From 75baa0fdcfaf4c1225d0262114f5dfe394d1763f Mon Sep 17 00:00:00 2001 From: jarpat Date: Fri, 16 Jun 2023 09:50:02 -0400 Subject: [PATCH 01/30] initial linter files, untested --- .github/workflows/linter-analysis.yaml | 77 ++++++++++++++++++++++++++ linting-configs/.ansible-lint | 54 ++++++++++++++++++ linting-configs/.hadolint.yaml | 3 + linting-configs/.shellcheckrc | 5 ++ linting-configs/.tflint.hcl | 27 +++++++++ 5 files changed, 166 insertions(+) create mode 100644 .github/workflows/linter-analysis.yaml create mode 100644 linting-configs/.ansible-lint create mode 100644 linting-configs/.hadolint.yaml create mode 100644 linting-configs/.shellcheckrc create mode 100644 linting-configs/.tflint.hcl diff --git a/.github/workflows/linter-analysis.yaml b/.github/workflows/linter-analysis.yaml new file mode 100644 index 0000000..29b2949 --- /dev/null +++ b/.github/workflows/linter-analysis.yaml @@ -0,0 +1,77 @@ +name: Linter Analysis +on: + push: + branches: [ '*' ] # '*' will cause the workflow to run on all commits to all branches. + +jobs: + # Hadolint: Job-1 + Hadolint: + name: Hadolint + runs-on: ubuntu-latest + steps: + - name: Checkout Repo + uses: actions/checkout@v3 + + - name: Run Hadolint Action + uses: jbergstroem/hadolint-gh-action@v1.11.0 + with: + dockerfile: ./Dockerfile + config_file: linting-configs/.hadolint.yaml + error_level: 1 # Fail CI based on hadolint output (-1: never, 0: error, 1: warning, 2: info) + + # ShellCheck: Job-2 + ShellCheck: + name: ShellCheck + runs-on: ubuntu-latest + steps: + - name: Checkout Repo + uses: actions/checkout@v3 + + - name: Run ShellCheck Action + uses: ludeeus/action-shellcheck@master + with: + severity: error + + # TFLint: Job-3 + TFLint: + name: TFLint + runs-on: ubuntu-latest + steps: + - name: Checkout Repo + uses: actions/checkout@v3 + + - name: Cache Plugin Directory + uses: actions/cache@v3 + with: + path: ~/.tflint.d/plugins + key: ubuntu-latest-tflint-${{ hashFiles('.tflint.hcl') }} + + - name: Setup TFLint + uses: terraform-linters/setup-tflint@v3.0.0 + with: + tflint_version: latest + github_token: ${{ secrets.LINTER_TOKEN }} + + - name: Initializing viya4-iac-k8s + run: terraform init + + - name: Initializing TFLint + run: TFLINT_LOG=info tflint --init -c "$(pwd)/linting-configs/.tflint.hcl" + + - name: Run TFLint Action + run: TFLINT_LOG=info tflint -c "$(pwd)/linting-configs/.tflint.hcl" --recursive + + # ansible-lint: Job-4 + Ansible-Lint: + name: ansible-lint + runs-on: ubuntu-latest + steps: + - name: Checkout Repo + uses: actions/checkout@v3 + + - name: Run ansible-lint Action + uses: ansible/ansible-lint-action@v6.16.0 + with: + args: "-c $(pwd)/linting-configs/.ansible-lint" + env: + ANSIBLE_ROLES_PATH: "./roles" diff --git a/linting-configs/.ansible-lint b/linting-configs/.ansible-lint new file mode 100644 index 0000000..0e8531e --- /dev/null +++ b/linting-configs/.ansible-lint @@ -0,0 +1,54 @@ +--- +# .ansible-lint + +profile: moderate + +# parseable: true +# quiet: true +# strict: true +# verbosity: 1 + +# Enforce variable names to follow pattern below, in addition to Ansible own +# requirements, like avoiding python identifiers. To disable add `var-naming` +# to skip_list. +var_naming_pattern: ^[a-zA-Z0-9_]*$ + +use_default_rules: true + +# Ansible-lint is able to recognize and load skip rules stored inside +# `.ansible-lint-ignore` (or `.config/ansible-lint-ignore.txt`) files. +# To skip a rule just enter filename and tag, like "playbook.yml package-latest" +# on a new line. +skip_list: + - role-name # roles are dynamically selected based on user's choice so we do need to use paths +# - yaml[line-length] + # - command-instead-of-shell + # - command-instead-of-module +# - name[play] # some of our plays are dynamic so a static name would not work TODO + + +# Ansible-lint does not automatically load rules that have the 'opt-in' tag. +# You must enable opt-in rules by listing each rule 'id' below. +enable_list: + - args + - empty-string-compare + - no-log-password + - no-same-owner + - yaml + +# Ansible-lint does not fail on warnings from the rules or tags listed below +#warn_list: +# - skip_this_tag +# - experimental # experimental is included in the implicit list +# - role-name +# - yaml[document-start] # you can also use sub-rule matches + +# Offline mode disables installation of requirements.yml and schema refreshing +offline: false + +# Define required Ansible's variables to satisfy syntax check +extra_vars: + kubernetes_cri: containerd + kubernetes_cni: calico + kubernetes_loadbalancer: kube_vip + deployment_type: vsphere diff --git a/linting-configs/.hadolint.yaml b/linting-configs/.hadolint.yaml new file mode 100644 index 0000000..86b3c37 --- /dev/null +++ b/linting-configs/.hadolint.yaml @@ -0,0 +1,3 @@ +ignored: + # Specify version with apt-get install -y = : https://github.com/hadolint/hadolint/wiki/DL3008 + - DL3008 diff --git a/linting-configs/.shellcheckrc b/linting-configs/.shellcheckrc new file mode 100644 index 0000000..c70087a --- /dev/null +++ b/linting-configs/.shellcheckrc @@ -0,0 +1,5 @@ +# Review 'man shellcheck' section 'RC FILES' for instructions on adding directives. + +# Allow using `which` since it gives full paths and is common enough +# https://github.com/koalaman/shellcheck/wiki/SC2230 +disable=SC2230 diff --git a/linting-configs/.tflint.hcl b/linting-configs/.tflint.hcl new file mode 100644 index 0000000..2a42623 --- /dev/null +++ b/linting-configs/.tflint.hcl @@ -0,0 +1,27 @@ +# For more information on configuring TFlint; see https://github.com/terraform-linters/tflint/blob/master/docs/user-guide/config.md + +# For more information on plugins see https://github.com/terraform-linters/tflint/blob/master/docs/user-guide/plugins.md + +# For more information on TFlint Ruleset for Terraform; see https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.3.0/docs/rules/README.md + +# For more information on TFlint Ruleset for GCP, see https://github.com/terraform-linters/tflint-ruleset-google/blob/master/README.md + +config { + # Enables module inspection. + module = true +} + +plugin "terraform" { + enabled = true + preset = "recommended" +} + +## We specify the versions and providers in the top level versions.tf. +## This stops it from throwing a warning when scanning our modules +## in viya4-iac-gcp/modules/ +#rule "terraform_required_version" { +# enabled = false +#} +#rule "terraform_required_providers" { +# enabled = false +#} From 424f81b4ee5184ed3df209703dee22ef78c0c6be Mon Sep 17 00:00:00 2001 From: jarpat Date: Fri, 16 Jun 2023 10:02:16 -0400 Subject: [PATCH 02/30] add copy statement for the lint config --- .github/workflows/linter-analysis.yaml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/linter-analysis.yaml b/.github/workflows/linter-analysis.yaml index 29b2949..51f073d 100644 --- a/.github/workflows/linter-analysis.yaml +++ b/.github/workflows/linter-analysis.yaml @@ -69,9 +69,10 @@ jobs: - name: Checkout Repo uses: actions/checkout@v3 + - name: Copy Config to Parent Level Directory + run: cp $(pwd)/linting-configs/.ansible-lint . + - name: Run ansible-lint Action uses: ansible/ansible-lint-action@v6.16.0 - with: - args: "-c $(pwd)/linting-configs/.ansible-lint" env: ANSIBLE_ROLES_PATH: "./roles" From 9f3d9780c65f72951878b99d569db8c02a34e259 Mon Sep 17 00:00:00 2001 From: jarpat Date: Fri, 16 Jun 2023 10:04:38 -0400 Subject: [PATCH 03/30] add install lint --- .github/workflows/linter-analysis.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/linter-analysis.yaml b/.github/workflows/linter-analysis.yaml index 51f073d..08a73ee 100644 --- a/.github/workflows/linter-analysis.yaml +++ b/.github/workflows/linter-analysis.yaml @@ -72,6 +72,9 @@ jobs: - name: Copy Config to Parent Level Directory run: cp $(pwd)/linting-configs/.ansible-lint . + - name: Install requirements.yml + run: ansible-galaxy install -r ./requirements.yaml + - name: Run ansible-lint Action uses: ansible/ansible-lint-action@v6.16.0 env: From c28cb0da65921c9cbdc0488bebb2f81147d63bb9 Mon Sep 17 00:00:00 2001 From: jarpat Date: Fri, 16 Jun 2023 10:26:16 -0400 Subject: [PATCH 04/30] try setting collections path --- .github/workflows/linter-analysis.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/linter-analysis.yaml b/.github/workflows/linter-analysis.yaml index 08a73ee..189a831 100644 --- a/.github/workflows/linter-analysis.yaml +++ b/.github/workflows/linter-analysis.yaml @@ -79,3 +79,4 @@ jobs: uses: ansible/ansible-lint-action@v6.16.0 env: ANSIBLE_ROLES_PATH: "./roles" + ANSIBLE_COLLECTIONS_PATHS: "./collections" From c1cee5e29233d0fbd3fb4d218fcad1af525d0938 Mon Sep 17 00:00:00 2001 From: jarpat Date: Fri, 16 Jun 2023 11:07:38 -0400 Subject: [PATCH 05/30] ansible-lint update --- .github/workflows/linter-analysis.yaml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/workflows/linter-analysis.yaml b/.github/workflows/linter-analysis.yaml index 189a831..55c2f32 100644 --- a/.github/workflows/linter-analysis.yaml +++ b/.github/workflows/linter-analysis.yaml @@ -72,6 +72,12 @@ jobs: - name: Copy Config to Parent Level Directory run: cp $(pwd)/linting-configs/.ansible-lint . + # ansible-lint does not seem to recognize the .yaml + # extension for the requirements file and it is not + # configurable + - name: Updates requirements extension + run: cp $(pwd)/requirements.yaml requirements.yml + - name: Install requirements.yml run: ansible-galaxy install -r ./requirements.yaml From 989ae692fc3abcecb68b4b22bdc8c48280a5c792 Mon Sep 17 00:00:00 2001 From: jarpat Date: Fri, 16 Jun 2023 11:07:56 -0400 Subject: [PATCH 06/30] ansible-lint update --- .github/workflows/linter-analysis.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/linter-analysis.yaml b/.github/workflows/linter-analysis.yaml index 55c2f32..91b8cda 100644 --- a/.github/workflows/linter-analysis.yaml +++ b/.github/workflows/linter-analysis.yaml @@ -85,4 +85,3 @@ jobs: uses: ansible/ansible-lint-action@v6.16.0 env: ANSIBLE_ROLES_PATH: "./roles" - ANSIBLE_COLLECTIONS_PATHS: "./collections" From 43908984f8a2a0ab2e7c1b3ecf86114f4322ec83 Mon Sep 17 00:00:00 2001 From: jarpat Date: Fri, 16 Jun 2023 13:40:24 -0400 Subject: [PATCH 07/30] address Hadolint warnings --- Dockerfile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 2cb1c10..8b658be 100644 --- a/Dockerfile +++ b/Dockerfile @@ -14,6 +14,7 @@ ARG TERRAFORM_VERSION=1.4.5-* WORKDIR /build +SHELL ["/bin/bash", "-o", "pipefail", "-c"] RUN curl -fsSL https://apt.releases.hashicorp.com/gpg | apt-key add - \ && echo "deb [arch=amd64] https://apt.releases.hashicorp.com focal main" > /etc/apt/sources.list.d/tf.list \ && apt-get update \ @@ -38,7 +39,7 @@ COPY . /viya4-iac-k8s/ ENV HOME=/viya4-iac-k8s -RUN pip install -r ./requirements.txt \ +RUN pip install -r ./requirements.txt --no-cache-dir \ && ansible-galaxy install -r ./requirements.yaml \ && chmod 755 /viya4-iac-k8s/docker-entrypoint.sh /viya4-iac-k8s/oss-k8s.sh \ && terraform init \ From 53f7d5449fc5bebf01ecc43af506da2def7c3baa Mon Sep 17 00:00:00 2001 From: jarpat Date: Fri, 16 Jun 2023 13:49:53 -0400 Subject: [PATCH 08/30] resolve additional Hadolint warnings --- Dockerfile | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/Dockerfile b/Dockerfile index 8b658be..0471839 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,7 +1,7 @@ # Base layer FROM ubuntu:22.04 as baseline -RUN apt-get update && apt-get upgrade -y \ - && apt-get install -y python3 python3-dev python3-pip curl unzip gnupg \ +RUN apt-get update && apt-get upgrade -y --no-install-recommends \ + && apt-get install -y python3 python3-dev python3-pip curl unzip gnupg --no-install-recommends \ && update-alternatives --install /usr/bin/python python /usr/bin/python3 1 \ && update-alternatives --install /usr/bin/pip pip /usr/bin/pip3 1 \ && apt-get clean && rm -rf /var/lib/apt/lists/* @@ -18,16 +18,16 @@ SHELL ["/bin/bash", "-o", "pipefail", "-c"] RUN curl -fsSL https://apt.releases.hashicorp.com/gpg | apt-key add - \ && echo "deb [arch=amd64] https://apt.releases.hashicorp.com focal main" > /etc/apt/sources.list.d/tf.list \ && apt-get update \ - && curl -sLO https://storage.googleapis.com/kubernetes-release/release/v{$KUBECTL_VERSION}/bin/linux/amd64/kubectl && chmod 755 ./kubectl \ + && curl -sLO https://storage.googleapis.com/kubernetes-release/release/v$KUBECTL_VERSION/bin/linux/amd64/kubectl && chmod 755 ./kubectl \ && curl -ksLO https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 && chmod 755 get-helm-3 \ && ./get-helm-3 --version v$HELM_VERSION --no-sudo \ - && apt-get install -y terraform=$TERRAFORM_VERSION \ + && apt-get install -y terraform=$TERRAFORM_VERSION --no-install-recommends \ && apt-get clean && rm -rf /var/lib/apt/lists/* # Installation steps FROM baseline -RUN apt-get update && apt-get -y install git sshpass jq \ +RUN apt-get update && apt-get -y install git sshpass jq --no-install-recommends \ && apt-get clean && rm -rf /var/lib/apt/lists/* COPY --from=tool_builder /usr/local/bin/helm /usr/local/bin/helm From 8aa4eb849ad1148d581c89e79f29b7711b01239c Mon Sep 17 00:00:00 2001 From: jarpat Date: Fri, 16 Jun 2023 13:56:01 -0400 Subject: [PATCH 09/30] resolve ShellCheck warnings --- docker-entrypoint.sh | 2 +- oss-k8s.sh | 12 ++++++------ 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index 166e6df..141bac5 100644 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -9,4 +9,4 @@ set -e echo "viya4-iac-k8s:x:$(id -u):$(id -g)::/viya4-iac-k8s:/bin/bash" >> /etc/passwd echo "viya4-iac-k8s:x:$(id -G | cut -d' ' -f 2):" >> /etc/group -exec /viya4-iac-k8s/oss-k8s.sh $@ +exec /viya4-iac-k8s/oss-k8s.sh "$@" diff --git a/oss-k8s.sh b/oss-k8s.sh index 2f53323..ccefb69 100755 --- a/oss-k8s.sh +++ b/oss-k8s.sh @@ -147,7 +147,7 @@ fi # Determine what arguments have been passed and store # those values in a known order -for arg in ${ARGS[@]}; do +for arg in "${ARGS[@]}"; do if [[ "$arg" == "apply" ]]; then arguments[0]=apply fi @@ -185,7 +185,7 @@ update_items=( update ) destruction_items=( uninstall cleanup destroy ) external_items=( k tf helm ) -for item in ${arguments[@]}; do +for item in "${arguments[@]}"; do if [[ " ${creation_items[*]} " =~ " $item " ]]; then creation_flag=true fi @@ -197,7 +197,7 @@ for item in ${arguments[@]}; do fi done -for item in ${ARGS[@]}; do +for item in "${ARGS[@]}"; do if [[ " ${external_items[*]} " =~ " $item " ]]; then external_flag=true fi @@ -247,15 +247,15 @@ if [ "$external_flag" = true ] && [ "$validated_args" = true ]; then while [ "${#ARGS[@]}" -gt 0 ]; do case "$1" in helm ) - helm ${@:2} + helm "${@:2}" exit "$?" ;; k|kubtctl ) - kubectl ${@:2} + kubectl "${@:2}" exit "$?" ;; tf|terraform ) - terraform $2 -state $TFSTATE ${@:3} + terraform $2 -state $TFSTATE "${@:3}" exit "$?" ;; esac From 435ab210c40e2d0e0ad401f342252ac75db54962 Mon Sep 17 00:00:00 2001 From: jarpat Date: Fri, 16 Jun 2023 14:11:16 -0400 Subject: [PATCH 10/30] address TFLint warnings --- docs/CONFIG-VARS.md | 1 - docs/REQUIREMENTS.md | 2 -- examples/vsphere/sample-terraform-dhcp.tfvars | 1 - .../vsphere/sample-terraform-minimal.tfvars | 1 - .../vsphere/sample-terraform-static-ips.tfvars | 1 - .../sample-terraform-static-singlestore.tfvars | 1 - examples/vsphere/sample-terraform-vi.tfvars | 1 - linting-configs/.tflint.hcl | 18 +++++++++--------- locals.tf | 2 +- modules/server/main.tf | 2 +- modules/server/variables.tf | 4 ---- modules/vm/main.tf | 6 +++--- variables.tf | 7 +------ 13 files changed, 15 insertions(+), 32 deletions(-) diff --git a/docs/CONFIG-VARS.md b/docs/CONFIG-VARS.md index 280db09..2dfd57b 100644 --- a/docs/CONFIG-VARS.md +++ b/docs/CONFIG-VARS.md @@ -52,7 +52,6 @@ Terraform input variables can be set in the following ways: | Name | Description | Type | Default | Notes | | :--- | :--- | :--- | :--- | :--- | | vsphere_server | Name of the vSphere server | string | | | -| vsphere_cluster | Name of the vSphere cluster | string | | | | vsphere_datacenter | Name of the vSphere data center | string | | | | vsphere_datastore | Name of the vSphere data store to use for the VMs | string | | | | vsphere_resource_pool | Name of the vSphere resource pool to use for the VMs | string | | | diff --git a/docs/REQUIREMENTS.md b/docs/REQUIREMENTS.md index a8945cb..3dcc4cb 100644 --- a/docs/REQUIREMENTS.md +++ b/docs/REQUIREMENTS.md @@ -55,7 +55,6 @@ In order to leverage vSphere or vCenter, the following items are required for us | vSphere Item | Description | | --- | :--- | -|vsphere_cluster | Name of the vSphere cluster | |vsphere_datacenter | Name of the vSphere data center | |vsphere_datastore | Name of the vSphere data store to use for the VMs | |vsphere_resource_pool | Name of the vSphere resource pool to use for the VMs | @@ -193,7 +192,6 @@ gateway = "10.18.0.1" # Gateway for servers netmask = "16" # Netmask providing network access to your gateway # vSphere -vsphere_cluster = "" # Name of the vSphere cluster vsphere_datacenter = "" # Name of the vSphere data center vsphere_datastore = "" # Name of the vSphere data store to use for the VMs vsphere_resource_pool = "" # Name of the vSphere resource pool to use for the VMs diff --git a/examples/vsphere/sample-terraform-dhcp.tfvars b/examples/vsphere/sample-terraform-dhcp.tfvars index 1fed95a..a3a2857 100644 --- a/examples/vsphere/sample-terraform-dhcp.tfvars +++ b/examples/vsphere/sample-terraform-dhcp.tfvars @@ -7,7 +7,6 @@ netmask = "" # Network interface netmask # vSphere vsphere_server = "" # Name of the vSphere server -vsphere_cluster = "" # Name of the vSphere cluster vsphere_datacenter = "" # Name of the vSphere data center vsphere_datastore = "" # Name of the vSphere data store to use for the VMs vsphere_resource_pool = "" # Name of the vSphere resource pool to use for the VMs diff --git a/examples/vsphere/sample-terraform-minimal.tfvars b/examples/vsphere/sample-terraform-minimal.tfvars index b061604..836e967 100644 --- a/examples/vsphere/sample-terraform-minimal.tfvars +++ b/examples/vsphere/sample-terraform-minimal.tfvars @@ -7,7 +7,6 @@ netmask = "" # Network interface netmask # vSphere vsphere_server = "" # Name of the vSphere server -vsphere_cluster = "" # Name of the vSphere cluster vsphere_datacenter = "" # Name of the vSphere data center vsphere_datastore = "" # Name of the vSphere data store to use for the VMs vsphere_resource_pool = "" # Name of the vSphere resource pool to use for the VMs diff --git a/examples/vsphere/sample-terraform-static-ips.tfvars b/examples/vsphere/sample-terraform-static-ips.tfvars index 265c47b..f522688 100644 --- a/examples/vsphere/sample-terraform-static-ips.tfvars +++ b/examples/vsphere/sample-terraform-static-ips.tfvars @@ -7,7 +7,6 @@ netmask = "" # Network interface netmask # vSphere vsphere_server = "" # Name of the vSphere server -vsphere_cluster = "" # Name of the vSphere cluster vsphere_datacenter = "" # Name of the vSphere data center vsphere_datastore = "" # Name of the vSphere data store to use for the VMs vsphere_resource_pool = "" # Name of the vSphere resource pool to use for the VMs diff --git a/examples/vsphere/sample-terraform-static-singlestore.tfvars b/examples/vsphere/sample-terraform-static-singlestore.tfvars index babbc86..942dd68 100644 --- a/examples/vsphere/sample-terraform-static-singlestore.tfvars +++ b/examples/vsphere/sample-terraform-static-singlestore.tfvars @@ -7,7 +7,6 @@ netmask = "" # Network interface netmask # vSphere vsphere_server = "" # Name of the vSphere server -vsphere_cluster = "" # Name of the vSphere cluster vsphere_datacenter = "" # Name of the vSphere data center vsphere_datastore = "" # Name of the vSphere data store to use for the VMs vsphere_resource_pool = "" # Name of the vSphere resource pool to use for the VMs diff --git a/examples/vsphere/sample-terraform-vi.tfvars b/examples/vsphere/sample-terraform-vi.tfvars index 4044733..e881338 100644 --- a/examples/vsphere/sample-terraform-vi.tfvars +++ b/examples/vsphere/sample-terraform-vi.tfvars @@ -7,7 +7,6 @@ netmask = "" # Network interface netmask # vSphere vsphere_server = "" # Name of the vSphere server -vsphere_cluster = "" # Name of the vSphere cluster vsphere_datacenter = "" # Name of the vSphere data center vsphere_datastore = "" # Name of the vSphere data store to use for the VMs vsphere_resource_pool = "" # Name of the vSphere resource pool to use for the VMs diff --git a/linting-configs/.tflint.hcl b/linting-configs/.tflint.hcl index 2a42623..337cfd6 100644 --- a/linting-configs/.tflint.hcl +++ b/linting-configs/.tflint.hcl @@ -16,12 +16,12 @@ plugin "terraform" { preset = "recommended" } -## We specify the versions and providers in the top level versions.tf. -## This stops it from throwing a warning when scanning our modules -## in viya4-iac-gcp/modules/ -#rule "terraform_required_version" { -# enabled = false -#} -#rule "terraform_required_providers" { -# enabled = false -#} +# We specify the versions and providers in the top level versions.tf. +# This stops it from throwing a warning when scanning our modules +# in ./modules +rule "terraform_required_version" { + enabled = false +} +rule "terraform_required_providers" { + enabled = false +} diff --git a/locals.tf b/locals.tf index 5953478..16e8ab1 100644 --- a/locals.tf +++ b/locals.tf @@ -19,7 +19,7 @@ locals { ## System nodes system_nodes = local.node_pools == null ? {} : { for k, v in local.node_pools : k => v if k == "system" } - system_node_ips = flatten(sort(flatten([for item in values(module.system) : values(item)]))) + # system_node_ips = flatten(sort(flatten([for item in values(module.system) : values(item)]))) not used, ref for future use ## Nodes nodes = local.node_pools == null ? {} : { for k, v in local.node_pools : k => v if(k != "control_plane" && k != "system") } diff --git a/modules/server/main.tf b/modules/server/main.tf index 8079e83..a2df3a2 100644 --- a/modules/server/main.tf +++ b/modules/server/main.tf @@ -37,7 +37,7 @@ resource "vsphere_virtual_machine" "server" { disk { label = "disk0" size = var.disk_size - thin_provisioned = data.vsphere_virtual_machine.template.disks.0.thin_provisioned + thin_provisioned = data.vsphere_virtual_machine.template.disks[0].thin_provisioned } clone { diff --git a/modules/server/variables.tf b/modules/server/variables.tf index 60741c4..8e5abe9 100644 --- a/modules/server/variables.tf +++ b/modules/server/variables.tf @@ -25,10 +25,6 @@ variable "cluster_domain" { type = string } -variable "cluster_name" { - type = string -} - variable "datacenter_id" { type = string } diff --git a/modules/vm/main.tf b/modules/vm/main.tf index dc845cf..3b4ca6d 100644 --- a/modules/vm/main.tf +++ b/modules/vm/main.tf @@ -18,7 +18,7 @@ data "vsphere_virtual_machine" "template" { locals { static_config = (length(var.ip_addresses) > 0 ? true : false) - ip_addresses = local.static_config ? var.ip_addresses : vsphere_virtual_machine.dhcp.*.default_ip_address + ip_addresses = local.static_config ? var.ip_addresses : vsphere_virtual_machine.dhcp[*].default_ip_address } resource "vsphere_virtual_machine" "static" { @@ -43,7 +43,7 @@ resource "vsphere_virtual_machine" "static" { disk { label = "os-disk-01" size = var.disk_size - thin_provisioned = data.vsphere_virtual_machine.template.disks.0.thin_provisioned + thin_provisioned = data.vsphere_virtual_machine.template.disks[0].thin_provisioned unit_number = 0 } dynamic "disk" { @@ -99,7 +99,7 @@ resource "vsphere_virtual_machine" "dhcp" { disk { label = "os-disk-01" size = var.disk_size - thin_provisioned = data.vsphere_virtual_machine.template.disks.0.thin_provisioned + thin_provisioned = data.vsphere_virtual_machine.template.disks[0].thin_provisioned unit_number = 0 } dynamic "disk" { diff --git a/variables.tf b/variables.tf index fd9ee83..279c87b 100644 --- a/variables.tf +++ b/variables.tf @@ -31,12 +31,6 @@ variable "vsphere_password" { default = null } -variable "vsphere_cluster" { - type = string - description = "This is the name of the vSphere cluster." - default = null -} - variable "vsphere_datacenter" { type = string description = "This is the name of the vSphere data center." @@ -89,6 +83,7 @@ variable "nat_ip" { } variable "netmask" { + type = number description = "Netmask (if using static ips)" default = 16 } From 612ccdb3961e0a476b7ae010468852c911fe37b3 Mon Sep 17 00:00:00 2001 From: jarpat Date: Fri, 16 Jun 2023 14:12:22 -0400 Subject: [PATCH 11/30] terraform fmt --- locals.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/locals.tf b/locals.tf index 16e8ab1..719e405 100644 --- a/locals.tf +++ b/locals.tf @@ -18,7 +18,7 @@ locals { control_plane_ips = flatten(sort(flatten([for item in values(module.control_plane) : values(item)]))) ## System nodes - system_nodes = local.node_pools == null ? {} : { for k, v in local.node_pools : k => v if k == "system" } + system_nodes = local.node_pools == null ? {} : { for k, v in local.node_pools : k => v if k == "system" } # system_node_ips = flatten(sort(flatten([for item in values(module.system) : values(item)]))) not used, ref for future use ## Nodes From 3984f812d2534dc3fc57d73b304885f25865862f Mon Sep 17 00:00:00 2001 From: jarpat Date: Fri, 16 Jun 2023 15:06:32 -0400 Subject: [PATCH 12/30] workflow file doc --- .github/workflows/linter-analysis.yaml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/linter-analysis.yaml b/.github/workflows/linter-analysis.yaml index 91b8cda..c01d415 100644 --- a/.github/workflows/linter-analysis.yaml +++ b/.github/workflows/linter-analysis.yaml @@ -69,6 +69,8 @@ jobs: - name: Checkout Repo uses: actions/checkout@v3 + # The latest ansible/ansible-lint-action removed the + # ability to specify configs from other dirs - name: Copy Config to Parent Level Directory run: cp $(pwd)/linting-configs/.ansible-lint . @@ -78,7 +80,7 @@ jobs: - name: Updates requirements extension run: cp $(pwd)/requirements.yaml requirements.yml - - name: Install requirements.yml + - name: Install requirements.yaml run: ansible-galaxy install -r ./requirements.yaml - name: Run ansible-lint Action From fbbd8f336e508c1206cf6facb638c471775085a5 Mon Sep 17 00:00:00 2001 From: jarpat Date: Fri, 16 Jun 2023 15:44:16 -0400 Subject: [PATCH 13/30] initial set of ansible-lint fixes --- examples/bare-metal/sample-ansible-vars.yaml | 6 +- linting-configs/.ansible-lint | 15 +--- playbooks/kubernetes-install.yaml | 2 +- roles/kubernetes/common/defaults/main.yaml | 1 + roles/kubernetes/common/tasks/main.yaml | 20 ++--- .../init/primary/defaults/main.yaml | 1 + .../init/primary/tasks/main.yaml | 10 +-- .../init/secondary/tasks/main.yaml | 4 +- .../control_plane/removal/tasks/main.yaml | 3 +- .../cri/containerd/defaults/main.yaml | 1 + .../kubernetes/cri/containerd/tasks/main.yaml | 30 +++---- roles/kubernetes/cri/cri-o/tasks/main.yaml | 22 ++--- roles/kubernetes/cri/docker/tasks/main.yaml | 36 ++++---- .../alter_server_settings/defaults/main.yaml | 1 + .../postgres/create_databases/tasks/main.yaml | 3 +- .../loadbalancer/metallb/defaults/main.yaml | 1 + .../metrics/metrics-server/defaults/main.yaml | 1 + roles/kubernetes/misc/tasks/main.yaml | 3 +- .../kubernetes/node/baseline/tasks/main.yaml | 4 +- roles/kubernetes/node/removal/tasks/main.yaml | 8 +- .../sas-iac-buildinfo/tasks/main.yaml | 62 +++++++------- .../defaults/main.yaml | 3 +- .../tasks/main.yaml | 2 +- .../defaults/main.yaml | 83 ++++++++++--------- .../tasks/main.yaml | 4 +- roles/kubernetes/toolbox/tasks/main.yaml | 24 +++--- roles/kubernetes/vip/primary/tasks/main.yaml | 2 +- .../kubernetes/vip/secondary/tasks/main.yaml | 2 +- roles/systems/bare_metal/init/tasks/main.yaml | 5 +- roles/systems/common/tasks/main.yaml | 12 +-- .../container_registry/harbor/tasks/main.yaml | 44 +++++----- roles/systems/jump_server/tasks/main.yaml | 8 +- roles/systems/nfs_server/tasks/main.yaml | 6 +- roles/systems/postgres/defaults/main.yaml | 1 + roles/systems/postgres/tasks/main.yaml | 20 ++--- roles/systems/vsphere/init/tasks/main.yaml | 6 +- 36 files changed, 228 insertions(+), 228 deletions(-) diff --git a/examples/bare-metal/sample-ansible-vars.yaml b/examples/bare-metal/sample-ansible-vars.yaml index f462449..cc479b6 100644 --- a/examples/bare-metal/sample-ansible-vars.yaml +++ b/examples/bare-metal/sample-ansible-vars.yaml @@ -31,7 +31,7 @@ kubernetes_service_subnet : "" kubernetes_pod_subnet : "" # Kubernetes - VIP : https://kube-vip.io -# +# # Useful links: # # VIP IP : https://kube-vip.io/docs/installation/static/ @@ -72,7 +72,7 @@ kubernetes_loadbalancer : "" # Load Balancer accepted values [kube_vip,metallb] # - "192.168.10.0/24" # - "192.168.9.1-192.168.9.5" # -# NOTE: If you are assigning a static IP using the loadBalancerIP value in your +# NOTE: If you are assigning a static IP using the loadBalancerIP value in your # load balancer controller when using `metallb` that IP must fall within the # address range you provide below. If you are using `kube_vip` you do not # have this limitation. @@ -105,7 +105,7 @@ control_plane_ssh_key_name : "cp_ssh" # NOTE: There are no quotes around the label and taint elements # These are literal converted to strings when applying # into the cluster -# +# ## Labels node_labels: diff --git a/linting-configs/.ansible-lint b/linting-configs/.ansible-lint index 0e8531e..17a52eb 100644 --- a/linting-configs/.ansible-lint +++ b/linting-configs/.ansible-lint @@ -3,11 +3,6 @@ profile: moderate -# parseable: true -# quiet: true -# strict: true -# verbosity: 1 - # Enforce variable names to follow pattern below, in addition to Ansible own # requirements, like avoiding python identifiers. To disable add `var-naming` # to skip_list. @@ -21,7 +16,8 @@ use_default_rules: true # on a new line. skip_list: - role-name # roles are dynamically selected based on user's choice so we do need to use paths -# - yaml[line-length] + - yaml[line-length] # It's easier to understand/debug the underlying command when it's not broken up, excessively long lines that make sense to split up should be caught during code review, + # - command-instead-of-shell # - command-instead-of-module # - name[play] # some of our plays are dynamic so a static name would not work TODO @@ -36,13 +32,6 @@ enable_list: - no-same-owner - yaml -# Ansible-lint does not fail on warnings from the rules or tags listed below -#warn_list: -# - skip_this_tag -# - experimental # experimental is included in the implicit list -# - role-name -# - yaml[document-start] # you can also use sub-rule matches - # Offline mode disables installation of requirements.yml and schema refreshing offline: false diff --git a/playbooks/kubernetes-install.yaml b/playbooks/kubernetes-install.yaml index 3ef9d83..e112549 100644 --- a/playbooks/kubernetes-install.yaml +++ b/playbooks/kubernetes-install.yaml @@ -69,7 +69,7 @@ # Alter PostgreSQL server and add PostgreSQL databases - hosts: postgres become: true - become_user: postgres + become_user: postgres roles: - { role: kubernetes/database/postgres/alter_server_settings } - { role: kubernetes/database/postgres/create_databases } diff --git a/roles/kubernetes/common/defaults/main.yaml b/roles/kubernetes/common/defaults/main.yaml index 4cbf14b..c654d27 100644 --- a/roles/kubernetes/common/defaults/main.yaml +++ b/roles/kubernetes/common/defaults/main.yaml @@ -1,3 +1,4 @@ +--- # Copyright © 2022-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. # SPDX-License-Identifier: Apache-2.0 diff --git a/roles/kubernetes/common/tasks/main.yaml b/roles/kubernetes/common/tasks/main.yaml index 4489498..f585734 100644 --- a/roles/kubernetes/common/tasks/main.yaml +++ b/roles/kubernetes/common/tasks/main.yaml @@ -30,7 +30,7 @@ ansible.builtin.package: name: '*' state: latest - update_cache: yes # Proxied command for apt : apt-get update + update_cache: true # Proxied command for apt : apt-get update when: - ansible_distribution == "Ubuntu" and (ansible_distribution_version == "20.04" or ansible_distribution_version == "22.04") - deployment_type == "bare_metal" @@ -43,7 +43,7 @@ - name: Retrieve contents of /etc/default/grub ansible.builtin.shell: cat /etc/default/grub register: grub_content - changed_when: False + changed_when: false - name: Retrieve existing GRUB_CMDLINE_LINUX options, if any set_fact: @@ -65,7 +65,7 @@ line: 'GRUB_CMDLINE_LINUX="{{ grub_cmdline_updated }}"' owner: root group: root - mode: '0644' + mode: "0644" - name: Update GRUB ansible.builtin.command: update-grub @@ -91,7 +91,7 @@ tags: - install - update - + # - name: Disable the firewalld - for RHEL based operating systems # systemd: # name: firewalld @@ -115,7 +115,7 @@ # ansible_python_interpreter: /usr/bin/python3 # tags: # - install - + - name: Adding SAS certs become: true ansible.builtin.shell: | @@ -134,16 +134,16 @@ state: present vars: packages: - - sshpass + - sshpass tags: - install - update - name: Installing helm ansible.builtin.shell: | - curl -ksLO https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 - chmod 755 get-helm-3 - ./get-helm-3 --version v{{ helm_version }} --no-sudo + curl -ksLO https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 + chmod 755 get-helm-3 + ./get-helm-3 --version v{{ helm_version }} --no-sudo tags: - install - update @@ -152,7 +152,7 @@ ansible.builtin.lineinfile: path: /etc/security/limits.conf insertbefore: '^# End of file' - line: "{{ item }}" + line: "{{ item }}" with_items: - '' - '* soft nproc 65535' diff --git a/roles/kubernetes/control_plane/init/primary/defaults/main.yaml b/roles/kubernetes/control_plane/init/primary/defaults/main.yaml index 6c2d9f8..78e1c53 100644 --- a/roles/kubernetes/control_plane/init/primary/defaults/main.yaml +++ b/roles/kubernetes/control_plane/init/primary/defaults/main.yaml @@ -1,3 +1,4 @@ +--- # Copyright © 2022-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. # SPDX-License-Identifier: Apache-2.0 diff --git a/roles/kubernetes/control_plane/init/primary/tasks/main.yaml b/roles/kubernetes/control_plane/init/primary/tasks/main.yaml index 963cc2c..be68ce4 100644 --- a/roles/kubernetes/control_plane/init/primary/tasks/main.yaml +++ b/roles/kubernetes/control_plane/init/primary/tasks/main.yaml @@ -6,7 +6,7 @@ ansible.builtin.template: src: "templates/{{ item }}.j2" dest: "/etc/kubernetes/{{ item }}.yaml" - mode: '0600' + mode: "0600" with_items: - kubeadm-config tags: @@ -23,7 +23,7 @@ ansible.builtin.file: path: ~/.kube state: directory - mode: '0755' + mode: "0755" tags: - install @@ -41,8 +41,8 @@ dest: ~/.kube/config owner: root group: root - mode: '0600' - remote_src: yes + mode: "0600" + remote_src: true tags: - install @@ -50,6 +50,6 @@ ansible.builtin.fetch: src: /etc/kubernetes/admin.conf dest: "{{ inventory_dir }}/{{ kubernetes_cluster_name }}-kubeconfig.conf" - flat: yes + flat: true tags: - install diff --git a/roles/kubernetes/control_plane/init/secondary/tasks/main.yaml b/roles/kubernetes/control_plane/init/secondary/tasks/main.yaml index 6c77294..db13525 100644 --- a/roles/kubernetes/control_plane/init/secondary/tasks/main.yaml +++ b/roles/kubernetes/control_plane/init/secondary/tasks/main.yaml @@ -6,7 +6,7 @@ ansible.builtin.file: path: /etc/kubernetes/{{ item }} state: directory - mode: '0755' + mode: "0755" owner: root group: root with_items: @@ -17,7 +17,7 @@ - update - name: Copy Kubernetes primary control plane PKI files to secondary control plane k8s_nodes - ansible.posix.synchronize: + ansible.posix.synchronize: src: /etc/kubernetes/pki/{{ item }} dest: /etc/kubernetes/pki/{{ item }} delegate_to: "{{groups['k8s_control_plane'][0]}}" diff --git a/roles/kubernetes/control_plane/removal/tasks/main.yaml b/roles/kubernetes/control_plane/removal/tasks/main.yaml index d8cf8b2..da0b025 100644 --- a/roles/kubernetes/control_plane/removal/tasks/main.yaml +++ b/roles/kubernetes/control_plane/removal/tasks/main.yaml @@ -1,3 +1,4 @@ +--- # Copyright © 2022-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. # SPDX-License-Identifier: Apache-2.0 @@ -5,4 +6,4 @@ ansible.builtin.shell: | kubeadm reset --force tags: - uninstall + - uninstall diff --git a/roles/kubernetes/cri/containerd/defaults/main.yaml b/roles/kubernetes/cri/containerd/defaults/main.yaml index af76b0f..08dd5f4 100644 --- a/roles/kubernetes/cri/containerd/defaults/main.yaml +++ b/roles/kubernetes/cri/containerd/defaults/main.yaml @@ -1,3 +1,4 @@ +--- # Copyright © 2022-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. # SPDX-License-Identifier: Apache-2.0 diff --git a/roles/kubernetes/cri/containerd/tasks/main.yaml b/roles/kubernetes/cri/containerd/tasks/main.yaml index 3b3cbd6..200e48f 100644 --- a/roles/kubernetes/cri/containerd/tasks/main.yaml +++ b/roles/kubernetes/cri/containerd/tasks/main.yaml @@ -11,17 +11,17 @@ # Task to Remove existing containerd installations - name: Uninstall old Docker/Containerd versions - ansible.builtin.package: + ansible.builtin.package: name: "{{ packages }}" state: absent vars: packages: - - docker - - docker-engine - - docker.io - - containerd - - containerd.io - - runc + - docker + - docker-engine + - docker.io + - containerd + - containerd.io + - runc ignore_errors: true tags: - install @@ -33,12 +33,12 @@ state: present vars: packages: - - apt-transport-https # Also needed for kubeadm tooling - - ca-certificates # Also needed for kubeadm tooling - - curl # Also needed for kubeadm tooling - - gnupg2 - - lsb-release - - software-properties-common + - apt-transport-https # Also needed for kubeadm tooling + - ca-certificates # Also needed for kubeadm tooling + - curl # Also needed for kubeadm tooling + - gnupg2 + - lsb-release + - software-properties-common tags: - install - update @@ -142,7 +142,7 @@ ansible.builtin.file: path: /etc/containerd state: directory - mode: '0755' + mode: "0755" tags: - install - update @@ -180,7 +180,7 @@ - name: Enabling and starting containerd to start now and on boot ansible.builtin.systemd: name: containerd.service - enabled: yes + enabled: true state: restarted tags: - install diff --git a/roles/kubernetes/cri/cri-o/tasks/main.yaml b/roles/kubernetes/cri/cri-o/tasks/main.yaml index c84e354..c0ebdbd 100644 --- a/roles/kubernetes/cri/cri-o/tasks/main.yaml +++ b/roles/kubernetes/cri/cri-o/tasks/main.yaml @@ -16,12 +16,12 @@ state: present vars: packages: - - apt-transport-https # Also needed for kubeadm tooling - - ca-certificates # Also needed for kubeadm tooling - - curl # Also needed for kubeadm tooling - - gnupg2 - - lsb-release - - software-properties-common + - apt-transport-https # Also needed for kubeadm tooling + - ca-certificates # Also needed for kubeadm tooling + - curl # Also needed for kubeadm tooling + - gnupg2 + - lsb-release + - software-properties-common tags: - install - update @@ -44,7 +44,7 @@ tags: - install - update - + - name: Installing the cri-o libcontainers-archive-keyring key ansible.builtin.apt_key: url: https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/{{ os }}/Release.key @@ -125,8 +125,8 @@ state: present vars: packages: - - cri-o - - cri-o-runc + - cri-o + - cri-o-runc when: ansible_distribution == "Ubuntu" and (ansible_distribution_version == "20.04" or ansible_distribution_version == "22.04") tags: - install @@ -143,7 +143,7 @@ ansible.builtin.copy: src: files/10-cri-ipv4-bridge.conf dest: /etc/cni/net.d/10-cri-ipv4-bridge.conf - mode: '0644' + mode: "0644" tags: - install - update @@ -151,7 +151,7 @@ - name: Enabling and starting cri-o to start now and on boot ansible.builtin.systemd: name: cri-o.service - enabled: yes + enabled: true state: restarted tags: - install diff --git a/roles/kubernetes/cri/docker/tasks/main.yaml b/roles/kubernetes/cri/docker/tasks/main.yaml index 33bb052..0b5c462 100644 --- a/roles/kubernetes/cri/docker/tasks/main.yaml +++ b/roles/kubernetes/cri/docker/tasks/main.yaml @@ -12,16 +12,16 @@ # Task to Remove existing Docker installations - name: Uninstall old Docker versions - ansible.builtin.package: + ansible.builtin.package: name: "{{ packages }}" state: absent vars: packages: - - docker - - docker-engine - - docker.io - - containerd - - runc + - docker + - docker-engine + - docker.io + - containerd + - runc ignore_errors: true tags: - install @@ -33,11 +33,11 @@ state: present vars: packages: - - apt-transport-https # Also needed for kubeadm tooling - - ca-certificates # Also needed for kubeadm tooling - - curl # Also needed for kubeadm tooling - - gnupg - - lsb-release + - apt-transport-https # Also needed for kubeadm tooling + - ca-certificates # Also needed for kubeadm tooling + - curl # Also needed for kubeadm tooling + - gnupg + - lsb-release tags: - install - update @@ -70,9 +70,9 @@ state: present vars: packages: - - docker-ce - - docker-ce-cli - - containerd.io + - docker-ce + - docker-ce-cli + - containerd.io tags: - install - update @@ -100,7 +100,7 @@ ansible.builtin.user: name: devops groups: docker - append: yes + append: true tags: - install - update @@ -109,7 +109,7 @@ - name: Setting up docker to start on boot ansible.builtin.systemd: name: docker.service - enabled: yes + enabled: true tags: - install - update @@ -117,7 +117,7 @@ - name: Setting up containerd to start on boot ansible.builtin.systemd: name: containerd.service - enabled: yes + enabled: true tags: - install - update @@ -164,7 +164,7 @@ - name: Restart systemd ansible.builtin.systemd: - daemon_reload: yes + daemon_reload: true tags: - install - update diff --git a/roles/kubernetes/database/postgres/alter_server_settings/defaults/main.yaml b/roles/kubernetes/database/postgres/alter_server_settings/defaults/main.yaml index 91ef306..a3c1261 100644 --- a/roles/kubernetes/database/postgres/alter_server_settings/defaults/main.yaml +++ b/roles/kubernetes/database/postgres/alter_server_settings/defaults/main.yaml @@ -1,3 +1,4 @@ +--- # Copyright © 2022-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. # SPDX-License-Identifier: Apache-2.0 diff --git a/roles/kubernetes/database/postgres/create_databases/tasks/main.yaml b/roles/kubernetes/database/postgres/create_databases/tasks/main.yaml index bfa7f03..465d05d 100644 --- a/roles/kubernetes/database/postgres/create_databases/tasks/main.yaml +++ b/roles/kubernetes/database/postgres/create_databases/tasks/main.yaml @@ -3,7 +3,7 @@ --- # TODO: Make "SharedServices" a variable -- name: Create SharedServices database +- name: Create SharedServices database ansible.builtin.shell: | echo 'CREATE DATABASE "SharedServices";' >> /tmp/postgres_databases.psql echo 'GRANT ALL PRIVILEGES ON DATABASE "SharedServices" TO {{ postgres_administrator_login }} ;' >> /tmp/postgres_databases.psql @@ -12,4 +12,3 @@ tags: - install - update - diff --git a/roles/kubernetes/loadbalancer/metallb/defaults/main.yaml b/roles/kubernetes/loadbalancer/metallb/defaults/main.yaml index 420c938..2966bcb 100644 --- a/roles/kubernetes/loadbalancer/metallb/defaults/main.yaml +++ b/roles/kubernetes/loadbalancer/metallb/defaults/main.yaml @@ -1,3 +1,4 @@ +--- # Copyright © 2022-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. # SPDX-License-Identifier: Apache-2.0 diff --git a/roles/kubernetes/metrics/metrics-server/defaults/main.yaml b/roles/kubernetes/metrics/metrics-server/defaults/main.yaml index ffa1610..818d456 100644 --- a/roles/kubernetes/metrics/metrics-server/defaults/main.yaml +++ b/roles/kubernetes/metrics/metrics-server/defaults/main.yaml @@ -1,3 +1,4 @@ +--- # Copyright © 2022-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. # SPDX-License-Identifier: Apache-2.0 diff --git a/roles/kubernetes/misc/tasks/main.yaml b/roles/kubernetes/misc/tasks/main.yaml index 926d057..484abb2 100644 --- a/roles/kubernetes/misc/tasks/main.yaml +++ b/roles/kubernetes/misc/tasks/main.yaml @@ -1,9 +1,10 @@ +--- # Copyright © 2022-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. # SPDX-License-Identifier: Apache-2.0 - name: Secure kube config file ansible.builtin.file: path: "{{ iac_inventory_dir }}/{{ kubernetes_cluster_name }}-kubeconfig.conf" - mode: '0600' + mode: "0600" tags: - install diff --git a/roles/kubernetes/node/baseline/tasks/main.yaml b/roles/kubernetes/node/baseline/tasks/main.yaml index d017441..7448845 100644 --- a/roles/kubernetes/node/baseline/tasks/main.yaml +++ b/roles/kubernetes/node/baseline/tasks/main.yaml @@ -17,7 +17,7 @@ - name: Start rpc-statd ansible.builtin.systemd: name: rpc-statd.service - enabled: yes + enabled: true state: started tags: - install @@ -38,7 +38,7 @@ state: directory owner: "{{ owner }}" group: "{{ group }}" - mode: 0777 + mode: "0777" ignore_errors: true tags: - install diff --git a/roles/kubernetes/node/removal/tasks/main.yaml b/roles/kubernetes/node/removal/tasks/main.yaml index 8fdadc1..15d9e98 100644 --- a/roles/kubernetes/node/removal/tasks/main.yaml +++ b/roles/kubernetes/node/removal/tasks/main.yaml @@ -8,20 +8,20 @@ delegate_to: "{{groups['k8s_control_plane'][0]}}" ignore_errors: true tags: - uninstall + - uninstall - name: Resetting the state ansible.builtin.shell: | kubeadm reset --force ignore_errors: true tags: - uninstall + - uninstall - name: Clean up IPTables ansible.builtin.shell: | iptables -F && iptables -t nat -F && iptables -t mangle -F && iptables -X tags: - uninstall + - uninstall - name: Remove the node ansible.builtin.shell: | @@ -29,4 +29,4 @@ delegate_to: "{{groups['k8s_control_plane'][0]}}" ignore_errors: true tags: - uninstall + - uninstall diff --git a/roles/kubernetes/sas-iac-buildinfo/tasks/main.yaml b/roles/kubernetes/sas-iac-buildinfo/tasks/main.yaml index c3e5e67..16c361c 100644 --- a/roles/kubernetes/sas-iac-buildinfo/tasks/main.yaml +++ b/roles/kubernetes/sas-iac-buildinfo/tasks/main.yaml @@ -14,38 +14,38 @@ # have this code applied. # - block: - - name: Register Git HASH information - ansible.builtin.shell: | - cd "{{ k8s_tool_base }}" - "{{ k8s_tool_base }}/files/tools/iac_git_info.sh" - register: git_hash - tags: - - install - - update + - name: Register Git HASH information + ansible.builtin.shell: | + cd "{{ k8s_tool_base }}" + "{{ k8s_tool_base }}/files/tools/iac_git_info.sh" + register: git_hash + tags: + - install + - update - - name: Register IAC Tooling information - ansible.builtin.shell: | - cd "{{ k8s_tool_base }}" - "{{ k8s_tool_base }}/files/tools/iac_tooling_version.sh" - register: iac_tooling_version - tags: - - install - - update + - name: Register IAC Tooling information + ansible.builtin.shell: | + cd "{{ k8s_tool_base }}" + "{{ k8s_tool_base }}/files/tools/iac_tooling_version.sh" + register: iac_tooling_version + tags: + - install + - update - - name: Create the sas-iac-buildinfo ConfigMap manifest file - ansible.builtin.template: - src: "templates/sas-iac-buildinfo-cm.tmpl" - dest: "{{ iac_inventory_dir }}/sas-iac-buildinfo-cm.yaml" - mode: '0600' - tags: - - install - - update + - name: Create the sas-iac-buildinfo ConfigMap manifest file + ansible.builtin.template: + src: "templates/sas-iac-buildinfo-cm.tmpl" + dest: "{{ iac_inventory_dir }}/sas-iac-buildinfo-cm.yaml" + mode: "0600" + tags: + - install + - update - - name: Apply sas-iac-buildinfo ConfigMap into cluster - ansible.builtin.shell: | - export KUBECONFIG="{{ iac_inventory_dir }}/{{ kubernetes_cluster_name }}-kubeconfig.conf" - kubectl apply -f "{{ iac_inventory_dir }}/sas-iac-buildinfo-cm.yaml" - tags: - - install - - update + - name: Apply sas-iac-buildinfo ConfigMap into cluster + ansible.builtin.shell: | + export KUBECONFIG="{{ iac_inventory_dir }}/{{ kubernetes_cluster_name }}-kubeconfig.conf" + kubectl apply -f "{{ iac_inventory_dir }}/sas-iac-buildinfo-cm.yaml" + tags: + - install + - update when: deployment_type == 'vsphere' diff --git a/roles/kubernetes/storage/nfs-subdir-external-provisioner/defaults/main.yaml b/roles/kubernetes/storage/nfs-subdir-external-provisioner/defaults/main.yaml index 2b17114..718c70a 100644 --- a/roles/kubernetes/storage/nfs-subdir-external-provisioner/defaults/main.yaml +++ b/roles/kubernetes/storage/nfs-subdir-external-provisioner/defaults/main.yaml @@ -1,3 +1,4 @@ +--- # Copyright © 2022-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. # SPDX-License-Identifier: Apache-2.0 @@ -11,7 +12,7 @@ NFS_CLIENT_CONFIG: nfs: server: "{{ nfs_ip }}" path: /srv/nfs/kubernetes/sc/default - mountOptions: + mountOptions: - noatime - nodiratime - 'rsize=262144' diff --git a/roles/kubernetes/storage/nfs-subdir-external-provisioner/tasks/main.yaml b/roles/kubernetes/storage/nfs-subdir-external-provisioner/tasks/main.yaml index e93048b..d71aa58 100644 --- a/roles/kubernetes/storage/nfs-subdir-external-provisioner/tasks/main.yaml +++ b/roles/kubernetes/storage/nfs-subdir-external-provisioner/tasks/main.yaml @@ -9,7 +9,7 @@ # # Reference URL : https://docs.ansible.com/ansible/latest/inventory/implicit_localhost.html # -- name: Setting up default storage for the cluster using nfs-subdir-external-provisioner +- name: Setting up default storage for the cluster using nfs-subdir-external-provisioner kubernetes.core.helm: name: "{{ NFS_CLIENT_NAME }}" namespace: "{{ NFS_CLIENT_NAMESPACE }}" diff --git a/roles/kubernetes/storage/sig-storage-local-static-provisioner/defaults/main.yaml b/roles/kubernetes/storage/sig-storage-local-static-provisioner/defaults/main.yaml index 596b61a..b552a3c 100644 --- a/roles/kubernetes/storage/sig-storage-local-static-provisioner/defaults/main.yaml +++ b/roles/kubernetes/storage/sig-storage-local-static-provisioner/defaults/main.yaml @@ -1,3 +1,4 @@ +--- # Copyright © 2022-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. # SPDX-License-Identifier: Apache-2.0 @@ -24,49 +25,49 @@ LOCAL_VOLUME_CONFIG: storageClass: true daemonset: tolerations: - - effect: NoSchedule - key: workload.sas.com/class - operator: Equal - value: cas - - effect: NoSchedule - key: workload.sas.com/class - operator: Equal - value: stateless - - effect: NoSchedule - key: workload.sas.com/class - operator: Equal - value: stateful - - effect: NoSchedule - key: workload.sas.com/class - operator: Equal - value: singlestore + - effect: NoSchedule + key: workload.sas.com/class + operator: Equal + value: cas + - effect: NoSchedule + key: workload.sas.com/class + operator: Equal + value: stateless + - effect: NoSchedule + key: workload.sas.com/class + operator: Equal + value: stateful + - effect: NoSchedule + key: workload.sas.com/class + operator: Equal + value: singlestore affinity: nodeAffinity: preferredDuringSchedulingIgnoredDuringExecution: - - preference: - matchExpressions: - - key: workload.sas.com/class - operator: In - values: - - stateful - - stateless - - cas - - singlestore - matchFields: [] - weight: 100 - - preference: - matchExpressions: - - key: workload.sas.com/class - operator: NotIn - values: - - compute - matchFields: [] - weight: 50 + - preference: + matchExpressions: + - key: workload.sas.com/class + operator: In + values: + - stateful + - stateless + - cas + - singlestore + matchFields: [] + weight: 100 + - preference: + matchExpressions: + - key: workload.sas.com/class + operator: NotIn + values: + - compute + matchFields: [] + weight: 50 requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - - matchExpressions: - - key: kubernetes.azure.com/mode - operator: NotIn - values: - - system - matchFields: [] + - matchExpressions: + - key: kubernetes.azure.com/mode + operator: NotIn + values: + - system + matchFields: [] diff --git a/roles/kubernetes/storage/sig-storage-local-static-provisioner/tasks/main.yaml b/roles/kubernetes/storage/sig-storage-local-static-provisioner/tasks/main.yaml index 3a8ec4e..3645e62 100644 --- a/roles/kubernetes/storage/sig-storage-local-static-provisioner/tasks/main.yaml +++ b/roles/kubernetes/storage/sig-storage-local-static-provisioner/tasks/main.yaml @@ -16,7 +16,7 @@ tags: - install - update - + - name: Cloning sig-storage-local-static-provisioner ansible.builtin.git: repo: "{{ LOCAL_VOLUME_REPO }}" @@ -26,7 +26,7 @@ - install - update -- name: Setting up local storage for the cluster using sig-storage-local-static-provisioner +- name: Setting up local storage for the cluster using sig-storage-local-static-provisioner kubernetes.core.helm: name: "{{ LOCAL_VOLUME_NAME }}" namespace: "{{ LOCAL_VOLUME_NAMESPACE }}" diff --git a/roles/kubernetes/toolbox/tasks/main.yaml b/roles/kubernetes/toolbox/tasks/main.yaml index 840e38e..87de127 100644 --- a/roles/kubernetes/toolbox/tasks/main.yaml +++ b/roles/kubernetes/toolbox/tasks/main.yaml @@ -27,7 +27,7 @@ - install - update -- name: Set kubernetes version facts for crictl +- name: Set kubernetes version facts for crictl set_fact: k8s_version_semantic_parts: "{{ kubernetes_version.split('.') }}" when: kubernetes_cri|lower != 'docker' @@ -49,7 +49,7 @@ ansible.builtin.get_url: url: https://github.com/kubernetes-sigs/cri-tools/releases/download/v{{ k8s_major_version }}.{{ k8s_minor_version }}.0/crictl-v{{ k8s_major_version }}.{{ k8s_minor_version }}.0-linux-amd64.tar.gz dest: /tmp/crictl-v{{ k8s_major_version }}.{{ k8s_minor_version }}.0-linux-amd64.tar.gz - mode: '0755' + mode: "0755" when: kubernetes_cri|lower != 'docker' tags: - install @@ -59,7 +59,7 @@ ansible.builtin.unarchive: src: /tmp/crictl-v{{ k8s_major_version }}.{{ k8s_minor_version }}.0-linux-amd64.tar.gz dest: /usr/local/bin - remote_src: yes + remote_src: true when: kubernetes_cri|lower != 'docker' tags: - install @@ -108,11 +108,11 @@ - name: Update apt package index and install kubelet, kubeadm, kubectl ansible.builtin.apt: pkg: - - kubelet={{ kubernetes_version }}-00 - - kubeadm={{ kubernetes_version }}-00 - - kubectl={{ kubernetes_version }}-00 + - kubelet={{ kubernetes_version }}-00 + - kubeadm={{ kubernetes_version }}-00 + - kubectl={{ kubernetes_version }}-00 state: present - update_cache: yes + update_cache: true when: ansible_distribution == "Ubuntu" and (ansible_distribution_version == "20.04" or ansible_distribution_version == "22.04") tags: - install @@ -129,7 +129,7 @@ when: ansible_distribution == "Ubuntu" and (ansible_distribution_version == "20.04" or ansible_distribution_version == "22.04") tags: - install - + - name: Mark the packages to purge as we control the version ;) ansible.builtin.dpkg_selections: name: "{{ item }}" @@ -145,11 +145,11 @@ - name: Update apt package index and remove kubelet, kubeadm, kubectl ansible.builtin.apt: pkg: - - kubelet={{ kubernetes_version }}-00 - - kubeadm={{ kubernetes_version }}-00 - - kubectl={{ kubernetes_version }}-00 + - kubelet={{ kubernetes_version }}-00 + - kubeadm={{ kubernetes_version }}-00 + - kubectl={{ kubernetes_version }}-00 state: absent - update_cache: yes + update_cache: true when: ansible_distribution == "Ubuntu" and (ansible_distribution_version == "20.04" or ansible_distribution_version == "22.04") tags: - uninstall diff --git a/roles/kubernetes/vip/primary/tasks/main.yaml b/roles/kubernetes/vip/primary/tasks/main.yaml index 621869e..941bbd5 100644 --- a/roles/kubernetes/vip/primary/tasks/main.yaml +++ b/roles/kubernetes/vip/primary/tasks/main.yaml @@ -6,7 +6,7 @@ ansible.builtin.file: path: /etc/kubernetes/manifests state: directory - mode: '0755' + mode: "0755" tags: - install diff --git a/roles/kubernetes/vip/secondary/tasks/main.yaml b/roles/kubernetes/vip/secondary/tasks/main.yaml index cefafd2..52d8a8f 100644 --- a/roles/kubernetes/vip/secondary/tasks/main.yaml +++ b/roles/kubernetes/vip/secondary/tasks/main.yaml @@ -3,7 +3,7 @@ --- - name: Copy kube-vip manifest to secondary control planes - ansible.posix.synchronize: + ansible.posix.synchronize: src: /etc/kubernetes/manifests/kube-vip.yaml dest: /etc/kubernetes/manifests/kube-vip.yaml delegate_to: "{{groups['k8s_control_plane'][0]}}" diff --git a/roles/systems/bare_metal/init/tasks/main.yaml b/roles/systems/bare_metal/init/tasks/main.yaml index f6c663e..1ce26ff 100644 --- a/roles/systems/bare_metal/init/tasks/main.yaml +++ b/roles/systems/bare_metal/init/tasks/main.yaml @@ -1,3 +1,4 @@ +--- # Copyright © 2022-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. # SPDX-License-Identifier: Apache-2.0 @@ -17,7 +18,7 @@ state: directory owner: "{{ owner }}" group: "{{ group }}" - mode: 0777 + mode: "0777" ignore_errors: true tags: - install @@ -34,7 +35,7 @@ dest: /tmp/link_devs.sh owner: root group: root - mode: '0700' + mode: "0700" tags: - install diff --git a/roles/systems/common/tasks/main.yaml b/roles/systems/common/tasks/main.yaml index 888cb91..4066c0f 100644 --- a/roles/systems/common/tasks/main.yaml +++ b/roles/systems/common/tasks/main.yaml @@ -34,7 +34,7 @@ - name: Disable and turn off unattended-upgrades ansible.builtin.systemd: name: unattended-upgrades.service - enabled: no + enabled: false state: stopped ignore_errors: true tags: @@ -57,7 +57,7 @@ ansible.builtin.apt: name: unattended-upgrades state: absent - purge: yes + purge: true tags: - install - update @@ -67,11 +67,11 @@ ansible.builtin.package: name: '*' state: latest - update_cache: yes + update_cache: true tags: - install - update - + # TODO: Add code here to support RHEL/CentOS for code # - name: Disable the firewalld # CentOS ONLY # systemd: @@ -88,7 +88,7 @@ # exit 0 # tags: # - install - + # Add SAS Certificates to support SAS Viya - name: Adding SAS certs ansible.builtin.shell: | @@ -130,4 +130,4 @@ when: ansible_distribution == "Ubuntu" and (ansible_distribution_version == "20.04" or ansible_distribution_version == "22.04") tags: - install - - update + - update diff --git a/roles/systems/container_registry/harbor/tasks/main.yaml b/roles/systems/container_registry/harbor/tasks/main.yaml index 4c880ba..6657484 100644 --- a/roles/systems/container_registry/harbor/tasks/main.yaml +++ b/roles/systems/container_registry/harbor/tasks/main.yaml @@ -12,16 +12,16 @@ # Task to Remove existing Docker installations - name: Uninstall old Docker versions - ansible.builtin.package: + ansible.builtin.package: name: "{{ packages }}" state: absent vars: packages: - - docker - - docker-engine - - docker.io - - containerd - - runc + - docker + - docker-engine + - docker.io + - containerd + - runc ignore_errors: true tags: - install @@ -33,11 +33,11 @@ state: present vars: packages: - - apt-transport-https # Also needed for kubeadm tooling - - ca-certificates # Also needed for kubeadm tooling - - curl # Also needed for kubeadm tooling - - gnupg - - lsb-release + - apt-transport-https # Also needed for kubeadm tooling + - ca-certificates # Also needed for kubeadm tooling + - curl # Also needed for kubeadm tooling + - gnupg + - lsb-release tags: - install - update @@ -70,10 +70,10 @@ state: present vars: packages: - - docker-ce - - docker-ce-cli - - docker-compose - - containerd.io + - docker-ce + - docker-ce-cli + - docker-compose + - containerd.io tags: - install - update @@ -101,8 +101,8 @@ ansible.builtin.user: name: "{{ item }}" groups: docker - append: yes - with_items: + append: true + with_items: - devops - ubuntu when: ansible_distribution == "Ubuntu" and (ansible_distribution_version == "20.04" or ansible_distribution_version == "22.04") @@ -114,7 +114,7 @@ - name: Setting up docker to start on boot ansible.builtin.systemd: name: docker.service - enabled: yes + enabled: true tags: - install - update @@ -122,7 +122,7 @@ - name: Setting up containerd to start on boot ansible.builtin.systemd: name: containerd.service - enabled: yes + enabled: true tags: - install - update @@ -169,7 +169,7 @@ - name: Restart systemd ansible.builtin.systemd: - daemon_reload: yes + daemon_reload: true tags: - install - update @@ -178,7 +178,7 @@ ansible.builtin.get_url: url: https://github.com/goharbor/harbor/releases/download/v2.6.0/harbor-offline-installer-v2.6.0.tgz dest: /tmp/harbor-offline-installer-v2.6.0.tgz - mode: '0755' + mode: "0755" tags: - install - update @@ -187,7 +187,7 @@ ansible.builtin.unarchive: src: /tmp/harbor-offline-installer-v2.6.0.tgz dest: /tmp - remote_src: yes + remote_src: true tags: - install - update diff --git a/roles/systems/jump_server/tasks/main.yaml b/roles/systems/jump_server/tasks/main.yaml index e6a1c7f..86e4720 100644 --- a/roles/systems/jump_server/tasks/main.yaml +++ b/roles/systems/jump_server/tasks/main.yaml @@ -16,7 +16,7 @@ tags: - install - update - + - name: Install nfs-common package ansible.builtin.package: name: nfs-common @@ -32,7 +32,7 @@ state: directory owner: "{{ owner }}" group: "{{ group }}" - mode: 0777 + mode: "0777" tags: - install - update @@ -43,7 +43,7 @@ state: directory owner: "{{ owner }}" group: "{{ group }}" - mode: 0777 + mode: "0777" tags: - install - update @@ -92,7 +92,7 @@ path: /viya-share/pvs owner: "{{ owner }}" group: "{{ group }}" - mode: 0777 + mode: "0777" state: directory tags: - install diff --git a/roles/systems/nfs_server/tasks/main.yaml b/roles/systems/nfs_server/tasks/main.yaml index b3c6d8e..4b58949 100644 --- a/roles/systems/nfs_server/tasks/main.yaml +++ b/roles/systems/nfs_server/tasks/main.yaml @@ -22,7 +22,7 @@ state: directory owner: nobody group: nogroup - mode: 0777 + mode: "0777" when: ansible_distribution == "Ubuntu" and (ansible_distribution_version == "20.04" or ansible_distribution_version == "22.04") - name: Test for export mount point @@ -55,7 +55,7 @@ state: directory owner: nobody group: nogroup - mode: 0777 + mode: "0777" when: ansible_distribution == "Ubuntu" and (ansible_distribution_version == "20.04" or ansible_distribution_version == "22.04") - name: Test for export mount point @@ -90,7 +90,7 @@ - name: Start the nfs_kernel_server, portmap, and rpc-statd ansible.builtin.systemd: name: "{{ item }}" - enabled: yes + enabled: true state: restarted with_items: - nfs-server diff --git a/roles/systems/postgres/defaults/main.yaml b/roles/systems/postgres/defaults/main.yaml index cf53ce8..95fa622 100644 --- a/roles/systems/postgres/defaults/main.yaml +++ b/roles/systems/postgres/defaults/main.yaml @@ -1,3 +1,4 @@ +--- # Copyright © 2022-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. # SPDX-License-Identifier: Apache-2.0 diff --git a/roles/systems/postgres/tasks/main.yaml b/roles/systems/postgres/tasks/main.yaml index d5dd179..23e5360 100644 --- a/roles/systems/postgres/tasks/main.yaml +++ b/roles/systems/postgres/tasks/main.yaml @@ -24,12 +24,12 @@ - name: Install postgres ansible.builtin.apt: pkg: - - "postgresql-{{ postgres_server_version }}" - - "postgresql-client-{{ postgres_server_version }}" - - python3-psycopg2 - - acl + - "postgresql-{{ postgres_server_version }}" + - "postgresql-client-{{ postgres_server_version }}" + - python3-psycopg2 + - acl state: present - update_cache: yes + update_cache: true tags: - install - update @@ -108,7 +108,7 @@ owner: root group: root mode: "0644" - remote_src: yes + remote_src: true register: cert_result - name: Copy Ubuntu default SSL Key ansible.builtin.copy: @@ -117,18 +117,18 @@ owner: root group: ssl-cert mode: "0640" - remote_src: yes + remote_src: true register: key_result - name: Fetch SSL Cert ansible.builtin.fetch: src: "{{ cert_result.dest }}" dest: "{{ inventory_dir }}/" - flat: yes + flat: true - name: Fetch SSL Key ansible.builtin.fetch: src: "{{ key_result.dest }}" dest: "{{ inventory_dir }}/" - flat: yes + flat: true - name: Set postgres_server_ssl_cert_file_dest and postgres_server_ssl_key_file_dest ansible.builtin.set_fact: postgres_server_ssl_cert_file_dest: "{{ cert_result.dest }}" @@ -193,7 +193,7 @@ ansible.builtin.systemd: name: postgresql state: restarted - enabled: yes + enabled: true tags: - install - update diff --git a/roles/systems/vsphere/init/tasks/main.yaml b/roles/systems/vsphere/init/tasks/main.yaml index a70788b..56ce12d 100644 --- a/roles/systems/vsphere/init/tasks/main.yaml +++ b/roles/systems/vsphere/init/tasks/main.yaml @@ -16,7 +16,7 @@ tags: - install - update - + - name: Expand Root Partition - growpart ansible.builtin.shell: "growpart /dev/sda {{ partition_number }}" # CentOS - 1 # Ubuntu - 2 register: grow_result @@ -48,7 +48,7 @@ state: directory owner: "{{ owner }}" group: "{{ group }}" - mode: 0777 + mode: "0777" ignore_errors: true tags: - install @@ -65,7 +65,7 @@ dest: /tmp/link_devs.sh owner: root group: root - mode: '0700' + mode: "0700" tags: - install From 399d4d01409df442053d04ab68058a077dcb7f35 Mon Sep 17 00:00:00 2001 From: jarpat Date: Fri, 16 Jun 2023 16:11:47 -0400 Subject: [PATCH 14/30] resolve key-order issues --- roles/kubernetes/common/tasks/main.yaml | 16 +++++++-------- .../loadbalancer/kube_vip/tasks/main.yaml | 6 +++--- .../loadbalancer/metallb/tasks/main.yaml | 6 +++--- .../sas-iac-buildinfo/tasks/main.yaml | 5 +++-- roles/systems/nfs_server/tasks/main.yaml | 10 +++++----- roles/systems/postgres/tasks/main.yaml | 20 +++++++++---------- 6 files changed, 32 insertions(+), 31 deletions(-) diff --git a/roles/kubernetes/common/tasks/main.yaml b/roles/kubernetes/common/tasks/main.yaml index f585734..e1eb2b4 100644 --- a/roles/kubernetes/common/tasks/main.yaml +++ b/roles/kubernetes/common/tasks/main.yaml @@ -39,6 +39,11 @@ - update - name: Enable cgroup v2 # https://rootlesscontaine.rs/getting-started/common/cgroup2/#enabling-cgroup-v2 + vars: + option: systemd.unified_cgroup_hierarchy + value: "1" + tags: + - install block: - name: Retrieve contents of /etc/default/grub ansible.builtin.shell: cat /etc/default/grub @@ -69,13 +74,11 @@ - name: Update GRUB ansible.builtin.command: update-grub - vars: - option: systemd.unified_cgroup_hierarchy - value: "1" - tags: - - install - name: Enable CPU, CPUSET, and I/O delegation for non-root users + tags: + - install + - update block: - name: mkdir for user@.service.d ansible.builtin.file: @@ -88,9 +91,6 @@ content: | [Service] Delegate=cpu cpuset io memory pids - tags: - - install - - update # - name: Disable the firewalld - for RHEL based operating systems # systemd: diff --git a/roles/kubernetes/loadbalancer/kube_vip/tasks/main.yaml b/roles/kubernetes/loadbalancer/kube_vip/tasks/main.yaml index 825a821..aae946e 100644 --- a/roles/kubernetes/loadbalancer/kube_vip/tasks/main.yaml +++ b/roles/kubernetes/loadbalancer/kube_vip/tasks/main.yaml @@ -3,6 +3,9 @@ --- - name: Setting up kube-vip loadbalancer + tags: + - install + - update block: - name: Install kube-vip Cloud Provider ansible.builtin.shell: | @@ -28,6 +31,3 @@ tags: - install - update - tags: - - install - - update diff --git a/roles/kubernetes/loadbalancer/metallb/tasks/main.yaml b/roles/kubernetes/loadbalancer/metallb/tasks/main.yaml index de8a5fc..c7241af 100644 --- a/roles/kubernetes/loadbalancer/metallb/tasks/main.yaml +++ b/roles/kubernetes/loadbalancer/metallb/tasks/main.yaml @@ -10,6 +10,9 @@ # Reference URL : https://docs.ansible.com/ansible/latest/inventory/implicit_localhost.html # - name: Setting up MetalLB loadbalancer + tags: + - install + - update block: - name: Installing metallb kubernetes.core.helm: @@ -53,9 +56,6 @@ tags: - install - update - tags: - - install - - update - name: Remove MetalLB kubernetes.core.helm: diff --git a/roles/kubernetes/sas-iac-buildinfo/tasks/main.yaml b/roles/kubernetes/sas-iac-buildinfo/tasks/main.yaml index 16c361c..533b92e 100644 --- a/roles/kubernetes/sas-iac-buildinfo/tasks/main.yaml +++ b/roles/kubernetes/sas-iac-buildinfo/tasks/main.yaml @@ -13,7 +13,9 @@ # is handled externally and therefore will not # have this code applied. # -- block: +- name: Setting up sas-iac-buildinfo + when: deployment_type == 'vsphere' + block: - name: Register Git HASH information ansible.builtin.shell: | cd "{{ k8s_tool_base }}" @@ -48,4 +50,3 @@ tags: - install - update - when: deployment_type == 'vsphere' diff --git a/roles/systems/nfs_server/tasks/main.yaml b/roles/systems/nfs_server/tasks/main.yaml index 4b58949..5d63d60 100644 --- a/roles/systems/nfs_server/tasks/main.yaml +++ b/roles/systems/nfs_server/tasks/main.yaml @@ -15,6 +15,9 @@ - update - name: Setting up /export nfs mount point + tags: + - install + - update block: - name: Create nfs mount point ansible.builtin.file: @@ -43,11 +46,11 @@ regexp: '^/export' line: /export *(rw,no_root_squash,async,insecure,crossmnt,no_subtree_check) when: exports_file_rc.stdout != "0" + +- name: Setting up /srv/nfs/kubernetes/sc/default nfs mount point tags: - install - update - -- name: Setting up /srv/nfs/kubernetes/sc/default nfs mount point block: - name: Create nfs mount point ansible.builtin.file: @@ -76,9 +79,6 @@ regexp: '^/srv/nfs/kubernetes/sc/default' line: /srv/nfs/kubernetes/sc/default *(rw,no_root_squash,async,insecure,crossmnt,no_subtree_check) when: kubernetes_sc_default_file_rc.stdout != "0" - tags: - - install - - update - name: Export file system ansible.builtin.shell: exportfs -a diff --git a/roles/systems/postgres/tasks/main.yaml b/roles/systems/postgres/tasks/main.yaml index 23e5360..e1b1687 100644 --- a/roles/systems/postgres/tasks/main.yaml +++ b/roles/systems/postgres/tasks/main.yaml @@ -70,6 +70,13 @@ - update - name: Copy user supplied cert and key to Postgres host + when: + - ansible_distribution == "Ubuntu" and (ansible_distribution_version == "20.04" or ansible_distribution_version == "22.04") + - postgres_server_ssl|lower == "on" + - (postgres_server_ssl_cert_file|length > 0) and (postgres_server_ssl_key_file|length > 0) + tags: + - install + - update block: - name: Add user supplied SSL Cert ansible.builtin.copy: @@ -91,15 +98,15 @@ ansible.builtin.set_fact: postgres_server_ssl_cert_file_dest: "{{ cert_result.dest }}" postgres_server_ssl_key_file_dest: "{{ key_result.dest }}" + +- name: Create copy of Ubuntu default cert and key when: - ansible_distribution == "Ubuntu" and (ansible_distribution_version == "20.04" or ansible_distribution_version == "22.04") - postgres_server_ssl|lower == "on" - - (postgres_server_ssl_cert_file|length > 0) and (postgres_server_ssl_key_file|length > 0) + - (postgres_server_ssl_cert_file|length == 0) and (postgres_server_ssl_key_file|length == 0) tags: - install - update - -- name: Create copy of Ubuntu default cert and key block: - name: Copy Ubuntu default SSL Cert ansible.builtin.copy: @@ -133,13 +140,6 @@ ansible.builtin.set_fact: postgres_server_ssl_cert_file_dest: "{{ cert_result.dest }}" postgres_server_ssl_key_file_dest: "{{ key_result.dest }}" - when: - - ansible_distribution == "Ubuntu" and (ansible_distribution_version == "20.04" or ansible_distribution_version == "22.04") - - postgres_server_ssl|lower == "on" - - (postgres_server_ssl_cert_file|length == 0) and (postgres_server_ssl_key_file|length == 0) - tags: - - install - - update - name: Alter postgresql.conf - Update ssl ansible.builtin.lineinfile: From 8a4b062cf043c693286eedaf9370a62afefdb1a6 Mon Sep 17 00:00:00 2001 From: jarpat Date: Fri, 16 Jun 2023 16:23:53 -0400 Subject: [PATCH 15/30] block spacing --- linting-configs/.ansible-lint | 9 ++++++--- roles/kubernetes/common/tasks/main.yaml | 22 +++++++++++----------- 2 files changed, 17 insertions(+), 14 deletions(-) diff --git a/linting-configs/.ansible-lint b/linting-configs/.ansible-lint index 17a52eb..6173459 100644 --- a/linting-configs/.ansible-lint +++ b/linting-configs/.ansible-lint @@ -17,11 +17,14 @@ use_default_rules: true skip_list: - role-name # roles are dynamically selected based on user's choice so we do need to use paths - yaml[line-length] # It's easier to understand/debug the underlying command when it's not broken up, excessively long lines that make sense to split up should be caught during code review, + - command-instead-of-shell # TODO REMOVE ME + - command-instead-of-module # TODO REMOVE ME - # - command-instead-of-shell - # - command-instead-of-module -# - name[play] # some of our plays are dynamic so a static name would not work TODO +# Ansible-lint does not fail on warnings from the rules or tags listed below +warn_list: + - command-instead-of-shell # shell should only be used when necessary, swap to command TODO + - command-instead-of-module # there are some cases where command calls could be replaced with modules TODO # Ansible-lint does not automatically load rules that have the 'opt-in' tag. # You must enable opt-in rules by listing each rule 'id' below. diff --git a/roles/kubernetes/common/tasks/main.yaml b/roles/kubernetes/common/tasks/main.yaml index e1eb2b4..1dac66b 100644 --- a/roles/kubernetes/common/tasks/main.yaml +++ b/roles/kubernetes/common/tasks/main.yaml @@ -80,17 +80,17 @@ - install - update block: - - name: mkdir for user@.service.d - ansible.builtin.file: - path: /etc/systemd/system/user@.service.d - state: directory - mode: '0755' - - name: Adding delegation - ansible.builtin.copy: - dest: /etc/systemd/system/user@.service.d/delegate.conf - content: | - [Service] - Delegate=cpu cpuset io memory pids + - name: mkdir for user@.service.d + ansible.builtin.file: + path: /etc/systemd/system/user@.service.d + state: directory + mode: '0755' + - name: Adding delegation + ansible.builtin.copy: + dest: /etc/systemd/system/user@.service.d/delegate.conf + content: | + [Service] + Delegate=cpu cpuset io memory pids # - name: Disable the firewalld - for RHEL based operating systems # systemd: From afe6411638b40a016d663ec76f00eb48dc5d962f Mon Sep 17 00:00:00 2001 From: jarpat Date: Mon, 19 Jun 2023 10:28:01 -0400 Subject: [PATCH 16/30] clear trailing spaces --- roles/kubernetes/control_plane/init/primary/tasks/main.yaml | 2 +- roles/kubernetes/cri/containerd/tasks/main.yaml | 4 ++-- roles/kubernetes/cri/cri-o/tasks/main.yaml | 2 +- roles/kubernetes/cri/docker/tasks/main.yaml | 2 +- roles/kubernetes/loadbalancer/metallb/tasks/main.yaml | 2 +- roles/kubernetes/node/labels_taints/tasks/labels.yaml | 2 +- roles/kubernetes/node/labels_taints/tasks/taints.yaml | 2 +- roles/systems/container_registry/harbor/tasks/main.yaml | 2 +- roles/systems/postgres/tasks/main.yaml | 2 +- 9 files changed, 10 insertions(+), 10 deletions(-) diff --git a/roles/kubernetes/control_plane/init/primary/tasks/main.yaml b/roles/kubernetes/control_plane/init/primary/tasks/main.yaml index be68ce4..9eecf3e 100644 --- a/roles/kubernetes/control_plane/init/primary/tasks/main.yaml +++ b/roles/kubernetes/control_plane/init/primary/tasks/main.yaml @@ -14,7 +14,7 @@ - update # TODO: pod-network-cidr can conflict locally check with IT to ensure correct range. -- name: kubeadm init +- name: kubeadm init ansible.builtin.command: kubeadm init --config /etc/kubernetes/kubeadm-config.yaml --upload-certs tags: - install diff --git a/roles/kubernetes/cri/containerd/tasks/main.yaml b/roles/kubernetes/cri/containerd/tasks/main.yaml index 200e48f..fde8e06 100644 --- a/roles/kubernetes/cri/containerd/tasks/main.yaml +++ b/roles/kubernetes/cri/containerd/tasks/main.yaml @@ -43,7 +43,7 @@ - install - update -# +# # containerd - https://kubernetes.io/docs/setup/production-environment/container-runtimes/#containerd # - name: Add module load file for containerd @@ -168,7 +168,7 @@ # path: /etc/containerd/config.toml # regexp: '(^\[metrics\][\s\S]*)\[plugins\]' # replace: |- -# [metrics] +# [metrics] # address = "0.0.0.0:10257" # grpc_histogram = true diff --git a/roles/kubernetes/cri/cri-o/tasks/main.yaml b/roles/kubernetes/cri/cri-o/tasks/main.yaml index c0ebdbd..a67d89b 100644 --- a/roles/kubernetes/cri/cri-o/tasks/main.yaml +++ b/roles/kubernetes/cri/cri-o/tasks/main.yaml @@ -78,7 +78,7 @@ - install - update -# +# # cri-o - https://kubernetes.io/docs/setup/production-environment/container-runtimes/#cri-o # - name: Add module load file for cri-o diff --git a/roles/kubernetes/cri/docker/tasks/main.yaml b/roles/kubernetes/cri/docker/tasks/main.yaml index 0b5c462..c9d298d 100644 --- a/roles/kubernetes/cri/docker/tasks/main.yaml +++ b/roles/kubernetes/cri/docker/tasks/main.yaml @@ -122,7 +122,7 @@ - install - update -# +# # containerd - https://kubernetes.io/docs/setup/production-environment/container-runtimes/#containerd # - name: Add module load file for containerd diff --git a/roles/kubernetes/loadbalancer/metallb/tasks/main.yaml b/roles/kubernetes/loadbalancer/metallb/tasks/main.yaml index c7241af..502c4bb 100644 --- a/roles/kubernetes/loadbalancer/metallb/tasks/main.yaml +++ b/roles/kubernetes/loadbalancer/metallb/tasks/main.yaml @@ -37,7 +37,7 @@ - metallb-ip-ap tags: - install - - update + - update - name: Create MetalLB IPAddressPool file ansible.builtin.template: diff --git a/roles/kubernetes/node/labels_taints/tasks/labels.yaml b/roles/kubernetes/node/labels_taints/tasks/labels.yaml index 66cbe54..9a99ade 100644 --- a/roles/kubernetes/node/labels_taints/tasks/labels.yaml +++ b/roles/kubernetes/node/labels_taints/tasks/labels.yaml @@ -4,7 +4,7 @@ --- - name: Applying labels ansible.builtin.shell: | - kubectl label nodes {{ ansible_hostname }} {{ label }} --overwrite + kubectl label nodes {{ ansible_hostname }} {{ label }} --overwrite with_items: "{{ labels }}" loop_control: loop_var: label diff --git a/roles/kubernetes/node/labels_taints/tasks/taints.yaml b/roles/kubernetes/node/labels_taints/tasks/taints.yaml index 660175c..c423d83 100644 --- a/roles/kubernetes/node/labels_taints/tasks/taints.yaml +++ b/roles/kubernetes/node/labels_taints/tasks/taints.yaml @@ -4,7 +4,7 @@ --- - name: Applying taints ansible.builtin.shell: | - kubectl taint nodes {{ ansible_hostname }} {{ taint }} --overwrite + kubectl taint nodes {{ ansible_hostname }} {{ taint }} --overwrite with_items: "{{ taints }}" loop_control: loop_var: taint diff --git a/roles/systems/container_registry/harbor/tasks/main.yaml b/roles/systems/container_registry/harbor/tasks/main.yaml index 6657484..3733613 100644 --- a/roles/systems/container_registry/harbor/tasks/main.yaml +++ b/roles/systems/container_registry/harbor/tasks/main.yaml @@ -127,7 +127,7 @@ - install - update -# +# # containerd - https://kubernetes.io/docs/setup/production-environment/container-runtimes/#containerd # - name: Add module load file for containerd diff --git a/roles/systems/postgres/tasks/main.yaml b/roles/systems/postgres/tasks/main.yaml index e1b1687..36aa326 100644 --- a/roles/systems/postgres/tasks/main.yaml +++ b/roles/systems/postgres/tasks/main.yaml @@ -58,7 +58,7 @@ - name: Postgres SSL with user supplied cert and key - verify both defined ansible.builtin.fail: - msg: "User has set postgres_server_ssl to on, but has only defined one of 'postgres_server_ssl_cert_file, + msg: "User has set postgres_server_ssl to on, but has only defined one of 'postgres_server_ssl_cert_file, postgres_server_ssl_key_file'. Ensure that both these variables are set, or remove both of them from your inventory file to use the Ubuntu system default cert and key files." when: From a365a680c6c8b0647277bbcc2dc4b0c6d1653adf Mon Sep 17 00:00:00 2001 From: jarpat Date: Mon, 19 Jun 2023 10:39:44 -0400 Subject: [PATCH 17/30] give plays names --- playbooks/kubernetes-install.yaml | 13 +++++++++++++ playbooks/kubernetes-uninstall.yaml | 3 +++ playbooks/systems-install.yaml | 7 +++++++ 3 files changed, 23 insertions(+) diff --git a/playbooks/kubernetes-install.yaml b/playbooks/kubernetes-install.yaml index e112549..1697b8e 100644 --- a/playbooks/kubernetes-install.yaml +++ b/playbooks/kubernetes-install.yaml @@ -9,6 +9,7 @@ # All systems - hosts: all + name: Kubernetes Setup - Common become: true become_user: root roles: @@ -16,6 +17,7 @@ # All kubernetes nodes - hosts: k8s + name: Kubernetes Setup - Nodes become: true become_user: root roles: @@ -24,6 +26,7 @@ # Primary control plane node - hosts: k8s_control_plane[0] + name: Kubernetes Setup - Primary Control Plane Node become: true become_user: root roles: @@ -33,11 +36,13 @@ # Secure kubernetes items - hosts: localhost + name: Kubernetes Setup - Kubeconfig roles: - { role: kubernetes/misc } # Secondary control plane nodes - hosts: k8s_control_plane[1:] + name: Kubernetes Setup - Secondary Control Plane Nodes become: true become_user: root roles: @@ -46,6 +51,7 @@ # Compute nodes - hosts: k8s_node + name: Kubernetes Setup - Compute Nodes become: true become_user: root roles: @@ -54,6 +60,7 @@ # Kubernetes loadbalancer - hosts: k8s_control_plane[0] + name: Kubernetes Setup - Load Balancer become: true become_user: root roles: @@ -61,6 +68,7 @@ # Label/Taint Kubernetes nodes - hosts: k8s + name: Kubernetes Setup - Labels and Taints become: true become_user: root roles: @@ -68,6 +76,7 @@ # Alter PostgreSQL server and add PostgreSQL databases - hosts: postgres + name: Postgres Setup - Configuration become: true become_user: postgres roles: @@ -76,6 +85,7 @@ # Restart PostgreSQL server - hosts: postgres + name: Postgres Setup - Restart become: true become_user: root roles: @@ -83,16 +93,19 @@ # Setup default storage class for cluster - hosts: localhost + name: Default Storage Class Setup roles: - { role: kubernetes/storage/sig-storage-local-static-provisioner } - { role: kubernetes/storage/nfs-subdir-external-provisioner } # Setup metrics-server for cluster - hosts: localhost + name: Metrics Server Setup roles: - { role: kubernetes/metrics/metrics-server } # Misc cluster related items - hosts: localhost + name: Setup - Misc roles: - { role: kubernetes/sas-iac-buildinfo } diff --git a/playbooks/kubernetes-uninstall.yaml b/playbooks/kubernetes-uninstall.yaml index 07c8243..3051f31 100644 --- a/playbooks/kubernetes-uninstall.yaml +++ b/playbooks/kubernetes-uninstall.yaml @@ -4,6 +4,7 @@ --- # Compute nodes - hosts: k8s_node + name: Kubernetes Uninstall - Compute Nodes become: true become_user: root serial: 1 @@ -12,6 +13,7 @@ # Control plane - hosts: k8s_control_plane + name: Kubernetes Uninstall - Control Plane become: true become_user: root roles: @@ -19,6 +21,7 @@ # Clean up toolbox items - hosts: k8s + name: Kubernetes Uninstall - Toolbox Items become: true become_user: root roles: diff --git a/playbooks/systems-install.yaml b/playbooks/systems-install.yaml index 5a1f81c..a1b2f4e 100644 --- a/playbooks/systems-install.yaml +++ b/playbooks/systems-install.yaml @@ -4,6 +4,7 @@ --- # Tasks that run on all nodes for initialization and common tasks - hosts: all + name: Systems Install - Common become: true become_user: root roles: @@ -12,6 +13,7 @@ # NFS Server - hosts: nfs + name: System Install - NFS Server become: true become_user: root roles: @@ -19,6 +21,7 @@ # Jump Server - hosts: jump + name: System Install - Jump Server become: true become_user: root roles: @@ -26,6 +29,7 @@ # Postgres Server - hosts: postgres + name: System Install - Postgres Server become: true become_user: root roles: @@ -33,6 +37,7 @@ # Container Registry Server - hosts: cr + name: System Install - CR become: true become_user: root roles: @@ -40,6 +45,7 @@ # Kubernetes - Control Plane - hosts: k8s_control_plane + name: System Install - Control Plane become: true become_user: root roles: @@ -47,6 +53,7 @@ # Kubernetes - Compute nodes - hosts: k8s_node + name: System Install - Compute Nodes become: true become_user: root roles: From 6ef28c63f679eac9f34094111215de4926034db3 Mon Sep 17 00:00:00 2001 From: jarpat Date: Mon, 19 Jun 2023 11:04:04 -0400 Subject: [PATCH 18/30] jinja formatting --- roles/kubernetes/control_plane/init/secondary/tasks/main.yaml | 4 ++-- roles/kubernetes/cri/containerd/tasks/main.yaml | 2 +- roles/kubernetes/cri/cri-o/tasks/main.yaml | 2 +- .../database/postgres/alter_server_settings/tasks/main.yaml | 2 +- roles/kubernetes/node/init/tasks/main.yaml | 2 +- roles/kubernetes/node/labels_taints/roles/tasks/main.yaml | 2 +- roles/kubernetes/node/labels_taints/system/tasks/main.yaml | 2 +- roles/kubernetes/node/labels_taints/tasks/labels.yaml | 2 +- roles/kubernetes/node/labels_taints/tasks/taints.yaml | 2 +- roles/kubernetes/node/removal/tasks/main.yaml | 4 ++-- roles/kubernetes/vip/secondary/tasks/main.yaml | 2 +- 11 files changed, 13 insertions(+), 13 deletions(-) diff --git a/roles/kubernetes/control_plane/init/secondary/tasks/main.yaml b/roles/kubernetes/control_plane/init/secondary/tasks/main.yaml index db13525..cbceb0d 100644 --- a/roles/kubernetes/control_plane/init/secondary/tasks/main.yaml +++ b/roles/kubernetes/control_plane/init/secondary/tasks/main.yaml @@ -20,7 +20,7 @@ ansible.posix.synchronize: src: /etc/kubernetes/pki/{{ item }} dest: /etc/kubernetes/pki/{{ item }} - delegate_to: "{{groups['k8s_control_plane'][0]}}" + delegate_to: "{{ groups['k8s_control_plane'][0] }}" with_items: - ca.crt - ca.key @@ -36,7 +36,7 @@ - name: Generate control plane join command ansible.builtin.shell: kubeadm token create --print-join-command register: kubeadm_join_cmd - delegate_to: "{{groups['k8s_control_plane'][0]}}" + delegate_to: "{{ groups['k8s_control_plane'][0] }}" tags: - install diff --git a/roles/kubernetes/cri/containerd/tasks/main.yaml b/roles/kubernetes/cri/containerd/tasks/main.yaml index fde8e06..e1786dd 100644 --- a/roles/kubernetes/cri/containerd/tasks/main.yaml +++ b/roles/kubernetes/cri/containerd/tasks/main.yaml @@ -116,7 +116,7 @@ state: present vars: packages: - - "containerd.io{% if kubernetes_cri_version is defined and kubernetes_cri_version %}={{kubernetes_cri_version}}{{kubernetes_cri_deb_rev}}{%endif%}" + - "containerd.io{% if kubernetes_cri_version is defined and kubernetes_cri_version %}={{ kubernetes_cri_version }}{{ kubernetes_cri_deb_rev }}{%endif %}" when: ansible_distribution == "Ubuntu" and (ansible_distribution_version == "20.04" or ansible_distribution_version == "22.04") tags: - install diff --git a/roles/kubernetes/cri/cri-o/tasks/main.yaml b/roles/kubernetes/cri/cri-o/tasks/main.yaml index a67d89b..7301220 100644 --- a/roles/kubernetes/cri/cri-o/tasks/main.yaml +++ b/roles/kubernetes/cri/cri-o/tasks/main.yaml @@ -57,7 +57,7 @@ - name: Installing the cri-o libcontainers-crio-archive-keyring key ansible.builtin.apt_key: - url: https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable:/cri-o:/{{ k8s_major_version}}.{{ k8s_minor_version }}/{{ os }}/Release.key + url: https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable:/cri-o:/{{ k8s_major_version }}.{{ k8s_minor_version }}/{{ os }}/Release.key keyring: /usr/share/keyrings/libcontainers-crio-archive-keyring.gpg state: present when: ansible_distribution == "Ubuntu" and (ansible_distribution_version == "20.04" or ansible_distribution_version == "22.04") diff --git a/roles/kubernetes/database/postgres/alter_server_settings/tasks/main.yaml b/roles/kubernetes/database/postgres/alter_server_settings/tasks/main.yaml index c0ba285..bb02c25 100644 --- a/roles/kubernetes/database/postgres/alter_server_settings/tasks/main.yaml +++ b/roles/kubernetes/database/postgres/alter_server_settings/tasks/main.yaml @@ -13,7 +13,7 @@ # but noting that is an experimental feature - name: Update PostgreSQL server settings script ansible.builtin.shell: | - echo 'ALTER SYSTEM SET {{ item | replace("postgres_system_setting_","") }} = {{ vars[item] }};' >> /tmp/postgres_system.psql + echo 'ALTER SYSTEM SET {{ item | replace("postgres_system_setting_", "") }} = {{ vars[item] }};' >> /tmp/postgres_system.psql with_items: "{{ lookup('ansible.builtin.varnames', '^postgres_system_setting_.+', wantlist=True) }}" tags: - install diff --git a/roles/kubernetes/node/init/tasks/main.yaml b/roles/kubernetes/node/init/tasks/main.yaml index 2b99d01..64927dd 100644 --- a/roles/kubernetes/node/init/tasks/main.yaml +++ b/roles/kubernetes/node/init/tasks/main.yaml @@ -5,7 +5,7 @@ - name: Generate compute node join command ansible.builtin.shell: kubeadm token create --print-join-command register: kubeadm_join_cmd - delegate_to: "{{groups['k8s_control_plane'][0]}}" + delegate_to: "{{ groups['k8s_control_plane'][0] }}" tags: - install diff --git a/roles/kubernetes/node/labels_taints/roles/tasks/main.yaml b/roles/kubernetes/node/labels_taints/roles/tasks/main.yaml index 1dedf2c..a0fe7d8 100644 --- a/roles/kubernetes/node/labels_taints/roles/tasks/main.yaml +++ b/roles/kubernetes/node/labels_taints/roles/tasks/main.yaml @@ -5,7 +5,7 @@ - name: Label/Taints for cluster nodes ansible.builtin.shell: | kubectl label nodes {{ ansible_hostname }} node-role.kubernetes.io/node= --overwrite - delegate_to: "{{groups['k8s_control_plane'][0]}}" + delegate_to: "{{ groups['k8s_control_plane'][0] }}" tags: - install - update diff --git a/roles/kubernetes/node/labels_taints/system/tasks/main.yaml b/roles/kubernetes/node/labels_taints/system/tasks/main.yaml index 5bff056..3a3dc81 100644 --- a/roles/kubernetes/node/labels_taints/system/tasks/main.yaml +++ b/roles/kubernetes/node/labels_taints/system/tasks/main.yaml @@ -6,7 +6,7 @@ ansible.builtin.shell: | kubectl label nodes {{ ansible_hostname }} kubernetes.azure.com/mode=system --overwrite kubectl label nodes {{ ansible_hostname }} node-role.kubernetes.io/system-node= --overwrite - delegate_to: "{{groups['k8s_control_plane'][0]}}" + delegate_to: "{{ groups['k8s_control_plane'][0] }}" tags: - install - update diff --git a/roles/kubernetes/node/labels_taints/tasks/labels.yaml b/roles/kubernetes/node/labels_taints/tasks/labels.yaml index 9a99ade..3954464 100644 --- a/roles/kubernetes/node/labels_taints/tasks/labels.yaml +++ b/roles/kubernetes/node/labels_taints/tasks/labels.yaml @@ -8,7 +8,7 @@ with_items: "{{ labels }}" loop_control: loop_var: label - delegate_to: "{{groups['k8s_control_plane'][0]}}" + delegate_to: "{{ groups['k8s_control_plane'][0] }}" tags: - install - update diff --git a/roles/kubernetes/node/labels_taints/tasks/taints.yaml b/roles/kubernetes/node/labels_taints/tasks/taints.yaml index c423d83..48f778e 100644 --- a/roles/kubernetes/node/labels_taints/tasks/taints.yaml +++ b/roles/kubernetes/node/labels_taints/tasks/taints.yaml @@ -8,7 +8,7 @@ with_items: "{{ taints }}" loop_control: loop_var: taint - delegate_to: "{{groups['k8s_control_plane'][0]}}" + delegate_to: "{{ groups['k8s_control_plane'][0] }}" tags: - install - update diff --git a/roles/kubernetes/node/removal/tasks/main.yaml b/roles/kubernetes/node/removal/tasks/main.yaml index 15d9e98..2747cd9 100644 --- a/roles/kubernetes/node/removal/tasks/main.yaml +++ b/roles/kubernetes/node/removal/tasks/main.yaml @@ -5,7 +5,7 @@ - name: Draining the node ansible.builtin.shell: | kubectl drain {{ ansible_hostname }} --delete-emptydir-data --force --ignore-daemonsets - delegate_to: "{{groups['k8s_control_plane'][0]}}" + delegate_to: "{{ groups['k8s_control_plane'][0] }}" ignore_errors: true tags: - uninstall @@ -26,7 +26,7 @@ - name: Remove the node ansible.builtin.shell: | kubectl delete nodes {{ ansible_hostname }} - delegate_to: "{{groups['k8s_control_plane'][0]}}" + delegate_to: "{{ groups['k8s_control_plane'][0] }}" ignore_errors: true tags: - uninstall diff --git a/roles/kubernetes/vip/secondary/tasks/main.yaml b/roles/kubernetes/vip/secondary/tasks/main.yaml index 52d8a8f..bc8f2e0 100644 --- a/roles/kubernetes/vip/secondary/tasks/main.yaml +++ b/roles/kubernetes/vip/secondary/tasks/main.yaml @@ -6,6 +6,6 @@ ansible.posix.synchronize: src: /etc/kubernetes/manifests/kube-vip.yaml dest: /etc/kubernetes/manifests/kube-vip.yaml - delegate_to: "{{groups['k8s_control_plane'][0]}}" + delegate_to: "{{ groups['k8s_control_plane'][0] }}" tags: - install From efe6cb7d08c29a62022c09967990d4bff23e01d7 Mon Sep 17 00:00:00 2001 From: jarpat Date: Mon, 19 Jun 2023 12:09:27 -0400 Subject: [PATCH 19/30] spacing and task name cap --- roles/kubernetes/common/tasks/main.yaml | 2 +- roles/kubernetes/control_plane/init/primary/tasks/main.yaml | 2 +- roles/kubernetes/cri/containerd/tasks/main.yaml | 4 ++-- roles/kubernetes/cri/cri-o/tasks/main.yaml | 4 ++-- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/roles/kubernetes/common/tasks/main.yaml b/roles/kubernetes/common/tasks/main.yaml index 1dac66b..26974fd 100644 --- a/roles/kubernetes/common/tasks/main.yaml +++ b/roles/kubernetes/common/tasks/main.yaml @@ -80,7 +80,7 @@ - install - update block: - - name: mkdir for user@.service.d + - name: Run mkdir for user@.service.d ansible.builtin.file: path: /etc/systemd/system/user@.service.d state: directory diff --git a/roles/kubernetes/control_plane/init/primary/tasks/main.yaml b/roles/kubernetes/control_plane/init/primary/tasks/main.yaml index 9eecf3e..b9ede3f 100644 --- a/roles/kubernetes/control_plane/init/primary/tasks/main.yaml +++ b/roles/kubernetes/control_plane/init/primary/tasks/main.yaml @@ -14,7 +14,7 @@ - update # TODO: pod-network-cidr can conflict locally check with IT to ensure correct range. -- name: kubeadm init +- name: Run kubeadm init ansible.builtin.command: kubeadm init --config /etc/kubernetes/kubeadm-config.yaml --upload-certs tags: - install diff --git a/roles/kubernetes/cri/containerd/tasks/main.yaml b/roles/kubernetes/cri/containerd/tasks/main.yaml index e1786dd..cbe3da3 100644 --- a/roles/kubernetes/cri/containerd/tasks/main.yaml +++ b/roles/kubernetes/cri/containerd/tasks/main.yaml @@ -102,7 +102,7 @@ - install - update -- name: set containerd.io package debian revision if not specified +- name: Set containerd.io package debian revision if not specified set_fact: kubernetes_cri_deb_rev: "-*" when: kubernetes_cri_version | regex_search("^(\d+\.)(\d+\.)(\d+)$") @@ -116,7 +116,7 @@ state: present vars: packages: - - "containerd.io{% if kubernetes_cri_version is defined and kubernetes_cri_version %}={{ kubernetes_cri_version }}{{ kubernetes_cri_deb_rev }}{%endif %}" + - "containerd.io{% if kubernetes_cri_version is defined and kubernetes_cri_version %}={{ kubernetes_cri_version }}{{ kubernetes_cri_deb_rev }}{%endif %}" when: ansible_distribution == "Ubuntu" and (ansible_distribution_version == "20.04" or ansible_distribution_version == "22.04") tags: - install diff --git a/roles/kubernetes/cri/cri-o/tasks/main.yaml b/roles/kubernetes/cri/cri-o/tasks/main.yaml index 7301220..81b9174 100644 --- a/roles/kubernetes/cri/cri-o/tasks/main.yaml +++ b/roles/kubernetes/cri/cri-o/tasks/main.yaml @@ -71,8 +71,8 @@ repo: "{{ item }}" state: present with_items: - - deb [signed-by=/usr/share/keyrings/libcontainers-archive-keyring.gpg] https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/{{ os }}/ / - - deb [signed-by=/usr/share/keyrings/libcontainers-crio-archive-keyring.gpg] https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable:/cri-o:/{{ k8s_major_version }}.{{ k8s_minor_version }}/{{ os }}/ / + - deb [signed-by=/usr/share/keyrings/libcontainers-archive-keyring.gpg] https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/{{ os }}/ / + - deb [signed-by=/usr/share/keyrings/libcontainers-crio-archive-keyring.gpg] https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable:/cri-o:/{{ k8s_major_version }}.{{ k8s_minor_version }}/{{ os }}/ / when: ansible_distribution == "Ubuntu" and (ansible_distribution_version == "20.04" or ansible_distribution_version == "22.04") tags: - install From c3a368bf66559ecb7394ce722c512a5aad1860df Mon Sep 17 00:00:00 2001 From: jarpat Date: Mon, 19 Jun 2023 12:17:24 -0400 Subject: [PATCH 20/30] linting config update --- .github/workflows/linter-analysis.yaml | 5 +++++ linting-configs/.ansible-lint | 4 +--- linting-configs/.ansible-lint-ignore | 16 ++++++++++++++++ 3 files changed, 22 insertions(+), 3 deletions(-) create mode 100644 linting-configs/.ansible-lint-ignore diff --git a/.github/workflows/linter-analysis.yaml b/.github/workflows/linter-analysis.yaml index c01d415..1e72a21 100644 --- a/.github/workflows/linter-analysis.yaml +++ b/.github/workflows/linter-analysis.yaml @@ -74,6 +74,11 @@ jobs: - name: Copy Config to Parent Level Directory run: cp $(pwd)/linting-configs/.ansible-lint . + # The ansible/ansible-lint-action only loads + # ignore file from the current directory + - name: Copy Config to Parent Level Directory + run: cp $(pwd)/linting-configs/.ansible-lint-ignore . + # ansible-lint does not seem to recognize the .yaml # extension for the requirements file and it is not # configurable diff --git a/linting-configs/.ansible-lint b/linting-configs/.ansible-lint index 6173459..c09c261 100644 --- a/linting-configs/.ansible-lint +++ b/linting-configs/.ansible-lint @@ -17,14 +17,12 @@ use_default_rules: true skip_list: - role-name # roles are dynamically selected based on user's choice so we do need to use paths - yaml[line-length] # It's easier to understand/debug the underlying command when it's not broken up, excessively long lines that make sense to split up should be caught during code review, - - command-instead-of-shell # TODO REMOVE ME - - command-instead-of-module # TODO REMOVE ME - # Ansible-lint does not fail on warnings from the rules or tags listed below warn_list: - command-instead-of-shell # shell should only be used when necessary, swap to command TODO - command-instead-of-module # there are some cases where command calls could be replaced with modules TODO + - deprecated-module # In future look for suitable replacement TODO # Ansible-lint does not automatically load rules that have the 'opt-in' tag. # You must enable opt-in rules by listing each rule 'id' below. diff --git a/linting-configs/.ansible-lint-ignore b/linting-configs/.ansible-lint-ignore new file mode 100644 index 0000000..5e37927 --- /dev/null +++ b/linting-configs/.ansible-lint-ignore @@ -0,0 +1,16 @@ +# This file contains ignores rule violations for ansible-lint in specific files + +examples/bare-metal/sample-ansible-vars.yaml yaml[colons] # purposely spaced for doc purposes +roles/kubernetes/common/tasks/main.yaml name[template] # task name is being templated, this can be ignored + + + + + + + + + + + + From 0f3f0c099903e61191bb9f3a54992da19b98e8c9 Mon Sep 17 00:00:00 2001 From: jarpat Date: Mon, 19 Jun 2023 12:24:44 -0400 Subject: [PATCH 21/30] linting config update --- linting-configs/.ansible-lint | 6 ------ linting-configs/.ansible-lint-ignore | 23 +++++++++++++---------- 2 files changed, 13 insertions(+), 16 deletions(-) diff --git a/linting-configs/.ansible-lint b/linting-configs/.ansible-lint index c09c261..08a0afe 100644 --- a/linting-configs/.ansible-lint +++ b/linting-configs/.ansible-lint @@ -18,12 +18,6 @@ skip_list: - role-name # roles are dynamically selected based on user's choice so we do need to use paths - yaml[line-length] # It's easier to understand/debug the underlying command when it's not broken up, excessively long lines that make sense to split up should be caught during code review, -# Ansible-lint does not fail on warnings from the rules or tags listed below -warn_list: - - command-instead-of-shell # shell should only be used when necessary, swap to command TODO - - command-instead-of-module # there are some cases where command calls could be replaced with modules TODO - - deprecated-module # In future look for suitable replacement TODO - # Ansible-lint does not automatically load rules that have the 'opt-in' tag. # You must enable opt-in rules by listing each rule 'id' below. enable_list: diff --git a/linting-configs/.ansible-lint-ignore b/linting-configs/.ansible-lint-ignore index 5e37927..165c576 100644 --- a/linting-configs/.ansible-lint-ignore +++ b/linting-configs/.ansible-lint-ignore @@ -1,16 +1,19 @@ # This file contains ignores rule violations for ansible-lint in specific files -examples/bare-metal/sample-ansible-vars.yaml yaml[colons] # purposely spaced for doc purposes -roles/kubernetes/common/tasks/main.yaml name[template] # task name is being templated, this can be ignored - - - - - - - - +examples/bare-metal/sample-ansible-vars.yaml yaml[colons] # purposely spaced for doc purposes +roles/kubernetes/common/tasks/main.yaml name[template] # task name is being templated, this can be ignored +roles/kubernetes/common/tasks/main.yaml command-instead-of-shell # shell should only be used when necessary, swap to command TODO future update requires functionality change +roles/kubernetes/control_plane/init/secondary/tasks/main.yaml command-instead-of-shell +roles/kubernetes/node/init/tasks/main.yaml command-instead-of-shell +roles/systems/control_plane/tasks/main.yaml command-instead-of-shell +roles/systems/jump_server/tasks/main.yaml command-instead-of-shell +roles/systems/nfs_server/tasks/main.yaml command-instead-of-shell +roles/systems/vsphere/init/tasks/main.yaml command-instead-of-shell +roles/systems/common/tasks/main.yaml command-instead-of-module # there are some cases where command calls could be replaced with modules TODO future update requires functionality change +roles/systems/jump_server/tasks/main.yaml command-instead-of-module +roles/kubernetes/common/tasks/main.yaml command-instead-of-module +roles/kubernetes/node/labels_taints/tasks/main.yaml deprecated-module # In future look for suitable replacement TODO future update requires functionality change \ No newline at end of file From e100f89d1ba7ee8170980ddc25775279f2f18a6d Mon Sep 17 00:00:00 2001 From: jarpat Date: Mon, 19 Jun 2023 12:29:25 -0400 Subject: [PATCH 22/30] add file exclusion --- linting-configs/.ansible-lint | 6 ++++++ linting-configs/.ansible-lint-ignore | 3 --- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/linting-configs/.ansible-lint b/linting-configs/.ansible-lint index 08a0afe..582eae8 100644 --- a/linting-configs/.ansible-lint +++ b/linting-configs/.ansible-lint @@ -27,6 +27,12 @@ enable_list: - no-same-owner - yaml +# exclude_paths included in this file are parsed relative to this file's location +# and not relative to the CWD of execution. CLI arguments passed to the --exclude +# option are parsed relative to the CWD of execution. +exclude_paths: + - examples/bare-metal/sample-ansible-vars.yaml # ignore this file, spacing is done for doc purposes + # Offline mode disables installation of requirements.yml and schema refreshing offline: false diff --git a/linting-configs/.ansible-lint-ignore b/linting-configs/.ansible-lint-ignore index 165c576..70f09d8 100644 --- a/linting-configs/.ansible-lint-ignore +++ b/linting-configs/.ansible-lint-ignore @@ -1,7 +1,4 @@ # This file contains ignores rule violations for ansible-lint in specific files - -examples/bare-metal/sample-ansible-vars.yaml yaml[colons] # purposely spaced for doc purposes - roles/kubernetes/common/tasks/main.yaml name[template] # task name is being templated, this can be ignored roles/kubernetes/common/tasks/main.yaml command-instead-of-shell # shell should only be used when necessary, swap to command TODO future update requires functionality change From 0183b17b0d52933ec9bbb1218bd7edf1e17b7d01 Mon Sep 17 00:00:00 2001 From: jarpat Date: Mon, 19 Jun 2023 12:43:33 -0400 Subject: [PATCH 23/30] update config and workflow --- .github/workflows/linter-analysis.yaml | 5 ----- linting-configs/.ansible-lint | 8 +++++++- linting-configs/.ansible-lint-ignore | 16 ---------------- 3 files changed, 7 insertions(+), 22 deletions(-) delete mode 100644 linting-configs/.ansible-lint-ignore diff --git a/.github/workflows/linter-analysis.yaml b/.github/workflows/linter-analysis.yaml index 1e72a21..c01d415 100644 --- a/.github/workflows/linter-analysis.yaml +++ b/.github/workflows/linter-analysis.yaml @@ -74,11 +74,6 @@ jobs: - name: Copy Config to Parent Level Directory run: cp $(pwd)/linting-configs/.ansible-lint . - # The ansible/ansible-lint-action only loads - # ignore file from the current directory - - name: Copy Config to Parent Level Directory - run: cp $(pwd)/linting-configs/.ansible-lint-ignore . - # ansible-lint does not seem to recognize the .yaml # extension for the requirements file and it is not # configurable diff --git a/linting-configs/.ansible-lint b/linting-configs/.ansible-lint index 582eae8..fe4c436 100644 --- a/linting-configs/.ansible-lint +++ b/linting-configs/.ansible-lint @@ -2,6 +2,8 @@ # .ansible-lint profile: moderate +verbosity: 1 +strict: true # Enforce variable names to follow pattern below, in addition to Ansible own # requirements, like avoiding python identifiers. To disable add `var-naming` @@ -16,7 +18,11 @@ use_default_rules: true # on a new line. skip_list: - role-name # roles are dynamically selected based on user's choice so we do need to use paths - - yaml[line-length] # It's easier to understand/debug the underlying command when it's not broken up, excessively long lines that make sense to split up should be caught during code review, + - yaml[line-length] # it's easier to understand/debug the underlying command when it's not broken up, excessively long lines that make sense to split up should be caught during code review, + - name[template] # task name is being templated, this can be ignored + - command-instead-of-shell # shell should only be used when necessary, swap to command TODO future update requires functionality change + - command-instead-of-module # there are some cases where command calls could be replaced with modules TODO future update requires functionality change + - deprecated-module # In future look for suitable replacement TODO future update requires functionality change # Ansible-lint does not automatically load rules that have the 'opt-in' tag. # You must enable opt-in rules by listing each rule 'id' below. diff --git a/linting-configs/.ansible-lint-ignore b/linting-configs/.ansible-lint-ignore deleted file mode 100644 index 70f09d8..0000000 --- a/linting-configs/.ansible-lint-ignore +++ /dev/null @@ -1,16 +0,0 @@ -# This file contains ignores rule violations for ansible-lint in specific files -roles/kubernetes/common/tasks/main.yaml name[template] # task name is being templated, this can be ignored - -roles/kubernetes/common/tasks/main.yaml command-instead-of-shell # shell should only be used when necessary, swap to command TODO future update requires functionality change -roles/kubernetes/control_plane/init/secondary/tasks/main.yaml command-instead-of-shell -roles/kubernetes/node/init/tasks/main.yaml command-instead-of-shell -roles/systems/control_plane/tasks/main.yaml command-instead-of-shell -roles/systems/jump_server/tasks/main.yaml command-instead-of-shell -roles/systems/nfs_server/tasks/main.yaml command-instead-of-shell -roles/systems/vsphere/init/tasks/main.yaml command-instead-of-shell - -roles/systems/common/tasks/main.yaml command-instead-of-module # there are some cases where command calls could be replaced with modules TODO future update requires functionality change -roles/systems/jump_server/tasks/main.yaml command-instead-of-module -roles/kubernetes/common/tasks/main.yaml command-instead-of-module - -roles/kubernetes/node/labels_taints/tasks/main.yaml deprecated-module # In future look for suitable replacement TODO future update requires functionality change \ No newline at end of file From 95e2fe6bb5fd700ead9e0c467ae5d3599973d767 Mon Sep 17 00:00:00 2001 From: jarpat Date: Mon, 19 Jun 2023 13:02:44 -0400 Subject: [PATCH 24/30] remove unused var --- main.tf | 1 - 1 file changed, 1 deletion(-) diff --git a/main.tf b/main.tf index e8a2811..bdb1955 100644 --- a/main.tf +++ b/main.tf @@ -172,7 +172,6 @@ module "postgresql" { datacenter_id = data.vsphere_datacenter.dc.id template = var.vsphere_template cluster_domain = var.cluster_domain - cluster_name = local.cluster_name dns_servers = var.dns_servers netmask = var.netmask gateway = var.gateway From 3f2d8a0a515020cf59afafc924fb67137e2f6352 Mon Sep 17 00:00:00 2001 From: jarpat Date: Mon, 19 Jun 2023 13:38:31 -0400 Subject: [PATCH 25/30] revert some shellcheck changes around array reading --- docker-entrypoint.sh | 2 +- linting-configs/.shellcheckrc | 4 +++- oss-k8s.sh | 12 ++++++------ 3 files changed, 10 insertions(+), 8 deletions(-) diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index 141bac5..166e6df 100644 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -9,4 +9,4 @@ set -e echo "viya4-iac-k8s:x:$(id -u):$(id -g)::/viya4-iac-k8s:/bin/bash" >> /etc/passwd echo "viya4-iac-k8s:x:$(id -G | cut -d' ' -f 2):" >> /etc/group -exec /viya4-iac-k8s/oss-k8s.sh "$@" +exec /viya4-iac-k8s/oss-k8s.sh $@ diff --git a/linting-configs/.shellcheckrc b/linting-configs/.shellcheckrc index c70087a..ff457bf 100644 --- a/linting-configs/.shellcheckrc +++ b/linting-configs/.shellcheckrc @@ -2,4 +2,6 @@ # Allow using `which` since it gives full paths and is common enough # https://github.com/koalaman/shellcheck/wiki/SC2230 -disable=SC2230 +# https://www.shellcheck.net/wiki/SC2124 we want to assign the array as string +# https://www.shellcheck.net/wiki/SC2068 we split the string back into an array +disable=SC2230,SC2124,SC2068 diff --git a/oss-k8s.sh b/oss-k8s.sh index ccefb69..2f53323 100755 --- a/oss-k8s.sh +++ b/oss-k8s.sh @@ -147,7 +147,7 @@ fi # Determine what arguments have been passed and store # those values in a known order -for arg in "${ARGS[@]}"; do +for arg in ${ARGS[@]}; do if [[ "$arg" == "apply" ]]; then arguments[0]=apply fi @@ -185,7 +185,7 @@ update_items=( update ) destruction_items=( uninstall cleanup destroy ) external_items=( k tf helm ) -for item in "${arguments[@]}"; do +for item in ${arguments[@]}; do if [[ " ${creation_items[*]} " =~ " $item " ]]; then creation_flag=true fi @@ -197,7 +197,7 @@ for item in "${arguments[@]}"; do fi done -for item in "${ARGS[@]}"; do +for item in ${ARGS[@]}; do if [[ " ${external_items[*]} " =~ " $item " ]]; then external_flag=true fi @@ -247,15 +247,15 @@ if [ "$external_flag" = true ] && [ "$validated_args" = true ]; then while [ "${#ARGS[@]}" -gt 0 ]; do case "$1" in helm ) - helm "${@:2}" + helm ${@:2} exit "$?" ;; k|kubtctl ) - kubectl "${@:2}" + kubectl ${@:2} exit "$?" ;; tf|terraform ) - terraform $2 -state $TFSTATE "${@:3}" + terraform $2 -state $TFSTATE ${@:3} exit "$?" ;; esac From 89243cecc27eb5282b19ed6c9be58f19df51fb32 Mon Sep 17 00:00:00 2001 From: jarpat Date: Mon, 19 Jun 2023 13:44:23 -0400 Subject: [PATCH 26/30] shellcheckrc changes --- .github/workflows/linter-analysis.yaml | 4 ++++ linting-configs/.shellcheckrc | 3 +-- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/.github/workflows/linter-analysis.yaml b/.github/workflows/linter-analysis.yaml index c01d415..06ba91f 100644 --- a/.github/workflows/linter-analysis.yaml +++ b/.github/workflows/linter-analysis.yaml @@ -27,6 +27,10 @@ jobs: - name: Checkout Repo uses: actions/checkout@v3 + # .shellcheckrc is read from the current dir + - name: Copy Config to Parent Level Directory + run: cp $(pwd)/linting-configs/.shellcheckrc . + - name: Run ShellCheck Action uses: ludeeus/action-shellcheck@master with: diff --git a/linting-configs/.shellcheckrc b/linting-configs/.shellcheckrc index ff457bf..67584a8 100644 --- a/linting-configs/.shellcheckrc +++ b/linting-configs/.shellcheckrc @@ -2,6 +2,5 @@ # Allow using `which` since it gives full paths and is common enough # https://github.com/koalaman/shellcheck/wiki/SC2230 -# https://www.shellcheck.net/wiki/SC2124 we want to assign the array as string # https://www.shellcheck.net/wiki/SC2068 we split the string back into an array -disable=SC2230,SC2124,SC2068 +disable=SC2230,SC2068 From 7b19a37d5961908a4ae897bb71c5d74170c9fe04 Mon Sep 17 00:00:00 2001 From: jarpat Date: Mon, 19 Jun 2023 14:52:36 -0400 Subject: [PATCH 27/30] get sshpass deps --- Dockerfile | 2 +- linting-configs/.hadolint.yaml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index 0471839..6c4d0fb 100644 --- a/Dockerfile +++ b/Dockerfile @@ -27,7 +27,7 @@ RUN curl -fsSL https://apt.releases.hashicorp.com/gpg | apt-key add - \ # Installation steps FROM baseline -RUN apt-get update && apt-get -y install git sshpass jq --no-install-recommends \ +RUN apt-get update && apt-get -y install git sshpass jq \ && apt-get clean && rm -rf /var/lib/apt/lists/* COPY --from=tool_builder /usr/local/bin/helm /usr/local/bin/helm diff --git a/linting-configs/.hadolint.yaml b/linting-configs/.hadolint.yaml index 86b3c37..c613ad6 100644 --- a/linting-configs/.hadolint.yaml +++ b/linting-configs/.hadolint.yaml @@ -1,3 +1,3 @@ ignored: - # Specify version with apt-get install -y = : https://github.com/hadolint/hadolint/wiki/DL3008 - - DL3008 + - DL3008 # Specify version with apt-get install -y = : https://github.com/hadolint/hadolint/wiki/DL3008 + - DL3015 # Require --no-install-recommends to get all required packages for sshpass \ No newline at end of file From e6e23989d2af800c3b1e83a9ff59989fd64d1f6d Mon Sep 17 00:00:00 2001 From: jarpat Date: Tue, 20 Jun 2023 09:06:53 -0400 Subject: [PATCH 28/30] add newline --- linting-configs/.hadolint.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/linting-configs/.hadolint.yaml b/linting-configs/.hadolint.yaml index c613ad6..0a15954 100644 --- a/linting-configs/.hadolint.yaml +++ b/linting-configs/.hadolint.yaml @@ -1,3 +1,3 @@ ignored: - DL3008 # Specify version with apt-get install -y = : https://github.com/hadolint/hadolint/wiki/DL3008 - - DL3015 # Require --no-install-recommends to get all required packages for sshpass \ No newline at end of file + - DL3015 # Require --no-install-recommends to get all required packages for sshpass From 89b28488098efa90864d56c7fe066a65ed4e353f Mon Sep 17 00:00:00 2001 From: jarpat Date: Tue, 20 Jun 2023 09:45:25 -0400 Subject: [PATCH 29/30] move yaml doc separator down --- roles/kubernetes/common/defaults/main.yaml | 2 +- roles/kubernetes/control_plane/init/primary/defaults/main.yaml | 2 +- roles/kubernetes/control_plane/removal/tasks/main.yaml | 2 +- roles/kubernetes/cri/containerd/defaults/main.yaml | 2 +- .../database/postgres/alter_server_settings/defaults/main.yaml | 2 +- roles/kubernetes/loadbalancer/metallb/defaults/main.yaml | 2 +- roles/kubernetes/metrics/metrics-server/defaults/main.yaml | 2 +- roles/kubernetes/misc/tasks/main.yaml | 2 +- .../storage/nfs-subdir-external-provisioner/defaults/main.yaml | 2 +- .../sig-storage-local-static-provisioner/defaults/main.yaml | 2 +- roles/systems/bare_metal/init/tasks/main.yaml | 2 +- roles/systems/postgres/defaults/main.yaml | 2 +- 12 files changed, 12 insertions(+), 12 deletions(-) diff --git a/roles/kubernetes/common/defaults/main.yaml b/roles/kubernetes/common/defaults/main.yaml index c654d27..40b3b4e 100644 --- a/roles/kubernetes/common/defaults/main.yaml +++ b/roles/kubernetes/common/defaults/main.yaml @@ -1,5 +1,5 @@ ---- # Copyright © 2022-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. # SPDX-License-Identifier: Apache-2.0 +--- helm_version: 3.12.0 diff --git a/roles/kubernetes/control_plane/init/primary/defaults/main.yaml b/roles/kubernetes/control_plane/init/primary/defaults/main.yaml index 78e1c53..f3683c0 100644 --- a/roles/kubernetes/control_plane/init/primary/defaults/main.yaml +++ b/roles/kubernetes/control_plane/init/primary/defaults/main.yaml @@ -1,6 +1,6 @@ ---- # Copyright © 2022-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. # SPDX-License-Identifier: Apache-2.0 +--- kubernetes_pod_subnet: 10.42.0.0/16 kubernetes_service_subnet: 10.43.0.0/16 diff --git a/roles/kubernetes/control_plane/removal/tasks/main.yaml b/roles/kubernetes/control_plane/removal/tasks/main.yaml index da0b025..65732f5 100644 --- a/roles/kubernetes/control_plane/removal/tasks/main.yaml +++ b/roles/kubernetes/control_plane/removal/tasks/main.yaml @@ -1,7 +1,7 @@ ---- # Copyright © 2022-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. # SPDX-License-Identifier: Apache-2.0 +--- - name: Cleaning up the control plane ansible.builtin.shell: | kubeadm reset --force diff --git a/roles/kubernetes/cri/containerd/defaults/main.yaml b/roles/kubernetes/cri/containerd/defaults/main.yaml index 08dd5f4..42067ea 100644 --- a/roles/kubernetes/cri/containerd/defaults/main.yaml +++ b/roles/kubernetes/cri/containerd/defaults/main.yaml @@ -1,7 +1,7 @@ ---- # Copyright © 2022-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. # SPDX-License-Identifier: Apache-2.0 +--- # Allows users to overwrite containerd version # Set as an empty string to use the latest upstream version # diff --git a/roles/kubernetes/database/postgres/alter_server_settings/defaults/main.yaml b/roles/kubernetes/database/postgres/alter_server_settings/defaults/main.yaml index a3c1261..e3432aa 100644 --- a/roles/kubernetes/database/postgres/alter_server_settings/defaults/main.yaml +++ b/roles/kubernetes/database/postgres/alter_server_settings/defaults/main.yaml @@ -1,7 +1,7 @@ ---- # Copyright © 2022-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. # SPDX-License-Identifier: Apache-2.0 +--- # default PG System settings we will set if the user does # not define their own values postgres_system_setting_max_prepared_transactions: "1024" diff --git a/roles/kubernetes/loadbalancer/metallb/defaults/main.yaml b/roles/kubernetes/loadbalancer/metallb/defaults/main.yaml index 2966bcb..fe199cf 100644 --- a/roles/kubernetes/loadbalancer/metallb/defaults/main.yaml +++ b/roles/kubernetes/loadbalancer/metallb/defaults/main.yaml @@ -1,7 +1,7 @@ ---- # Copyright © 2022-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. # SPDX-License-Identifier: Apache-2.0 +--- ## sig-storage-local-static-provisioner METALLB_NAME: metallb METALLB_NAMESPACE: kube-system diff --git a/roles/kubernetes/metrics/metrics-server/defaults/main.yaml b/roles/kubernetes/metrics/metrics-server/defaults/main.yaml index 818d456..0194efe 100644 --- a/roles/kubernetes/metrics/metrics-server/defaults/main.yaml +++ b/roles/kubernetes/metrics/metrics-server/defaults/main.yaml @@ -1,7 +1,7 @@ ---- # Copyright © 2022-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. # SPDX-License-Identifier: Apache-2.0 +--- ## Metrics-server METRICS_SERVER_NAME: metrics-server METRICS_SERVER_NAMESPACE: kube-system diff --git a/roles/kubernetes/misc/tasks/main.yaml b/roles/kubernetes/misc/tasks/main.yaml index 484abb2..6c9ba4e 100644 --- a/roles/kubernetes/misc/tasks/main.yaml +++ b/roles/kubernetes/misc/tasks/main.yaml @@ -1,7 +1,7 @@ ---- # Copyright © 2022-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. # SPDX-License-Identifier: Apache-2.0 +--- - name: Secure kube config file ansible.builtin.file: path: "{{ iac_inventory_dir }}/{{ kubernetes_cluster_name }}-kubeconfig.conf" diff --git a/roles/kubernetes/storage/nfs-subdir-external-provisioner/defaults/main.yaml b/roles/kubernetes/storage/nfs-subdir-external-provisioner/defaults/main.yaml index 718c70a..9bdddd5 100644 --- a/roles/kubernetes/storage/nfs-subdir-external-provisioner/defaults/main.yaml +++ b/roles/kubernetes/storage/nfs-subdir-external-provisioner/defaults/main.yaml @@ -1,7 +1,7 @@ ---- # Copyright © 2022-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. # SPDX-License-Identifier: Apache-2.0 +--- ## Nfs-subdir-external-provisioner NFS_CLIENT_NAME: nfs-subdir-external-provisioner-default NFS_CLIENT_NAMESPACE: kube-system diff --git a/roles/kubernetes/storage/sig-storage-local-static-provisioner/defaults/main.yaml b/roles/kubernetes/storage/sig-storage-local-static-provisioner/defaults/main.yaml index b552a3c..b768bdf 100644 --- a/roles/kubernetes/storage/sig-storage-local-static-provisioner/defaults/main.yaml +++ b/roles/kubernetes/storage/sig-storage-local-static-provisioner/defaults/main.yaml @@ -1,7 +1,7 @@ ---- # Copyright © 2022-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. # SPDX-License-Identifier: Apache-2.0 +--- ## sig-storage-local-static-provisioner LOCAL_VOLUME_NAME: sig-storage-local-static-provisioner-sas LOCAL_VOLUME_NAMESPACE: kube-system diff --git a/roles/systems/bare_metal/init/tasks/main.yaml b/roles/systems/bare_metal/init/tasks/main.yaml index 1ce26ff..91f7729 100644 --- a/roles/systems/bare_metal/init/tasks/main.yaml +++ b/roles/systems/bare_metal/init/tasks/main.yaml @@ -1,7 +1,7 @@ ---- # Copyright © 2022-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. # SPDX-License-Identifier: Apache-2.0 +--- # NOTE: Should make this more generic for other OS types - name: Set owner and group for Ubuntu OS ansible.builtin.set_fact: diff --git a/roles/systems/postgres/defaults/main.yaml b/roles/systems/postgres/defaults/main.yaml index 95fa622..59a0b99 100644 --- a/roles/systems/postgres/defaults/main.yaml +++ b/roles/systems/postgres/defaults/main.yaml @@ -1,6 +1,6 @@ ---- # Copyright © 2022-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. # SPDX-License-Identifier: Apache-2.0 +--- postgres_server_ssl_cert_file: "" postgres_server_ssl_key_file: "" From 676d4d6afd5f9d4da61d0769cb7a27237aa185f5 Mon Sep 17 00:00:00 2001 From: jarpat Date: Fri, 7 Jul 2023 11:44:52 -0400 Subject: [PATCH 30/30] update task name after review --- playbooks/kubernetes-install.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/playbooks/kubernetes-install.yaml b/playbooks/kubernetes-install.yaml index 1697b8e..80b40f9 100644 --- a/playbooks/kubernetes-install.yaml +++ b/playbooks/kubernetes-install.yaml @@ -36,7 +36,7 @@ # Secure kubernetes items - hosts: localhost - name: Kubernetes Setup - Kubeconfig + name: Kubernetes Setup - Secure Kubernetes Items roles: - { role: kubernetes/misc }