From b50b3430bec32d1ca7997e70154ca90c2e19c1ba Mon Sep 17 00:00:00 2001 From: JohnZheng Date: Wed, 15 Aug 2018 02:42:16 +0800 Subject: [PATCH] Disable locksmithd on CoreOS if coreos_auto_upgrade set to false (#3088) * Disable locksmithd on CoreOS if coreos_auto_upgrade set to false * change when format to support multiple-condition --- inventory/sample/group_vars/all.yml | 3 +++ roles/bootstrap-os/defaults/main.yml | 3 +++ roles/bootstrap-os/tasks/bootstrap-coreos.yml | 5 +++++ 3 files changed, 11 insertions(+) diff --git a/inventory/sample/group_vars/all.yml b/inventory/sample/group_vars/all.yml index d856d064c..65e8c6590 100644 --- a/inventory/sample/group_vars/all.yml +++ b/inventory/sample/group_vars/all.yml @@ -131,3 +131,6 @@ bin_dir: /usr/local/bin # The read-only port for the Kubelet to serve on with no authentication/authorization. Uncomment to enable. #kube_read_only_port: 10255 + +# Does coreos need auto upgrade, default is true +#coreos_auto_upgrade: true \ No newline at end of file diff --git a/roles/bootstrap-os/defaults/main.yml b/roles/bootstrap-os/defaults/main.yml index c191ebd2b..5d2f7321a 100644 --- a/roles/bootstrap-os/defaults/main.yml +++ b/roles/bootstrap-os/defaults/main.yml @@ -4,3 +4,6 @@ pip_python_coreos_modules: - six override_system_hostname: true + + +coreos_auto_upgrade: true diff --git a/roles/bootstrap-os/tasks/bootstrap-coreos.yml b/roles/bootstrap-os/tasks/bootstrap-coreos.yml index d446cf282..ef82b7bde 100644 --- a/roles/bootstrap-os/tasks/bootstrap-coreos.yml +++ b/roles/bootstrap-os/tasks/bootstrap-coreos.yml @@ -62,3 +62,8 @@ with_items: "{{pip_python_coreos_modules}}" environment: PATH: "{{ ansible_env.PATH }}:{{ bin_dir }}" + +- name: Bootstrap | Disable auto-upgrade + shell: "systemctl stop locksmithd.service && systemctl mask --now locksmithd.service" + when: + - not coreos_auto_upgrade