diff --git a/.github/workflows/cache.yml b/.github/workflows/cache.yml new file mode 100644 index 0000000..0be763b --- /dev/null +++ b/.github/workflows/cache.yml @@ -0,0 +1,98 @@ +--- +name: "Cache" +on: + workflow_call: +jobs: + molecule: + name: cache + runs-on: ubuntu-latest + env: + PYTHON_VERSION: "3.11" + + steps: + - name: Check out the codebase + uses: actions/checkout@e2f20e631ae6d7dd3b768f56a5d2af784dd54791 # v3 2.5.0 + with: + ref: ${{ github.event.pull_request.head.sha }} + + - name: Set up Python ${{ env.PYTHON_VERSION }} + uses: actions/setup-python@75f3110429a8c05be0e1bf360334e4cced2b63fa # 2.3.3 + with: + python-version: ${{ env.PYTHON_VERSION }} + cache: 'pip' # caching pip dependencies + + # - name: Cache Ansible + # uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # 4.0 + # id: cache-ansible + # with: + # path: ~/.ansible/collections + # key: ansible-${{ hashFiles('collections/requirements.yml') }} + # restore-keys: | + # ansible- + + - name: Install dependencies + run: | + echo "::group::Upgrade pip" + python3 -m pip install --upgrade pip + echo "::endgroup::" + + echo "::group::Install Python requirements from requirements.txt" + python3 -m pip install -r requirements.txt + echo "::endgroup::" + + # - name: Install ansible dependencies + # if: steps.cache-ansible.outputs.cache-hit != 'true' # only run if false since this is just a cache step + # run: | + # echo "::group::Install Ansible role requirements from collections/requirements.yml" + # ansible-galaxy install -r collections/requirements.yml + # echo "::endgroup::" + + - name: Cache Vagrant boxes + id: cache-vagrant + uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # 4.0 + with: + lookup-only: true #if it exists, we don't need to restore and can skip the next step + path: | + ~/.vagrant.d/boxes + key: vagrant-boxes-${{ hashFiles('**/molecule.yml') }} + restore-keys: | + vagrant-boxes + + - name: install apt packages + run: | + wget -O- https://apt.releases.hashicorp.com/gpg | sudo gpg --dearmor -o /usr/share/keyrings/hashicorp-archive-keyring.gpg + echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/hashicorp.list + sudo apt update && sudo apt -y install vagrant virtualbox + + + # - name: Configure Homebrew cache + # uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # 4.0 + # id: cache-homebrew + # with: + # path: | + # ~/Library/Caches/Homebrew + # key: brew-${{ hashFiles('./Brewfile') }} + # restore-keys: brew- + + # - name: Update Homebrew + # if: | # only run if false since this is just a cache step + # steps.cache-homebrew.outputs.cache-hit != 'true' || steps.cache-vagrant.outputs.cache-hit != 'true' + # run: | + # brew update --preinstall + + # - name: Install Homebrew dependencies + # if: | # only run if false since this is just a cache step + # steps.cache-homebrew.outputs.cache-hit != 'true' || steps.cache-cache-vagrant.outputs.cache-hit != 'true' + # run: | + # env HOMEBREW_NO_AUTO_UPDATE=1 brew bundle --no-upgrade --file ./Brewfile + # vagrant --version + # vboxmanage --version + + - name: Download Vagrant boxes for all scenarios + # To save some cache space, all scenarios share the same cache key. + # On the other hand, this means that the cache contents should be + # the same across all scenarios. This step ensures that. + if: steps.cache-vagrant.outputs.cache-hit != 'true' # only run if false since this is just a cache step + run: | + ./.github/download-boxes.sh + vagrant box list diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 54be8ff..77f9333 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -8,8 +8,11 @@ on: paths-ignore: - '**/README.md' jobs: + pre: + uses: ./.github/workflows/cache.yml lint: uses: ./.github/workflows/lint.yml + needs: [pre] test: uses: ./.github/workflows/test.yml - needs: [lint] + needs: [pre, lint] diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index b43f5bb..e0cac3b 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -21,21 +21,11 @@ jobs: python-version: ${{ env.PYTHON_VERSION }} cache: 'pip' # caching pip dependencies - - name: Cache pip - uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7 # 3.0.11 - with: - path: ~/.cache/pip - key: ${{ runner.os }}-pip-${{ hashFiles('./requirements.txt') }} - restore-keys: | - ${{ runner.os }}-pip- - - - name: Cache Ansible - uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7 # 3.0.11 + - name: Restore Ansible cache + uses: actions/cache/restore@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # 4.0 with: path: ~/.ansible/collections - key: ${{ runner.os }}-ansible-${{ hashFiles('collections/requirements.txt') }} - restore-keys: | - ${{ runner.os }}-ansible- + key: ansible-${{ hashFiles('collections/requirements.yml') }} - name: Install dependencies run: | @@ -47,10 +37,6 @@ jobs: python3 -m pip install -r requirements.txt echo "::endgroup::" - echo "::group::Install Ansible role requirements from collections/requirements.yml" - ansible-galaxy install -r collections/requirements.yml - echo "::endgroup::" - - name: Run pre-commit uses: pre-commit/action@646c83fcd040023954eafda54b4db0192ce70507 # 3.0.0 diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 10b6135..eaeaafa 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -5,7 +5,7 @@ on: jobs: molecule: name: Molecule - runs-on: macos-12 + runs-on: ubuntu-latest strategy: matrix: scenario: @@ -22,6 +22,11 @@ jobs: with: ref: ${{ github.event.pull_request.head.sha }} + # - name: Restore Ansible cache + # uses: actions/cache/restore@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # 4.0 + # with: + # path: ~/.ansible/collections + # key: ansible-${{ hashFiles('collections/requirements.yml') }} - name: Configure VirtualBox run: |- sudo mkdir -p /etc/vbox @@ -30,35 +35,42 @@ jobs: * fdad:bad:ba55::/64 EOF - - name: Cache pip - uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7 # 3.0.11 - with: - path: ~/.cache/pip - key: ${{ runner.os }}-pip-${{ hashFiles('./requirements.txt') }} - restore-keys: | - ${{ runner.os }}-pip- - - - name: Cache Vagrant boxes - uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7 # 3.0.11 - with: - path: | - ~/.vagrant.d/boxes - key: vagrant-boxes-${{ hashFiles('**/molecule.yml') }} - restore-keys: | - vagrant-boxes - - - name: Download Vagrant boxes for all scenarios - # To save some cache space, all scenarios share the same cache key. - # On the other hand, this means that the cache contents should be - # the same across all scenarios. This step ensures that. - run: ./.github/download-boxes.sh - - name: Set up Python ${{ env.PYTHON_VERSION }} uses: actions/setup-python@75f3110429a8c05be0e1bf360334e4cced2b63fa # 2.3.3 with: python-version: ${{ env.PYTHON_VERSION }} cache: 'pip' # caching pip dependencies + # - name: Restore Homebrew cache + # uses: actions/cache/restore@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # 4.0 + # with: + # path: | + # ~/Library/Caches/Homebrew + # key: brew-${{ hashFiles('./Brewfile') }} + + # - name: Update Homebrew + # run: | + # brew update --preinstall + + # - name: Install Homebrew dependencies + # run: | + # env HOMEBREW_NO_AUTO_UPDATE=1 brew bundle --no-upgrade --file ./Brewfile + # vagrant --version + # vboxmanage --version + + - name: install apt packages + run: | + wget -O- https://apt.releases.hashicorp.com/gpg | sudo gpg --dearmor -o /usr/share/keyrings/hashicorp-archive-keyring.gpg + echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/hashicorp.list + sudo apt update && sudo apt -y install vagrant virtualbox + + - name: Restore vagrant Boxes cache + uses: actions/cache/restore@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # 4.0 + with: + path: ~/.vagrant.d/boxes + key: vagrant-boxes-${{ hashFiles('**/molecule.yml') }} + fail-on-cache-miss: true + - name: Install dependencies run: | echo "::group::Upgrade pip" @@ -75,7 +87,7 @@ jobs: env: ANSIBLE_K3S_LOG_DIR: ${{ runner.temp }}/logs/k3s-ansible/${{ matrix.scenario }} ANSIBLE_SSH_RETRIES: 4 - ANSIBLE_TIMEOUT: 60 + ANSIBLE_TIMEOUT: 120 PY_COLORS: 1 ANSIBLE_FORCE_COLOR: 1 diff --git a/Brewfile b/Brewfile new file mode 100644 index 0000000..a391ade --- /dev/null +++ b/Brewfile @@ -0,0 +1,5 @@ +tap "homebrew/bundle" +tap "hashicorp/tap" + +cask "virtualbox" +cask "vagrant" diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index 4a07503..a8b3fec 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -1,14 +1,16 @@ --- dependency: name: galaxy + options: + requirements-file: collections/requirements.yml driver: name: vagrant platforms: - name: control1 box: generic/ubuntu2204 - memory: 2048 - cpus: 2 + memory: 512 + cpus: 1 groups: - k3s_cluster - master @@ -23,8 +25,8 @@ platforms: - name: control2 box: generic/debian11 - memory: 2048 - cpus: 2 + memory: 512 + cpus: 1 groups: - k3s_cluster - master @@ -34,8 +36,8 @@ platforms: - name: control3 box: generic/rocky9 - memory: 2048 - cpus: 2 + memory: 512 + cpus: 1 groups: - k3s_cluster - master @@ -45,8 +47,8 @@ platforms: - name: node1 box: generic/ubuntu2204 - memory: 2048 - cpus: 2 + memory: 512 + cpus: 1 groups: - k3s_cluster - node @@ -61,8 +63,8 @@ platforms: - name: node2 box: generic/rocky9 - memory: 2048 - cpus: 2 + memory: 512 + cpus: 1 groups: - k3s_cluster - node @@ -72,6 +74,8 @@ platforms: provisioner: name: ansible + env: + ANSIBLE_VERBOSITY: 3 playbooks: converge: ../resources/converge.yml side_effect: ../resources/reset.yml @@ -82,7 +86,6 @@ provisioner: scenario: test_sequence: - dependency - - lint - cleanup - destroy - syntax diff --git a/molecule/ipv6/molecule.yml b/molecule/ipv6/molecule.yml index 2ad6423..98252b0 100644 --- a/molecule/ipv6/molecule.yml +++ b/molecule/ipv6/molecule.yml @@ -1,13 +1,15 @@ --- dependency: name: galaxy + options: + requirements-file: collections/requirements.yml driver: name: vagrant platforms: - name: control1 box: generic/ubuntu2204 - memory: 2048 - cpus: 2 + memory: 512 + cpus: 1 groups: - k3s_cluster - master @@ -22,8 +24,8 @@ platforms: - name: control2 box: generic/ubuntu2204 - memory: 2048 - cpus: 2 + memory: 512 + cpus: 1 groups: - k3s_cluster - master @@ -38,8 +40,8 @@ platforms: - name: node1 box: generic/ubuntu2204 - memory: 2048 - cpus: 2 + memory: 512 + cpus: 1 groups: - k3s_cluster - node @@ -53,6 +55,8 @@ platforms: ssh.password: "vagrant" provisioner: name: ansible + env: + ANSIBLE_VERBOSITY: 3 playbooks: converge: ../resources/converge.yml side_effect: ../resources/reset.yml @@ -63,7 +67,6 @@ provisioner: scenario: test_sequence: - dependency - - lint - cleanup - destroy - syntax diff --git a/molecule/single_node/molecule.yml b/molecule/single_node/molecule.yml index 1a7ed84..08ae4eb 100644 --- a/molecule/single_node/molecule.yml +++ b/molecule/single_node/molecule.yml @@ -1,13 +1,15 @@ --- dependency: name: galaxy + options: + requirements-file: collections/requirements.yml driver: name: vagrant platforms: - name: control1 box: generic/ubuntu2204 - memory: 4096 - cpus: 4 + memory: 512 + cpus: 1 config_options: # We currently can not use public-key based authentication on Ubuntu 22.04, # see: https://github.com/chef/bento/issues/1405 @@ -21,6 +23,8 @@ platforms: ip: 192.168.30.50 provisioner: name: ansible + env: + ANSIBLE_VERBOSITY: 3 playbooks: converge: ../resources/converge.yml side_effect: ../resources/reset.yml @@ -31,7 +35,6 @@ provisioner: scenario: test_sequence: - dependency - - lint - cleanup - destroy - syntax diff --git a/requirements.in b/requirements.in index 715153b..e0eac29 100644 --- a/requirements.in +++ b/requirements.in @@ -1,10 +1,10 @@ -ansible-core>=2.13.5 +ansible-core>=2.16.2 jmespath>=1.0.1 -jsonpatch>=1.32 -kubernetes>=25.3.0 -molecule-vagrant>=1.0.0 -molecule>=4.0.3 -netaddr>=0.8.0 -pre-commit>=2.20.0 -pre-commit-hooks>=1.3.1 -pyyaml>=6.0 +jsonpatch>=1.33 +kubernetes>=29.0.0 +molecule-plugins[vagrant] +molecule>=6.0.3 +netaddr>=0.10.1 +pre-commit>=3.6.0 +pre-commit-hooks>=4.5.0 +pyyaml>=6.0.1 diff --git a/requirements.txt b/requirements.txt index 9dcf161..48773d7 100644 --- a/requirements.txt +++ b/requirements.txt @@ -4,174 +4,165 @@ # # pip-compile requirements.in # -ansible-compat==3.0.1 +ansible-compat==4.1.11 # via molecule -ansible-core==2.15.4 +ansible-core==2.16.2 # via # -r requirements.in # ansible-compat -arrow==1.2.3 - # via jinja2-time -attrs==22.1.0 - # via jsonschema -binaryornot==0.4.4 - # via cookiecutter -cachetools==5.2.0 + # molecule +attrs==23.2.0 + # via + # jsonschema + # referencing +bracex==2.4 + # via wcmatch +cachetools==5.3.2 # via google-auth -certifi==2022.9.24 +certifi==2023.11.17 # via # kubernetes # requests -cffi==1.15.1 +cffi==1.16.0 # via cryptography -cfgv==3.3.1 +cfgv==3.4.0 # via pre-commit -chardet==5.0.0 - # via binaryornot -charset-normalizer==2.1.1 +charset-normalizer==3.3.2 # via requests -click==8.1.3 +click==8.1.7 # via # click-help-colors - # cookiecutter # molecule -click-help-colors==0.9.1 +click-help-colors==0.9.4 # via molecule -commonmark==0.9.1 - # via rich -cookiecutter==2.1.1 - # via molecule -cryptography==38.0.3 +cryptography==41.0.7 # via ansible-core -distlib==0.3.6 +distlib==0.3.8 # via virtualenv -distro==1.8.0 - # via selinux enrich==1.2.7 # via molecule -filelock==3.8.0 +filelock==3.13.1 # via virtualenv -google-auth==2.14.0 +google-auth==2.26.2 # via kubernetes -identify==2.5.8 +identify==2.5.33 # via pre-commit -idna==3.4 +idna==3.6 # via requests -jinja2==3.1.2 +jinja2==3.1.3 # via # ansible-core - # cookiecutter - # jinja2-time # molecule - # molecule-vagrant -jinja2-time==0.2.0 - # via cookiecutter jmespath==1.0.1 # via -r requirements.in jsonpatch==1.33 # via -r requirements.in -jsonpointer==2.3 +jsonpointer==2.4 # via jsonpatch -jsonschema==4.17.0 +jsonschema==4.21.1 # via # ansible-compat # molecule -kubernetes==25.3.0 +jsonschema-specifications==2023.12.1 + # via jsonschema +kubernetes==29.0.0 # via -r requirements.in -markupsafe==2.1.1 +markdown-it-py==3.0.0 + # via rich +markupsafe==2.1.4 # via jinja2 -molecule==4.0.4 +mdurl==0.1.2 + # via markdown-it-py +molecule==6.0.3 # via # -r requirements.in - # molecule-vagrant -molecule-vagrant==1.0.0 + # molecule-plugins +molecule-plugins[vagrant]==23.5.0 # via -r requirements.in -netaddr==0.10.0 +netaddr==0.10.1 # via -r requirements.in -nodeenv==1.7.0 +nodeenv==1.8.0 # via pre-commit oauthlib==3.2.2 - # via requests-oauthlib -packaging==21.3 + # via + # kubernetes + # requests-oauthlib +packaging==23.2 # via # ansible-compat # ansible-core # molecule -platformdirs==2.5.2 +platformdirs==4.1.0 # via virtualenv -pluggy==1.0.0 +pluggy==1.3.0 # via molecule -pre-commit==2.21.0 +pre-commit==3.6.0 # via -r requirements.in pre-commit-hooks==4.5.0 # via -r requirements.in -pyasn1==0.4.8 +pyasn1==0.5.1 # via # pyasn1-modules # rsa -pyasn1-modules==0.2.8 +pyasn1-modules==0.3.0 # via google-auth pycparser==2.21 # via cffi -pygments==2.13.0 +pygments==2.17.2 # via rich -pyparsing==3.0.9 - # via packaging -pyrsistent==0.19.2 - # via jsonschema python-dateutil==2.8.2 - # via - # arrow - # kubernetes -python-slugify==6.1.2 - # via cookiecutter + # via kubernetes python-vagrant==1.0.0 - # via molecule-vagrant + # via molecule-plugins pyyaml==6.0.1 # via # -r requirements.in # ansible-compat # ansible-core - # cookiecutter # kubernetes # molecule - # molecule-vagrant # pre-commit -requests==2.28.1 +referencing==0.32.1 + # via + # jsonschema + # jsonschema-specifications +requests==2.31.0 # via - # cookiecutter # kubernetes # requests-oauthlib requests-oauthlib==1.3.1 # via kubernetes -resolvelib==0.8.1 +resolvelib==1.0.1 # via ansible-core -rich==12.6.0 +rich==13.7.0 # via # enrich # molecule +rpds-py==0.17.1 + # via + # jsonschema + # referencing rsa==4.9 # via google-auth -ruamel-yaml==0.17.21 +ruamel-yaml==0.18.5 # via pre-commit-hooks -selinux==0.2.1 - # via molecule-vagrant +ruamel-yaml-clib==0.2.8 + # via ruamel-yaml six==1.16.0 # via - # google-auth # kubernetes # python-dateutil subprocess-tee==0.4.1 # via ansible-compat -text-unidecode==1.3 - # via python-slugify -urllib3==1.26.12 +urllib3==2.1.0 # via # kubernetes # requests -virtualenv==20.16.6 +virtualenv==20.25.0 # via pre-commit -websocket-client==1.4.2 +wcmatch==8.5 + # via molecule +websocket-client==1.7.0 # via kubernetes # The following packages are considered to be unsafe in a requirements file: diff --git a/roles/k3s_server_post/defaults/main.yml b/roles/k3s_server_post/defaults/main.yml index 1c458fa..bbf9629 100644 --- a/roles/k3s_server_post/defaults/main.yml +++ b/roles/k3s_server_post/defaults/main.yml @@ -1,6 +1,6 @@ --- # Timeout to wait for MetalLB services to come up -metal_lb_available_timeout: 120s +metal_lb_available_timeout: 240s # Name of the master group group_name_master: master