Update cilium_ipsec_enabled check #7413
Conversation
When attempting a fresh install without cilium_ipsec_enabled I ran
into the following error:
failed: [k8m01] (item={'name': 'cilium', 'file': 'cilium-secret.yml', 'type': 'secret', 'when': 'cilium_ipsec_enabled'}) =>
{"ansible_loop_var": "item", "changed": false, "item": {"file": "cilium-secret.yml", "name": "cilium", "type": "secret",
"when": "cilium_ipsec_enabled"},"msg": "AnsibleUndefinedVariable: 'cilium_ipsec_key' is undefined"}
Moving the when condition from the item level to the task level solved
the issue.
k8s-ci-robot
added
the
cncf-cla: yes
|
Hi @fritchie. Thanks for your PR. I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
k8s-ci-robot
added
the
needs-ok-to-test
k8s-ci-robot
added
the
size/XS
| - {name: cilium, file: cilium-ds.yml, type: ds} | ||
| - {name: cilium, file: cilium-deploy.yml, type: deploy} | ||
| - {name: cilium, file: cilium-sa.yml, type: sa} | ||
| register: cilium_node_manifests | ||
| when: | ||
| - inventory_hostname in groups['kube_control_plane'] | ||
| - item.file != "cilium-secret.yml" or (item.file == "cilium-secret.yml" and cilium_ipsec_enabled) |
There was a problem hiding this comment.
I think you can write it as:
item.when is defined and item.when
There was a problem hiding this comment.
thx, this didn't seem to work for me
There was a problem hiding this comment.
You've put back the when: that you're removing in this commit ?
There was a problem hiding this comment.
yes, I set the item back to:
- {name: cilium, file: cilium-secret.yml, type: secret, when: cilium_ipsec_enabled}
when I tested
There was a problem hiding this comment.
Sorry my logic is wrong
not item.when is defined or item.when ?
There was a problem hiding this comment.
Make sure cilium_ipsec_key is defined in the role defaults ?
There was a problem hiding this comment.
That would work but I didn't make the original IPsec PR. I assume the person who did has a reason for not defining a default for cilium_ipsec_key ... ie, if users used the default key it would not be a secret.
There was a problem hiding this comment.
Sorry I was quickly answering from my phone, would {name: cilium, file: cilium-secret.yml, type: secret, when: cilium_ipsec_enabled is defined } work then ?
There was a problem hiding this comment.
cilium_ipsec_enabled should always be defined, I also tried
- {name: cilium, file: cilium-secret.yml, type: secret, when: cilium_ipsec_key is defined and cilium_ipsec_enabled}
which fails with the error:
failed: [k8m01] (item={'name': 'cilium', 'file': 'cilium-secret.yml', 'type': 'secret', 'when': 'cilium_ipsec_key is defined and cilium_ipsec_enabled'}) => {"ansible_loop_var": "item", "changed": false, "item": {"file": "cilium-secret.yml", "name": "cilium", "type": "secret", "when": "cilium_ipsec_key is defined and cilium_ipsec_enabled"}, "msg": "AnsibleUndefinedVariable: 'cilium_ipsec_key' is undefined"}
There was a problem hiding this comment.
Sorry for lagging behind but I was thinking of fixing it the same way @champtar wrote.
Weird that it's not working 🤔
|
/ok-to-test |
k8s-ci-robot
added
ok-to-test
|
/lgtm |
k8s-ci-robot
added
the
lgtm
|
Well as https://gitlab.com/kargo-ci/kubernetes-sigs-kubespray/-/jobs/1132752306 works fine, let's merge this as is to fix the bug, always room for improvement if needed later on. |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: floryut, fritchie The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
the
approved
This is a followup to #7413 Although the code worked there was a desire for a better solution. Hopefully people will be happy with this alternative.
When attempting a fresh install without cilium_ipsec_enabled I ran
into the following error:
failed: [k8m01] (item={'name': 'cilium', 'file': 'cilium-secret.yml', 'type': 'secret', 'when': 'cilium_ipsec_enabled'}) =>
{"ansible_loop_var": "item", "changed": false, "item": {"file": "cilium-secret.yml", "name": "cilium", "type": "secret",
"when": "cilium_ipsec_enabled"},"msg": "AnsibleUndefinedVariable: 'cilium_ipsec_key' is undefined"}
Moving the when condition from the item level to the task level solved
the issue.
This is a followup to kubernetes-sigs#7413 Although the code worked there was a desire for a better solution. Hopefully people will be happy with this alternative.
When attempting a fresh install without cilium_ipsec_enabled I ran
into the following error:
failed: [k8m01] (item={'name': 'cilium', 'file': 'cilium-secret.yml', 'type': 'secret', 'when': 'cilium_ipsec_enabled'}) =>
{"ansible_loop_var": "item", "changed": false, "item": {"file": "cilium-secret.yml", "name": "cilium", "type": "secret",
"when": "cilium_ipsec_enabled"},"msg": "AnsibleUndefinedVariable: 'cilium_ipsec_key' is undefined"}
Moving the when condition from the item level to the task level solved
the issue.
This is a followup to kubernetes-sigs#7413 Although the code worked there was a desire for a better solution. Hopefully people will be happy with this alternative.
When attempting a fresh install without cilium_ipsec_enabled I ran
into the following error:
failed: [k8m01] (item={'name': 'cilium', 'file': 'cilium-secret.yml', 'type': 'secret', 'when': 'cilium_ipsec_enabled'}) =>
{"ansible_loop_var": "item", "changed": false, "item": {"file": "cilium-secret.yml", "name": "cilium", "type": "secret",
"when": "cilium_ipsec_enabled"},"msg": "AnsibleUndefinedVariable: 'cilium_ipsec_key' is undefined"}
Moving the when condition from the item level to the task level solved
the issue.