From 8174f7ebf658b65aadd90ab0db270f04c74044d0 Mon Sep 17 00:00:00 2001 From: Citrullin Date: Thu, 16 Jun 2022 15:17:44 +0200 Subject: [PATCH] Add ipwrap to relevant places to wrap potential IPv6 addresses in [ ] --- roles/etcd/handlers/main.yml | 4 +-- roles/etcd/tasks/join_etcd-events_member.yml | 2 +- roles/etcd/tasks/join_etcd_member.yml | 2 +- roles/etcd/templates/etcd-events.env.j2 | 4 +-- roles/etcd/templates/etcd.env.j2 | 6 ++-- .../control-plane/handlers/main.yml | 4 +-- .../control-plane/tasks/kubeadm-upgrade.yml | 2 +- roles/kubespray-defaults/defaults/main.yaml | 32 +++++++++---------- .../post-recover/tasks/main.yml | 4 +-- scripts/collect-info.yaml | 2 +- tests/testcases/010_check-apiserver.yml | 2 +- 11 files changed, 32 insertions(+), 32 deletions(-) diff --git a/roles/etcd/handlers/main.yml b/roles/etcd/handlers/main.yml index fa0d273c5..8d2965d95 100644 --- a/roles/etcd/handlers/main.yml +++ b/roles/etcd/handlers/main.yml @@ -34,7 +34,7 @@ - name: wait for etcd up uri: - url: "https://{% if is_etcd_master %}{{ etcd_address }}{% else %}127.0.0.1{% endif %}:2379/health" + url: "https://{% if is_etcd_master %}{{ etcd_address | ipwrap }}{% else %}127.0.0.1{% endif %}:2379/health" validate_certs: no client_cert: "{{ etcd_cert_dir }}/member-{{ inventory_hostname }}.pem" client_key: "{{ etcd_cert_dir }}/member-{{ inventory_hostname }}-key.pem" @@ -45,7 +45,7 @@ - name: wait for etcd-events up uri: - url: "https://{% if is_etcd_master %}{{ etcd_address }}{% else %}127.0.0.1{% endif %}:2383/health" + url: "https://{% if is_etcd_master %}{{ etcd_address | ipwrap }}{% else %}127.0.0.1{% endif %}:2383/health" validate_certs: no client_cert: "{{ etcd_cert_dir }}/member-{{ inventory_hostname }}.pem" client_key: "{{ etcd_cert_dir }}/member-{{ inventory_hostname }}-key.pem" diff --git a/roles/etcd/tasks/join_etcd-events_member.yml b/roles/etcd/tasks/join_etcd-events_member.yml index 8336f1a40..3a34fd65d 100644 --- a/roles/etcd/tasks/join_etcd-events_member.yml +++ b/roles/etcd/tasks/join_etcd-events_member.yml @@ -17,7 +17,7 @@ etcd_events_peer_addresses: >- {% for host in groups['etcd'] -%} {%- if hostvars[host]['etcd_events_member_in_cluster'].rc == 0 -%} - {{ "etcd"+loop.index|string }}=https://{{ hostvars[host].etcd_events_access_address | default(hostvars[host].ip | default(fallback_ips[host])) }}:2382, + {{ "etcd"+loop.index|string }}=https://{{ hostvars[host].etcd_events_access_address | default(hostvars[host].ip | default(fallback_ips[host])) | ipwrap }}:2382, {%- endif -%} {%- if loop.last -%} {{ etcd_member_name }}={{ etcd_events_peer_url }} diff --git a/roles/etcd/tasks/join_etcd_member.yml b/roles/etcd/tasks/join_etcd_member.yml index 22440394f..addf13017 100644 --- a/roles/etcd/tasks/join_etcd_member.yml +++ b/roles/etcd/tasks/join_etcd_member.yml @@ -18,7 +18,7 @@ etcd_peer_addresses: >- {% for host in groups['etcd'] -%} {%- if hostvars[host]['etcd_member_in_cluster'].rc == 0 -%} - {{ "etcd"+loop.index|string }}=https://{{ hostvars[host].etcd_access_address | default(hostvars[host].ip | default(fallback_ips[host])) }}:2380, + {{ "etcd"+loop.index|string }}=https://{{ hostvars[host].etcd_access_address | default(hostvars[host].ip | default(fallback_ips[host])) | ipwrap }}:2380, {%- endif -%} {%- if loop.last -%} {{ etcd_member_name }}={{ etcd_peer_url }} diff --git a/roles/etcd/templates/etcd-events.env.j2 b/roles/etcd/templates/etcd-events.env.j2 index bcb0cc748..353c8d340 100644 --- a/roles/etcd/templates/etcd-events.env.j2 +++ b/roles/etcd/templates/etcd-events.env.j2 @@ -4,11 +4,11 @@ ETCD_INITIAL_ADVERTISE_PEER_URLS={{ etcd_events_peer_url }} ETCD_INITIAL_CLUSTER_STATE={% if etcd_events_cluster_is_healthy.rc == 0 | bool %}existing{% else %}new{% endif %} ETCD_METRICS={{ etcd_metrics }} -ETCD_LISTEN_CLIENT_URLS=https://{{ etcd_address }}:2383,https://127.0.0.1:2383 +ETCD_LISTEN_CLIENT_URLS=https://{{ etcd_address | ipwrap }}:2383,https://127.0.0.1:2383 ETCD_ELECTION_TIMEOUT={{ etcd_election_timeout }} ETCD_HEARTBEAT_INTERVAL={{ etcd_heartbeat_interval }} ETCD_INITIAL_CLUSTER_TOKEN=k8s_events_etcd -ETCD_LISTEN_PEER_URLS=https://{{ etcd_address }}:2382 +ETCD_LISTEN_PEER_URLS=https://{{ etcd_address | ipwrap }}:2382 ETCD_NAME={{ etcd_member_name }}-events ETCD_PROXY=off ETCD_INITIAL_CLUSTER={{ etcd_events_peer_addresses }} diff --git a/roles/etcd/templates/etcd.env.j2 b/roles/etcd/templates/etcd.env.j2 index 8b1b699fc..e187b6c99 100644 --- a/roles/etcd/templates/etcd.env.j2 +++ b/roles/etcd/templates/etcd.env.j2 @@ -6,13 +6,13 @@ ETCD_INITIAL_CLUSTER_STATE={% if etcd_cluster_is_healthy.rc == 0 | bool %}existi ETCD_METRICS={{ etcd_metrics }} {% if etcd_metrics_port is defined %} -ETCD_LISTEN_METRICS_URLS=http://{{ etcd_address }}:{{ etcd_metrics_port }},http://127.0.0.1:{{ etcd_metrics_port }} +ETCD_LISTEN_METRICS_URLS=http://{{ etcd_address | ipwrap }}:{{ etcd_metrics_port }},http://127.0.0.1:{{ etcd_metrics_port }} {% endif %} -ETCD_LISTEN_CLIENT_URLS=https://{{ etcd_address }}:2379,https://127.0.0.1:2379 +ETCD_LISTEN_CLIENT_URLS=https://{{ etcd_address | ipwrap }}:2379,https://127.0.0.1:2379 ETCD_ELECTION_TIMEOUT={{ etcd_election_timeout }} ETCD_HEARTBEAT_INTERVAL={{ etcd_heartbeat_interval }} ETCD_INITIAL_CLUSTER_TOKEN=k8s_etcd -ETCD_LISTEN_PEER_URLS=https://{{ etcd_address }}:2380 +ETCD_LISTEN_PEER_URLS=https://{{ etcd_address | ipwrap }}:2380 ETCD_NAME={{ etcd_member_name }} ETCD_PROXY=off ETCD_INITIAL_CLUSTER={{ etcd_peer_addresses }} diff --git a/roles/kubernetes/control-plane/handlers/main.yml b/roles/kubernetes/control-plane/handlers/main.yml index e6bc321e2..879fb0137 100644 --- a/roles/kubernetes/control-plane/handlers/main.yml +++ b/roles/kubernetes/control-plane/handlers/main.yml @@ -95,7 +95,7 @@ vars: endpoint: "{{ kube_scheduler_bind_address if kube_scheduler_bind_address != '0.0.0.0' else 'localhost' }}" uri: - url: https://{{ endpoint }}:10259/healthz + url: https://{{ endpoint | ipwrap }}:10259/healthz validate_certs: no register: scheduler_result until: scheduler_result.status == 200 @@ -106,7 +106,7 @@ vars: endpoint: "{{ kube_controller_manager_bind_address if kube_controller_manager_bind_address != '0.0.0.0' else 'localhost' }}" uri: - url: https://{{ endpoint }}:10257/healthz + url: https://{{ endpoint | ipwrap }}:10257/healthz validate_certs: no register: controller_manager_result until: controller_manager_result.status == 200 diff --git a/roles/kubernetes/control-plane/tasks/kubeadm-upgrade.yml b/roles/kubernetes/control-plane/tasks/kubeadm-upgrade.yml index 711a2e083..7c0b3dae0 100644 --- a/roles/kubernetes/control-plane/tasks/kubeadm-upgrade.yml +++ b/roles/kubernetes/control-plane/tasks/kubeadm-upgrade.yml @@ -1,7 +1,7 @@ --- - name: kubeadm | Check api is up uri: - url: "https://{{ ip | default(fallback_ips[inventory_hostname]) }}:{{ kube_apiserver_port }}/healthz" + url: "https://{{ ip | default(fallback_ips[inventory_hostname]) | ipwrap }}:{{ kube_apiserver_port }}/healthz" validate_certs: false when: inventory_hostname in groups['kube_control_plane'] register: _result diff --git a/roles/kubespray-defaults/defaults/main.yaml b/roles/kubespray-defaults/defaults/main.yaml index e0d948d74..faf77770b 100644 --- a/roles/kubespray-defaults/defaults/main.yaml +++ b/roles/kubespray-defaults/defaults/main.yaml @@ -536,21 +536,21 @@ loadbalancer_apiserver_type: "nginx" apiserver_loadbalancer_domain_name: "lb-apiserver.kubernetes.local" kube_apiserver_global_endpoint: |- {% if loadbalancer_apiserver is defined -%} - https://{{ apiserver_loadbalancer_domain_name }}:{{ loadbalancer_apiserver.port|default(kube_apiserver_port) }} + https://{{ apiserver_loadbalancer_domain_name | ipwrap }}:{{ loadbalancer_apiserver.port|default(kube_apiserver_port) }} {%- elif use_localhost_as_kubeapi_loadbalancer|default(False)|bool -%} https://127.0.0.1:{{ kube_apiserver_port }} {%- else -%} - https://{{ first_kube_control_plane_address }}:{{ kube_apiserver_port }} + https://{{ first_kube_control_plane_address | ipwrap }}:{{ kube_apiserver_port }} {%- endif %} kube_apiserver_endpoint: |- {% if loadbalancer_apiserver is defined -%} - https://{{ apiserver_loadbalancer_domain_name }}:{{ loadbalancer_apiserver.port|default(kube_apiserver_port) }} + https://{{ apiserver_loadbalancer_domain_name | ipwrap }}:{{ loadbalancer_apiserver.port|default(kube_apiserver_port) }} {%- elif not is_kube_master and loadbalancer_apiserver_localhost -%} https://localhost:{{ loadbalancer_apiserver_port|default(kube_apiserver_port) }} {%- elif is_kube_master -%} - https://{{ kube_apiserver_bind_address | regex_replace('0\.0\.0\.0','127.0.0.1') }}:{{ kube_apiserver_port }} + https://{{ kube_apiserver_bind_address | regex_replace('0\.0\.0\.0','127.0.0.1') | ipwrap }}:{{ kube_apiserver_port }} {%- else -%} - https://{{ first_kube_control_plane_address }}:{{ kube_apiserver_port }} + https://{{ first_kube_control_plane_address | ipwrap }}:{{ kube_apiserver_port }} {%- endif %} kube_apiserver_client_cert: "{{ kube_cert_dir }}/ca.crt" kube_apiserver_client_key: "{{ kube_cert_dir }}/ca.key" @@ -564,25 +564,25 @@ etcd_hosts: "{{ groups['etcd'] | default(groups['kube_control_plane']) }}" # Vars for pointing to etcd endpoints is_etcd_master: "{{ inventory_hostname in groups['etcd'] }}" etcd_address: "{{ ip | default(fallback_ips[inventory_hostname]) }}" -etcd_access_address: "{{ access_ip | default(etcd_address) }}" -etcd_events_access_address: "{{ access_ip | default(etcd_address) }}" -etcd_peer_url: "https://{{ etcd_access_address }}:2380" -etcd_client_url: "https://{{ etcd_access_address }}:2379" -etcd_events_peer_url: "https://{{ etcd_events_access_address }}:2382" -etcd_events_client_url: "https://{{ etcd_events_access_address }}:2383" +etcd_access_address: "{{ access_ip | default(etcd_address) | ipwrap }}" +etcd_events_access_address: "{{ access_ip | default(etcd_address) | ipwrap }}" +etcd_peer_url: "https://{{ etcd_access_address | ipwrap }}:2380" +etcd_client_url: "https://{{ etcd_access_address | ipwrap }}:2379" +etcd_events_peer_url: "https://{{ etcd_events_access_address | ipwrap }}:2382" +etcd_events_client_url: "https://{{ etcd_events_access_address | ipwrap }}:2383" etcd_access_addresses: |- {% for item in etcd_hosts -%} - https://{{ hostvars[item]['etcd_access_address'] | default(hostvars[item]['ip'] | default(fallback_ips[item])) }}:2379{% if not loop.last %},{% endif %} + https://{{ hostvars[item]['etcd_access_address'] | default(hostvars[item]['ip'] | default(fallback_ips[item])) | ipwrap }}:2379{% if not loop.last %},{% endif %} {%- endfor %} etcd_events_access_addresses_list: |- [ {% for item in etcd_hosts -%} - 'https://{{ hostvars[item]['etcd_events_access_address'] | default(hostvars[item]['ip'] | default(fallback_ips[item])) }}:2383'{% if not loop.last %},{% endif %} + 'https://{{ hostvars[item]['etcd_events_access_address'] | default(hostvars[item]['ip'] | default(fallback_ips[item])) | ipwrap }}:2383'{% if not loop.last %},{% endif %} {%- endfor %} ] etcd_metrics_addresses: |- {% for item in etcd_hosts -%} - https://{{ hostvars[item]['etcd_access_address'] | default(hostvars[item]['ip'] | default(fallback_ips[item])) }}:{{ etcd_metrics_port | default(2381) }}{% if not loop.last %},{% endif %} + https://{{ hostvars[item]['etcd_access_address'] | default(hostvars[item]['ip'] | default(fallback_ips[item])) | ipwrap }}:{{ etcd_metrics_port | default(2381) }}{% if not loop.last %},{% endif %} {%- endfor %} etcd_events_access_addresses: "{{etcd_events_access_addresses_list | join(',')}}" etcd_events_access_addresses_semicolon: "{{etcd_events_access_addresses_list | join(';')}}" @@ -593,11 +593,11 @@ etcd_member_name: |- {% endfor %} etcd_peer_addresses: |- {% for item in groups['etcd'] -%} - {{ hostvars[item].etcd_member_name | default("etcd" + loop.index|string) }}=https://{{ hostvars[item].etcd_access_address | default(hostvars[item].ip | default(fallback_ips[item])) }}:2380{% if not loop.last %},{% endif %} + {{ hostvars[item].etcd_member_name | default("etcd" + loop.index|string) }}=https://{{ hostvars[item].etcd_access_address | default(hostvars[item].ip | default(fallback_ips[item])) | ipwrap }}:2380{% if not loop.last %},{% endif %} {%- endfor %} etcd_events_peer_addresses: |- {% for item in groups['etcd'] -%} - {{ hostvars[item].etcd_member_name | default("etcd" + loop.index|string) }}-events=https://{{ hostvars[item].etcd_events_access_address | default(hostvars[item].ip | default(fallback_ips[item])) }}:2382{% if not loop.last %},{% endif %} + {{ hostvars[item].etcd_member_name | default("etcd" + loop.index|string) }}-events=https://{{ hostvars[item].etcd_events_access_address | default(hostvars[item].ip | default(fallback_ips[item])) | ipwrap }}:2382{% if not loop.last %},{% endif %} {%- endfor %} podsecuritypolicy_enabled: false diff --git a/roles/recover_control_plane/post-recover/tasks/main.yml b/roles/recover_control_plane/post-recover/tasks/main.yml index b1cd5e5ef..85252b6b9 100644 --- a/roles/recover_control_plane/post-recover/tasks/main.yml +++ b/roles/recover_control_plane/post-recover/tasks/main.yml @@ -5,10 +5,10 @@ etcd_servers: >- {% for host in groups['etcd'] -%} {% if not loop.last -%} - https://{{ hostvars[host].access_ip | default(hostvars[host].ip | default(hostvars[host].ansible_default_ipv4['address'])) }}:2379, + https://{{ hostvars[host].access_ip | default(hostvars[host].ip | ipwrap | default(hostvars[host].ansible_default_ipv4['address'])) }}:2379, {%- endif -%} {%- if loop.last -%} - https://{{ hostvars[host].access_ip | default(hostvars[host].ip | default(hostvars[host].ansible_default_ipv4['address'])) }}:2379 + https://{{ hostvars[host].access_ip | default(hostvars[host].ip | ipwrap | default(hostvars[host].ansible_default_ipv4['address'])) }}:2379 {%- endif -%} {%- endfor -%} diff --git a/scripts/collect-info.yaml b/scripts/collect-info.yaml index 3f31217d3..9c7de5fce 100644 --- a/scripts/collect-info.yaml +++ b/scripts/collect-info.yaml @@ -108,7 +108,7 @@ set_fact: etcd_access_addresses: |- {% for item in groups['etcd'] -%} - https://{{ item }}:2379{% if not loop.last %},{% endif %} + https://{{ item | ipwrap }}:2379{% if not loop.last %},{% endif %} {%- endfor %} when: "'etcd' in groups" diff --git a/tests/testcases/010_check-apiserver.yml b/tests/testcases/010_check-apiserver.yml index e84bad264..079be7feb 100644 --- a/tests/testcases/010_check-apiserver.yml +++ b/tests/testcases/010_check-apiserver.yml @@ -4,7 +4,7 @@ tasks: - name: Check the API servers are responding uri: - url: "https://{{ access_ip | default(ansible_default_ipv4.address) }}:{{ kube_apiserver_port | default(6443) }}/version" + url: "https://{{ access_ip | ipwrap | default(ansible_default_ipv4.address) }}:{{ kube_apiserver_port | default(6443) }}/version" validate_certs: no status_code: 200 register: apiserver_response