From 9e565f4db778555229bf4beb17a22cb7815436b5 Mon Sep 17 00:00:00 2001
From: Max Gautier <mg@max.gautier.name>
Date: Fri, 17 Nov 2023 16:25:06 +0100
Subject: [PATCH] Hack to check systemd version for service files validation

factory-reset.target was introduced in system 250, same version as the
aliasing feature we need for verifying systemd services with ansible.
So we only actually executes the validation if that target is present.

This is an horrible hack which should be reverted as soon as we drop
support for distributions with systemd<250.
---
 roles/container-engine/containerd/tasks/main.yml  | 2 +-
 roles/container-engine/cri-dockerd/tasks/main.yml | 2 +-
 roles/etcd/tasks/configure.yml                    | 4 ++--
 roles/kubernetes/control-plane/tasks/main.yml     | 2 +-
 roles/kubernetes/node/tasks/kubelet.yml           | 2 +-
 5 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/roles/container-engine/containerd/tasks/main.yml b/roles/container-engine/containerd/tasks/main.yml
index afec44f56fe..02f0a64e5dd 100644
--- a/roles/container-engine/containerd/tasks/main.yml
+++ b/roles/container-engine/containerd/tasks/main.yml
@@ -61,7 +61,7 @@
     src: containerd.service.j2
     dest: /etc/systemd/system/containerd.service
     mode: 0644
-    validate: "systemd-analyze verify %s:containerd.service"
+    validate: "sh -c '[ -f /usr/bin/systemd/system/factory-reset.target ] || exit 0 && systemd-analyze verify %s:containerd.service'"
   notify: Restart containerd
 
 - name: Containerd | Ensure containerd directories exist
diff --git a/roles/container-engine/cri-dockerd/tasks/main.yml b/roles/container-engine/cri-dockerd/tasks/main.yml
index ca8dd3fde98..db011d14dc3 100644
--- a/roles/container-engine/cri-dockerd/tasks/main.yml
+++ b/roles/container-engine/cri-dockerd/tasks/main.yml
@@ -18,7 +18,7 @@
     src: "{{ item }}.j2"
     dest: "/etc/systemd/system/{{ item }}"
     mode: 0644
-    validate: "systemd-analyze verify %s:{{ item }}"
+    validate: "sh -c '[ -f /usr/bin/systemd/system/factory-reset.target ] || exit 0 && systemd-analyze verify %s:{{ item }}'"
   with_items:
     - cri-dockerd.service
     - cri-dockerd.socket
diff --git a/roles/etcd/tasks/configure.yml b/roles/etcd/tasks/configure.yml
index 23dd9b6ec96..4143856ee14 100644
--- a/roles/etcd/tasks/configure.yml
+++ b/roles/etcd/tasks/configure.yml
@@ -51,7 +51,7 @@
     dest: /etc/systemd/system/etcd.service
     backup: yes
     mode: 0644
-    validate: "systemd-analyze verify %s:etcd-{{ etcd_deployment_type }}.service"
+    validate: "sh -c '[ -f /usr/bin/systemd/system/factory-reset.target ] || exit 0 && systemd-analyze verify %s:etcd-{{ etcd_deployment_type }}.service'"
   when: is_etcd_master and etcd_cluster_setup
 
 - name: Configure | Copy etcd-events.service systemd file
@@ -60,7 +60,7 @@
     dest: /etc/systemd/system/etcd-events.service
     backup: yes
     mode: 0644
-    validate: "systemd-analyze verify %s:etcd-events-{{ etcd_deployment_type }}.service"
+    validate: "sh -c '[ -f /usr/bin/systemd/system/factory-reset.target ] || exit 0 && systemd-analyze verify %s:etcd-events-{{ etcd_deployment_type }}.service'"
   when: is_etcd_master and etcd_events_cluster_setup
 
 - name: Configure | reload systemd
diff --git a/roles/kubernetes/control-plane/tasks/main.yml b/roles/kubernetes/control-plane/tasks/main.yml
index 185a481fb27..8d816e95fb1 100644
--- a/roles/kubernetes/control-plane/tasks/main.yml
+++ b/roles/kubernetes/control-plane/tasks/main.yml
@@ -113,7 +113,7 @@
     src: "{{ item }}.j2"
     dest: "/etc/systemd/system/{{ item }}"
     mode: 0644
-    validate: "systemd-analyze verify %s:{{item}}"
+    validate: "sh -c '[ -f /usr/bin/systemd/system/factory-reset.target ] || exit 0 && systemd-analyze verify %s:{{item}}'"
   with_items:
     - k8s-certs-renew.service
     - k8s-certs-renew.timer
diff --git a/roles/kubernetes/node/tasks/kubelet.yml b/roles/kubernetes/node/tasks/kubelet.yml
index aeb1b94becc..2480e6da48c 100644
--- a/roles/kubernetes/node/tasks/kubelet.yml
+++ b/roles/kubernetes/node/tasks/kubelet.yml
@@ -34,7 +34,7 @@
     dest: "/etc/systemd/system/kubelet.service"
     backup: "yes"
     mode: 0600
-    validate: "systemd-analyze verify %s:kubelet.service"
+    validate: "sh -c '[ -f /usr/bin/systemd/system/factory-reset.target ] || exit 0 && systemd-analyze verify %s:kubelet.service'"
   notify: Node | restart kubelet
   tags:
     - kubelet