Merge branch 'main' into fix/fix-partition-rke2

Author: jLemmings

README.md

@@ -38,7 +38,7 @@ This is a copy of `defaults/main.yml`
 ```yaml
 ---
 # The node type - server or agent
-rke2_type: server
+rke2_type: "{{ 'server' if inventory_hostname in groups[rke2_servers_group_name] else 'agent' if inventory_hostname in groups[rke2_agents_group_name] }}"
 
 # Deploy the control plane in HA mode
 rke2_ha_mode: false
@@ -244,10 +244,11 @@ rke2_etcd_snapshot_destination_dir: "{{ rke2_data_path }}/server/db/snapshots"
   # region: "" # optional - defaults to us-east-1
   # folder: "" # optional - defaults to top level of bucket
 # Override default containerd snapshotter
-rke2_snapshooter: overlayfs
+rke2_snapshotter: "{{ rke2_snapshooter }}"
+rke2_snapshooter: overlayfs # legacy variable that only exists to keep backward compatibility with previous configurations
 
-# Deploy RKE2 with default CNI canal
-rke2_cni: canal
+# Deploy RKE2 with default CNI canal (should be a list)
+rke2_cni: [canal]
 
 # Validate system configuration against the selected benchmark
 # (Supported value is "cis-1.23" or eventually "cis-1.6" if you are running RKE2 prior 1.25)
@@ -352,14 +353,14 @@ The RKE2 Kubernetes master/server nodes must belong to `masters` group and worke
 
 ```ini
 [masters]
-master-01 ansible_host=192.168.123.1 rke2_type=server
-master-02 ansible_host=192.168.123.2 rke2_type=server
-master-03 ansible_host=192.168.123.3 rke2_type=server
+master-01 ansible_host=192.168.123.1
+master-02 ansible_host=192.168.123.2
+master-03 ansible_host=192.168.123.3
 
 [workers]
-worker-01 ansible_host=192.168.123.11 rke2_type=agent
-worker-02 ansible_host=192.168.123.12 rke2_type=agent
-worker-03 ansible_host=192.168.123.13 rke2_type=agent
+worker-01 ansible_host=192.168.123.11
+worker-02 ansible_host=192.168.123.12
+worker-03 ansible_host=192.168.123.13
 
 [k8s_cluster:children]
 masters

defaults/main.yml

@@ -1,6 +1,6 @@
 ---
 # The node type - server or agent
-rke2_type: server
+rke2_type: "{{ 'server' if inventory_hostname in groups[rke2_servers_group_name] else 'agent' if inventory_hostname in groups[rke2_agents_group_name] }}"
 
 # Deploy the control plane in HA mode
 rke2_ha_mode: false
@@ -206,7 +206,8 @@ rke2_etcd_snapshot_destination_dir: "{{ rke2_data_path }}/server/db/snapshots"
   # region: "" # optional - defaults to us-east-1
   # folder: "" # optional - defaults to top level of bucket
 # Override default containerd snapshotter
-rke2_snapshooter: overlayfs
+rke2_snapshotter: "{{ rke2_snapshooter }}"
+rke2_snapshooter: overlayfs # legacy variable that only exists to keep backward compatibility with previous configurations
 
 # Deploy RKE2 with default CNI canal
 rke2_cni: canal

molecule/cluster/converge.yml

@@ -4,7 +4,7 @@
   become: yes
   vars:
     rke2_version: v1.22.12+rke2r1
-    rke2_snapshooter: native
+    rke2_snapshotter: native
     rke2_server_node_taints:
       - 'CriticalAddonsOnly=true:NoExecute'
   roles:

molecule/default/converge.yml

@@ -4,6 +4,6 @@
   become: yes
   vars:
     rke2_version: v1.27.1+rke2r1
-    rke2_snapshooter: native
+    rke2_snapshotter: native
   roles:
     - role: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') | basename }}"

molecule/ha_cluster/converge.yml

@@ -6,7 +6,7 @@
     rke2_version: v1.22.12+rke2r1
     rke2_ha_mode: true
     rke2_api_ip: 192.168.123.100
-    rke2_snapshooter: native
+    rke2_snapshotter: native
     rke2_server_node_taints:
       - 'CriticalAddonsOnly=true:NoExecute'
   roles:

molecule/ha_cluster_kubevip/converge.yml

@@ -4,11 +4,11 @@
   become: yes
   vars:
     rke2_server_taint: true
-    rke2_cni: calico
+    rke2_cni: [calico]
     rke2_api_ip: 192.168.123.100
     rke2_version: v1.22.12+rke2r1
     rke2_cis_profile: cis-1.23
-    rke2_snapshooter: native
+    rke2_snapshotter: native
     rke2_ha_mode_keepalived: false
     rke2_ha_mode: true
     rke2_ha_mode_kubevip: true

tasks/first_server.yml

@@ -40,7 +40,13 @@
 - name: Register if we need to do a etcd restore from s3
   ansible.builtin.set_fact:
     do_etcd_restore_from_s3: true
-  when: not rke2_etcd_snapshot_file and rke2_etcd_snapshot_s3_options is defined and rke2_etcd_snapshot_s3_options.access_key and rke2_etcd_snapshot_s3_options.secret_key and rke2_etcd_snapshot_s3_options.bucket and rke2_etcd_snapshot_s3_options.snapshot_name
+  when:
+    - not rke2_etcd_snapshot_file
+    - rke2_etcd_snapshot_s3_options is defined
+    - rke2_etcd_snapshot_s3_options.access_key
+    - rke2_etcd_snapshot_s3_options.secret_key
+    - rke2_etcd_snapshot_s3_options.bucket
+    - rke2_etcd_snapshot_s3_options.snapshot_name
 
 - name: Restore etcd from file
   when: do_etcd_restore is defined
@@ -138,15 +144,41 @@
   - not ansible_check_mode
   - rke2_cni != 'none'
 
-- name: Restore etcd - remove old <node>.node-password.rke2 secrets
-  ansible.builtin.shell: |
-    {{ rke2_data_path }}/bin/kubectl --kubeconfig /etc/rancher/rke2/rke2.yaml \
-    delete secret {{ item }}.node-password.rke2 -n kube-system 2>&1 || true
-  args:
-    executable: /bin/bash
-  with_items: "{{ groups[rke2_cluster_group_name] }}"
-  changed_when: false
-  when: not ansible_check_mode and inventory_hostname != item and (do_etcd_restore is defined or do_etcd_restore_from_s3 is defined)
+- name: Restore etcd
+  when: do_etcd_restore is defined or do_etcd_restore_from_s3 is defined
+  block:
+    - name: Get registered nodes
+      ansible.builtin.shell: |
+        {{ rke2_data_path }}/bin/kubectl --kubeconfig /etc/rancher/rke2/rke2.yaml \
+        get nodes --no-headers | awk '{print $1}'
+      args:
+        executable: /bin/bash
+      changed_when: false
+      register: registered_node_names
+
+    - name: Get all node names
+      ansible.builtin.set_fact:
+        node_names: "{{ hostvars | dict2items | map(attribute='value.rke2_node_name') }}"
+      run_once: true
+      register: node_names
+
+    - name: remove old <node>.node-password.rke2 secrets
+      ansible.builtin.shell: |
+        {{ rke2_data_path }}/bin/kubectl --kubeconfig /etc/rancher/rke2/rke2.yaml \
+        delete secret {{ item }}.node-password.rke2 -n kube-system 2>&1 || true
+      args:
+        executable: /bin/bash
+      with_items: "{{ registered_node_names.stdout_lines | difference(node_names) }}"
+      changed_when: false
+
+    - name: remove old nodes
+      ansible.builtin.shell: |
+        {{ rke2_data_path }}/bin/kubectl --kubeconfig /etc/rancher/rke2/rke2.yaml \
+        delete node {{ item }} 2>&1 || true
+      args:
+        executable: /bin/bash
+      with_items: "{{ registered_node_names.stdout_lines | difference(node_names) }}"
+      changed_when: false
 
 - name: Set an Active Server variable
   ansible.builtin.set_fact: