From 77069354cfc1c6878e70c1da89dbd1aa0187fdeb Mon Sep 17 00:00:00 2001 From: Mathieu Parent Date: Tue, 27 Jun 2023 03:24:30 +0200 Subject: [PATCH] Add system-upgrade to upgrade-cluster playbook (#10184) --- docs/upgrades.md | 13 +++++++++++++ playbooks/upgrade_cluster.yml | 4 ++++ roles/kubespray-defaults/defaults/main.yaml | 3 +++ roles/upgrade/system-upgrade/tasks/apt.yml | 13 +++++++++++++ roles/upgrade/system-upgrade/tasks/main.yml | 17 +++++++++++++++++ roles/upgrade/system-upgrade/tasks/yum.yml | 12 ++++++++++++ 6 files changed, 62 insertions(+) create mode 100644 roles/upgrade/system-upgrade/tasks/apt.yml create mode 100644 roles/upgrade/system-upgrade/tasks/main.yml create mode 100644 roles/upgrade/system-upgrade/tasks/yum.yml diff --git a/docs/upgrades.md b/docs/upgrades.md index ff9e5459d..52dccba42 100644 --- a/docs/upgrades.md +++ b/docs/upgrades.md @@ -403,3 +403,16 @@ Please note that **migrating container engines is not officially supported by Ku As of Kubespray 2.18.0, containerd is already the default container engine. If you have the chance, it is advisable and safer to reset and redeploy the entire cluster with a new container engine. * [Migrating from Docker to Containerd](upgrades/migrate_docker2containerd.md) + +## System upgrade + +If you want to upgrade the APT or YUM packages while the nodes are cordoned, you can use: + +```ShellSession +ansible-playbook upgrade-cluster.yml -b -i inventory/sample/hosts.ini -e system_upgrade=true +``` + +Nodes will be rebooted when there are package upgrades (`system_upgrade_reboot: on-upgrade`). +This can be changed to `always` or `never`. + +Note: Downloads will happen twice unless `system_upgrade_reboot` is `never`. diff --git a/playbooks/upgrade_cluster.yml b/playbooks/upgrade_cluster.yml index 5eccc56ba..272ec310f 100644 --- a/playbooks/upgrade_cluster.yml +++ b/playbooks/upgrade_cluster.yml @@ -84,6 +84,8 @@ roles: - { role: kubespray-defaults } - { role: upgrade/pre-upgrade, tags: pre-upgrade } + - { role: upgrade/system-upgrade, tags: system-upgrade } + - { role: download, tags: download, when: "system_upgrade and system_upgrade_reboot != 'never' and not skip_downloads" } - { role: kubernetes-apps/kubelet-csr-approver, tags: kubelet-csr-approver } - { role: container-engine, tags: "container-engine", when: deploy_container_engine } - { role: kubernetes/node, tags: node } @@ -116,6 +118,8 @@ roles: - { role: kubespray-defaults } - { role: upgrade/pre-upgrade, tags: pre-upgrade } + - { role: upgrade/system-upgrade, tags: system-upgrade } + - { role: download, tags: download, when: "system_upgrade and system_upgrade_reboot != 'never' and not skip_downloads" } - { role: container-engine, tags: "container-engine", when: deploy_container_engine } - { role: kubernetes/node, tags: node } - { role: kubernetes/kubeadm, tags: kubeadm } diff --git a/roles/kubespray-defaults/defaults/main.yaml b/roles/kubespray-defaults/defaults/main.yaml index ec5b8e6a3..d32dd3a5a 100644 --- a/roles/kubespray-defaults/defaults/main.yaml +++ b/roles/kubespray-defaults/defaults/main.yaml @@ -681,3 +681,6 @@ krew_root_dir: "/usr/local/krew" # sysctl_file_path to add sysctl conf to sysctl_file_path: "/etc/sysctl.d/99-sysctl.conf" + +system_upgrade: false +system_upgrade_reboot: on-upgrade # never, always diff --git a/roles/upgrade/system-upgrade/tasks/apt.yml b/roles/upgrade/system-upgrade/tasks/apt.yml new file mode 100644 index 000000000..992bbce44 --- /dev/null +++ b/roles/upgrade/system-upgrade/tasks/apt.yml @@ -0,0 +1,13 @@ +--- +- name: APT Dist-Upgrade + apt: + upgrade: dist + autoremove: true + dpkg_options: force-confold,force-confdef + register: apt_upgrade + +- name: Reboot after APT Dist-Upgrade # noqa no-handler + when: + - apt_upgrade.changed or system_upgrade_reboot == 'always' + - system_upgrade_reboot != 'never' + reboot: diff --git a/roles/upgrade/system-upgrade/tasks/main.yml b/roles/upgrade/system-upgrade/tasks/main.yml new file mode 100644 index 000000000..61561b145 --- /dev/null +++ b/roles/upgrade/system-upgrade/tasks/main.yml @@ -0,0 +1,17 @@ +--- +- name: APT upgrade + when: + - system_upgrade + - ansible_os_family == "Debian" + include_tasks: apt.yml + tags: + - system-upgrade-apt + +- name: YUM upgrade + when: + - system_upgrade + - ansible_os_family == "RedHat" + - not is_fedora_coreos + include_tasks: yum.yml + tags: + - system-upgrade-yum diff --git a/roles/upgrade/system-upgrade/tasks/yum.yml b/roles/upgrade/system-upgrade/tasks/yum.yml new file mode 100644 index 000000000..6a27177f0 --- /dev/null +++ b/roles/upgrade/system-upgrade/tasks/yum.yml @@ -0,0 +1,12 @@ +--- +- name: YUM upgrade all packages # noqa package-latest + yum: + name: '*' + state: latest + register: yum_upgrade + +- name: Reboot after YUM upgrade # noqa no-handler + when: + - yum_upgrade.changed or system_upgrade_reboot == 'always' + - system_upgrade_reboot != 'never' + reboot: