Add system-upgrade to upgrade-cluster playbook (#10184)

pull/10258/head
Mathieu Parent 2023-06-27 03:24:30 +02:00 committed by GitHub
parent 2aafab6c19
commit 77069354cf
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 62 additions and 0 deletions

View File

@ -403,3 +403,16 @@ Please note that **migrating container engines is not officially supported by Ku
As of Kubespray 2.18.0, containerd is already the default container engine. If you have the chance, it is advisable and safer to reset and redeploy the entire cluster with a new container engine. As of Kubespray 2.18.0, containerd is already the default container engine. If you have the chance, it is advisable and safer to reset and redeploy the entire cluster with a new container engine.
* [Migrating from Docker to Containerd](upgrades/migrate_docker2containerd.md) * [Migrating from Docker to Containerd](upgrades/migrate_docker2containerd.md)
## System upgrade
If you want to upgrade the APT or YUM packages while the nodes are cordoned, you can use:
```ShellSession
ansible-playbook upgrade-cluster.yml -b -i inventory/sample/hosts.ini -e system_upgrade=true
```
Nodes will be rebooted when there are package upgrades (`system_upgrade_reboot: on-upgrade`).
This can be changed to `always` or `never`.
Note: Downloads will happen twice unless `system_upgrade_reboot` is `never`.

View File

@ -84,6 +84,8 @@
roles: roles:
- { role: kubespray-defaults } - { role: kubespray-defaults }
- { role: upgrade/pre-upgrade, tags: pre-upgrade } - { role: upgrade/pre-upgrade, tags: pre-upgrade }
- { role: upgrade/system-upgrade, tags: system-upgrade }
- { role: download, tags: download, when: "system_upgrade and system_upgrade_reboot != 'never' and not skip_downloads" }
- { role: kubernetes-apps/kubelet-csr-approver, tags: kubelet-csr-approver } - { role: kubernetes-apps/kubelet-csr-approver, tags: kubelet-csr-approver }
- { role: container-engine, tags: "container-engine", when: deploy_container_engine } - { role: container-engine, tags: "container-engine", when: deploy_container_engine }
- { role: kubernetes/node, tags: node } - { role: kubernetes/node, tags: node }
@ -116,6 +118,8 @@
roles: roles:
- { role: kubespray-defaults } - { role: kubespray-defaults }
- { role: upgrade/pre-upgrade, tags: pre-upgrade } - { role: upgrade/pre-upgrade, tags: pre-upgrade }
- { role: upgrade/system-upgrade, tags: system-upgrade }
- { role: download, tags: download, when: "system_upgrade and system_upgrade_reboot != 'never' and not skip_downloads" }
- { role: container-engine, tags: "container-engine", when: deploy_container_engine } - { role: container-engine, tags: "container-engine", when: deploy_container_engine }
- { role: kubernetes/node, tags: node } - { role: kubernetes/node, tags: node }
- { role: kubernetes/kubeadm, tags: kubeadm } - { role: kubernetes/kubeadm, tags: kubeadm }

View File

@ -681,3 +681,6 @@ krew_root_dir: "/usr/local/krew"
# sysctl_file_path to add sysctl conf to # sysctl_file_path to add sysctl conf to
sysctl_file_path: "/etc/sysctl.d/99-sysctl.conf" sysctl_file_path: "/etc/sysctl.d/99-sysctl.conf"
system_upgrade: false
system_upgrade_reboot: on-upgrade # never, always

View File

@ -0,0 +1,13 @@
---
- name: APT Dist-Upgrade
apt:
upgrade: dist
autoremove: true
dpkg_options: force-confold,force-confdef
register: apt_upgrade
- name: Reboot after APT Dist-Upgrade # noqa no-handler
when:
- apt_upgrade.changed or system_upgrade_reboot == 'always'
- system_upgrade_reboot != 'never'
reboot:

View File

@ -0,0 +1,17 @@
---
- name: APT upgrade
when:
- system_upgrade
- ansible_os_family == "Debian"
include_tasks: apt.yml
tags:
- system-upgrade-apt
- name: YUM upgrade
when:
- system_upgrade
- ansible_os_family == "RedHat"
- not is_fedora_coreos
include_tasks: yum.yml
tags:
- system-upgrade-yum

View File

@ -0,0 +1,12 @@
---
- name: YUM upgrade all packages # noqa package-latest
yum:
name: '*'
state: latest
register: yum_upgrade
- name: Reboot after YUM upgrade # noqa no-handler
when:
- yum_upgrade.changed or system_upgrade_reboot == 'always'
- system_upgrade_reboot != 'never'
reboot: