Update CentOS7 reboot handling (#186)

* fix typos in CHANGELOG * update CentOS7 reboot handling
2 years ago · 0cd8d01fb3
parent c58f736e32
commit 0cd8d01fb3
4 changed files with 40 additions and 15 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -7,7 +7,8 @@ SPDX-License-Identifier: GPL-3.0-or-later

 ## 14.0.0

- add reboot to the standard mode to make sure the WireGuard kernel module is available (contribution by @mofelee)
+- **BREAKING** CentOS7: Introduce `wireguard_centos7_kernel_plus_reboot` and `wireguard_centos7_standard_reboot` variables. Both are set to "true" by default. This will cause the host to be rebooted in case the "wireguard" kernel module was installed the very first time. If `wireguard_centos7_installation_method: "kernel-plus"` is set and the host wasn't booted with a `kernel-plus` kernel already you most probably need to reboot. For the `standard` kernel this might not be needed.
+- CentOS7: Add reboot to the standard mode to make sure the WireGuard kernel module is available (contribution by @mofelee)

 ## 13.0.1

@ -22,7 +23,7 @@ SPDX-License-Identifier: GPL-3.0-or-later

 - remove Fedora 35 support (reached EOL)
 - remove openSUSE 15.3 support (reached EOL)
- remove Debian 10 (Buster) support (readed EOL)
+- remove Debian 10 (Buster) support (reached EOL)
 - fix Molecule prepare for Archlinux
 - fix `ansible-lint` issue in `tasks/setup-debian-raspbian-buster.yml`

@ -34,7 +35,7 @@ SPDX-License-Identifier: GPL-3.0-or-later
 ## 11.0.0

 - add support for Rocky Linux 9 (original PR from @vincentDcmps: https://github.com/githubixx/ansible-role-wireguard/pull/163)
- add support for AlamaLinux 9 (original PR from @trunet: https://github.com/githubixx/ansible-role-wireguard/pull/164)
+- add support for AlmaLinux 9 (original PR from @trunet: https://github.com/githubixx/ansible-role-wireguard/pull/164)
 - add `EL9` to `meta/main.yml`
 - require Ansible >= `2.11` as Rocky Linux is only supported with this version or above
 - `ansible-lint`: use `community.general.pacman` module instead of `ansible.builtin.pacman` for Archlinux setup
--- a/README.md
+++ b/README.md
@ -1,5 +1,5 @@
 <!--
-Copyright (C) 2018-2022 Robert Wimmer
+Copyright (C) 2018-2023 Robert Wimmer
 Copyright (C) 2019 fbourqui
 SPDX-License-Identifier: GPL-3.0-or-later
 -->
@ -161,14 +161,25 @@ wireguard_ubuntu_cache_valid_time: "3600"
 # Set wireguard_centos7_installation_method to "kernel-plus"
 # to use the kernel-plus kernel, which includes a built-in,
 # signed WireGuard module.
-# UTILIZING KERNEL-PLUS WILL PERFORM A SYSTEM REBOOT DURING SETUP!!
 #
 # The default of "standard" will use the standard kernel and
 # the ELRepo module for WireGuard.
 wireguard_centos7_installation_method: "standard"

+# Reboot host if necessary if the "kernel-plus" kernel is in use
+wireguard_centos7_kernel_plus_reboot: true
+
 # The default seconds to wait for machine to reboot and respond
+# if "kernel-plus" is in use. Is only relevant if
+# "wireguard_centos7_kernel_plus_reboot" is set to "true".
 wireguard_centos7_kernel_plus_reboot_timeout: "600"
+
+# Reboot host if necessary if the standard kernel is in use
+wireguard_centos7_standard_reboot: true
+
+# The default seconds to wait for machine to reboot and respond
+# if "standard" kernel is in use. Is only relevant if
+# "wireguard_centos7_standard_reboot" is set to "true".
 wireguard_centos7_standard_reboot_timeout: "600"

 #########################################
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -86,14 +86,25 @@ wireguard_ubuntu_cache_valid_time: "3600"
 # Set wireguard_centos7_installation_method to "kernel-plus"
 # to use the kernel-plus kernel, which includes a built-in,
 # signed WireGuard module.
-# UTILIZING KERNEL-PLUS WILL PERFORM A SYSTEM REBOOT DURING SETUP!!
 #
 # The default of "standard" will use the standard kernel and
 # the ELRepo module for WireGuard.
 wireguard_centos7_installation_method: "standard"

+# Reboot host if necessary if the "kernel-plus" kernel is in use
+wireguard_centos7_kernel_plus_reboot: true
+
 # The default seconds to wait for machine to reboot and respond
+# if "kernel-plus" is in use. Is only relevant if
+# "wireguard_centos7_kernel_plus_reboot" is set to "true".
 wireguard_centos7_kernel_plus_reboot_timeout: "600"
+
+# Reboot host if necessary if the standard kernel is in use
+wireguard_centos7_standard_reboot: true
+
+# The default seconds to wait for machine to reboot and respond
+# if "standard" kernel is in use. Is only relevant if
+# "wireguard_centos7_standard_reboot" is set to "true".
 wireguard_centos7_standard_reboot_timeout: "600"

 #########################################
--- a/tasks/setup-centos-7.yml
+++ b/tasks/setup-centos-7.yml
@ -27,10 +27,11 @@
      register: wireguard__centos7_yum_updates

    - name: (CentOS 7) Reboot Instance to update kernel
+      when:
+        - wireguard_centos7_standard_reboot
+        - wireguard__centos7_yum_updates.changed
      ansible.builtin.reboot:
        reboot_timeout: "{{ wireguard_centos7_standard_reboot_timeout }}"
-      when:
-        - wireguard__centos7_yum_updates.changed is true

 - name: (CentOS 7) Ensure WireGuard DKMS package is removed
  ansible.builtin.yum:
@ -38,7 +39,7 @@
      - "wireguard-dkms"
    state: absent

- name: (CentOS 7) Tasks for kernel-plus
+- name: (CentOS 7 - kernel-plus) Tasks for kernel-plus
  when:
    - wireguard_centos7_installation_method == "kernel-plus"
  block:
@ -49,17 +50,17 @@
          - yum-utils
        update_cache: true

-    - name: (CentOS 7) Enable CentosPlus repo
+    - name: (CentOS 7 - kernel-plus) Enable CentosPlus repo
      ansible.builtin.command: yum-config-manager --setopt=centosplus.includepkgs=kernel-plus --enablerepo=centosplus --save
      changed_when: false

-    - name: (CentOS 7) Update to kernel-plus
+    - name: (CentOS 7 - kernel-plus) Update to kernel-plus
      ansible.builtin.replace:
        path: /etc/sysconfig/kernel
        regexp: '^DEFAULTKERNEL=kernel$'
        replace: 'DEFAULTKERNEL=kernel-plus'

-    - name: (CentOS 7) Install WireGuard packages
+    - name: (CentOS 7 - kernel-plus) Install WireGuard packages
      ansible.builtin.yum:
        name:
          - "kernel-plus"
@ -67,9 +68,10 @@
        state: present
      register: wireguard__centos7_yum_updates

-    - name: (CentOS 7) Reboot Instance to update kernel
-      ansible.builtin.reboot:
-        reboot_timeout: "{{ wireguard_centos7_kernel_plus_reboot_timeout }}"
+    - name: (CentOS 7 - kernel-plus) Reboot Instance to update kernel
      when:
+        - wireguard_centos7_kernel_plus_reboot
        - wireguard__centos7_yum_updates.changes is defined
        - wireguard__centos7_yum_updates.changes.installed|flatten|select('regex', '^kernel-plus$') is any
+      ansible.builtin.reboot:
+        reboot_timeout: "{{ wireguard_centos7_kernel_plus_reboot_timeout }}"