Wait for CNI plugin become ready (#1178)

* Update Calico and Canal to v3.13.2

* Wait for CNI plugin become ready

* Configure NetworkManager for Calico networking

CHANGELOG-0.6.md

@@ -6,6 +6,11 @@
 
 - [#1154](https://github.com/epiphany-platform/epiphany/issues/1154) - Node exporter is not installed on logging vms
 - [#1135](https://github.com/epiphany-platform/epiphany/issues/1135) - 2ndquadrant yum repos remain enabled on repository host after teardown
+- [#1169](https://github.com/epiphany-platform/epiphany/issues/1169) - Task 'Get token from master' fails on-prem when calico plugin is used
+
+### Updates
+
+- Update Calico and Canal to v3.13.2
 
 ## [0.6.0] 2020-04-06
 

core/src/epicli/data/common/ansible/playbooks/roles/kubernetes_master/files/calico-network-manager.conf

@@ -0,0 +1,3 @@
+# Ansible managed
+[keyfile]
+unmanaged-devices=interface-name:cali*;interface-name:tunl*

core/src/epicli/data/common/ansible/playbooks/roles/kubernetes_master/tasks/apply-network-components.yml

@@ -1,3 +1,25 @@
 ---
 - name: Apply network plugin configured by user
   include_tasks: "./cni-plugins/{{ network_plugin }}.yml"
+
+# Wait for CNI plugin become ready to prevent failure of 'Get token from master' task on node before joining master
+- name: Wait for CNI plugin become ready
+  shell: >-
+    kubectl wait --for=condition=Ready pods -l {{ selectors[network_plugin] }}
+    --field-selector=spec.nodeName=$(hostname --long) -n kube-system --timeout=10s
+  args:
+    executable: /bin/bash
+  environment:
+    KUBECONFIG: /home/{{ admin_user.name }}/.kube/config
+  register: wait_for_cni_plugin
+  until: wait_for_cni_plugin is succeeded
+  retries: 30
+  delay: 1
+  changed_when: false
+  vars:
+    selectors:
+      calico: k8s-app=calico-node
+      canal: k8s-app=canal
+      flannel: app=flannel
+  when:
+    - network_plugin in selectors.keys()

core/src/epicli/data/common/ansible/playbooks/roles/kubernetes_master/tasks/cni-plugins/calico.yml

@@ -1,4 +1,43 @@
 ---
+- name: Configure NetworkManager before attempting to use Calico networking
+  block:
+    # /etc/NetworkManager/conf.d directory is created by NetworkManager(rpm)/network-manager(deb) package
+    - name: Check if /etc/NetworkManager/conf.d exists
+      stat:
+        path: /etc/NetworkManager/conf.d
+        get_attributes: no
+      register: network_manager_conf_d_stat
+
+    - name: Copy calico.conf to /etc/NetworkManager/conf.d
+      copy:
+        src: calico-network-manager.conf
+        dest: /etc/NetworkManager/conf.d/calico.conf
+        owner: root
+        group: root
+        mode: u=rw,g=r,o=r
+      register: copy_calico_network_manager_conf
+      when:
+        - network_manager_conf_d_stat.stat.exists
+
+    - name: Reload NetworkManager service
+      block:
+        - name: Check if NetworkManager service is loaded
+          shell: >-
+            set -o pipefail &&
+            systemctl list-units --type=service --state=loaded | grep -q NetworkManager.service
+          args:
+            executable: /bin/bash
+          register: network_manager_service_status
+          changed_when: false
+
+        - name: Reload NetworkManager service
+          systemd:
+            name: NetworkManager
+            state: reloaded
+          when:
+            - network_manager_service_status.rc == 0
+      when: copy_calico_network_manager_conf.changed
+
 - name: Create calico deployment
   template:
     src: calico.yml.j2