-
Notifications
You must be signed in to change notification settings - Fork 6.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update cilium_ipsec_enabled check #7413
Conversation
When attempting a fresh install without cilium_ipsec_enabled I ran into the following error: failed: [k8m01] (item={'name': 'cilium', 'file': 'cilium-secret.yml', 'type': 'secret', 'when': 'cilium_ipsec_enabled'}) => {"ansible_loop_var": "item", "changed": false, "item": {"file": "cilium-secret.yml", "name": "cilium", "type": "secret", "when": "cilium_ipsec_enabled"},"msg": "AnsibleUndefinedVariable: 'cilium_ipsec_key' is undefined"} Moving the when condition from the item level to the task level solved the issue.
Hi @fritchie. Thanks for your PR. I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
- {name: cilium, file: cilium-ds.yml, type: ds} | ||
- {name: cilium, file: cilium-deploy.yml, type: deploy} | ||
- {name: cilium, file: cilium-sa.yml, type: sa} | ||
register: cilium_node_manifests | ||
when: | ||
- inventory_hostname in groups['kube_control_plane'] | ||
- item.file != "cilium-secret.yml" or (item.file == "cilium-secret.yml" and cilium_ipsec_enabled) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think you can write it as:
item.when is defined and item.when
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
thx, this didn't seem to work for me
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You've put back the when:
that you're removing in this commit ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yes, I set the item back to:
- {name: cilium, file: cilium-secret.yml, type: secret, when: cilium_ipsec_enabled}
when I tested
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sorry my logic is wrong
not item.when is defined or item.when
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Make sure cilium_ipsec_key
is defined in the role defaults ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That would work but I didn't make the original IPsec PR. I assume the person who did has a reason for not defining a default for cilium_ipsec_key ... ie, if users used the default key it would not be a secret.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sorry I was quickly answering from my phone, would {name: cilium, file: cilium-secret.yml, type: secret, when: cilium_ipsec_enabled is defined }
work then ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
cilium_ipsec_enabled
should always be defined, I also tried
- {name: cilium, file: cilium-secret.yml, type: secret, when: cilium_ipsec_key is defined and cilium_ipsec_enabled}
which fails with the error:
failed: [k8m01] (item={'name': 'cilium', 'file': 'cilium-secret.yml', 'type': 'secret', 'when': 'cilium_ipsec_key is defined and cilium_ipsec_enabled'}) => {"ansible_loop_var": "item", "changed": false, "item": {"file": "cilium-secret.yml", "name": "cilium", "type": "secret", "when": "cilium_ipsec_key is defined and cilium_ipsec_enabled"}, "msg": "AnsibleUndefinedVariable: 'cilium_ipsec_key' is undefined"}
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sorry for lagging behind but I was thinking of fixing it the same way @champtar wrote.
Weird that it's not working 🤔
/ok-to-test |
/lgtm |
Well as https://gitlab.com/kargo-ci/kubernetes-sigs-kubespray/-/jobs/1132752306 works fine, let's merge this as is to fix the bug, always room for improvement if needed later on. |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: floryut, fritchie The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
This is a followup to #7413 Although the code worked there was a desire for a better solution. Hopefully people will be happy with this alternative.
When attempting a fresh install without cilium_ipsec_enabled I ran into the following error: failed: [k8m01] (item={'name': 'cilium', 'file': 'cilium-secret.yml', 'type': 'secret', 'when': 'cilium_ipsec_enabled'}) => {"ansible_loop_var": "item", "changed": false, "item": {"file": "cilium-secret.yml", "name": "cilium", "type": "secret", "when": "cilium_ipsec_enabled"},"msg": "AnsibleUndefinedVariable: 'cilium_ipsec_key' is undefined"} Moving the when condition from the item level to the task level solved the issue.
This is a followup to kubernetes-sigs#7413 Although the code worked there was a desire for a better solution. Hopefully people will be happy with this alternative.
When attempting a fresh install without cilium_ipsec_enabled I ran into the following error: failed: [k8m01] (item={'name': 'cilium', 'file': 'cilium-secret.yml', 'type': 'secret', 'when': 'cilium_ipsec_enabled'}) => {"ansible_loop_var": "item", "changed": false, "item": {"file": "cilium-secret.yml", "name": "cilium", "type": "secret", "when": "cilium_ipsec_enabled"},"msg": "AnsibleUndefinedVariable: 'cilium_ipsec_key' is undefined"} Moving the when condition from the item level to the task level solved the issue.
This is a followup to kubernetes-sigs#7413 Although the code worked there was a desire for a better solution. Hopefully people will be happy with this alternative.
When attempting a fresh install without cilium_ipsec_enabled I ran
into the following error:
failed: [k8m01] (item={'name': 'cilium', 'file': 'cilium-secret.yml', 'type': 'secret', 'when': 'cilium_ipsec_enabled'}) =>
{"ansible_loop_var": "item", "changed": false, "item": {"file": "cilium-secret.yml", "name": "cilium", "type": "secret",
"when": "cilium_ipsec_enabled"},"msg": "AnsibleUndefinedVariable: 'cilium_ipsec_key' is undefined"}
Moving the when condition from the item level to the task level solved
the issue.