mirror of
https://github.com/k3s-io/k3s-ansible.git
synced 2024-09-25 03:32:52 +02:00
Rework iptables old version checks (#255)
Signed-off-by: Derek Nola <derek.nola@suse.com>
This commit is contained in:
parent
1e633c5ad1
commit
7fcf82ac64
@ -148,6 +148,22 @@
|
||||
name: apparmor
|
||||
state: present
|
||||
|
||||
- name: Gather the package facts
|
||||
ansible.builtin.package_facts:
|
||||
manager: auto
|
||||
|
||||
# Iptables v1.8.0-1.8.4 have a specific bug with K3s. https://github.com/k3s-io/k3s/issues/3117
|
||||
- name: If iptables v1.8.0-1.8.4, warn user # noqa ignore-errors
|
||||
when:
|
||||
- ansible_facts.packages['iptables'] is defined
|
||||
- ansible_facts.packages['iptables'][0]['version'] is version('1.8.5', '<')
|
||||
- ansible_facts.packages['iptables'][0]['version'] is version('1.7.9', '>')
|
||||
ansible.builtin.fail:
|
||||
msg:
|
||||
- "Warning: Iptables {{ ansible_facts.packages['iptables'][0]['version'] }} found."
|
||||
- "Add '--prefer-bundled-bin' to extra_server_args variable to use the bundled iptables binary."
|
||||
ignore_errors: true
|
||||
|
||||
- name: Add /usr/local/bin to sudo secure_path
|
||||
ansible.builtin.lineinfile:
|
||||
line: 'Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin'
|
||||
|
@ -16,14 +16,12 @@
|
||||
ansible.builtin.package_facts:
|
||||
manager: auto
|
||||
|
||||
# If no iptables is found, K3s will use the iptables it ships with.
|
||||
# However, if a iptables is found, K3s will use that instead. Iptables
|
||||
# versions 1.8.7 and older have problems with K3s, so we force the use of
|
||||
# IPtables versions 1.6.1 and older have problems with K3s, so we force the use of
|
||||
# iptables-legacy in that case.
|
||||
- name: If old iptables found, change to iptables-legacy
|
||||
when:
|
||||
- ansible_facts.packages['iptables'] is defined
|
||||
- ansible_facts.packages['iptables'][0]['version'] is version('1.8.8', '<')
|
||||
- ansible_facts.packages['iptables'][0]['version'] is version('1.6.2', '<')
|
||||
block:
|
||||
- name: Iptables version on node
|
||||
ansible.builtin.debug:
|
||||
|
@ -11,14 +11,12 @@
|
||||
ansible.builtin.package_facts:
|
||||
manager: auto
|
||||
|
||||
# If no iptables is found, K3s will use the iptables it ships with.
|
||||
# However, if a iptables is found, K3s will use that instead. Iptables
|
||||
# versions 1.8.7 and older have problems with K3s, so we force the use of
|
||||
# IPtables versions 1.6.1 and older have problems with K3s, so we force the use of
|
||||
# iptables-legacy in that case.
|
||||
- name: If old iptables found, change to iptables-legacy
|
||||
when:
|
||||
- ansible_facts.packages['iptables'] is defined
|
||||
- ansible_facts.packages['iptables'][0]['version'] is version('1.8.8', '<')
|
||||
- ansible_facts.packages['iptables'][0]['version'] is version('1.6.2', '<')
|
||||
block:
|
||||
- name: Iptables version on node
|
||||
ansible.builtin.debug:
|
||||
|
Loading…
Reference in New Issue
Block a user