2017-09-27 21:47:47 +08:00
|
|
|
---
|
|
|
|
- name: Stop if ansible version is too low
|
|
|
|
assert:
|
|
|
|
that:
|
2017-10-17 18:14:29 +08:00
|
|
|
- ansible_version.full|version_compare('2.3.0', '>=')
|
2017-09-27 21:47:47 +08:00
|
|
|
run_once: yes
|
|
|
|
|
|
|
|
- name: Stop if non systemd OS type
|
|
|
|
assert:
|
|
|
|
that: ansible_service_mgr == "systemd"
|
|
|
|
ignore_errors: "{{ ignore_assert_errors }}"
|
|
|
|
|
|
|
|
- name: Stop if unknown OS
|
|
|
|
assert:
|
2018-04-26 17:52:06 +08:00
|
|
|
that: ansible_distribution in ['RedHat', 'CentOS', 'Fedora', 'Ubuntu', 'Debian', 'CoreOS', 'Container Linux by CoreOS', 'openSUSE Leap', 'openSUSE Tumbleweed']
|
2017-09-27 21:47:47 +08:00
|
|
|
ignore_errors: "{{ ignore_assert_errors }}"
|
|
|
|
|
|
|
|
- name: Stop if unknown network plugin
|
|
|
|
assert:
|
2018-05-22 17:43:19 +08:00
|
|
|
that: kube_network_plugin in ['calico', 'canal', 'flannel', 'weave', 'cloud', 'cilium', 'contiv']
|
2018-05-19 01:57:09 +08:00
|
|
|
when: kube_network_plugin is defined
|
2017-09-27 21:47:47 +08:00
|
|
|
ignore_errors: "{{ ignore_assert_errors }}"
|
|
|
|
|
|
|
|
- name: Stop if incompatible network plugin and cloudprovider
|
|
|
|
assert:
|
2018-05-19 01:57:09 +08:00
|
|
|
that: kube_network_plugin != 'calico'
|
2017-09-29 15:17:18 +08:00
|
|
|
msg: "Azure and Calico are not compatible. See https://github.com/projectcalico/calicoctl/issues/949 for details."
|
2017-09-27 21:47:47 +08:00
|
|
|
when: cloud_provider is defined and cloud_provider == 'azure'
|
|
|
|
ignore_errors: "{{ ignore_assert_errors }}"
|
|
|
|
|
2017-11-03 15:11:14 +08:00
|
|
|
# simplify this items-list when https://github.com/ansible/ansible/issues/15753 is resolved
|
2017-09-27 21:47:47 +08:00
|
|
|
- name: "Stop if known booleans are set as strings (Use JSON format on CLI: -e \"{'key': true }\")"
|
|
|
|
assert:
|
2017-11-03 15:11:14 +08:00
|
|
|
that: item.value|type_debug == 'bool'
|
|
|
|
msg: "{{item.value}} isn't a bool"
|
2017-09-27 21:47:47 +08:00
|
|
|
run_once: yes
|
|
|
|
with_items:
|
2017-11-03 15:11:14 +08:00
|
|
|
- { name: kubeadm_enabled, value: "{{ kubeadm_enabled }}" }
|
|
|
|
- { name: download_run_once, value: "{{ download_run_once }}" }
|
|
|
|
- { name: deploy_netchecker, value: "{{ deploy_netchecker }}" }
|
|
|
|
- { name: download_always_pull, value: "{{ download_always_pull }}" }
|
|
|
|
- { name: efk_enabled, value: "{{ efk_enabled }}" }
|
|
|
|
- { name: helm_enabled, value: "{{ helm_enabled }}" }
|
|
|
|
- { name: openstack_lbaas_enabled, value: "{{ openstack_lbaas_enabled }}" }
|
2017-09-27 21:47:47 +08:00
|
|
|
ignore_errors: "{{ ignore_assert_errors }}"
|
|
|
|
|
|
|
|
- name: Stop if even number of etcd hosts
|
|
|
|
assert:
|
|
|
|
that: groups.etcd|length is not divisibleby 2
|
|
|
|
ignore_errors: "{{ ignore_assert_errors }}"
|
|
|
|
|
|
|
|
- name: Stop if memory is too small for masters
|
|
|
|
assert:
|
|
|
|
that: ansible_memtotal_mb >= 1500
|
|
|
|
ignore_errors: "{{ ignore_assert_errors }}"
|
|
|
|
when: inventory_hostname in groups['kube-master']
|
|
|
|
|
|
|
|
- name: Stop if memory is too small for nodes
|
|
|
|
assert:
|
|
|
|
that: ansible_memtotal_mb >= 1024
|
|
|
|
ignore_errors: "{{ ignore_assert_errors }}"
|
|
|
|
when: inventory_hostname in groups['kube-node']
|
|
|
|
|
2018-05-15 22:34:03 +08:00
|
|
|
# This assertion will fail on the safe side: One can indeed schedule more pods
|
|
|
|
# on a node than the CIDR-range has space for when additional pods use the host
|
|
|
|
# network namespace. It is impossible to ascertain the number of such pods at
|
|
|
|
# provisioning time, so to establish a guarantee, we factor these out.
|
|
|
|
# NOTICE: the check blatantly ignores the inet6-case
|
|
|
|
- name: Guarantee that enough network address space is available for all pods
|
|
|
|
assert:
|
2018-05-27 23:01:17 +08:00
|
|
|
that: "{{ kubelet_max_pods <= (2 ** (32 - kube_network_node_prefix)) - 2 }}"
|
2018-05-15 22:34:03 +08:00
|
|
|
msg: "Do not schedule more pods on a node than inet addresses are available."
|
|
|
|
ignore_errors: "{{ ignore_assert_errors }}"
|
|
|
|
when:
|
|
|
|
- inventory_hostname in groups['kube-node']
|
|
|
|
- kube_network_node_prefix is defined
|
|
|
|
|
2017-09-27 21:47:47 +08:00
|
|
|
- name: Stop if ip var does not match local ips
|
|
|
|
assert:
|
|
|
|
that: ip in ansible_all_ipv4_addresses
|
|
|
|
ignore_errors: "{{ ignore_assert_errors }}"
|
|
|
|
when: ip is defined
|
|
|
|
|
|
|
|
- name: Stop if access_ip is not pingable
|
|
|
|
command: ping -c1 {{ access_ip }}
|
|
|
|
when: access_ip is defined
|
|
|
|
ignore_errors: "{{ ignore_assert_errors }}"
|
2017-10-28 00:57:12 +08:00
|
|
|
|
|
|
|
- name: Stop if swap enabled
|
|
|
|
assert:
|
|
|
|
that: ansible_swaptotal_mb == 0
|
|
|
|
when: kubelet_fail_swap_on|default(true)
|
|
|
|
ignore_errors: "{{ ignore_assert_errors }}"
|
2017-11-10 05:59:30 +08:00
|
|
|
|
|
|
|
- name: Stop if RBAC is not enabled when dashboard is enabled
|
|
|
|
assert:
|
|
|
|
that: rbac_enabled
|
|
|
|
when: dashboard_enabled
|
2017-11-07 04:01:10 +08:00
|
|
|
ignore_errors: "{{ ignore_assert_errors }}"
|
|
|
|
|
|
|
|
- name: Stop if RBAC and anonymous-auth are not enabled when insecure port is disabled
|
|
|
|
assert:
|
|
|
|
that: rbac_enabled and kube_api_anonymous_auth
|
|
|
|
when: kube_apiserver_insecure_port == 0
|
2018-02-17 11:37:47 +08:00
|
|
|
ignore_errors: "{{ ignore_assert_errors }}"
|
|
|
|
|
|
|
|
- name: Stop if kernel version is too low
|
|
|
|
assert:
|
|
|
|
that: ansible_kernel.split('-')[0]|version_compare('4.8', '>=')
|
|
|
|
when: kube_network_plugin == 'cilium'
|
2018-04-26 17:52:06 +08:00
|
|
|
ignore_errors: "{{ ignore_assert_errors }}"
|