diff --git a/.github/workflows/cache.yml b/.github/workflows/cache.yml new file mode 100644 index 000000000..6322657fb --- /dev/null +++ b/.github/workflows/cache.yml @@ -0,0 +1,42 @@ +--- +name: "Cache" +on: + workflow_call: +jobs: + molecule: + name: cache + runs-on: self-hosted + env: + PYTHON_VERSION: "3.11" + + steps: + - name: Check out the codebase + uses: actions/checkout@e2f20e631ae6d7dd3b768f56a5d2af784dd54791 # v3 2.5.0 + with: + ref: ${{ github.event.pull_request.head.sha }} + + - name: Set up Python ${{ env.PYTHON_VERSION }} + uses: actions/setup-python@75f3110429a8c05be0e1bf360334e4cced2b63fa # 2.3.3 + with: + python-version: ${{ env.PYTHON_VERSION }} + cache: 'pip' # caching pip dependencies + + - name: Cache Vagrant boxes + id: cache-vagrant + uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # 4.0 + with: + lookup-only: true #if it exists, we don't need to restore and can skip the next step + path: | + ~/.vagrant.d/boxes + key: vagrant-boxes-${{ hashFiles('**/molecule.yml') }} + restore-keys: | + vagrant-boxes + + - name: Download Vagrant boxes for all scenarios + # To save some cache space, all scenarios share the same cache key. + # On the other hand, this means that the cache contents should be + # the same across all scenarios. This step ensures that. + if: steps.cache-vagrant.outputs.cache-hit != 'true' # only run if false since this is just a cache step + run: | + ./.github/download-boxes.sh + vagrant box list diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 54be8ff06..77f933352 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -8,8 +8,11 @@ on: paths-ignore: - '**/README.md' jobs: + pre: + uses: ./.github/workflows/cache.yml lint: uses: ./.github/workflows/lint.yml + needs: [pre] test: uses: ./.github/workflows/test.yml - needs: [lint] + needs: [pre, lint] diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index b43f5bbec..6787f7882 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -5,7 +5,7 @@ on: jobs: pre-commit-ci: name: Pre-Commit - runs-on: ubuntu-latest + runs-on: self-hosted env: PYTHON_VERSION: "3.11" @@ -21,21 +21,11 @@ jobs: python-version: ${{ env.PYTHON_VERSION }} cache: 'pip' # caching pip dependencies - - name: Cache pip - uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7 # 3.0.11 - with: - path: ~/.cache/pip - key: ${{ runner.os }}-pip-${{ hashFiles('./requirements.txt') }} - restore-keys: | - ${{ runner.os }}-pip- - - - name: Cache Ansible - uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7 # 3.0.11 + - name: Restore Ansible cache + uses: actions/cache/restore@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # 4.0 with: path: ~/.ansible/collections - key: ${{ runner.os }}-ansible-${{ hashFiles('collections/requirements.txt') }} - restore-keys: | - ${{ runner.os }}-ansible- + key: ansible-${{ hashFiles('collections/requirements.yml') }} - name: Install dependencies run: | @@ -47,16 +37,12 @@ jobs: python3 -m pip install -r requirements.txt echo "::endgroup::" - echo "::group::Install Ansible role requirements from collections/requirements.yml" - ansible-galaxy install -r collections/requirements.yml - echo "::endgroup::" - - name: Run pre-commit uses: pre-commit/action@646c83fcd040023954eafda54b4db0192ce70507 # 3.0.0 ensure-pinned-actions: name: Ensure SHA Pinned Actions - runs-on: ubuntu-latest + runs-on: self-hosted steps: - name: Checkout code uses: actions/checkout@e2f20e631ae6d7dd3b768f56a5d2af784dd54791 # v3 2.5.0 diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 10b6135ab..f55bf48d6 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -5,7 +5,7 @@ on: jobs: molecule: name: Molecule - runs-on: macos-12 + runs-on: self-hosted strategy: matrix: scenario: @@ -30,35 +30,19 @@ jobs: * fdad:bad:ba55::/64 EOF - - name: Cache pip - uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7 # 3.0.11 - with: - path: ~/.cache/pip - key: ${{ runner.os }}-pip-${{ hashFiles('./requirements.txt') }} - restore-keys: | - ${{ runner.os }}-pip- - - - name: Cache Vagrant boxes - uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7 # 3.0.11 - with: - path: | - ~/.vagrant.d/boxes - key: vagrant-boxes-${{ hashFiles('**/molecule.yml') }} - restore-keys: | - vagrant-boxes - - - name: Download Vagrant boxes for all scenarios - # To save some cache space, all scenarios share the same cache key. - # On the other hand, this means that the cache contents should be - # the same across all scenarios. This step ensures that. - run: ./.github/download-boxes.sh - - name: Set up Python ${{ env.PYTHON_VERSION }} uses: actions/setup-python@75f3110429a8c05be0e1bf360334e4cced2b63fa # 2.3.3 with: python-version: ${{ env.PYTHON_VERSION }} cache: 'pip' # caching pip dependencies + - name: Restore vagrant Boxes cache + uses: actions/cache/restore@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # 4.0 + with: + path: ~/.vagrant.d/boxes + key: vagrant-boxes-${{ hashFiles('**/molecule.yml') }} + fail-on-cache-miss: true + - name: Install dependencies run: | echo "::group::Upgrade pip" @@ -75,7 +59,7 @@ jobs: env: ANSIBLE_K3S_LOG_DIR: ${{ runner.temp }}/logs/k3s-ansible/${{ matrix.scenario }} ANSIBLE_SSH_RETRIES: 4 - ANSIBLE_TIMEOUT: 60 + ANSIBLE_TIMEOUT: 120 PY_COLORS: 1 ANSIBLE_FORCE_COLOR: 1 diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index 4a07503aa..98d0d2eb2 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -7,7 +7,7 @@ platforms: - name: control1 box: generic/ubuntu2204 - memory: 2048 + memory: 4096 cpus: 2 groups: - k3s_cluster @@ -23,7 +23,7 @@ platforms: - name: control2 box: generic/debian11 - memory: 2048 + memory: 4096 cpus: 2 groups: - k3s_cluster @@ -34,7 +34,7 @@ platforms: - name: control3 box: generic/rocky9 - memory: 2048 + memory: 4096 cpus: 2 groups: - k3s_cluster @@ -45,7 +45,7 @@ platforms: - name: node1 box: generic/ubuntu2204 - memory: 2048 + memory: 4096 cpus: 2 groups: - k3s_cluster @@ -61,7 +61,7 @@ platforms: - name: node2 box: generic/rocky9 - memory: 2048 + memory: 4096 cpus: 2 groups: - k3s_cluster @@ -72,6 +72,8 @@ platforms: provisioner: name: ansible + env: + ANSIBLE_VERBOSITY: 1 playbooks: converge: ../resources/converge.yml side_effect: ../resources/reset.yml @@ -82,7 +84,6 @@ provisioner: scenario: test_sequence: - dependency - - lint - cleanup - destroy - syntax diff --git a/molecule/ipv6/molecule.yml b/molecule/ipv6/molecule.yml index 2ad64234b..3d45b2523 100644 --- a/molecule/ipv6/molecule.yml +++ b/molecule/ipv6/molecule.yml @@ -6,7 +6,7 @@ driver: platforms: - name: control1 box: generic/ubuntu2204 - memory: 2048 + memory: 4096 cpus: 2 groups: - k3s_cluster @@ -22,7 +22,7 @@ platforms: - name: control2 box: generic/ubuntu2204 - memory: 2048 + memory: 4096 cpus: 2 groups: - k3s_cluster @@ -38,7 +38,7 @@ platforms: - name: node1 box: generic/ubuntu2204 - memory: 2048 + memory: 4096 cpus: 2 groups: - k3s_cluster @@ -53,6 +53,8 @@ platforms: ssh.password: "vagrant" provisioner: name: ansible + env: + ANSIBLE_VERBOSITY: 1 playbooks: converge: ../resources/converge.yml side_effect: ../resources/reset.yml @@ -63,7 +65,6 @@ provisioner: scenario: test_sequence: - dependency - - lint - cleanup - destroy - syntax diff --git a/molecule/single_node/molecule.yml b/molecule/single_node/molecule.yml index 1a7ed84de..0a77896a4 100644 --- a/molecule/single_node/molecule.yml +++ b/molecule/single_node/molecule.yml @@ -6,8 +6,8 @@ driver: platforms: - name: control1 box: generic/ubuntu2204 - memory: 4096 - cpus: 4 + memory: 8192 + cpus: 8 config_options: # We currently can not use public-key based authentication on Ubuntu 22.04, # see: https://github.com/chef/bento/issues/1405 @@ -21,6 +21,8 @@ platforms: ip: 192.168.30.50 provisioner: name: ansible + env: + ANSIBLE_VERBOSITY: 1 playbooks: converge: ../resources/converge.yml side_effect: ../resources/reset.yml @@ -31,7 +33,6 @@ provisioner: scenario: test_sequence: - dependency - - lint - cleanup - destroy - syntax diff --git a/requirements.in b/requirements.in index 715153b23..e0eac2976 100644 --- a/requirements.in +++ b/requirements.in @@ -1,10 +1,10 @@ -ansible-core>=2.13.5 +ansible-core>=2.16.2 jmespath>=1.0.1 -jsonpatch>=1.32 -kubernetes>=25.3.0 -molecule-vagrant>=1.0.0 -molecule>=4.0.3 -netaddr>=0.8.0 -pre-commit>=2.20.0 -pre-commit-hooks>=1.3.1 -pyyaml>=6.0 +jsonpatch>=1.33 +kubernetes>=29.0.0 +molecule-plugins[vagrant] +molecule>=6.0.3 +netaddr>=0.10.1 +pre-commit>=3.6.0 +pre-commit-hooks>=4.5.0 +pyyaml>=6.0.1 diff --git a/requirements.txt b/requirements.txt index 9dcf1612c..48773d79c 100644 --- a/requirements.txt +++ b/requirements.txt @@ -4,174 +4,165 @@ # # pip-compile requirements.in # -ansible-compat==3.0.1 +ansible-compat==4.1.11 # via molecule -ansible-core==2.15.4 +ansible-core==2.16.2 # via # -r requirements.in # ansible-compat -arrow==1.2.3 - # via jinja2-time -attrs==22.1.0 - # via jsonschema -binaryornot==0.4.4 - # via cookiecutter -cachetools==5.2.0 + # molecule +attrs==23.2.0 + # via + # jsonschema + # referencing +bracex==2.4 + # via wcmatch +cachetools==5.3.2 # via google-auth -certifi==2022.9.24 +certifi==2023.11.17 # via # kubernetes # requests -cffi==1.15.1 +cffi==1.16.0 # via cryptography -cfgv==3.3.1 +cfgv==3.4.0 # via pre-commit -chardet==5.0.0 - # via binaryornot -charset-normalizer==2.1.1 +charset-normalizer==3.3.2 # via requests -click==8.1.3 +click==8.1.7 # via # click-help-colors - # cookiecutter # molecule -click-help-colors==0.9.1 - # via molecule -commonmark==0.9.1 - # via rich -cookiecutter==2.1.1 +click-help-colors==0.9.4 # via molecule -cryptography==38.0.3 +cryptography==41.0.7 # via ansible-core -distlib==0.3.6 +distlib==0.3.8 # via virtualenv -distro==1.8.0 - # via selinux enrich==1.2.7 # via molecule -filelock==3.8.0 +filelock==3.13.1 # via virtualenv -google-auth==2.14.0 +google-auth==2.26.2 # via kubernetes -identify==2.5.8 +identify==2.5.33 # via pre-commit -idna==3.4 +idna==3.6 # via requests -jinja2==3.1.2 +jinja2==3.1.3 # via # ansible-core - # cookiecutter - # jinja2-time # molecule - # molecule-vagrant -jinja2-time==0.2.0 - # via cookiecutter jmespath==1.0.1 # via -r requirements.in jsonpatch==1.33 # via -r requirements.in -jsonpointer==2.3 +jsonpointer==2.4 # via jsonpatch -jsonschema==4.17.0 +jsonschema==4.21.1 # via # ansible-compat # molecule -kubernetes==25.3.0 +jsonschema-specifications==2023.12.1 + # via jsonschema +kubernetes==29.0.0 # via -r requirements.in -markupsafe==2.1.1 +markdown-it-py==3.0.0 + # via rich +markupsafe==2.1.4 # via jinja2 -molecule==4.0.4 +mdurl==0.1.2 + # via markdown-it-py +molecule==6.0.3 # via # -r requirements.in - # molecule-vagrant -molecule-vagrant==1.0.0 + # molecule-plugins +molecule-plugins[vagrant]==23.5.0 # via -r requirements.in -netaddr==0.10.0 +netaddr==0.10.1 # via -r requirements.in -nodeenv==1.7.0 +nodeenv==1.8.0 # via pre-commit oauthlib==3.2.2 - # via requests-oauthlib -packaging==21.3 + # via + # kubernetes + # requests-oauthlib +packaging==23.2 # via # ansible-compat # ansible-core # molecule -platformdirs==2.5.2 +platformdirs==4.1.0 # via virtualenv -pluggy==1.0.0 +pluggy==1.3.0 # via molecule -pre-commit==2.21.0 +pre-commit==3.6.0 # via -r requirements.in pre-commit-hooks==4.5.0 # via -r requirements.in -pyasn1==0.4.8 +pyasn1==0.5.1 # via # pyasn1-modules # rsa -pyasn1-modules==0.2.8 +pyasn1-modules==0.3.0 # via google-auth pycparser==2.21 # via cffi -pygments==2.13.0 +pygments==2.17.2 # via rich -pyparsing==3.0.9 - # via packaging -pyrsistent==0.19.2 - # via jsonschema python-dateutil==2.8.2 - # via - # arrow - # kubernetes -python-slugify==6.1.2 - # via cookiecutter + # via kubernetes python-vagrant==1.0.0 - # via molecule-vagrant + # via molecule-plugins pyyaml==6.0.1 # via # -r requirements.in # ansible-compat # ansible-core - # cookiecutter # kubernetes # molecule - # molecule-vagrant # pre-commit -requests==2.28.1 +referencing==0.32.1 + # via + # jsonschema + # jsonschema-specifications +requests==2.31.0 # via - # cookiecutter # kubernetes # requests-oauthlib requests-oauthlib==1.3.1 # via kubernetes -resolvelib==0.8.1 +resolvelib==1.0.1 # via ansible-core -rich==12.6.0 +rich==13.7.0 # via # enrich # molecule +rpds-py==0.17.1 + # via + # jsonschema + # referencing rsa==4.9 # via google-auth -ruamel-yaml==0.17.21 +ruamel-yaml==0.18.5 # via pre-commit-hooks -selinux==0.2.1 - # via molecule-vagrant +ruamel-yaml-clib==0.2.8 + # via ruamel-yaml six==1.16.0 # via - # google-auth # kubernetes # python-dateutil subprocess-tee==0.4.1 # via ansible-compat -text-unidecode==1.3 - # via python-slugify -urllib3==1.26.12 +urllib3==2.1.0 # via # kubernetes # requests -virtualenv==20.16.6 +virtualenv==20.25.0 # via pre-commit -websocket-client==1.4.2 +wcmatch==8.5 + # via molecule +websocket-client==1.7.0 # via kubernetes # The following packages are considered to be unsafe in a requirements file: diff --git a/roles/k3s_server_post/defaults/main.yml b/roles/k3s_server_post/defaults/main.yml index 1c458faab..bbf9629d9 100644 --- a/roles/k3s_server_post/defaults/main.yml +++ b/roles/k3s_server_post/defaults/main.yml @@ -1,6 +1,6 @@ --- # Timeout to wait for MetalLB services to come up -metal_lb_available_timeout: 120s +metal_lb_available_timeout: 240s # Name of the master group group_name_master: master