From b9077d3ea2958bdcdccc2d7944d31e8dfec9b962 Mon Sep 17 00:00:00 2001
From: Cristian Klein <cristian.klein@elastisys.com>
Date: Mon, 11 Jan 2021 15:15:08 +0100
Subject: [PATCH] Add ping_access_ip; allows to disable ping test (#7020)

In some environments, it might not be possible to ping the IP address
of the nodes, e.g., because ICMP echo is blocked.

This commit allows kubespray to be configured to disable the ping
check, while performing all other checks.
---
 inventory/sample/group_vars/all/all.yml                    | 3 +++
 roles/kubernetes/preinstall/defaults/main.yml              | 3 +++
 roles/kubernetes/preinstall/tasks/0020-verify-settings.yml | 1 +
 3 files changed, 7 insertions(+)

diff --git a/inventory/sample/group_vars/all/all.yml b/inventory/sample/group_vars/all/all.yml
index c9d3766a9..89b396793 100644
--- a/inventory/sample/group_vars/all/all.yml
+++ b/inventory/sample/group_vars/all/all.yml
@@ -109,3 +109,6 @@ no_proxy_exclude_workers: false
 # rh_subscription_usage: "Development"
 # rh_subscription_role: "Red Hat Enterprise Server"
 # rh_subscription_sla: "Self-Support"
+
+## Check if access_ip responds to ping. Set false if your firewall blocks ICMP.
+# ping_access_ip: true
diff --git a/roles/kubernetes/preinstall/defaults/main.yml b/roles/kubernetes/preinstall/defaults/main.yml
index 5bf702dba..5a562f78c 100644
--- a/roles/kubernetes/preinstall/defaults/main.yml
+++ b/roles/kubernetes/preinstall/defaults/main.yml
@@ -56,3 +56,6 @@ yum_repo_dir: /etc/yum.repos.d
 
 # number of times package install task should be retried
 pkg_install_retries: 4
+
+# Check if access_ip responds to ping. Set false if your firewall blocks ICMP.
+ping_access_ip: true
diff --git a/roles/kubernetes/preinstall/tasks/0020-verify-settings.yml b/roles/kubernetes/preinstall/tasks/0020-verify-settings.yml
index a2db1d993..371e66436 100644
--- a/roles/kubernetes/preinstall/tasks/0020-verify-settings.yml
+++ b/roles/kubernetes/preinstall/tasks/0020-verify-settings.yml
@@ -114,6 +114,7 @@
   when:
     - access_ip is defined
     - not ignore_assert_errors
+    - ping_access_ip
 
 - name: Stop if RBAC is not enabled when dashboard is enabled
   assert:
-- 
GitLab