From ecac1474b708e2d4b22b6a48610e062c28c70b51 Mon Sep 17 00:00:00 2001 From: Jay Patel <78554593+jarpat@users.noreply.github.com> Date: Mon, 24 Jul 2023 10:26:31 -0400 Subject: [PATCH 1/2] feat: (IAC-1088) Additional Ansible Lint Code Updates (#81) --- .github/workflows/linter-analysis.yaml | 2 +- linting-configs/.ansible-lint | 4 +-- roles/kubernetes/common/tasks/main.yaml | 31 ++++++++----------- .../init/secondary/tasks/main.yaml | 4 +-- roles/kubernetes/node/init/tasks/main.yaml | 4 +-- .../node/labels_taints/tasks/main.yaml | 10 +++--- roles/systems/common/tasks/main.yaml | 12 ------- roles/systems/control_plane/tasks/main.yaml | 9 +++--- roles/systems/jump_server/tasks/main.yaml | 4 +-- roles/systems/nfs_server/tasks/main.yaml | 2 +- roles/systems/vsphere/init/tasks/main.yaml | 4 +-- 11 files changed, 35 insertions(+), 51 deletions(-) diff --git a/.github/workflows/linter-analysis.yaml b/.github/workflows/linter-analysis.yaml index 06ba91f..f3851bb 100644 --- a/.github/workflows/linter-analysis.yaml +++ b/.github/workflows/linter-analysis.yaml @@ -88,6 +88,6 @@ jobs: run: ansible-galaxy install -r ./requirements.yaml - name: Run ansible-lint Action - uses: ansible/ansible-lint-action@v6.16.0 + uses: ansible/ansible-lint-action@v6.17.0 env: ANSIBLE_ROLES_PATH: "./roles" diff --git a/linting-configs/.ansible-lint b/linting-configs/.ansible-lint index fe4c436..4ed06b0 100644 --- a/linting-configs/.ansible-lint +++ b/linting-configs/.ansible-lint @@ -20,9 +20,6 @@ skip_list: - role-name # roles are dynamically selected based on user's choice so we do need to use paths - yaml[line-length] # it's easier to understand/debug the underlying command when it's not broken up, excessively long lines that make sense to split up should be caught during code review, - name[template] # task name is being templated, this can be ignored - - command-instead-of-shell # shell should only be used when necessary, swap to command TODO future update requires functionality change - - command-instead-of-module # there are some cases where command calls could be replaced with modules TODO future update requires functionality change - - deprecated-module # In future look for suitable replacement TODO future update requires functionality change # Ansible-lint does not automatically load rules that have the 'opt-in' tag. # You must enable opt-in rules by listing each rule 'id' below. @@ -38,6 +35,7 @@ enable_list: # option are parsed relative to the CWD of execution. exclude_paths: - examples/bare-metal/sample-ansible-vars.yaml # ignore this file, spacing is done for doc purposes + - .github/workflows # non ansible files # Offline mode disables installation of requirements.yml and schema refreshing offline: false diff --git a/roles/kubernetes/common/tasks/main.yaml b/roles/kubernetes/common/tasks/main.yaml index 26974fd..91992f8 100644 --- a/roles/kubernetes/common/tasks/main.yaml +++ b/roles/kubernetes/common/tasks/main.yaml @@ -46,7 +46,7 @@ - install block: - name: Retrieve contents of /etc/default/grub - ansible.builtin.shell: cat /etc/default/grub + ansible.builtin.command: cat /etc/default/grub register: grub_content changed_when: false @@ -116,18 +116,6 @@ # tags: # - install -- name: Adding SAS certs - become: true - ansible.builtin.shell: | - curl -skf http://delphi.unx.sas.com/dumpster/smitty2/certs/sasroot.crt -o /etc/ssl/certs/sasroot.crt - curl -skf http://delphi.unx.sas.com/dumpster/smitty2/certs/sasroot2.crt -o /etc/ssl/certs/sasroot2.crt - curl -skf http://delphi.unx.sas.com/dumpster/smitty2/certs/sasinter.crt -o /etc/ssl/certs/sasinter.crt - update-ca-certificates - when: ansible_distribution == "Ubuntu" and (ansible_distribution_version == "20.04" or ansible_distribution_version == "22.04") - tags: - - install - - update - - name: Install required packages for every machine ansible.builtin.package: name: "{{ packages }}" @@ -139,11 +127,18 @@ - install - update -- name: Installing helm - ansible.builtin.shell: | - curl -ksLO https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 - chmod 755 get-helm-3 - ./get-helm-3 --version v{{ helm_version }} --no-sudo +- name: Download helm installation script + ansible.builtin.get_url: + url: https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 + dest: /tmp/get-helm-3 + validate_certs: false + mode: "0755" + tags: + - install + - update + +- name: Execute helm installation script + ansible.builtin.command: /tmp/get-helm-3 --version v{{ helm_version }} --no-sudo tags: - install - update diff --git a/roles/kubernetes/control_plane/init/secondary/tasks/main.yaml b/roles/kubernetes/control_plane/init/secondary/tasks/main.yaml index cbceb0d..06dad81 100644 --- a/roles/kubernetes/control_plane/init/secondary/tasks/main.yaml +++ b/roles/kubernetes/control_plane/init/secondary/tasks/main.yaml @@ -34,13 +34,13 @@ - install - name: Generate control plane join command - ansible.builtin.shell: kubeadm token create --print-join-command + ansible.builtin.command: kubeadm token create --print-join-command register: kubeadm_join_cmd delegate_to: "{{ groups['k8s_control_plane'][0] }}" tags: - install - name: Join secondary control plane nodes to the cluster - ansible.builtin.shell: "{{ kubeadm_join_cmd.stdout }} --control-plane" + ansible.builtin.command: "{{ kubeadm_join_cmd.stdout }} --control-plane" tags: - install diff --git a/roles/kubernetes/node/init/tasks/main.yaml b/roles/kubernetes/node/init/tasks/main.yaml index 64927dd..f523c5e 100644 --- a/roles/kubernetes/node/init/tasks/main.yaml +++ b/roles/kubernetes/node/init/tasks/main.yaml @@ -3,13 +3,13 @@ --- - name: Generate compute node join command - ansible.builtin.shell: kubeadm token create --print-join-command + ansible.builtin.command: kubeadm token create --print-join-command register: kubeadm_join_cmd delegate_to: "{{ groups['k8s_control_plane'][0] }}" tags: - install - name: Join compute nodes to the cluster - ansible.builtin.shell: "{{ kubeadm_join_cmd.stdout }}" + ansible.builtin.command: "{{ kubeadm_join_cmd.stdout }}" tags: - install diff --git a/roles/kubernetes/node/labels_taints/tasks/main.yaml b/roles/kubernetes/node/labels_taints/tasks/main.yaml index d405fa1..02be973 100644 --- a/roles/kubernetes/node/labels_taints/tasks/main.yaml +++ b/roles/kubernetes/node/labels_taints/tasks/main.yaml @@ -4,8 +4,9 @@ --- # Apply labels to all kubernetes nodes - name: Adding labels to cluster Nodes - include: labels.yaml - labels={{ item.value }} + include_tasks: labels.yaml + vars: + labels: "{{ item.value }}" with_dict: "{{ node_labels }}" when: ansible_nodename.find(item.key) != -1 tags: @@ -14,8 +15,9 @@ # Apply taints to all kubernetes nodes - name: Adding taints to cluster Nodes - include: taints.yaml - taints={{ item.value }} + include_tasks: taints.yaml + vars: + taints: "{{ item.value }}" with_dict: "{{ node_taints }}" when: ansible_nodename.find(item.key) != -1 tags: diff --git a/roles/systems/common/tasks/main.yaml b/roles/systems/common/tasks/main.yaml index 4066c0f..16da3d7 100644 --- a/roles/systems/common/tasks/main.yaml +++ b/roles/systems/common/tasks/main.yaml @@ -89,18 +89,6 @@ # tags: # - install -# Add SAS Certificates to support SAS Viya -- name: Adding SAS certs - ansible.builtin.shell: | - curl -skf http://delphi.unx.sas.com/dumpster/smitty2/certs/sasroot.crt -o /etc/ssl/certs/sasroot.crt - curl -skf http://delphi.unx.sas.com/dumpster/smitty2/certs/sasroot2.crt -o /etc/ssl/certs/sasroot2.crt - curl -skf http://delphi.unx.sas.com/dumpster/smitty2/certs/sasinter.crt -o /etc/ssl/certs/sasinter.crt - update-ca-certificates - when: ansible_distribution == "Ubuntu" and (ansible_distribution_version == "20.04" or ansible_distribution_version == "22.04") - tags: - - install - - update - - name: Install Python and PIP packages ansible.builtin.package: name: "{{ item }}" diff --git a/roles/systems/control_plane/tasks/main.yaml b/roles/systems/control_plane/tasks/main.yaml index 0c71cc3..ff67f80 100644 --- a/roles/systems/control_plane/tasks/main.yaml +++ b/roles/systems/control_plane/tasks/main.yaml @@ -3,15 +3,16 @@ --- - name: Generate control plane shared ssh key pair - ansible.builtin.shell: | - rm -rf ~/.ssh/{{ control_plane_ssh_key_name }} - ssh-keygen -t rsa -q -N '' -b 4096 -f ~/.ssh/{{ control_plane_ssh_key_name }} + ansible.builtin.command: "{{ item }}" + with_items: + - rm -rf ~/.ssh/{{ control_plane_ssh_key_name }} + - ssh-keygen -t rsa -q -N '' -b 4096 -f ~/.ssh/{{ control_plane_ssh_key_name }} tags: - install - update - name: Get the ssh key file content - ansible.builtin.shell: + ansible.builtin.command: cat ~/.ssh/{{ control_plane_ssh_key_name }}.pub register: ssh_key tags: diff --git a/roles/systems/jump_server/tasks/main.yaml b/roles/systems/jump_server/tasks/main.yaml index 86e4720..4409dfc 100644 --- a/roles/systems/jump_server/tasks/main.yaml +++ b/roles/systems/jump_server/tasks/main.yaml @@ -81,8 +81,8 @@ # - install # - update -- name: Mount /viya-share - ansible.builtin.shell: mount -a +- name: Mount /viya-share # noqa: command-instead-of-module + ansible.builtin.command: mount -a tags: - install - update diff --git a/roles/systems/nfs_server/tasks/main.yaml b/roles/systems/nfs_server/tasks/main.yaml index 5d63d60..140042c 100644 --- a/roles/systems/nfs_server/tasks/main.yaml +++ b/roles/systems/nfs_server/tasks/main.yaml @@ -81,7 +81,7 @@ when: kubernetes_sc_default_file_rc.stdout != "0" - name: Export file system - ansible.builtin.shell: exportfs -a + ansible.builtin.command: exportfs -a when: ansible_distribution == "Ubuntu" and (ansible_distribution_version == "20.04" or ansible_distribution_version == "22.04") tags: - install diff --git a/roles/systems/vsphere/init/tasks/main.yaml b/roles/systems/vsphere/init/tasks/main.yaml index 56ce12d..c8f84ea 100644 --- a/roles/systems/vsphere/init/tasks/main.yaml +++ b/roles/systems/vsphere/init/tasks/main.yaml @@ -18,7 +18,7 @@ - update - name: Expand Root Partition - growpart - ansible.builtin.shell: "growpart /dev/sda {{ partition_number }}" # CentOS - 1 # Ubuntu - 2 + ansible.builtin.command: "growpart /dev/sda {{ partition_number }}" # CentOS - 1 # Ubuntu - 2 register: grow_result failed_when: grow_result.rc >= 2 tags: @@ -29,7 +29,7 @@ # using vSphere or any virtual vm's # - name: Expand Root File System - xfs_grow - ansible.builtin.shell: "xfs_growfs -d /" + ansible.builtin.command: "xfs_growfs -d /" tags: - install From 76b2c238858f46e36452b08ef48c1750eab5c95c Mon Sep 17 00:00:00 2001 From: Jay Patel <78554593+jarpat@users.noreply.github.com> Date: Wed, 9 Aug 2023 14:55:24 -0400 Subject: [PATCH 2/2] feat: (IAC-1046) Add Support for K8s 1.27 (#83) --- Dockerfile | 2 +- docs/CONFIG-VARS.md | 4 ++-- docs/REQUIREMENTS.md | 2 +- examples/vsphere/sample-terraform-dhcp.tfvars | 2 +- examples/vsphere/sample-terraform-minimal.tfvars | 2 +- examples/vsphere/sample-terraform-static-ips.tfvars | 2 +- examples/vsphere/sample-terraform-static-singlestore.tfvars | 2 +- examples/vsphere/sample-terraform-vi.tfvars | 2 +- .../sig-storage-local-static-provisioner/defaults/main.yaml | 2 +- variables.tf | 2 +- 10 files changed, 11 insertions(+), 11 deletions(-) diff --git a/Dockerfile b/Dockerfile index 6c4d0fb..480f93a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -9,7 +9,7 @@ RUN apt-get update && apt-get upgrade -y --no-install-recommends \ # Layers used for building/downloading/installing tools FROM baseline as tool_builder ARG HELM_VERSION=3.12.0 -ARG KUBECTL_VERSION=1.25.8 +ARG KUBECTL_VERSION=1.26.7 ARG TERRAFORM_VERSION=1.4.5-* WORKDIR /build diff --git a/docs/CONFIG-VARS.md b/docs/CONFIG-VARS.md index 2dfd57b..f951557 100644 --- a/docs/CONFIG-VARS.md +++ b/docs/CONFIG-VARS.md @@ -69,7 +69,7 @@ Terraform input variables can be set in the following ways: | Name | Description | Type | Default | Notes | | :--- | :--- | :--- | :--- | :--- | -| cluster_version | Kubernetes version | string | "1.25.8" | Valid values are listed here: [SAS Viya platform Supported Kubernetes Versions](https://go.documentation.sas.com/doc/en/itopscdc/default/itopssr/n1ika6zxghgsoqn1mq4bck9dx695.htm#p03v0o4maa8oidn1awe0w4xlxcf6). | +| cluster_version | Kubernetes version | string | "1.26.7" | Valid values are listed here: [SAS Viya platform Supported Kubernetes Versions](https://go.documentation.sas.com/doc/en/itopscdc/default/itopssr/n1ika6zxghgsoqn1mq4bck9dx695.htm#p03v0o4maa8oidn1awe0w4xlxcf6). | | cluster_cni | Kubernetes container network interface (CNI) | string | "calico" | | | cluster_cni_version | Kubernetes Container Network Interface (CNI) Version | string | "3.24.5" | | | cluster_cri | Kubernetes container runtime interface (CRI) | string | "containerd" | | @@ -351,7 +351,7 @@ The following variables are used to describe the machine targets for the SAS Viy | prefix | A prefix used in the names of all the resources created by this script | string | | | | deployment_type | Type of deployment to be performed | string | "bare_metal" | Specify `bare_metal` or `vsphere`. | | kubernetes_cluster_name | Cluster name | string | "{{ prefix }}-oss" | This item is auto-filled. **ONLY** change the `prefix` value described previously. | -| kubernetes_version | Kubernetes version | string | "1.25.8" | Valid values are listed here: [Kubernetes Releases](https://kubernetes.io/releases/). | +| kubernetes_version | Kubernetes version | string | "1.26.7" | Valid values are listed here: [Kubernetes Releases](https://kubernetes.io/releases/). | | kubernetes_upgrade_allowed | | bool | true | **NOTE:** Not currently used. | | kubernetes_arch | | string | "{{ vm_arch }}" | This item is auto-filled. **ONLY** change the `vm_arch` value described previously. | | kubernetes_cni | Kubernetes Container Network Interface (CNI) | string | "calico" | | diff --git a/docs/REQUIREMENTS.md b/docs/REQUIREMENTS.md index 3dcc4cb..53387af 100644 --- a/docs/REQUIREMENTS.md +++ b/docs/REQUIREMENTS.md @@ -203,7 +203,7 @@ vsphere_network = "" # Name of the network to to use for the VMs system_ssh_keys_dir = "~/.ssh" # Directory holding public keys to be used on each machine # Kubernetes - Cluster -cluster_version = "1.25.8" # Kubernetes version +cluster_version = "1.26.7" # Kubernetes version cluster_cni = "calico" # Kubernetes Container Network Interface (CNI) cluster_cni_version = "3.24.5" # Kubernetes Container Network Interface (CNI) Version cluster_cri = "containerd" # Kubernetes Container Runtime Interface (CRI) diff --git a/examples/vsphere/sample-terraform-dhcp.tfvars b/examples/vsphere/sample-terraform-dhcp.tfvars index a3a2857..f32981f 100644 --- a/examples/vsphere/sample-terraform-dhcp.tfvars +++ b/examples/vsphere/sample-terraform-dhcp.tfvars @@ -18,7 +18,7 @@ vsphere_network = "" # Name of the network to to use for the VMs system_ssh_keys_dir = "~/.ssh/oss" # Directory holding public keys to be used on each system # Kubernetes - Cluster -cluster_version = "1.25.8" # Kubernetes Version +cluster_version = "1.26.7" # Kubernetes Version cluster_cni = "calico" # Kubernetes Container Network Interface (CNI) cluster_cni_version = "3.24.5" # Kubernetes Container Network Interface (CNI) Version cluster_cri = "containerd" # Kubernetes Container Runtime Interface (CRI) diff --git a/examples/vsphere/sample-terraform-minimal.tfvars b/examples/vsphere/sample-terraform-minimal.tfvars index 836e967..01f93c3 100644 --- a/examples/vsphere/sample-terraform-minimal.tfvars +++ b/examples/vsphere/sample-terraform-minimal.tfvars @@ -18,7 +18,7 @@ vsphere_network = "" # Name of the network to to use for the VMs system_ssh_keys_dir = "~/.ssh/oss" # Directory holding public keys to be used on each system # Kubernetes - Cluster -cluster_version = "1.25.8" # Kubernetes Version +cluster_version = "1.26.7" # Kubernetes Version cluster_cni = "calico" # Kubernetes Container Network Interface (CNI) cluster_cni_version = "3.24.5" # Kubernetes Container Network Interface (CNI) Version cluster_cri = "containerd" # Kubernetes Container Runtime Interface (CRI) diff --git a/examples/vsphere/sample-terraform-static-ips.tfvars b/examples/vsphere/sample-terraform-static-ips.tfvars index f522688..d0c1e68 100644 --- a/examples/vsphere/sample-terraform-static-ips.tfvars +++ b/examples/vsphere/sample-terraform-static-ips.tfvars @@ -18,7 +18,7 @@ vsphere_network = "" # Name of the network to to use for the VMs system_ssh_keys_dir = "~/.ssh/oss" # Directory holding public keys to be used on each system # Kubernetes - Cluster -cluster_version = "1.25.8" # Kubernetes Version +cluster_version = "1.26.7" # Kubernetes Version cluster_cni = "calico" # Kubernetes Container Network Interface (CNI) cluster_cni_version = "3.24.5" # Kubernetes Container Network Interface (CNI) Version cluster_cri = "containerd" # Kubernetes Container Runtime Interface (CRI) diff --git a/examples/vsphere/sample-terraform-static-singlestore.tfvars b/examples/vsphere/sample-terraform-static-singlestore.tfvars index 942dd68..ca48535 100644 --- a/examples/vsphere/sample-terraform-static-singlestore.tfvars +++ b/examples/vsphere/sample-terraform-static-singlestore.tfvars @@ -18,7 +18,7 @@ vsphere_network = "" # Name of the network to to use for the VMs system_ssh_keys_dir = "~/.ssh/oss" # Directory holding public keys to be used on each system # Kubernetes - Cluster -cluster_version = "1.25.8" # Kubernetes Version +cluster_version = "1.26.7" # Kubernetes Version cluster_cni = "calico" # Kubernetes Container Network Interface (CNI) cluster_cni_version = "3.24.5" # Kubernetes Container Network Interface (CNI) Version cluster_cri = "containerd" # Kubernetes Container Runtime Interface (CRI) diff --git a/examples/vsphere/sample-terraform-vi.tfvars b/examples/vsphere/sample-terraform-vi.tfvars index e881338..ee4fb55 100644 --- a/examples/vsphere/sample-terraform-vi.tfvars +++ b/examples/vsphere/sample-terraform-vi.tfvars @@ -18,7 +18,7 @@ vsphere_network = "" # Name of the network to to use for the VMs system_ssh_keys_dir = "~/.ssh/oss" # Directory holding public keys to be used on each system # Kubernetes - Cluster -cluster_version = "1.25.8" # Kubernetes Version +cluster_version = "1.26.7" # Kubernetes Version cluster_cni = "calico" # Kubernetes Container Network Interface (CNI) cluster_cni_version = "3.24.5" # Kubernetes Container Network Interface (CNI) Version cluster_cri = "containerd" # Kubernetes Container Runtime Interface (CRI) diff --git a/roles/kubernetes/storage/sig-storage-local-static-provisioner/defaults/main.yaml b/roles/kubernetes/storage/sig-storage-local-static-provisioner/defaults/main.yaml index b768bdf..f959ea9 100644 --- a/roles/kubernetes/storage/sig-storage-local-static-provisioner/defaults/main.yaml +++ b/roles/kubernetes/storage/sig-storage-local-static-provisioner/defaults/main.yaml @@ -7,7 +7,7 @@ LOCAL_VOLUME_NAME: sig-storage-local-static-provisioner-sas LOCAL_VOLUME_NAMESPACE: kube-system LOCAL_VOLUME_CHART_NAME: Chart.yaml LOCAL_VOLUME_REPO: https://github.com/kubernetes-sigs/sig-storage-local-static-provisioner.git -LOCAL_VOLUME_CHART_VERSION: 2.4.0 +LOCAL_VOLUME_CHART_VERSION: 2.6.0 LOCAL_VOLUME_REPO_VERSION: "v{{ LOCAL_VOLUME_CHART_VERSION }}" LOCAL_VOLUME_REPO_LOCATION: "/tmp/{{ LOCAL_VOLUME_NAME }}" LOCAL_VOLUME_CONFIG: diff --git a/variables.tf b/variables.tf index 279c87b..a29c88d 100644 --- a/variables.tf +++ b/variables.tf @@ -293,7 +293,7 @@ variable "cluster_domain" { variable "cluster_version" { type = string - default = "1.25.8" + default = "1.26.7" } variable "cluster_cni" {