using a kubectl rollout restart instead of the dodgy wait condition

b0f1458c · entlein · e67bd9d8 · b0f1458c · b0f1458c
Commit b0f1458c authored 2 years ago by entlein
--- a/roles/rke2/tasks/fix_selinux.yml
+++ b/roles/rke2/tasks/fix_selinux.yml
+- name: kill the openstack ccm pods to make sure they boot in permissive mode
+  shell: "/var/lib/rancher/rke2/bin/kubectl --kubeconfig /etc/rancher/rke2/rke2.yaml --namespace=kube-system  rollout restart ds openstack-cloud-controller-manager"
+  register: openstack_ccm_ready
- name: Copy SELinux Policies
-  template:
-    src: ../selinux/my-openstack.te
-    dest: /etc/selinux/targeted/policy/my-openstack.te
- name: Build SELinux exception module & allow openstack CCM to mount the /etc/ssl/certs files
-  shell: |
-    checkmodule -M -m -o /etc/selinux/targeted/policy/my-openstack.mod /etc/selinux/targeted/policy/my-openstack.te
-    semodule_package -o /etc/selinux/targeted/policy/my-openstack.pp -m /etc/selinux/targeted/policy/my-openstack.mod
-    semodule -i /etc/selinux/targeted/policy/my-openstack.pp
- name: Wait for all control-plane pods to become created
-  shell: "/var/lib/rancher/rke2/bin/kubectl --kubeconfig /etc/rancher/rke2/rke2.yaml get po --namespace=kube-system --selector tier=control-plane --output=jsonpath='{.items[*].metadata.name}'"
-  register: control_plane_pods_created
-  until: item in control_plane_pods_created.stdout
-  retries: 10
-  delay: 30
-  when: ('master' in group_names )
-  ignore_errors: True
-  with_items:
-    - etcd
-    - kube-apiserver
-    - kube-controller-manager
-    - kube-scheduler
- name: Wait for openstack-cloud-controller deamon set to be ready
+- name: Sleep for 300 seconds and continue with play
-  shell: "/var/lib/rancher/rke2/bin/kubectl --kubeconfig /etc/rancher/rke2/rke2.yaml wait --namespace=kube-system --for=condition=Ready pods --selector app=openstack-cloud-controller-manager --timeout=360s"
+  ansible.builtin.wait_for:
-  register: openstack_ccm_ready
+    timeout: 30
-  when: ('master' in group_names)
+  delegate_to: localhost
-  ignore_errors: True
+# - name: Wait for all control-plane pods to become created
+#   shell: "/var/lib/rancher/rke2/bin/kubectl --kubeconfig /etc/rancher/rke2/rke2.yaml get po --namespace=kube-system --selector tier=control-plane --output=jsonpath='{.items[*].metadata.name}'"
+#   register: control_plane_pods_created
+#   until: item in control_plane_pods_created.stdout
+#   retries: 1
+#   delay: 30
+#   when: ('master' in group_names )
+#   ignore_errors: True
+#   with_items:
+#     - etcd
+#     - kube-apiserver
+#     - kube-controller-manager
+#     - kube-scheduler
+# - name: Wait for openstack-cloud-controller deamon set to be ready
+#   shell: "/var/lib/rancher/rke2/bin/kubectl --kubeconfig /etc/rancher/rke2/rke2.yaml wait --namespace=kube-system --for=condition=Ready pods --selector app=openstack-cloud-controller-manager --timeout=360s"
+#   register: openstack_ccm_ready
+#   until: openstack_ccm_ready.stout
+#   when: ('master' in group_names)
+#   ignore_errors: True
 - name: Enable SELinux

--- a/roles/rke2/tasks/setup_host.yml
+++ b/roles/rke2/tasks/setup_host.yml
@@ -72,6 +72,17 @@
    policy: targeted
    state: permissive
+- name: Copy SELinux Policies
+  template:
+    src: ../selinux/my-openstack.te
+    dest: /etc/selinux/targeted/policy/my-openstack.te
+- name: Build SELinux exception module & allow openstack CCM to mount the /etc/ssl/certs files
+  shell: |
+    checkmodule -M -m -o /etc/selinux/targeted/policy/my-openstack.mod /etc/selinux/targeted/policy/my-openstack.te
+    semodule_package -o /etc/selinux/targeted/policy/my-openstack.pp -m /etc/selinux/targeted/policy/my-openstack.mod
+    semodule -i /etc/selinux/targeted/policy/my-openstack.pp
 - name: Ensure /var/lib/rancher/rke2/server/manifests
  file: