Merge pull request #700 from Lakshmi-Patneedi/devel

Leap support for control_plane_common,control_plane_k8s

control_plane/roles/control_plane_common/tasks/fetch_base_inputs.yml

@@ -210,7 +210,8 @@
   assert:
     that:
       - provision_os == os_supported_centos or 
-        provision_os == os_supported_rocky
+        provision_os == os_supported_rocky or
+        provision_os == os_supported_leap
     fail_msg: "{{ provision_os_fail_msg }}"
     success_msg: "{{ provision_os_success_msg }}"
 
@@ -276,7 +277,7 @@
 - name: Assert management_net_dhcp_start_range
   assert:
     that:
-      - mngmnt_network_dhcp_start_range
+      - mngmnt_network_dhcp_start_range |  length > 1
       - mngmnt_network_dhcp_start_range | ipv4
       - mngmnt_network_dhcp_start_range != mngmnt_network_ip
       - mngmnt_network_dhcp_start_range != mngmnt_network_dhcp_end_range
@@ -288,7 +289,7 @@
 - name: Assert management_net_dhcp_end_range
   assert:
     that:
-      - mngmnt_network_dhcp_end_range
+      - mngmnt_network_dhcp_end_range |  length > 1
       - mngmnt_network_dhcp_end_range | ipv4
       - mngmnt_network_dhcp_end_range != mngmnt_network_ip
       - mngmnt_network_dhcp_start_range != mngmnt_network_dhcp_end_range
@@ -350,7 +351,7 @@
 - name: Assert host_network_dhcp_start_range
   assert:
     that:
-      - host_network_dhcp_start_range
+      - host_network_dhcp_start_range | length > 1
       - host_network_dhcp_start_range | ipv4
       - host_network_dhcp_start_range != hpc_ip
       - host_network_dhcp_start_range != host_network_dhcp_end_range
@@ -362,7 +363,7 @@
 - name: Assert host_network_dhcp_end_range
   assert:
     that:
-      - host_network_dhcp_end_range
+      - host_network_dhcp_end_range | length > 1
       - host_network_dhcp_end_range | ipv4
       - host_network_dhcp_end_range != hpc_ip
       - host_network_dhcp_start_range != host_network_dhcp_end_range
@@ -437,7 +438,7 @@
 - name: Assert infiniband_net_dhcp_start_range
   assert:
     that:
-      - ib_network_dhcp_start_range
+      - ib_network_dhcp_start_range | length > 1
       - ib_network_dhcp_start_range | ipv4
       - ib_network_dhcp_start_range != ib_ip
       - ib_network_dhcp_start_range != ib_network_dhcp_end_range
@@ -450,7 +451,7 @@
 - name: Assert infiniband_net_dhcp_end_range
   assert:
     that:
-      - ib_network_dhcp_end_range
+      - ib_network_dhcp_end_range | length > 1
       - ib_network_dhcp_end_range | ipv4
       - ib_network_dhcp_end_range != ib_ip
       - ib_network_dhcp_start_range != ib_network_dhcp_end_range
@@ -468,4 +469,4 @@
       - ib_network_nic != host_network_nic
     success_msg: "{{ success_msg_different_nics_ib }}"
     fail_msg: "{{ fail_msg_different_nics_ib }}"
-  when: ib_switch_support
+  when: ib_switch_support

control_plane/roles/control_plane_common/tasks/package_installation.yml

@@ -12,13 +12,22 @@
 #  See the License for the specific language governing permissions and
 #  limitations under the License.
 ---
+- name: Install packages
+  zypper:
+    name: "{{ common_packages_leap }}"
+    state: present
+  tags: install
+  when: ( os_supported_leap in mgmt_os ) and ( ansible_distribution_version >= os_supported_leap_version )
 
 - name: Install packages
   package:
     name: "{{ common_packages }}"
     state: present
   tags: install
-  
+  when:
+    - ( mgmt_os == os_supported_centos ) and ( ansible_distribution_version >= os_supported_centos_version ) or
+      ( mgmt_os == os_supported_rocky ) and ( ansible_distribution_version >= os_supported_rocky_version )
+
 - name: Install netaddr
   command: pip3 install netaddr
   tags: install

control_plane/roles/control_plane_common/tasks/pre_requisite.yml

@@ -13,10 +13,22 @@
 #  limitations under the License.
 ---
 
+- name: Collecting ansible python version
+  shell:
+    cmd: ansible --version | grep "python version" | cut -d ' ' -f 6
+  register: ansible_python_version
+  changed_when: false
+
+- name: Saving management station os
+  set_fact:
+    mgmt_os: "{{ ansible_facts['distribution'] | lower }}"
+
 - name: Verify the ansible and python versions installed
   fail:
     msg: "{{ ansible_python_version_status }}"
-  when: ansible_python_version != python_version_support
+  when:
+    - ansible_python_version.stdout != python_version_leap
+    - ansible_python_version.stdout != python_version_support
   tags: install
 
 - name: Verify whether ansible configuration file exists
@@ -35,32 +47,37 @@
 - name: Check OS support
   assert:
     that:
-      - ( ansible_distribution | lower == os_supported_centos ) and ( ansible_distribution_version >= os_supported_centos_version ) or
-        ( ansible_distribution | lower == os_supported_rocky ) and ( ansible_distribution_version >= os_supported_rocky_version )
+      - ( mgmt_os == os_supported_centos ) and ( ansible_distribution_version >= os_supported_centos_version ) or
+        ( mgmt_os == os_supported_rocky ) and ( ansible_distribution_version >= os_supported_rocky_version ) or
+        ( os_supported_leap in mgmt_os ) and ( ansible_distribution_version >= os_supported_leap_version )
     fail_msg: "{{ fail_os_status }}"
     success_msg: "{{ success_os_status }}"
   register: os_value
   tags: install
 
-- name: Fetch SElinux mode
-  command: sestatus
-  register: sestatus_current
-  changed_when: false
+- block:
+    - name: Fetch SElinux mode
+      command: sestatus
+      register: sestatus_current
+      changed_when: false
 
-- name: Disable SElinux
-  replace:
-    path: /etc/sysconfig/selinux
-    regexp: 'SELINUX=[a-z]+'
-    replace: 'SELINUX=disabled'
-  when: '"SELinux status:                 enabled" in sestatus_current.stdout_lines'
-  tags: install
+    - name: Disable SElinux
+      replace:
+        path: /etc/sysconfig/selinux
+        regexp: 'SELINUX=[a-z]+'
+        replace: 'SELINUX=disabled'
+      when: '"SELinux status: enabled" in sestatus_current.stdout_lines'
+      tags: install
 
-- name: Status of SElinux
-  fail:
-    msg: "{{ selinux_status }}"
-  when: '"SELinux status:                 enabled" in sestatus_current.stdout_lines'
-  register: selinux_value
-  tags: install
+    - name: Status of SElinux
+      fail:
+        msg: "{{ selinux_status }}"
+      when: '"SELinux status: enabled" in sestatus_current.stdout_lines'
+      register: selinux_value
+      tags: install
+  when:
+    - ( mgmt_os == os_supported_centos ) and ( ansible_distribution_version >= os_supported_centos_version ) or
+      ( mgmt_os == os_supported_rocky ) and ( ansible_distribution_version >= os_supported_rocky_version )
 
 - name: State of firewall
   service:

control_plane/roles/control_plane_common/vars/main.yml

@@ -16,6 +16,25 @@
 # vars file for common
 
 # Usage: package_installation.yml
+common_packages_leap:
+  - git
+  - gcc
+  - gcc-c++
+  - nodejs
+  - bzip2
+  - python2-pip
+  - python3-pip
+  - nano
+  - lvm2
+  - gettext
+  - net-tools
+  - python3-netaddr
+  - dos2unix
+  - cri-o
+  - make
+os_supported_leap: "leap"
+os_supported_leap_version: "15.3"
+python_version_leap: '3.6.15'
 common_packages:
   - epel-release
   - yum-utils
@@ -34,6 +53,7 @@ common_packages:
   - python3-netaddr
   - yum-plugin-versionlock
   - dos2unix
+  - make
 
 # Usage: pre_requisite.yml
 internet_delay: 0
@@ -192,4 +212,4 @@ group_name_nfs: "nfs_node"
 
 # Usage: validate_device_mapping_file.yml
 fail_device_mapping_file_header: "Failed: Header (MAC,IP) should be present in the mapping file."
-device_mapping_header_format: "MAC,IP"
+device_mapping_header_format: "MAC,IP"

control_plane/roles/control_plane_k8s/tasks/k8s_init.yml

@@ -52,7 +52,7 @@
 - name: Initialize kubeadm (This process may take 5-10min)
   block:
     - name: Initialize kubeadm (This process may take 5-10min)
-      command: "/bin/kubeadm init --pod-network-cidr='{{ appliance_k8s_pod_net_cidr }}' \
+      command: "kubeadm init --pod-network-cidr='{{ appliance_k8s_pod_net_cidr }}' \
         --apiserver-advertise-address='{{ ansible_default_ipv4.address }}'"
       changed_when: true
       register: init_output
@@ -62,7 +62,7 @@
       changed_when: true
 
     - name: Initialize kubeadm (This process may take 5-10min)
-      command: "/bin/kubeadm init --pod-network-cidr='{{ appliance_k8s_pod_net_cidr }}' \
+      command: "kubeadm init --pod-network-cidr='{{ appliance_k8s_pod_net_cidr }}' \
           --apiserver-advertise-address='{{ ansible_default_ipv4.address }}'"
       changed_when: true
       register: init_output

control_plane/roles/control_plane_k8s/tasks/k8s_installation.yml

@@ -112,8 +112,8 @@
   when: docker_username and docker_password
   register: docker_repo
   until: docker_repo is not failed
-  retries: 20
-  delay: 10
+  retries: "{{ max_retries }}"
+  delay: "{{ min_delay }}"
   tags: install
 
 - name: Install docker-ce-cli
@@ -137,4 +137,4 @@
 
 - name: Wait for 30sec for kubelet to get things ready
   pause:
-    seconds: 30
+    seconds: "{{ wait_time }}"

control_plane/roles/control_plane_k8s/tasks/k8s_installation_leap.yml

@@ -0,0 +1,187 @@
+#  Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+---
+- name: Permanently Disable swap
+  mount:
+    name: "swap"
+    fstype: swap
+    state: absent
+
+- name: Copy k8s.conf file
+  copy:
+    src: k8s.conf
+    dest: "{{ k8s_conf_dest }}"
+    owner: root
+    group: root
+    mode: "{{ conf_file_mode }}"
+
+- name: Copy crio.conf file
+  copy:
+    src: crio.conf
+    dest: "{{ crio_conf_dest }}"
+    owner: root
+    group: root
+    mode: "{{ conf_file_mode }}"
+
+- name: Enable the kernel modules overlay and br_netfilter
+  modprobe:
+    name: "{{ item }}"
+    state: present
+  with_items:
+    - overlay
+    - br_netfilter
+
+- name: Update sysctl to handle incorrectly routed traffic when iptables is bypassed
+  copy:
+    src: k8s-crio.conf
+    dest: "{{ k8s_crio_conf_dest }}"
+    owner: root
+    group: root
+    mode: "{{ conf_file_mode }}"
+
+- name: Update sysctl
+  command: /sbin/sysctl --system
+  changed_when: true
+
+- name: Installing cri-o
+  zypper:
+    name: cri-o
+    state: present
+  changed_when: true
+
+- name: Start and enable crio
+  service:
+    name: crio
+    state: restarted
+    daemon_reload: yes
+    enabled: yes
+  register: crio_repo_result
+  until: crio_repo_result is not failed
+  retries: "{{ min_retries }}"
+
+- name: Add kubernetes repo
+  zypper_repository:
+     name: google-k8s
+     repo: "{{ k8s_repo_leap }}"
+     state: present
+     autorefresh: yes
+
+- name: Import rpm-package key for installing kubernetes
+  rpm_key:
+    key: "{{ rpm_pkg_leap }}"
+    state: present
+
+- name: Import yum key for installing kubernetes
+  rpm_key:
+    key: "{{ yum_key_leap }}"
+    state: present
+
+- name: Import gpg-pubkey key for installing kubernetes
+  command: "{{ gpg_pubkey_leap }}"
+  args:
+    warn: false
+  changed_when: false
+
+- name: Refresh repositories and installing conntrack-tools
+  zypper:
+    name: conntrack-tools
+    state: present
+    update_cache: yes
+
+- name: Expect-package installation
+  pip:
+   name: pexpect
+   state: present
+   executable: pip3
+
+- name: Install Kubeadm
+  ansible.builtin.expect:
+    command: zypper install --oldpackage "{{ kubeadm_version }}"
+    responses:
+        (.*) [1/2/c/d/?](.): '2'
+        (.*)(y): 'y'
+
+- name: Install Kubelet
+  ansible.builtin.expect:
+    command: zypper install --oldpackage "{{ kubelet_version }}"
+    responses:
+        (.*) [1/2/c/d/?](.): '2'
+        (.*)(y): 'y'
+
+- name: Install Kubectl
+  zypper:
+     name: "{{ kubectl_version }}"
+     state: present
+     oldpackage: yes
+     force: yes
+
+- name: Install common packages
+  zypper:
+    name: "{{ common_pkgs_leap }}"
+    state: present
+
+- name: Versionlocking kubeadm
+  command: zypper addlock "{{ kubeadm_version }}"
+  args:
+    warn: false
+  changed_when: false
+
+- name: Versionlocking kubectl
+  command: zypper addlock "{{ kubelet_version }}"
+  args:
+    warn: false
+  changed_when: false
+
+- name: Versionlocking kubelet
+  command: zypper addlock "{{ kubectl_version }}"
+  args:
+    warn: false
+  changed_when: false
+
+- name: Add docker community edition repository for docker-ce-cli
+  get_url:
+    url: "{{ docker_repo_url_leap }}"
+    dest: "{{ docker_repo_dest_leap }}"
+  when: docker_username and docker_password
+  register: docker_repo
+  until: docker_repo is not failed
+  retries: "{{ max_retries }}"
+  delay: "{{ min_delay }}"
+  tags: install
+
+- name: Install docker-compose
+  zypper:
+    name: docker-compose
+    state: present
+  when: docker_username and docker_password
+
+- name: Start and enable crio
+  service:
+    name: crio
+    state: restarted
+    daemon_reload: yes
+    enabled: yes
+  register: crio_repo_result
+  until: crio_repo_result is not failed
+  retries: "{{ min_retries }}"
+
+- name: Start and enable kubernetes - kubelet
+  service:
+    name: kubelet
+    state: restarted
+    enabled: yes
+
+- name: Wait for 30sec for kubelet to get things ready
+  pause:
+    seconds: "{{ wait_time }}"

control_plane/roles/control_plane_k8s/tasks/main.yml

@@ -15,6 +15,13 @@
 
 - name: Install K8s packages
   import_tasks: k8s_installation.yml
+  when:
+    - ( mgmt_os == os_supported_centos ) and ( ansible_distribution_version >= os_supported_centos_version ) or
+      ( mgmt_os == os_supported_rocky ) and ( ansible_distribution_version >= os_supported_rocky_version )
+
+- name: Install K8s packages for leap
+  import_tasks: k8s_installation_leap.yml
+  when: ( os_supported_leap in mgmt_os ) and ( ansible_distribution_version >= os_supported_leap_version )
 
 - name: Configure firewalld
   import_tasks: k8s_firewalld.yml

control_plane/roles/control_plane_k8s/vars/main.yml

@@ -15,6 +15,27 @@
 
 # vars file for kubernetes
 
+# Usage: k8s_installation_leap.yml
+k8s_repo_leap: https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64
+rpm_pkg_leap: https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
+yum_key_leap:  https://packages.cloud.google.com/yum/doc/yum-key.gpg
+gpg_pubkey_leap: "rpm -q gpg-pubkey --qf '%{name}-%{version}-%{release} --> %{summary}'"
+docker_repo_url_leap: https://download.docker.com/linux/sles/docker-ce.repo
+docker_repo_dest_leap: /etc/YaST2/docker-ce.repo
+kubeadm_version: kubeadm-1.21.0-0.x86_64
+kubelet_version: kubelet-1.21.0-0.x86_64
+kubectl_version: kubectl-1.21.0-0.x86_64
+common_pkgs_leap:
+  - openssl
+  - bash-completion
+  - buildah
+os_supported_leap: "leap"
+os_supported_leap_version: "15.3"
+min_retries: 3
+max_retries: 3
+min_delay: 10
+wait_time: 30
+ 
 # Usage: k8s_installation.yml
 common_packages:
   - openssl
@@ -98,4 +119,4 @@ metallb_run_as_user_port: "65534"
 k8s_dashboard_yaml_url: https://raw.githubusercontent.com/kubernetes/dashboard/v2.2.0/aio/deploy/recommended.yaml
 k8s_dashboard_admin_file_dest: /root/k8s/k8s_dashboard_admin.yaml
 k8s_dashboard_admin_file_mode: 0655
-nfs_path: /var/nfs_awx
+nfs_path: /var/nfs_awx