-
Notifications
You must be signed in to change notification settings - Fork 29
144 lines (140 loc) · 4.53 KB
/
default-k3s-bare.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
---
name: default-k3s-bare
on:
push:
pull_request:
workflow_dispatch:
permissions: {}
jobs:
build:
permissions:
contents: read
runs-on: ${{ matrix.distribution }}-${{ matrix.version }}
continue-on-error: ${{ matrix.experimental }}
strategy:
fail-fast: false
max-parallel: 4
matrix:
include:
- distribution: ubuntu
version: '22.04'
experimental: true
- distribution: ubuntu
version: '20.04'
experimental: true
env:
ANSIBLE_CALLBACKS_ENABLED: profile_tasks
ANSIBLE_EXTRA_VARS: ""
ANSIBLE_ROLE: juju4.falco
SUITE: default-k3s
steps:
- uses: actions/checkout@v4
with:
path: ${{ env.ANSIBLE_ROLE }}
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: '3.x'
- name: ACL
run: |
sudo apt-get install -y acl || true
mount
sudo mount -o remount,acl / || true
- name: Install dependencies
run: |
python3 -m pip install --upgrade pip
pip3 install ansible-lint flake8 yamllint
which ansible
pip3 install ansible
pip3 show ansible
ansible --version
cd $GITHUB_WORKSPACE/$ANSIBLE_ROLE
[ -f get-dependencies.sh ] && sh -x get-dependencies.sh
{ echo '[defaults]'; echo 'callbacks_enabled = profile_tasks, timer'; echo 'inventory = hosts.ini'; echo 'roles_path = ../'; echo 'ansible_python_interpreter: /usr/bin/python3'; } >> ansible.cfg
- name: Environment
run: |
set -x
pwd
env
find . -ls
- name: run test
run: |
cd $GITHUB_WORKSPACE/$ANSIBLE_ROLE && ansible-playbook -i hosts.ini --connection=local --become -vvv test/integration/$SUITE/default.yml ${ANSIBLE_EXTRA_VARS}
env:
PY_COLORS: '1'
ANSIBLE_FORCE_COLOR: '1'
- name: idempotency run
run: |
cd $GITHUB_WORKSPACE/$ANSIBLE_ROLE && ansible-playbook -i hosts.ini --connection=local --become -vvv test/integration/$SUITE/default.yml ${ANSIBLE_EXTRA_VARS} | tee /tmp/idempotency.log | grep -q 'changed=0.*failed=0' && (echo 'Idempotence test: pass' && exit 0) || (echo 'Idempotence test: fail' && cat /tmp/idempotency.log && exit 0)
- name: On failure
run: |
systemctl -l --no-pager status
systemctl -l --no-pager --failed
ls -l /usr/bin/ | egrep '(python|pip|ansible)'
pip freeze
pip3 freeze
ip addr
cat /etc/resolv.conf
host www.google.com
ping -c 1 www.google.com || true
ping -c 1 8.8.8.8 || true
if: ${{ failure() }}
continue-on-error: true
- name: After script - ansible setup
run: |
ansible -i inventory --connection=local -m setup localhost
if: ${{ always() }}
continue-on-error: true
- name: After script - systemd
run: |
systemctl -l --no-pager status k3s || true
systemd-analyze --no-pager security || true
rsyslogd -v
if: ${{ always() }}
continue-on-error: true
- name: After script - network
run: |
set -x
sudo ss -tunap
if: ${{ always() }}
continue-on-error: true
- name: After script - process
run: |
set -x
ps aux
if: ${{ always() }}
continue-on-error: true
- name: After script - k8
run: |
set -x
export KUBECONFIG=/etc/rancher/k3s/k3s.yaml
kubectl get nodes
kubectl get pods --all-namespaces -o wide
kubectl get services
kubectl get apiservices
k3s check-config || true
kubectl config view || true
kubectl logs daemonset/falco -n falco -c falco-driver-loader
if: ${{ always() }}
continue-on-error: true
- name: After script - helm
run: |
set -x
helm ls --all-namespaces
helm status falco || true
helm history falco || true
if: ${{ always() }}
continue-on-error: true
- name: After script - etc
run: |
set -x
ls -l /etc/rancher/k3s/
cat /etc/rancher/k3s/config.yaml
if: ${{ always() }}
continue-on-error: true
- name: After script - journalctl
run: |
set -x
journalctl -xeu k3s -l --no-pager
if: ${{ always() }}
continue-on-error: true