Test dependencies

ansible/roles/setup/defaults/main.yml

@@ -0,0 +1,27 @@
+# Copyright 2020 The Kubernetes Authors.
+
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+# http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+debs: ""
+extra_debs: ""
+pinned_debs: []
+
+redhat_epel_rpm: "https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm"
+epel_rpm_gpg_key: "https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7"
+rpms: ""
+extra_rpms: ""
+
+disable_public_repos: false
+external_binary_path: "{{ '/opt/bin' if ansible_os_family == 'Flatcar' else '/usr/local/bin' }}"
+extra_repos: ""
+pip_conf_file: ""

ansible/roles/setup/files/etc/systemd/system-environment-generators/10-flatcar-path

@@ -0,0 +1,3 @@
+#!/bin/bash
+. /etc/profile
+echo "PATH=$PATH"

ansible/roles/setup/files/etc/systemd/system/usr-libexec.mount

@@ -0,0 +1,11 @@
+[Unit]
+Description=Kubernetes flex volume plugin directory
+
+[Mount]
+What=overlay
+Where=/usr/libexec
+Type=overlay
+Options=lowerdir=/usr/libexec,workdir=/opt/libexec.work,upperdir=/opt/libexec
+
+[Install]
+WantedBy=multi-user.target

ansible/roles/setup/tasks/bootstrap-flatcar.yml

@@ -0,0 +1,28 @@
+---
+# Flatcar ships without Python installed
+
+- name: Check if bootstrap is needed
+  raw: stat /opt/bin/.bootstrapped
+  register: need_bootstrap
+  environment: {}
+  failed_when: false
+  changed_when: false
+  tags:
+    - facts
+
+- name: Set the ansible_python_interpreter fact
+  set_fact:
+    ansible_python_interpreter: "{{ external_binary_path }}/python"
+  tags:
+    - facts
+
+# Some tasks are not compatible with Flatcar, so to centralize and deduplicate the logic of checking
+# if we run on Flatcar, we define it here.
+#
+# This is required until https://github.com/ansible/ansible/issues/77537 is fixed and used.
+- name: Override Flatcar's OS family
+  set_fact:
+    ansible_os_family: Flatcar
+  when: ansible_os_family == "Flatcar Container Linux by Kinvolk"
+  tags:
+    - facts

ansible/roles/setup/tasks/debian.yml

@@ -0,0 +1,105 @@
+# Copyright 2018 The Kubernetes Authors.
+
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+# http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+- name: Put templated sources.list in place
+  template:
+    src: etc/apt/sources.list.j2
+    dest: /etc/apt/sources.list
+    mode: 0644
+  # OCI Base images have the required apt sources list embedded inside the image, adding the sources list
+  # from this repo leads to build failures(especially in Arm), hence ignoring the step.
+  when: packer_builder_type != "oracle-oci"
+
+- name: Put templated apt.conf.d/90proxy in place when defined
+  template:
+    src: etc/apt/apt.conf.d/90proxy
+    dest: /etc/apt/apt.conf.d/90proxy
+    mode: 0644
+  when: http_proxy is defined or https_proxy is defined
+
+- name: Ensure cloud-final is in a running state
+  service:
+    name: cloud-final
+    state: started
+  check_mode: yes
+  register: cloudfinalstatus
+  until: cloudfinalstatus.status.ActiveState == "active"
+  retries: 5
+  delay: 10
+  when: packer_builder_type == "oracle-oci" and extra_repos != ""
+
+- name: Find existing repo files
+  find:
+    depth: 1
+    paths:
+      - /etc/apt
+      - /etc/apt/sources.list.d
+    patterns: '*.list'
+  register: repo_files
+  when: disable_public_repos|bool
+
+- name: Disable repos
+  command: "mv {{ item.path }} {{ item.path }}.disabled"
+  loop: "{{ repo_files.files }}"
+  when: disable_public_repos|bool
+
+- name: Install extra repos
+  copy:
+    src: "{{ item }}"
+    dest: "/etc/apt/sources.list.d/{{ item | basename }}"
+    mode: 0644
+  loop: "{{ extra_repos.split() }}"
+  when: extra_repos != ""
+
+- name: perform a dist-upgrade
+  apt:
+    force_apt_get: True
+    update_cache: True
+    upgrade: dist
+  register: apt_lock_status
+  until: apt_lock_status is not failed
+  retries: 5
+  delay: 10
+
+- name: install baseline dependencies
+  apt:
+    force_apt_get: True
+    update_cache: True
+    name: "{{ debs }}"
+    state: latest
+  register: apt_lock_status
+  until: apt_lock_status is not failed
+  retries: 5
+  delay: 10
+  
+- name: install extra debs
+  apt:
+    force_apt_get: True
+    name: "{{ extra_debs.split() }}"
+    state: latest
+  register: apt_lock_status
+  until: apt_lock_status is not failed
+  retries: 5
+  delay: 10
+  
+- name: install pinned debs
+  apt:
+    force_apt_get: True
+    name: "{{ pinned_debs }}"
+    state: present
+    force: yes
+  register: apt_lock_status
+  until: apt_lock_status is not failed
+  retries: 5
+  delay: 10

ansible/roles/setup/tasks/flatcar.yml

@@ -0,0 +1,55 @@
+# Copyright 2020 The Kubernetes Authors.
+
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+# http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+- include_tasks: bootstrap-flatcar.yml
+
+- name: Create /opt/libexec overlay directories
+  file:
+    path: "{{ item }}"
+    state: directory
+  with_items:
+    - /opt/libexec
+    - /opt/libexec.work
+
+- name: Create usr-libexec.mount unit
+  copy:
+    src: etc/systemd/system/usr-libexec.mount
+    dest: /etc/systemd/system/usr-libexec.mount
+    owner: root
+    group: root
+    mode: "0644"
+
+- name: Enable usr-libexec.mount unit
+  systemd:
+    daemon_reload: yes
+    enabled: yes
+    name: usr-libexec.mount
+
+- name: Create system-environment-generators directory
+  file:
+    path: /etc/systemd/system-environment-generators
+    state: directory
+
+- name: Add env generator that includes system PATH on service path
+  copy:
+    src: etc/systemd/system-environment-generators/10-flatcar-path
+    dest: /etc/systemd/system-environment-generators/10-flatcar-path
+    owner: root
+    group: root
+    mode: "0755"
+
+- name: Enable systemd-timesyncd unit
+  systemd:
+    enabled: yes
+    name: systemd-timesyncd.service

ansible/roles/setup/tasks/main.yml

@@ -0,0 +1,36 @@
+# Copyright 2020 The Kubernetes Authors.
+
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+# http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+- import_tasks: debian.yml
+  when: ansible_os_family == "Debian"
+
+- import_tasks: flatcar.yml
+  # This task overrides ansible_os_family to "Flatcar" as a workaround for
+  # regression between Flatcar and Ansible, so rest of the code can use just
+  # "Flatcar" for comparison, which is the correct value.
+  when: ansible_os_family in ["Flatcar", "Flatcar Container Linux by Kinvolk"]
+
+- import_tasks: redhat.yml
+  when: ansible_os_family == "RedHat"
+
+- import_tasks: photon.yml
+  when: ansible_os_family == "VMware Photon OS"
+
+# Copy in pip config file when defined
+- name: Install pip config file
+  copy:
+    src: "{{ pip_conf_file }}"
+    dest: /etc/pip.conf
+    mode: 0644
+  when: pip_conf_file != ""

ansible/roles/setup/tasks/photon.yml

@@ -0,0 +1,61 @@
+# Copyright 2019 The Kubernetes Authors.
+
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+# http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+- name: add bash_profile
+  template:
+    dest: /home/builder/.bash_profile
+    src: photon_bash_profile
+    mode: 0600
+    owner: builder
+    group: builder
+
+- import_tasks: rpm_repos.yml
+
+- name: Perform a tdnf distro-sync
+  command: tdnf distro-sync -y --refresh
+  register: distro
+  changed_when: '"Nothing to do" not in distro.stderr'
+
+- name: Concatenate the Photon RPMs
+  set_fact:
+    photon_rpms: "{{ rpms | join(' ') }}"
+
+- name: install baseline dependencies
+  command: tdnf install {{ photon_rpms }} -y
+  when: photon_rpms != ""
+
+- name: install extra RPMs
+  command: tdnf install {{ extra_rpms }} -y
+  when: extra_rpms != ""
+
+# Default size of 1G is insufficient when downloading additional components
+- name: Increase tmpfs size
+  mount:
+    path: /tmp
+    src: "tmpfs"
+    fstype: tmpfs
+    opts: "size=5G"
+    state: remounted
+
+- name: reset iptables rules input
+  replace:
+    path: /etc/systemd/scripts/ip4save
+    regexp: 'INPUT DROP'
+    replace: 'INPUT ACCEPT'
+
+- name: reset ip6tables rules input
+  replace:
+    path: /etc/systemd/scripts/ip6save
+    regexp: 'INPUT DROP'
+    replace: 'INPUT ACCEPT'

ansible/roles/setup/tasks/redhat.yml

@@ -0,0 +1,54 @@
+# Copyright 2018 The Kubernetes Authors.
+
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+# http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+- name: RHEL subscription
+  redhat_subscription:
+    state: present
+    username: "{{ lookup('env', 'RHSM_USER') }}"
+    password: "{{ lookup('env', 'RHSM_PASS') }}"
+    auto_attach: true
+  when: ansible_distribution == "RedHat"
+
+- name: import epel gpg key
+  rpm_key:
+    state: present
+    key: "{{ epel_rpm_gpg_key }}"
+  when: epel_rpm_gpg_key != ""
+
+- name: add epel repo
+  yum:
+    name: "{{ redhat_epel_rpm }}"
+    state: present
+    lock_timeout: 60
+  when: redhat_epel_rpm != ""
+
+- import_tasks: rpm_repos.yml
+
+- name: perform a yum update
+  yum:
+    name: '*'
+    state: latest
+    lock_timeout: 60
+
+- name: install baseline dependencies
+  yum:
+    name: "{{ rpms }}"
+    state: present
+    lock_timeout: 60
+
+- name: install extra rpms
+  yum:
+    name: "{{ extra_rpms.split() }}"
+    state: present
+    lock_timeout: 60

ansible/roles/setup/tasks/rpm_repos.yml

@@ -0,0 +1,34 @@
+# Copyright 2020 The Kubernetes Authors.
+
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+# http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+- name: Find existing repo files
+  find:
+    depth: 1
+    paths: /etc/yum.repos.d
+    patterns: '*.repo'
+  register: repo_files
+  when: disable_public_repos|bool
+
+- name: Disable repos
+  command: "mv {{ item.path }} {{ item.path }}.disabled"
+  loop: "{{ repo_files.files }}"
+  when: disable_public_repos|bool
+
+- name: Install extra repos
+  copy:
+    src: "{{ item }}"
+    dest: "/etc/yum.repos.d/{{ item | basename }}"
+    mode: 0644
+  loop: "{{ extra_repos.split() }}"
+  when: extra_repos != ""

ansible/roles/setup/templates/etc/apt/apt.conf.d/90proxy

@@ -0,0 +1,8 @@
+Acquire {
+{% if http_proxy %}
+    http::Proxy "{{ http_proxy }}";
+{% endif %}
+{% if https_proxy %}
+    https::Proxy "{{ https_proxy }}";
+{% endif %}
+}

ansible/roles/setup/templates/etc/apt/sources.list.j2

@@ -0,0 +1,4 @@
+deb http://us.archive.ubuntu.com/ubuntu {{ ansible_distribution_release }} main restricted universe
+deb http://us.archive.ubuntu.com/ubuntu {{ ansible_distribution_release }}-updates main restricted universe
+deb http://us.archive.ubuntu.com/ubuntu {{ ansible_distribution_release }}-backports main restricted universe
+deb http://security.ubuntu.com/ubuntu {{ ansible_distribution_release }}-security main restricted universe

ansible/roles/setup/templates/photon_bash_profile

@@ -0,0 +1,2 @@
+PATH=$PATH:/usr/sbin:/usr/local/sbin
+export PATH