fix idempotency issues

mesosphere · Oct 28, 2022 · 3fecabc · 3fecabc
1 parent 6ed34fa
commit 3fecabc
Show file tree

Hide file tree

Showing 12 changed files with 233 additions and 129 deletions.
diff --git a/ansible/molecule/default/tests/test_default.py b/ansible/molecule/default/tests/test_default.py
@@ -70,3 +70,22 @@ def test_cloudinit_feature_flags(host):
         assert b'ERROR_ON_USER_DATA_FAILURE = False' in featurefile.content
     else:
         assert True
+
+def test_kubelet_kubectl_installed(host):
+    if distro == "flatcar":
+        pytest.skip("no packages on flatcar")
+
+    assert host.package("kubectl").is_installed
+    assert host.package("kubelet").is_installed
+
+def test_kubeadm_installed(host):
+    if distro == "flatcar":
+        pytest.skip("no packages on flatcar")
+
+    assert host.package("kubeadm").is_installed
+    assert host.package("kubeadm").is_installed
+
+def test_kube_cmd_path(host):
+    assert host.exists("kubelet")
+    assert host.exists("kubeadm")
+    assert host.exists("kubelet")
diff --git a/ansible/roles/containerd/tasks/debian.yaml b/ansible/roles/containerd/tasks/debian.yaml
@@ -5,6 +5,7 @@
   failed_when:
     - remove_version_hold.rc != 0
     - remove_version_hold.rc != 100  # package does not exist
+  changed_when: remove_version_hold.rc == 0
 
 # remove previous install with KIB through an OS package
 - name: remove containerd.io remote deb package

diff --git a/ansible/roles/containerd/tasks/install.yaml b/ansible/roles/containerd/tasks/install.yaml
@@ -20,6 +20,7 @@
     url: "{{ containerd_base_url }}/{{ containerd_tar_file }}"
     dest: "{{ containerd_remote_bundle_path }}/{{ containerd_tar_file }}"
     mode: 0600
+  register: download_containerd_tar_file
   when:
     - not containerd_tar_file_exists.stat.exists
 
@@ -30,6 +31,7 @@
     dest: /
     extra_opts:
       - --no-overwrite-dir
+  when: download_containerd_tar_file.changed
 
 # Some ansible tasks run ctr and containerd. For these tasks, the executable must be in the PATH of the ansible process.
 # On some distributions, /usr/local/bin is not in the PATH. The symlink makes the executables available in /usr/bin,
@@ -40,7 +42,7 @@
     dest: "/usr/bin/{{ item }}"
     mode: 0777
     state: link
-    force: yes
+    # force: yes
   loop:
     - ctr
     - containerd
diff --git a/ansible/roles/containerd/tasks/main.yaml b/ansible/roles/containerd/tasks/main.yaml
@@ -1,7 +1,7 @@
 ---
 - name: Create containerd systemd drop-in directory
   file:
-    path: "/etc/systemd/system/containerd.service.d/"
+    path: "/etc/systemd/system/containerd.service.d"
     state: directory
 
 - name: Create containerd proxy conf

diff --git a/ansible/roles/kubeadm/tasks/debian.yaml b/ansible/roles/kubeadm/tasks/debian.yaml
@@ -1,17 +1,28 @@
 ---
-- name: remove version hold for kubeadm packages
-  command: apt-mark unhold kubeadm
+- name: Gather the package facts
+  package_facts:
+    manager: auto
+    strategy: first
 
-- name: install kubeadm remote deb package
-  shell: |
-    apt-get install --force-yes --yes \
-      kubeadm={{ package_versions.kubernetes_deb }}
-  args:
-    warn: false
-  register: result
-  until: result is success
-  retries: 3
-  delay: 3
+- name: remove lock install and lock kubeadm package
+  block:
+    - name: remove version hold for kubeadm packages
+      command: apt-mark unhold kubeadm
 
-- name: add version hold for kubeadm packages
-  command: apt-mark hold kubeadm
+    - name: install kubeadm remote deb package
+      shell: |
+        apt-get install --force-yes --yes \
+          kubeadm={{ package_versions.kubernetes_deb }}
+      args:
+        warn: false
+      register: result
+      until: result is success
+      retries: 3
+      delay: 3
+
+    - name: add version hold for kubeadm packages
+      command: apt-mark hold kubeadm
+  when: "'kubeadm' not in ansible_facts.packages or
+         ('kubeadm' in ansible_facts.packages and
+          kubernetes_version not in
+            ansible_facts.packages['kubelet'][0]['version'])"
diff --git a/ansible/roles/kubeadm/tasks/redhat.yaml b/ansible/roles/kubeadm/tasks/redhat.yaml
@@ -1,37 +1,48 @@
 ---
-- name: remove versionlock for kubeadm packages
-  command: yum versionlock delete kubeadm
-  args:
-    warn: false
-  ignore_errors: true
-  register: command_result
-  changed_when: |
-    'command_result.stdout is regex(".*versionlock deleted: [1-9]+.*")'
-  when:
-    - versionlock_plugin_enabled
-    - "(
-      'kubeadm' in exportedversionlocklist.stdout and
-      not 'kubeadm-' + package_versions.kubernetes_rpm in exportedversionlocklist.stdout
-      )"
+- name: Gather the package facts
+  package_facts:
+    manager: auto
+    strategy: first
 
-- name: install kubeadm rpm package
-  yum:
-    name: "{{ 'kubeadm-' + package_versions.kubernetes_rpm }}"
-    state: present
-    update_cache: true
-    enablerepo: "{{ 'offline' if offline_mode_enabled else '' }}"
-    disablerepo: "{{ '*' if offline_mode_enabled else '' }}"
-  register: result
-  until: result is success
-  retries: 3
-  delay: 3
+- name: remove lock install and lock kubeadm package
+  block:
+    - name: remove versionlock for kubeadm packages
+      command: yum versionlock delete kubeadm
+      args:
+        warn: false
+      ignore_errors: true
+      register: command_result
+      changed_when: |
+        'command_result.stdout is regex(".*versionlock deleted: [1-9]+.*")'
+      when:
+        - versionlock_plugin_enabled
+        - "(
+          'kubeadm' in exportedversionlocklist.stdout and
+          not 'kubeadm-' + package_versions.kubernetes_rpm in exportedversionlocklist.stdout
+          )"
 
-- name: add versionlock for kubeadm package
-  command: yum versionlock add kubeadm
-  args:
-    warn: false
-  register: command_result
-  changed_when: |
-    'command_result.stdout is regex(".*versionlock added: [1-9]+.*")'
-  when:
-    - versionlock_plugin_enabled
+    - name: install kubeadm rpm package
+      yum:
+        name: "{{ 'kubeadm-' + package_versions.kubernetes_rpm }}"
+        state: present
+        update_cache: true
+        enablerepo: "{{ 'offline' if offline_mode_enabled else '' }}"
+        disablerepo: "{{ '*' if offline_mode_enabled else '' }}"
+      register: result
+      until: result is success
+      retries: 3
+      delay: 3
+
+    - name: add versionlock for kubeadm package
+      command: yum versionlock add kubeadm
+      args:
+        warn: false
+      register: command_result
+      changed_when: |
+        'command_result.stdout is regex(".*versionlock added: [1-9]+.*")'
+      when:
+        - versionlock_plugin_enabled
+  when: "'kubeadm' not in ansible_facts.packages or
+         ('kubeadm' in ansible_facts.packages and
+          kubernetes_version not in
+            ansible_facts.packages['kubelet'][0]['version'])"
diff --git a/ansible/roles/packages/tasks/debian.yaml b/ansible/roles/packages/tasks/debian.yaml
@@ -17,6 +17,7 @@
   until: result is success
   retries: 3
   delay: 3
+  changed_when: false
 
 - name: install common debs
   apt:
@@ -31,35 +32,70 @@
   retries: 3
   delay: 3
 
-- name: remove version hold for kubelet and kubectl packages
-  command: apt-mark unhold {{ item }}
-  with_items:
-    - kubelet
-    - kubectl
+- name: Gather the package facts
+  package_facts:
+    manager: auto
+    strategy: first
 
+# - name: kubelet package query
+#   command: "dpkg-query -W kubelet"
+#   register: dpkg_query_kubelet
+#   changed_when: false
+#   # rc == 1 expected
+#   failed_when: dpkg_query_kubelet.rc >= 2
+#
+# - name: kubectl package query
+#   command: "dpkg-query -W kubectl"
+#   register: dpkg_query_kubectl
+#   changed_when: false
+#   # rc == 1 expected
+#   failed_when: dpkg_query_kubelet.rc >= 2
 
-- name: install kubelet remote deb package
-  apt:
-    name: kubelet={{ package_versions.kubernetes_deb }}
-    state: present
-    force: true
-  register: kubelet_installation_deb
-  until: kubelet_installation_deb is success
-  retries: 3
-  delay: 3
+# only run if kubelet or kubectl ar not installed or with the wrong version
+- name: unlock, install and lock kubelet and kubectl packages
+  block:
+    - name: remove version hold for kubelet and kubectl packages
+      command: apt-mark unhold {{ item }}
+      with_items:
+        - kubelet
+        - kubectl
 
-- name: install kubectl remote deb package
-  apt:
-    name: kubectl={{ package_versions.kubernetes_deb }}
-    state: present
-    force: true
-  register: result
-  until: result is success
-  retries: 3
-  delay: 3
+    - name: install kubelet remote deb package
+      apt:
+        name: kubelet={{ package_versions.kubernetes_deb }}
+        state: present
+        force: true
+      register: kubelet_installation_deb
+      until: kubelet_installation_deb is success
+      retries: 3
+      delay: 3
+
+    - name: install kubectl remote deb package
+      apt:
+        name: kubectl={{ package_versions.kubernetes_deb }}
+        state: present
+        force: true
+      register: result
+      until: result is success
+      retries: 3
+      delay: 3
 
-- name: add version hold for kubelet and kubectl packages
-  command: apt-mark hold {{ item }}
-  with_items:
-    - kubelet
-    - kubectl
+    - name: add version hold for kubelet and kubectl packages
+      command: apt-mark hold {{ item }}
+      with_items:
+        - kubelet
+        - kubectl
+  when: "'kubelet' not in ansible_facts.packages or
+         'kubectl' not in ansible_facts.packages or
+         ('kubelet' in ansible_facts.packages and
+          kubernetes_version not in
+            ansible_facts.packages['kubelet'][0]['version']) or
+         ('kubectl' in ansible_facts.packages and
+          kubernetes_version not in
+             ansible_facts.packages['kubectl'][0]['version'])"
+  # when: "dpkg_query_kubelet.rc != 0 or
+  #        dpkg_query_kubectl.rc != 0 or
+  #        (dpkg_query_kubelet.rc == 0 and
+  #         package_versions.kubernetes_deb not in dpkg_query_kubelet.stdout) or
+  #        (dpkg_query_kubectl.rc == 0 and
+  #         package_versions.kubernetes_deb not in dpkg_query_kubectl.stdout)"