From 100711cdd18f013508a2cd2977cfcb6a891fbfc6 Mon Sep 17 00:00:00 2001
From: entlein <einentlein@gmail.com>
Date: Fri, 1 Jul 2022 12:26:49 +0200
Subject: [PATCH] flushing the handlers and afterwards waiting for Openstack
 CCM to boot before enforcing SELinux

---
 roles/rke2/tasks/fix_selinux.yml | 21 +++++++++++----------
 roles/rke2/tasks/main.yml        | 15 +++++++++------
 2 files changed, 20 insertions(+), 16 deletions(-)

diff --git a/roles/rke2/tasks/fix_selinux.yml b/roles/rke2/tasks/fix_selinux.yml
index c95e1c5..3a75286 100644
--- a/roles/rke2/tasks/fix_selinux.yml
+++ b/roles/rke2/tasks/fix_selinux.yml
@@ -1,7 +1,7 @@
-- name: Sleep for 120 seconds so that the helm operator has deployed the deamonset
-  ansible.builtin.wait_for:
-    timeout: 120
-  delegate_to: localhost
+#- name: Sleep for 30 seconds so that the helm operator has deployed the deamonset
+#  ansible.builtin.wait_for:
+#    timeout: 30
+#  delegate_to: localhost
 
 #- name: kill the openstack ccm pods to make sure they boot in permissive mode
 #  shell: "/var/lib/rancher/rke2/bin/kubectl --kubeconfig /etc/rancher/rke2/rke2.yaml rollout restart -n kube-system ds openstack-cloud-controller-manager "
@@ -32,12 +32,13 @@
 #     - kube-controller-manager
 #     - kube-scheduler
 
-# - name: Wait for openstack-cloud-controller deamon set to be ready
-#   shell: "/var/lib/rancher/rke2/bin/kubectl --kubeconfig /etc/rancher/rke2/rke2.yaml wait --namespace=kube-system --for=condition=Ready pods --selector app=openstack-cloud-controller-manager --timeout=360s"
-#   register: openstack_ccm_ready
-#   until: openstack_ccm_ready.stout
-#   when: ('master' in group_names)
-#   ignore_errors: True
+- name: Wait for openstack-cloud-controller deamon set to be ready
+  shell: "/var/lib/rancher/rke2/bin/kubectl --kubeconfig /etc/rancher/rke2/rke2.yaml wait --namespace=kube-system --for=condition=Ready pods --selector app=openstack-cloud-controller-manager --timeout=360s"
+  register: openstack_ccm_ready
+  until: openstack_ccm_ready.stdout
+  retries: 2
+  delay: 30
+  ignore_errors: True
 
 - name: Enable SELinux
   selinux:
diff --git a/roles/rke2/tasks/main.yml b/roles/rke2/tasks/main.yml
index 6b4d9ec..e55f446 100644
--- a/roles/rke2/tasks/main.yml
+++ b/roles/rke2/tasks/main.yml
@@ -6,22 +6,25 @@
 - block:
   - include_tasks: setup_host.yml
   - include_tasks: install_rke2.yml
-  when: ( not rke2_installed.stat.exists and state != 'absent' and  not postinstall) or (upgrade and state != 'absent' and  not postinstall  )
+  when: ( not rke2_installed.stat.exists and state != 'absent' ) or (upgrade and state != 'absent' )
 
 - include_tasks: templates.yml
-  when: "state != 'absent' and 'master' in group_names and not postinstall "
+  when: "state != 'absent' and 'master' in group_names  "
 
 - block:
     - include_tasks: registries.yml
     - include_tasks: config_rke2.yml
-  when: state != 'absent' and not postinstall
+  when: state != 'absent' 
 
 - include_tasks: kubeconfig.yml
-  when: state != 'absent' and 'master' in group_names and not postinstall 
+  when: state != 'absent' and 'master' in group_names 
 
+- name: Flush handlers
+  meta: flush_handlers
+  
 #This task runs only after the full installer went through and had a bit of time to boot, then starts to enforce SELinux
 - include_tasks: fix_selinux.yml
-  when: state != 'absent' and postinstall
+  when: state != 'absent' and 'control-plane' in group_names
 
 - name: uninstall rke2
   command: rke2-uninstall.sh
@@ -29,4 +32,4 @@
 
 
 - include_tasks: rotate_encryption.yml
-  when: state != 'absent' and 'control-plane' in group_names and rotate and not postinstall
+  when: state != 'absent' and 'control-plane' in group_names and rotate 
-- 
GitLab