jack/Deploy-Laboratory
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
befdefd2229c705d8601b1bd611d7de29bbcd39d
Deploy-Laboratory/ansible/playbooks/verify/03-06.yml
Jack befdefd222 日常更新
2026-03-29 09:08:01 +08:00

182 lines
6.5 KiB
YAML
Raw Blame History

---
- name: Deploy 03-06 nfs pv+pvc demo (gated by env)
hosts: k3s_server
become: true
run_once: true
vars:
k3s_kubeconfig: /etc/rancher/k3s/k3s.yaml
manifest_src: "{{ playbook_dir }}/../../files/03-06/nfs-pv-pvc-demo.yaml"
manifest_dest: /tmp/nfs-pv-pvc-demo.yaml
nfs_job_manifest_src: "{{ playbook_dir }}/../../files/03-06/nfs-pvc-verify-job.yaml"
nfs_job_manifest_dest: /tmp/nfs-pvc-verify-job.yaml
nfs_server_ip: "{{ lookup('env', 'NFS_SERVER_IP') | default('', true) }}"
nfs_export_path: "{{ lookup('env', 'NFS_EXPORT_PATH') | default('', true) }}"
tasks:
- name: "Gate - skip apply when NFS vars missing"
when: (nfs_server_ip | trim == "") or (nfs_export_path | trim == "")
ansible.builtin.include_role:
name: verify_common
tasks_from: gate-debug-end-play.yml
vars:
verify_gate_message: "[GATE] skipped doc_id=03-06 reason=missing_env missing=NFS_SERVER_IP,NFS_EXPORT_PATH"
- name: Copy manifest
ansible.builtin.copy:
src: "{{ manifest_src }}"
dest: "{{ manifest_dest }}"
mode: "0644"
- name: Replace NFS placeholders
ansible.builtin.replace:
path: "{{ manifest_dest }}"
regexp: "<NFS_SERVER_IP>"
replace: "{{ nfs_server_ip | trim }}"
- name: Replace NFS export path placeholder
ansible.builtin.replace:
path: "{{ manifest_dest }}"
regexp: "<NFS_EXPORT_PATH>"
replace: "{{ nfs_export_path | trim }}"
- name: Reset stale nfs demo resources before apply (handle immutable PVC fields)
ansible.builtin.shell: |
set -e
export KUBECONFIG={{ k3s_kubeconfig }}
kubectl -n default delete job nfs-pvc-verify-demo --ignore-not-found=true || true
for i in $(seq 1 60); do
n=$(kubectl -n default get pods -l job-name=nfs-pvc-verify-demo --no-headers 2>/dev/null | wc -l | tr -d ' ')
[ "${n:-99}" -eq 0 ] && break
sleep 1
done || true
kubectl -n default delete pvc nfs-pvc-demo --ignore-not-found=true || true
kubectl delete pv nfs-pv-demo --ignore-not-found=true || true
for i in $(seq 1 40); do
pvc_gone=0
pv_gone=0
kubectl -n default get pvc nfs-pvc-demo >/dev/null 2>&1 || pvc_gone=1
kubectl get pv nfs-pv-demo >/dev/null 2>&1 || pv_gone=1
if [ "$pvc_gone" -eq 1 ] && [ "$pv_gone" -eq 1 ]; then
break
fi
sleep 1
done
args:
executable: /bin/bash
changed_when: true
- name: Apply PV/PVC manifest
ansible.builtin.shell: |
set -e
KUBECONFIG={{ k3s_kubeconfig }} kubectl apply -f {{ manifest_dest }}
args:
executable: /bin/bash
changed_when: true
- name: Wait pvc Bound before Job
ansible.builtin.shell: |
set -e
KUBECONFIG={{ k3s_kubeconfig }} kubectl get pvc nfs-pvc-demo -n default -o jsonpath='{.status.phase}'
args:
executable: /bin/bash
register: pvc_phase_deploy
changed_when: false
until: pvc_phase_deploy.stdout | trim == "Bound"
retries: 40
delay: 3
- name: Copy nfs verify Job manifest
ansible.builtin.copy:
src: "{{ nfs_job_manifest_src }}"
dest: "{{ nfs_job_manifest_dest }}"
mode: "0644"
- name: Apply nfs verify Job
ansible.builtin.shell: |
set -e
KUBECONFIG={{ k3s_kubeconfig }} kubectl apply -f {{ nfs_job_manifest_dest }}
args:
executable: /bin/bash
changed_when: true
- name: Verify 03-06 nfs pvc demo (Bound + Job RW)
hosts: k3s_server
become: true
run_once: true
vars:
k3s_kubeconfig: /etc/rancher/k3s/k3s.yaml
nfs_server_ip: "{{ lookup('env', 'NFS_SERVER_IP') | default('', true) }}"
nfs_export_path: "{{ lookup('env', 'NFS_EXPORT_PATH') | default('', true) }}"
tasks:
- name: "Gate - skip verify when NFS vars missing"
when: (nfs_server_ip | trim == "") or (nfs_export_path | trim == "")
ansible.builtin.include_role:
name: verify_common
tasks_from: gate-debug-end-play.yml
vars:
verify_gate_message: "[GATE] skipped doc_id=03-06 reason=missing_env missing=NFS_SERVER_IP,NFS_EXPORT_PATH"
- name: Wait pvc Bound
ansible.builtin.shell: |
set -e
KUBECONFIG={{ k3s_kubeconfig }} kubectl get pvc nfs-pvc-demo -n default -o jsonpath='{.status.phase}'
args:
executable: /bin/bash
register: pvc_phase
changed_when: false
until: pvc_phase.stdout | trim == "Bound"
retries: 40
delay: 3
- name: Wait nfs verify Job complete
ansible.builtin.shell: |
set -euo pipefail
KUBECONFIG={{ k3s_kubeconfig }} kubectl wait --for=condition=complete job/nfs-pvc-verify-demo -n default --timeout=180s
args:
executable: /bin/bash
changed_when: false
- name: OC3 evidence — nfs verify Job logs
ansible.builtin.shell: |
set -euo pipefail
export KUBECONFIG={{ k3s_kubeconfig }}
echo "[OC-ASSERT] assertion=nfs_pvc_rw phase=cluster probe=job_logs job=nfs-pvc-verify-demo"
kubectl -n default logs job/nfs-pvc-verify-demo --tail=30
echo "[OC-ASSERT] assertion=nfs_pvc_rw phase=verify probe=job_complete result=ok job=nfs-pvc-verify-demo"
args:
executable: /bin/bash
changed_when: false
- name: Teardown 03-06 nfs pv+pvc demo (optional)
hosts: k3s_server
become: true
run_once: true
vars:
k3s_kubeconfig: /etc/rancher/k3s/k3s.yaml
verify_teardown: "{{ (VERIFY_TEARDOWN | default('1')) | string }}"
nfs_server_ip: "{{ lookup('env', 'NFS_SERVER_IP') | default('', true) }}"
nfs_export_path: "{{ lookup('env', 'NFS_EXPORT_PATH') | default('', true) }}"
manifest_dest: /tmp/nfs-pv-pvc-demo.yaml
tasks:
- name: Skip teardown when gated
when: (nfs_server_ip | trim == "") or (nfs_export_path | trim == "")
meta: end_play
- name: Delete Job before PVC/PV (teardown order)
when: verify_teardown == "1"
ansible.builtin.shell: |
set -e
export KUBECONFIG={{ k3s_kubeconfig }}
kubectl delete job nfs-pvc-verify-demo -n default --ignore-not-found=true
args:
executable: /bin/bash
changed_when: true
- name: Delete PV/PVC manifest when VERIFY_TEARDOWN=1
when: verify_teardown == "1"
ansible.builtin.shell: |
set -e
KUBECONFIG={{ k3s_kubeconfig }} kubectl delete -f {{ manifest_dest }} --ignore-not-found=true
args:
executable: /bin/bash
changed_when: true
Reference in New Issue View Git Blame Copy Permalink