mirrors/k3s-ansible
1
0
Fork 1
mirror of https://github.com/k3s-io/k3s-ansible.git synced 2026-03-09 12:02:11 +01:00
Code Issues Packages Projects Releases Wiki Activity

Install airgap selinux rpms when avaliable (#500)

Browse Source 
Signed-off-by: Derek Nola <derek.nola@suse.com>
This commit is contained in:
Derek Nola
2026-01-23 09:59:21 -08:00
committed by GitHub
parent 34073379ce
commit 1172805585
2 changed files with 7 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@@ -177,7 +177,7 @@ $ cat inventory.yml
airgap_dir: ./my-airgap # Paths are relative to the playbooks directory
```
Additionally, if deploying on an OS with SELinux, you will also need to download the latest [k3s-selinux RPM](https://github.com/k3s-io/k3s-selinux/releases/latest) and place it in the airgap folder.
Additionally, if deploying on an OS with SELinux, you will also need to download the latest [k3s-selinux RPM](https://github.com/k3s-io/k3s-selinux/releases/latest) and its dependencies `selinux-policy` and `container-selinux` RPMs and place them in the airgap folder.
It is assumed that the control node has access to the internet. The playbook will automatically download the k3s install script on the control node, and then distribute all three artifacts to the managed nodes.

8
roles/airgap/tasks/main.yml
View File

@@ -57,7 +57,9 @@
# so we need to skip it if the file is not found
skip: true
# Dependencies are listed first so they get installed first in the next task
- name: Distribute K3s SELinux RPM
when: ansible_facts['os_family'] == 'RedHat' or ansible_facts['os_family'] == 'Suse'
ansible.builtin.copy:
src: "{{ item }}"
dest: /tmp/
@@ -65,16 +67,18 @@
group: root
mode: "0755"
with_fileglob:
- "{{ airgap_dir }}/container-selinux*.rpm"
- "{{ airgap_dir }}/selinux-policy*.rpm"
- "{{ airgap_dir }}/k3s-selinux*.rpm"
register: airgap_selinux_copy
ignore_errors: true
- name: Install K3s SELinux RPM
when:
- ansible_facts['os_family'] == 'RedHat'
- ansible_facts['os_family'] == 'RedHat' or ansible_facts['os_family'] == 'Suse'
- airgap_selinux_copy.skipped is false
ansible.builtin.dnf:
name: "{{ airgap_selinux_copy.results[0].dest }}"
name: "{{ airgap_selinux_copy.results | selectattr('dest', 'defined') | map(attribute='dest') | list }}"
state: present
disable_gpg_check: true
disablerepo: "*"