Move package install to bootstrap-os

roles/system_packages/defaults/main.yml

@@ -0,0 +1,4 @@
+---
+# number of times package install task should be retried
+pkg_install_retries: 4
+yum_repo_dir: /etc/yum.repos.d

roles/system_packages/tasks/main.yml

@@ -0,0 +1,78 @@
+---
+- name: Gather OS information
+  setup:
+    gather_subset:
+      - distribution
+      - pkg_mgr
+
+- name: Update package management cache (zypper) - SUSE
+  command: zypper -n --gpg-auto-import-keys ref
+  register: make_cache_output
+  until: make_cache_output is succeeded
+  retries: 4
+  delay: "{{ retry_stagger | random + 3 }}"
+  when:
+    - ansible_pkg_mgr == 'zypper'
+  tags: bootstrap-os
+
+- name: Add debian 10 required repos
+  when:
+    - ansible_distribution == "Debian"
+    - ansible_distribution_version == "10"
+  tags:
+    - bootstrap-os
+  block:
+    - name: Add Debian Backports apt repo
+      apt_repository:
+        repo: "deb http://deb.debian.org/debian {{ ansible_distribution_release }}-backports main"
+        state: present
+        filename: debian-backports
+
+    - name: Set libseccomp2 pin priority to apt_preferences on Debian buster
+      copy:
+        content: |
+          Package: libseccomp2
+          Pin: release a={{ ansible_distribution_release }}-backports
+          Pin-Priority: 1001
+        dest: "/etc/apt/preferences.d/libseccomp2"
+        owner: "root"
+        mode: "0644"
+
+- name: Update package management cache (APT)
+  apt:
+    update_cache: true
+    cache_valid_time: 3600
+  when: ansible_os_family == "Debian"
+  tags:
+    - bootstrap-os
+
+- name: Remove legacy docker repo file
+  file:
+    path: "{{ yum_repo_dir }}/docker.repo"
+    state: absent
+  when:
+    - ansible_os_family == "RedHat"
+    - not is_fedora_coreos
+
+- name: Install epel-release on RHEL derivatives
+  package:
+    name: epel-release
+    state: present
+  when:
+    - ansible_os_family == "RedHat"
+    - not is_fedora_coreos
+    - epel_enabled | bool
+  tags:
+    - bootstrap-os
+
+- name: Install packages requirements
+  package:
+    name: "{{ pkgs | dict2items | selectattr('value', 'ansible.builtin.all') | map(attribute='key') }}"
+    state: present
+  register: pkgs_task_result
+  until: pkgs_task_result is succeeded
+  retries: "{{ pkg_install_retries }}"
+  delay: "{{ retry_stagger | random + 3 }}"
+  when: not (ansible_os_family in ["Flatcar", "Flatcar Container Linux by Kinvolk"] or is_fedora_coreos)
+  tags:
+    - bootstrap-os

roles/system_packages/vars/main.yml

@@ -0,0 +1,75 @@
+---
+pkgs:
+  apparmor:
+    - "{{ ansible_os_family == 'Debian' }}"
+  apt-transport-https:
+    - "{{ ansible_os_family == 'Debian' }}"
+  aufs-tools:
+    - "{{ ansible_os_family == 'Debian' }}"
+    - "{{ ansible_distribution_major_version == '10' }}"
+    - "{{ 'k8s_cluster' in group_names }}"
+  bash-completion: []
+  conntrack:
+    - "{{ ansible_os_family in ['Debian', 'RedHat'] }}"
+    - "{{ ansible_distribution != 'openEuler' }}"
+    - "{{ 'k8s_cluster' in group_names }}"
+  conntrack-tools:
+    - "{{ ansible_os_family == 'Suse' or ansible_distribution in ['Amazon', 'openEuler'] }}"
+    - "{{ 'k8s_cluster' in group_names }}"
+  container-selinux:
+    - "{{ ansible_os_family == 'RedHat' }}"
+    - "{{ 'k8s_cluster' in group_names }}"
+  curl: []
+  device-mapper:
+    - "{{ ansible_os_family == 'Suse' or ansible_distribution == 'openEuler' }}"
+    - "{{ 'k8s_cluster' in group_names }}"
+  device-mapper-libs:
+    - "{{ ansible_os_family == 'RedHat' }}"
+    - "{{ ansible_distribution != 'openEuler' }}"
+  e2fsprogs: []
+  ebtables: []
+  gnupg:
+    - "{{ ansible_distribution == 'Debian' }}"
+    - "{{ ansible_distribution_major_version in ['11', '12'] }}"
+    - "{{ 'k8s_cluster' in group_names }}"
+  ipset:
+    - "{{ kube_proxy_mode != 'ipvs' }}"
+    - "{{ 'k8s_cluster' in group_names }}"
+  iptables:
+    - "{{ ansible_os_family in ['Debian', 'RedHat'] }}"
+  ipvsadm:
+    - "{{ kube_proxy_mode == 'ipvs' }}"
+    - "{{ 'k8s_cluster' in group_names }}"
+  libseccomp:
+    - "{{ ansible_os_family == 'RedHat' }}"
+  libseccomp2:
+    - "{{ ansible_os_family in ['Debian', 'Suse'] }}"
+    - "{{ 'k8s_cluster' in group_names }}"
+  libselinux-python:  # TODO: Handle rehat_family + major < 8
+    - "{{ ansible_distribution == 'Amazon' }}"
+  libselinux-python3:
+    - "{{ ansible_distribution == 'Fedora' }}"
+  mergerfs:
+    - "{{ ansible_distribution == 'Debian' }}"
+    - "{{ ansible_distribution_major_version == '12' }}"
+  nftables:
+    - "{{ kube_proxy_mode == 'nftables' }}"
+    - "{{ 'k8s_cluster' in group_names }}"
+  nss:
+    - "{{ ansible_os_family == 'RedHat' }}"
+  openssl: []
+  python-apt:
+    - "{{ ansible_os_family == 'Debian' }}"
+    - "{{ ansible_distribution_major_version == '10' }}"
+  python3-apt:
+    - "{{ ansible_os_family == 'Debian' }}"
+    - "{{ ansible_distribution_major_version != '10' }}"
+  python3-libselinux:
+    - "{{ ansible_distribution in ['RedHat', 'CentOS'] }}"
+  rsync: []
+  socat: []
+  software-properties-common:
+    - "{{ ansible_os_family == 'Debian' }}"
+  tar: []
+  unzip: []
+  xfsprogs: []