171 lines
7.9 KiB
YAML
171 lines
7.9 KiB
YAML
---
|
||
# 合并说明:
|
||
# - 原 02-05.yml 仅 import 02-05-deploy.yml + 02-01..02-04
|
||
# - 现已把 02-05-deploy.yml 内联到本文件,保持 ansible/bin/verify.sh run 02-05 的语义不变
|
||
|
||
- name: Deploy nginx matrix (M1~M4)
|
||
hosts: k3s_server
|
||
become: true
|
||
run_once: true
|
||
vars:
|
||
k3s_kubeconfig: /etc/rancher/k3s/k3s.yaml
|
||
manifests_path: "{{ playbook_dir }}/../../files/02-05"
|
||
tasks:
|
||
- name: Ensure manifests path exists
|
||
ansible.builtin.stat:
|
||
path: "{{ manifests_path }}"
|
||
register: manifests_stat
|
||
delegate_to: localhost
|
||
run_once: true
|
||
|
||
- name: Fail if manifests not found
|
||
ansible.builtin.fail:
|
||
msg: "manifests 未找到: {{ manifests_path }},请从仓库根目录或 ansible 同级执行"
|
||
when: not manifests_stat.stat.exists
|
||
delegate_to: localhost
|
||
run_once: true
|
||
|
||
- name: Ensure control-plane label on k3s_server nodes (for M1)
|
||
ansible.builtin.shell: |
|
||
KUBECONFIG={{ k3s_kubeconfig }} kubectl label node {{ item }} node-role.kubernetes.io/control-plane= --overwrite
|
||
loop: "{{ groups['k3s_server'] | default([]) }}"
|
||
|
||
- name: Ensure worker label on k3s_worker nodes (for M3)
|
||
ansible.builtin.shell: |
|
||
KUBECONFIG={{ k3s_kubeconfig }} kubectl label node {{ item }} node-role.kubernetes.io/worker= --overwrite
|
||
loop: "{{ groups['k3s_worker'] | default([]) }}"
|
||
|
||
- name: Copy nginx matrix manifests to server
|
||
ansible.builtin.copy:
|
||
src: "{{ manifests_path }}/"
|
||
dest: /tmp/nginx-matrix/
|
||
mode: "0644"
|
||
|
||
- name: Delete all nginx matrix deployments before apply
|
||
ansible.builtin.shell: KUBECONFIG={{ k3s_kubeconfig }} kubectl delete deployment nginx-m1 nginx-m2 nginx-m3 nginx-m4 -n default --ignore-not-found=true
|
||
register: del_nginx
|
||
changed_when: "'deleted' in del_nginx.stdout"
|
||
|
||
- name: kubectl apply nginx matrix
|
||
ansible.builtin.shell: KUBECONFIG={{ k3s_kubeconfig }} kubectl apply -f /tmp/nginx-matrix/ -R
|
||
register: k8s_apply
|
||
changed_when: "'configured' in k8s_apply.stdout or 'created' in k8s_apply.stdout"
|
||
|
||
- name: Restart nginx deployments so pods pick up ConfigMap (M1~M4 标识)
|
||
ansible.builtin.shell: KUBECONFIG={{ k3s_kubeconfig }} kubectl rollout restart deployment nginx-m1 nginx-m2 nginx-m3 nginx-m4 -n default
|
||
register: restart_out
|
||
changed_when: true
|
||
|
||
# rollout restart 后 Pod 名频繁更替,kubectl wait pod -l 可能竞态 NotFound;改用 rollout status
|
||
- name: Wait for nginx rollouts stable after ConfigMap restart
|
||
ansible.builtin.shell: |
|
||
set -euo pipefail
|
||
KCFG={{ k3s_kubeconfig | quote }}
|
||
export KUBECONFIG="$KCFG"
|
||
for dep in nginx-m1 nginx-m2; do
|
||
echo "[OC-ASSERT] assertion=nginx_matrix_rollout deployment=${dep} timeout=60s"
|
||
kubectl rollout status "deployment/$dep" -n default --timeout=60s
|
||
done
|
||
for dep in nginx-m3 nginx-m4; do
|
||
echo "[OC-ASSERT] assertion=nginx_matrix_rollout deployment=${dep} timeout=120s"
|
||
kubectl rollout status "deployment/$dep" -n default --timeout=120s
|
||
done
|
||
args:
|
||
executable: /bin/bash
|
||
changed_when: false
|
||
|
||
- name: Verify nginx matrix
|
||
ansible.builtin.shell: KUBECONFIG={{ k3s_kubeconfig }} kubectl get pod,svc,ing,ingressroute -n default -o wide
|
||
register: verify
|
||
changed_when: false
|
||
|
||
- name: ">>> nginx matrix 资源"
|
||
ansible.builtin.debug:
|
||
msg: "{{ item }}"
|
||
loop: "{{ verify.stdout_lines }}"
|
||
|
||
- name: 验证 Pod 节点分布(M1/M2 应在控制节点,M3/M4 应在工作节点)
|
||
ansible.builtin.shell: |
|
||
KUBECONFIG={{ k3s_kubeconfig }} kubectl get pod -n default -o custom-columns='NAME:.metadata.name,APP:.metadata.labels.app,NODE:.spec.nodeName' | grep -E '^(NAME|nginx-m)'
|
||
register: pod_placement
|
||
changed_when: false
|
||
|
||
- name: ">>> Pod 节点分布"
|
||
ansible.builtin.debug:
|
||
msg: "{{ item }}"
|
||
loop: "{{ pod_placement.stdout_lines }}"
|
||
|
||
- name: M1 容器内诊断(排查为何仍为 nginx 欢迎页)
|
||
ansible.builtin.shell: |
|
||
echo "========== 1. M1 容器内 /usr/share/nginx/html/ 目录 =========="
|
||
KUBECONFIG={{ k3s_kubeconfig }} kubectl exec -n default deployment/nginx-m1 -- ls -la /usr/share/nginx/html/ 2>/dev/null || echo "(exec 失败)"
|
||
echo ""
|
||
echo "========== 2. M1 容器内 index.html 内容(前 5 行)=========="
|
||
KUBECONFIG={{ k3s_kubeconfig }} kubectl exec -n default deployment/nginx-m1 -- cat /usr/share/nginx/html/index.html 2>/dev/null | head -5 || echo "(exec 失败)"
|
||
echo ""
|
||
echo "========== 3. M1 容器内 /etc/nginx/conf.d/ 目录 =========="
|
||
KUBECONFIG={{ k3s_kubeconfig }} kubectl exec -n default deployment/nginx-m1 -- ls -la /etc/nginx/conf.d/ 2>/dev/null || echo "(exec 失败)"
|
||
echo ""
|
||
echo "========== 4. M1 容器内 default.conf 内容 =========="
|
||
KUBECONFIG={{ k3s_kubeconfig }} kubectl exec -n default deployment/nginx-m1 -- cat /etc/nginx/conf.d/default.conf 2>/dev/null || echo "(exec 失败)"
|
||
echo ""
|
||
echo "========== 5. M1 容器内 nginx 生效配置中的 server 块(前 40 行)=========="
|
||
KUBECONFIG={{ k3s_kubeconfig }} kubectl exec -n default deployment/nginx-m1 -- nginx -T 2>/dev/null | grep -A 200 "server {" | head -40 || echo "(exec 失败)"
|
||
register: m1_diag
|
||
changed_when: false
|
||
failed_when: false
|
||
|
||
- name: ">>> M1 容器内诊断结果(若 M1 仍为欢迎页,请根据此处输出排查)"
|
||
ansible.builtin.debug:
|
||
msg: "{{ item }}"
|
||
loop: "{{ m1_diag.stdout_lines }}"
|
||
|
||
- name: 验证 M1~M4 标识(Pod 内 index.html 含 Mx、响应头 X-Backend)
|
||
ansible.builtin.shell: |
|
||
base="{{ groups['k3s_nodes'] | map('extract', hostvars) | map(attribute='ansible_host') | first }}"
|
||
for id in 1 2 3 4; do
|
||
echo "=== M$id Pod 内 index.html 前 2 行 ==="
|
||
KUBECONFIG={{ k3s_kubeconfig }} kubectl exec -n default deployment/nginx-m$id -- cat /usr/share/nginx/html/index.html 2>/dev/null | head -2 || echo "(exec 失败)"
|
||
echo "=== M$id 响应头 X-Backend ==="
|
||
curl -sI "http://$base/demo-m$id/" 2>/dev/null | grep -i x-backend || echo "(未看到 X-Backend)"
|
||
echo ""
|
||
done
|
||
register: m_check
|
||
changed_when: false
|
||
failed_when: false
|
||
|
||
- name: ">>> M1~M4 验证"
|
||
ansible.builtin.debug:
|
||
msg: "{{ item }}"
|
||
loop: "{{ m_check.stdout_lines }}"
|
||
|
||
- name: curl 验证(16 个目标:4 节点 × 4 路径)
|
||
ansible.builtin.shell: |
|
||
bases="{{ groups['k3s_nodes'] | map('extract', hostvars) | map(attribute='ansible_host') | join(' ') }}"
|
||
count=0
|
||
ok=0
|
||
echo "=== 16 个目标 (4 节点 × 4 路径) ==="
|
||
echo "节点 M1(控制+Ingress) M2(控制+IR) M3(工作+Ingress) M4(工作+IR)"
|
||
for base in $bases; do
|
||
m1=$(curl -s -o /dev/null -w "%{http_code}" --connect-timeout 2 http://$base/demo-m1 2>/dev/null) || m1="fail"
|
||
m2=$(curl -s -o /dev/null -w "%{http_code}" --connect-timeout 2 http://$base/demo-m2 2>/dev/null) || m2="fail"
|
||
m3=$(curl -s -o /dev/null -w "%{http_code}" --connect-timeout 2 http://$base/demo-m3 2>/dev/null) || m3="fail"
|
||
m4=$(curl -s -o /dev/null -w "%{http_code}" --connect-timeout 2 http://$base/demo-m4 2>/dev/null) || m4="fail"
|
||
printf "%-12s %-16s %-11s %-16s %s\n" "$base" "$m1" "$m2" "$m3" "$m4"
|
||
for c in $m1 $m2 $m3 $m4; do count=$((count+1)); [ "$c" = "200" ] && ok=$((ok+1)); done
|
||
done
|
||
echo "---"
|
||
echo "共验证 $count 个目标,$ok 个返回 200"
|
||
register: curl_result
|
||
changed_when: false
|
||
|
||
- name: ">>> curl 矩阵"
|
||
ansible.builtin.debug:
|
||
msg: "{{ item }}"
|
||
loop: "{{ curl_result.stdout_lines }}"
|
||
|
||
- import_playbook: 02-01.yml
|
||
- import_playbook: 02-02.yml
|
||
- import_playbook: 02-03.yml
|
||
- import_playbook: 02-04.yml
|