Merge 01d4bb8f8a into edf0c9eebd

.github/dependabot.yml

@@ -9,18 +9,3 @@ updates:
     ignore:
       - dependency-name: "*"
         update-types: ["version-update:semver-major"]
-
-  - package-ecosystem: "github-actions"
-    directory: "/"
-    schedule:
-      interval: "daily"
-    rebase-strategy: "auto"
-
-  - package-ecosystem: "docker"
-    directory: "/"
-    schedule:
-      interval: "daily"
-    rebase-strategy: "auto"
-    ignore:
-      - dependency-name: "*"
-        update-types: ["version-update:semver-major"]

.github/workflows/cache.yml

@@ -5,7 +5,7 @@ on:
 jobs:
   molecule:
     name: cache
-    runs-on: self-hosted
+    runs-on: macos-13
     env:
       PYTHON_VERSION: "3.11"
 
@@ -21,6 +21,32 @@ jobs:
           python-version: ${{ env.PYTHON_VERSION }}
           cache: 'pip' # caching pip dependencies
 
+      # - name: Cache Ansible
+      #   uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # 4.0
+      #   id: cache-ansible
+      #   with:
+      #     path: ~/.ansible/collections
+      #     key: ansible-${{ hashFiles('collections/requirements.yml') }}
+      #     restore-keys: |
+      #       ansible-
+
+      - name: Install dependencies
+        run: |
+          echo "::group::Upgrade pip"
+          python3 -m pip install --upgrade pip
+          echo "::endgroup::"
+
+          echo "::group::Install Python requirements from requirements.txt"
+          python3 -m pip install -r requirements.txt
+          echo "::endgroup::"
+
+      # - name: Install ansible dependencies
+      #   if: steps.cache-ansible.outputs.cache-hit != 'true' # only run if false since this is just a cache step
+      #   run: |
+      #     echo "::group::Install Ansible role requirements from collections/requirements.yml"
+      #     ansible-galaxy install -r collections/requirements.yml
+      #     echo "::endgroup::"
+
       - name: Cache Vagrant boxes
         id: cache-vagrant
         uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # 4.0
@@ -32,11 +58,30 @@ jobs:
           restore-keys: |
             vagrant-boxes
 
+      - name: Configure Homebrew cache
+        uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # 4.0
+        id: cache-homebrew
+        with:
+          path: |
+            ~/Library/Caches/Homebrew
+          key: brew-${{ hashFiles('./Brewfile') }}
+          restore-keys: brew-
+
+      - name: Update Homebrew
+        if: | # only run if false since this is just a cache step
+          steps.cache-homebrew.outputs.cache-hit != 'true' || steps.cache-vagrant.outputs.cache-hit != 'true'
+        run: |
+          brew update --preinstall
+
+      - name: Install Homebrew dependencies
+        if: | # only run if false since this is just a cache step
+          steps.cache-homebrew.outputs.cache-hit != 'true' || steps.cache-cache-vagrant.outputs.cache-hit != 'true'
+        run: |
+          env HOMEBREW_NO_AUTO_UPDATE=1 brew bundle --no-upgrade  --file ./Brewfile
+
       - name: Download Vagrant boxes for all scenarios
         # To save some cache space, all scenarios share the same cache key.
         # On the other hand, this means that the cache contents should be
         # the same across all scenarios. This step ensures that.
         if: steps.cache-vagrant.outputs.cache-hit != 'true' # only run if false since this is just a cache step
-        run: |
-          ./.github/download-boxes.sh
-          vagrant box list
+        run: ./.github/download-boxes.sh

.github/workflows/ci.yml

@@ -8,11 +8,11 @@ on:
     paths-ignore:
       - '**/README.md'
 jobs:
-  pre:
+  cache:
     uses: ./.github/workflows/cache.yml
   lint:
     uses: ./.github/workflows/lint.yml
-    needs: [pre]
+    needs: [cache]
   test:
     uses: ./.github/workflows/test.yml
-    needs: [pre, lint]
+    needs: [cache, lint]

.github/workflows/lint.yml

@@ -5,7 +5,7 @@ on:
 jobs:
   pre-commit-ci:
     name: Pre-Commit
-    runs-on: self-hosted
+    runs-on: macos-13
     env:
       PYTHON_VERSION: "3.11"
 
@@ -42,7 +42,7 @@ jobs:
 
   ensure-pinned-actions:
     name: Ensure SHA Pinned Actions
-    runs-on: self-hosted
+    runs-on: macos-13
     steps:
       - name: Checkout code
         uses: actions/checkout@e2f20e631ae6d7dd3b768f56a5d2af784dd54791 # v3 2.5.0

.github/workflows/test.yml

@@ -5,7 +5,7 @@ on:
 jobs:
   molecule:
     name: Molecule
-    runs-on: self-hosted
+    runs-on: macos-13
     strategy:
       matrix:
         scenario:
@@ -22,6 +22,11 @@ jobs:
         with:
           ref: ${{ github.event.pull_request.head.sha }}
 
+      # - name: Restore Ansible cache
+      #   uses: actions/cache/restore@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # 4.0
+      #   with:
+      #     path: ~/.ansible/collections
+      #     key: ansible-${{ hashFiles('collections/requirements.yml') }}
       - name: Configure VirtualBox
         run: |-
           sudo mkdir -p /etc/vbox
@@ -36,6 +41,21 @@ jobs:
           python-version: ${{ env.PYTHON_VERSION }}
           cache: 'pip' # caching pip dependencies
 
+      - name: Restore Homebrew cache
+        uses: actions/cache/restore@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # 4.0
+        with:
+          path: |
+            ~/Library/Caches/Homebrew
+          key: brew-${{ hashFiles('./Brewfile') }}
+
+      - name: Update Homebrew
+        run: |
+          brew update --preinstall
+
+      - name: Install Homebrew dependencies
+        run: |
+          env HOMEBREW_NO_AUTO_UPDATE=1 brew bundle --no-upgrade  --file ./Brewfile
+
       - name: Restore vagrant Boxes cache
         uses: actions/cache/restore@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # 4.0
         with:
@@ -63,31 +83,6 @@ jobs:
           PY_COLORS: 1
           ANSIBLE_FORCE_COLOR: 1
 
-      # these steps are necessary if not using ephemeral nodes
-      - name: Delete old Vagrant box versions
-        if: always() # do this even if a step before has failed
-        run: vagrant box prune --force
-
-      - name: Remove all local Vagrant boxes
-        if: always() # do this even if a step before has failed
-        run: vagrant box list | cut -f 1 -d ' ' | xargs -L 1 vagrant box remove -f
-
-      - name: Remove all Virtualbox VMs
-        if: always() # do this even if a step before has failed
-        run: VBoxManage list vms | awk -F'"' '{print $2}' | xargs -I {} VBoxManage unregistervm --delete "{}"
-
-      - name: Remove all Virtualbox HDs
-        if: always() # do this even if a step before has failed
-        run: VBoxManage list hdds | awk -F':' '/^UUID:/ {print $2}' | xargs -I {} VBoxManage closemedium disk "{}" --delete
-
-      - name: Remove all Virtualbox Networks
-        if: always() # do this even if a step before has failed
-        run: VBoxManage list hostonlyifs | grep '^Name:' | awk '{print $2}' | grep '^vboxnet' | xargs -I {} VBoxManage hostonlyif remove {}
-
-      - name: Remove Virtualbox network config
-        if: always() # do this even if a step before has failed
-        run: sudo rm /etc/vbox/networks.conf
-
       - name: Upload log files
         if: always() # do this even if a step before has failed
         uses: actions/upload-artifact@83fd05a356d7e2593de66fc9913b3002723633cb # 3.1.1
@@ -95,3 +90,7 @@ jobs:
           name: logs
           path: |
             ${{ runner.temp }}/logs
+
+      - name: Delete old box versions
+        if: always() # do this even if a step before has failed
+        run: vagrant box prune --force

Brewfile

@@ -0,0 +1,5 @@
+tap "homebrew/bundle"
+tap "homebrew/cask-versions"
+
+cask "virtualbox"
+cask "vagrant"

inventory/sample/group_vars/all.yml

@@ -1,5 +1,5 @@
 ---
-k3s_version: v1.29.0+k3s1
+k3s_version: v1.25.16+k3s4
 # this is the user that has ssh access to these machines
 ansible_user: ansibleuser
 systemd_dir: /etc/systemd/system
@@ -66,9 +66,9 @@ metal_lb_ip_range: "192.168.30.80-192.168.30.90"
 # Please read https://gist.github.com/triangletodd/02f595cd4c0dc9aac5f7763ca2264185 before using this.
 # Most notably, your containers must be privileged, and must not have nesting set to true.
 # Please note this script disables most of the security of lxc containers, with the trade off being that lxc
-# containers are significantly more resource efficient compared to full VMs.
+# containers are significantly more resource efficent compared to full VMs.
 # Mixing and matching VMs and lxc containers is not supported, ymmv if you want to do this.
-# I would only really recommend using this if you have particularly low powered proxmox nodes where the overhead of
+# I would only really recommend using this if you have partiularly low powered proxmox nodes where the overhead of
 # VMs would use a significant portion of your available resources.
 proxmox_lxc_configure: false
 # the user that you would use to ssh into the host, for example if you run ssh some-user@my-proxmox-host,

molecule/default/molecule.yml

@@ -7,7 +7,7 @@ platforms:
 
   - name: control1
     box: generic/ubuntu2204
-    memory: 1024
+    memory: 512
     cpus: 2
     groups:
       - k3s_cluster
@@ -22,8 +22,8 @@ platforms:
       ssh.password: "vagrant"
 
   - name: control2
-    box: generic/debian12
-    memory: 1024
+    box: generic/debian11
+    memory: 512
     cpus: 2
     groups:
       - k3s_cluster
@@ -34,7 +34,7 @@ platforms:
 
   - name: control3
     box: generic/rocky9
-    memory: 1024
+    memory: 512
     cpus: 2
     groups:
       - k3s_cluster
@@ -45,7 +45,7 @@ platforms:
 
   - name: node1
     box: generic/ubuntu2204
-    memory: 1024
+    memory: 512
     cpus: 2
     groups:
       - k3s_cluster
@@ -61,7 +61,7 @@ platforms:
 
   - name: node2
     box: generic/rocky9
-    memory: 1024
+    memory: 512
     cpus: 2
     groups:
       - k3s_cluster
@@ -73,7 +73,7 @@ platforms:
 provisioner:
   name: ansible
   env:
-    ANSIBLE_VERBOSITY: 1
+    ANSIBLE_VERBOSITY: 3
   playbooks:
     converge: ../resources/converge.yml
     side_effect: ../resources/reset.yml

molecule/ipv6/molecule.yml

@@ -6,7 +6,7 @@ driver:
 platforms:
   - name: control1
     box: generic/ubuntu2204
-    memory: 1024
+    memory: 512
     cpus: 2
     groups:
       - k3s_cluster
@@ -22,7 +22,7 @@ platforms:
 
   - name: control2
     box: generic/ubuntu2204
-    memory: 1024
+    memory: 512
     cpus: 2
     groups:
       - k3s_cluster
@@ -38,7 +38,7 @@ platforms:
 
   - name: node1
     box: generic/ubuntu2204
-    memory: 1024
+    memory: 512
     cpus: 2
     groups:
       - k3s_cluster
@@ -54,7 +54,7 @@ platforms:
 provisioner:
   name: ansible
   env:
-    ANSIBLE_VERBOSITY: 1
+    ANSIBLE_VERBOSITY: 3
   playbooks:
     converge: ../resources/converge.yml
     side_effect: ../resources/reset.yml

molecule/single_node/molecule.yml

@@ -6,8 +6,8 @@ driver:
 platforms:
   - name: control1
     box: generic/ubuntu2204
-    memory: 4096
-    cpus: 4
+    memory: 512
+    cpus: 2
     config_options:
       # We currently can not use public-key based authentication on Ubuntu 22.04,
       # see: https://github.com/chef/bento/issues/1405
@@ -22,7 +22,7 @@ platforms:
 provisioner:
   name: ansible
   env:
-    ANSIBLE_VERBOSITY: 1
+    ANSIBLE_VERBOSITY: 3
   playbooks:
     converge: ../resources/converge.yml
     side_effect: ../resources/reset.yml

requirements.in

@@ -2,7 +2,7 @@ ansible-core>=2.16.2
 jmespath>=1.0.1
 jsonpatch>=1.33
 kubernetes>=29.0.0
-molecule-plugins[vagrant]
+molecule-vagrant>=2.0.0
 molecule>=6.0.3
 netaddr>=0.10.1
 pre-commit>=3.6.0

requirements.txt

@@ -39,6 +39,8 @@ cryptography==41.0.7
     # via ansible-core
 distlib==0.3.8
     # via virtualenv
+distro==1.9.0
+    # via selinux
 enrich==1.2.7
     # via molecule
 filelock==3.13.1
@@ -53,6 +55,7 @@ jinja2==3.1.3
     # via
     #   ansible-core
     #   molecule
+    #   molecule-vagrant
 jmespath==1.0.1
     # via -r requirements.in
 jsonpatch==1.33
@@ -76,8 +79,8 @@ mdurl==0.1.2
 molecule==6.0.3
     # via
     #   -r requirements.in
-    #   molecule-plugins
-molecule-plugins[vagrant]==23.5.0
+    #   molecule-vagrant
+molecule-vagrant==2.0.0
     # via -r requirements.in
 netaddr==0.10.1
     # via -r requirements.in
@@ -113,7 +116,7 @@ pygments==2.17.2
 python-dateutil==2.8.2
     # via kubernetes
 python-vagrant==1.0.0
-    # via molecule-plugins
+    # via molecule-vagrant
 pyyaml==6.0.1
     # via
     #   -r requirements.in
@@ -121,6 +124,7 @@ pyyaml==6.0.1
     #   ansible-core
     #   kubernetes
     #   molecule
+    #   molecule-vagrant
     #   pre-commit
 referencing==0.32.1
     # via
@@ -148,6 +152,8 @@ ruamel-yaml==0.18.5
     # via pre-commit-hooks
 ruamel-yaml-clib==0.2.8
     # via ruamel-yaml
+selinux==0.3.0
+    # via molecule-vagrant
 six==1.16.0
     # via
     #   kubernetes

roles/k3s_agent/tasks/http_proxy.yml

@@ -1,8 +1,8 @@
 ---
 
-- name: Create k3s-node.service.d directory
+- name: Create k3s.service.d directory
   file:
-    path: '{{ systemd_dir }}/k3s-node.service.d'
+    path: '{{ systemd_dir }}/k3s.service.d'
     state: directory
     owner: root
     group: root
@@ -12,7 +12,7 @@
 - name: Copy K3s http_proxy conf file
   template:
     src: "http_proxy.conf.j2"
-    dest: "{{ systemd_dir }}/k3s-node.service.d/http_proxy.conf"
+    dest: "{{ systemd_dir }}/k3s.service.d/http_proxy.conf"
     owner: root
     group: root
     mode: '0755'

roles/raspberrypi/tasks/main.yml

@@ -17,19 +17,21 @@
   when:
     grep_cpuinfo_raspberrypi.rc == 0 or grep_device_tree_model_raspberrypi.rc == 0
 
-- name: Set detected_distribution to Raspbian (ARM64 on Raspbian, Debian Buster/Bullseye/Bookworm)
+- name: Set detected_distribution to Raspbian
+  set_fact:
+    detected_distribution: Raspbian
+  when: >
+    raspberry_pi|default(false) and
+    ( ansible_facts.lsb.id|default("") == "Raspbian" or
+      ansible_facts.lsb.description|default("") is match("[Rr]aspbian.*") )
+
+- name: Set detected_distribution to Raspbian (ARM64 on Debian Buster)
   set_fact:
     detected_distribution: Raspbian
-  vars:
-    allowed_descriptions:
-      - "[Rr]aspbian.*"
-      - "Debian.*buster"
-      - "Debian.*bullseye"
-      - "Debian.*bookworm"
   when:
     - ansible_facts.architecture is search("aarch64")
     - raspberry_pi|default(false)
-    - ansible_facts.lsb.description|default("") is match(allowed_descriptions | join('|'))
+    - ansible_facts.lsb.description|default("") is match("Debian.*buster")
 
 - name: Set detected_distribution_major_version
   set_fact:
@@ -37,6 +39,14 @@
   when:
     - detected_distribution | default("") == "Raspbian"
 
+- name: Set detected_distribution to Raspbian (ARM64 on Debian Bullseye)
+  set_fact:
+    detected_distribution: Raspbian
+  when:
+    - ansible_facts.architecture is search("aarch64")
+    - raspberry_pi|default(false)
+    - ansible_facts.lsb.description|default("") is match("Debian.*bullseye")
+
 - name: Execute OS related tasks on the Raspberry Pi - {{ action_ }}
   include_tasks: "{{ item }}"
   with_first_found:

roles/reset/tasks/main.yml

@@ -51,9 +51,7 @@
     name: "{{ item }}"
     state: absent
   with_items:
-    - "{{ systemd_dir }}/k3s.service.d/http_proxy.conf"
     - "{{ systemd_dir }}/k3s.service.d"
-    - "{{ systemd_dir }}/k3s-node.service.d/http_proxy.conf"
     - "{{ systemd_dir }}/k3s-node.service.d"
   when: proxy_env is defined