fix(upgrade): Implement airgap support for the upgrade flow. (#465)

Signed-off-by: fch-aa <21101725+fch-aa@users.noreply.github.com> --------- Signed-off-by: fch-aa <21101725+fch-aa@users.noreply.github.com> Co-authored-by: fch-aa <21101725+fch-aa@users.noreply.github.com>
2025-12-25 00:12:37 +01:00 · 2025-12-04 19:29:28 +01:00
parent f06b042aab
commit 3b34d679e5
2 changed files with 119 additions and 102 deletions
--- a/roles/airgap/tasks/main.yml
+++ b/roles/airgap/tasks/main.yml
@@ -3,111 +3,117 @@
  when: airgap_dir is defined
  block:
-    - name: Verify Ansible meets airgap version requirements.
+    - name: Distribute Airgap Artifacts
-      ansible.builtin.assert:
+      tags:
-        that: "ansible_version.full is version_compare('2.12', '>=')"
+        - distribute_artifacts
-        msg: "The Airgap role requires at least ansible-core 2.12"
+      block:
        - name: Verify Ansible meets airgap version requirements.
          ansible.builtin.assert:
            that: "ansible_version.full is version_compare('2.12', '>=')"
            msg: "The Airgap role requires at least ansible-core 2.12"
-    - name: Check for existing install script
+        - name: Check for existing install script
-      become: false
+          become: false
-      delegate_to: localhost
+          delegate_to: localhost
-      ansible.builtin.stat:
+          ansible.builtin.stat:
-        path: "{{ airgap_dir + '/k3s-install.sh' }}"
+            path: "{{ airgap_dir + '/k3s-install.sh' }}"
-      register: airgap_host_install_script
+          register: airgap_host_install_script
-    - name: Download k3s install script
+        - name: Download k3s install script
-      become: false
+          become: false
-      delegate_to: localhost
+          delegate_to: localhost
-      # Workaround for https://github.com/ansible/ansible/issues/64016
+          # Workaround for https://github.com/ansible/ansible/issues/64016
-      when: not airgap_host_install_script.stat.exists
+          when: not airgap_host_install_script.stat.exists
-      ansible.builtin.get_url:
+          ansible.builtin.get_url:
-        url: https://get.k3s.io/
+            url: https://get.k3s.io/
-        timeout: 120
+            timeout: 120
-        dest: "{{ airgap_dir }}/k3s-install.sh"
+            dest: "{{ airgap_dir }}/k3s-install.sh"
-        mode: "0755"
+            mode: "0755"
-    - name: Distribute K3s install script
+        - name: Distribute K3s install script
-      ansible.builtin.copy:
+          ansible.builtin.copy:
-        src: "{{ airgap_dir }}/k3s-install.sh"
+            src: "{{ airgap_dir }}/k3s-install.sh"
-        dest: /usr/local/bin/k3s-install.sh
+            dest: /usr/local/bin/k3s-install.sh
-        owner: root
+            owner: root
-        group: root
+            group: root
-        mode: "0755"
+            mode: "0755"
-    - name: Determine architecture and set airgap_k3s_arch
+        - name: Determine architecture and set airgap_k3s_arch
-      ansible.builtin.set_fact:
+          ansible.builtin.set_fact:
-        airgap_k3s_arch: "{{ 'arm64' if ansible_architecture == 'aarch64' else 'arm' if ansible_architecture == 'armv7l' else 'amd64' }}"
+            airgap_k3s_arch: "{{ 'arm64' if ansible_architecture == 'aarch64' else 'arm' if ansible_architecture == 'armv7l' else 'amd64' }}"
-    - name: Distribute K3s binary
+        - name: Distribute K3s binary
-      ansible.builtin.copy:
+          ansible.builtin.copy:
-        src: "{{ item }}"
+            src: "{{ item }}"
-        dest: /usr/local/bin/k3s
+            dest: /usr/local/bin/k3s
-        owner: root
+            owner: root
-        group: root
+            group: root
-        mode: "0755"
+            mode: "0755"
-      with_first_found:
+          with_first_found:
-        - files:
+            - files:
-            - "{{ airgap_dir }}/k3s-{{ airgap_k3s_arch }}"
+                - "{{ airgap_dir }}/k3s-{{ airgap_k3s_arch }}"
-            - "{{ airgap_dir }}/k3s"
+                - "{{ airgap_dir }}/k3s"
-          # with_first_found always runs, even inside the when block
+              # with_first_found always runs, even inside the when block
-          # so we need to skip it if the file is not found
+              # so we need to skip it if the file is not found
-          skip: true
+              skip: true
-    - name: Distribute K3s SELinux RPM
+        - name: Distribute K3s SELinux RPM
-      ansible.builtin.copy:
+          ansible.builtin.copy:
-        src: "{{ item }}"
+            src: "{{ item }}"
-        dest: /tmp/
+            dest: /tmp/
-        owner: root
+            owner: root
-        group: root
+            group: root
-        mode: "0755"
+            mode: "0755"
-      with_fileglob:
+          with_fileglob:
-        - "{{ airgap_dir }}/k3s-selinux*.rpm"
+            - "{{ airgap_dir }}/k3s-selinux*.rpm"
-      register: airgap_selinux_copy
+          register: airgap_selinux_copy
-      ignore_errors: true
+          ignore_errors: true
-    - name: Install K3s SELinux RPM
+        - name: Install K3s SELinux RPM
-      when:
+          when:
-        - ansible_os_family == 'RedHat'
+            - ansible_os_family == 'RedHat'
-        - airgap_selinux_copy.skipped is false
+            - airgap_selinux_copy.skipped is false
-      ansible.builtin.dnf:
+          ansible.builtin.dnf:
-        name: "{{ airgap_selinux_copy.results[0].dest }}"
+            name: "{{ airgap_selinux_copy.results[0].dest }}"
-        state: present
+            state: present
-        disable_gpg_check: true
+            disable_gpg_check: true
-        disablerepo: "*"
+            disablerepo: "*"
-    - name: Make images directory
+        - name: Make images directory
-      ansible.builtin.file:
+          ansible.builtin.file:
-        path: "/var/lib/rancher/k3s/agent/images/"
+            path: "/var/lib/rancher/k3s/agent/images/"
-        mode: "0755"
+            mode: "0755"
-        state: directory
+            state: directory
-    - name: Distribute Airgap images
+        - name: Distribute Airgap images
-      ansible.builtin.copy:
+          ansible.builtin.copy:
-        src: "{{ item }}"
+            src: "{{ item }}"
-        dest: /var/lib/rancher/k3s/agent/images/{{ item | basename }}
+            dest: /var/lib/rancher/k3s/agent/images/{{ item | basename }}
-        owner: root
+            owner: root
-        group: root
+            group: root
-        mode: "0755"
+            mode: "0755"
-      with_fileglob:
+          with_fileglob:
-        - "{{ airgap_dir }}/*.tar.gz"
+            - "{{ airgap_dir }}/*.tar.gz"
-        - "{{ airgap_dir }}/*.tar.zst"
+            - "{{ airgap_dir }}/*.tar.zst"
-        - "{{ airgap_dir }}/*.tar"
+            - "{{ airgap_dir }}/*.tar"
-    - name: Run K3s Install [server]
+    - name: Install Airgap K3s
-      when: inventory_hostname in groups['server'] or ansible_host in groups['server']
+      block:
-      ansible.builtin.command:
+        - name: Run K3s Install [server]
-        cmd: /usr/local/bin/k3s-install.sh
+          when: inventory_hostname in groups['server'] or ansible_host in groups['server']
-      environment:
+          ansible.builtin.command:
-        INSTALL_K3S_SKIP_ENABLE: "true"
+            cmd: /usr/local/bin/k3s-install.sh
-        INSTALL_K3S_SKIP_DOWNLOAD: "true"
+          environment:
-      changed_when: true
+            INSTALL_K3S_SKIP_ENABLE: "true"
            INSTALL_K3S_SKIP_DOWNLOAD: "true"
          changed_when: true
-    - name: Run K3s Install [agent]
+        - name: Run K3s Install [agent]
-      when: inventory_hostname in groups['agent'] or ansible_host in groups['agent']
+          when: inventory_hostname in groups['agent'] or ansible_host in groups['agent']
-      ansible.builtin.command:
+          ansible.builtin.command:
-        cmd: /usr/local/bin/k3s-install.sh
+            cmd: /usr/local/bin/k3s-install.sh
-      environment:
+          environment:
-        INSTALL_K3S_SKIP_ENABLE: "true"
+            INSTALL_K3S_SKIP_ENABLE: "true"
-        INSTALL_K3S_SKIP_DOWNLOAD: "true"
+            INSTALL_K3S_SKIP_DOWNLOAD: "true"
-        INSTALL_K3S_EXEC: "agent"
+            INSTALL_K3S_EXEC: "agent"
-      changed_when: true
+          changed_when: true
--- a/roles/k3s_upgrade/tasks/main.yml
+++ b/roles/k3s_upgrade/tasks/main.yml
@@ -21,7 +21,7 @@
      # noqa var-naming[no-role-prefix]
      ansible.builtin.find:
        paths: "{{ systemd_dir }}"
-        patterns: "k3s*.service"
+        patterns: "k3s*.service*"
      register: k3s_service_files
    - name: Save current K3s service
@@ -33,16 +33,27 @@
        force: true
      loop: "{{ k3s_service_files.files }}"
    - name: Stage airgap artifacts for upgrade
      when: airgap_dir is defined
      ansible.builtin.include_role:
        name: airgap
        tasks_from: main.yml
        apply:
          tags:
            - distribute_artifacts
    - name: Install new K3s Version
      # For some reason, ansible-lint thinks using enviroment with command is an error
      # even though its valid https://ansible.readthedocs.io/projects/lint/rules/inline-env-var/#correct-code
      ansible.builtin.command: # noqa inline-env-var
        cmd: /usr/local/bin/k3s-install.sh
      environment: >-
-          {{ extra_install_envs | combine({
+          {{ extra_install_envs
-            "INSTALL_K3S_SKIP_START": "true",
+             | combine({
-            "INSTALL_K3S_VERSION": k3s_version,
+               "INSTALL_K3S_SKIP_START": "true",
-          }) }}
+               "INSTALL_K3S_VERSION": k3s_version,
             })
             | combine(airgap_dir is defined and {"INSTALL_K3S_SKIP_DOWNLOAD": "true"} or {}) }}
      changed_when: true
    - name: Restore K3s service