Move package install to bootstrap-os

2025-12-13 21:34:40 +03:00 · 2025-05-02 14:21:05 +02:00
parent 34d64d4d04
commit 1e79c7b3cb
10 changed files with 94 additions and 93 deletions
--- a/roles/bootstrap-os/defaults/main.yml
+++ b/roles/bootstrap-os/defaults/main.yml
@@ -9,6 +9,9 @@ rh_subscription_check_timeout: 180
 # Disable locksmithd or leave it in its current state
 coreos_locksmithd_disable: false

+# Install epel repo on Centos/RHEL
+epel_enabled: false
+
 ## Oracle Linux specific variables
 # Install public repo on Oracle Linux
 use_oracle_public_repo: true
--- a/roles/bootstrap-os/tasks/main.yml
+++ b/roles/bootstrap-os/tasks/main.yml
@@ -31,6 +31,11 @@
    loop_control:
      loop_var: included_tasks_file

+- name: Install system packages
+  import_role:
+    name: system_packages
+  tags:
+  - system-packages

 - name: Create remote_tmp for it is used by another module
  file:
--- a/roles/kubernetes/preinstall/defaults/main.yml
+++ b/roles/kubernetes/preinstall/defaults/main.yml
@@ -6,7 +6,6 @@ leave_etc_backup_files: true
 nameservers: []
 cloud_resolver: []
 disable_host_nameservers: false
-epel_enabled: false
 # Kubespray sets this to true after clusterDNS is running to apply changes to the host resolv.conf
 dns_late: false

@@ -55,11 +54,6 @@ etc_hosts_localhost_entries:
 minimal_node_memory_mb: 1024
 minimal_master_memory_mb: 1500

-yum_repo_dir: /etc/yum.repos.d
-
-# number of times package install task should be retried
-pkg_install_retries: 4
-
 # Check if access_ip responds to ping. Set false if your firewall blocks ICMP.
 ping_access_ip: true

--- a/roles/kubernetes/preinstall/tasks/main.yml
+++ b/roles/kubernetes/preinstall/tasks/main.yml
@@ -62,14 +62,6 @@
    - bootstrap-os
    - resolvconf

- name: Install required system packages
-  import_tasks: 0070-system-packages.yml
-  when:
-    - not dns_late
-  tags:
-    - bootstrap-os
-    - system-packages
-
 - name: Apply system configurations
  import_tasks: 0080-system-configurations.yml
  when:
--- a/roles/kubernetes/preinstall/vars/main.yml
+++ b/roles/kubernetes/preinstall/vars/main.yml
@@ -1,79 +1,4 @@
 ---
-pkgs:
-  apparmor:
-    - "{{ ansible_os_family == 'Debian' }}"
-  apt-transport-https:
-    - "{{ ansible_os_family == 'Debian' }}"
-  aufs-tools:
-    - "{{ ansible_os_family == 'Debian' }}"
-    - "{{ ansible_distribution_major_version == '10' }}"
-    - "{{ 'k8s_cluster' in group_names }}"
-  bash-completion: []
-  conntrack:
-    - "{{ ansible_os_family in ['Debian', 'RedHat'] }}"
-    - "{{ ansible_distribution != 'openEuler' }}"
-    - "{{ 'k8s_cluster' in group_names }}"
-  conntrack-tools:
-    - "{{ ansible_os_family == 'Suse' or ansible_distribution in ['Amazon', 'openEuler'] }}"
-    - "{{ 'k8s_cluster' in group_names }}"
-  container-selinux:
-    - "{{ ansible_os_family == 'RedHat' }}"
-    - "{{ 'k8s_cluster' in group_names }}"
-  curl: []
-  device-mapper:
-    - "{{ ansible_os_family == 'Suse' or ansible_distribution == 'openEuler' }}"
-    - "{{ 'k8s_cluster' in group_names }}"
-  device-mapper-libs:
-    - "{{ ansible_os_family == 'RedHat' }}"
-    - "{{ ansible_distribution != 'openEuler' }}"
-  e2fsprogs: []
-  ebtables: []
-  gnupg:
-    - "{{ ansible_distribution == 'Debian' }}"
-    - "{{ ansible_distribution_major_version in ['11', '12'] }}"
-    - "{{ 'k8s_cluster' in group_names }}"
-  ipset:
-    - "{{ kube_proxy_mode != 'ipvs' }}"
-    - "{{ 'k8s_cluster' in group_names }}"
-  iptables:
-    - "{{ ansible_os_family in ['Debian', 'RedHat'] }}"
-  ipvsadm:
-    - "{{ kube_proxy_mode == 'ipvs' }}"
-    - "{{ 'k8s_cluster' in group_names }}"
-  libseccomp:
-    - "{{ ansible_os_family == 'RedHat' }}"
-  libseccomp2:
-    - "{{ ansible_os_family in ['Debian', 'Suse'] }}"
-    - "{{ 'k8s_cluster' in group_names }}"
-  libselinux-python:  # TODO: Handle rehat_family + major < 8
-    - "{{ ansible_distribution == 'Amazon' }}"
-  libselinux-python3:
-    - "{{ ansible_distribution == 'Fedora' }}"
-  mergerfs:
-    - "{{ ansible_distribution == 'Debian' }}"
-    - "{{ ansible_distribution_major_version == '12' }}"
-  nftables:
-    - "{{ kube_proxy_mode == 'nftables' }}"
-    - "{{ 'k8s_cluster' in group_names }}"
-  nss:
-    - "{{ ansible_os_family == 'RedHat' }}"
-  openssl: []
-  python-apt:
-    - "{{ ansible_os_family == 'Debian' }}"
-    - "{{ ansible_distribution_major_version == '10' }}"
-  python3-apt:
-    - "{{ ansible_os_family == 'Debian' }}"
-    - "{{ ansible_distribution_major_version != '10' }}"
-  python3-libselinux:
-    - "{{ ansible_distribution in ['RedHat', 'CentOS'] }}"
-  rsync: []
-  socat: []
-  software-properties-common:
-    - "{{ ansible_os_family == 'Debian' }}"
-  tar: []
-  unzip: []
-  xfsprogs: []
-
 coredns_server_by_mode:
  coredns: "{{ [skydns_server] }}"
  coredns_dual: "{{ [skydns_server, skydns_server_secondary] }}"
--- a/roles/kubespray-defaults/defaults/main/main.yml
+++ b/roles/kubespray-defaults/defaults/main/main.yml
@@ -101,9 +101,6 @@ local_release_dir: "/tmp/releases"
 # Random shifts for retrying failed ops like pushing/downloading
 retry_stagger: 5

-# Install epel repo on Centos/RHEL
-epel_enabled: false
-
 # DNS configuration.
 # Kubernetes cluster name, also will be used as DNS domain
 cluster_name: cluster.local
--- a/roles/system_packages/defaults/main.yml
+++ b/roles/system_packages/defaults/main.yml
@@ -0,0 +1,4 @@
+---
+# number of times package install task should be retried
+pkg_install_retries: 4
+yum_repo_dir: /etc/yum.repos.d
--- a/roles/kubernetes/preinstall/tasks/0070-system-packages.yml
+++ b/roles/kubernetes/preinstall/tasks/0070-system-packages.yml
@@ -1,4 +1,10 @@
 ---
+- name: Gather OS information
+  setup:
+    gather_subset:
+      - distribution
+      - pkg_mgr
+
 - name: Update package management cache (zypper) - SUSE
  command: zypper -n --gpg-auto-import-keys ref
  register: make_cache_output
--- a/roles/system_packages/vars/main.yml
+++ b/roles/system_packages/vars/main.yml
@@ -0,0 +1,75 @@
+---
+pkgs:
+  apparmor:
+    - "{{ ansible_os_family == 'Debian' }}"
+  apt-transport-https:
+    - "{{ ansible_os_family == 'Debian' }}"
+  aufs-tools:
+    - "{{ ansible_os_family == 'Debian' }}"
+    - "{{ ansible_distribution_major_version == '10' }}"
+    - "{{ 'k8s_cluster' in group_names }}"
+  bash-completion: []
+  conntrack:
+    - "{{ ansible_os_family in ['Debian', 'RedHat'] }}"
+    - "{{ ansible_distribution != 'openEuler' }}"
+    - "{{ 'k8s_cluster' in group_names }}"
+  conntrack-tools:
+    - "{{ ansible_os_family == 'Suse' or ansible_distribution in ['Amazon', 'openEuler'] }}"
+    - "{{ 'k8s_cluster' in group_names }}"
+  container-selinux:
+    - "{{ ansible_os_family == 'RedHat' }}"
+    - "{{ 'k8s_cluster' in group_names }}"
+  curl: []
+  device-mapper:
+    - "{{ ansible_os_family == 'Suse' or ansible_distribution == 'openEuler' }}"
+    - "{{ 'k8s_cluster' in group_names }}"
+  device-mapper-libs:
+    - "{{ ansible_os_family == 'RedHat' }}"
+    - "{{ ansible_distribution != 'openEuler' }}"
+  e2fsprogs: []
+  ebtables: []
+  gnupg:
+    - "{{ ansible_distribution == 'Debian' }}"
+    - "{{ ansible_distribution_major_version in ['11', '12'] }}"
+    - "{{ 'k8s_cluster' in group_names }}"
+  ipset:
+    - "{{ kube_proxy_mode != 'ipvs' }}"
+    - "{{ 'k8s_cluster' in group_names }}"
+  iptables:
+    - "{{ ansible_os_family in ['Debian', 'RedHat'] }}"
+  ipvsadm:
+    - "{{ kube_proxy_mode == 'ipvs' }}"
+    - "{{ 'k8s_cluster' in group_names }}"
+  libseccomp:
+    - "{{ ansible_os_family == 'RedHat' }}"
+  libseccomp2:
+    - "{{ ansible_os_family in ['Debian', 'Suse'] }}"
+    - "{{ 'k8s_cluster' in group_names }}"
+  libselinux-python:  # TODO: Handle rehat_family + major < 8
+    - "{{ ansible_distribution == 'Amazon' }}"
+  libselinux-python3:
+    - "{{ ansible_distribution == 'Fedora' }}"
+  mergerfs:
+    - "{{ ansible_distribution == 'Debian' }}"
+    - "{{ ansible_distribution_major_version == '12' }}"
+  nftables:
+    - "{{ kube_proxy_mode == 'nftables' }}"
+    - "{{ 'k8s_cluster' in group_names }}"
+  nss:
+    - "{{ ansible_os_family == 'RedHat' }}"
+  openssl: []
+  python-apt:
+    - "{{ ansible_os_family == 'Debian' }}"
+    - "{{ ansible_distribution_major_version == '10' }}"
+  python3-apt:
+    - "{{ ansible_os_family == 'Debian' }}"
+    - "{{ ansible_distribution_major_version != '10' }}"
+  python3-libselinux:
+    - "{{ ansible_distribution in ['RedHat', 'CentOS'] }}"
+  rsync: []
+  socat: []
+  software-properties-common:
+    - "{{ ansible_os_family == 'Debian' }}"
+  tar: []
+  unzip: []
+  xfsprogs: []
--- a/scripts/assert-sorted-checksums.yml
+++ b/scripts/assert-sorted-checksums.yml
@@ -37,7 +37,7 @@
      (item.1.value | dict2items)[0].value is number
    # only do list, the others are checksums with a different structure
  - name: Include the packages list variable
-    include_vars: ../roles/kubernetes/preinstall/vars/main.yml
+    include_vars: ../roles/system_packages/vars/main.yml

  - name: Verify that the packages list is sorted
    vars: