preinstall: simplify OS packages selection

Since a2019c1 (Add a JSON schema describing the packages install structure, 2024-04-25), we use a custom structure to select which packages should be installed on a particular host OS. This has proven too rigid in practice, and the query is pretty complicated. Replace this by simply using an array of jinja conditions for the packages, which should be easier to understand for everyone and more flexible. Also remove the associated schema and validation which are no longer needed.
lenhardt-its · Nov 5, 2024 · 8ff4ad2 · 8ff4ad2
1 parent d0f1d52
commit 8ff4ad2
Show file tree

Hide file tree

Showing 4 changed files with 60 additions and 193 deletions.
diff --git a/roles/kubernetes/preinstall/files/pkgs-schema.json b/roles/kubernetes/preinstall/files/pkgs-schema.json
diff --git a/roles/kubernetes/preinstall/tasks/0040-verify-settings.yml b/roles/kubernetes/preinstall/tasks/0040-verify-settings.yml
@@ -321,11 +321,6 @@
     - kube_apiserver_enable_admission_plugins is defined
     - kube_apiserver_enable_admission_plugins | length > 0
 
-- name: Verify that the packages list structure is valid
-  ansible.utils.validate:
-    criteria: "{{ lookup('file', 'pkgs-schema.json') }}"
-    data: "{{ pkgs }}"
-
 - name: Verify that the packages list is sorted
   vars:
     pkgs_lists: "{{ pkgs.keys() | list }}"

diff --git a/roles/kubernetes/preinstall/tasks/0070-system-packages.yml b/roles/kubernetes/preinstall/tasks/0070-system-packages.yml
@@ -60,23 +60,8 @@
     - bootstrap-os
 
 - name: Install packages requirements
-  vars:
-    # The json_query for selecting packages name is split for readability
-    # see files/pkgs-schema.json for the structure of `pkgs`
-    # and the matching semantics
-    full_query: "[? value | (enabled == null || enabled) && ( {{ filters_os }} ) && ( {{ filters_groups }} ) ].key"
-    filters_groups: "groups | @ == null || [? contains(`{{ group_names }}`, @)]"
-    filters_os: "os == null || (os | ( {{ filters_family }} ) || ( {{ filters_distro }} ))"
-    dquote: !unsafe '"'
-    # necessary to workaround Ansible escaping
-    filters_distro: "distributions.{{ dquote }}{{ ansible_distribution  }}{{ dquote }} |
-                          @ == `{}` ||
-                          contains(not_null(major_versions, `[]`), '{{ ansible_distribution_major_version }}') ||
-                          contains(not_null(versions, `[]`), '{{ ansible_distribution_version }}') ||
-                          contains(not_null(releases, `[]`), '{{ ansible_distribution_release }}')"
-    filters_family: "families && contains(families, '{{ ansible_os_family }}')"
   package:
-    name: "{{ pkgs | dict2items | to_json|from_json | community.general.json_query(full_query) }}"
+    name: "{{ pkgs | dict2items | selectattr('value', 'ansible.builtin.all') | map(attribute='key') }}"
     state: present
   register: pkgs_task_result
   until: pkgs_task_result is succeeded

diff --git a/roles/kubernetes/preinstall/vars/main.yml b/roles/kubernetes/preinstall/vars/main.yml
@@ -1,103 +1,70 @@
 ---
 pkgs:
-  apparmor: &debian_family_base
-    os:
-      families:
-      - Debian
-  apt-transport-https: *debian_family_base
-  aufs-tools: &deb_10
-    groups:
-    - k8s_cluster
-    os:
-      distributions:
-        Debian:
-          major_versions:
-          - "10"
-  bash-completion: {}
-  conntrack: &deb_redhat
-    groups:
-    - k8s_cluster
-    os:
-      families:
-      - Debian
-      - RedHat
+  apparmor:
+    - "{{ ansible_os_family == 'Debian' }}"
+  apt-transport-https:
+    - "{{ ansible_os_family == 'Debian' }}"
+  aufs-tools:
+    - "{{ ansible_os_family == 'Debian' }}"
+    - "{{ ansible_distribution_major_version == '10' }}"
+    - "{{ 'k8s_cluster' in group_names }}"
+  bash-completion: []
+  conntrack:
+    - "{{ ansible_os_family in ['Debian', 'RedHat'] }}"
+    - "{{ 'k8s_cluster' in group_names }}"
   conntrack-tools:
-    groups:
-    - k8s_cluster
-    os:
-      families:
-      - Suse
-      distributions:
-        Amazon: {}
-  container-selinux: &redhat_family
-    groups:
-    - k8s_cluster
-    os:
-      families:
-      - RedHat
-  curl: {}
+    - "{{ ansible_os_family == 'Suse' or ansible_distribution == 'Amazon' }}"
+    - "{{ 'k8s_cluster' in group_names }}"
+  container-selinux:
+    - "{{ ansible_os_family == 'RedHat' }}"
+    - "{{ 'k8s_cluster' in group_names }}"
+  curl: []
   device-mapper:
-    groups:
-    - k8s_cluster
-    os:
-      families:
-      - Suse
-  device-mapper-libs: *redhat_family
-  e2fsprogs: {}
-  ebtables: {}
-  gnupg: &debian
-    groups:
-    - k8s_cluster
-    os:
-      distributions:
-        Debian:
-          major_versions:
-          - "11"
-          - "12"
+    - "{{ ansible_os_family == 'Suse' }}"
+    - "{{ 'k8s_cluster' in group_names }}"
+  device-mapper-libs:
+    - "{{ ansible_os_family == 'RedHat' }}"
+  e2fsprogs: []
+  ebtables: []
+  gnupg:
+    - "{{ ansible_distribution == 'Debian' }}"
+    - "{{ ansible_distribution_major_version in ['11', '12'] }}"
+    - "{{ 'k8s_cluster' in group_names }}"
   ipset:
-    enabled: "{{ kube_proxy_mode != 'ipvs' }}"
-    groups:
-    - k8s_cluster
-  iptables: *deb_redhat
+    - "{{ kube_proxy_mode != 'ipvs' }}"
+    - "{{ 'k8s_cluster' in group_names }}"
+  iptables:
+    - "{{ ansible_os_family in ['Debian', 'RedHat'] }}"
   ipvsadm:
-    enabled: "{{ kube_proxy_mode == 'ipvs' }}"
-    groups:
-    - k8s_cluster
-  libseccomp: *redhat_family
+    - "{{ kube_proxy_mode == 'ipvs' }}"
+    - "{{ 'k8s_cluster' in group_names }}"
+  libseccomp:
+    - "{{ ansible_os_family == 'RedHat' }}"
   libseccomp2:
-    groups:
-    - k8s_cluster
-    os:
-      families:
-      - Suse
-      - Debian
+    - "{{ ansible_os_family in ['Debian', 'Suse'] }}"
+    - "{{ 'k8s_cluster' in group_names }}"
   libselinux-python:  # TODO: Handle rehat_family + major < 8
-    os:
-      distributions:
-        Amazon: {}
+    - "{{ ansible_distribution == 'Amazon' }}"
   libselinux-python3:
-    os:
-      distributions:
-        Fedora: {}
+    - "{{ ansible_distribution == 'Fedora' }}"
   mergerfs:
-    os:
-      distributions:
-        Debian:
-          major_versions:
-          - "12"
-  nss: *redhat_family
-  openssl: {}
-  python-apt: *deb_10
-  # TODO: not for debian 10
-  python3-apt: *debian_family_base
+    - "{{ ansible_distribution == 'Debian' }}"
+    - "{{ ansible_distribution_major_version == '12' }}"
+  nss:
+    - "{{ ansible_os_family == 'RedHat' }}"
+  openssl: []
+  python-apt:
+    - "{{ ansible_os_family == 'Debian' }}"
+    - "{{ ansible_distribution_major_version == '10' }}"
+  python3-apt:
+    - "{{ ansible_os_family == 'Debian' }}"
+    - "{{ ansible_distribution_major_version != '10' }}"
   python3-libselinux:
-    os:
-      distributions:
-        RedHat: {}
-        CentOS: {}
-  rsync: {}
-  socat: {}
-  software-properties-common: *debian_family_base
-  tar: {}
-  unzip: {}
-  xfsprogs: {}
+    - "{{ ansible_distribution in ['RedHat', 'CentOS'] }}"
+  rsync: []
+  socat: []
+  software-properties-common:
+    - "{{ ansible_os_family == 'Debian' }}"
+  tar: []
+  unzip: []
+  xfsprogs: []