Added package checks for #72

CHANGELOG.md

@@ -29,9 +29,13 @@
   - `k3s_runtime_config` defined in `vars/` for validation and overwritten in
     tasks for control plane and workers.
   - Removed unused references to GitHub API.
+  - `set_fact` and `command` tasks now use FQCN.
+  - Check of `ansible_version` in environment check.
+  - Introduction of target environment checks for #72.
 
 ### Breaking changes
 
+  - Ansible minimum version is hard set to v2.10.4
   - `k3s_token_location` has moved to be in `k3s_config_dir` so re-running the
     role will create a duplicate file here.
 

README.md

@@ -70,7 +70,6 @@ consistency. These are generally cluster-level configuration.
 | `k3s_build_cluster`              | When multiple play hosts are available, attempt to cluster. Read notes below.   | `true`                         |
 | `k3s_control_node_address`       | Use a specific control node address. IP or FQDN.                                | NULL                           |
 | `k3s_github_url`                 | Set the GitHub URL to install k3s from.                                         | https://github.com/k3s-io/k3s  |
-| `k3s_skip_validation`            | Skip all tasks that validate configuration.                                     | `false`                        |
 | `k3s_install_dir`                | Installation directory for k3s.                                                 | `/usr/local/bin`               |
 | `k3s_install_hard_links`         | Install using hard links rather than symbolic links.                            | `false`                        |
 | `k3s_server_manifests_templates` | A list of Auto-Deploying Manifests Templates.                                   | []                             |
@@ -156,6 +155,8 @@ particularly with regards to privilege escalation.
 
 | Variable                            | Description                                                         | Default Value |
 |-------------------------------------|---------------------------------------------------------------------|---------------|
+| `k3s_skip_validation`               | Skip all tasks that validate configuration.                         | `false`       |
+| `k3s_skip_env_checks`               | Skill all tasks that check environment configuration.               | `false`       |
 | `k3s_become_for_all`                | Escalate user privileges for all tasks. Overrides all of the below. | `false`       |
 | `k3s_become_for_systemd`            | Escalate user privileges for systemd tasks.                         | NULL          |
 | `k3s_become_for_install_dir`        | Escalate user privileges for creating installation directories.     | NULL          |

defaults/main.yml

@@ -26,6 +26,9 @@ k3s_github_url: https://github.com/k3s-io/k3s
 # Skip all tasks that validate configuration
 k3s_skip_validation: false
 
+# Skip all tasks that check environment configuration
+k3s_skip_env_checks: false
+
 # Installation directory for k3s
 k3s_install_dir: /usr/local/bin
 

molecule/autodeploy/prepare.yml

@@ -0,0 +1,14 @@
+---
+- name: Prepare
+  hosts: node*
+  become: true
+  tasks:
+    - name: Ensure apt cache is updated
+      ansible.builtin.apt:
+        update_cache: true
+      when: ansible_pkg_mgr == 'apt'
+
+    - name: Ensure iptables is installed
+      ansible.builtin.package:
+        name: iptables
+        state: present

molecule/debug/prepare.yml

@@ -0,0 +1,13 @@
+---
+- name: Prepare
+  hosts: all
+  tasks:
+    - name: Ensure apt cache is updated
+      ansible.builtin.apt:
+        update_cache: true
+      when: ansible_pkg_mgr == 'apt'
+
+    - name: Ensure iptables is installed
+      ansible.builtin.package:
+        name: iptables
+        state: present

molecule/default/prepare.yml

@@ -6,3 +6,8 @@
       ansible.builtin.apt:
         update_cache: true
       when: ansible_pkg_mgr == 'apt'
+
+    - name: Ensure iptables is installed
+      ansible.builtin.package:
+        name: iptables
+        state: present

molecule/docker/prepare.yml

@@ -6,3 +6,8 @@
       ansible.builtin.apt:
         update_cache: true
       when: ansible_pkg_mgr == 'apt'
+
+    - name: Ensure iptables is installed
+      ansible.builtin.package:
+        name: iptables
+        state: present

molecule/highavailabilitydb/prepare.yml

@@ -1,5 +1,5 @@
 ---
-- name: Prepare
+- name: Prepare Load Balancer
   hosts: loadbalancer
   tasks:
     - name: Ensure apt cache is updated
@@ -28,3 +28,16 @@
       command: haproxy -D -f /usr/local/etc/haproxy/haproxy.cfg -p /var/run/haproxy.pid
       args:
         creates: /var/run/haproxy.pid
+
+- name: Prepare nodes
+  hosts: node*
+  tasks:
+    - name: Ensure apt cache is updated
+      ansible.builtin.apt:
+        update_cache: true
+      when: ansible_pkg_mgr == 'apt'
+
+    - name: Ensure iptables is installed
+      ansible.builtin.package:
+        name: iptables
+        state: present

molecule/highavailabilityetcd/prepare.yml

@@ -1,5 +1,5 @@
 ---
-- name: Prepare
+- name: Prepare Load Balancer
   hosts: loadbalancer
   tasks:
     - name: Ensure apt cache is updated
@@ -28,3 +28,16 @@
       command: haproxy -D -f /usr/local/etc/haproxy/haproxy.cfg -p /var/run/haproxy.pid
       args:
         creates: /var/run/haproxy.pid
+
+- name: Prepare nodes
+  hosts: node*
+  tasks:
+    - name: Ensure apt cache is updated
+      ansible.builtin.apt:
+        update_cache: true
+      when: ansible_pkg_mgr == 'apt'
+
+    - name: Ensure iptables is installed
+      ansible.builtin.package:
+        name: iptables
+        state: present

molecule/nodeploy/prepare.yml

@@ -0,0 +1,13 @@
+---
+- name: Prepare
+  hosts: all
+  tasks:
+    - name: Ensure apt cache is updated
+      ansible.builtin.apt:
+        update_cache: true
+      when: ansible_pkg_mgr == 'apt'
+
+    - name: Ensure iptables is installed
+      ansible.builtin.package:
+        name: iptables
+        state: present

tasks/validate/check-target-environment-packages.yml

@@ -0,0 +1,18 @@
+---
+
+- name: Check that {{ package.name }} is installed
+  ansible.builtin.command: "which {{ package.name }}"
+  changed_when: false
+  failed_when: false
+  register: check_k3s_required_package
+
+- name: Test that checks for {{ package.name }} passed
+  ansible.builtin.assert:
+    that:
+      - check_k3s_required_package.rc == 0
+    success_msg: "Found required package: {{ package.name }}"
+    fail_msg: "Could not find package: {{ package.name }}"
+  when: (package.until is not defined
+          or k3s_release_version is version_compare(package.until, '>='))
+        and (package.from is not defined
+            or k3s_release_version is version_compare(package.from, '>='))

tasks/validate/pre-flight.yml

@@ -10,6 +10,14 @@
 
 - import_tasks: check-environment.yml
   when: not k3s_skip_validation
+        and not k3s_skip_env_checks
+
+- include_tasks: check-target-environment-packages.yml
+  loop: "{{ k3s_check_packages }}"
+  loop_control:
+    loop_var: package
+  when: not k3s_skip_validation
+        and not k3s_skip_env_checks
 
 - include_tasks: issue-data.yml
   when: pyratlabs_issue_controller_dump is defined and pyratlabs_issue_controller_dump

vars/main.yml

@@ -75,6 +75,15 @@ k3s_token_location: "{{ k3s_config_dir }}/cluster-token"
 # https://rancher.com/docs/k3s/latest/en/advanced/#auto-deploying-manifests
 k3s_server_manifests_dir: "{{ k3s_data_dir }}/server/manifests"
 
+# Packages that we need to check are installed
+k3s_check_packages:
+  - name: iptables
+  - name: iptables-save
+  - name: iptables-restore
+# - name: dummy
+#   from: 1.19.2
+#   until: 1.21.0
+
 # Directories that we need to ensure exist
 k3s_ensure_directories_exist:
   - name: Config directory