Merge pull request #85 from sassoftware/staging

3.4.0 - August 18, 2023

.github/workflows/linter-analysis.yaml

@@ -88,6 +88,6 @@ jobs:
         run: ansible-galaxy install -r ./requirements.yaml
 
       - name: Run ansible-lint Action
-        uses: ansible/ansible-lint-action@v6.16.0
+        uses: ansible/ansible-lint-action@v6.17.0
         env:
           ANSIBLE_ROLES_PATH: "./roles"

Dockerfile

@@ -9,7 +9,7 @@ RUN apt-get update && apt-get upgrade -y --no-install-recommends \
 # Layers used for building/downloading/installing tools
 FROM baseline as tool_builder
 ARG HELM_VERSION=3.12.0
-ARG KUBECTL_VERSION=1.25.8
+ARG KUBECTL_VERSION=1.26.7
 ARG TERRAFORM_VERSION=1.4.5-*
 
 WORKDIR /build

docs/CONFIG-VARS.md

@@ -69,7 +69,7 @@ Terraform input variables can be set in the following ways:
 
 | Name | Description | Type | Default | Notes |
 | :--- | :--- | :--- | :--- | :--- |
-| cluster_version        | Kubernetes version | string | "1.25.8" | Valid values are listed here: [SAS Viya platform Supported Kubernetes Versions](https://go.documentation.sas.com/doc/en/itopscdc/default/itopssr/n1ika6zxghgsoqn1mq4bck9dx695.htm#p03v0o4maa8oidn1awe0w4xlxcf6). |
+| cluster_version        | Kubernetes version | string | "1.26.7" | Valid values are listed here: [SAS Viya platform Supported Kubernetes Versions](https://go.documentation.sas.com/doc/en/itopscdc/default/itopssr/n1ika6zxghgsoqn1mq4bck9dx695.htm#p03v0o4maa8oidn1awe0w4xlxcf6). |
 | cluster_cni            | Kubernetes container network interface (CNI) | string | "calico" | |
 | cluster_cni_version    | Kubernetes Container Network Interface (CNI) Version | string | "3.24.5" | |
 | cluster_cri            | Kubernetes container runtime interface (CRI) | string | "containerd" | |
@@ -351,7 +351,7 @@ The following variables are used to describe the machine targets for the SAS Viy
 | prefix | A prefix used in the names of all the resources created by this script | string | | |
 | deployment_type | Type of deployment to be performed | string | "bare_metal" | Specify `bare_metal` or `vsphere`. |
 | kubernetes_cluster_name | Cluster name | string | "{{ prefix }}-oss" | This item is auto-filled. **ONLY** change the `prefix` value described previously. |
-| kubernetes_version | Kubernetes version | string | "1.25.8" | Valid values are listed here: [Kubernetes Releases](https://kubernetes.io/releases/). |
+| kubernetes_version | Kubernetes version | string | "1.26.7" | Valid values are listed here: [Kubernetes Releases](https://kubernetes.io/releases/). |
 | kubernetes_upgrade_allowed | | bool | true | **NOTE:** Not currently used. |
 | kubernetes_arch | | string | "{{ vm_arch }}" | This item is auto-filled. **ONLY** change the `vm_arch` value described previously. |
 | kubernetes_cni | Kubernetes Container Network Interface (CNI) | string | "calico" | |

docs/REQUIREMENTS.md

@@ -203,7 +203,7 @@ vsphere_network       = "" # Name of the network to to use for the VMs
 system_ssh_keys_dir = "~/.ssh" # Directory holding public keys to be used on each machine
 
 # Kubernetes - Cluster
-cluster_version        = "1.25.8"                        # Kubernetes version
+cluster_version        = "1.26.7"                        # Kubernetes version
 cluster_cni            = "calico"                        # Kubernetes Container Network Interface (CNI)
 cluster_cni_version    = "3.24.5"                        # Kubernetes Container Network Interface (CNI) Version
 cluster_cri            = "containerd"                    # Kubernetes Container Runtime Interface (CRI)

examples/vsphere/sample-terraform-dhcp.tfvars

@@ -18,7 +18,7 @@ vsphere_network       = "" # Name of the network to to use for the VMs
 system_ssh_keys_dir = "~/.ssh/oss" # Directory holding public keys to be used on each system
 
 # Kubernetes - Cluster
-cluster_version        = "1.25.8"       # Kubernetes Version
+cluster_version        = "1.26.7"       # Kubernetes Version
 cluster_cni            = "calico"       # Kubernetes Container Network Interface (CNI)
 cluster_cni_version    = "3.24.5"       # Kubernetes Container Network Interface (CNI) Version
 cluster_cri            = "containerd"   # Kubernetes Container Runtime Interface (CRI)

examples/vsphere/sample-terraform-minimal.tfvars

@@ -18,7 +18,7 @@ vsphere_network       = "" # Name of the network to to use for the VMs
 system_ssh_keys_dir = "~/.ssh/oss" # Directory holding public keys to be used on each system
 
 # Kubernetes - Cluster
-cluster_version        = "1.25.8"       # Kubernetes Version
+cluster_version        = "1.26.7"       # Kubernetes Version
 cluster_cni            = "calico"       # Kubernetes Container Network Interface (CNI)
 cluster_cni_version    = "3.24.5"       # Kubernetes Container Network Interface (CNI) Version
 cluster_cri            = "containerd"   # Kubernetes Container Runtime Interface (CRI)

examples/vsphere/sample-terraform-static-ips.tfvars

@@ -18,7 +18,7 @@ vsphere_network       = "" # Name of the network to to use for the VMs
 system_ssh_keys_dir = "~/.ssh/oss" # Directory holding public keys to be used on each system
 
 # Kubernetes - Cluster
-cluster_version        = "1.25.8"       # Kubernetes Version
+cluster_version        = "1.26.7"       # Kubernetes Version
 cluster_cni            = "calico"       # Kubernetes Container Network Interface (CNI)
 cluster_cni_version    = "3.24.5"       # Kubernetes Container Network Interface (CNI) Version
 cluster_cri            = "containerd"   # Kubernetes Container Runtime Interface (CRI)

examples/vsphere/sample-terraform-static-singlestore.tfvars

@@ -18,7 +18,7 @@ vsphere_network       = "" # Name of the network to to use for the VMs
 system_ssh_keys_dir = "~/.ssh/oss" # Directory holding public keys to be used on each system
 
 # Kubernetes - Cluster
-cluster_version        = "1.25.8"       # Kubernetes Version
+cluster_version        = "1.26.7"       # Kubernetes Version
 cluster_cni            = "calico"       # Kubernetes Container Network Interface (CNI)
 cluster_cni_version    = "3.24.5"       # Kubernetes Container Network Interface (CNI) Version
 cluster_cri            = "containerd"   # Kubernetes Container Runtime Interface (CRI)

examples/vsphere/sample-terraform-vi.tfvars

@@ -18,7 +18,7 @@ vsphere_network       = "" # Name of the network to to use for the VMs
 system_ssh_keys_dir = "~/.ssh/oss" # Directory holding public keys to be used on each system
 
 # Kubernetes - Cluster
-cluster_version        = "1.25.8"       # Kubernetes Version
+cluster_version        = "1.26.7"       # Kubernetes Version
 cluster_cni            = "calico"       # Kubernetes Container Network Interface (CNI)
 cluster_cni_version    = "3.24.5"       # Kubernetes Container Network Interface (CNI) Version
 cluster_cri            = "containerd"   # Kubernetes Container Runtime Interface (CRI)

linting-configs/.ansible-lint

@@ -20,9 +20,6 @@ skip_list:
   - role-name # roles are dynamically selected based on user's choice so we do need to use paths
   - yaml[line-length] # it's easier to understand/debug the underlying command when it's not broken up, excessively long lines that make sense to split up should be caught during code review,
   - name[template] # task name is being templated, this can be ignored
-  - command-instead-of-shell # shell should only be used when necessary, swap to command TODO future update requires functionality change
-  - command-instead-of-module # there are some cases where command calls could be replaced with modules TODO future update requires functionality change
-  - deprecated-module # In future look for suitable replacement TODO future update requires functionality change
 
 # Ansible-lint does not automatically load rules that have the 'opt-in' tag.
 # You must enable opt-in rules by listing each rule 'id' below.
@@ -38,6 +35,7 @@ enable_list:
 # option are parsed relative to the CWD of execution.
 exclude_paths:
   - examples/bare-metal/sample-ansible-vars.yaml # ignore this file, spacing is done for doc purposes
+  - .github/workflows # non ansible files
 
 # Offline mode disables installation of requirements.yml and schema refreshing
 offline: false

roles/kubernetes/common/tasks/main.yaml

@@ -46,7 +46,7 @@
     - install
   block:
     - name: Retrieve contents of /etc/default/grub
-      ansible.builtin.shell: cat /etc/default/grub
+      ansible.builtin.command: cat /etc/default/grub
       register: grub_content
       changed_when: false
 
@@ -116,18 +116,6 @@
 #   tags:
 #     - install
 
-- name: Adding SAS certs
-  become: true
-  ansible.builtin.shell: |
-    curl -skf http://delphi.unx.sas.com/dumpster/smitty2/certs/sasroot.crt -o /etc/ssl/certs/sasroot.crt
-    curl -skf http://delphi.unx.sas.com/dumpster/smitty2/certs/sasroot2.crt -o /etc/ssl/certs/sasroot2.crt
-    curl -skf http://delphi.unx.sas.com/dumpster/smitty2/certs/sasinter.crt -o /etc/ssl/certs/sasinter.crt
-    update-ca-certificates
-  when: ansible_distribution == "Ubuntu" and (ansible_distribution_version == "20.04" or ansible_distribution_version == "22.04")
-  tags:
-    - install
-    - update
-
 - name: Install required packages for every machine
   ansible.builtin.package:
     name: "{{ packages }}"
@@ -139,11 +127,18 @@
     - install
     - update
 
-- name: Installing helm
-  ansible.builtin.shell: |
-    curl -ksLO https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3
-    chmod 755 get-helm-3
-    ./get-helm-3 --version v{{ helm_version }} --no-sudo
+- name: Download helm installation script
+  ansible.builtin.get_url:
+    url: https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3
+    dest: /tmp/get-helm-3
+    validate_certs: false
+    mode: "0755"
+  tags:
+    - install
+    - update
+
+- name: Execute helm installation script
+  ansible.builtin.command: /tmp/get-helm-3 --version v{{ helm_version }} --no-sudo
   tags:
     - install
     - update

roles/kubernetes/control_plane/init/secondary/tasks/main.yaml

@@ -34,13 +34,13 @@
     - install
 
 - name: Generate control plane join command
-  ansible.builtin.shell: kubeadm token create --print-join-command
+  ansible.builtin.command: kubeadm token create --print-join-command
   register: kubeadm_join_cmd
   delegate_to: "{{ groups['k8s_control_plane'][0] }}"
   tags:
     - install
 
 - name: Join secondary control plane nodes to the cluster
-  ansible.builtin.shell: "{{ kubeadm_join_cmd.stdout }} --control-plane"
+  ansible.builtin.command: "{{ kubeadm_join_cmd.stdout }} --control-plane"
   tags:
     - install

roles/kubernetes/node/init/tasks/main.yaml

@@ -3,13 +3,13 @@
 
 ---
 - name: Generate compute node join command
-  ansible.builtin.shell: kubeadm token create --print-join-command
+  ansible.builtin.command: kubeadm token create --print-join-command
   register: kubeadm_join_cmd
   delegate_to: "{{ groups['k8s_control_plane'][0] }}"
   tags:
     - install
 
 - name: Join compute nodes to the cluster
-  ansible.builtin.shell: "{{ kubeadm_join_cmd.stdout }}"
+  ansible.builtin.command: "{{ kubeadm_join_cmd.stdout }}"
   tags:
     - install

roles/kubernetes/node/labels_taints/tasks/main.yaml

@@ -4,8 +4,9 @@
 ---
 # Apply labels to all kubernetes nodes
 - name: Adding labels to cluster Nodes
-  include: labels.yaml
-    labels={{ item.value }}
+  include_tasks: labels.yaml
+  vars:
+    labels: "{{ item.value }}"
   with_dict: "{{ node_labels }}"
   when: ansible_nodename.find(item.key) != -1
   tags:
@@ -14,8 +15,9 @@
 
 # Apply taints to all kubernetes nodes
 - name: Adding taints to cluster Nodes
-  include: taints.yaml
-    taints={{ item.value }}
+  include_tasks: taints.yaml
+  vars:
+    taints: "{{ item.value }}"
   with_dict: "{{ node_taints }}"
   when: ansible_nodename.find(item.key) != -1
   tags:

roles/kubernetes/storage/sig-storage-local-static-provisioner/defaults/main.yaml

@@ -7,7 +7,7 @@ LOCAL_VOLUME_NAME: sig-storage-local-static-provisioner-sas
 LOCAL_VOLUME_NAMESPACE: kube-system
 LOCAL_VOLUME_CHART_NAME: Chart.yaml
 LOCAL_VOLUME_REPO: https://github.com/kubernetes-sigs/sig-storage-local-static-provisioner.git
-LOCAL_VOLUME_CHART_VERSION: 2.4.0
+LOCAL_VOLUME_CHART_VERSION: 2.6.0
 LOCAL_VOLUME_REPO_VERSION: "v{{ LOCAL_VOLUME_CHART_VERSION }}"
 LOCAL_VOLUME_REPO_LOCATION: "/tmp/{{ LOCAL_VOLUME_NAME }}"
 LOCAL_VOLUME_CONFIG:

roles/systems/common/tasks/main.yaml

@@ -89,18 +89,6 @@
 #   tags:
 #     - install
 
-# Add SAS Certificates to support SAS Viya
-- name: Adding SAS certs
-  ansible.builtin.shell: |
-    curl -skf http://delphi.unx.sas.com/dumpster/smitty2/certs/sasroot.crt -o /etc/ssl/certs/sasroot.crt
-    curl -skf http://delphi.unx.sas.com/dumpster/smitty2/certs/sasroot2.crt -o /etc/ssl/certs/sasroot2.crt
-    curl -skf http://delphi.unx.sas.com/dumpster/smitty2/certs/sasinter.crt -o /etc/ssl/certs/sasinter.crt
-    update-ca-certificates
-  when: ansible_distribution == "Ubuntu" and (ansible_distribution_version == "20.04" or ansible_distribution_version == "22.04")
-  tags:
-    - install
-    - update
-
 - name: Install Python and PIP packages
   ansible.builtin.package:
     name: "{{ item }}"

roles/systems/control_plane/tasks/main.yaml

@@ -3,15 +3,16 @@
 
 ---
 - name: Generate control plane shared ssh key pair
-  ansible.builtin.shell: |
-    rm -rf ~/.ssh/{{ control_plane_ssh_key_name }}
-    ssh-keygen -t rsa -q -N '' -b 4096 -f ~/.ssh/{{ control_plane_ssh_key_name }}
+  ansible.builtin.command: "{{ item }}"
+  with_items:
+    - rm -rf ~/.ssh/{{ control_plane_ssh_key_name }}
+    - ssh-keygen -t rsa -q -N '' -b 4096 -f ~/.ssh/{{ control_plane_ssh_key_name }}
   tags:
     - install
     - update
 
 - name: Get the ssh key file content
-  ansible.builtin.shell:
+  ansible.builtin.command:
     cat ~/.ssh/{{ control_plane_ssh_key_name }}.pub
   register: ssh_key
   tags:

roles/systems/jump_server/tasks/main.yaml

@@ -81,8 +81,8 @@
 #     - install
 #     - update
 
-- name: Mount /viya-share
-  ansible.builtin.shell: mount -a
+- name: Mount /viya-share # noqa: command-instead-of-module
+  ansible.builtin.command: mount -a
   tags:
     - install
     - update

roles/systems/nfs_server/tasks/main.yaml

@@ -81,7 +81,7 @@
       when: kubernetes_sc_default_file_rc.stdout != "0"
 
 - name: Export file system
-  ansible.builtin.shell: exportfs -a
+  ansible.builtin.command: exportfs -a
   when: ansible_distribution == "Ubuntu" and (ansible_distribution_version == "20.04" or ansible_distribution_version == "22.04")
   tags:
     - install

roles/systems/vsphere/init/tasks/main.yaml

@@ -18,7 +18,7 @@
     - update
 
 - name: Expand Root Partition - growpart
-  ansible.builtin.shell: "growpart /dev/sda {{ partition_number }}" # CentOS - 1 # Ubuntu - 2
+  ansible.builtin.command: "growpart /dev/sda {{ partition_number }}" # CentOS - 1 # Ubuntu - 2
   register: grow_result
   failed_when: grow_result.rc >= 2
   tags:
@@ -29,7 +29,7 @@
 #       using vSphere or any virtual vm's
 #
 - name: Expand Root File System - xfs_grow
-  ansible.builtin.shell: "xfs_growfs -d /"
+  ansible.builtin.command: "xfs_growfs -d /"
   tags:
     - install
 

variables.tf

@@ -293,7 +293,7 @@ variable "cluster_domain" {
 
 variable "cluster_version" {
   type    = string
-  default = "1.25.8"
+  default = "1.26.7"
 }
 
 variable "cluster_cni" {