--- - name: Deploy 03-06 nfs pv+pvc demo (gated by env) hosts: k3s_server become: true run_once: true vars: k3s_kubeconfig: /etc/rancher/k3s/k3s.yaml manifest_src: "{{ playbook_dir }}/../../files/03-06/nfs-pv-pvc-demo.yaml" manifest_dest: /tmp/nfs-pv-pvc-demo.yaml nfs_job_manifest_src: "{{ playbook_dir }}/../../files/03-06/nfs-pvc-verify-job.yaml" nfs_job_manifest_dest: /tmp/nfs-pvc-verify-job.yaml nfs_server_ip: "{{ lookup('env', 'NFS_SERVER_IP') | default('', true) }}" nfs_export_path: "{{ lookup('env', 'NFS_EXPORT_PATH') | default('', true) }}" tasks: - name: "Gate - skip apply when NFS vars missing" when: (nfs_server_ip | trim == "") or (nfs_export_path | trim == "") ansible.builtin.include_role: name: verify_common tasks_from: gate-debug-end-play.yml vars: verify_gate_message: "[GATE] skipped doc_id=03-06 reason=missing_env missing=NFS_SERVER_IP,NFS_EXPORT_PATH" - name: Copy manifest ansible.builtin.copy: src: "{{ manifest_src }}" dest: "{{ manifest_dest }}" mode: "0644" - name: Replace NFS placeholders ansible.builtin.replace: path: "{{ manifest_dest }}" regexp: "" replace: "{{ nfs_server_ip | trim }}" - name: Replace NFS export path placeholder ansible.builtin.replace: path: "{{ manifest_dest }}" regexp: "" replace: "{{ nfs_export_path | trim }}" - name: Reset stale nfs demo resources before apply (handle immutable PVC fields) ansible.builtin.shell: | set -e export KUBECONFIG={{ k3s_kubeconfig }} kubectl -n default delete job nfs-pvc-verify-demo --ignore-not-found=true || true for i in $(seq 1 60); do n=$(kubectl -n default get pods -l job-name=nfs-pvc-verify-demo --no-headers 2>/dev/null | wc -l | tr -d ' ') [ "${n:-99}" -eq 0 ] && break sleep 1 done || true kubectl -n default delete pvc nfs-pvc-demo --ignore-not-found=true || true kubectl delete pv nfs-pv-demo --ignore-not-found=true || true for i in $(seq 1 40); do pvc_gone=0 pv_gone=0 kubectl -n default get pvc nfs-pvc-demo >/dev/null 2>&1 || pvc_gone=1 kubectl get pv nfs-pv-demo >/dev/null 2>&1 || pv_gone=1 if [ "$pvc_gone" -eq 1 ] && [ "$pv_gone" -eq 1 ]; then break fi sleep 1 done args: executable: /bin/bash changed_when: true - name: Apply PV/PVC manifest ansible.builtin.shell: | set -e KUBECONFIG={{ k3s_kubeconfig }} kubectl apply -f {{ manifest_dest }} args: executable: /bin/bash changed_when: true - name: Wait pvc Bound before Job ansible.builtin.shell: | set -e KUBECONFIG={{ k3s_kubeconfig }} kubectl get pvc nfs-pvc-demo -n default -o jsonpath='{.status.phase}' args: executable: /bin/bash register: pvc_phase_deploy changed_when: false until: pvc_phase_deploy.stdout | trim == "Bound" retries: 40 delay: 3 - name: Copy nfs verify Job manifest ansible.builtin.copy: src: "{{ nfs_job_manifest_src }}" dest: "{{ nfs_job_manifest_dest }}" mode: "0644" - name: Apply nfs verify Job ansible.builtin.shell: | set -e KUBECONFIG={{ k3s_kubeconfig }} kubectl apply -f {{ nfs_job_manifest_dest }} args: executable: /bin/bash changed_when: true - name: Verify 03-06 nfs pvc demo (Bound + Job RW) hosts: k3s_server become: true run_once: true vars: k3s_kubeconfig: /etc/rancher/k3s/k3s.yaml nfs_server_ip: "{{ lookup('env', 'NFS_SERVER_IP') | default('', true) }}" nfs_export_path: "{{ lookup('env', 'NFS_EXPORT_PATH') | default('', true) }}" tasks: - name: "Gate - skip verify when NFS vars missing" when: (nfs_server_ip | trim == "") or (nfs_export_path | trim == "") ansible.builtin.include_role: name: verify_common tasks_from: gate-debug-end-play.yml vars: verify_gate_message: "[GATE] skipped doc_id=03-06 reason=missing_env missing=NFS_SERVER_IP,NFS_EXPORT_PATH" - name: Wait pvc Bound ansible.builtin.shell: | set -e KUBECONFIG={{ k3s_kubeconfig }} kubectl get pvc nfs-pvc-demo -n default -o jsonpath='{.status.phase}' args: executable: /bin/bash register: pvc_phase changed_when: false until: pvc_phase.stdout | trim == "Bound" retries: 40 delay: 3 - name: Wait nfs verify Job complete ansible.builtin.shell: | set -euo pipefail KUBECONFIG={{ k3s_kubeconfig }} kubectl wait --for=condition=complete job/nfs-pvc-verify-demo -n default --timeout=180s args: executable: /bin/bash changed_when: false - name: OC3 evidence — nfs verify Job logs ansible.builtin.shell: | set -euo pipefail export KUBECONFIG={{ k3s_kubeconfig }} echo "[OC-ASSERT] assertion=nfs_pvc_rw phase=cluster probe=job_logs job=nfs-pvc-verify-demo" kubectl -n default logs job/nfs-pvc-verify-demo --tail=30 echo "[OC-ASSERT] assertion=nfs_pvc_rw phase=verify probe=job_complete result=ok job=nfs-pvc-verify-demo" args: executable: /bin/bash changed_when: false - name: Teardown 03-06 nfs pv+pvc demo (optional) hosts: k3s_server become: true run_once: true vars: k3s_kubeconfig: /etc/rancher/k3s/k3s.yaml verify_teardown: "{{ (VERIFY_TEARDOWN | default('1')) | string }}" nfs_server_ip: "{{ lookup('env', 'NFS_SERVER_IP') | default('', true) }}" nfs_export_path: "{{ lookup('env', 'NFS_EXPORT_PATH') | default('', true) }}" manifest_dest: /tmp/nfs-pv-pvc-demo.yaml tasks: - name: Skip teardown when gated when: (nfs_server_ip | trim == "") or (nfs_export_path | trim == "") meta: end_play - name: Delete Job before PVC/PV (teardown order) when: verify_teardown == "1" ansible.builtin.shell: | set -e export KUBECONFIG={{ k3s_kubeconfig }} kubectl delete job nfs-pvc-verify-demo -n default --ignore-not-found=true args: executable: /bin/bash changed_when: true - name: Delete PV/PVC manifest when VERIFY_TEARDOWN=1 when: verify_teardown == "1" ansible.builtin.shell: | set -e KUBECONFIG={{ k3s_kubeconfig }} kubectl delete -f {{ manifest_dest }} --ignore-not-found=true args: executable: /bin/bash changed_when: true