Merge pull request #11688 from VannTen/cleanup/preinstall_package_sel…

…ection Simplify package selection + fix openEuler package
kubernetes-sigs · Nov 5, 2024 · a469c1c · a469c1c
2 parents 107c3cc + e1392c6
commit a469c1c
Show file tree

Hide file tree

Showing 4 changed files with 62 additions and 193 deletions.
diff --git a/roles/kubernetes/preinstall/files/pkgs-schema.json b/roles/kubernetes/preinstall/files/pkgs-schema.json
diff --git a/roles/kubernetes/preinstall/tasks/0040-verify-settings.yml b/roles/kubernetes/preinstall/tasks/0040-verify-settings.yml
@@ -338,11 +338,6 @@
     - kube_apiserver_enable_admission_plugins is defined
     - kube_apiserver_enable_admission_plugins | length > 0
 
-- name: Verify that the packages list structure is valid
-  ansible.utils.validate:
-    criteria: "{{ lookup('file', 'pkgs-schema.json') }}"
-    data: "{{ pkgs }}"
-
 - name: Verify that the packages list is sorted
   vars:
     pkgs_lists: "{{ pkgs.keys() | list }}"

diff --git a/roles/kubernetes/preinstall/tasks/0070-system-packages.yml b/roles/kubernetes/preinstall/tasks/0070-system-packages.yml
@@ -60,23 +60,8 @@
     - bootstrap-os
 
 - name: Install packages requirements
-  vars:
-    # The json_query for selecting packages name is split for readability
-    # see files/pkgs-schema.json for the structure of `pkgs`
-    # and the matching semantics
-    full_query: "[? value | (enabled == null || enabled) && ( {{ filters_os }} ) && ( {{ filters_groups }} ) ].key"
-    filters_groups: "groups | @ == null || [? contains(`{{ group_names }}`, @)]"
-    filters_os: "os == null || (os | ( {{ filters_family }} ) || ( {{ filters_distro }} ))"
-    dquote: !unsafe '"'
-    # necessary to workaround Ansible escaping
-    filters_distro: "distributions.{{ dquote }}{{ ansible_distribution  }}{{ dquote }} |
-                          @ == `{}` ||
-                          contains(not_null(major_versions, `[]`), '{{ ansible_distribution_major_version }}') ||
-                          contains(not_null(versions, `[]`), '{{ ansible_distribution_version }}') ||
-                          contains(not_null(releases, `[]`), '{{ ansible_distribution_release }}')"
-    filters_family: "families && contains(families, '{{ ansible_os_family }}')"
   package:
-    name: "{{ pkgs | dict2items | to_json|from_json | community.general.json_query(full_query) }}"
+    name: "{{ pkgs | dict2items | selectattr('value', 'ansible.builtin.all') | map(attribute='key') }}"
     state: present
   register: pkgs_task_result
   until: pkgs_task_result is succeeded

diff --git a/roles/kubernetes/preinstall/vars/main.yml b/roles/kubernetes/preinstall/vars/main.yml
@@ -1,103 +1,72 @@
 ---
 pkgs:
-  apparmor: &debian_family_base
-    os:
-      families:
-      - Debian
-  apt-transport-https: *debian_family_base
-  aufs-tools: &deb_10
-    groups:
-    - k8s_cluster
-    os:
-      distributions:
-        Debian:
-          major_versions:
-          - "10"
-  bash-completion: {}
-  conntrack: &deb_redhat
-    groups:
-    - k8s_cluster
-    os:
-      families:
-      - Debian
-      - RedHat
+  apparmor:
+    - "{{ ansible_os_family == 'Debian' }}"
+  apt-transport-https:
+    - "{{ ansible_os_family == 'Debian' }}"
+  aufs-tools:
+    - "{{ ansible_os_family == 'Debian' }}"
+    - "{{ ansible_distribution_major_version == '10' }}"
+    - "{{ 'k8s_cluster' in group_names }}"
+  bash-completion: []
+  conntrack:
+    - "{{ ansible_os_family in ['Debian', 'RedHat'] }}"
+    - "{{ ansible_distribution != 'openEuler' }}"
+    - "{{ 'k8s_cluster' in group_names }}"
   conntrack-tools:
-    groups:
-    - k8s_cluster
-    os:
-      families:
-      - Suse
-      distributions:
-        Amazon: {}
-  container-selinux: &redhat_family
-    groups:
-    - k8s_cluster
-    os:
-      families:
-      - RedHat
-  curl: {}
+    - "{{ ansible_os_family == 'Suse' or ansible_distribution in ['Amazon', 'openEuler'] }}"
+    - "{{ 'k8s_cluster' in group_names }}"
+  container-selinux:
+    - "{{ ansible_os_family == 'RedHat' }}"
+    - "{{ 'k8s_cluster' in group_names }}"
+  curl: []
   device-mapper:
-    groups:
-    - k8s_cluster
-    os:
-      families:
-      - Suse
-  device-mapper-libs: *redhat_family
-  e2fsprogs: {}
-  ebtables: {}
-  gnupg: &debian
-    groups:
-    - k8s_cluster
-    os:
-      distributions:
-        Debian:
-          major_versions:
-          - "11"
-          - "12"
+    - "{{ ansible_os_family == 'Suse' or ansible_distribution == 'openEuler' }}"
+    - "{{ 'k8s_cluster' in group_names }}"
+  device-mapper-libs:
+    - "{{ ansible_os_family == 'RedHat' }}"
+    - "{{ ansible_distribution != 'openEuler' }}"
+  e2fsprogs: []
+  ebtables: []
+  gnupg:
+    - "{{ ansible_distribution == 'Debian' }}"
+    - "{{ ansible_distribution_major_version in ['11', '12'] }}"
+    - "{{ 'k8s_cluster' in group_names }}"
   ipset:
-    enabled: "{{ kube_proxy_mode != 'ipvs' }}"
-    groups:
-    - k8s_cluster
-  iptables: *deb_redhat
+    - "{{ kube_proxy_mode != 'ipvs' }}"
+    - "{{ 'k8s_cluster' in group_names }}"
+  iptables:
+    - "{{ ansible_os_family in ['Debian', 'RedHat'] }}"
   ipvsadm:
-    enabled: "{{ kube_proxy_mode == 'ipvs' }}"
-    groups:
-    - k8s_cluster
-  libseccomp: *redhat_family
+    - "{{ kube_proxy_mode == 'ipvs' }}"
+    - "{{ 'k8s_cluster' in group_names }}"
+  libseccomp:
+    - "{{ ansible_os_family == 'RedHat' }}"
   libseccomp2:
-    groups:
-    - k8s_cluster
-    os:
-      families:
-      - Suse
-      - Debian
+    - "{{ ansible_os_family in ['Debian', 'Suse'] }}"
+    - "{{ 'k8s_cluster' in group_names }}"
   libselinux-python:  # TODO: Handle rehat_family + major < 8
-    os:
-      distributions:
-        Amazon: {}
+    - "{{ ansible_distribution == 'Amazon' }}"
   libselinux-python3:
-    os:
-      distributions:
-        Fedora: {}
+    - "{{ ansible_distribution == 'Fedora' }}"
   mergerfs:
-    os:
-      distributions:
-        Debian:
-          major_versions:
-          - "12"
-  nss: *redhat_family
-  openssl: {}
-  python-apt: *deb_10
-  # TODO: not for debian 10
-  python3-apt: *debian_family_base
+    - "{{ ansible_distribution == 'Debian' }}"
+    - "{{ ansible_distribution_major_version == '12' }}"
+  nss:
+    - "{{ ansible_os_family == 'RedHat' }}"
+  openssl: []
+  python-apt:
+    - "{{ ansible_os_family == 'Debian' }}"
+    - "{{ ansible_distribution_major_version == '10' }}"
+  python3-apt:
+    - "{{ ansible_os_family == 'Debian' }}"
+    - "{{ ansible_distribution_major_version != '10' }}"
   python3-libselinux:
-    os:
-      distributions:
-        RedHat: {}
-        CentOS: {}
-  rsync: {}
-  socat: {}
-  software-properties-common: *debian_family_base
-  tar: {}
-  unzip: {}
-  xfsprogs: {}
+    - "{{ ansible_distribution in ['RedHat', 'CentOS'] }}"
+  rsync: []
+  socat: []
+  software-properties-common:
+    - "{{ ansible_os_family == 'Debian' }}"
+  tar: []
+  unzip: []
+  xfsprogs: []