Merge pull request #1 from rancherfederal/main

Rebase on upstream main

.ansible-lint-ignore

@@ -0,0 +1,3 @@
+# This file contains ignores rule violations for ansible-lint
+
+roles/testing/tasks/troubleshooting.yml ignore-errors

.github/workflows/centos7.yml

@@ -3,7 +3,6 @@ name: CentOS 7
 
 on:
   pull_request:
-  push:
   workflow_dispatch:
 
 env:
@@ -19,10 +18,10 @@ jobs:
 
     steps:
       - name: Check out the codebase.
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
 
-      - name: Set up Python 3.7.
-        uses: actions/setup-python@v2
+      - name: Set up Python.
+        uses: actions/setup-python@v4
         with:
           python-version: '3.x'
 

.github/workflows/lint.yml

@@ -0,0 +1,40 @@
+---
+name: CentOS 7
+
+on:
+  push:
+
+env:
+  AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+  AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+  AWS_DEFAULT_REGION: us-gov-west-1
+
+jobs:
+
+  lint-test:
+    name: Lint for push
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Check out the codebase.
+        uses: actions/checkout@v3
+
+      - name: Set up Python.
+        uses: actions/setup-python@v4
+        with:
+          python-version: '3.x'
+
+      - name: Install test dependencies.
+        run: pip3 install yamllint ansible-lint ansible
+
+      - name: Version check
+        run: |
+          ansible --version
+          ansible-lint --version
+          yamllint --version
+
+      - name: Run yamllint.
+        run: yamllint .
+
+      - name: Run ansible-lint.
+        run: ansible-lint

.github/workflows/ubuntu20.yml

@@ -18,10 +18,10 @@ jobs:
 
     steps:
       - name: Check out the codebase.
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
 
-      - name: Set up Python 3.7.
-        uses: actions/setup-python@v2
+      - name: Set up Python.
+        uses: actions/setup-python@v4
         with:
           python-version: '3.x'
 

inventory/sample/hosts.ini

@@ -2,7 +2,7 @@
 ; Optional hostvars that can be pased in to individual nodes include node_ip, node_name, bind_address, advertise_address, node_taints=[], node_labels=[], and node_external_ip
 ; Example:
 [rke2_servers]
-; host0 node_labels='["extraLabel0=true"]' node_ip="10.10.10.10" node_name="customName0" bind_address="10.10.10.10" advertise_adress="10.10.10.10" node_external_ip="52.52.52.52" node_taints='["CriticalAddonsOnly=true:NoSchedule"]' cloud_provider_name="aws"
+; host0 node_labels='["extraLabel0=true"]' node_ip="10.10.10.10" node_name="customName0" bind_address="10.10.10.10" advertise_address="10.10.10.10" node_external_ip="52.52.52.52" node_taints='["CriticalAddonsOnly=true:NoSchedule"]' cloud_provider_name="aws"
 ; host1 node_labels='["extraLabel1=true"]' node_ip="10.10.10.11" node_name="customName1" node_taints='["CriticalAddonsOnly=true:NoSchedule"]' cloud_provider_name="aws"
 ; host2 node_labels='["extraLabel0=true"]' node_ip="10.10.10.12" node_name="customName1" node_taints='["CriticalAddonsOnly=true:NoSchedule"]' cloud_provider_name="aws"
 

roles/rke2_common/tasks/config.yml

@@ -104,7 +104,7 @@
 - name: Update rke2_config to take value of updated_rke2_config  # noqa no-handler
   set_fact:
     rke2_config: "{{ updated_rke2_config.rke2_config }}"
-  when: updated_rke2_config.changed
+  when: (node_ip is defined) and (node_ip|length > 0)
   changed_when: false
 
 # --node-name value (agent/node) Node name [$RKE2_NODE_NAME]
@@ -120,7 +120,7 @@
 - name: Update rke2_config to take value of updated_rke2_config  # noqa no-handler
   set_fact:
     rke2_config: "{{ updated_rke2_config.rke2_config }}"
-  when: updated_rke2_config.changed
+  when: (node_name is defined) and (node_name|length > 0)
   changed_when: false
 
 # --bind-address value (listener) rke2 bind address (default: 0.0.0.0)
@@ -136,7 +136,7 @@
 - name: Update rke2_config to take value of updated_rke2_config  # noqa no-handler
   set_fact:
     rke2_config: "{{ updated_rke2_config.rke2_config }}"
-  when: updated_rke2_config.changed
+  when: (bind_address is defined) and (bind_address|length > 0)
   changed_when: false
 
 # --advertise-address value (listener) IPv4 address that apiserver uses
@@ -153,7 +153,7 @@
 - name: Update rke2_config to take value of updated_rke2_config  # noqa no-handler
   set_fact:
     rke2_config: "{{ updated_rke2_config.rke2_config }}"
-  when: updated_rke2_config.changed
+  when: (advertise_address is defined) and (advertise_address|length > 0)
   changed_when: false
 
 # --node-external-ip value (agent/networking) IPv4/IPv6 external IP addresses to advertise for node
@@ -169,7 +169,7 @@
 - name: Update rke2_config to take value of updated_rke2_config  # noqa no-handler
   set_fact:
     rke2_config: "{{ updated_rke2_config.rke2_config }}"
-  when: updated_rke2_config.changed
+  when: (node_external_ip is defined) and (node_external_ip|length > 0)
   changed_when: false
 
 # --cloud-provider-name value (agent/node) Cloud provider name
@@ -184,7 +184,7 @@
 - name: Update rke2_config to take value of updated_rke2_config  # noqa no-handler
   set_fact:
     rke2_config: "{{ updated_rke2_config.rke2_config }}"
-  when: updated_rke2_config.changed
+  when: (cloud_provider_name is defined) and (cloud_provider_name|length > 0)
 
 - name: Remove tmp config file
   ansible.builtin.file:

roles/rke2_common/tasks/images_tarball_install.yml

@@ -2,16 +2,18 @@
 - name: "Check for images tar.gz in {{ playbook_dir }}/tarball_install/rke2-images.linux-amd64.tar.gz"  # noqa name[template] yaml[line-length]
   stat:
     path: "{{ playbook_dir }}/tarball_install/rke2-images.linux-amd64.tar.gz"
+    get_checksum: false
   register: got_images_gz
   delegate_to: 127.0.0.1
-  become: no
+  become: false
 
 - name: "Check for images tar.zst in {{ playbook_dir }}/tarball_install/rke2-images.linux-amd64.tar.zst"  # noqa name[template] yaml[line-length]
   stat:
     path: "{{ playbook_dir }}/tarball_install/rke2-images.linux-amd64.tar.zst"
+    get_checksum: false
   register: got_images_zst
   delegate_to: 127.0.0.1
-  become: no
+  become: false
 
 - name: Add images tar.gz to needed directory if provided
   copy:

roles/rke2_common/tasks/main.yml

@@ -31,18 +31,23 @@
       and not installed
 
 - name: RHEL/CentOS Installation
+  when:
+    - ansible_os_family == 'RedHat' or ansible_os_family == 'Rocky'
+    - not rke2_binary_tarball_check.stat.exists
   block:
     - name: Install redhat-lsb-core
-      yum: name=redhat-lsb-core state=present
       when: "'redhat-lsb-core' not in ansible_facts.packages"
+      yum:
+        name: redhat-lsb-core
+        state: present
+
     - name: Reread ansible_lsb facts
-      setup: filter=ansible_lsb*
       when: "'redhat-lsb-core' not in ansible_facts.packages"
+      setup:
+        filter: ansible_lsb*
+
     - name: Include task file rpm_install.yml
       include_tasks: rpm_install.yml
-  when:
-    - ansible_os_family == 'RedHat' or ansible_os_family == 'Rocky'
-    - not rke2_binary_tarball_check.stat.exists
 
 # Disable Firewalld
 # We recommend disabling firewalld. For Kubernetes 1.19+, firewalld must be turned off.

roles/rke2_common/tasks/rpm_install.yml

@@ -3,23 +3,23 @@
 - name: "Calculate rke2 full version "
   when: ( install_rke2_version is not defined ) or ( install_rke2_version | length == 0 )  # noqa var-spacing
   block:
-  - name: Stop if the provided is not valid
-    fail:
-      msg: "Provided channel is not valid"
-    when: rke2_channel not in channels
-
-  - name: Get full version name url
-    uri:
-      url: https://update.rke2.io/v1-release/channels/{{ rke2_channel }}
-      follow_redirects: all
-    register: rke2_version_url
-
-  - name: Set full version name
-    shell: set -o pipefail && echo {{ rke2_version_url.url }} | sed -e 's|.*/||'
-    register: rke2_full_version
-    changed_when: false
-    args:
-      executable: /usr/bin/bash
+    - name: Stop if the provided is not valid
+      fail:
+        msg: "Provided channel is not valid"
+      when: rke2_channel not in channels
+
+    - name: Get full version name url
+      uri:
+        url: https://update.rke2.io/v1-release/channels/{{ rke2_channel }}
+        follow_redirects: all
+      register: rke2_version_url
+
+    - name: Set full version name
+      shell: set -o pipefail && echo {{ rke2_version_url.url }} | sed -e 's|.*/||'
+      register: rke2_full_version
+      changed_when: false
+      args:
+        executable: /usr/bin/bash
 
 - name: Set rke2_full_version fact  # noqa var-spacing
   set_fact:

site.yml

@@ -1,13 +1,15 @@
 ---
 
-- hosts: rke2_servers
+- name: Server play
+  hosts: rke2_servers
   any_errors_fatal: true
   become: true
   roles:
     - role: rke2_server
   serial: 1
 
-- hosts: rke2_agents
+- name: Agent play
+  hosts: rke2_agents
   any_errors_fatal: true
   become: true
   roles:

tarball_install/README.md

@@ -20,7 +20,7 @@ RKE2 can be installed in an air-gapped environment with two different methods. Y
 
 All files mentioned in the steps can be obtained from the assets of the desired released rke2 version [here](https://github.com/rancher/rke2/releases).
 
-If running on an SELinux enforcing air-gapped node, you must first install the necessary SELinux policy RPM before performing these steps. See our [RPM Documentation](https://github.com/rancher/rke2#rpm-repositories) to determine what you need.
+If running on an SELinux enforcing air-gapped node, you must first install the necessary SELinux policy RPM before performing these steps. See our [RPM Documentation](https://docs.rke2.io/install/methods/#rpm) to determine what you need.
 
 # Tarball Method
 This ansible playbook will detect if the `rke2-images.linux-amd64.tar.zst` and `rke2.linux-amd64.tar.gz` files are in the tarball_install/ directory. If the files are in the directory then the install process will skip both the yum install and the need to download the tarball.
@@ -29,4 +29,4 @@ This ansible playbook will detect if the `rke2-images.linux-amd64.tar.zst` and `
 If either the `rke2-images.linux-amd64.tar.zst` or `rke2-images.linux-amd64.tar.gz` files are found in the tarbarll_install/ directory then this playbook will use the images inside the tarball and not docker.io or a private registry.
 
 ## Tarball Install
-If the `rke2.linux-amd64.tar.gz` file is found in the tarball_install/ directory then this playbook will install RKE2 using that version. This will use the default docker.io registry unless the images tarball is present or unless the `system-default-registry` variable is set.
+If the `rke2.linux-amd64.tar.gz` file is found in the tarball_install/ directory then this playbook will install RKE2 using that version. This will use the default docker.io registry unless the images tarball is present or unless the `system-default-registry` variable is set.

testing.yml

@@ -1,5 +1,6 @@
 ---
-- hosts: all
+- name: Testing play
+  hosts: all
   become: yes
   roles:
     - role: testing