From 9322b198e7a3d4756e03a59dd76bda0b27b116b2 Mon Sep 17 00:00:00 2001 From: Simon Ungar Felding <45149055+simonfelding@users.noreply.github.com> Date: Fri, 1 Aug 2025 17:34:33 +0200 Subject: [PATCH 01/13] fix it --- tasks/rke2.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tasks/rke2.yml b/tasks/rke2.yml index 15cd251..23d4586 100644 --- a/tasks/rke2.yml +++ b/tasks/rke2.yml @@ -229,7 +229,7 @@ versions: "{{ versions_check.stdout | from_json }}" - name: Prevent accidental RKE2 downgrade - when: not ansible_check_mode and installed_version != "not installed" and not rke2_allow_downgrade + when: not ansible_check_mode and installed_version != "not installed" and not rke2_allow_downgrade or (rke2_version is defined and rke2_channel is undefined) ansible.builtin.assert: that: - > @@ -248,7 +248,7 @@ running_version_clean: "{{ running_version | regex_search('v([0-9]+\\.[0-9]+\\.[0-9]+)', '\\1') }}" - name: Run RKE2 install script - when: not ansible_check_mode and rke2_version != installed_version + when: not ansible_check_mode and ((rke2_version is undefined and rke2_channel is defined) or rke2_version != installed_version) block: - name: Run RKE2 install script with airgap variables ansible.builtin.command: From 4a0c77a3bcbd73d3a1e238d9de76cb5b6d49fcc8 Mon Sep 17 00:00:00 2001 From: Simon Ungar Felding <45149055+simonfelding@users.noreply.github.com> Date: Mon, 11 Aug 2025 09:19:47 +0200 Subject: [PATCH 02/13] maybe this works? --- tasks/rke2.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tasks/rke2.yml b/tasks/rke2.yml index 23d4586..25de361 100644 --- a/tasks/rke2.yml +++ b/tasks/rke2.yml @@ -229,7 +229,7 @@ versions: "{{ versions_check.stdout | from_json }}" - name: Prevent accidental RKE2 downgrade - when: not ansible_check_mode and installed_version != "not installed" and not rke2_allow_downgrade or (rke2_version is defined and rke2_channel is undefined) + when: not ansible_check_mode and installed_version != "not installed" and (not rke2_allow_downgrade or (rke2_version is defined and rke2_channel is undefined)) ansible.builtin.assert: that: - > From e2075d76d59f8fcc7dfeae4d9f7ce2ea9e890f7c Mon Sep 17 00:00:00 2001 From: Simon Ungar Felding <45149055+simonfelding@users.noreply.github.com> Date: Mon, 11 Aug 2025 09:24:57 +0200 Subject: [PATCH 03/13] this should fix it --- tasks/rke2.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tasks/rke2.yml b/tasks/rke2.yml index 25de361..9a56f26 100644 --- a/tasks/rke2.yml +++ b/tasks/rke2.yml @@ -229,7 +229,7 @@ versions: "{{ versions_check.stdout | from_json }}" - name: Prevent accidental RKE2 downgrade - when: not ansible_check_mode and installed_version != "not installed" and (not rke2_allow_downgrade or (rke2_version is defined and rke2_channel is undefined)) + when: not ansible_check_mode and installed_version != "not installed" and not rke2_allow_downgrade and (rke2_version is defined and rke2_channel is undefined) ansible.builtin.assert: that: - > From 2cfa81deded10f2e5ec828f7d69da28ae68ff758 Mon Sep 17 00:00:00 2001 From: Simon Ungar Felding <45149055+simonfelding@users.noreply.github.com> Date: Wed, 3 Sep 2025 16:21:31 +0200 Subject: [PATCH 04/13] this is simpler to maintain as you don't need to think about channel anymore. has the added bonus effect of not doing the "Rolling cordon and drain restart when version changes " every time, if you use channel. has the "advantage" of now preferring channel over rke2_version, meaning the default value doesn't have to be updated. --- tasks/rke2.yml | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) diff --git a/tasks/rke2.yml b/tasks/rke2.yml index 9a56f26..391aaf0 100644 --- a/tasks/rke2.yml +++ b/tasks/rke2.yml @@ -220,6 +220,19 @@ changed_when: false register: versions_check +- name: Get latest RKE2 version from channel + when: rke2_channel is defined + block: + - name: Get RKE2 channel json + ansible.builtin.uri: + url: "{{ rke2_channel_url }}" + method: GET + return_content: true + register: rke2_channels_response + - name: Set latest RKE2 version + ansible.builtin.set_fact: + rke2_version: "{{ rke2_channels_response.json | selectattr('name', 'equalto', rke2_channel) | map(attribute='latest'))[0] }}" + - name: Set RKE2 versions when: not ansible_check_mode ansible.builtin.set_fact: @@ -229,7 +242,7 @@ versions: "{{ versions_check.stdout | from_json }}" - name: Prevent accidental RKE2 downgrade - when: not ansible_check_mode and installed_version != "not installed" and not rke2_allow_downgrade and (rke2_version is defined and rke2_channel is undefined) + when: not ansible_check_mode and installed_version != "not installed" and not rke2_allow_downgrade ansible.builtin.assert: that: - > @@ -248,7 +261,7 @@ running_version_clean: "{{ running_version | regex_search('v([0-9]+\\.[0-9]+\\.[0-9]+)', '\\1') }}" - name: Run RKE2 install script - when: not ansible_check_mode and ((rke2_version is undefined and rke2_channel is defined) or rke2_version != installed_version) + when: not ansible_check_mode and rke2_version != installed_version block: - name: Run RKE2 install script with airgap variables ansible.builtin.command: @@ -263,7 +276,7 @@ ansible.builtin.command: cmd: "{{ rke2_install_script_dir }}/rke2.sh" environment: - INSTALL_RKE2_VERSION: "{{ rke2_version }}" + INSTALL_RKE2_VERSION: "{{ '' if rke2_channel is defined else rke2_version }}" INSTALL_RKE2_CHANNEL_URL: "{{ rke2_channel_url }}" INSTALL_RKE2_CHANNEL: "{{ rke2_channel }}" INSTALL_RKE2_METHOD: "{{ rke2_method }}" From 47c91276e97cec06bbdf076ab6b645efbdce1497 Mon Sep 17 00:00:00 2001 From: Simon Ungar Felding <45149055+simonfelding@users.noreply.github.com> Date: Wed, 3 Sep 2025 16:27:16 +0200 Subject: [PATCH 05/13] update readme --- README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index d36ff73..ae4f71f 100644 --- a/README.md +++ b/README.md @@ -20,7 +20,7 @@ The Role can install the RKE2 in 3 modes: --- - Additionally it is possible to install the RKE2 Cluster (all 3 modes) in Air-Gapped functionality with the use of local artifacts. -> It is possible to upgrade RKE2 by changing `rke2_version` variable and re-running the playbook with this role. During the upgrade process the RKE2 service on the nodes will be restarted one by one. The Ansible Role will check if the node on which the service was restarted is in Ready state and only then proceed with restarting service on another Kubernetes node. +> It is possible to upgrade RKE2 by re-running the playbook with this role, using the `rke2_channel` (or `rke2_version`, if `rke2_channel` is not defined). During the upgrade process the RKE2 service on the nodes will be restarted one by one. The Ansible Role will check if the node on which the service was restarted is in Ready state and only then proceed with restarting service on another Kubernetes node. ## Requirements for Anisble Controller @@ -140,7 +140,7 @@ rke2_agent_node_taints: [] # Pre-shared secret token that other server or agent nodes will register with when connecting to the cluster rke2_token: defaultSecret12345 -# RKE2 version +# RKE2 version (rke2_channel overrides this!) rke2_version: v1.25.3+rke2r1 # URL to RKE2 repository @@ -190,7 +190,7 @@ rke2_architecture: amd64 # Destination directory for RKE2 installation script rke2_install_script_dir: /var/tmp -# RKE2 channel +# RKE2 channel (overrides rke2_version!) rke2_channel: stable # Do not deploy packaged components and delete any deployed components From 3a95f1356cc9e1d7405bb1b12000904bf8c1a602 Mon Sep 17 00:00:00 2001 From: Simon Ungar Felding <45149055+simonfelding@users.noreply.github.com> Date: Wed, 3 Sep 2025 16:32:01 +0200 Subject: [PATCH 06/13] no longer set rke2_channel by default to avoid harm to users --- README.md | 4 ++-- defaults/main.yml | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index ae4f71f..207e83c 100644 --- a/README.md +++ b/README.md @@ -190,8 +190,8 @@ rke2_architecture: amd64 # Destination directory for RKE2 installation script rke2_install_script_dir: /var/tmp -# RKE2 channel (overrides rke2_version!) -rke2_channel: stable +# RKE2 channel (overrides rke2_version!) - use "stable" or "latest" or a specific version - see https://update.rke2.io/v1-release/channels +# rke2_channel: stable # Do not deploy packaged components and delete any deployed components # Valid items: rke2-canal, rke2-coredns, rke2-ingress-nginx, rke2-metrics-server diff --git a/defaults/main.yml b/defaults/main.yml index 9da7b57..07ee1dd 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -101,7 +101,7 @@ rke2_agent_node_taints: [] # Pre-shared secret token that other server or agent nodes will register with when connecting to the cluster rke2_token: defaultSecret12345 -# RKE2 version +# RKE2 version (rke2_channel overrides this!) rke2_version: v1.25.3+rke2r1 # URL to RKE2 repository @@ -151,8 +151,8 @@ rke2_architecture: amd64 # Destination directory for RKE2 installation script rke2_install_script_dir: /var/tmp -# RKE2 channel -rke2_channel: stable +# RKE2 channel (overrides rke2_version!) - use "stable" or "latest" or a specific version - see https://update.rke2.io/v1-release/channels +# rke2_channel: stable # Do not deploy packaged components and delete any deployed components # Valid items: rke2-canal, rke2-coredns, rke2-ingress-nginx, rke2-metrics-server From 9f8ab99ad8716480759945d1488a91b629b0854d Mon Sep 17 00:00:00 2001 From: Simon Ungar Felding <45149055+simonfelding@users.noreply.github.com> Date: Wed, 3 Sep 2025 16:39:04 +0200 Subject: [PATCH 07/13] fix minor mistake --- tasks/rke2.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tasks/rke2.yml b/tasks/rke2.yml index 391aaf0..760f7f6 100644 --- a/tasks/rke2.yml +++ b/tasks/rke2.yml @@ -231,7 +231,7 @@ register: rke2_channels_response - name: Set latest RKE2 version ansible.builtin.set_fact: - rke2_version: "{{ rke2_channels_response.json | selectattr('name', 'equalto', rke2_channel) | map(attribute='latest'))[0] }}" + rke2_version: "{{ rke2_channels_response.json | selectattr('name', 'equalto', rke2_channel) | map(attribute='latest')[0] }}" - name: Set RKE2 versions when: not ansible_check_mode From 2e9279bad9ce15ccd54cc0bab2a1efc51184a81e Mon Sep 17 00:00:00 2001 From: Simon Ungar Felding <45149055+simonfelding@users.noreply.github.com> Date: Wed, 3 Sep 2025 16:42:18 +0200 Subject: [PATCH 08/13] minor fix --- tasks/rke2.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tasks/rke2.yml b/tasks/rke2.yml index 760f7f6..8e5f735 100644 --- a/tasks/rke2.yml +++ b/tasks/rke2.yml @@ -231,7 +231,7 @@ register: rke2_channels_response - name: Set latest RKE2 version ansible.builtin.set_fact: - rke2_version: "{{ rke2_channels_response.json | selectattr('name', 'equalto', rke2_channel) | map(attribute='latest')[0] }}" + rke2_version: "{{ rke2_channels_response.json | selectattr('name', 'equalto', rke2_channel) | map(attribute='latest') | first }}" - name: Set RKE2 versions when: not ansible_check_mode From d21cf472c08e047cfbef770f8b4b2a0200bc5d1a Mon Sep 17 00:00:00 2001 From: Simon Ungar Felding <45149055+simonfelding@users.noreply.github.com> Date: Wed, 3 Sep 2025 16:53:12 +0200 Subject: [PATCH 09/13] fix json processing --- tasks/rke2.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/tasks/rke2.yml b/tasks/rke2.yml index 8e5f735..be31447 100644 --- a/tasks/rke2.yml +++ b/tasks/rke2.yml @@ -231,7 +231,10 @@ register: rke2_channels_response - name: Set latest RKE2 version ansible.builtin.set_fact: - rke2_version: "{{ rke2_channels_response.json | selectattr('name', 'equalto', rke2_channel) | map(attribute='latest') | first }}" + rke2_version: "{{ rke2_channels_response.json.data | selectattr('name', 'equalto', rke2_channel) | map(attribute='latest') | first }}" + - name: Display latest RKE2 version + ansible.builtin.debug: + msg: "Latest RKE2 version for channel '{{ rke2_channel }}' is '{{ rke2_version }}'" - name: Set RKE2 versions when: not ansible_check_mode From 30372cc3c44ad94ed2ed2568eff92ce5f24f1244 Mon Sep 17 00:00:00 2001 From: Simon Ungar Felding <45149055+simonfelding@users.noreply.github.com> Date: Wed, 3 Sep 2025 17:00:15 +0200 Subject: [PATCH 10/13] Make it airgap friendly --- tasks/rke2.yml | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/tasks/rke2.yml b/tasks/rke2.yml index be31447..26270ac 100644 --- a/tasks/rke2.yml +++ b/tasks/rke2.yml @@ -224,15 +224,18 @@ when: rke2_channel is defined block: - name: Get RKE2 channel json + run_once: true + delegate_to: localhost ansible.builtin.uri: url: "{{ rke2_channel_url }}" method: GET return_content: true - register: rke2_channels_response + register: rke2_channels_resonse - name: Set latest RKE2 version ansible.builtin.set_fact: - rke2_version: "{{ rke2_channels_response.json.data | selectattr('name', 'equalto', rke2_channel) | map(attribute='latest') | first }}" + rke2_version: "{{ hostvars.localhost.rke2_channels_response.json.data | selectattr('name', 'equalto', rke2_channel) | map(attribute='latest') | first }}" - name: Display latest RKE2 version + run_once: true ansible.builtin.debug: msg: "Latest RKE2 version for channel '{{ rke2_channel }}' is '{{ rke2_version }}'" From aede5cbbca85dd9b349566f6b49c7a17bf94a96c Mon Sep 17 00:00:00 2001 From: Simon Ungar Felding <45149055+simonfelding@users.noreply.github.com> Date: Wed, 3 Sep 2025 17:06:18 +0200 Subject: [PATCH 11/13] fix localhost hostvar access --- tasks/rke2.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tasks/rke2.yml b/tasks/rke2.yml index 26270ac..ffda2f8 100644 --- a/tasks/rke2.yml +++ b/tasks/rke2.yml @@ -233,7 +233,7 @@ register: rke2_channels_resonse - name: Set latest RKE2 version ansible.builtin.set_fact: - rke2_version: "{{ hostvars.localhost.rke2_channels_response.json.data | selectattr('name', 'equalto', rke2_channel) | map(attribute='latest') | first }}" + rke2_version: "{{ hostvars['localhost']['rke2_channels_response'].json.data | selectattr('name', 'equalto', rke2_channel) | map(attribute='latest') | first }}" - name: Display latest RKE2 version run_once: true ansible.builtin.debug: From 3a52a83d20ba57a9c644f6b43c3056b8ac33e67f Mon Sep 17 00:00:00 2001 From: Simon Ungar Felding <45149055+simonfelding@users.noreply.github.com> Date: Wed, 3 Sep 2025 17:10:06 +0200 Subject: [PATCH 12/13] this should work --- tasks/rke2.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tasks/rke2.yml b/tasks/rke2.yml index ffda2f8..23f6e06 100644 --- a/tasks/rke2.yml +++ b/tasks/rke2.yml @@ -233,7 +233,7 @@ register: rke2_channels_resonse - name: Set latest RKE2 version ansible.builtin.set_fact: - rke2_version: "{{ hostvars['localhost']['rke2_channels_response'].json.data | selectattr('name', 'equalto', rke2_channel) | map(attribute='latest') | first }}" + rke2_version: "{{ rke2_channels_response.json.data | selectattr('name', 'equalto', rke2_channel) | map(attribute='latest') | first }}" - name: Display latest RKE2 version run_once: true ansible.builtin.debug: From bd6c7b1572d08f3ea427e7c01be62736bbe292be Mon Sep 17 00:00:00 2001 From: Simon Ungar Felding <45149055+simonfelding@users.noreply.github.com> Date: Wed, 3 Sep 2025 17:13:26 +0200 Subject: [PATCH 13/13] found the mistake - a missing p... --- tasks/rke2.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tasks/rke2.yml b/tasks/rke2.yml index 23f6e06..27b10b6 100644 --- a/tasks/rke2.yml +++ b/tasks/rke2.yml @@ -230,7 +230,7 @@ url: "{{ rke2_channel_url }}" method: GET return_content: true - register: rke2_channels_resonse + register: rke2_channels_response - name: Set latest RKE2 version ansible.builtin.set_fact: rke2_version: "{{ rke2_channels_response.json.data | selectattr('name', 'equalto', rke2_channel) | map(attribute='latest') | first }}"