From ab53f1e2440761769ff4209ef3cdb22d9d48c920 Mon Sep 17 00:00:00 2001
From: entlein <einentlein@gmail.com>
Date: Sun, 28 Aug 2022 20:59:52 +0200
Subject: [PATCH] not doing anything to the OS when using the raw base VM image

---
 roles/rke2/tasks/install_rke2.yml |  5 +-
 roles/rke2/tasks/main.yml         |  2 +-
 roles/rke2/tasks/setup_host.yml   | 86 -------------------------------
 3 files changed, 2 insertions(+), 91 deletions(-)

diff --git a/roles/rke2/tasks/install_rke2.yml b/roles/rke2/tasks/install_rke2.yml
index 10bef15..c2683ca 100644
--- a/roles/rke2/tasks/install_rke2.yml
+++ b/roles/rke2/tasks/install_rke2.yml
@@ -3,11 +3,8 @@
     url: https://get.rke2.io
     dest: /tmp/rke2.sh
     mode: '0755'
-  #when: not rke2_installed.stat.exists or upgrade
+  when: not rke2_installed.stat.exists or upgrade
 
-- name: Kill RKE2
-  command: "rke2-killall.sh"
-  
 - name: Install RKE2
   command: "/tmp/rke2.sh"
   args:
diff --git a/roles/rke2/tasks/main.yml b/roles/rke2/tasks/main.yml
index 9ce1dca..873af86 100644
--- a/roles/rke2/tasks/main.yml
+++ b/roles/rke2/tasks/main.yml
@@ -6,7 +6,7 @@
 - block:
   - include_tasks: setup_host.yml
   - include_tasks: install_rke2.yml
- # when: ( not rke2_installed.stat.exists and state != 'absent' ) or (upgrade and state != 'absent' )
+  when: ( not rke2_installed.stat.exists and state != 'absent' ) or (upgrade and state != 'absent' )
 
 - include_tasks: templates.yml
   when: "state != 'absent' and 'master' in group_names  "
diff --git a/roles/rke2/tasks/setup_host.yml b/roles/rke2/tasks/setup_host.yml
index a353ee9..c88deb4 100644
--- a/roles/rke2/tasks/setup_host.yml
+++ b/roles/rke2/tasks/setup_host.yml
@@ -13,85 +13,10 @@
     /usr/sbin/pvresize -y -q /dev/vda2 
     /usr/sbin/lvresize -y -q -r -l +100%FREE /dev/mapper/*root 
 
-#- name: Upgrade to latest kernel
-#  shell: |
-#    dnf upgrade -y 
-#    dnf updateinfo list --security --available
-#    dnf install https://www.elrepo.org/elrepo-release-8.el8.elrepo.noarch.rpm --assumeyes
-#    dnf --enablerepo=elrepo-kernel install kernel-ml --assumeyes
-#    touch /.autorelabel
-    
-#- name: install RHEL packages
-#  dnf:
-#    name:
-#      - container-selinux
-#      - iptables 
-#      - libnetfilter_conntrack 
-#      - libnfnetlink 
-#      - libnftnl 
-#      - policycoreutils-python-utils  
-#      - ca-certificates
-#      - openssl
-#      - setools-console
-#     # - libseccomp-devel #this didnt help
-#      
-#    state: latest
-
-- name: add kernel params
-  template:
-    src: kernel_params.conf.j2
-    dest: /etc/sysctl.d/rke2_kernel_params.conf
-  register: kernel_params
-
-- name: load kernel params
-  shell: sysctl --system
-  when: kernel_params.changed
-
-- name: disable firewalld
-  ansible.builtin.systemd:
-    name: "firewalld"
-    enabled: no
-    masked: no
-    state: stopped
-  ignore_errors: True #this command is not idempotent it seems
-
-- name: enable nftables
-  ansible.builtin.systemd:
-    name: "nftables"
-    enabled: yes
-    state: started
-    masked: no
-
-- name: add group - etcd 
-  group:
-    name: etcd
-    state: present
-
-- name: add user - etcd
-  user:
-    name: etcd
-    group: etcd
-
-#- name: Reboot but not on upgrades, so kernel updates only install at initial runs 
-#  ansible.builtin.reboot:
-#    reboot_timeout: 3600
-#  when: ( not upgrade ) 
-
-
 - name: Disable SELinux
   selinux:
     policy: targeted
     state: permissive
-  when: ( 'control-plane' in group_names )
-
-- name: Download root CA
-  get_url:
-    url: https://curl.se/ca/cacert.pem
-    dest: /etc/ssl/certs
-
-- name: Update CA trust
-  shell: update-ca-trust
-  
 
 - name: Copy SELinux Policies
   template:
@@ -106,18 +31,7 @@
     semodule -i /etc/selinux/targeted/policy/my-openstack.pp
   when: ( 'control-plane' in group_names )
 
-- name: Copy SELinux Policies for new Kernel ()
-  template:
-    src: ../selinux/my-iptables.te
-    dest: /etc/selinux/targeted/policy/my-iptables.te
-  #when: ( 'control-plane' in group_names )
 
-- name: Build SELinux exception module & allow xtables-nft-multi ioctl access on the cgroup directory
-  shell: |
-    checkmodule -M -m -o /etc/selinux/targeted/policy/my-iptables.mod /etc/selinux/targeted/policy/my-iptables.te
-    semodule_package -o /etc/selinux/targeted/policy/my-iptables.pp -m /etc/selinux/targeted/policy/my-iptables.mod
-    semodule -i /etc/selinux/targeted/policy/my-iptables.pp
-  #when: ( 'control-plane' in group_names )
 
 - name: Ensure /var/lib/rancher/rke2/server/manifests
   file:
-- 
GitLab