Merge branch 'master' into updates

* Create reboot.yml

* Create reboot.sh

* Updated the Playbook and Tasks Name

Co-authored-by: Techno Tim <timothystewart6@gmail.com>

.github/PULL_REQUEST_TEMPLATE.md

@@ -12,3 +12,4 @@
 - [ ] Ran `reset.yml` playbook
 - [ ] Did not add any unnecessary changes
 - [ ] 🚀
+- [ ] Ran pre-commit install at least once before committing

.github/workflows/lint.yml

@@ -5,20 +5,42 @@ on:
   push:
     branches:
       - master
-
+    paths-ignore:
+      - '**/README.md'
 jobs:
-  ansible-lint:
-    name: YAML Lint + Ansible Lint
+  pre-commit-ci:
+    name: Pre-Commit
     runs-on: ubuntu-latest
+    env:
+      PYTHON_VERSION: "3.10"
 
     steps:
       - name: Check out the codebase
         uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # 3.0.2
-
-      - name: Set up Python 3.x
-        uses: actions/setup-python@b55428b1882923874294fa556849718a1d7f2ca5 #4.0.2
         with:
-          python-version: "3.x"
+          ref: ${{ github.event.pull_request.head.sha }}
+
+      - name: Set up Python ${{ env.PYTHON_VERSION }}
+        uses: actions/setup-python@13ae5bb136fac2878aff31522b9efb785519f984 # 4.3.0
+        with:
+          python-version: ${{ env.PYTHON_VERSION }}
+          cache: 'pip' # caching pip dependencies
+
+      - name: Cache pip
+        uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7 # 3.0.11
+        with:
+          path: ~/.cache/pip
+          key: ${{ runner.os }}-pip-${{ hashFiles('./requirements.txt') }}
+          restore-keys: |
+            ${{ runner.os }}-pip-
+
+      - name: Cache Ansible
+        uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7 # 3.0.11
+        with:
+          path: ~/.ansible/collections
+          key: ${{ runner.os }}-ansible-${{ hashFiles('collections/requirements.txt') }}
+          restore-keys: |
+            ${{ runner.os }}-ansible-
 
       - name: Install dependencies
         run: |
@@ -34,8 +56,18 @@ jobs:
           ansible-galaxy install -r collections/requirements.yml
           echo "::endgroup::"
 
-      - name: Run yamllint
-        run: yamllint .
+      - name: Run pre-commit
+        uses: pre-commit/action@646c83fcd040023954eafda54b4db0192ce70507 # 3.0.0
 
-      - name: Run ansible-lint
-        run: ansible-lint
+  ensure-pinned-actions:
+    name: Ensure SHA Pinned Actions
+    runs-on: self-hosted
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # 3.0.2
+      - name: Ensure SHA pinned actions
+        uses: zgosalvez/github-actions-ensure-sha-pinned-actions@6ca5574367befbc9efdb2fa25978084159c5902d # 1.3.0
+        with:
+          allowlist: |
+            aws-actions/
+            docker/login-action

.github/workflows/test.yml

@@ -25,6 +25,8 @@ jobs:
     steps:
       - name: Check out the codebase
         uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # 3.0.2
+        with:
+          ref: ${{ github.event.pull_request.head.sha }}
 
       - name: Configure VirtualBox
         run: |-
@@ -34,8 +36,16 @@ jobs:
           * fdad:bad:ba55::/64
           EOF
 
+      - name: Cache pip
+        uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7 # 3.0.11
+        with:
+          path: ~/.cache/pip
+          key: ${{ runner.os }}-pip-${{ hashFiles('./requirements.txt') }}
+          restore-keys: |
+            ${{ runner.os }}-pip-
+
       - name: Cache Vagrant boxes
-        uses: actions/cache@fd5de65bc895cf536527842281bea11763fefd77 # 3.0.8
+        uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7 # 3.0.11
         with:
           path: |
             ~/.vagrant.d/boxes
@@ -50,14 +60,20 @@ jobs:
         run: ./.github/download-boxes.sh
 
       - name: Set up Python ${{ env.PYTHON_VERSION }}
-        uses: actions/setup-python@v2
+        uses: actions/setup-python@13ae5bb136fac2878aff31522b9efb785519f984 # 4.3.0
         with:
           python-version: ${{ env.PYTHON_VERSION }}
+          cache: 'pip' # caching pip dependencies
 
       - name: Install dependencies
-        run: >-
-          python3 -m pip install --upgrade pip &&
+        run: |
+          echo "::group::Upgrade pip"
+          python3 -m pip install --upgrade pip
+          echo "::endgroup::"
+
+          echo "::group::Install Python requirements from requirements.txt"
           python3 -m pip install -r requirements.txt
+          echo "::endgroup::"
 
       - name: Test with molecule
         run: molecule test --scenario-name ${{ matrix.scenario }}
@@ -70,7 +86,7 @@ jobs:
 
       - name: Upload log files
         if: always() # do this even if a step before has failed
-        uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # 3.1.0
+        uses: actions/upload-artifact@83fd05a356d7e2593de66fc9913b3002723633cb # 3.1.1
         with:
           name: logs
           path: |

.gitignore

@@ -1 +1,2 @@
 .env/
+*.log

.pre-commit-config.yaml

@@ -0,0 +1,21 @@
+---
+repos:
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v4.3.0
+    hooks:
+      - id: requirements-txt-fixer
+      - id: sort-simple-yaml
+      - id: detect-private-key
+  - repo: https://github.com/adrienverge/yamllint.git
+    rev: v1.28.0
+    hooks:
+      - id: yamllint
+        args: [-c=.yamllint]
+  - repo: https://github.com/ansible-community/ansible-lint.git
+    rev: v6.8.2
+    hooks:
+      - id: ansible-lint
+  - repo: https://github.com/shellcheck-py/shellcheck-py
+    rev: v0.8.0.4
+    hooks:
+      - id: shellcheck

ansible.cfg

@@ -1,12 +1,23 @@
 [defaults]
-nocows = True
-roles_path = ./roles
-inventory  = ./hosts.ini
+nocows                  = True
+roles_path              = ./roles
+inventory               = ./hosts.ini
+stdout_callback         = yaml
 
-remote_tmp = $HOME/.ansible/tmp
-local_tmp  = $HOME/.ansible/tmp
-pipelining = True
-become = True
-host_key_checking = False
-deprecation_warnings = False
-callback_whitelist = profile_tasks
+remote_tmp              = $HOME/.ansible/tmp
+local_tmp               = $HOME/.ansible/tmp
+timeout                 = 60
+host_key_checking       = False
+deprecation_warnings    = False
+callback_whitelist      = profile_tasks
+log_path                = ./ansible.log
+
+[privilege_escalation]
+become                  = True
+
+[ssh_connection]
+scp_if_ssh              = smart
+retries                 = 3
+ssh_args                = -o ControlMaster=auto -o ControlPersist=30m -o Compression=yes -o ServerAliveInterval=15s
+pipelining              = True
+control_path            = %(directory)s/%%h-%%r

inventory/sample/group_vars/all.yml

@@ -1,5 +1,5 @@
 ---
-k3s_version: v1.24.6+k3s1
+k3s_version: v1.24.7+k3s1
 # this is the user that has ssh access to these machines
 ansible_user: ansibleuser
 systemd_dir: /etc/systemd/system
@@ -44,8 +44,8 @@ extra_agent_args: >-
 kube_vip_tag_version: "v0.5.5"
 
 # image tag for metal lb
-metal_lb_speaker_tag_version: "v0.13.6"
-metal_lb_controller_tag_version: "v0.13.6"
+metal_lb_speaker_tag_version: "v0.13.9"
+metal_lb_controller_tag_version: "v0.13.9"
 
 # metallb ip range for load balancer
 metal_lb_ip_range: "192.168.30.80-192.168.30.90"

molecule/default/molecule.yml

@@ -3,56 +3,73 @@ dependency:
   name: galaxy
 driver:
   name: vagrant
-.platform_presets:
-  - &control
+platforms:
+
+  - name: control1
+    box: generic/ubuntu2204
     memory: 2048
     cpus: 2
     groups:
       - k3s_cluster
       - master
-  - &node
-    memory: 2048
-    cpus: 2
-    groups:
-      - k3s_cluster
-      - node
-  - &debian
-    box: generic/debian11
-  - &rocky
-    box: generic/rocky9
-  - &ubuntu
-    box: generic/ubuntu2204
+    interfaces:
+      - network_name: private_network
+        ip: 192.168.30.38
     config_options:
       # We currently can not use public-key based authentication on Ubuntu 22.04,
       # see: https://github.com/chef/bento/issues/1405
       ssh.username: "vagrant"
       ssh.password: "vagrant"
-platforms:
-  - <<: [*control, *ubuntu]
-    name: control1
-    interfaces:
-      - network_name: private_network
-        ip: 192.168.30.38
-  - <<: [*control, *debian]
-    name: control2
+
+  - name: control2
+    box: generic/debian11
+    memory: 2048
+    cpus: 2
+    groups:
+      - k3s_cluster
+      - master
     interfaces:
       - network_name: private_network
         ip: 192.168.30.39
-  - <<: [*control, *rocky]
-    name: control3
+
+  - name: control3
+    box: generic/rocky9
+    memory: 2048
+    cpus: 2
+    groups:
+      - k3s_cluster
+      - master
     interfaces:
       - network_name: private_network
         ip: 192.168.30.40
-  - <<: [*node, *ubuntu]
-    name: node1
+
+  - name: node1
+    box: generic/ubuntu2204
+    memory: 2048
+    cpus: 2
+    groups:
+      - k3s_cluster
+      - node
     interfaces:
       - network_name: private_network
         ip: 192.168.30.41
-  - <<: [*node, *rocky]
-    name: node2
+    config_options:
+      # We currently can not use public-key based authentication on Ubuntu 22.04,
+      # see: https://github.com/chef/bento/issues/1405
+      ssh.username: "vagrant"
+      ssh.password: "vagrant"
+
+  - name: node2
+    box: generic/rocky9
+    memory: 2048
+    cpus: 2
+    groups:
+      - k3s_cluster
+      - node
     interfaces:
       - network_name: private_network
         ip: 192.168.30.42
+
 provisioner:
   name: ansible
   playbooks:

molecule/ipv6/molecule.yml

@@ -3,37 +3,39 @@ dependency:
   name: galaxy
 driver:
   name: vagrant
-.platform_presets:
-  - &control
+platforms:
+
+  - name: control1
+    box: generic/ubuntu2204
     memory: 2048
     cpus: 2
     groups:
       - k3s_cluster
       - master
-  - &node
-    memory: 2048
-    cpus: 2
-    groups:
-      - k3s_cluster
-      - node
-  - &ubuntu
-    box: generic/ubuntu2204
+    interfaces:
+      - network_name: private_network
+        ip: fdad:bad:ba55::de:11
     config_options:
       # We currently can not use public-key based authentication on Ubuntu 22.04,
       # see: https://github.com/chef/bento/issues/1405
       ssh.username: "vagrant"
       ssh.password: "vagrant"
-platforms:
-  - <<: [*control, *ubuntu]
-    name: control1
-    interfaces:
-      - network_name: private_network
-        ip: fdad:bad:ba55::de:11
-  - <<: [*node, *ubuntu]
-    name: node1
+
+  - name: node1
+    box: generic/ubuntu2204
+    memory: 2048
+    cpus: 2
+    groups:
+      - k3s_cluster
+      - node
     interfaces:
       - network_name: private_network
         ip: fdad:bad:ba55::de:21
+    config_options:
+      # We currently can not use public-key based authentication on Ubuntu 22.04,
+      # see: https://github.com/chef/bento/issues/1405
+      ssh.username: "vagrant"
+      ssh.password: "vagrant"
 provisioner:
   name: ansible
   playbooks:

reboot.sh

@@ -0,0 +1,3 @@
+#!/bin/bash
+
+ansible-playbook reboot.yml -i inventory/my-cluster/hosts.ini

reboot.yml

@@ -0,0 +1,9 @@
+---
+- name: Reboot k3s_cluster
+  hosts: k3s_cluster
+  gather_facts: yes
+  become: yes
+  tasks:
+    - name: Reboot the nodes (and Wait upto 5 mins max)
+      reboot:
+        reboot_timeout: 300

requirements.in

@@ -0,0 +1,13 @@
+molecule>=4.0.3
+ansible-core>=2.13.5
+ansible-lint>=6.8.6
+kubernetes>=25.3.0
+molecule-vagrant>=1.0.0
+molecule>=4.0.3
+netaddr>=0.8.0
+pyyaml>=6.0
+yamllint>=1.28.0
+jmespath>=1.0.1
+jsonpatch>=1.32
+pre-commit>=2.20.0
+netaddr>=0.8.0

requirements.txt

@@ -1,71 +1,222 @@
-ansible-compat==2.2.1
+#
+# This file is autogenerated by pip-compile with python 3.8
+# To update, run:
+#
+#    pip-compile requirements.in
+#
+ansible-compat==2.2.4
+    # via
+    #   ansible-lint
+    #   molecule
 ansible-core==2.13.5
-ansible-lint==6.8.2
+    # via
+    #   -r requirements.in
+    #   ansible-lint
+ansible-lint==6.8.6
+    # via -r requirements.in
 arrow==1.2.3
+    # via jinja2-time
 attrs==22.1.0
+    # via jsonschema
 binaryornot==0.4.4
+    # via cookiecutter
 black==22.10.0
+    # via ansible-lint
 bracex==2.3.post1
+    # via wcmatch
 cachetools==5.2.0
-Cerberus==1.3.2
+    # via google-auth
 certifi==2022.9.24
+    # via
+    #   kubernetes
+    #   requests
 cffi==1.15.1
+    # via cryptography
+cfgv==3.3.1
+    # via pre-commit
 chardet==5.0.0
+    # via binaryornot
 charset-normalizer==2.1.1
+    # via requests
 click==8.1.3
+    # via
+    #   black
+    #   click-help-colors
+    #   cookiecutter
+    #   molecule
 click-help-colors==0.9.1
+    # via molecule
 commonmark==0.9.1
+    # via rich
 cookiecutter==2.1.1
-cryptography==38.0.1
+    # via molecule
+cryptography==38.0.3
+    # via ansible-core
+distlib==0.3.6
+    # via virtualenv
 distro==1.8.0
+    # via selinux
 enrich==1.2.7
+    # via molecule
 filelock==3.8.0
-google-auth==2.12.0
+    # via
+    #   ansible-lint
+    #   virtualenv
+google-auth==2.14.0
+    # via kubernetes
+identify==2.5.8
+    # via pre-commit
 idna==3.4
+    # via requests
 importlib-resources==5.10.0
-Jinja2==3.1.2
+    # via jsonschema
+jinja2==3.1.2
+    # via
+    #   ansible-core
+    #   cookiecutter
+    #   jinja2-time
+    #   molecule
+    #   molecule-vagrant
 jinja2-time==0.2.0
+    # via cookiecutter
 jmespath==1.0.1
+    # via -r requirements.in
 jsonpatch==1.32
+    # via -r requirements.in
 jsonpointer==2.3
-jsonschema==4.16.0
-kubernetes==24.2.0
-MarkupSafe==2.1.1
-molecule==4.0.1
+    # via jsonpatch
+jsonschema==4.17.0
+    # via
+    #   ansible-compat
+    #   ansible-lint
+    #   molecule
+kubernetes==25.3.0
+    # via -r requirements.in
+markupsafe==2.1.1
+    # via jinja2
+molecule==4.0.3
+    # via
+    #   -r requirements.in
+    #   molecule-vagrant
 molecule-vagrant==1.0.0
+    # via -r requirements.in
 mypy-extensions==0.4.3
+    # via black
 netaddr==0.8.0
-oauthlib==3.2.1
+    # via -r requirements.in
+nodeenv==1.7.0
+    # via pre-commit
+oauthlib==3.2.2
+    # via requests-oauthlib
 packaging==21.3
+    # via
+    #   ansible-compat
+    #   ansible-core
+    #   ansible-lint
+    #   molecule
 pathspec==0.10.1
+    # via
+    #   black
+    #   yamllint
 pkgutil-resolve-name==1.3.10
+    # via jsonschema
 platformdirs==2.5.2
+    # via
+    #   black
+    #   virtualenv
 pluggy==1.0.0
+    # via molecule
+pre-commit==2.20.0
+    # via -r requirements.in
 pyasn1==0.4.8
+    # via
+    #   pyasn1-modules
+    #   rsa
 pyasn1-modules==0.2.8
+    # via google-auth
 pycparser==2.21
-Pygments==2.13.0
+    # via cffi
+pygments==2.13.0
+    # via rich
 pyparsing==3.0.9
-pyrsistent==0.18.1
+    # via packaging
+pyrsistent==0.19.2
+    # via jsonschema
 python-dateutil==2.8.2
+    # via
+    #   arrow
+    #   kubernetes
 python-slugify==6.1.2
+    # via cookiecutter
 python-vagrant==1.0.0
-PyYAML==6.0
+    # via molecule-vagrant
+pyyaml==6.0
+    # via
+    #   -r requirements.in
+    #   ansible-compat
+    #   ansible-core
+    #   ansible-lint
+    #   cookiecutter
+    #   kubernetes
+    #   molecule
+    #   molecule-vagrant
+    #   pre-commit
+    #   yamllint
 requests==2.28.1
+    # via
+    #   cookiecutter
+    #   kubernetes
+    #   requests-oauthlib
 requests-oauthlib==1.3.1
+    # via kubernetes
 resolvelib==0.8.1
+    # via ansible-core
 rich==12.6.0
+    # via
+    #   ansible-lint
+    #   enrich
+    #   molecule
 rsa==4.9
-ruamel.yaml==0.17.21
-ruamel.yaml.clib==0.2.6
+    # via google-auth
+ruamel-yaml==0.17.21
+    # via ansible-lint
+ruamel-yaml-clib==0.2.7
+    # via ruamel-yaml
 selinux==0.2.1
+    # via molecule-vagrant
 six==1.16.0
+    # via
+    #   google-auth
+    #   kubernetes
+    #   python-dateutil
 subprocess-tee==0.3.5
+    # via ansible-compat
 text-unidecode==1.3
+    # via python-slugify
+toml==0.10.2
+    # via pre-commit
 tomli==2.0.1
+    # via black
 typing-extensions==4.4.0
+    # via
+    #   black
+    #   rich
 urllib3==1.26.12
+    # via
+    #   kubernetes
+    #   requests
+virtualenv==20.16.6
+    # via pre-commit
 wcmatch==8.4.1
-websocket-client==1.4.1
+    # via ansible-lint
+websocket-client==1.4.2
+    # via kubernetes
 yamllint==1.28.0
-zipp==3.9.0
+    # via
+    #   -r requirements.in
+    #   ansible-lint
+zipp==3.10.0
+    # via importlib-resources
+
+# The following packages are considered to be unsafe in a requirements file:
+# setuptools