From 59abf91d9fe0caf50ad794271cddfef44680704a Mon Sep 17 00:00:00 2001
From: entlein <einentlein@gmail.com>
Date: Wed, 13 Jul 2022 11:06:41 +0200
Subject: [PATCH] why is the token only generated when we are not upgrading?

---
 roles/rke2/selinux/my-kata.te    | 3 +++
 roles/rke2/tasks/config_rke2.yml | 5 +++--
 2 files changed, 6 insertions(+), 2 deletions(-)
 create mode 100644 roles/rke2/selinux/my-kata.te

diff --git a/roles/rke2/selinux/my-kata.te b/roles/rke2/selinux/my-kata.te
new file mode 100644
index 0000000..7a218f2
--- /dev/null
+++ b/roles/rke2/selinux/my-kata.te
@@ -0,0 +1,3 @@
+#============= container_t ==============
+allow container_t init_var_run_t:sock_file write;
+allow container_t system_dbusd_var_run_t:sock_file write;
\ No newline at end of file
diff --git a/roles/rke2/tasks/config_rke2.yml b/roles/rke2/tasks/config_rke2.yml
index f7470a0..1c730c9 100644
--- a/roles/rke2/tasks/config_rke2.yml
+++ b/roles/rke2/tasks/config_rke2.yml
@@ -3,7 +3,8 @@
   run_once: true
   set_fact:
     token: "{{ lookup('community.general.random_string', length=129, special=False) }}"
-  when: (not upgrade) and (token is not defined) 
+  #when: (not upgrade) and (token is not defined) 
+  when: token is not defined
 
 - name: ensure inventory folders
   delegate_to: localhost
@@ -24,7 +25,7 @@
     dest: group_vars/all/token.yml
     content: |-
       token: {{ token }}
-  #when: not upgrade  TODO ask Thomas the magic logic here
+  when: not upgrade  #TODO ask Thomas the magic logic here
 
 - name: read token
   include_vars: group_vars/all/token.yml
-- 
GitLab