From da3ff1cc117d688f55bd440fa8254d1bdc9c28f5 Mon Sep 17 00:00:00 2001
From: Max Gautier <mg@max.gautier.name>
Date: Mon, 8 Apr 2024 10:27:39 +0200
Subject: [PATCH] Convert OS specific packages to new format

Uses the logic introduced in the previous patch to convert all
kubernetes/preinstall/vars/* os specific files to the `pkgs`
dictionary.

Some niceties for devs:
- always validate the `pkgs` variable to catch mistakes in CI.
- ensure that `pkgs` is always sorted. This makes it easier to find the
  packages you're looking for.
---
 .../preinstall/tasks/0020-set_facts.yml       | 14 ---
 .../preinstall/tasks/0040-verify-settings.yml | 12 +++
 roles/kubernetes/preinstall/vars/amazon.yml   |  7 --
 roles/kubernetes/preinstall/vars/centos.yml   |  8 --
 .../kubernetes/preinstall/vars/debian-11.yml  | 10 ---
 .../kubernetes/preinstall/vars/debian-12.yml  | 11 ---
 roles/kubernetes/preinstall/vars/debian.yml   |  9 --
 roles/kubernetes/preinstall/vars/fedora.yml   |  8 --
 roles/kubernetes/preinstall/vars/main.yml     | 88 +++++++++++++++++++
 roles/kubernetes/preinstall/vars/redhat.yml   |  8 --
 roles/kubernetes/preinstall/vars/suse.yml     |  5 --
 roles/kubernetes/preinstall/vars/ubuntu.yml   |  8 --
 12 files changed, 100 insertions(+), 88 deletions(-)
 delete mode 100644 roles/kubernetes/preinstall/vars/amazon.yml
 delete mode 100644 roles/kubernetes/preinstall/vars/centos.yml
 delete mode 100644 roles/kubernetes/preinstall/vars/debian-11.yml
 delete mode 100644 roles/kubernetes/preinstall/vars/debian-12.yml
 delete mode 100644 roles/kubernetes/preinstall/vars/debian.yml
 delete mode 100644 roles/kubernetes/preinstall/vars/fedora.yml
 create mode 100644 roles/kubernetes/preinstall/vars/main.yml
 delete mode 100644 roles/kubernetes/preinstall/vars/redhat.yml
 delete mode 100644 roles/kubernetes/preinstall/vars/suse.yml
 delete mode 100644 roles/kubernetes/preinstall/vars/ubuntu.yml

diff --git a/roles/kubernetes/preinstall/tasks/0020-set_facts.yml b/roles/kubernetes/preinstall/tasks/0020-set_facts.yml
index fa7fba113..4541c14c5 100644
--- a/roles/kubernetes/preinstall/tasks/0020-set_facts.yml
+++ b/roles/kubernetes/preinstall/tasks/0020-set_facts.yml
@@ -199,20 +199,6 @@
       supersede domain-name-servers {{ (nameservers | d([]) + cloud_resolver | d([])) | unique | join(', ') }};
   when: dns_early and not dns_late
 
-- name: Gather os specific variables
-  include_vars: "{{ item }}"
-  with_first_found:
-    - files:
-        - "{{ ansible_distribution | lower }}-{{ ansible_distribution_version | lower | replace('/', '_') }}.yml"
-        - "{{ ansible_distribution | lower }}-{{ ansible_distribution_release }}.yml"
-        - "{{ ansible_distribution | lower }}-{{ ansible_distribution_major_version | lower | replace('/', '_') }}.yml"
-        - "{{ ansible_distribution | lower }}.yml"
-        - "{{ ansible_os_family | lower }}.yml"
-        - defaults.yml
-      paths:
-        - ../vars
-      skip: true
-
 - name: Set etcd vars if using kubeadm mode
   set_fact:
     etcd_cert_dir: "{{ kube_cert_dir }}"
diff --git a/roles/kubernetes/preinstall/tasks/0040-verify-settings.yml b/roles/kubernetes/preinstall/tasks/0040-verify-settings.yml
index f2d40e995..91b78b75f 100644
--- a/roles/kubernetes/preinstall/tasks/0040-verify-settings.yml
+++ b/roles/kubernetes/preinstall/tasks/0040-verify-settings.yml
@@ -316,3 +316,15 @@
   when:
     - kube_apiserver_enable_admission_plugins is defined
     - kube_apiserver_enable_admission_plugins | length > 0
+
+- name: Verify that the packages list structure is valid
+  ansible.utils.validate:
+    criteria: "{{ lookup('file', 'pkgs-schema.json') }}"
+    data: "{{ pkgs }}"
+
+- name: Verify that the packages list is sorted
+  vars:
+    pkgs_lists: "{{ pkgs.keys() | list }}"
+  assert:
+    that: "pkgs_lists | sort == pkgs_lists"
+    fail_msg: "pkgs is not sorted: {{ pkgs_lists | ansible.utils.fact_diff(pkgs_lists | sort) }}"
diff --git a/roles/kubernetes/preinstall/vars/amazon.yml b/roles/kubernetes/preinstall/vars/amazon.yml
deleted file mode 100644
index 09c645f51..000000000
--- a/roles/kubernetes/preinstall/vars/amazon.yml
+++ /dev/null
@@ -1,7 +0,0 @@
----
-required_pkgs:
-  - libselinux-python
-  - device-mapper-libs
-  - nss
-  - conntrack-tools
-  - libseccomp
diff --git a/roles/kubernetes/preinstall/vars/centos.yml b/roles/kubernetes/preinstall/vars/centos.yml
deleted file mode 100644
index 9b1a8749e..000000000
--- a/roles/kubernetes/preinstall/vars/centos.yml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-required_pkgs:
-  - "{{ ((ansible_distribution_major_version | int) < 8) | ternary('libselinux-python', 'python3-libselinux') }}"
-  - device-mapper-libs
-  - nss
-  - conntrack
-  - container-selinux
-  - libseccomp
diff --git a/roles/kubernetes/preinstall/vars/debian-11.yml b/roles/kubernetes/preinstall/vars/debian-11.yml
deleted file mode 100644
index 59cbc5a37..000000000
--- a/roles/kubernetes/preinstall/vars/debian-11.yml
+++ /dev/null
@@ -1,10 +0,0 @@
----
-required_pkgs:
-  - python3-apt
-  - gnupg
-  - apt-transport-https
-  - software-properties-common
-  - conntrack
-  - iptables
-  - apparmor
-  - libseccomp2
diff --git a/roles/kubernetes/preinstall/vars/debian-12.yml b/roles/kubernetes/preinstall/vars/debian-12.yml
deleted file mode 100644
index e0dca4dcd..000000000
--- a/roles/kubernetes/preinstall/vars/debian-12.yml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-required_pkgs:
-  - python3-apt
-  - gnupg
-  - apt-transport-https
-  - software-properties-common
-  - conntrack
-  - iptables
-  - apparmor
-  - libseccomp2
-  - mergerfs
diff --git a/roles/kubernetes/preinstall/vars/debian.yml b/roles/kubernetes/preinstall/vars/debian.yml
deleted file mode 100644
index 51a280237..000000000
--- a/roles/kubernetes/preinstall/vars/debian.yml
+++ /dev/null
@@ -1,9 +0,0 @@
----
-required_pkgs:
-  - python-apt
-  - aufs-tools
-  - apt-transport-https
-  - software-properties-common
-  - conntrack
-  - apparmor
-  - libseccomp2
diff --git a/roles/kubernetes/preinstall/vars/fedora.yml b/roles/kubernetes/preinstall/vars/fedora.yml
deleted file mode 100644
index d69b111b6..000000000
--- a/roles/kubernetes/preinstall/vars/fedora.yml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-required_pkgs:
-  - iptables
-  - libselinux-python3
-  - device-mapper-libs
-  - conntrack
-  - container-selinux
-  - libseccomp
diff --git a/roles/kubernetes/preinstall/vars/main.yml b/roles/kubernetes/preinstall/vars/main.yml
new file mode 100644
index 000000000..6f7d6fa94
--- /dev/null
+++ b/roles/kubernetes/preinstall/vars/main.yml
@@ -0,0 +1,88 @@
+---
+pkgs:
+  apparmor: &debian_family_base
+    os:
+      families:
+      - Debian
+  apt-transport-https: *debian_family_base
+  aufs-tools: &deb_10
+    groups:
+    - k8s_cluster
+    os:
+      distributions:
+        Debian:
+          major_versions:
+          - "10"
+  conntrack: &deb_redhat
+    groups:
+    - k8s_cluster
+    os:
+      families:
+      - Debian
+      - RedHat
+  conntrack-tools:
+    groups:
+    - k8s_cluster
+    os:
+      families:
+      - Suse
+      distributions:
+        Amazon: {}
+  container-selinux: &redhat_family
+    groups:
+    - k8s_cluster
+    os:
+      families:
+      - RedHat
+  device-mapper:
+    groups:
+    - k8s_cluster
+    os:
+      families:
+      - Suse
+  device-mapper-libs: *redhat_family
+  gnupg: &debian
+    groups:
+    - k8s_cluster
+    os:
+      distributions:
+        Debian:
+          major_versions:
+          - "11"
+          - "12"
+  iptables: *deb_redhat
+  libseccomp: *redhat_family
+  libseccomp2:
+    groups:
+    - k8s_cluster
+    os:
+      families:
+      - Suse
+      - Debian
+  libselinux-python:  # TODO: Handle rehat_family + major < 8
+    os:
+      distributions:
+        Amazon: {}
+  libselinux-python3:
+    os:
+      distributions:
+        Fedora: {}
+  mergerfs:
+    os:
+      distributions:
+        Debian:
+          major_versions:
+          - "12"
+  nss: *redhat_family
+  python-apt: *deb_10
+  # TODO: not for debian 10
+  python3-apt: *debian_family_base
+  python3-libselinux:
+    os:
+      distributions:
+        RedHat: &major_redhat_like
+          major_versions:
+          - "8"
+          - "9"
+        Centos: *major_redhat_like
+  software-properties-common: *debian_family_base
diff --git a/roles/kubernetes/preinstall/vars/redhat.yml b/roles/kubernetes/preinstall/vars/redhat.yml
deleted file mode 100644
index 9b1a8749e..000000000
--- a/roles/kubernetes/preinstall/vars/redhat.yml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-required_pkgs:
-  - "{{ ((ansible_distribution_major_version | int) < 8) | ternary('libselinux-python', 'python3-libselinux') }}"
-  - device-mapper-libs
-  - nss
-  - conntrack
-  - container-selinux
-  - libseccomp
diff --git a/roles/kubernetes/preinstall/vars/suse.yml b/roles/kubernetes/preinstall/vars/suse.yml
deleted file mode 100644
index d089ac150..000000000
--- a/roles/kubernetes/preinstall/vars/suse.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-required_pkgs:
-  - device-mapper
-  - conntrack-tools
-  - libseccomp2
diff --git a/roles/kubernetes/preinstall/vars/ubuntu.yml b/roles/kubernetes/preinstall/vars/ubuntu.yml
deleted file mode 100644
index 85b3f255a..000000000
--- a/roles/kubernetes/preinstall/vars/ubuntu.yml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-required_pkgs:
-  - python3-apt
-  - apt-transport-https
-  - software-properties-common
-  - conntrack
-  - apparmor
-  - libseccomp2
-- 
GitLab