Validate systemd unit files

This ensure that we fail early if we have a bad systemd unit file
(syntax error, using a version not available in the local version, etc)

roles/container-engine/containerd/tasks/main.yml

@@ -61,6 +61,7 @@
     src: containerd.service.j2
     dest: /etc/systemd/system/containerd.service
     mode: 0644
+    validate: "systemd-analyze verify %s:containerd.service"
   notify: Restart containerd
 
 - name: Containerd | Ensure containerd directories exist

roles/container-engine/cri-dockerd/tasks/main.yml

@@ -18,6 +18,7 @@
     src: "{{ item }}.j2"
     dest: "/etc/systemd/system/{{ item }}"
     mode: 0644
+    validate: "systemd-analyze verify %s:{{ item }}"
   with_items:
     - cri-dockerd.service
     - cri-dockerd.socket

roles/etcd/tasks/configure.yml

@@ -51,6 +51,7 @@
     dest: /etc/systemd/system/etcd.service
     backup: yes
     mode: 0644
+    validate: "systemd-analyze verify %s:etcd-{{ etcd_deployment_type }}.service"
   when: is_etcd_master and etcd_cluster_setup
 
 - name: Configure | Copy etcd-events.service systemd file
@@ -59,6 +60,7 @@
     dest: /etc/systemd/system/etcd-events.service
     backup: yes
     mode: 0644
+    validate: "systemd-analyze verify %s:etcd-events-{{ etcd_deployment_type }}.service"
   when: is_etcd_master and etcd_events_cluster_setup
 
 - name: Configure | reload systemd

roles/kubernetes/control-plane/tasks/main.yml

@@ -113,6 +113,7 @@
     src: "{{ item }}.j2"
     dest: "/etc/systemd/system/{{ item }}"
     mode: 0644
+    validate: "systemd-analyze verify %s:{{item}}"
   with_items:
     - k8s-certs-renew.service
     - k8s-certs-renew.timer

roles/kubernetes/node/tasks/kubelet.yml

@@ -34,6 +34,7 @@
     dest: "/etc/systemd/system/kubelet.service"
     backup: "yes"
     mode: 0600
+    validate: "systemd-analyze verify %s:kubelet.service"
   notify: Node | restart kubelet
   tags:
     - kubelet