From b9077d3ea2958bdcdccc2d7944d31e8dfec9b962 Mon Sep 17 00:00:00 2001 From: Cristian Klein Date: Mon, 11 Jan 2021 15:15:08 +0100 Subject: [PATCH] Add ping_access_ip; allows to disable ping test (#7020) In some environments, it might not be possible to ping the IP address of the nodes, e.g., because ICMP echo is blocked. This commit allows kubespray to be configured to disable the ping check, while performing all other checks. --- inventory/sample/group_vars/all/all.yml | 3 +++ roles/kubernetes/preinstall/defaults/main.yml | 3 +++ roles/kubernetes/preinstall/tasks/0020-verify-settings.yml | 1 + 3 files changed, 7 insertions(+) diff --git a/inventory/sample/group_vars/all/all.yml b/inventory/sample/group_vars/all/all.yml index c9d3766a..89b39679 100644 --- a/inventory/sample/group_vars/all/all.yml +++ b/inventory/sample/group_vars/all/all.yml @@ -109,3 +109,6 @@ no_proxy_exclude_workers: false # rh_subscription_usage: "Development" # rh_subscription_role: "Red Hat Enterprise Server" # rh_subscription_sla: "Self-Support" + +## Check if access_ip responds to ping. Set false if your firewall blocks ICMP. +# ping_access_ip: true diff --git a/roles/kubernetes/preinstall/defaults/main.yml b/roles/kubernetes/preinstall/defaults/main.yml index 5bf702db..5a562f78 100644 --- a/roles/kubernetes/preinstall/defaults/main.yml +++ b/roles/kubernetes/preinstall/defaults/main.yml @@ -56,3 +56,6 @@ yum_repo_dir: /etc/yum.repos.d # number of times package install task should be retried pkg_install_retries: 4 + +# Check if access_ip responds to ping. Set false if your firewall blocks ICMP. +ping_access_ip: true diff --git a/roles/kubernetes/preinstall/tasks/0020-verify-settings.yml b/roles/kubernetes/preinstall/tasks/0020-verify-settings.yml index a2db1d99..371e6643 100644 --- a/roles/kubernetes/preinstall/tasks/0020-verify-settings.yml +++ b/roles/kubernetes/preinstall/tasks/0020-verify-settings.yml @@ -114,6 +114,7 @@ when: - access_ip is defined - not ignore_assert_errors + - ping_access_ip - name: Stop if RBAC is not enabled when dashboard is enabled assert: