diff --git a/roles/rke2/handlers/main.yml b/roles/rke2/handlers/main.yml
index 5389b9efab6dddfadb1a7ff75c00e23bdfe95486..75b35a872ec93904c779fcee77c8f4457c80b18c 100644
--- a/roles/rke2/handlers/main.yml
+++ b/roles/rke2/handlers/main.yml
@@ -14,13 +14,6 @@
enabled: yes
state: restarted
daemon_reload: yes
- notify:
- - enable SELinux
-
-- name: enable SELinux
- selinux:
- policy: targeted
- state: enforcing
- name: reload rke2
ansible.builtin.systemd:
diff --git a/roles/rke2/tasks/config_rke2.yml b/roles/rke2/tasks/config_rke2.yml
index 76944cee4152d4a92d659815df606f2275c5a737..18040a845833c7948224ad2481a747c40118c175 100644
--- a/roles/rke2/tasks/config_rke2.yml
+++ b/roles/rke2/tasks/config_rke2.yml
@@ -33,20 +33,11 @@
template:
src: config.yaml.j2
dest: /etc/rancher/rke2/config.yaml
- # notify:
- # - restart rke2
+ notify:
+ - restart rke2
- name: enable rke2
ansible.builtin.systemd:
name: "rke2-{{ node_type }}"
enabled: yes
masked: no
-
-- name: restart rke2
- throttle: 1
- ansible.builtin.systemd:
- name: "rke2-{{ node_type }}"
- masked: no
- enabled: yes
- state: restarted
- daemon_reload: yes
\ No newline at end of file
diff --git a/roles/rke2/tasks/fix_selinux.yml b/roles/rke2/tasks/fix_selinux.yml
index a983f92e96a9bd86ce94a0a63184976fae427770..bee91bae2afdbf027bee4d7d231f95f169b4bfab 100644
--- a/roles/rke2/tasks/fix_selinux.yml
+++ b/roles/rke2/tasks/fix_selinux.yml
@@ -1,7 +1,7 @@
-- name: Sleep for 45 seconds so that the helm operator has deployed the deamonset
- ansible.builtin.wait_for:
- timeout: 45
- delegate_to: localhost
+# - name: Sleep for 45 seconds so that the helm operator has deployed the deamonset
+# ansible.builtin.wait_for:
+# timeout: 45
+# delegate_to: localhost
#- name: kill the openstack ccm pods to make sure they boot in permissive mode
# shell: "/var/lib/rancher/rke2/bin/kubectl --kubeconfig /etc/rancher/rke2/rke2.yaml rollout restart -n kube-system ds openstack-cloud-controller-manager "
diff --git a/roles/rke2/tasks/main.yml b/roles/rke2/tasks/main.yml
index 2a0b1215bf959fb2323b431c091d5e6804c67779..c54570b59451d1f5a0e792ac2117767222240f47 100644
--- a/roles/rke2/tasks/main.yml
+++ b/roles/rke2/tasks/main.yml
@@ -6,21 +6,22 @@
- block:
- include_tasks: setup_host.yml
- include_tasks: install_rke2.yml
- when: ( not rke2_installed.stat.exists and state != 'absent' ) or (upgrade and state != 'absent' )
+ when: ( not rke2_installed.stat.exists and state != 'absent' and postinstall == 'False') or (upgrade and state != 'absent' and postinstall == 'False' )
- include_tasks: templates.yml
- when: "state != 'absent' and 'master' in group_names"
+ when: "state != 'absent' and 'master' in group_names and postinstall == 'False' "
- block:
- include_tasks: registries.yml
- include_tasks: config_rke2.yml
- when: state != 'absent'
+ when: state != 'absent' and postinstall == 'False'
- include_tasks: kubeconfig.yml
- when: state != 'absent' and 'master' in group_names
+ when: state != 'absent' and 'master' in group_names and postinstall == 'False'
+#This task runs only after the full installer went through and had a bit of time to boot, then starts to enforce SELinux
- include_tasks: fix_selinux.yml
- when: state != 'absent' and 'control-plane' in group_names
+ when: state != 'absent' and 'control-plane' in group_names and postinstall
- name: uninstall rke2
command: rke2-uninstall.sh
diff --git a/roles/rke2/tasks/registries.yml b/roles/rke2/tasks/registries.yml
index d9b8601cc7c1525a8ff308f1c2500e2a930c4f3b..2341f70184e31ee17e92a74a9d8064c0d55a9f72 100644
--- a/roles/rke2/tasks/registries.yml
+++ b/roles/rke2/tasks/registries.yml
@@ -2,6 +2,6 @@
template:
src: 'registry_mirrors.j2'
dest: '/etc/rancher/rke2/registries.yaml'
- # notify:
- # - restart rke2
+ notify:
+ - restart rke2
when: registry_mirrors is defined and registry_mirrors | length > 0
\ No newline at end of file