diff --git a/CHANGELOG.md b/CHANGELOG.md index 8fb5159..89c0951 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,7 +7,8 @@ SPDX-License-Identifier: GPL-3.0-or-later ## 14.0.0 -- add reboot to the standard mode to make sure the WireGuard kernel module is available (contribution by @mofelee) +- **BREAKING** CentOS7: Introduce `wireguard_centos7_kernel_plus_reboot` and `wireguard_centos7_standard_reboot` variables. Both are set to "true" by default. This will cause the host to be rebooted in case the "wireguard" kernel module was installed the very first time. If `wireguard_centos7_installation_method: "kernel-plus"` is set and the host wasn't booted with a `kernel-plus` kernel already you most probably need to reboot. For the `standard` kernel this might not be needed. +- CentOS7: Add reboot to the standard mode to make sure the WireGuard kernel module is available (contribution by @mofelee) ## 13.0.1 @@ -22,7 +23,7 @@ SPDX-License-Identifier: GPL-3.0-or-later - remove Fedora 35 support (reached EOL) - remove openSUSE 15.3 support (reached EOL) -- remove Debian 10 (Buster) support (readed EOL) +- remove Debian 10 (Buster) support (reached EOL) - fix Molecule prepare for Archlinux - fix `ansible-lint` issue in `tasks/setup-debian-raspbian-buster.yml` @@ -34,7 +35,7 @@ SPDX-License-Identifier: GPL-3.0-or-later ## 11.0.0 - add support for Rocky Linux 9 (original PR from @vincentDcmps: https://github.com/githubixx/ansible-role-wireguard/pull/163) -- add support for AlamaLinux 9 (original PR from @trunet: https://github.com/githubixx/ansible-role-wireguard/pull/164) +- add support for AlmaLinux 9 (original PR from @trunet: https://github.com/githubixx/ansible-role-wireguard/pull/164) - add `EL9` to `meta/main.yml` - require Ansible >= `2.11` as Rocky Linux is only supported with this version or above - `ansible-lint`: use `community.general.pacman` module instead of `ansible.builtin.pacman` for Archlinux setup diff --git a/README.md b/README.md index cce5813..12604cc 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,5 @@ @@ -161,14 +161,25 @@ wireguard_ubuntu_cache_valid_time: "3600" # Set wireguard_centos7_installation_method to "kernel-plus" # to use the kernel-plus kernel, which includes a built-in, # signed WireGuard module. -# UTILIZING KERNEL-PLUS WILL PERFORM A SYSTEM REBOOT DURING SETUP!! # # The default of "standard" will use the standard kernel and # the ELRepo module for WireGuard. wireguard_centos7_installation_method: "standard" +# Reboot host if necessary if the "kernel-plus" kernel is in use +wireguard_centos7_kernel_plus_reboot: true + # The default seconds to wait for machine to reboot and respond +# if "kernel-plus" is in use. Is only relevant if +# "wireguard_centos7_kernel_plus_reboot" is set to "true". wireguard_centos7_kernel_plus_reboot_timeout: "600" + +# Reboot host if necessary if the standard kernel is in use +wireguard_centos7_standard_reboot: true + +# The default seconds to wait for machine to reboot and respond +# if "standard" kernel is in use. Is only relevant if +# "wireguard_centos7_standard_reboot" is set to "true". wireguard_centos7_standard_reboot_timeout: "600" ######################################### diff --git a/defaults/main.yml b/defaults/main.yml index 6ab3934..4cf5060 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -86,14 +86,25 @@ wireguard_ubuntu_cache_valid_time: "3600" # Set wireguard_centos7_installation_method to "kernel-plus" # to use the kernel-plus kernel, which includes a built-in, # signed WireGuard module. -# UTILIZING KERNEL-PLUS WILL PERFORM A SYSTEM REBOOT DURING SETUP!! # # The default of "standard" will use the standard kernel and # the ELRepo module for WireGuard. wireguard_centos7_installation_method: "standard" +# Reboot host if necessary if the "kernel-plus" kernel is in use +wireguard_centos7_kernel_plus_reboot: true + # The default seconds to wait for machine to reboot and respond +# if "kernel-plus" is in use. Is only relevant if +# "wireguard_centos7_kernel_plus_reboot" is set to "true". wireguard_centos7_kernel_plus_reboot_timeout: "600" + +# Reboot host if necessary if the standard kernel is in use +wireguard_centos7_standard_reboot: true + +# The default seconds to wait for machine to reboot and respond +# if "standard" kernel is in use. Is only relevant if +# "wireguard_centos7_standard_reboot" is set to "true". wireguard_centos7_standard_reboot_timeout: "600" ######################################### diff --git a/tasks/setup-centos-7.yml b/tasks/setup-centos-7.yml index 59a7493..3f49b82 100644 --- a/tasks/setup-centos-7.yml +++ b/tasks/setup-centos-7.yml @@ -27,10 +27,11 @@ register: wireguard__centos7_yum_updates - name: (CentOS 7) Reboot Instance to update kernel + when: + - wireguard_centos7_standard_reboot + - wireguard__centos7_yum_updates.changed ansible.builtin.reboot: reboot_timeout: "{{ wireguard_centos7_standard_reboot_timeout }}" - when: - - wireguard__centos7_yum_updates.changed is true - name: (CentOS 7) Ensure WireGuard DKMS package is removed ansible.builtin.yum: @@ -38,7 +39,7 @@ - "wireguard-dkms" state: absent -- name: (CentOS 7) Tasks for kernel-plus +- name: (CentOS 7 - kernel-plus) Tasks for kernel-plus when: - wireguard_centos7_installation_method == "kernel-plus" block: @@ -49,17 +50,17 @@ - yum-utils update_cache: true - - name: (CentOS 7) Enable CentosPlus repo + - name: (CentOS 7 - kernel-plus) Enable CentosPlus repo ansible.builtin.command: yum-config-manager --setopt=centosplus.includepkgs=kernel-plus --enablerepo=centosplus --save changed_when: false - - name: (CentOS 7) Update to kernel-plus + - name: (CentOS 7 - kernel-plus) Update to kernel-plus ansible.builtin.replace: path: /etc/sysconfig/kernel regexp: '^DEFAULTKERNEL=kernel$' replace: 'DEFAULTKERNEL=kernel-plus' - - name: (CentOS 7) Install WireGuard packages + - name: (CentOS 7 - kernel-plus) Install WireGuard packages ansible.builtin.yum: name: - "kernel-plus" @@ -67,9 +68,10 @@ state: present register: wireguard__centos7_yum_updates - - name: (CentOS 7) Reboot Instance to update kernel - ansible.builtin.reboot: - reboot_timeout: "{{ wireguard_centos7_kernel_plus_reboot_timeout }}" + - name: (CentOS 7 - kernel-plus) Reboot Instance to update kernel when: + - wireguard_centos7_kernel_plus_reboot - wireguard__centos7_yum_updates.changes is defined - wireguard__centos7_yum_updates.changes.installed|flatten|select('regex', '^kernel-plus$') is any + ansible.builtin.reboot: + reboot_timeout: "{{ wireguard_centos7_kernel_plus_reboot_timeout }}"