{ ansible_distribution_major_version }}') ||
contains(not_null(versions, `[]`), '{{ ansible_distribution_version }}') ||
contains(not_null(releases, `[]`), '{{ ansible_distribution_release }}')"
filters_family: "families && contains(families, '{{ ansible_os_family }}')"
package:
name: "{{ pkgs | dict2items | to_json|from_json | community.general.json_query(full_query) }}"
name: "{{ pkgs | dict2items | selectattr('value', 'ansible.builtin.all') | map(attribute='key') }}"
state: present
register: pkgs_task_result
until: pkgs_task_result is succeeded
......
roles/kubernetes/preinstall/vars/main.yml
+ 59
92
View file @ 8ff4ad2d
---
pkgs:
apparmor: &debian_family_base
os:
families:
- Debian
apt-transport-https: *debian_family_base
aufs-tools: &deb_10
groups:
- k8s_cluster
os:
distributions:
Debian:
major_versions:
- "10"
bash-completion: {}
conntrack: &deb_redhat
groups:
- k8s_cluster
os:
families:
- Debian
- RedHat
apparmor:
- "{{ ansible_os_family == 'Debian' }}"
apt-transport-https:
- "{{ ansible_os_family == 'Debian' }}"
aufs-tools:
- "{{ ansible_os_family == 'Debian' }}"
- "{{ ansible_distribution_major_version == '10' }}"
- "{{ 'k8s_cluster' in group_names }}"
bash-completion: []
conntrack:
- "{{ ansible_os_family in ['Debian', 'RedHat'] }}"
- "{{ 'k8s_cluster' in group_names }}"
conntrack-tools:
groups:
- k8s_cluster
os:
families:
- Suse
distributions:
Amazon: {}
container-selinux: &redhat_family
groups:
- k8s_cluster
os:
families:
- RedHat
curl: {}
- "{{ ansible_os_family == 'Suse' or ansible_distribution == 'Amazon' }}"
- "{{ 'k8s_cluster' in group_names }}"
container-selinux:
- "{{ ansible_os_family == 'RedHat' }}"
- "{{ 'k8s_cluster' in group_names }}"
curl: []
device-mapper:
groups:
- k8s_cluster
os:
families:
- Suse
device-mapper-libs: *redhat_family
e2fsprogs: {}
ebtables: {}
gnupg: &debian
groups:
- k8s_cluster
os:
distributions:
Debian:
major_versions:
- "11"
- "12"
- "{{ ansible_os_family == 'Suse' }}"
- "{{ 'k8s_cluster' in group_names }}"
device-mapper-libs:
- "{{ ansible_os_family == 'RedHat' }}"
e2fsprogs: []
ebtables: []
gnupg:
- "{{ ansible_distribution == 'Debian' }}"
- "{{ ansible_distribution_major_version in ['11', '12'] }}"
- "{{ 'k8s_cluster' in group_names }}"
ipset:
enabled: "{{ kube_proxy_mode != 'ipvs' }}"
groups:
- k8s_cluster
iptables: *deb_redhat
- "{{ kube_proxy_mode != 'ipvs' }}"
- "{{ 'k8s_cluster' in group_names }}"
iptables:
- "{{ ansible_os_family in ['Debian', 'RedHat'] }}"
ipvsadm:
enabled: "{{ kube_proxy_mode == 'ipvs' }}"
groups:
- k8s_cluster
libseccomp: *redhat_family
- "{{ kube_proxy_mode == 'ipvs' }}"
- "{{ 'k8s_cluster' in group_names }}"
libseccomp:
- "{{ ansible_os_family == 'RedHat' }}"
libseccomp2:
groups:
- k8s_cluster
os:
families:
- Suse
- Debian
- "{{ ansible_os_family in ['Debian', 'Suse'] }}"
- "{{ 'k8s_cluster' in group_names }}"
libselinux-python: # TODO: Handle rehat_family + major < 8
os:
distributions:
Amazon: {}
- "{{ ansible_distribution == 'Amazon' }}"
libselinux-python3:
os:
distributions:
Fedora: {}
- "{{ ansible_distribution == 'Fedora' }}"
mergerfs:
os:
distributions:
Debian:
major_versions:
- "12"
nss: *redhat_family
openssl: {}
python-apt: *deb_10
# TODO: not for debian 10
python3-apt: *debian_family_base
- "{{ ansible_distribution == 'Debian' }}"
- "{{ ansible_distribution_major_version == '12' }}"
nss:
- "{{ ansible_os_family == 'RedHat' }}"
openssl: []
python-apt:
- "{{ ansible_os_family == 'Debian' }}"
- "{{ ansible_distribution_major_version == '10' }}"
python3-apt:
- "{{ ansible_os_family == 'Debian' }}"
- "{{ ansible_distribution_major_version != '10' }}"
python3-libselinux:
os:
distributions:
RedHat: {}
CentOS: {}
rsync: {}
socat: {}
software-properties-common: *debian_family_base
tar: {}
unzip: {}
xfsprogs: {}
- "{{ ansible_distribution in ['RedHat', 'CentOS'] }}"
rsync: []
socat: []
software-properties-common:
- "{{ ansible_os_family == 'Debian' }}"
tar: []
unzip: []
xfsprogs: []
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment