* fix: handle Oracle Linux UEK kernel package name for br_netfilter
Oracle Linux uses the Unbreakable Enterprise Kernel (UEK) instead of the
standard RHEL kernel. The `kernel-modules-extra` package does not exist
on Oracle Linux — the equivalent is `kernel-uek-modules-extra`.
Without this fix, the prereq role fails on Oracle Linux 10 with:
"No package kernel-modules-extra available."
Signed-off-by: Helmut Wolf <3902045+shadow1runner@users.noreply.github.com>
* chore: update README to include Oracle Linux
Signed-off-by: Helmut Wolf <3902045+shadow1runner@users.noreply.github.com>
---------
Signed-off-by: Helmut Wolf <3902045+shadow1runner@users.noreply.github.com>
Co-authored-by: Helmut Wolf <3902045+shadow1runner@users.noreply.github.com>
* Do not enable nftables by default
* If nftables is enables, configure exceptions for k3s service
Signed-off-by: Ionut Ciocoiu <ionutnciocoiu@gmail.com>
Co-authored-by: Derek Nola <derek.nola@suse.com>
- Use rancher/systemd-node which doesn't cause k3s to crash
- Expand requirements for testing, ensure deployments become ready at each playbook
- Add logging on failure for debugging
Signed-off-by: Derek Nola <derek.nola@suse.com>
Update the regular expression to have a more specific match search term
for cgroup flags
Issue #495
Signed-off-by: Gilles Habran <gilleshabran@protonmail.com>
* refactor(ansible): replace deprecated with_items and ansible facts
Replace deprecated `with_items` with `loop` keyword across all roles.
Migrate from legacy `ansible_*` top-level facts to `ansible_facts['*']`
syntax to prepare for ansible-core 2.24 where INJECT_FACTS_AS_VARS
will default to False.
Co-Authored-By: Claude <noreply@anthropic.com>
Signed-off-by: Aleksei Sviridkin <f@lex.la>
* chore(ansible): sync minimum version requirements to 2.15
Align version checks in prereq and airgap roles with README requirement
of ansible-core 2.15+.
Co-Authored-By: Claude <noreply@anthropic.com>
Signed-off-by: Aleksei Sviridkin <f@lex.la>
---------
Signed-off-by: Aleksei Sviridkin <f@lex.la>
Co-authored-by: Claude <noreply@anthropic.com>
* feat(k3s_upgrade): regenerate service files from templates instead of restoring backups
The k3s_upgrade role previously restored backup service files after binary
upgrade, which meant any changes to extra_server_args or extra_agent_args
would not be applied during upgrades.
This change:
- Replaces backup restoration with template-based service file regeneration
- Reuses templates from k3s_server role via symlink
- Adds necessary defaults for template variables
Co-Authored-By: Claude <noreply@anthropic.com>
Signed-off-by: Aleksei Sviridkin <f@lex.la>
Changed the condition from checking specific 'ansible_distribution' names to 'ansible_os_family == "RedHat"'. This correctly targets all RHEL-based systems (including AlmaLinux, Rocky, CentOS) and ensures dependencies like 'kernel-modules-extra' are installed without listing each distribution manually.
Signed-off-by: Hanseung Kim <u72mlzb@gmail.com>
* Auto-add --tls-san={{ api_endpoint }} when it differs from ansible_hostname
* Ensures first server generates certificate with all required SANs
* Add .ansible/ and PR_DESCRIPTION.md to gitignore
Signed-off-by: Guillaume Andre <mail@guillaumea.fr>
The condition `when: ansible_all_ipv6_addresses` evaluates to a list, which in
term evaluates to True, but it seems that more recent Ansible versions do not
accept that anymore:
```
Conditional result was "['fe80::...']" of type 'list', which evaluates to True. Conditionals must have a boolean result.
```
This commit adds a length check to create a real Boolean result.
Signed-off-by: Stefan Haun <mail@tuxathome.de>
Jonathan Cremin
shadow1runner
Ionut Ciocoiu
Derek Nola
Pavlo
Jon S. Stumpf
laszlojau
Gilles H.
Aleksei Sviridkin
ppascente
Aleksei Sviridkin
Phillip Thurston
Softplus+
fch-aa
Luis Salgado Alves
Riccardo Pressiani
Jonathan Hanson
too-gee
Guillaume A
Vadim Radu
David Barnett
Claiyc
Zero King
Al West
Stefan Haun
Rafael Alexandre
mbathe19